build(deps): bump the go-dev-dependencies group with 8 updates

[dependabot]

Bumps the go-dev-dependencies group with 8 updates:

Package	From	To
github.com/lib/pq	1.11.1	1.11.2
golang.org/x/crypto	0.47.0	0.48.0
github.com/klauspost/compress	1.18.3	1.18.4
github.com/mattn/go-sqlite3	1.14.33	1.14.34
golang.org/x/mod	0.32.0	0.33.0
golang.org/x/net	0.49.0	0.50.0
golang.org/x/text	0.33.0	0.34.0
golang.org/x/tools	0.41.0	0.42.0

Updates github.com/lib/pq from 1.11.1 to 1.11.2

Release notes

Sourced from github.com/lib/pq's releases.

v1.11.2

This fixes two regressions:

• Don't send startup parameters if there is no value, improving compatibility with Supavisor (#1260).

• Don't send dbname as a startup parameter if database=[..] is used in the connection string. It's recommended to use dbname=, as database= is not a libpq option, and only worked by accident previously. (#1261)

#1260: lib/pq#1260 #1261: lib/pq#1261

Changelog

Sourced from github.com/lib/pq's changelog.

v1.11.2 (2025-02-10)

This fixes two regressions:

• Don't send startup parameters if there is no value, improving compatibility with Supavisor (#1260).

• Don't send dbname as a startup parameter if database=[..] is used in the connection string. It's recommended to use dbname=, as database= is not a libpq option, and only worked by accident previously. (#1261)

#1260: lib/pq#1260 #1261: lib/pq#1261

Commits

• 1412805 Don't send empty startup parameters
• 0c529db Don't send dbname= as a startup parameter when database= is used
• See full diff in compare view

Updates golang.org/x/crypto from 0.47.0 to 0.48.0

Commits

• e08b067 go.mod: update golang.org/x dependencies
• 7d0074c scrypt: fix panic on parameters <= 0
• See full diff in compare view

Updates github.com/klauspost/compress from 1.18.3 to 1.18.4

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.4

What's Changed

• gzhttp: Add zstandard to server handler wrapper by @​klauspost in klauspost/compress#1121
• zstd: Add ResetWithOptions to encoder/decoder by @​klauspost in klauspost/compress#1122
• gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @​analytically in klauspost/compress#1116

New Contributors

• @​analytically made their first contribution in klauspost/compress#1116
• @​ethaizone made their first contribution in klauspost/compress#1124
• @​zwass made their first contribution in klauspost/compress#1125

Full Changelog: klauspost/compress@v1.18.2...v1.18.4

Commits

• c03560f zstd: Add ResetWithOptions to encoder/decoder (#1122)
• 0874ab8 build(deps): bump the github-actions group with 3 updates (#1126)
• 4a36836 doc: Clarify documentation in readme (#1125)
• 4309644 zstd: document concurrency option handling in encoder (#1124)
• c262ec6 Update README.md
• 861ca97 Downstream CVE-2025-61728 (#1123)
• 03de960 gzhttp: Add zstandard to server handler wrapper (#1121)
• bb1ab3b build(deps): bump the github-actions group with 2 updates (#1120)
• 986a51e fix(gzhttp): preserve qvalue when extra parameters follow in Accept-Encoding ...
• fbe3b12 build(deps): bump the github-actions group with 3 updates (#1118)
• Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.33 to 1.14.34

Commits

• 2087331 add script to create pull-request
• a510883 Upgrade SQLite to version 3051002
• dce6b34 Add percentile extension
• See full diff in compare view

Updates golang.org/x/mod from 0.32.0 to 0.33.0

Commits

• 27761a2 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates golang.org/x/net from 0.49.0 to 0.50.0

Commits

• ebddb99 go.mod: update golang.org/x dependencies
• 4a490d4 internal/http3: add Expect: 100-continue support to ClientConn
• 73fe701 internal/http3: add Expect: 100-continue support to Server
• af0c9df html: add NodeType.String() method
• e02fb33 internal/http3: make responseWriter.Flush write headers if not done yet
• da558ff internal/http3: ensure bodyReader cannot be read after being closed
• d7c76fa internal/http3: make responseWriter behave closer to other http.ResponseWriter
• 64b3af9 http2: prevent transport deadlock due to WINDOW_UPDATE that exceeds limit
• 1973e8d internal/http3: add Server support for handling HEAD requests
• 57ea86d icmp, internal/socket, ipv4, ipv6: use binary.NativeEndian
• Additional commits viewable in compare view

Updates golang.org/x/text from 0.33.0 to 0.34.0

Commits

• 817fba9 go.mod: update golang.org/x dependencies
• 3264de9 all: clean up old Go hacks
• 74af298 all: fix tags in remaining Unicode tables
• 117e03b all: delete old Unicode tables
• 9463ea4 all: update to Unicode 17
• 7278b25 internal/export/idna: update for post-Unicode 10 idna changes
• f964ad8 internal/export/idna: delete old code
• 678d34e unicode/norm: preserve QC Maybe bit in packed forminfo
• See full diff in compare view

Updates golang.org/x/tools from 0.41.0 to 0.42.0

Commits

• 009367f go.mod: update golang.org/x dependencies
• 2182926 go/ast/inspector: add Cursor.ParentEdge{Kind,Index} methods
• 27020ac internal/server: add module upgrade pathway after vulncheck scanning
• c4ec0f5 internal/server: list vulnerabilities within vulncheck prompt
• 80d1715 gopls/internal/protocol: add document uri field type
• 0e23509 gopls/doc: update link to Acme LSP plugin
• 7b3ed75 gopls/internal/server: respect SemanticTokens option during initialization
• fddd4a6 gopls/filecache: prevent premature CAS file eviction
• e3a69ff gopls/internal/golang: refactor.inline.variable: add parens
• 955d132 gopls/internal/golang: migrate pkgdoc to cursor
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ❌ 5 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 490f788.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

Package	Version	License	Issue Type
golang.org/x/crypto	0.48.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
golang.org/x/mod	0.33.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
golang.org/x/net	0.50.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
golang.org/x/text	0.34.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
golang.org/x/tools	0.42.0	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang	Incompatible License
github.com/klauspost/compress	1.18.4	Null	Unknown License

Allowed Licenses:

0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, bzip2-1.0.6, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/klauspost/compress	1.18.4	🟢 6.9	Details Check Score Reason Code-Review 🟢 3 Found 7/21 approved changesets -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 12 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 License 🟢 9 license file detected Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST 🟢 10 SAST tool is run on all commits
gomod/github.com/lib/pq	1.11.2	🟢 4.6	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 1 Found 4/23 approved changesets -- score normalized to 1 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Vulnerabilities ⚠️ 0 15 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/mattn/go-sqlite3	1.14.34	🟢 5.3	Details Check Score Reason Code-Review 🟢 4 Found 8/19 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 9 7 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 9 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/golang.org/x/crypto	0.48.0	Unknown	Unknown
gomod/golang.org/x/mod	0.33.0	Unknown	Unknown
gomod/golang.org/x/net	0.50.0	Unknown	Unknown
gomod/golang.org/x/text	0.34.0	Unknown	Unknown
gomod/golang.org/x/tools	0.42.0	Unknown	Unknown

Scanned Files

• go.mod

[github-actions]

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.71%. Comparing base (3321682) to head (490f788).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #288   +/-   ##
=======================================
  Coverage   57.71%   57.71%           
=======================================
  Files          69       69           
  Lines        3862     3862           
=======================================
  Hits         2229     2229           
  Misses       1445     1445           
  Partials      188      188           

Flag	Coverage Δ
opensearch-tests	95.66% <ø> (ø)
postgres-tests	91.96% <ø> (ø)
unit-tests	52.30% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.