build(deps): bump the minor-and-patch group across 1 directory with 22 updates by dependabot[bot] · Pull Request #471 · stellar/wallet-backend

dependabot · 2026-01-28T23:01:14Z

Bumps the minor-and-patch group with 19 updates in the / directory:

Package	From	To
github.com/99designs/gqlgen	`0.17.76`	`0.17.86`
github.com/alitto/pond/v2	`2.5.0`	`2.6.0`
github.com/avast/retry-go/v4	`4.6.1`	`4.7.0`
github.com/aws/aws-sdk-go	`1.55.7`	`1.55.8`
github.com/docker/go-connections	`0.5.0`	`0.6.0`
github.com/getsentry/sentry-go	`0.34.1`	`0.42.0`
github.com/go-playground/validator/v10	`10.27.0`	`10.30.1`
github.com/golang-jwt/jwt/v5	`5.2.3`	`5.3.1`
github.com/jackc/pgx/v5	`5.7.6`	`5.8.0`
github.com/lib/pq	`1.10.9`	`1.11.0`
github.com/mattn/go-sqlite3	`1.14.28`	`1.14.33`
github.com/prometheus/client_golang	`1.22.0`	`1.23.2`
github.com/rubenv/sql-migrate	`1.8.0`	`1.8.1`
github.com/sirupsen/logrus	`1.9.3`	`1.9.4`
github.com/spf13/cobra	`1.9.1`	`1.10.2`
github.com/spf13/viper	`1.20.1`	`1.21.0`
github.com/testcontainers/testcontainers-go	`0.37.0`	`0.40.0`
github.com/tetratelabs/wazero	`1.10.1`	`1.11.0`
github.com/vikstrous/dataloadgen	`0.0.9`	`0.0.10`

Updates github.com/99designs/gqlgen from 0.17.76 to 0.17.86

Release notes

Sourced from github.com/99designs/gqlgen's releases.

v0.17.86

What's Changed

fix: do not use if-else scoped var in type assertion by @StevenACoffman in 99designs/gqlgen#3972

Caching for packages loaded by a relative path by @deitrix in 99designs/gqlgen#3978

Autobind Getter and Haser for Protobuf RPC by @raphaelfff in 99designs/gqlgen#3980

Add gqlgen.yml schema configuration file by @Namyts in 99designs/gqlgen#3985

Reformat after merge to fix lint by @StevenACoffman in 99designs/gqlgen#3987

Support directives in comments by @ProBun in 99designs/gqlgen#3984

disable prealloc linter for now by @StevenACoffman in 99designs/gqlgen#3988

Update dependencies by @StevenACoffman in 99designs/gqlgen#3989

chore(deps-dev): bump @graphql-codegen/client-preset from 5.2.1 to 5.2.2 in /integration by @dependabot[bot] in 99designs/gqlgen#3974

chore(deps): bump github.com/goccy/go-yaml from 1.19.0 to 1.19.1 in /_examples by @dependabot[bot] in 99designs/gqlgen#3975

chore(deps-dev): bump @apollo/client from 4.0.10 to 4.0.11 in /integration by @dependabot[bot] in 99designs/gqlgen#3976

chore(deps-dev): bump vitest from 4.0.15 to 4.0.16 in /integration by @dependabot[bot] in 99designs/gqlgen#3977

chore(deps): bump github.com/goccy/go-yaml from 1.19.0 to 1.19.1 by @dependabot[bot] in 99designs/gqlgen#3973

chore(deps): bump dawidd6/action-download-artifact from 11 to 12 by @dependabot[bot] in 99designs/gqlgen#3979

chore(deps): bump mikepenz/action-junit-report from 6.0.1 to 6.1.0 by @dependabot[bot] in 99designs/gqlgen#3982

