Skip to content

Conversation

@renovate
Copy link

@renovate renovate bot commented Aug 14, 2025

This PR contains the following updates:

Package Change Age Confidence
github.com/go-pg/pg/v10 v10.3.0 -> v10.15.0 age confidence

GitHub Vulnerability Alerts

CVE-2024-44905

go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.


Release Notes

go-pg/pg (github.com/go-pg/pg/v10)

v10.15.0

Compare Source

Important Security Update

This update includes a fix for a security issue, please update to this release as soon as possible.

Thank you @​martoche!

v10.14.0

Compare Source

  • Added support for comments on ORM generated queries (#​2011)
  • Make reader and writer buffers configurable (#​2014)
  • Bumped golang.org/x/crypto from 0.21.0 to 0.31.0 (#​2013, #​2015)

Thank you @​wwoytenko and @​tony2001

v10.13.0

Compare Source

  • Removed references to deprecated io/ioutil (#​2001)
  • Added password environment variable for easier testing (#​1996)
  • Bumped google.golang.org/protobuf from 1.25.0 to 1.33.0 (#​2000)
  • Bumped golang.org/x/net from 0.17.0 to 0.23.0 (#​2002)

Thank you @​DarrylWong and @​testwill

v10.12.0

Compare Source

  • Fixed invalid pointer dereference when accessing results (#​1990)
  • Updated minimum Golang version to v1.19.0 + go.mod cleanup (#​1992)
  • Bumped golang.org/x/net from 0.10.0 to 0.17.0 (#​1993)
  • Bumped gopkg.in/yaml.v3 from 3.0.0-20200313102051-9f266ea9e77c to 3.0.0 (#​1994)

Thank you @​fernandez14

v10.11.2

Compare Source

  • Improved memory allocation when working with multi-byte characters in appendRune (#​1988)
  • Added ToURL to *Options (#​1934)

Thank you @​dillonstreator and @​MateusVeloso!

v10.11.1

Compare Source

  • Fixed bug with how cancelled contexts are handled in SingleConnPool connections (#​1981)

Thank you @​xin-tsla!

v10.11.0

Compare Source

  • Updated dependency mellium.im/sasl from 0.2.1 to 0.3.1. (#​1969)

v10.10.7

Compare Source

  • Fixed race condition in notify listener.
  • Add shortcut WhereInOr.
  • Fixed bug in sending cancel request to terminate long running query.

v10.10.6

Compare Source

  • Updated OpenTelemetry to v1.0.0.

v10.10.5

Compare Source

Check CHANGELOG.md for details

v10.10.4

Compare Source

v10.10.3

Compare Source

v10.10.2

Compare Source

v10.10.1

Compare Source

v10.10.0

Compare Source

v10.9.3

Compare Source

v10.9.1

Compare Source

v10.9.0

Compare Source

v10.8.0

Compare Source

v10.7.7

Compare Source

v10.7.6

Compare Source

v10.7.5

Compare Source

v10.7.4

Compare Source

v10.7.3

Compare Source

v10.7.2

Compare Source

v10.7.1

Compare Source

v10.7.0

Compare Source

v10.6.2

Compare Source

v10.6.1

Compare Source

v10.6.0

Compare Source

v10.5.1

Compare Source

v10.5.0

Compare Source

v10.4.1

Compare Source

v10.4.0

Compare Source

v10.3.2

Compare Source

  • Improve known tag check

v10.3.1

Compare Source


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Copy link
Author

renovate bot commented Aug 14, 2025

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 2 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.13 -> 1.23.0
github.com/onsi/ginkgo v1.14.1 -> v1.14.2
github.com/onsi/gomega v1.10.2 -> v1.10.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants