search

pganalyze / collector

pganalyze statistics collector for gathering PostgreSQL metrics and log data
https://pganalyze.com
Other
331 stars 57 forks source link

Upgrade go.uuid module #428

Closed jawnsy closed 1 year ago

jawnsy commented 1 year ago

Sysdig Secure reports the collector as being affected by CVE-2021-3538 due to an old version of github.com/satori/go.uuid:

image

Trivy does not report this finding when using trivy fs . from the root of the collector repo, though it does report a medium-severity issue related to the AWS Go SDK:

$ trivy fs .
2023-06-13T15:36:53.751-0700    INFO    Vulnerability scanning is enabled
2023-06-13T15:36:53.751-0700    INFO    Secret scanning is enabled
2023-06-13T15:36:53.751-0700    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-06-13T15:36:53.751-0700    INFO    Please see also https://aquasecurity.github.io/trivy/v0.41/docs/secret/scanning/#recommendation for faster secret detection
2023-06-13T15:36:57.020-0700    INFO    Number of language-specific files: 1
2023-06-13T15:36:57.020-0700    INFO    Detecting gomod vulnerabilities...

go.mod (gomod)

Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌───────────────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│          Library          │ Vulnerability │ Severity │ Installed Version │ Fixed Version │                           Title                            │
├───────────────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ github.com/aws/aws-sdk-go │ CVE-2020-8911 │ MEDIUM   │ 1.36.10           │               │ aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto  │
│                           │               │          │                   │               │ SDK for golang...                                          │
│                           │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2020-8911                  │
│                           ├───────────────┼──────────┤                   ├───────────────┼────────────────────────────────────────────────────────────┤
│                           │ CVE-2020-8912 │ LOW      │                   │               │ aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto │
│                           │               │          │                   │               │ SDK for golang...                                          │
│                           │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2020-8912                  │
└───────────────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘

I tried to update it, but running the following:

$ go get github.com/satori/go.uuid@latest
go: downloading github.com/satori/go.uuid v1.2.0
go: upgraded github.com/satori/go.uuid v0.0.0-20160713180306-0aa62d5ddceb => v1.2.0

$ go test ./..
go: inconsistent vendoring in /Users/jawnsy/projects/work/pganalyze-collector:
        github.com/satori/go.uuid@v1.2.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
        github.com/satori/go.uuid@v0.0.0-20160713180306-0aa62d5ddceb: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod

        To ignore the vendor directory, use -mod=readonly or -mod=mod.
        To sync the vendor directory, run:
                go mod vendor

$ go mod vendor
go: downloading github.com/aws/aws-sdk-go v1.36.10
go: downloading github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515
go: downloading github.com/guregu/null v0.0.0-20160228005316-41961cea0328
go: downloading github.com/lib/pq v1.10.7
go: downloading github.com/gedex/inflector v0.0.0-20161103042756-046f2c312046
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0
go: downloading github.com/fsnotify/fsnotify v1.4.9
go: downloading github.com/go-ini/ini v1.62.0
go: downloading github.com/hashicorp/go-retryablehttp v0.7.0
go: downloading golang.org/x/net v0.10.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs v1.0.0
go: downloading github.com/papertrail/go-tail v0.0.0-20180509224916-973c153b0431
go: downloading github.com/juju/syslog v0.0.0-20150205155936-6be94e8b7187
go: downloading github.com/shirou/gopsutil v3.21.10+incompatible
go: downloading github.com/ogier/pflag v0.0.0-20160129220114-45c278ab3607
go: downloading cloud.google.com/go/pubsub v1.8.1
go: downloading google.golang.org/protobuf v1.25.0
go: downloading google.golang.org/api v0.32.0
go: downloading cloud.google.com/go v0.68.0
go: downloading github.com/getsentry/raven-go v0.0.0-20161115135411-3f7439d3e74d
go: downloading github.com/gorhill/cronexpr v0.0.0-20160318121724-f0984319b442
go: downloading github.com/AlecAivazis/survey/v2 v2.2.1
go: downloading gopkg.in/mcuadros/go-syslog.v2 v2.3.0
go: downloading github.com/pganalyze/pg_query_go/v4 v4.2.1
go: downloading golang.org/x/sys v0.8.0
go: downloading github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0
go: downloading github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0
go: downloading golang.org/x/crypto v0.9.0
go: downloading github.com/Azure/go-amqp v1.0.0
go: downloading github.com/StackExchange/wmi v0.0.0-20150520194626-f3e2bae1e0cb
go: downloading github.com/tklauser/go-sysconf v0.3.9
go: downloading github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d
go: downloading github.com/golang/protobuf v1.4.2
go: downloading go.opencensus.io v0.22.4
go: downloading google.golang.org/genproto v0.0.0-20201002142447-3860012362da
go: downloading google.golang.org/grpc v1.32.0
go: downloading github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
go: downloading golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43
go: downloading github.com/go-ole/go-ole v0.0.0-20160708033836-be49f7c07711
go: downloading github.com/jstemmer/go-junit-report v0.9.1
go: downloading golang.org/x/lint v0.0.0-20200302205851-738671d3881b
go: downloading golang.org/x/tools v0.6.0
go: downloading github.com/tklauser/numcpus v0.3.0
go: downloading github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b
go: downloading golang.org/x/term v0.8.0
go: downloading github.com/golang-jwt/jwt/v4 v4.5.0
go: downloading github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e

