1. show how old dependency vulnerabilities can be solved

2. solved toolchain golan problem 3. explain how to generate go.mod with compatible with old versions
avito-tech · Aug 30, 2024 · 10e0dfc · 10e0dfc
1 parent 7e23ec2
commit 10e0dfc
Show file tree

Hide file tree

Showing 11 changed files with 352 additions and 23 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -8,6 +8,7 @@ on:
 name: Test
 env:
   OS_TARGET: ubuntu-latest
+  GOTOOLCHAIN: local
 jobs:
   tests-units:
     needs: [lint]

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [2.0.0-rc-9.5] - 2024-08-09
 
+### Fixed
+
+- CI/CD passed always even if some of them failed.
+
 ### Changes
 
 - Bumped tests up to go1.22.

diff --git a/README.md b/README.md
@@ -42,6 +42,14 @@ For example `go get github.com/avito-tech/go-transaction-manager/drivers/sqlx/v2
 The library is compatible with the most recent two versions of Go.
 Compatibility beyond that is not guaranteed.
 
+The critical bugs are firstly solved for the most recent two Golang versions and then for older ones if it is simple.
+
+#### Disclaimer: Keep your dependencies up to date, even indirect ones.
+
+`go get -u && go mod tidy` helps you.
+
+**Note**: The go-transaction-manager uses some old dependencies to support backwards compatibility for old versions of Go.
+
 ## Usage
 
 **To use multiple transactions from different databases**, you need to set CtxKey in [Settings](trm/settings.go)
@@ -162,21 +170,42 @@ func (r *repo) Save(ctx context.Context, u *user) error {
 
 ## Contribution
 
-1. To local development sync dependencies use `make go.work.sync`.
-2. After finalizing of changes bump up version in all drivers.
-
-* To install all dependencies use `make go.mod.tidy` or `make go.mod.vendor`.
-* To run all tests use `make go.test` or `make go.test.with_real_db` for integration tests.
-
 ### Requirements
 
 - [golangci-lint](https://golangci-lint.run/welcome/install/)
 
 ### Local Running
 
+1. `make go.work.sync` syncs dependencies for local development.
+2. After finalizing of changes bump up version for all drivers.
+
+* To install all dependencies use `make go.mod.tidy` or `make go.mod.vendor`.
+* To run all tests use `make go.test` or `make go.test.with_real_db` for integration tests.
+
 To run database by docker, there is [docker-compose.yaml](trm/drivers/test/docker-compose.yaml).
 ```bash
 docker compose -f trm/drivers/test/docker-compose.yaml up
 ```
 
 For full GitHub Actions run, you can use [act](https://github.com/nektos/act).
+
+#### Running old go versions 
+
+```sh
+go install go1.16 # or older version
+go1.16 install
+```
+
+To run some tests
+```
+go1.16 test -race -mod=readonly ./...
+```
+
+To build `go.mod` compatible for old version use `go mod tidy -compat=1.13` ([docs](https://go.dev/ref/mod#go-mod-tidy)).
+
+### How to bump up Golang version in CI/CD
+
+All changes happen in [.github/workflows/main.yaml](.github/workflows/main.yaml).
+1. Add all old version of Go in `go-version:` for `tests-units` job.
+2. Update `go-version:` on current version of Go for `lint` and `tests-integration` jobs.
+3. 
diff --git a/go.work b/go.work
@@ -1,4 +1,4 @@
-go 1.22
+go 1.21
 
 use (
 	./drivers/goredis8
@@ -9,4 +9,6 @@ use (
 	./drivers/sql
 	./drivers/sqlx
 	./trm
+	./trm/internal/benchmark/with_or_without_trm
+	trm/internal/prove_receiving_updates_without_vulnerabilities
 )
diff --git a/go.work.sum b/go.work.sum
@@ -55,4 +55,4 @@ golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 gopkg.in/errgo.v2 v2.1.0 h1:0vLT13EuvQ0hNvakwLuFZ/jYrLp5F3kcWHXdRggjCE8=
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec h1:RlWgLqCMMIYYEVcAR5MDsuHlVkaIPDAF+5Dehzg8L5A=
-honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=
+honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=
diff --git a/trm/internal/benchmark/with_or_without_trm/go.mod b/trm/internal/benchmark/with_or_without_trm/go.mod
@@ -3,8 +3,19 @@ module with_or_without_trm
 go 1.22
 
 require (
-	github.com/avito-tech/go-transaction-manager/drivers/sql/v2 v2.0.0-rc6 // indirect
-	github.com/avito-tech/go-transaction-manager/trm/v2 v2.0.0-rc9 // indirect
-	go.uber.org/atomic v1.7.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
+	github.com/DATA-DOG/go-sqlmock v1.5.1
+	github.com/avito-tech/go-transaction-manager/drivers/sqlx/v2 v2.0.0-rc9.2
+	github.com/avito-tech/go-transaction-manager/trm/v2 v2.0.0-rc9.2
+	github.com/jmoiron/sqlx v1.4.0
+	github.com/mattn/go-sqlite3 v1.14.22
+	github.com/stretchr/testify v1.8.2
+)
+
+require (
+	github.com/avito-tech/go-transaction-manager/drivers/sql/v2 v2.0.0-rc9.2 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/text v0.16.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/trm/internal/benchmark/with_or_without_trm/go.sum b/trm/internal/benchmark/with_or_without_trm/go.sum
@@ -1,33 +1,50 @@
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+github.com/DATA-DOG/go-sqlmock v1.5.1 h1:FK6RCIUSfmbnI/imIICmboyQBkOckutaa6R5YYlLZyo=
 github.com/DATA-DOG/go-sqlmock v1.5.1/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
-github.com/avito-tech/go-transaction-manager/drivers/sql/v2 v2.0.0-rc6/go.mod h1:00Cif8xUIQfAtpQ5cuPt9T9dDNJ9bGcY9ev/JpcR0tc=
-github.com/avito-tech/go-transaction-manager/drivers/sql/v2 v2.0.0-rc9 h1:TIcnwSLHpUT/USqsGtPQnGWui6VqukkmsoNadOuJ0bY=
-github.com/avito-tech/go-transaction-manager/drivers/sql/v2 v2.0.0-rc9/go.mod h1:z+OU3T2cEEogRkrGqpbN8teOYasVzNuAJuUcM+T2JIM=
-github.com/avito-tech/go-transaction-manager/drivers/sqlx/v2 v2.0.0-rc6/go.mod h1:WkB+h0Fx4qiLAgeFw1xLc1gGwqhOdtndUUmHC6Cww/M=
-github.com/avito-tech/go-transaction-manager/trm/v2 v2.0.0-rc6/go.mod h1:efBmVaj9GiucjXsVk7rIwgWXsfoS+1XJqLF9g4TKKZE=
-github.com/avito-tech/go-transaction-manager/trm/v2 v2.0.0-rc8/go.mod h1:70UhdxnEKj+no0/bTVxsAZ7scTb2+2DagtZu5OZ6bRg=
-github.com/avito-tech/go-transaction-manager/trm/v2 v2.0.0-rc9 h1:30yJLAEPWrAjLFqXNZcrdIeWMMHaY9ASkvLZUmsG4/k=
-github.com/avito-tech/go-transaction-manager/trm/v2 v2.0.0-rc9/go.mod h1:70UhdxnEKj+no0/bTVxsAZ7scTb2+2DagtZu5OZ6bRg=
+github.com/avito-tech/go-transaction-manager/drivers/sql/v2 v2.0.0-rc9.1/go.mod h1:2pDyunC3mxoDcpEp8Gd0qxOYt5p8NLMlMZqW9Im35hY=
+github.com/avito-tech/go-transaction-manager/drivers/sql/v2 v2.0.0-rc9.2 h1:kSZb2Gjl30YXO4O6NEsWElOXWCXwG3rdrXpNH1AUPLg=
+github.com/avito-tech/go-transaction-manager/drivers/sql/v2 v2.0.0-rc9.2/go.mod h1:2pDyunC3mxoDcpEp8Gd0qxOYt5p8NLMlMZqW9Im35hY=
+github.com/avito-tech/go-transaction-manager/drivers/sqlx/v2 v2.0.0-rc9.2 h1:ei7Q9s95WPPEnALbyXoiHT/ji1e6osDaTUH1P1kyUG4=
+github.com/avito-tech/go-transaction-manager/drivers/sqlx/v2 v2.0.0-rc9.2/go.mod h1:GRYZ5PametBTkFFYYEYWcOh8IQT1cpxru7HRlYwiI9A=
+github.com/avito-tech/go-transaction-manager/trm/v2 v2.0.0-rc10/go.mod h1:qUNVecb/ahohzAvtGvjfWTeCOejgRRiO/2C4cDvtLjI=
+github.com/avito-tech/go-transaction-manager/trm/v2 v2.0.0-rc9.2 h1:z7VXuLvOl4TV676XRugs6LUZ64X2QoiKE37/j29VsNA=
+github.com/avito-tech/go-transaction-manager/trm/v2 v2.0.0-rc9.2/go.mod h1:qUNVecb/ahohzAvtGvjfWTeCOejgRRiO/2C4cDvtLjI=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
+github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
+github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
+github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
 github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
+github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/mattn/go-sqlite3 v1.14.18/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
@@ -36,14 +53,16 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
 go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
@@ -71,6 +90,8 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
@@ -80,7 +101,9 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/trm/internal/prove_receiving_updates_without_vulnerabilities/README.md b/trm/internal/prove_receiving_updates_without_vulnerabilities/README.md
@@ -0,0 +1,13 @@
+# Proving that TRM doesn't affect updates to newer version. 
