Bump the all-gomod group across 2 directories with 12 updates by dependabot[bot] · Pull Request #98 · Thiht/transactor

dependabot · 2026-04-27T20:34:58Z

Bumps the all-gomod group with 2 updates in the /pgx directory: github.com/jackc/pgx/v5 and golang.org/x/text.
Bumps the all-gomod group with 10 updates in the /tests directory:

Package	From	To
github.com/jackc/pgx/v5	`5.9.1`	`5.9.2`
golang.org/x/text	`0.35.0`	`0.36.0`
github.com/testcontainers/testcontainers-go	`0.41.0`	`0.42.0`
github.com/testcontainers/testcontainers-go/modules/mysql	`0.41.0`	`0.42.0`
github.com/testcontainers/testcontainers-go/modules/postgres	`0.41.0`	`0.42.0`
modernc.org/sqlite	`1.48.1`	`1.50.0`
github.com/docker/go-connections	`0.6.0`	`0.7.0`
github.com/mattn/go-isatty	`0.0.20`	`0.0.22`
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	`0.67.0`	`0.68.0`
golang.org/x/crypto	`0.49.0`	`0.50.0`

Updates github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

The non-default simple protocol is used.

A dollar quoted string literal is used in the SQL query.

That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.

The value of that placeholder is controllable by the attacker.

e.g.
attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)
This is unlikely to occur outside of a contrived scenario.

Commits

0aeabbc Release v5.9.2
60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
e34e452 doc: Add godoc links
08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
96b4dbd Remove unstable test
acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
2f81f1f Update max_protocol_version and min_protocol_version defaults
See full diff in compare view

Updates golang.org/x/text from 0.35.0 to 0.36.0

Commits

8577a70 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

The non-default simple protocol is used.

A dollar quoted string literal is used in the SQL query.

That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.

The value of that placeholder is controllable by the attacker.

e.g.
attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)
This is unlikely to occur outside of a contrived scenario.

Commits

0aeabbc Release v5.9.2
60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
e34e452 doc: Add godoc links
08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
96b4dbd Remove unstable test
acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
2f81f1f Update max_protocol_version and min_protocol_version defaults
See full diff in compare view

Updates golang.org/x/text from 0.35.0 to 0.36.0

Commits

8577a70 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates github.com/testcontainers/testcontainers-go from 0.41.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

chore!: migrate to moby modules (#3591) @thaJeztah

🔒 Security

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

🐛 Bug Fixes

fix: return an error when docker host cannot be retrieved (#3613) @ash2k

🧹 Housekeeping

chore: gitignore Gas Town agent artifacts (#3633) @mdelapenya

fix(usage-metrics): include last release in the legend pop over (#3630) @mdelapenya

chore: update usage metrics (2026-04) (#3621) @github-actions[bot]

fix(usage-metrics): order of actions matters (#3623) @mdelapenya

fix(usage-metrics): reduce rate-limit cascade errors (#3622) @mdelapenya

fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#3620) @mdelapenya

📦 Dependency updates

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]

chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]

chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]

chore: update to Go 1.25.9, 1.26.9 (#3647) @thaJeztah

chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @thaJeztah

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]

chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]

chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]

fix(localstack): accept community-archive as a valid tag (#3601) @johnduhart

chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]

chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]

chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]

chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits

6e58418 chore: use new version (v0.42.0) in modules and examples
f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go/modules/mysql from 0.41.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go/modules/mysql's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

chore!: migrate to moby modules (#3591) @thaJeztah

🔒 Security

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

🐛 Bug Fixes

fix: return an error when docker host cannot be retrieved (#3613) @ash2k

🧹 Housekeeping

chore: gitignore Gas Town agent artifacts (#3633) @mdelapenya

fix(usage-metrics): include last release in the legend pop over (#3630) @mdelapenya

chore: update usage metrics (2026-04) (#3621) @github-actions[bot]

fix(usage-metrics): order of actions matters (#3623) @mdelapenya

fix(usage-metrics): reduce rate-limit cascade errors (#3622) @mdelapenya

fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#3620) @mdelapenya

📦 Dependency updates

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]

chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]

chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]

chore: update to Go 1.25.9, 1.26.9 (#3647) @thaJeztah

chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @thaJeztah

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]

chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]

chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]

fix(localstack): accept community-archive as a valid tag (#3601) @johnduhart

chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]

chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]

chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]

chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits

6e58418 chore: use new version (v0.42.0) in modules and examples
f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go/modules/postgres from 0.41.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go/modules/postgres's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