Results in a very large diff (I don't work with Go projects using vendoring, so I don't know if this is expected behavior or not):

$ git status
On branch upgrade-go-uuid
Changes not staged for commit:
  (use "git add/rm <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
        modified:   go.mod
        modified:   go.sum
        deleted:    vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/dwarf/testdata/typedef.c
        deleted:    vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/elf/testdata/hello.c
        deleted:    vendor/cloud.google.com/go/cmd/go-cloud-debug-agent/internal/debug/gosym/pclinetest.h
        deleted:    vendor/cloud.google.com/go/pubsub/internal/benchwrapper/proto/pubsub.proto
        deleted:    vendor/cloud.google.com/go/rpcreplay/proto/intstore/intstore.proto
        deleted:    vendor/cloud.google.com/go/rpcreplay/proto/rpcreplay/rpcreplay.proto
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/amapi.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/attmap.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/attnum.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/clog.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/commit_ts.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/detoast.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/genam.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/gin.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/htup.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/htup_details.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/itup.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/parallel.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/printtup.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/relation.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/relscan.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/rmgr.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/rmgrlist.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/sdir.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/skey.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/stratnum.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/sysattr.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/table.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/tableam.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/toast_compression.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/transam.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/tupconvert.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/tupdesc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/tupmacs.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/twophase.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/xact.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/xlog.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/xlog_internal.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/xlogdefs.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/xlogprefetcher.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/xlogreader.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/xlogrecord.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/access/xlogrecovery.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/c.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/catalog.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/catversion.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/dependency.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/genbki.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/index.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/indexing.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/namespace.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/objectaccess.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/objectaddress.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_aggregate.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_aggregate_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_am.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_am_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_attribute.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_attribute_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_authid.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_authid_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_class.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_class_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_collation.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_collation_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_constraint.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_constraint_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_control.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_conversion.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_conversion_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_depend.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_depend_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_event_trigger.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_event_trigger_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_index.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_index_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_language.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_language_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_namespace.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_namespace_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_opclass.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_opclass_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_operator.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_operator_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_opfamily.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_opfamily_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_parameter_acl.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_parameter_acl_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_partitioned_table.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_partitioned_table_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_proc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_proc_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_publication.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_publication_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_replication_origin.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_replication_origin_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_statistic.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_statistic_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_statistic_ext.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_statistic_ext_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_transform.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_transform_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_trigger.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_trigger_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_ts_config.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_ts_config_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_ts_dict.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_ts_dict_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_ts_parser.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_ts_parser_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_ts_template.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_ts_template_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_type.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/pg_type_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/catalog/storage.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/async.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/dbcommands.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/defrem.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/event_trigger.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/explain.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/prepare.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/tablespace.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/trigger.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/user.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/vacuum.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/commands/variable.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/common/file_perm.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/common/hashfn.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/common/ip.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/common/keywords.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/common/kwlookup.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/common/pg_prng.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/common/relpath.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/common/string.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/common/unicode_combining_table.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/common/unicode_east_asian_fw_table.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/datatype/timestamp.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/executor/execdesc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/executor/executor.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/executor/functions.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/executor/instrument.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/executor/spi.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/executor/tablefunc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/executor/tuptable.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/fmgr.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/funcapi.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/getaddrinfo.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/jit/jit.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/kwlist_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/lib/dshash.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/lib/ilist.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/lib/pairingheap.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/lib/simplehash.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/lib/sort_template.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/lib/stringinfo.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/libpq/auth.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/libpq/crypt.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/libpq/hba.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/libpq/libpq-be.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/libpq/libpq.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/libpq/pqcomm.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/libpq/pqformat.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/libpq/pqsignal.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/mb/pg_wchar.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/mb/stringinfo_mb.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/miscadmin.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/bitmapset.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/execnodes.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/extensible.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/lockoptions.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/makefuncs.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/memnodes.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/nodeFuncs.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/nodes.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/params.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/parsenodes.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/pathnodes.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/pg_list.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/plannodes.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/primnodes.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/print.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/tidbitmap.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/nodes/value.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/optimizer/cost.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/optimizer/geqo.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/optimizer/geqo_gene.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/optimizer/optimizer.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/optimizer/paths.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/optimizer/planmain.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/analyze.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/gram.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/gramparse.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/kwlist.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/parse_agg.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/parse_coerce.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/parse_expr.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/parse_func.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/parse_node.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/parse_oper.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/parse_relation.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/parse_type.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/parser.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/parsetree.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/scanner.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/parser/scansup.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/partitioning/partdefs.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_config.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_config_ext.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_config_manual.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_config_os.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_getopt.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_query.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_query_enum_defs.c
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_query_fingerprint_conds.c
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_query_fingerprint_defs.c
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_query_json_helper.c
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_query_outfuncs_conds.c
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_query_outfuncs_defs.c
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_query_readfuncs_conds.c
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_query_readfuncs_defs.c
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pg_trace.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pgstat.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pgtime.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pl_gram.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pl_reserved_kwlist.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pl_reserved_kwlist_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pl_unreserved_kwlist.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/pl_unreserved_kwlist_d.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/plerrcodes.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/plpgsql.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port/atomics.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port/atomics/arch-arm.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port/atomics/arch-ppc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port/atomics/arch-x86.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port/atomics/fallback.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port/atomics/generic-gcc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port/atomics/generic.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port/pg_bitutils.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port/pg_bswap.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/port/pg_crc32c.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/portability/instr_time.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postgres.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postgres_ext.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/autovacuum.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/auxprocess.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/bgworker.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/bgworker_internals.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/bgwriter.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/fork_process.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/interrupt.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/pgarch.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/postmaster.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/startup.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/syslogger.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/postmaster/walwriter.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/protobuf-c.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/protobuf-c/protobuf-c.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/protobuf/pg_query.pb-c.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/protobuf/pg_query.pb.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/regex/regex.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/replication/logicallauncher.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/replication/logicalproto.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/replication/logicalworker.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/replication/origin.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/replication/reorderbuffer.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/replication/slot.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/replication/syncrep.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/replication/walreceiver.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/replication/walsender.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/rewrite/prs2lock.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/rewrite/rewriteHandler.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/rewrite/rewriteManip.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/rewrite/rewriteSupport.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/backendid.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/block.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/buf.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/bufmgr.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/bufpage.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/condition_variable.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/dsm.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/dsm_impl.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/fd.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/fileset.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/ipc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/item.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/itemid.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/itemptr.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/large_object.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/latch.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/lmgr.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/lock.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/lockdefs.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/lwlock.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/lwlocknames.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/off.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/pg_sema.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/pg_shmem.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/pmsignal.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/predicate.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/proc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/procarray.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/proclist_types.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/procsignal.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/relfilenode.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/s_lock.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/sharedfileset.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/shm_mq.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/shm_toc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/shmem.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/sinval.