+
+1. Install pgxv5 driver with old pgx version `github.com/jackc/pgx/[email protected]`
+
+   `GOWORK=off go get github.com/avito-tech/go-transaction-manager/drivers/pgxv5/[email protected]`
+2. In `go.mod` we see `github.com/jackc/pgx/v5 v5.5.1 // indirect`.
+3. Call `GOWORK=off go mod tidy && GOWORK=off go mod vendor` to install the old versions.
+4. Then, we can update `pgx` manually and see in `go.mod` the last version `github.com/jackc/pgx/v5 v5.6.0 // indirect`. 
+
+   `go get github.com/jackc/pgx/v5`
+   or
+   `go mod tidy`
+5. `go test ./...` to run [example_test.go](example_test.go)
diff --git a/trm/internal/prove_receiving_updates_without_vulnerabilities/example_test.go b/trm/internal/prove_receiving_updates_without_vulnerabilities/example_test.go
@@ -0,0 +1,122 @@
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/jackc/pgx/v5/pgxpool"
+
+	trmpgx "github.com/avito-tech/go-transaction-manager/drivers/pgxv5/v2"
+
+	"github.com/avito-tech/go-transaction-manager/trm/v2/manager"
+)
+
+// Example demonstrates the implementation of the Repository pattern by trm.Manager.
+func Example() {
+	ctx := context.Background()
+
+	uri := fmt.Sprintf("postgres://%s:%s@%s:%d/%s",
+		"user", "pass", "localhost", 5432, "db",
+	)
+
+	pool, err := pgxpool.New(ctx, uri)
+	checkErr(err)
+
+	defer pool.Close()
+
+	sqlStmt := `CREATE TABLE IF NOT EXISTS users_v5 (user_id SERIAL, username TEXT)`
+	_, err = pool.Exec(ctx, sqlStmt)
+	checkErr(err, sqlStmt)
+
+	r := newRepo(pool, trmpgx.DefaultCtxGetter)
+	trManager := manager.Must(trmpgx.NewDefaultFactory(pool))
+
+	u := &user{
+		Username: "username",
+	}
+
+	err = trManager.Do(ctx, func(ctx context.Context) error {
+		if err := r.Save(ctx, u); err != nil {
+			return err
+		}
+
+		return trManager.Do(ctx, func(ctx context.Context) error {
+			u.Username = "new_username"
+
+			return r.Save(ctx, u)
+		})
+	})
+	checkErr(err)
+
+	userFromDB, err := r.GetByID(ctx, u.ID)
+	checkErr(err)
+
+	fmt.Println(userFromDB)
+
+	// Output: &{1 new_username}
+}
+
+type repo struct {
+	db     *pgxpool.Pool
+	getter *trmpgx.CtxGetter
+}
+
+func newRepo(db *pgxpool.Pool, c *trmpgx.CtxGetter) *repo {
+	repo := &repo{
+		db:     db,
+		getter: c,
+	}
+
+	return repo
+}
+
+type user struct {
+	ID       int64
+	Username string
+}
+
+func (r *repo) GetByID(ctx context.Context, id int64) (*user, error) {
+	query := `SELECT * FROM users_v5 WHERE user_id=$1`
+
+	conn := r.getter.DefaultTrOrDB(ctx, r.db)
+	row := conn.QueryRow(ctx, query, id)
+
+	user := &user{}
+
+	err := row.Scan(&user.ID, &user.Username)
+	if err != nil {
+		return nil, err
+	}
+
+	return user, nil
+}
+
+func (r *repo) Save(ctx context.Context, u *user) error {
+	isNew := u.ID == 0
+	conn := r.getter.DefaultTrOrDB(ctx, r.db)
+
+	if !isNew {
+		query := `UPDATE users_v5 SET username = $1 WHERE user_id = $2`
+
+		if _, err := conn.Exec(ctx, query, u.Username, u.ID); err != nil {
+			return err
+		}
+
+		return nil
+	}
+
+	query := `INSERT INTO users_v5 (username) VALUES ($1) RETURNING user_id`
+
+	err := conn.QueryRow(ctx, query, u.Username).Scan(&u.ID)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func checkErr(err error, args ...interface{}) {
+	if err != nil {
+		panic(fmt.Sprint(append([]interface{}{err}, args...)...))
+	}
+}
diff --git a/trm/internal/prove_receiving_updates_without_vulnerabilities/go.mod b/trm/internal/prove_receiving_updates_without_vulnerabilities/go.mod
@@ -0,0 +1,20 @@
+module prove_receiving_updates_without_vulnerabilities
+
+go 1.22
+
+require (
+	github.com/avito-tech/go-transaction-manager/drivers/pgxv5/v2 v2.0.0-rc9.2
+	github.com/avito-tech/go-transaction-manager/trm/v2 v2.0.0-rc10
+	github.com/jackc/pgx/v5 v5.5.1
+)
+
+require (
+	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
+	github.com/jackc/puddle/v2 v2.2.1 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.9.0 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/sync v0.1.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+)