New Contributors

@raphaelfff made their first contribution in 99designs/gqlgen#3980

@Namyts made their first contribution in 99designs/gqlgen#3985

@ProBun made their first contribution in 99designs/gqlgen#3984

Full Changelog: 99designs/gqlgen@v0.17.85...v0.17.86

v0.17.85

What's Changed

Optional json marshallers generation by @PaulVasilenko in 99designs/gqlgen#3940

Add functional options to control complexity calculation by @vibridi in 99designs/gqlgen#3939

feat(resolveField): allow field middlewares to return a marshaler directly by @lbarthon in 99designs/gqlgen#3928

fix(introspection): support @deprecated directive on field arguments by @AlexanderArvidsson in 99designs/gqlgen#3949

feat(codegen): allow users to manually extend GraphQL unions by @lbarthon in 99designs/gqlgen#3945

fix(codegen): correctly unmarshal slice of input object mapped to map… by @rodcorsi in 99designs/gqlgen#3954

chore(deps): bump github.com/goccy/go-yaml from 1.18.0 to 1.19.0 in /_examples by @dependabot[bot] in 99designs/gqlgen#3941

chore(deps): bump github.com/goccy/go-yaml from 1.18.0 to 1.19.0 by @dependabot[bot] in 99designs/gqlgen#3942

chore(deps-dev): bump @graphql-codegen/client-preset from 5.2.0 to 5.2.1 in /integration by @dependabot[bot] in 99designs/gqlgen#3944

chore(deps-dev): bump vitest from 4.0.13 to 4.0.14 in /integration by @dependabot[bot] in 99designs/gqlgen#3943

chore(deps-dev): bump vitest from 4.0.14 to 4.0.15 in /integration by @dependabot[bot] in 99designs/gqlgen#3956

chore(deps): bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 by @dependabot[bot] in 99designs/gqlgen#3957

chore(deps): bump actions/setup-node from 6.0.0 to 6.1.0 by @dependabot[bot] in 99designs/gqlgen#3958

chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in 99designs/gqlgen#3959

chore(deps): bump robherley/go-test-action from 0.6.0 to 0.7.1 by @dependabot[bot] in 99designs/gqlgen#3969

chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in 99designs/gqlgen#3968

chore(deps): bump golang.org/x/text from 0.31.0 to 0.32.0 in /_examples by @dependabot[bot] in 99designs/gqlgen#3967

chore(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 by @dependabot[bot] in 99designs/gqlgen#3963

chore(deps-dev): bump @apollo/client from 4.0.9 to 4.0.10 in /integration by @dependabot[bot] in 99designs/gqlgen#3962

chore(deps): bump golang.org/x/text from 0.31.0 to 0.32.0 by @dependabot[bot] in 99designs/gqlgen#3965

chore(deps): bump golang.org/x/tools from 0.39.0 to 0.40.0 by @dependabot[bot] in 99designs/gqlgen#3964

New Contributors

... (truncated)

Commits

4079e8d release v0.17.86
552d7e6 Update dependencies (#3989)
a2db525 nolint comments for existing prealloc failures for now (#3988)
6676c05 Support directives in comments (#3984)
8043c56 Reformat after merge to fix lint (#3987)
61591af Add gqlgen.yml schema configuration file (#3985)
319534b chore(deps): bump mikepenz/action-junit-report from 6.0.1 to 6.1.0 (#3982)
af6d735 Autobind Getter and Haser for Protobuf RPC (#3980)
da0c5c1 chore(deps): bump dawidd6/action-download-artifact from 11 to 12 (#3979)
8e4f125 Caching for packages loaded by a relative path (#3978)
Additional commits viewable in compare view

Updates github.com/alitto/pond/v2 from 2.5.0 to 2.6.0

Release notes

Sourced from github.com/alitto/pond/v2's releases.

Release v2.6.0

What's Changed

chore(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in alitto/pond#131

feat(disable-queue): Allow disabling task queue by setting it to 0 by @alitto in alitto/pond#132 (Thanks @korotin 🙌)

feat(optional-panic-recovery): Add option to disable panic recovery by @alitto in alitto/pond#133 (Thanks @snichols 🙌)

Breaking Changes

Setting the queue size option to zero (0) via WithQueueSize(0) now disables the task queue altogether (all task submissions block until a worker becomes available unless the pool is set to non-blocking mode). Before this change, setting queue size to 0 would cause the queue to be unbounded. Pools are still unbounded by default, but now there's a constant that can be used to set queue size to unbounded explicitly. E.g. pond.NewPool(10, pond.WithQueueSize(pond.Unbounded)).

Full Changelog: alitto/pond@v2.5.0...v2.6.0

Commits

505910b feat(optional-panic-recovery): Add option to disable panic recovery
e8bb01e feat(disable-queue): Allow disabling task queue by setting it to 0
4503e79 Merge pull request #131 from alitto/dependabot/github_actions/actions/checkout-6
d53df42 chore(deps): bump actions/checkout from 5 to 6
de8edd9 Merge pull request #126 from alitto/dependabot/github_actions/actions/checkout-5
52572db chore(deps): bump actions/checkout from 4 to 5
See full diff in compare view

Updates github.com/avast/retry-go/v4 from 4.6.1 to 4.7.0

Release notes

Sourced from github.com/avast/retry-go/v4's releases.

v4.7.0

What's Changed

support context cancel cause by @NivKeidan in avast/retry-go#117

Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @dependabot[bot] in avast/retry-go#136

Add FullJitterBackoffDelay by @amirrezafahimi in avast/retry-go#128

No delay after final retry on max attempts by @StounhandJ in avast/retry-go#129

BackOffDelay multiplies attempts from zero by @StounhandJ in avast/retry-go#130

add Go version 1.25 to test matrix for expanded compatibility testing by @JaSei in avast/retry-go#142

New Contributors

@NivKeidan made their first contribution in avast/retry-go#117

@amirrezafahimi made their first contribution in avast/retry-go#128

@StounhandJ made their first contribution in avast/retry-go#129

Full Changelog: avast/retry-go@4.6.1...v4.7.0

Commits

375037b bump version
306fcee Merge pull request #142 from avast/go_1_25_test_environment
0bdef9c ci(workflow): add Go version 1.25 to test matrix for expanded compatibility t...
66013da Merge pull request #130 from StounhandJ/back_off_delay
9e5d0d6 Merge pull request #129 from StounhandJ/master
5068e50 Merge pull request #128 from amirrezafahimi/master
22920c3 Merge pull request #136 from avast/dependabot/go_modules/github.com/stretchr/...
459fade Bump github.com/stretchr/testify from 1.10.0 to 1.11.1
6c62c20 BackOffDelay multiplies attempts from zero
e330bce no delay after final retry on max attempts
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go from 1.55.7 to 1.55.8

Release notes

Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.55.8 (2025-07-31)

SDK Features

Mark the module and all packages as deprecated.

This SDK has entered end-of-support.

Commits

070853e release v1.55.8 (2025-07-31)
bb0168e Add deprecation warnings everywhere and remove some README content
7ce44f3 aws
6d9a26d remove doc issue tmpl
239002f deprecate service packages and HLLs
70c4177 deprecate main runtime packages
bbdd4e9 deprecate
See full diff in compare view

Updates github.com/docker/go-connections from 0.5.0 to 0.6.0

Commits

42faf79 Merge pull request #138 from thaJeztah/sockets_move_unix_options
9ffab7e sockets: make NewUnixSocket, WithChown, WithChmod unix-only
6bb1d15 Merge pull request #135 from thaJeztah/rename_test_files
b6c843d sockets: rename files to be considered test files
80898b6 Merge pull request #133 from thaJeztah/deprecate_socket_dialpipe
a4399e5 socket: deprecate DialPipe
b071e04 Merge pull request #128 from thaJeztah/remove_old_cyphers
578bfde Merge pull request #132 from thaJeztah/optimize_ParsePortSpec
deccd71 tlsconfig: align client and server defaults, remove weak CBC ciphers
30b91c8 nat: ParsePortSpec: combine some conditions
Additional commits viewable in compare view

Updates github.com/getsentry/sentry-go from 0.34.1 to 0.42.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.42.0

Breaking Changes 🛠

refactor Telemetry Processor to use TelemetryItem instead of ItemConvertible by @giortzisg in #1180

remove ToEnvelopeItem from single log items

rename TelemetryBuffer to Telemetry Processor to adhere to spec

remove unsed ToEnvelopeItem(dsn) from Event.

New Features ✨

Add metric support by @aldy505 in #1151

support for three metric methods (counter, gauge, distribution)

custom metric units

unexport batchlogger

Internal Changes 🔧

Release

Fix changelog-preview permissions by @BYK in #1181

Switch from action-prepare-release to Craft by @BYK in #1167

Other

(repo) Add Claude Code settings with basic permissions by @philipphofmann in #1175

Update release and changelog-preview workflows by @giortzisg in #1177

Bump echo to 4.10.1 by @giortzisg in #1174

0.41.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.41.0.

Features
Add HTTP client integration for distributed tracing via sentryhttpclient package (#876)
Provides an http.RoundTripper implementation that automatically creates spans for outgoing HTTP requests

Supports trace propagation targets configuration via WithTracePropagationTargets option
Example usage:
import sentryhttpclient "github.com/getsentry/sentry-go/httpclient"
roundTripper := sentryhttpclient.NewSentryRoundTripper(nil)
client := &http.Client{
Transport: roundTripper,
}
Add ClientOptions.PropagateTraceparent option to control W3C traceparent header propagation in outgoing HTTP requests (#1161)

Add SpanID field to structured logs (#1169)
0.40.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.40.0.

... (truncated)

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.42.0

Breaking Changes 🛠

refactor Telemetry Processor to use TelemetryItem instead of ItemConvertible by @giortzisg in #1180

remove ToEnvelopeItem from single log items

rename TelemetryBuffer to Telemetry Processor to adhere to spec

remove unsed ToEnvelopeItem(dsn) from Event.

New Features ✨

Add metric support by @aldy505 in #1151

support for three metric methods (counter, gauge, distribution)

custom metric units

unexport batchlogger

Internal Changes 🔧

Release

Fix changelog-preview permissions by @BYK in #1181

Switch from action-prepare-release to Craft by @BYK in #1167

Other

(repo) Add Claude Code settings with basic permissions by @philipphofmann in #1175

Update release and changelog-preview workflows by @giortzisg in #1177

Bump echo to 4.10.1 by @giortzisg in #1174

0.41.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.41.0.

Features
Add HTTP client integration for distributed tracing via sentryhttpclient package (#876)
Provides an http.RoundTripper implementation that automatically creates spans for outgoing HTTP requests

Supports trace propagation targets configuration via WithTracePropagationTargets option
Example usage:
import sentryhttpclient "github.com/getsentry/sentry-go/httpclient"
roundTripper := sentryhttpclient.NewSentryRoundTripper(nil)
client := &http.Client{
Transport: roundTripper,
}
Add ClientOptions.PropagateTraceparent option to control W3C traceparent header propagation in outgoing HTTP requests (#1161)

Add SpanID field to structured logs (#1169)

... (truncated)

Commits

2100422 release: 0.42.0
ba17897 refactor!: update Telemetry Processor logic (#1180)
5d2aa89 feat: Add metrics support (#1151)
e090e4a ci(release): Fix changelog-preview permissions (#1181)
9d2368e ci: update release and changelog-preview workflows (#1177)
c551ab5 ci(release): Switch from action-prepare-release to Craft (#1167)
21b1d0f chore(repo): Add Claude Code settings with basic permissions (#1175)
e84cccc chore: ignore local Claude settings (#1176)
b9f4109 chore: bump echo to 4.10.1 (#1174)
9c96788 Merge branch 'release/0.41.0'
Additional commits viewable in compare view

Updates github.com/go-playground/validator/v10 from 10.27.0 to 10.30.1

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

Release 10.30.1

What's Changed

Feat: uds_exists validator by @barash-asenov in go-playground/validator#1482

fix: Revert min limit of e164 regex by @zemzale in go-playground/validator#1516

Fix 1513 update ISO 3166-2 codes by @xyz27900 in go-playground/validator#1514

New Contributors

@barash-asenov made their first contribution in go-playground/validator#1482

@xyz27900 made their first contribution in go-playground/validator#1514

Full Changelog: go-playground/validator@v10.30.0...v10.30.1

Release 10.30.0

What's Changed

Bump golang.org/x/crypto from 0.45.0 to 0.46.0 by @dependabot[bot] in go-playground/validator#1504

Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 by @dependabot[bot] in go-playground/validator#1505

docs: document omitzero by @minoritea in go-playground/validator#1509

fix: add missing translations for alpha validators by @shindonghwi in go-playground/validator#1510

fix: resolve panic when using aliases with OR operator by @shindonghwi in go-playground/validator#1507

fix: resolve panic when using cross-field validators with ValidateMap by @shindonghwi in go-playground/validator#1508

New Contributors

@minoritea made their first contribution in go-playground/validator#1509

@shindonghwi made their first contribution in go-playground/validator#1510

Full Changelog: go-playground/validator@v10.29.0...v10.30.0

v10.29.0

What's Changed

fix: minor spelling fix in docs by @Perfect5th in go-playground/validator#1472

Bump golang.org/x/text from 0.29.0 to 0.30.0 by @dependabot[bot] in go-playground/validator#1473

Bump golang.org/x/crypto from 0.42.0 to 0.43.0 by @dependabot[bot] in go-playground/validator#1474

Fix integer overflows in test when run on 32bit systems by @gibmat in go-playground/validator#1479

fix: exclude modernize linter by @nodivbyzero in go-playground/validator#1487

Bump golangci/golangci-lint-action from 8 to 9 by @dependabot[bot] in go-playground/validator#1490

Bump github.com/gabriel-vasile/mimetype from 1.4.10 to 1.4.11 by @dependabot[bot] in go-playground/validator#1485

Support for ISO 9362:2022 BIC (SWIFT) codes by @fira42073 in go-playground/validator#1478

Bump golang.org/x/crypto from 0.43.0 to 0.44.0 by @dependabot[bot] in go-playground/validator#1492

Fix: validation now rejects phone codes starting with +0 by @nodivbyzero in go-playground/validator#1476

Bump golang.org/x/crypto from 0.44.0 to 0.45.0 by @dependabot[bot] in go-playground/validator#1495

Bump actions/checkout from 5 to 6 by @dependabot[bot] in go-playground/validator#1497

fix/1500:Update Sierra Leone currency code from SLL to SLE by @princekm096 in go-playground/validator#1501

Fix/1481 skip invalid type validations by @KaranLathiya in go-playground/validator#1498

Fix 1502 update ccy codes by @princekm096 in go-playground/validator#1503

Added alphanumspace string validator by @haribabuk113 in go-playground/validator#1484

excluded_unless bug fix by @chargraves85 in go-playground/validator#1307

New Contributors

@Perfect5th made their first contribution in go-playground/validator#1472

@gibmat made their first contribution in go-playground/validator#1479

... (truncated)

Commits

5010f83 Fix 1513 update ISO 3166-2 codes (#1514)
e8627a1 fix: Revert min limit of e164 regex (#1516)
65b1bcc Feat: uds_exists validator (#1482)
e9b900c fix: resolve panic when using cross-field validators with ValidateMap (#1508)
7aba81c fix: resolve panic when using aliases with OR operator (#1507)
4d600be fix: add missing translations for alpha validators (#1510)
b0e4ba2 docs: document omitzero (#1509)
79fba72 Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 (#1505)
c3c9084 Bump golang.org/x/crypto from 0.45.0 to 0.46.0 (#1504)
afce000 excluded_unless bug fix (#1307)
Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.2.3 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

Add spellcheck Github action to catch common spelling mistakes by @equalsgibson in golang-jwt/jwt#458

Add WithNotBeforeRequired parser option and add test coverage by @equalsgibson in golang-jwt/jwt#456

Update godoc example func to properly refer to NewWithClaims() by @equalsgibson in golang-jwt/jwt#459

Update github workflows by @mfridman in golang-jwt/jwt#462

Additional test for CustomClaims that validates unmarshalling behaviour by @equalsgibson in golang-jwt/jwt#457

Fix early file close in jwt cli by @mfridman in golang-jwt/jwt#472

Add TPM signature reference by @salrashid123 in golang-jwt/jwt#473

Remove misleading ParserOptions documentation in golang-jwt/jwt#484

Save signature to Token struct after successful signing by @EgorSheff in golang-jwt/jwt#417

Set token.Signature in ParseUnverified by @slickwilli in golang-jwt/jwt#414

👒 Dependencies

Bump crate-ci/typos from 1.34.0 to 1.35.3 by @dependabot[bot] in golang-jwt/jwt#461

Bump crate-ci/typos from 1.35.4 to 1.36.2 by @dependabot[bot] in golang-jwt/jwt#470

Bump github/codeql-action from 3 to 4 by @dependabot[bot] in golang-jwt/jwt#478

Bump crate-ci/typos from 1.36.2 to 1.39.0 by @dependabot[bot] in golang-jwt/jwt#480

Bump golangci/golangci-lint-action from 8 to 9 by @dependabot[bot] in golang-jwt/jwt#481

Bump actions/setup-go from 5 to 6 by @dependabot[bot] in golang-jwt/jwt#469

Bump crate-ci/typos from 1.39.0 to 1.40.0 by @dependabot[bot] in golang-jwt/jwt#488

Bump actions/checkout from 5 to 6 by @dependabot[bot] in golang-jwt/jwt#487

Bump crate-ci/typos from 1.40.0 to 1.41.0 by @dependabot[bot] in golang-jwt/jwt#490

Bump crate-ci/typos from 1.41.0 to 1.42.1 by @dependabot[bot] in golang-jwt/jwt#492

New Contributors

@equalsgibson made their first contribution in golang-jwt/jwt#458

@salrashid123 made their first contribution in golang-jwt/jwt#473

@EgorSheff made their first contribution in golang-jwt/jwt#417

@slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

v5.3.0

This release is almost identical to to v5.2.3 but now correctly indicates Go 1.21 as minimum requirement.

What's Changed

Create CODEOWNERS by @oxisto in golang-jwt/jwt#449

Bump Go version to indicate correct minimum requirement by @oxisto in golang-jwt/jwt#452

Full Changelog: golang-jwt/jwt@v5.2.3...v5.3.0

Commits

7ceae61 Add release.yml for changelog configuration
dce8e4d Set token.Signature in ParseUnverified (#414)
8889e20 Save signature to Token struct after successful signing (#417)
d237f82 ci: update github-actions schedule interval to monthly
d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
e6a0afa Bump actions/checkout from 5 to 6 (#487)
9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
60a8669 Bump actions/setup-go from 5 to 6 (#469)
76f5828 Remove misleading ParserOptions documentation (#484)
Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.7.6 to 5.8.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.8.0 (December 26, 2025)

Require Go 1.24+

Remove golang.org/x/crypto dependency

Add OptionShouldPing to control ResetSession ping behavior (ilyam8)

Fix: Avoid overflow when MaxConns is set to MaxInt32

Fix: Close batch pipeline after a query error (Anthonin Bonnefoy)

Faster shutdown of pgxpool.Pool background goroutines (Blake Gentry)

Add pgxpool ping timeout (Amirsalar Safaei)

Fix: Rows.FieldDescriptions for empty query

Scan unknown types into *any as string or []byte based on format code

Optimize pgtype.Numeric (Philip Dubé)

Add AfterNetConnect hook to pgconn.Config

Fix: Handle for preparing statements that fail during the Describe phase

Fix overflow in numeric scanning (Ilia Demianenko)

Fix: json/jsonb sql.Scanner source type is []byte

Migrate from math/rand to math/rand/v2 (Mathias Bogaert)

Optimize internal iobufpool (Mathias Bogaert)

Optimize stmtcache invalidation (Mathias Bogaert)

Fix: missing error case in interval parsing (Maxime Soulé)

Fix: invalidate statement/description cache in Exec (James Hartig)

ColumnTypeLength method return the type length for varbit type (DengChan)

Array and Composite codecs handle typed nils

Commits

fe8740a Release v5.8.0
e5dde5a Skip test on CockroachDB
06f2d82 Remove trailing space
2cf78dd Merge pull request #2448 from DengChan/column_type_lenth_varbit
2d1c4ef Skip tests on CockroachDB
1a5fa7f Array and Composite codecs handle typed nils
5736d09 ColumnTypeLength method return the type length for varbit type.
4c1308c Revert "stdlib matches native pgx scanning support"
14ce2b7 Skip test on CockroachDB
65b2724 Merge pull request #2443 from jameshartig/x-invalidate-cache-in-exec
Additional commits viewable in compare view

Updates github.com/lib/pq from 1.10.9 to 1.11.0

Release notes

Sourced from github.com/lib/pq's releases.

v1.11.0

This version of pq requires Go 1.21 or newer.

pq now supports only maintained PostgreSQL releases, which is PostgreSQL 14 and newer. Previously PostgreSQL 8.4 and newer were supported.

Features
The pq.Error.Error() text includes the position of the error (if reported by PostgreSQL) and SQLSTATE code (#1219, #1224):
pq: column "columndoesntexist" does not exist at column 8 (42703)
pq: syntax error at or near ")" at position 2:71 (42601)
The pq.Error.ErrorWithDetail() method prints a more detailed multiline message, with the Detail, Hint, and error position (if any) (#1219):
ERROR:   syntax error at or near ")" (42601)
CONTEXT: line 12, column 1:
 10 |     name           varchar,
 11 |     version        varchar,
 12 | );
      ^
Add Config, NewConfig(), and NewConnectorConfig() to supply connection details in a more structured way (#1240).

Support hostaddr and $PGHOSTADDR (#1243).

Support multiple values in host, port, and hostaddr, which are each tried in order, or randomly if load_balance_hosts=random is set (#1246).

Support target_session_attrs connection parameter (#1246).

Support [sslnegotiation] to use SSL without negotiation (#1180).

Allow using a custom tls.Config, for example for encrypted keys (#1228).

Add PQGO_DEBUG=1 print the communication with PostgreSQL to stderr, to aid in debugging, testing, and bug reports (#1223).

Add support for NamedValueChecker interface (#1125, #1238).
Fixes

Match HOME directory lookup logic with libpq: prefer $HOME over /etc/passwd, ignore ENOTDIR errors, and use APPDATA on Windows (#1214).

Fix sslmode=verify-ca verifying the hostname anyway when connecting to a DNS name (rather than IP) (#1226).

Correctly detect pre-protocol errors such as the server not being able to fork or running out of memory (#1248).

Fix build with wasm (#1184), appengine (#745), and Plan 9 (#1133).

Deprecate and type alias pq.NullTime to sql.NullTime (#1211).

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.11.0 (2025-01-28)

This version of pq requires Go 1.21 or newer.

pq now supports only maintained PostgreSQL releases, which is PostgreSQL 14 and newer. Previously PostgreSQL 8.4 and newer were supported.

