Open stephenmayer opened 2 months ago
We don't use Postgres with Mercure, and we are on it for quic-go.
For quic-go, we're already use v0.40.1 https://github.com/dunglas/mercure/blob/v0.15.10/caddy/go.mod#L121. To upgrade to v0.42 (#886), we need a Caddy release that includes https://github.com/caddyserver/caddy/pull/6176 first.
CVE-2024-27289, CVE-2024-27304, GHSA-7jwh-3vrq-q3m8 Please update pgx to version >=
4.18.2
https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9pCVE-2024-27304
Please update pgproto3 to version >=
v2.3.3
https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8CVE-2024-22189, CVE-2023-49295 Please update quic-go to version
v.0.40.1
https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf