chore(deps): bump the go-deps group across 1 directory with 5 updates

[dependabot]

Bumps the go-deps group with 5 updates in the / directory:

Package	From	To
github.com/mark3labs/mcp-go	0.50.0	0.52.0
github.com/posthog/posthog-go	1.12.4	1.12.5
golang.org/x/sys	0.43.0	0.44.0
golang.org/x/term	0.42.0	0.43.0
modernc.org/sqlite	1.50.0	1.50.1

Updates github.com/mark3labs/mcp-go from 0.50.0 to 0.52.0

Release notes

Sourced from github.com/mark3labs/mcp-go's releases.

Release v0.52.0

No release notes provided.

Release v0.51.0

What's Changed

• fix(examples): return isError for input validation instead of internal error by @​blackwell-systems in mark3labs/mcp-go#838
• fix: issue-829: setTools may resulted in an empty tools. by @​ycqqq in mark3labs/mcp-go#830
• fix(transport): stop retrying on session terminated in listenForever by @​blackwell-systems in mark3labs/mcp-go#839
• feat(transport): add CommandTransport for subprocess MCP servers by @​ezynda3 in mark3labs/mcp-go#840
• feat(server): add OAuth Protected Resource Metadata endpoint (RFC 9728) by @​ezynda3 in mark3labs/mcp-go#841
• feat(client): add Go 1.23 iterator methods for paginated results by @​ezynda3 in mark3labs/mcp-go#842
• feat: add opt-in CORS support to HTTP transports (#810) by @​ezynda3 in mark3labs/mcp-go#843
• feat: validate tool output against declared output schemas (#811) by @​ezynda3 in mark3labs/mcp-go#844
• feat(transport): add LoggingTransport wrapper for JSON-RPC tracing by @​ezynda3 in mark3labs/mcp-go#845
• feat(mcp): add SchemaCache for stateless/serverless deployments by @​ezynda3 in mark3labs/mcp-go#846
• fix(oauth): accept any 2xx token response status (#835) by @​ezynda3 in mark3labs/mcp-go#847
• docs(server): document OnBeforeAny/OnSuccess/OnError pairing (#827) by @​ezynda3 in mark3labs/mcp-go#848

New Contributors

• @​ycqqq made their first contribution in mark3labs/mcp-go#830

Full Changelog: mark3labs/mcp-go@v0.50.0...v0.51.0

Commits

• 292ebb6 feat(server): add transport-agnostic Handle entry point (#851)
• 0678053 fix(transport): close response body on 404 in sendHTTP (#849)
• 083b8ac docs(server): document OnBeforeAny/OnSuccess/OnError pairing (#827) (#848)
• 0304399 fix(oauth): accept any 2xx token response status (#835) (#847)
• e4a7c6d feat(mcp): add SchemaCache for stateless/serverless deployments (#846)
• f5c14ee feat(transport): add LoggingTransport wrapper for JSON-RPC tracing (#845)
• ba6c2e0 docs(prompts): scope fix-issue to implementation only
• 8878667 feat: validate tool output against declared output schemas (#811) (#844)
• 961ead3 prompts
• 0c6cb64 feat: add opt-in CORS support to HTTP transports (#810) (#843)
• Additional commits viewable in compare view

Updates github.com/posthog/posthog-go from 1.12.4 to 1.12.5

Release notes

Sourced from github.com/posthog/posthog-go's releases.

1.12.5

Unreleased

Changelog

Sourced from github.com/posthog/posthog-go's changelog.

1.12.5

Patch Changes

• 6d243a6: Return ErrSDKDisabled from no-op clients when the project API key is missing, return ErrNoPersonalAPIKey before making requests for Personal API key dependent methods when no Personal API key is configured, and return ErrNoDistinctID from EvaluateFlags when distinct_id is missing.

New Features

• EvaluateFlags: New method on Client that returns a FeatureFlagEvaluations snapshot for a user using a single /flags request. The snapshot powers any number of IsEnabled / GetFlag / GetFlagPayload checks, fires deduped $feature_flag_called events with full v4 metadata (id, version, reason, request_id), and can be attached to a Capture event via the new Capture.Flags field to populate $feature/<key> and $active_feature_flags without another network call.
• Capture.Flags: New optional field on Capture that accepts a *FeatureFlagEvaluations snapshot. Takes precedence over SendFeatureFlags, avoids a hidden /flags request per event, and lets caller-supplied Properties override the auto-generated $feature/<key> values on conflict.

Internal

• Refactored the $feature_flag_called dedup logic into a shared helper so the existing single-flag path and the new snapshot path use identical semantics against the same per-distinct_id LRU cache.
• $feature_flag_called events from the snapshot path combine response-level errors (errors_while_computing_flags, quota_limited) with per-flag errors (flag_missing) comma-joined in $feature_flag_error, matching the granularity of the legacy single-flag path.

Commits

• 22195ff chore: release v1.12.5 [version bump] [skip ci]
• 6d243a6 fix: revert d2c4dd2 (#199)
• d2c4dd2 chore: release v1.12.4 [version bump] [skip ci]
• e9436fa Fix no-op client for empty API key (#193)
• 06421d2 chore: sign release workflow commits (#198)
• 8e96d3d Run Go CI on main pushes (#197)
• 9f60d7a feat(flags): support mixed targeting in local evaluation (#192)
• 4f175d4 chore: trigger releases from main changesets (#196)
• 2370beb feat: add EvaluateFlags() API for single-call flag evaluation (#191)
• See full diff in compare view

Updates golang.org/x/sys from 0.43.0 to 0.44.0

Commits

• fb1facd windows: avoid uint16 overflow in NewNTUnicodeString
• 94ad893 windows: add GetIfTable2Ex, GetIpInterface{Entry,Table}, GetUnicastIpAddressT...
• 54fe89f cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows
• df7d5d7 unix: automatically remove container created by mkall.sh
• 68a4a8e unix: avoid nil pointer dereference in Utime
• 690c91f unix: add CPUSetDynamic for systems with more than 1024 CPUs
• See full diff in compare view

Updates golang.org/x/term from 0.42.0 to 0.43.0

Commits

• 3c3e485 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates modernc.org/sqlite from 1.50.0 to 1.50.1

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

• 2026-05-10 v1.50.1:

  • Upgrade to SQLite 3.53.1.

• 2026-04-24 v1.50.0:

  • Upgrade to sqlite-vec v0.1.9.
  • Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).
  • This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.
  • See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

• 2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

  • Added -DSQLITE_ENABLE_DBPAGE_VTAB to the transpilation. See "The SQLITE_DBPAGE Virtual Table" for details.

• 2026-04-06 v1.48.2:

  • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
  • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
  • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
  • Fix the memory allocator used in (*conn).Deserialize.
  • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
  • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
  • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
  • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
  • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.
  • See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!
  • Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.
  • Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.
  • See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!
  • Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).
  • Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.
  • See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!
  • Fix data race on mutex.id in the mutexTry non-recursive path.
  • Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.
  • See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!
  • Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.
  • Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.
  • See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!
  • Fix Exec to fully drain rows when encountering SQLITE_ROW, preventing silent data loss in DML statements.
  • Previously, Exec aborted after the first row, meaning INSERT, UPDATE, or DELETE statements with a RETURNING clause would fail to process subsequent rows. The execution path now correctly loops until SQLITE_DONE and properly respects context cancellations during the drain loop, fully aligning with native C sqlite3_exec semantics.
  • See [GitLab merge request #106](https://gitlab.com/cznic/sqlite/-/merge_requests/106), thanks Josh Bleecher Snyder!
  • Fix "Shadowed err value (stmt.go)".
  • See [GitLab issue #249](https://gitlab.com/cznic/sqlite/-/work_items/249), thanks Emrecan BATI!
  • Fix silent omission of virtual table savepoint callbacks by correctly setting the sqlite3_module version.
  • See [GitLab merge request #107](https://gitlab.com/cznic/sqlite/-/merge_requests/107), thanks Josh Bleecher Snyder!
  • Fix vfsRead to properly handle partial and fragmented reads from io.Reader.
  • Replace f.Read with io.ReadFull to ensure the buffer is fully populated, preventing premature SQLITE_IOERR_SHORT_READ errors on valid mid-stream partial reads. Unread tail bytes at EOF are now efficiently zero-filled using the built-in clear function.
  • See [GitLab merge request #108](https://gitlab.com/cznic/sqlite/-/merge_requests/108), thanks Josh Bleecher Snyder!
  • Refactor internal error formatting to safely handle uninitialized or closed database pointers.
  • Prevent a misleading "out of memory" error message when an operation fails and the underlying SQLite database handle is NULL (db == 0).
  • See [GitLab merge request #109](https://gitlab.com/cznic/sqlite/-/merge_requests/109), thanks Josh Bleecher Snyder!

... (truncated)

Commits

• b95ed45 upgrade to SQLite 3.53.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.