chore!: migrate to moby modules (#3591) @thaJeztah

🔒 Security

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

🐛 Bug Fixes

fix: return an error when docker host cannot be retrieved (#3613) @ash2k

🧹 Housekeeping

chore: gitignore Gas Town agent artifacts (#3633) @mdelapenya

fix(usage-metrics): include last release in the legend pop over (#3630) @mdelapenya

chore: update usage metrics (2026-04) (#3621) @github-actions[bot]

fix(usage-metrics): order of actions matters (#3623) @mdelapenya

fix(usage-metrics): reduce rate-limit cascade errors (#3622) @mdelapenya

fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#3620) @mdelapenya

📦 Dependency updates

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]

chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]

chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]

chore: update to Go 1.25.9, 1.26.9 (#3647) @thaJeztah

chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @thaJeztah

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]

chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]

chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]

fix(localstack): accept community-archive as a valid tag (#3601) @johnduhart

chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]

chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]

chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]

chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits

6e58418 chore: use new version (v0.42.0) in modules and examples
f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
Additional commits viewable in compare view

Updates modernc.org/sqlite from 1.48.1 to 1.50.0

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

2026-04-24 v1.50.0:

Upgrade to sqlite-vec v0.1.9.

Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).

This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.

See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

Added -DSQLITE_ENABLE_DBPAGE_VTAB to the transpilation. See "The SQLITE_DBPAGE Virtual Table" for details.

2026-04-06 v1.48.2:

Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.

Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).

See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!

Fix the memory allocator used in (*conn).Deserialize.

Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.

Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.

See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!

Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.

Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.

See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!

Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.

Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.

See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!

Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).

Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.

See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!

Fix data race on mutex.id in the mutexTry non-recursive path.

Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.

See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!

Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.

Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.

See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!

Fix Exec to fully drain rows when encountering SQLITE_ROW, preventing silent data loss in DML statements.

Previously, Exec aborted after the first row, meaning INSERT, UPDATE, or DELETE statements with a RETURNING clause would fail to process subsequent rows. The execution path now correctly loops until SQLITE_DONE and properly respects context cancellations during the drain loop, fully aligning with native C sqlite3_exec semantics.

See [GitLab merge request #106](https://gitlab.com/cznic/sqlite/-/merge_requests/106), thanks Josh Bleecher Snyder!

Fix "Shadowed err value (stmt.go)".

See [GitLab issue #249](https://gitlab.com/cznic/sqlite/-/work_items/249), thanks Emrecan BATI!

Fix silent omission of virtual table savepoint callbacks by correctly setting the sqlite3_module version.

See [GitLab merge request #107](https://gitlab.com/cznic/sqlite/-/merge_requests/107), thanks Josh Bleecher Snyder!

Fix vfsRead to properly handle partial and fragmented reads from io.Reader.

Replace f.Read with io.ReadFull to ensure the buffer is fully populated, preventing premature SQLITE_IOERR_SHORT_READ errors on valid mid-stream partial reads. Unread tail bytes at EOF are now efficiently zero-filled using the built-in clear function.

See [GitLab merge request #108](https://gitlab.com/cznic/sqlite/-/merge_requests/108), thanks Josh Bleecher Snyder!

Refactor internal error formatting to safely handle uninitialized or closed database pointers.

Prevent a misleading "out of memory" error message when an operation fails and the underlying SQLite database handle is NULL (db == 0).

See [GitLab merge request #109](https://gitlab.com/cznic/sqlite/-/merge_requests/109), thanks Josh Bleecher Snyder!

Fix error handling in database backup and restore initialization (sqlite3_backup_init).

Ensure error codes and messages are accurately read from the destination database handle rather than hardcoding the source or remote handle. This prevents swallowed errors or mismatched "not an error" messages when a backup or restore operation fails to start.

See [GitLab merge request #111](https://gitlab.com/cznic/sqlite/-/merge_requests/111), thanks Josh Bleecher Snyder!

... (truncated)

Commits

e220cc9 CHANGELOG.md: add !113
a58d5e5 Merge branch 'columns' into 'master'
119d8b1 add ColumnInfo, for inspecting query columns
c353a4f upgrade to sqlite-vec v0.1.9
fe575e4 doc.go: update SQLite version
3ccb9ca upgrade to SQLite 3.53.0
df16977 CHANGELOG.md: add !112
172c395 Merge branch 'fix-openv2-handle-leak' into 'master'
2719730 fix openV2 handle leak, TLS leak, and misleading error on failed open
53c87f6 CHANGELOG.md: add !111
Additional commits viewable in compare view

Updates github.com/docker/go-connections from 0.6.0 to 0.7.0

Commits

7997b0f Merge pull request #156 from thaJeztah/bump_go_winio
329724a chore(deps): bump github.com/Microsoft/go-winio v0.6.2
161dc9b Merge pull request #155 from thaJeztah/pin_actions
b115e42 Merge pull request #154 from thaJeztah/fix_non_linux_tests
4c35b2a ci: pin actions to sha
b4454a6 tlsconfig: make root pool tests deterministic across platforms
0819711 tlsconfig: certPool: pass options as argument
0329635 tlsconfig: rename some vars that shadowed
894d811 Merge pull request #150 from thaJeztah/deprecate_SystemCertPool
0a1293a Merge pull request #153 from thaJeztah/chachacha
Additional commits viewable in compare view

Updates github.com/mattn/go-isatty from 0.0.20 to 0.0.22

Commits

9a68506 Fix isCygwinPipeName to accept Windows 7 trailing suffix (#90)
4237fb1 Update Go test matrix to current versions (1.24-1.26)
433c12b Update GitHub Actions to latest versions
1cf5589 Add wasip1 and wasip2 to build constraints in isatty_others.go
1237245 Update dependencies: go 1.15 -> 1.21, golang.org/x/sys v0.6.0 -> v0.28.0
ac9c88d Fix typo in comment: undocomented -> undocumented
8b7124e Add availability check for NtQueryObject in init
08d0313 Fix isCygwinPipeName to reject names with extra trailing tokens
See full diff in compare view

Updates go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.67.0 to 0.68.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases.

Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0

Added

Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/v0.3.0 to expose the resolved SDK resource from declarative configuration. (#8660)

Add support to set the configuration file via OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)

Add support for service resource detector in go.opentelemetry.io/contrib/otelconf. (#8674)

Add support for attribute_count_limit and attribute_value_length_limit in tracer provider configuration in go.opentelemetry.io/contrib/otelconf. (#8687)

Add support for attribute_count_limit and attribute_value_length_limit in logger provider configuration in go.opentelemetry.io/contrib/otelconf. (#8686)

Add support for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)

Add support for OTEL_SEMCONV_STABILITY_OPT_IN in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. Supported values are rpc (default), rpc/dup and rpc/old. (#8726)

Add the http.route metric attribute to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#8632)

Changed

Prepend _ to the normalized environment variable name when the key starts with a digit in go.opentelemetry.io/contrib/propagators/envcar, ensuring POSIX compliance. (#8678)

Move experimental types from go.opentelemetry.io/contrib/otelconf to go.opentelemetry.io/contrib/otelconf/x. (#8529)

Normalize cached environment variable names in go.opentelemetry.io/contrib/propagators/envcar, aligning Carrier.Keys output with the carrier's normalized key format. (#8761)

Fixed

Fix go.opentelemetry.io/contrib/otelconf Prometheus reader converting OTel dot-style label names (e.g. service.name) to underscore-style (service_name) in target_info when both without_type_suffix and without_units are set. Use NoTranslation instead of UnderscoreEscapingWithoutSuffixes to preserve dot-style label names while still suppressing metric name suffixes. (#8763)

Limit the request body size at 1MB in go.opentelemetry.io/contrib/zpages. (#8656)

Fix server spans using the client's address and port for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8723)

Removed

Host ID resource detector has been removed when configuring the host resource detector in go.opentelemetry.io/contrib/otelconf. (#8581)

Deprecated

Deprecate OTEL_EXPERIMENTAL_CONFIG_FILE in favour of OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (#8639)

What's Changed

chore(deps): update module github.com/jgautheron/goconst to v1.9.0 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8651

chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8652

chore(deps): update golang.org/x/telemetry digest to e526e8a by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8647

chore(deps): update module k8s.io/klog/v2 to v2.140.0 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8650

chore(deps): update module github.com/mgechev/revive to v1.14.0 by @mmorel-35 in open-telemetry/opentelemetry-go-contrib#8646

chore(deps): update module github.com/mgechev/revive to v1.15.0 by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8539

chore: fix noctx issues by @mmorel-35 in open-telemetry/opentelemetry-go-contrib#8645

chore(deps): update golang.org/x by @renovate[bot] in open-telemetry/opentelemetry-go-contrib#8655

chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by @renovate[bot] in

Bumps the all-gomod group with 2 updates in the /pgx directory: [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) and [golang.org/x/text](https://github.com/golang/text). Bumps the all-gomod group with 10 updates in the /tests directory: | Package | From | To | | --- | --- | --- | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.1` | `5.9.2` | | [golang.org/x/text](https://github.com/golang/text) | `0.35.0` | `0.36.0` | | [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` | | [github.com/testcontainers/testcontainers-go/modules/mysql](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` | | [github.com/testcontainers/testcontainers-go/modules/postgres](https://github.com/testcontainers/testcontainers-go) | `0.41.0` | `0.42.0` | | [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.48.1` | `1.50.0` | | [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.6.0` | `0.7.0` | | [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) | `0.0.20` | `0.0.22` | | [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.67.0` | `0.68.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.49.0` | `0.50.0` | Updates `github.com/jackc/pgx/v5` from 5.9.1 to 5.9.2 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.9.1...v5.9.2) Updates `golang.org/x/text` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.35.0...v0.36.0) Updates `github.com/jackc/pgx/v5` from 5.9.1 to 5.9.2 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.9.1...v5.9.2) Updates `golang.org/x/text` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.35.0...v0.36.0) Updates `github.com/testcontainers/testcontainers-go` from 0.41.0 to 0.42.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0) Updates `github.com/testcontainers/testcontainers-go/modules/mysql` from 0.41.0 to 0.42.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0) Updates `github.com/testcontainers/testcontainers-go/modules/postgres` from 0.41.0 to 0.42.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.41.0...v0.42.0) Updates `modernc.org/sqlite` from 1.48.1 to 1.50.0 - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.48.1...v1.50.0) Updates `github.com/docker/go-connections` from 0.6.0 to 0.7.0 - [Commits](docker/go-connections@v0.6.0...v0.7.0) Updates `github.com/mattn/go-isatty` from 0.0.20 to 0.0.22 - [Commits](mattn/go-isatty@v0.0.20...v0.0.22) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.67.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.67.0...zpages/v0.68.0) Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0 - [Commits](golang/crypto@v0.49.0...v0.50.0) Updates `golang.org/x/sys` from 0.42.0 to 0.43.0 - [Commits](golang/sys@v0.42.0...v0.43.0) Updates `modernc.org/libc` from 1.70.0 to 1.72.0 - [Commits](https://gitlab.com/cznic/libc/compare/v1.70.0...v1.72.0) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.9.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-gomod - dependency-name: golang.org/x/text dependency-version: 0.36.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: all-gomod - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.9.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-gomod - dependency-name: golang.org/x/text dependency-version: 0.36.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: all-gomod - dependency-name: github.com/testcontainers/testcontainers-go dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-gomod - dependency-name: github.com/testcontainers/testcontainers-go/modules/mysql dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-gomod - dependency-name: github.com/testcontainers/testcontainers-go/modules/postgres dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-gomod - dependency-name: modernc.org/sqlite dependency-version: 1.50.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-gomod - dependency-name: github.com/docker/go-connections dependency-version: 0.7.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: all-gomod - dependency-name: github.com/mattn/go-isatty dependency-version: 0.0.22 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-gomod - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-version: 0.68.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: all-gomod - dependency-name: golang.org/x/crypto dependency-version: 0.50.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: all-gomod - dependency-name: golang.org/x/sys dependency-version: 0.43.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: all-gomod - dependency-name: modernc.org/libc dependency-version: 1.72.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: all-gomod ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-04T21:06:18Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 27, 2026

dependabot Bot mentioned this pull request Apr 27, 2026

Bump the all-gomod group across 2 directories with 12 updates #96

Closed

dependabot Bot closed this May 4, 2026

dependabot Bot deleted the dependabot/go_modules/pgx/all-gomod-0744291193 branch May 4, 2026 21:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the all-gomod group across 2 directories with 12 updates#98

Bump the all-gomod group across 2 directories with 12 updates#98
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/pgx/all-gomod-0744291193

dependabot Bot commented on behalf of github Apr 27, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

5.9.2 (April 18, 2026)

5.9.2 (April 18, 2026)

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

🧹 Housekeeping

📦 Dependency updates

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

🧹 Housekeeping

📦 Dependency updates

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

🧹 Housekeeping

📦 Dependency updates

Changelog

Release v1.43.0/v2.5.0/v0.68.0/v0.37.0/v0.23.0/v0.18.0/v0.16.0/v0.15.0

Added

Changed

Fixed

Removed

Deprecated

What's Changed

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 27, 2026 •

edited

Loading