build(deps): bump the go-dev-dependencies group with 5 updates

[dependabot]

Bumps the go-dev-dependencies group with 5 updates:

Package	From	To
github.com/lib/pq	1.11.2	1.12.0
github.com/bytedance/gopkg	0.1.3	0.1.4
github.com/jackc/pgx/v5	5.8.0	5.9.1
github.com/klauspost/compress	1.18.4	1.18.5
github.com/mattn/go-sqlite3	1.14.34	1.14.37

Updates github.com/lib/pq from 1.11.2 to 1.12.0

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.0

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

  pqErr := pq.As(err, pqerror.UniqueViolation)
  if pqErr != nil {
      log.Fatalf("email %q already exsts", email)
  }
  

Fixes

• Fix SSL key permission check to allow modes stricter than 0600/0640 (#1265).

• Fix Hstore to work with binary parameters (#1278).

• Clearer error when starting a new query while pq is still processing another query (#1272).

• Send intermediate CAs with client certificates, so they can be signed by an intermediate CA (#1267).

• Use time.UTC for UTC aliases such as Etc/UTC (#1283).

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.0 (2026-03-18)

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/master/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

  pqErr := pq.As(err, pqerror.UniqueViolation)
  if pqErr != nil {
      log.Fatalf("email %q already exsts", email)
  }
  

Fixes

• Fix SSL key permission check to allow modes stricter than 0600/06400600 (#1265).

• Fix Hstore to work with binary parameters (#1278).

... (truncated)

Commits

• 42ab0ff Change default sslmode from "require" to "prefer"
• 6d40f13 Release v1.12.0
• 386fc0e Document NULL behaviour with COPY
• a62682e Better staticcheck cache 2
• 87ee06c Better staticcheck cache
• 0962458 Rewrite tests to use pqerror, pq.As()
• 0d20981 Don't move pq.Error to pqerror.Error
• 4332138 Add pqerror package
• 620d6d5 Make tests run faster
• dc8ff5d Implement connection service file
• Additional commits viewable in compare view

Updates github.com/bytedance/gopkg from 0.1.3 to 0.1.4

Release notes

Sourced from github.com/bytedance/gopkg's releases.

v0.1.4

What's Changed

• fix(lang/dirtmake): compat with tinygo by @​xiaost in bytedance/gopkg#253
• feat(circuitbreaker): cleanup breakers with no samples to prevent memory leak by @​PureWhiteWu in bytedance/gopkg#254
• fix: typos/grammar, and zset perf by @​xiaost in bytedance/gopkg#255
• chore: update code owners by @​JasonChen233 in bytedance/gopkg#257
• chore(README): updated to reflect current status by @​xiaost in bytedance/gopkg#258
• chore: update codeowners by @​xiaost in bytedance/gopkg#261
• refactor: clean up dependencies by @​xiaost in bytedance/gopkg#262

New Contributors

• @​JasonChen233 made their first contribution in bytedance/gopkg#257

Full Changelog: bytedance/gopkg@v0.1.3...v0.1.4

Commits

• 165f9e4 refactor: clean up dependencies (#262)
• 0ce263f chore: update codeowners (#261)
• a67f08b chore(README): updated to reflect current status (#258)
• b17afc1 chore: update code owners (#257)
• cf44e97 fix: typos/grammar, and zset perf (#255)
• bc92114 Merge pull request #254 from bytedance/feat/cb_cleanup
• 25d1017 feat(circuitbreaker): cleanup breakers with no samples to prevent memory leak
• d6627d3 fix(lang/dirtmake): compat with tinygo (#253)
• See full diff in compare view

Updates github.com/jackc/pgx/v5 from 5.8.0 to 5.9.1

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.1 (March 22, 2026)

• Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

• Require Go 1.25+
• Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
• Add OAuth authentication support for PostgreSQL 18 (David Schneider)
• Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
• Add tsvector type support (Adam Brightwell)
• Skip Describe Portal for cached prepared statements reducing network round trips
• Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
• Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
• Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
• Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
• Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
• Make RowsAffected faster (Abhishek Chanda)
• Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
• Fix: ContextWatcher goroutine leak (Hank Donnay)
• Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)
• Fix: pipelineBatchResults.Exec silently swallowing lastRows error
• Fix: ColumnTypeLength using BPCharArrayOID instead of BPCharOID
• Fix: TSVector text encoding returning nil for valid empty tsvector
• Fix: wrong error messages for Int2 and Int4 underflow
• Fix: Numeric nil Int pointer dereference with Valid: true
• Fix: reversed strings.ContainsAny arguments in Numeric.ScanScientific
• Fix: message length parsing on 32-bit platforms
• Fix: FunctionCallResponse.Decode mishandling of signed result size
• Fix: returning wrong error in configTLS when DecryptPEMBlock fails (Maxim Motyshen)
• Fix: misleading ParseConfig error when default_query_exec_mode is invalid (Skarm)
• Fix: missed Unwatch in Pipeline error paths
• Clarify too many failed acquire attempts error message
• Better error wrapping with context and SQL statement (Aneesh Makala)
• Enable govet and ineffassign linters (Federico Guerinoni)
• Guard against various malformed binary messages (arrays, hstore, multirange, protocol messages)
• Fix various godoc comments (ferhat elmas)
• Fix typos in comments (Oleksandr Redko)

Commits

• 4e4eaed Release v5.9.1
• 6273188 Fix batch result format corruption when using cached prepared statements
• f7b90c2 Merge pull request #2524 from dbussink/pipeline-result-format-reuse
• 3ce6d75 Add failing test: batch scan corrupted in cache_statement mode
• b4d8e62 Release v5.9.0
• c227cd4 Bump minimum Go version from 1.24 to 1.25
• f492c14 Use reflect.TypeFor instead of reflect.TypeOf for static types
• ad8fb08 Use sync.WaitGroup.Go to simplify goroutine spawning
• 3033773 Remove go1.26 build tag from synctest test
• 83ffb3c Validate multirange element count against source length before allocating
• Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.18.4 to 1.18.5

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.5

What's Changed

• zstd: Fix crash when changing encoder dictionary with same ID by @​klauspost in klauspost/compress#1135
• zstd: Default to full zero frames by @​klauspost in klauspost/compress#1134
• flate: Clean up histogram order by @​klauspost in klauspost/compress#1133

Full Changelog: klauspost/compress@v1.18.4...v1.18.5

Commits

• c5e0077 zstd: Fix encoder changing dictionary with same ID (#1135)
• fd3f23e zstd: Default to full zero frames (#1134)
• 8233c58 flate: Clean up histogram order (#1133)
• bcf0d12 build(deps): bump the github-actions group with 3 updates (#1132)
• cf758fe ci: Upgrade Go versions, clean up (#1130)
• 77cc520 Add v1.18.4
• See full diff in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.34 to 1.14.37

Commits

• bb8d0b2 Bump Go test matrix versions from 1.23-1.25 to 1.24-1.26
• bc7436e Bump GitHub Actions versions to latest
• 0f12d4e Ensure Close always removes runtime finalizer to prevent memory leak
• d71eda8 Fix upgrade.sh: add already-up-to-date check and fix changelog URL format
• 4ea2a9f Upgrade SQLite to version 3051003
• 8c99a68 Call sqlite3_clear_bindings() in bind() to reset parameters
• 5a1f4d3 use unsafe.Slice
• 8366a00 create pull-request
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 5 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA c8af7cc.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/bytedance/gopkg	0.1.4	Null	Unknown License
github.com/jackc/pgx/v5	5.9.1	Null	Unknown License
github.com/klauspost/compress	1.18.5	Null	Unknown License
github.com/lib/pq	1.12.0	Null	Unknown License
github.com/mattn/go-sqlite3	1.14.37	Null	Unknown License

Allowed Licenses:

0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, bzip2-1.0.6, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/bytedance/gopkg	0.1.4	Unknown	Unknown
gomod/github.com/jackc/pgx/v5	5.9.1	Unknown	Unknown
gomod/github.com/klauspost/compress	1.18.5	Unknown	Unknown
gomod/github.com/lib/pq	1.12.0	Unknown	Unknown
gomod/github.com/mattn/go-sqlite3	1.14.37	Unknown	Unknown

Scanned Files

• go.mod

[github-actions]

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.23%. Comparing base (03b9016) to head (c8af7cc).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #298   +/-   ##
=======================================
  Coverage   57.23%   57.23%           
=======================================
  Files          70       70           
  Lines        3945     3945           
=======================================
  Hits         2258     2258           
  Misses       1491     1491           
  Partials      196      196           

Flag	Coverage Δ
opensearch-tests	95.68% <ø> (ø)
postgres-tests	92.03% <ø> (ø)
unit-tests	51.84% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.