Skip to content

Remove use of unsupported pgconn library#7217

Open
Sovietaced wants to merge 1 commit intoflyteorg:masterfrom
Sovietaced:pgconn-vuln
Open

Remove use of unsupported pgconn library#7217
Sovietaced wants to merge 1 commit intoflyteorg:masterfrom
Sovietaced:pgconn-vuln

Conversation

@Sovietaced
Copy link
Copy Markdown
Member

@Sovietaced Sovietaced commented Apr 16, 2026
edited
Loading

Tracking issue

This tracks an open vulnerability in the security tab. CVE-2026-32286

Why are the changes needed?

Removes use of no longer supported library and resolves vulnerability.

What changes were proposed in this pull request?

Remove use of no longer supported library (it is now archived). Bump to latest version of newer library.

This version is used with pgx v4. In pgx v5 it is part of the https://github.com/jackc/pgx repository. This v4 version will reach end-of-life on July 1, 2025. Only security bug fixes will be made to this version.

This is important to improve the readability of release notes.

Setup process

Screenshots

Check all the applicable boxes

  • I updated the documentation accordingly.
  • All new and existing tests passed.
  • All commits are signed-off.

Related PRs

Docs link

@Sovietaced
Remove use of unsupported pgconn library
d802b3f 
Signed-off-by: Jason Parraga <sovietaced@gmail.com>
@Sovietaced Sovietaced added housekeeping Issues that help maintain flyte and keep it tech-debt free dependencies Pull requests that update a dependency file security Issues related to Security improvements labels Apr 16, 2026
@Sovietaced Sovietaced mentioned this pull request Apr 16, 2026
Draft
3 tasks
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 16, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 56.95%. Comparing base (bc223e3) to head (d802b3f).

Files with missing lines Patch % Lines
datacatalog/pkg/repositories/errors/postgres.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #7217      +/-   ##
==========================================
- Coverage   56.95%   56.95%   -0.01%     
==========================================
  Files         931      931              
  Lines       58234    58229       -5     
==========================================
- Hits        33169    33164       -5     
- Misses      22014    22015       +1     
+ Partials     3051     3050       -1
Flag Coverage Δ
unittests-datacatalog 53.51% <0.00%> (ø)
unittests-flyteadmin 53.13% <100.00%> (-0.01%) ⬇️
unittests-flytecopilot 43.06% <ø> (ø)
unittests-flytectl 64.09% <ø> (-0.05%) ⬇️
unittests-flyteidl 75.71% <ø> (ø)
unittests-flyteplugins 60.17% <ø> (ø)
unittests-flytepropeller 53.71% <ø> (ø)
unittests-flytestdlib 62.62% <ø> (+0.04%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Sovietaced Sovietaced marked this pull request as ready for review April 16, 2026 02:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file housekeeping Issues that help maintain flyte and keep it tech-debt free security Issues related to Security improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Sovietaced