Commit da2a5cfa authored by Steve Purcell's avatar Steve Purcell
Browse files

sqlint: update deps to eliminate vulnerable dependency 

See #351833

Gemfile: ./pkgs/development/tools/sqlint/Gemfile.lock
Name: google-protobuf
Version: 3.25.0
CVE: CVE-2024-7254
GHSA: GHSA-735f-pc8j-v9w8
Criticality: High
URL: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8
Title: protobuf-java has potential Denial of Service issue
Solution: upgrade to '~> 3.25.5', '~> 4.27.5', '>= 4.28.2'
parent 74411387

pkgs/development/tools/sqlint/Gemfile.lock

+1 −1
Original line number Diff line number Diff line 
GEM

  remote: https://rubygems.org/

  specs:

    google-protobuf (3.25.0)

    google-protobuf (3.25.5)

    pg_query (4.2.3)

      google-protobuf (>= 3.22.3)

    sqlint (0.3.0)

pkgs/development/tools/sqlint/gemset.nix

+2 −2
Original line number Diff line number Diff line
@@ -4,10 +4,10 @@ 
    platforms = [];

    source = {

      remotes = ["https://rubygems.org"];

      sha256 = "18d1w5j7vjaza3v1ig9j7zyis04kxqdkb1272vbgncxn03ck45mm";

      sha256 = "0fanhdf3vzghma51w1hqpp8s585mwzxgqkwvxj5is4q9j0pgwcs3";

      type = "gem";

    };

    version = "3.25.0";

    version = "3.25.5";

  };

  pg_query = {

    dependencies = ["google-protobuf"];