Ancient dependency versions in go.mod
I tried out self-hosting Commento earlier today but hit a roadblock early on. On startup, Commento throws out the following error message:
[ERROR] database_connect.go:31 dbConnect(): cannot talk to postgres, retrying in 10 seconds (4 attempts left): pq: unknown authentication response: 10
After a bit of digging online, I found out that this error message occurs because Commento doesn't support the SCRAM-SHA-256 authentication method (click here for more info). This authentication method has been supported by Commento's dependency lib/pq since April 2019.
The problem is that Commento is using a lib/pq version from May 2018 in its
go.mod file. The same goes for many of the dependencies that are listed in this file.
Please update Commento's dependencies and keep them updated going forward so that users don't miss out on important security fixes and improvements.