[TT-16960] Update pump an storage to support pgx v5 #8093
Merged
probelabs / Visor: security
succeeded
Apr 17, 2026 in 34s
✅ Check Passed (Warnings Found)
security check passed. Found 1 warning, but fail_if condition was not met.
Details
📊 Summary
- Total Issues: 1
- Warning Issues: 1
🔍 Failure Condition Results
Passed Conditions
- global_fail_if: Condition passed
Issues by Category
Security (1)
⚠️ go.mod:32 - This change updates core data handling dependencies (storageandtyk-pump) to support a new major version of the PostgreSQL driver (pgx v5). Such a significant upgrade within a dependency can introduce security vulnerabilities if the migration is not handled perfectly. Potential risks include new SQL injection vectors if parameterization APIs changed, or weakened TLS enforcement if connection logic was altered.
Powered by Visor from Probelabs
💡 TIP: You can chat with Visor using /visor ask <your question>
Annotations
Check warning on line 33 in go.mod
probelabs / Visor: security
security Issue
This change updates core data handling dependencies (`storage` and `tyk-pump`) to support a new major version of the PostgreSQL driver (`pgx v5`). Such a significant upgrade within a dependency can introduce security vulnerabilities if the migration is not handled perfectly. Potential risks include new SQL injection vectors if parameterization APIs changed, or weakened TLS enforcement if connection logic was altered.
Raw output
It is crucial to verify that these updated dependencies have undergone a security review and targeted testing for issues related to the `pgx v5` migration. Confirm that the maintainers of `storage` and `tyk-pump` have validated their new versions against common database security risks before integrating them.
Loading