From d115f9ebc4444c628269297f6d7ec427f7e5cf00 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Mar 2024 10:13:33 +0000
Subject: [chore]: Bump github.com/jackc/pgx/v5 from 5.5.3 to 5.5.5 (#2747)

---
 vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'vendor/github.com/jackc/pgx/v5/internal')

diff --git a/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go b/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
index f9091cd48..df58c4484 100644
--- a/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
+++ b/vendor/github.com/jackc/pgx/v5/internal/sanitize/sanitize.go
@@ -63,6 +63,10 @@ func (q *Query) Sanitize(args ...any) (string, error) {
 				return "", fmt.Errorf("invalid arg type: %T", arg)
 			}
 			argUse[argIdx] = true
+
+			// Prevent SQL injection via Line Comment Creation
+			// https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p
+			str = " " + str + " "
 		default:
 			return "", fmt.Errorf("invalid Part type: %T", part)
 		}
-- 
cgit v1.3