build(deps): bump the go-dev-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the go-dev-dependencies group with 7 updates in the / directory:

Package	From	To
github.com/go-playground/validator/v10	10.29.0	10.30.1
github.com/opensearch-project/opensearch-go/v4	4.5.0	4.6.0
github.com/go-openapi/spec	0.22.2	0.22.3
github.com/goccy/go-yaml	1.19.0	1.19.1
github.com/jackc/pgx/v5	5.7.6	5.8.0
github.com/moby/go-archive	0.1.0	0.2.0
github.com/quic-go/quic-go	0.57.1	0.58.0

Updates github.com/go-playground/validator/v10 from 10.29.0 to 10.30.1

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

Release 10.30.1

What's Changed

• Feat: uds_exists validator by @​barash-asenov in go-playground/validator#1482
• fix: Revert min limit of e164 regex by @​zemzale in go-playground/validator#1516
• Fix 1513 update ISO 3166-2 codes by @​xyz27900 in go-playground/validator#1514

New Contributors

• @​barash-asenov made their first contribution in go-playground/validator#1482
• @​xyz27900 made their first contribution in go-playground/validator#1514

Full Changelog: go-playground/validator@v10.30.0...v10.30.1

Release 10.30.0

What's Changed

• Bump golang.org/x/crypto from 0.45.0 to 0.46.0 by @​dependabot[bot] in go-playground/validator#1504
• Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 by @​dependabot[bot] in go-playground/validator#1505
• docs: document omitzero by @​minoritea in go-playground/validator#1509
• fix: add missing translations for alpha validators by @​shindonghwi in go-playground/validator#1510
• fix: resolve panic when using aliases with OR operator by @​shindonghwi in go-playground/validator#1507
• fix: resolve panic when using cross-field validators with ValidateMap by @​shindonghwi in go-playground/validator#1508

New Contributors

• @​minoritea made their first contribution in go-playground/validator#1509
• @​shindonghwi made their first contribution in go-playground/validator#1510

Full Changelog: go-playground/validator@v10.29.0...v10.30.0

Commits

• 5010f83 Fix 1513 update ISO 3166-2 codes (#1514)
• e8627a1 fix: Revert min limit of e164 regex (#1516)
• 65b1bcc Feat: uds_exists validator (#1482)
• e9b900c fix: resolve panic when using cross-field validators with ValidateMap (#1508)
• 7aba81c fix: resolve panic when using aliases with OR operator (#1507)
• 4d600be fix: add missing translations for alpha validators (#1510)
• b0e4ba2 docs: document omitzero (#1509)
• 79fba72 Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 (#1505)
• c3c9084 Bump golang.org/x/crypto from 0.45.0 to 0.46.0 (#1504)
• See full diff in compare view

Updates github.com/opensearch-project/opensearch-go/v4 from 4.5.0 to 4.6.0

Release notes

Sourced from github.com/opensearch-project/opensearch-go/v4's releases.

v4.6.0

What's Changed

• Preparing for next developer iteration by @​Jakob3xD in opensearch-project/opensearch-go#708
• Add support for Opensearch 3.0 by @​Jakob3xD in opensearch-project/opensearch-go#709
• Bump github.com/aws/aws-sdk-go-v2/config from 1.29.14 to 1.29.15 by @​dependabot[bot] in opensearch-project/opensearch-go#707
• Bump github.com/aws/aws-sdk-go-v2 from 1.36.4 to 1.36.5 by @​dependabot[bot] in opensearch-project/opensearch-go#710
• Bump github.com/aws/aws-sdk-go-v2/config from 1.29.16 to 1.29.17 by @​dependabot[bot] in opensearch-project/opensearch-go#711
• Update SuggestOptions in the SearchResp struct to include all the fields for suggesters by @​tejaboppana in opensearch-project/opensearch-go#713
• Bump github.com/aws/aws-sdk-go-v2 from 1.36.5 to 1.38.0 by @​dependabot[bot] in opensearch-project/opensearch-go#720
• Bump github.com/aws/aws-sdk-go-v2/config from 1.29.17 to 1.31.0 by @​dependabot[bot] in opensearch-project/opensearch-go#719
• Bump github.com/aws/aws-sdk-go-v2/config from 1.31.0 to 1.31.6 by @​dependabot[bot] in opensearch-project/opensearch-go#730
• Bump github.com/aws/aws-sdk-go-v2/config from 1.31.6 to 1.31.12 by @​dependabot[bot] in opensearch-project/opensearch-go#737
• Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @​dependabot[bot] in opensearch-project/opensearch-go#728
• Bump lycheeverse/lychee-action from 1.9.3 to 2.0.2 in /.github/workflows by @​dependabot[bot] in opensearch-project/opensearch-go#727
• Allow users to override signing port by @​ChronosMasterOfAllTime in opensearch-project/opensearch-go#721
• chore(build): upgrade Go to v1.24 + replace golang.org/x/exp/slices usage with standard lib's by @​hainenber in opensearch-project/opensearch-go#674
• Add phase_took feature to Search API by @​ForeverSRC in opensearch-project/opensearch-go#722
• Update golangci-lint and fix complains by @​Jakob3xD in opensearch-project/opensearch-go#740
• Stepping down from maintainers. by @​dblock in opensearch-project/opensearch-go#741
• Add action to refresh search analyzers to ISM plugin client by @​ste93cry in opensearch-project/opensearch-go#686
• Fix missing "caused by" information in StructError (#751) by @​carlisgg in opensearch-project/opensearch-go#752
• fix: add missing ignore_unavailable param to multi-search API by @​iamrajiv in opensearch-project/opensearch-go#757
• Update workflows by @​Jakob3xD in opensearch-project/opensearch-go#760
• Bump github.com/aws/aws-sdk-go-v2 from 1.39.2 to 1.41.0 by @​dependabot[bot] in opensearch-project/opensearch-go#759
• Bump github.com/aws/aws-sdk-go from 1.55.7 to 1.55.8 by @​dependabot[bot] in opensearch-project/opensearch-go#716
• Bump github.com/aws/aws-sdk-go-v2/config from 1.31.12 to 1.32.5 by @​dependabot[bot] in opensearch-project/opensearch-go#761
• Add missing Get field in UpdateResp struct by @​raccone in opensearch-project/opensearch-go#739
• prepare 4.6.0 release by @​Jakob3xD in opensearch-project/opensearch-go#762

New Contributors

• @​tejaboppana made their first contribution in opensearch-project/opensearch-go#713
• @​ChronosMasterOfAllTime made their first contribution in opensearch-project/opensearch-go#721
• @​hainenber made their first contribution in opensearch-project/opensearch-go#674
• @​ForeverSRC made their first contribution in opensearch-project/opensearch-go#722
• @​ste93cry made their first contribution in opensearch-project/opensearch-go#686
• @​carlisgg made their first contribution in opensearch-project/opensearch-go#752
• @​iamrajiv made their first contribution in opensearch-project/opensearch-go#757
• @​raccone made their first contribution in opensearch-project/opensearch-go#739

Full Changelog: opensearch-project/opensearch-go@v4.5.0...v4.6.0

Changelog

Sourced from github.com/opensearch-project/opensearch-go/v4's changelog.

[4.6.0]

Dependencies

• Bump github.com/aws/aws-sdk-go-v2/config from 1.29.14 to 1.32.5 (#707, #711, #719, #730, #737, #761)
• Bump github.com/aws/aws-sdk-go-v2 from 1.36.4 to 1.41.0 (#710, #720, #759)
• Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#728)
• Bump github.com/aws/aws-sdk-go from 1.55.7 to 1.55.8 (#716)

Added

• Adds new fields for Opensearch 3.0 (#702)
• Allow users to override signing port (#721)
• Add phase_took features supported from OpenSearch 2.12 (#722)
• Adds the action to refresh the search analyzers to the ISM plugin (#686)

Changed

• Test against Opensearch 3.0 (#702)
• Add more SuggestOptions to SearchResp (#713)
• Updates Go version to 1.24 (#674)
• Replace golang.org/x/exp/slices usage with built-in slices (#674)
• Update golangci-linter to 1.64.8 (#740)
• Change MaxScore to pointer (#740)
• Update workflow action (#760)
• Migrate to golangci-lint v2 (#760)

Deprecated

Removed

Fixed

• Missing "caused by" information in StructError (#752)
• Add missing ignore_unavailable, allow_no_indices, and expand_wildcards params to MSearch (#757)
• Fix UpdateResp to correctly parse the get field when _source is requested in update operations. (#739)

Security

Commits

• 3fef39d prepare 4.6.0 release (#762)
• 48eb43b Fix UpdateResp to parse get field when _source is requested (#739)
• fd8d553 Bump github.com/aws/aws-sdk-go-v2/config from 1.31.12 to 1.32.5 (#761)
• f41ec7f Bump github.com/aws/aws-sdk-go from 1.55.7 to 1.55.8 (#716)
• 1cfd29e Bump github.com/aws/aws-sdk-go-v2 from 1.39.2 to 1.41.0 (#759)
• 99b07f3 Update workflows (#760)
• 5a6718e fix: add missing ignore_unavailable param to multi-search API (#757)
• c801c69 Fix missing "caused by" information in StructError (#752)
• e31c031 plugins/ism: add refresh_search_analyzers action (#686)
• 4153a4c Stepping down from maintainers. (#741)
• Additional commits viewable in compare view

Updates github.com/go-openapi/spec from 0.22.2 to 0.22.3

Release notes

Sourced from github.com/go-openapi/spec's releases.

v0.22.3

0.22.3 - 2025-12-24

Full Changelog: go-openapi/spec@v0.22.2...v0.22.3

1 commits in this release.

---

Fixed bugs

• fix: fixed key escaping in OrderedItems marshaling by @​fredbi in #246 ...

---

People who contributed to this release

• @​fredbi

---

spec license terms

Commits

• 3b2ff60 fix: fixed key escaping in OrderedItems marshaling
• 90efd45 doc: updated contributors file
• e64b092 doc: announced new discord channel
• 32a252c build(deps): bump the development-dependencies group with 7 updates
• 1beb4f3 doc: fixed wrong links in docs
• b3b30bf ci: remove redundant release workflow
• ddeeaf8 doc: updated contributors file
• See full diff in compare view

Updates github.com/goccy/go-yaml from 1.19.0 to 1.19.1

Release notes

Sourced from github.com/goccy/go-yaml's releases.

1.19.1

What's Changed

• Fix decoding of integer keys of map type by @​goccy in goccy/go-yaml#829
• Support line comment for flow sequence or flow map by @​goccy in goccy/go-yaml#834

Full Changelog: goccy/go-yaml@v1.19.0...v1.19.1

Commits

• b0ab069 Support line comment for flow sequence or flow map (#834)
• 9e98b0c Fix decoding of integer keys of map type (#829)
• See full diff in compare view

Updates github.com/jackc/pgx/v5 from 5.7.6 to 5.8.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.8.0 (December 26, 2025)

• Require Go 1.24+
• Remove golang.org/x/crypto dependency
• Add OptionShouldPing to control ResetSession ping behavior (ilyam8)
• Fix: Avoid overflow when MaxConns is set to MaxInt32
• Fix: Close batch pipeline after a query error (Anthonin Bonnefoy)
• Faster shutdown of pgxpool.Pool background goroutines (Blake Gentry)
• Add pgxpool ping timeout (Amirsalar Safaei)
• Fix: Rows.FieldDescriptions for empty query
• Scan unknown types into *any as string or []byte based on format code
• Optimize pgtype.Numeric (Philip Dubé)
• Add AfterNetConnect hook to pgconn.Config
• Fix: Handle for preparing statements that fail during the Describe phase
• Fix overflow in numeric scanning (Ilia Demianenko)
• Fix: json/jsonb sql.Scanner source type is []byte
• Migrate from math/rand to math/rand/v2 (Mathias Bogaert)
• Optimize internal iobufpool (Mathias Bogaert)
• Optimize stmtcache invalidation (Mathias Bogaert)
• Fix: missing error case in interval parsing (Maxime Soulé)
• Fix: invalidate statement/description cache in Exec (James Hartig)
• ColumnTypeLength method return the type length for varbit type (DengChan)
• Array and Composite codecs handle typed nils

Commits

• fe8740a Release v5.8.0
• e5dde5a Skip test on CockroachDB
• 06f2d82 Remove trailing space
• 2cf78dd Merge pull request #2448 from DengChan/column_type_lenth_varbit
• 2d1c4ef Skip tests on CockroachDB
• 1a5fa7f Array and Composite codecs handle typed nils
• 5736d09 ColumnTypeLength method return the type length for varbit type.
• 4c1308c Revert "stdlib matches native pgx scanning support"
• 14ce2b7 Skip test on CockroachDB
• 65b2724 Merge pull request #2443 from jameshartig/x-invalidate-cache-in-exec
• Additional commits viewable in compare view

Updates github.com/moby/go-archive from 0.1.0 to 0.2.0

Release notes

Sourced from github.com/moby/go-archive's releases.

v0.2.0

What's Changed

• remove aliases for deprecated types and functions moby/go-archive#10
• chrootarchive: remove redundant "init" mitigation for CVE-2019-14271 moby/go-archive#11
• xattr: Fix OS matching moby/go-archive#20
• TestOverlayTarUntar: remove redundant cmpopts.EquateEmpty moby/go-archive#9
• go.mod: bump github.com/klauspost/compress v1.18.2 moby/go-archive#19
• gha: update actions moby/go-archive#18

Full Changelog: moby/go-archive@v0.1.0...v0.2.0

Commits

• 263611f Merge pull request #20 from thaJeztah/carry_17
• a1d4e73 Merge pull request #18 from thaJeztah/bump_gha
• da4e566 xattr: Fix OS matching.
• df87f45 Merge pull request #19 from thaJeztah/bump_deps
• 8996f22 gha: update CodeQL Action to v4
• 985c60f gha: codeql: use go stable
• 4752b25 gha: update actions/setup-go@v6
• 280f775 gha: update actions/checkout@v6
• 4c912d3 gha: update golangci/golangci-lint-action@v9
• 2cd730e go.mod: bump github.com/klauspost/compress v1.18.2
• Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.57.1 to 0.58.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.58.0

This release optimizes the QUIC handshake:

• Multiple incoming packets are now processed before sending an acknowledgment, reducing the total number of packets sent: #5451
• ACK frames are now packed into coalesced packets, reducing the need to send a separate packet just for the ACK in many cases: #5477
• When packets are buffered during the handshake, this now doesn't lead to inflated RTT measurements anymore: #5493, #5494

Other notable changes

• quic-go now has a new logo: #5484
• ACK frames can now be encoded with up to 64 ranges (previously: 32): #5476
• Serializing ACK frames is now significantly faster: #5476
• Improved batch packet processing logic: #5478
• qlog: added support for the datagram_id on packet_sent, packet_received and packet_buffered events, using the CRC32 of the packet

