From 9be6eaa87c32dec8bbcfe0eef51e645969275b16 Mon Sep 17 00:00:00 2001 From: Mike Date: Wed, 22 Apr 2026 21:15:30 -0500 Subject: [PATCH] fix(deps): bump buger/jsonparser to v1.1.2 to clear DoS alert MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Transitive dep via mark3labs/mcp-go → invopop/jsonschema → wk8/go-ordered-map. Patches GHSA Denial of Service in github.com/buger/jsonparser (v1.1.1 → v1.1.2). All tests pass. Co-Authored-By: Claude Opus 4.7 (1M context) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9d88a74..6d19833 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( require ( github.com/apache/arrow-go/v18 v18.4.1 // indirect github.com/bahlo/generic-list-go v0.2.0 // indirect - github.com/buger/jsonparser v1.1.1 // indirect + github.com/buger/jsonparser v1.1.2 // indirect github.com/duckdb/duckdb-go-bindings v0.1.21 // indirect github.com/duckdb/duckdb-go-bindings/darwin-amd64 v0.1.21 // indirect github.com/duckdb/duckdb-go-bindings/darwin-arm64 v0.1.21 // indirect diff --git a/go.sum b/go.sum index 8cd2da1..7296aa0 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/apache/thrift v0.22.0 h1:r7mTJdj51TMDe6RtcmNdQxgn9XcyfGDOzegMDRg47uc= github.com/apache/thrift v0.22.0/go.mod h1:1e7J/O1Ae6ZQMTYdy9xa3w9k+XHWPfRvdPyJeynQ+/g= github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= -github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= +github.com/buger/jsonparser v1.1.2 h1:frqHqw7otoVbk5M8LlE/L7HTnIq2v9RX6EJ48i9AxJk= +github.com/buger/jsonparser v1.1.2/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/duckdb/duckdb-go-bindings v0.1.21 h1:bOb/MXNT4PN5JBZ7wpNg6hrj9+cuDjWDa4ee9UdbVyI=