From fa5e0f5e4c9834c201872e7ae7ed6dcc21e86231 Mon Sep 17 00:00:00 2001 From: Hongming Wang Date: Mon, 27 Apr 2026 06:54:13 -0700 Subject: [PATCH] =?UTF-8?q?deps(redis):=20bump=20go-redis/v9=20v9.7.0=20?= =?UTF-8?q?=E2=86=92=20v9.7.3=20(GHSA-92cp-5422-2mw7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes the LOW-severity dependabot alert on workspace-server's go-redis pin. Upstream advisory GHSA-92cp-5422-2mw7: "go-redis allows potential out-of-order responses when CLIENT SETINFO times out" — fixed in 9.7.3. Patch bump within the v9.7 line; semver guarantees no API change. Full workspace-server test suite passes (18/18 packages clean). Co-Authored-By: Claude Opus 4.7 (1M context) --- workspace-server/go.mod | 2 +- workspace-server/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/workspace-server/go.mod b/workspace-server/go.mod index e572c25d..d41d8895 100644 --- a/workspace-server/go.mod +++ b/workspace-server/go.mod @@ -18,7 +18,7 @@ require ( github.com/gorilla/websocket v1.5.3 github.com/lib/pq v1.10.9 github.com/opencontainers/image-spec v1.1.1 - github.com/redis/go-redis/v9 v9.7.0 + github.com/redis/go-redis/v9 v9.7.3 github.com/robfig/cron/v3 v3.0.1 golang.org/x/crypto v0.49.0 gopkg.in/yaml.v3 v3.0.1 diff --git a/workspace-server/go.sum b/workspace-server/go.sum index 5133305b..2e944a72 100644 --- a/workspace-server/go.sum +++ b/workspace-server/go.sum @@ -127,8 +127,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E= -github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw= +github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0wM= +github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=