Skip to content

fix: drop support for EOL pgxv4 driver#767

Merged
nancynh merged 1 commit intomainfrom
fix-dos
Mar 24, 2026
Merged

fix: drop support for EOL pgxv4 driver#767
nancynh merged 1 commit intomainfrom
fix-dos

Conversation

@nancynh
Copy link
Copy Markdown
Collaborator

@nancynh nancynh commented Mar 18, 2026
edited
Loading

There is currently a security flaw in one of pgxv4's dependencies pgproto3 (see GHSA-jqcq-xjh3-6g23). The maintainer of the repo does not plan on fixing it that version since it has reached EOL (see jackc/pgx#2507 (comment), there's also another comment further below clarifying that "only security updates will be accepted from now on up until the project is EOL").

So, we should go ahead and drop support for it since it already reached EOL on July 1, 2025.

Related to #770

@nancynh nancynh marked this pull request as ready for review March 18, 2026 23:50
@nancynh nancynh requested a review from a team as a code owner March 18, 2026 23:50
@nancynh nancynh assigned enocom and unassigned rhatgadkar-goog Mar 18, 2026
@enocom enocom changed the title fix!: drop support for pgxv4 driver fix: drop support for pgxv4 driver Mar 19, 2026
@enocom enocom changed the title fix: drop support for pgxv4 driver fix: drop support for EOL pgxv4 driver Mar 19, 2026
enocom
enocom reviewed Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@enocom enocom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we rewire pgxv4 to call through to pgxv5?

@nancynh
Copy link
Copy Markdown
Collaborator Author

nancynh commented Mar 20, 2026

Could we rewire pgxv4 to call through to pgxv5?

Let me convert this into a draft in the meantime while I work on just making a generic driver instead (#770).

@nancynh nancynh marked this pull request as draft March 20, 2026 22:43
@nancynh nancynh force-pushed the fix-dos branch 6 times, most recently from 1a9aca3 to d8d9fbc Compare March 24, 2026 16:32
@nancynh
Copy link
Copy Markdown
Collaborator Author

nancynh commented Mar 24, 2026

Could we rewire pgxv4 to call through to pgxv5?

Let me convert this into a draft in the meantime while I work on just making a generic driver instead (#770).

Talked offline, decided to do the rewiring first and will do the generic driver later.

@nancynh nancynh marked this pull request as ready for review March 24, 2026 16:36
enocom
enocom approved these changes Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@enocom enocom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two small documentation changes are warranted. Otherwise, LGTM. Thank you!

Comment thread driver/pgxv4/postgres.go Outdated
Comment thread driver/pgxv4/postgres.go
@nancynh nancynh merged commit e373375 into main Mar 24, 2026
17 checks passed
@nancynh nancynh deleted the fix-dos branch March 24, 2026 16:57
@release-please release-please Bot mentioned this pull request Mar 21, 2026
Merged
@enocom enocom mentioned this pull request Apr 10, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@enocom enocom enocom approved these changes

Assignees

@enocom enocom

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nancynh @enocom @rhatgadkar-goog