fix(deps): bump the external group across 1 directory with 24 updates

[dependabot]

Bumps the external group with 17 updates in the /service directory:

Package	From	To
buf.build/go/protovalidate	1.0.0	1.2.0
github.com/casbin/casbin/v2	2.108.0	2.135.0
github.com/eko/gocache/lib/v4	4.2.0	4.2.3
github.com/fsnotify/fsnotify	1.9.0	1.10.1
github.com/go-chi/cors	1.2.1	1.2.2
github.com/go-playground/validator/v10	10.26.0	10.30.3
github.com/go-viper/mapstructure/v2	2.4.0	2.5.0
github.com/jackc/pgx/v5	5.9.2	5.10.0
github.com/lib/pq	1.10.9	1.12.3
github.com/mattn/go-sqlite3	1.14.29	1.14.45
github.com/open-policy-agent/opa	1.5.1	1.17.1
go.opentelemetry.io/otel	1.43.0	1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	1.43.0	1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	1.43.0	1.44.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	1.42.0	1.44.0
github.com/go-ldap/ldap/v3	3.4.12	3.4.13
golang.org/x/text	0.37.0	0.38.0

Updates buf.build/go/protovalidate from 1.0.0 to 1.2.0

Release notes

Sourced from buf.build/go/protovalidate's releases.

v1.2.0

This release is compatible with the v1.2.0 release of Protovalidate.

What's Changed

• Bump protovalidate to 1.2.0 by @​srikrsna-buf in bufbuild/protovalidate-go#314

New Contributors

• @​AdrienVannson made their first contribution in bufbuild/protovalidate-go#315

Full Changelog: bufbuild/protovalidate-go@v1.1.3...v1.2.0

v1.1.3

What's Changed

• Fix a few godoc comments and update golangci-lint by @​pkwarren in bufbuild/protovalidate-go#306
• Bump the go group across 1 directory with 2 updates by @​dependabot[bot] in bufbuild/protovalidate-go#308
• Fix registry chain for pb.Map in NativeToValue by @​rodaine in bufbuild/protovalidate-go#309

Full Changelog: bufbuild/protovalidate-go@v1.1.2...v1.1.3

v1.1.2

What's Changed

• Fix base type adapter missing builtin types by @​rodaine in bufbuild/protovalidate-go#305

Full Changelog: bufbuild/protovalidate-go@v1.1.1...v1.1.2

v1.1.1

This release is compatible with the v1.1.0 release of Protovalidate.

What's Changed

• Always provide all available variables by @​srikrsna-buf in bufbuild/protovalidate-go#297
• Wrap protoreflect.Map with type information so we don't need to cast to map[any]any by @​rodaine in bufbuild/protovalidate-go#300
• Avoid heap escape on kvPairs evaluation by @​rodaine in bufbuild/protovalidate-go#301
• Implement registry chaining for CEL type isolation by @​rodaine in bufbuild/protovalidate-go#302

Full Changelog: bufbuild/protovalidate-go@v1.1.0...v1.1.1

v1.1.0

This release is compatible with the v1.1.0 release of Protovalidate.

What's Changed

• Improve ValidationError strings by @​bufdev in bufbuild/protovalidate-go#291
• Make it so that you can define expression-only rules by @​bufdev in bufbuild/protovalidate-go#288
• Fix field paths for groups by @​timostamm in bufbuild/protovalidate-go#292
• Update protovalidate by @​srikrsna-buf in bufbuild/protovalidate-go#293

... (truncated)

Commits

• 50eb290 Add release.yml (#315)
• 27c1667 Bump protovalidate to 1.2.0 (#314)
• 114be76 Pin buf version to 1.67.0 (#313)
• eb2c16f Bump github.com/google/cel-go from 0.27.0 to 0.28.0 in the go group (#312)
• 85e074d Update license year for 2026 (#311)
• 61167be Fix registry chain for pb.Map in NativeToValue (#309)
• 58d9ffb Bump the go group across 1 directory with 2 updates (#308)
• 89a14f7 Fix a few godoc comments and update golangci-lint (#306)
• e666f1a Fix base type adapter missing builtin types (#305)
• 3707b74 Implement registry chaining for CEL type isolation (#302)
• Additional commits viewable in compare view

Updates github.com/casbin/casbin/v2 from 2.108.0 to 2.135.0

Release notes

Sourced from github.com/casbin/casbin/v2's releases.

v2.135.0

2.135.0 (2025-12-09)

Features

• remove Travis script and issue templates (5fc9fd8)

v2.134.0

2.134.0 (2025-11-14)

Features

• fix inconsistent backslash handling between matcher literals and CSV-parsed values (#1577) (5d3134d)

v2.133.0

2.133.0 (2025-11-14)

Features

• fix stale g() function cache in BuildRoleLinks causing incorrect permissions (#1580) (0a13664)

v2.132.0

2.132.0 (2025-11-04)

Features

• improve README (4b6c4c8)

v2.131.0

2.131.0 (2025-11-02)

Features

• fix EscapeAssertion (matcher) incorrectly matching p./r. patterns inside quoted strings (#1572) (1eef59a)

v2.130.0

2.130.0 (2025-11-01)

Features

• fix duplicate CI workflow runs and optimize to test only Go 1.21 (#1571) (bb1e443)

v2.129.0

2.129.0 (2025-11-01)

... (truncated)

Commits

• 5fc9fd8 feat: remove Travis script and issue templates
• 5d3134d feat: fix inconsistent backslash handling between matcher literals and CSV-pa...
• 0a13664 feat: fix stale g() function cache in BuildRoleLinks causing incorrect permis...
• 4b6c4c8 feat: improve README
• 1eef59a feat: fix EscapeAssertion (matcher) incorrectly matching p./r. patterns insid...
• bb1e443 feat: fix duplicate CI workflow runs and optimize to test only Go 1.21 (#1571)
• 91b9cf2 feat: add OrBAC (Organisation-Based Access Control) model support (#1567)
• 87e9956 feat: add ContextEnforcer: add ctx to AddPolicy and other APIs (#1553)
• 1ef00ac feat: enable concurrent transactions using optimistic locking, versioning and...
• 0c5a574 feat: add PBAC model support and test (#1548)
• Additional commits viewable in compare view

Updates github.com/eko/gocache/lib/v4 from 4.2.0 to 4.2.3

Release notes

Sourced from github.com/eko/gocache/lib/v4's releases.

store/memcache/v4.2.3

What's Changed

• Store memcache: moved from golang/mock to mockery by @​eko in eko/gocache#295

Full Changelog: eko/gocache@lib/v4.2.1...store/memcache/v4.2.3

store/bigcache/v4.2.3

What's Changed

• Hide mock interfaces from users by @​Neo2308 in eko/gocache#296

New Contributors

• @​Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/bigcache/v4.2.3

store/freecache/v4.2.3

What's Changed

• Hide mock interfaces from users by @​Neo2308 in eko/gocache#296

New Contributors

• @​Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/freecache/v4.2.3

store/go_cache/v4.2.3

What's Changed

• Hide mock interfaces from users by @​Neo2308 in eko/gocache#296

New Contributors

• @​Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/go_cache/v4.2.3

lib/v4.2.3

What's Changed

• chore(go-mod): bump outdated dependencies by @​geigerj0 in eko/gocache#300

New Contributors

• @​geigerj0 made their first contribution in eko/gocache#300

Full Changelog: eko/gocache@lib/v4.2.2...lib/v4.2.3

What's Changed

• chore(go-mod): bump outdated dependencies by @​geigerj0 in eko/gocache#300

New Contributors

• @​geigerj0 made their first contribution in eko/gocache#300

Full Changelog: eko/gocache@lib/v4.2.2...lib/v4.2.3

... (truncated)

Commits

• 5654fdf Merge pull request #300 from geigerj0/bump-deps
• 3fabe46 bump all deps
• 7747003 bump deps
• b4334a5 bump deps
• f037427 bump deps
• 003ae39 Merge pull request #296 from Neo2308/feature/master/hide-mock-interfaces
• 42bb50e Rename import to resolve warnings
• 21cb8b5 Added mocks
• c0e14c1 Hide mock interfaces from users
• 277d34a Merge pull request #295 from eko/memcache-mocks
• Additional commits viewable in compare view

Updates github.com/fsnotify/fsnotify from 1.9.0 to 1.10.1

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.10.1

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#754)

• inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

v1.10.0

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.10.1 2026-05-04

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#754)

• inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

1.10.0 2026-04-30

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Commits

• 76b01a6 Release 1.10.1
• fec150b Update changelog
• 162b421 inotify, windows: don't rename sibling watches sharing a path prefix (#755)
• 224257f inotify: don't remove sibling watches sharing a path prefix (#754)
• e0c956c windows: document directory Write events and stabilize tests (#745)
• 8d01d7b Release 1.10.0
• 602284e Update changelog
• 7f03e59 kqueue: skip ENOENT entries in watchDirectoryFiles (#748)
• dab9dde windows: lock watch field updates against concurrent WatchList (#709) (#749)
• eadf267 kqueue: drop watches directly in Close() instead of going through remove() (#...
• Additional commits viewable in compare view

Updates github.com/go-chi/cors from 1.2.1 to 1.2.2

Release notes

Sourced from github.com/go-chi/cors's releases.

v1.2.2

What's Changed

• Update README with install by @​Uyutaka in go-chi/cors#22
• Fix broken credits link by @​lordidiot in go-chi/cors#25
• fix test_default error message #28 by @​ablankz in go-chi/cors#29
• Update Go version in CI by @​VojtechVitek in go-chi/cors#32
• Fix Origin header check by @​c2h5oh in go-chi/cors#38

New Contributors

• @​Uyutaka made their first contribution in go-chi/cors#22
• @​lordidiot made their first contribution in go-chi/cors#25
• @​ablankz made their first contribution in go-chi/cors#29
• @​VojtechVitek made their first contribution in go-chi/cors#32
• @​c2h5oh made their first contribution in go-chi/cors#38

Full Changelog: go-chi/cors@v1.2.1...v1.2.2

Commits

• 3a53812 Fix Origin header check (#38)
• f8fbaee Update Go version in CI (#32)
• b41f767 fix test_default error message #28 (#29)
• 76ca797 Fix broken link (#25)
• 9aca617 Update README with install (#22)
• See full diff in compare view

Updates github.com/go-playground/validator/v10 from 10.26.0 to 10.30.3

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

v10.30.3

What's Changed

• Fix/issue 1550 UUID case insensitive by @​leo-jp-edwards in go-playground/validator#1551
• Feat: Add NoneOf Validation by @​Carmen-Shannon in go-playground/validator#1554
• Add bcp47_strict_language_tag validator by @​bfabio in go-playground/validator#1489
• chore(deps): bump golang.org/x/text from 0.35.0 to 0.36.0 by @​dependabot[bot] in go-playground/validator#1558
• chore(deps): bump golang.org/x/crypto from 0.49.0 to 0.50.0 by @​dependabot[bot] in go-playground/validator#1559
• Add CLAUDE.md with repo guidance for Claude Code by @​deankarn in go-playground/validator#1564
• Reduce build size with dead code elimination by @​zemzale in go-playground/validator#1542
• Refactored out detectFileMIMEType, matchesMIMEType logic for reuse. Added standalone isMIMEType validator for flexibility by @​dapzthelegend in go-playground/validator#1544
• feat(translations): add timezone support for en and ja locales by @​dedyf5 in go-playground/validator#1566
• docs: use errors.As in README and translations example by @​eyupcanakman in go-playground/validator#1563
• docs: fix typos by @​rymiyamoto in go-playground/validator#1568
• feat: add origin validator for web origin URLs by @​ahmedkamalio in go-playground/validator#1565
• fix: reject hostnames with trailing hyphen in RFC 952 validator by @​ahmedkamalio in go-playground/validator#1569
• fix(lint): correctly disable govet inline analyzer & deprecated gomodguard by @​nodivbyzero in go-playground/validator#1574
• chore(deps): bump golang.org/x/text from 0.36.0 to 0.37.0 by @​dependabot[bot] in go-playground/validator#1572
• chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 by @​dependabot[bot] in go-playground/validator#1571
• fix(cron): anchor regex and accept full cron syntax by @​ahmedkamalio in go-playground/validator#1577
• chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 by @​dependabot[bot] in go-playground/validator#1580
• feat: omit blank tag names from namespace by @​abemedia in go-playground/validator#1567
• fix(docs): correct ripemd160 tag name in README validation table by @​napoleonbot in go-playground/validator#1582

New Contributors

• @​leo-jp-edwards made their first contribution in go-playground/validator#1551
• @​Carmen-Shannon made their first contribution in go-playground/validator#1554
• @​dapzthelegend made their first contribution in go-playground/validator#1544
• @​dedyf5 made their first contribution in go-playground/validator#1566
• @​eyupcanakman made their first contribution in go-playground/validator#1563
• @​rymiyamoto made their first contribution in go-playground/validator#1568
• @​abemedia made their first contribution in go-playground/validator#1567
• @​napoleonbot made their first contribution in go-playground/validator#1582

Full Changelog: go-playground/validator@v10.30.2...v10.30.3

v10.30.2

What's Changed

• chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @​dependabot[bot] in go-playground/validator#1523
• feat: add translations for alphaspace and alphanumspace tags in indonesian by @​savioruz in go-playground/validator#1522
• chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @​dependabot[bot] in go-playground/validator#1526
• feat: add cmyk(color) to validator by @​thenicolau in go-playground/validator#1528
• chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 by @​dependabot[bot] in go-playground/validator#1534
• chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @​dependabot[bot] in go-playground/validator#1533
• Go 1.26 support by @​nodivbyzero in go-playground/validator#1535
• fix: prevent panic in unique validation with nil pointer elements by @​nodivbyzero in go-playground/validator#1532
• docs: fix typos by @​alexandear in go-playground/validator#1527
• feat: implement ValidatorValuer interface feature by @​thommeo in go-playground/validator#1416
• docs: add Valuer interface documentation and example by @​wofiporia in go-playground/validator#1540
• chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 by @​dependabot[bot] in go-playground/validator#1545
• chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 by @​dependabot[bot] in go-playground/validator#1546

... (truncated)

Commits

• ac4c1ba fix(docs): correct ripemd160 tag name in README validation table (#1582)
• feacb34 feat: omit blank tag names from namespace (#1567)
• 5ed0a7e chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 (#1580)
• 0364541 fix(cron): anchor regex and accept full cron syntax (#1577)
• 8eb2659 chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 (#1571)
• f7e1721 chore(deps): bump golang.org/x/text from 0.36.0 to 0.37.0 (#1572)
• cf37fce fix(lint): correctly disable govet inline analyzer & deprecated gomodguard (#...
• 7c334e5 fix: reject hostnames with trailing hyphen in RFC 952 validator (#1569)
• 6bcb7bc feat: add origin validator for web origin URLs (#1565)
• 6fd2fa8 docs: fix typos (#1568)
• Additional commits viewable in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.4.0 to 2.5.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.5.0

What's Changed

• Print qualified type name when ErrorUnused=true causes errors for unused keys in embedded fields by @​jmacd in go-viper/mapstructure#113
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in go-viper/mapstructure#126
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 by @​dependabot[bot] in go-viper/mapstructure#131
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in go-viper/mapstructure#129
• feat: support for automatically initializing squashed pointer structs by @​tuunit in go-viper/mapstructure#71
• build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in go-viper/mapstructure#134
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in go-viper/mapstructure#142
• Fix slice deep map (owned) by @​jphastings in go-viper/mapstructure#144
• chore: fix lint violations by @​sagikazarmark in go-viper/mapstructure#157
• chore: switch to devenv by @​sagikazarmark in go-viper/mapstructure#158
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in go-viper/mapstructure#151
• build(deps): bump github/codeql-action from 3.29.10 to 4.31.2 by @​dependabot[bot] in go-viper/mapstructure#153
• build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 by @​dependabot[bot] in go-viper/mapstructure#154
• build(deps): bump actions/checkout from 5.0.0 to 6.0.1 by @​dependabot[bot] in go-viper/mapstructure#160
• build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in go-viper/mapstructure#159
• build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 by @​dependabot[bot] in go-viper/mapstructure#162
• build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in go-viper/mapstructure#161
• build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in go-viper/mapstructure#163
• feature: Add map field name to convert structs dynamically instead of individually with a tag. by @​thespags in go-viper/mapstructure#149
• feat(decoder): support multiple tag names in order by @​DarkiT in go-viper/mapstructure#59
• feat: optional root object name by @​andreev-fn in go-viper/mapstructure#137
• Add unmarshaler interface by @​sagikazarmark in go-viper/mapstructure#166

New Contributors

• @​jmacd made their first contribution in go-viper/mapstructure#113
• @​tuunit made their first contribution in go-viper/mapstructure#71
• @​jphastings made their first contribution in go-viper/mapstructure#144
• @​thespags made their first contribution in go-viper/mapstructure#149
• @​DarkiT made their first contribution in go-viper/mapstructure#59
• @​andreev-fn made their first contribution in go-viper/mapstructure#137

Full Changelog: go-viper/mapstructure@v2.4.0...v2.5.0

Commits

• 9aa3f77 Merge pull request #166 from go-viper/unmarshal2
• ae32a61 doc: add more documentation
• 320c8c9 test: cover unmarshaler to map
• 5b22829 feat: add unmarshaler interface
• fd74c75 Merge pull request #137 from andreev-fn/opt-root-name
• dee4661 Merge pull request #59 from DarkiT/main
• 5605df4 chore: cover more test cases, fix edge cases, add docs
• 6166631 fix(mapstructure): add multi-tag support and regression tests
• 6471aa6 Merge pull request #149 from thespags/main
• dbffaaa chore: add more tests and clarification to the documentation
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

• Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)
• Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)
• Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)
• Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)
• pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

• Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)
• Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)
• Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)
• Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)
• Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
• Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
• Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)
• Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)
• Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

• Fix scanning "char" (OID 18) into *string in binary format (luongs3)
• Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)
• Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)
• Fix data race when context is cancelled during connect
• Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)
• pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)
• pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)
• pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check
• Add missing error check of rows.Err to load types (Jen Altavilla)

Commits

• 7293fb1 Update changelog for v5.10.0
• 1ade285 pgconn: document secure connection configuration
• b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
• 0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
• b28e65b pgtype: bound array element count against remaining message bytes
• cd1f389 pgtype: bound array binary decode element length against remaining bytes
• ff27b5b pgtype: bound hstore binary decode against malicious server input
• a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
• 44f6173 pgconn: cap server-supplied SCRAM iteration count
• 1a976f7 pgconn: add require_auth to restrict accepted server auth methods
• Additional commits viewable in compare view

Updates github.com/lib/pq from 1.10.9 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (Description has been truncated

[github-actions]

X-Test Failure Report

✅ go@main-pull-3593
✅ java@main-pull-3593
✅ js@main-pull-3593
cukes-report
govulncheck-failure-2
opentdfplatform5FAUF1.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-1
govulncheck-failure-5
govulncheck-failure-0

[github-actions]

X-Test Results

✅ go@main-pull-3593
✅ go@main-v0.9.0
✅ java@main-pull-3593
✅ java@main-v0.9.0
✅ js@main-pull-3593
✅ js@main-v0.9.0
cukes-report
opentdfplatformLAM7BD.dockerbuild
govulncheck-failure-3
govulncheck-failure-8
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-5
govulncheck-failure-1

[github-actions]

X-Test Results

✅ go@main-v0.9.0
✅ go@main-pull-3593
✅ java@main-pull-3593
✅ js@main-pull-3593
✅ java@main-v0.9.0
✅ js@main-v0.9.0
cukes-report
opentdfplatformJL03UG.dockerbuild
govulncheck-failure-3
govulncheck-failure-8
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-0
govulncheck-failure-5

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• otdfctl
• sdk
• service
• lib/fixtures
• tests-bdd

See the workflow run for details.

[github-actions]

X-Test Results

✅ go@main-pull-3593
✅ go@main-v0.9.0
✅ java@main-pull-3593
✅ js@main-pull-3593
✅ java@main-v0.9.0
✅ js@main-v0.9.0
cukes-report
opentdfplatform36LPXW.dockerbuild
govulncheck-failure-8
govulncheck-failure-0
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-5