Changelog

• qlog: add a DebugEvent by @​marten-seemann in quic-go/quic-go#5456
• qlog the datagram_id for long header and coalesced packets by @​marten-seemann in quic-go/quic-go#5455
• build(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in quic-go/quic-go#5458
• handshake: pass cipherSuite by value instead of pointer by @​marten-seemann in quic-go/quic-go#5459
• handshake: add a benchmark for token decoding by @​marten-seemann in quic-go/quic-go#5460
• use synctest in the session resumption test by @​marten-seemann in quic-go/quic-go#5424
• handshake: fix QUIC events with session tickets disabled on Go 1.26 by @​marten-seemann in quic-go/quic-go#5462
• fix flaky TestConnectionCongestionControl by @​Copilot in quic-go/quic-go#5467
• simnet: move latency configuration to Router, simplify queueing logic by @​marten-seemann in quic-go/quic-go#5463
• use synctest for the RTT and reordering tests by @​marten-seemann in quic-go/quic-go#5464
• use synctest for 0-RTT integration tests by @​marten-seemann in quic-go/quic-go#5465
• allow processing of multiple packets before handshake completion by @​marten-seemann in quic-go/quic-go#5451
• ackhandler: disentangle ReceivedPacketHandler and SentPacketHandler by @​marten-seemann in quic-go/quic-go#5469
• refactor connection tests to remove ReceivedPacketHandler mock by @​marten-seemann in quic-go/quic-go#5468
• ackhandler: remove ReceivedPacketHandler interface, use struct directly by @​marten-seemann in quic-go/quic-go#5472
• wire: add a function to trunctate an ACK frame by @​marten-seemann in quic-go/quic-go#5476
• allow packing of ACKs in coalesced packets by @​marten-seemann in quic-go/quic-go#5477
• improve batch packet processing logic by @​marten-seemann in quic-go/quic-go#5478
• build(deps): bump actions/cache from 4 to 5 by @​dependabot[bot] in quic-go/quic-go#5482
• build(deps): bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in quic-go/quic-go#5483
• update the logo by @​marten-seemann in quic-go/quic-go#5484
• ci: add Go 1.26rc1 to tested Go versions by @​marten-seemann in quic-go/quic-go#5486
• utils: make TestAddTimestamp work in all time zones by @​marten-seemann in quic-go/quic-go#5492
• ackhandler: record RTT measurements for non-ack-eliciting packets by @​marten-seemann in quic-go/quic-go#5494
• ackhandler: only generate RTT sample for the last ack-eliciting packet by @​marten-seemann in quic-go/quic-go#5493

Full Changelog: quic-go/quic-go@v0.57.0...v0.58.0

Commits

• 96b8144 ackhandler: only generate RTT sample for the last ack-eliciting packet (#5493)
• db87809 ackhandler: record RTT measurements for non-ack-eliciting packets (#5494)
• 3c577ff utils: make TestAddTimestamp work in all time zones (#5492)
• ef7fbab ci: add Go 1.26rc1 to tested Go versions (#5486)
• c3fa789 update the logo (#5484)
• 0eec64b ci: bump actions/upload-artifact from 5 to 6 (#5483)
• 449162a ci: bump actions/cache from 4 to 5 (#5482)
• add7529 improve batch packet processing logic (#5478)
• bbcc555 allow packing of ACKs in coalesced packets (#5477)
• 6bf4231 wire: add a function to trunctate an ACK frame to a given size (#5476)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[greenbonebot]

Scanning the following files:

go.mod
go.sum

Scan: 'go.mod'

Nothing detected in go.mod
Scan took 0.00 seconds

Scan: 'go.sum'

Nothing detected in go.sum
Scan took 0.00 seconds

[github-actions]

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.66%. Comparing base (578bab4) to head (d15534c).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #276       +/-   ##
===========================================
- Coverage   94.01%   57.66%   -36.36%     
===========================================
  Files           5       69       +64     
  Lines         501     3812     +3311     
===========================================
+ Hits          471     2198     +1727     
- Misses         20     1433     +1413     
- Partials       10      181      +171     

Flag	Coverage Δ
opensearch-tests	95.66% <ø> (ø)
postgres-tests	91.96% <ø> (ø)
unit-tests	52.15% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.