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/sinvaladt.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/smgr.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/spin.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/standby.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/standbydefs.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/storage/sync.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/tcop/cmdtag.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/tcop/cmdtaglist.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/tcop/deparse_utility.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/tcop/dest.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/tcop/fastpath.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/tcop/pquery.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/tcop/tcopprot.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/tcop/utility.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/tsearch/ts_cache.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/acl.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/aclchk_internal.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/array.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/backend_progress.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/backend_status.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/builtins.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/bytea.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/catcache.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/date.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/datetime.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/datum.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/dsa.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/dynahash.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/elog.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/errcodes.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/expandeddatum.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/expandedrecord.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/float.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/fmgroids.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/fmgrprotos.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/fmgrtab.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/guc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/guc_tables.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/hsearch.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/inval.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/lsyscache.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/memdebug.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/memutils.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/numeric.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/palloc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/partcache.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/pg_locale.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/pg_lsn.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/pgstat_internal.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/pidfile.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/plancache.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/portal.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/probes.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/ps_status.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/queryenvironment.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/queryjumble.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/regproc.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/rel.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/relcache.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/reltrigger.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/resowner.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/rls.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/ruleutils.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/sharedtuplestore.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/snapmgr.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/snapshot.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/sortsupport.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/syscache.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/timeout.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/timestamp.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/tuplesort.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/tuplestore.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/typcache.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/tzparser.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/varlena.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/wait_event.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/utils/xml.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/xxhash.h
        deleted:    vendor/github.com/pganalyze/pg_query_go/v4/parser/include/xxhash/xxhash.h
        modified:   vendor/github.com/satori/go.uuid/.travis.yml
        modified:   vendor/github.com/satori/go.uuid/LICENSE
        modified:   vendor/github.com/satori/go.uuid/README.md
        modified:   vendor/github.com/satori/go.uuid/uuid.go
        deleted:    vendor/github.com/shirou/gopsutil/host/freebsd_headers/utxdb.h
        deleted:    vendor/go.opencensus.io/examples/grpc/proto/helloworld.proto
        deleted:    vendor/go.opencensus.io/internal/testpb/test.proto
        deleted:    vendor/google.golang.org/appengine/internal/blobstore/blobstore_service.proto
        deleted:    vendor/google.golang.org/appengine/internal/capability/capability_service.proto
        deleted:    vendor/google.golang.org/appengine/internal/channel/channel_service.proto
        deleted:    vendor/google.golang.org/appengine/internal/image/images_service.proto
        deleted:    vendor/google.golang.org/appengine/internal/mail/mail_service.proto
        deleted:    vendor/google.golang.org/appengine/internal/memcache/memcache_service.proto
        deleted:    vendor/google.golang.org/appengine/internal/search/search.proto
        deleted:    vendor/google.golang.org/appengine/internal/system/system_service.proto
        deleted:    vendor/google.golang.org/appengine/internal/taskqueue/taskqueue_service.proto
        deleted:    vendor/google.golang.org/appengine/internal/user/user_service.proto
        deleted:    vendor/google.golang.org/appengine/internal/xmpp/xmpp_service.proto
        deleted:    vendor/google.golang.org/grpc/benchmark/grpc_testing/control.proto
        deleted:    vendor/google.golang.org/grpc/benchmark/grpc_testing/messages.proto
        deleted:    vendor/google.golang.org/grpc/benchmark/grpc_testing/payloads.proto
        deleted:    vendor/google.golang.org/grpc/benchmark/grpc_testing/services.proto
        deleted:    vendor/google.golang.org/grpc/benchmark/grpc_testing/stats.proto
        deleted:    vendor/google.golang.org/grpc/interop/grpc_testing/test.proto
        deleted:    vendor/google.golang.org/grpc/profiling/proto/service.proto
        deleted:    vendor/google.golang.org/grpc/reflection/grpc_reflection_v1alpha/reflection.proto
        deleted:    vendor/google.golang.org/grpc/reflection/grpc_testing/proto2.proto
        deleted:    vendor/google.golang.org/grpc/reflection/grpc_testing/proto2_ext.proto
        deleted:    vendor/google.golang.org/grpc/reflection/grpc_testing/proto2_ext2.proto
        deleted:    vendor/google.golang.org/grpc/reflection/grpc_testing/test.proto
        deleted:    vendor/google.golang.org/grpc/reflection/grpc_testingv3/testv3.proto
        deleted:    vendor/google.golang.org/grpc/stats/grpc_testing/test.proto
        deleted:    vendor/google.golang.org/grpc/stress/grpc_testing/metrics.proto
        deleted:    vendor/google.golang.org/grpc/test/codec_perf/perf.proto
        deleted:    vendor/google.golang.org/grpc/test/grpc_testing/test.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/annotations/annotations.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/comments/comments.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/comments/deprecated.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/extensions/base/base.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/extensions/ext/ext.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/extensions/extra/extra.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/extensions/proto3/ext3.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/fieldnames/fieldnames.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/import_public/a.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/import_public/b.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/import_public/c.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/import_public/sub/a.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/import_public/sub/b.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/import_public/sub2/a.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/imports/fmt/m.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/imports/test_a_1/m1.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/imports/test_a_1/m2.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/imports/test_a_2/m3.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/imports/test_a_2/m4.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/imports/test_b_1/m1.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/imports/test_b_1/m2.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/imports/test_import_a1m1.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/imports/test_import_a1m2.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/imports/test_import_all.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/issue780_oneof_conflict/test.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/nopackage/nopackage.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/proto2/enum.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/proto2/fields.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/proto2/nested_messages.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/proto2/proto2.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/proto3/enum.proto
        deleted:    vendor/google.golang.org/protobuf/cmd/protoc-gen-go/testdata/proto3/fields.proto
        modified:   vendor/modules.txt

Untracked files:
  (use "git add <file>..." to include in what will be committed)
        vendor/github.com/satori/go.uuid/codec.go
        vendor/github.com/satori/go.uuid/generator.go
        vendor/github.com/satori/go.uuid/sql.go

no changes added to commit (use "git add" and/or "git commit -a")

I also cannot run tests, presumably because I'm on a Mac or because I'm missing some system dependencies:

$ go test ./...
# github.com/pganalyze/pg_query_go/v4/parser
vendor/github.com/pganalyze/pg_query_go/v4/parser/parser.go:13:10: fatal error: 'pg_query.h' file not found
#include "pg_query.h"
         ^~~~~~~~~~~~
1 error generated.
# github.com/shirou/gopsutil/disk
iostat_darwin.c:28:2: warning: 'IOMasterPort' is deprecated: first deprecated in macOS 12.0 [-Wdeprecated-declarations]
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/IOKit.framework/Headers/IOKitLib.h:143:1: note: 'IOMasterPort' has been explicitly marked deprecated here
# github.com/shirou/gopsutil/host
smc_darwin.c:75:41: warning: 'kIOMasterPortDefault' is deprecated: first deprecated in macOS 12.0 [-Wdeprecated-declarations]
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/System/Library/Frameworks/IOKit.framework/Headers/IOKitLib.h:133:19: note: 'kIOMasterPortDefault' has been explicitly marked deprecated here
?       github.com/pganalyze/collector/helper   [no test files]
?       github.com/pganalyze/collector/logs/util        [no test files]
?       github.com/pganalyze/collector/output/pganalyze_collector       [no test files]
FAIL    github.com/pganalyze/collector/config [build failed]
FAIL    github.com/pganalyze/collector/input/system/azure [build failed]
FAIL    github.com/pganalyze/collector/input/system/heroku [build failed]
FAIL    github.com/pganalyze/collector/logs [build failed]
FAIL    github.com/pganalyze/collector/logs/querysample [build failed]
FAIL    github.com/pganalyze/collector/logs/stream [build failed]
FAIL    github.com/pganalyze/collector/output/transform [build failed]
FAIL    github.com/pganalyze/collector/scheduler [build failed]
?       github.com/pganalyze/collector/setup/log        [no test files]
?       github.com/pganalyze/collector/setup/query      [no test files]
?       github.com/pganalyze/collector/setup/util       [no test files]
FAIL    github.com/pganalyze/collector/state [build failed]
FAIL    github.com/pganalyze/collector/util [build failed]
FAIL
lfittl commented 1 year ago

@jawnsy Thanks for the report - weird why this wasn't flagged by Dependabot, which generally works fine for Go modules.

I've opened a PR to fix this: #429

Also, for future reference, see the steps here on how to vendor in this repo: https://github.com/pganalyze/collector/blob/main/CONTRIBUTING.md#setup-for-updating-dependencies

lfittl commented 1 year ago

Trivy does not report this finding when using trivy fs . from the root of the collector repo, though it does report a medium-severity issue related to the AWS Go SDK:

Oh, and on the AWS Go SDK report, that particular CVE would not apply to the collector (the S3 portions of the SDK are not in use).

jawnsy commented 1 year ago

Thanks for the quick triage/fix, and for the link to the contributing doc!