From 25c4936eda6023cf9496da2b93be0a2a0d64984a Mon Sep 17 00:00:00 2001
From: "konflux-internal-p02[bot]"
 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
Date: Tue, 21 Apr 2026 03:27:42 +0000
Subject: [PATCH 1/3] chore(deps): update
 registry.access.redhat.com/ubi9/go-toolset docker digest to 1e1c895 (#357)

Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
Co-authored-by: konflux-internal-p02[bot] <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
---
 maas-api/Dockerfile.konflux | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/maas-api/Dockerfile.konflux b/maas-api/Dockerfile.konflux
index ae1fcb4ea..c9080e5e5 100644
--- a/maas-api/Dockerfile.konflux
+++ b/maas-api/Dockerfile.konflux
@@ -3,7 +3,7 @@ ARG GOLANG_VERSION=1.25
 ARG BUILDPLATFORM
 ARG TARGETPLATFORM
 
-FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi9/go-toolset@sha256:77bfb0f283eaa3215909342c3dda940605eff5b9f72d6dc18fad1d154d172d55 AS builder
+FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi9/go-toolset@sha256:1e1c89558f8bf86db3d88e5d5de0b6bd396ef948749a2c5d6a752ea46f35d4db AS builder
 ARG CGO_ENABLED=1
 ARG TARGETOS
 ARG TARGETARCH

From f035ac61d7d9b31b96915d9992b569ed9513c623 Mon Sep 17 00:00:00 2001
From: "konflux-internal-p02[bot]"
 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
Date: Tue, 21 Apr 2026 03:28:35 +0000
Subject: [PATCH 2/3] chore(deps): update
 registry.access.redhat.com/ubi9/ubi-minimal docker digest to 175bafd (#363)

Signed-off-by: konflux-internal-p02 <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
Co-authored-by: konflux-internal-p02[bot] <170854209+konflux-internal-p02[bot]@users.noreply.github.com>
---
 maas-api/Dockerfile.konflux | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/maas-api/Dockerfile.konflux b/maas-api/Dockerfile.konflux
index c9080e5e5..4987abb8f 100644
--- a/maas-api/Dockerfile.konflux
+++ b/maas-api/Dockerfile.konflux
@@ -16,7 +16,7 @@ COPY . .
 USER root
 RUN CGO_ENABLED=${CGO_ENABLED} GOEXPERIMENT=strictfipsruntime GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH:-amd64} go build -a -trimpath -ldflags="-s -w" -o maas-api ./cmd/
 
-FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal@sha256:fe688da81a696387ca53a4c19231e99289591f990c904ef913c51b6e87d4e4df
+FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal@sha256:175bafd5bc7893540ed6234bb979acfe3574fd6570e6762bbc527c757f854cea
 
 WORKDIR /app
 

From a80add719243f2a17d676fbc931223853743004e Mon Sep 17 00:00:00 2001
From: vmrh21 <bot@ambient-code.local>
Date: Tue, 21 Apr 2026 06:38:06 +0000
Subject: [PATCH 3/3] fix: cve-2026-33815 and cve-2026-33816 in pgx

update github.com/jackc/pgx/v5 from v5.7.6 to v5.9.2 to resolve
memory-safety vulnerabilities.

cve details:
- cve-2026-33815: memory-safety vulnerability in pgx
- cve-2026-33816: memory-safety vulnerability in pgx

resolves: rhoaieng-57067, rhoaieng-57063

co-authored-by: claude opus 4.6 <noreply@anthropic.com>
---
 maas-api/go.mod | 5 ++---
 maas-api/go.sum | 4 ++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/maas-api/go.mod b/maas-api/go.mod
index 7db74042d..34fb8a706 100644
--- a/maas-api/go.mod
+++ b/maas-api/go.mod
@@ -1,6 +1,6 @@
 module github.com/opendatahub-io/models-as-a-service/maas-api
 
-go 1.25
+go 1.25.0
 
 require (
 	github.com/gin-contrib/cors v1.7.6
@@ -20,7 +20,7 @@ require (
 )
 
 require (
-	github.com/jackc/pgx/v5 v5.7.6
+	github.com/jackc/pgx/v5 v5.9.2
 	github.com/mattn/go-sqlite3 v1.14.32
 )
 
@@ -104,7 +104,6 @@ require (
 	github.com/prometheus/procfs v0.17.0 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
-	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/tidwall/gjson v1.18.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
diff --git a/maas-api/go.sum b/maas-api/go.sum
index 6d0b4387c..46bc31942 100644
--- a/maas-api/go.sum
+++ b/maas-api/go.sum
@@ -214,8 +214,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk=
-github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M=
+github.com/jackc/pgx/v5 v5.9.2 h1:3ZhOzMWnR4yJ+RW1XImIPsD1aNSz4T4fyP7zlQb56hw=
+github.com/jackc/pgx/v5 v5.9.2/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY=