fix(cve): cve-2026-33816 - pgx memory-safety

[vmrh21]

summary

update github.com/jackc/pgx/v5 from v5.9.0 to v5.9.2 to resolve memory-safety vulnerability.

cve details

• cve id: CVE-2026-33816
• package: github.com/jackc/pgx/v5
• severity: memory-safety vulnerability
• vulnerable versions: < v5.9.2
• fixed version: v5.9.2
• jira issues: RHOAIENG-57063

changes

• update jackc/pgx/v5 v5.9.0 → v5.9.2 in maas-api/go.mod

test results

status: ✅ all tests passed
test command: go test ./...
result: PASSED

test summary

• cmd: PASS
• internal/api_keys: PASS
• internal/auth: PASS
• internal/config: PASS
• internal/handlers: PASS
• internal/subscription: PASS

breaking changes

none — minor version patch update within the same v5.x line.

testing checklist

• pre-pr automated tests executed
• go test ./... passes
• verify cve is resolved with security scan
• ci/cd pipeline passes

risk assessment

risk level: low — patch update within same major/minor version.

resolves: RHOAIENG-57063

---

🤖 generated by cve fixer workflow