Features
The pq.Error.Error() text includes the position of the error (if reported by PostgreSQL) and SQLSTATE code (#1219, #1224):
pq: column "columndoesntexist" does not exist at column 8 (42703)
pq: syntax error at or near ")" at position 2:71 (42601)
The pq.Error.ErrorWithDetail() method prints a more detailed multiline message, with the Detail, Hint, and error position (if any) (#1219):
ERROR:   syntax error at or near ")" (42601)
CONTEXT: line 12, column 1:
 10 |     name          ...
Description has been truncated

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

socket-security · 2026-01-28T23:04:27Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/aws/aws-sdk-go@v1.55.7 ⏵ v1.55.8	⁺¹
	github.com/prometheus/client_golang@v1.22.0 ⏵ v1.23.2	⁺¹
	github.com/getsentry/sentry-go@v0.34.1 ⏵ v0.42.0	^-9
	github.com/jackc/pgx/v5@v5.7.6 ⏵ v5.8.0	^-2
	github.com/99designs/gqlgen@v0.17.76 ⏵ v0.17.86
	github.com/mattn/go-sqlite3@v1.14.28 ⏵ v1.14.34	^-1
	golang.org/x/text@v0.27.0 ⏵ v0.33.0	⁺¹
	github.com/go-playground/validator/v10@v10.27.0 ⏵ v10.30.1
	github.com/tetratelabs/wazero@v1.10.1 ⏵ v1.11.0
	github.com/testcontainers/testcontainers-go@v0.37.0 ⏵ v0.40.0	⁺¹
	github.com/lib/pq@v1.10.9 ⏵ v1.11.2	⁺¹
	github.com/docker/go-connections@v0.5.0 ⏵ v0.6.0	^-1
	github.com/spf13/cobra@v1.9.1 ⏵ v1.10.2	⁺¹
	github.com/golang-jwt/jwt/v5@v5.2.3 ⏵ v5.3.1	⁺¹
	github.com/sirupsen/logrus@v1.9.3 ⏵ v1.9.4	⁺¹
	github.com/avast/retry-go/v4@v4.6.1 ⏵ v4.7.0	⁺¹
	github.com/spf13/viper@v1.20.1 ⏵ v1.21.0	⁺¹
	github.com/vektah/gqlparser/v2@v2.5.30 ⏵ v2.5.31
	github.com/rubenv/sql-migrate@v1.8.0 ⏵ v1.8.1
	golang.org/x/term@v0.33.0 ⏵ v0.38.0	⁺¹
	github.com/vikstrous/dataloadgen@v0.0.9 ⏵ v0.0.10
	github.com/alitto/pond/v2@v2.5.0 ⏵ v2.6.0

View full report

socket-security · 2026-01-28T23:04:29Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		License policy violation: golang `dario.cat/mergo` under BSD-3-Clause Location: Package overview From: `?` → `golang/github.com/testcontainers/testcontainers-go@v0.40.0` → `golang/dario.cat/mergo@v1.0.2` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/dario.cat/mergo@v1.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `github.com/aws/aws-sdk-go` under Apache-2.0 AND BSD-3-Clause Location: Package overview From: go.mod → `golang/github.com/aws/aws-sdk-go@v1.55.8` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/aws/aws-sdk-go@v1.55.8`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `github.com/docker/docker` Location: Package overview From: `?` → `golang/github.com/stellar/stellar-rpc@v0.9.6-0.20250618231249-2d3e8ff69365` → `golang/github.com/testcontainers/testcontainers-go@v0.40.0` → `golang/github.com/docker/docker@v28.5.1+incompatible` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/docker/docker@v28.5.1+incompatible`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `github.com/ebitengine/purego` under Apache-2.0 AND BSD-3-Clause Location: Package overview From: `?` → `golang/github.com/testcontainers/testcontainers-go@v0.40.0` → `golang/github.com/ebitengine/purego@v0.8.4` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/ebitengine/purego@v0.8.4`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `github.com/fsnotify/fsnotify` under BSD-3-Clause Location: Package overview From: `?` → `golang/github.com/spf13/viper@v1.21.0` → `golang/github.com/fsnotify/fsnotify@v1.9.0` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/fsnotify/fsnotify@v1.9.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `github.com/mattn/go-sqlite3` under BSD-3-Clause AND MIT Location: Package overview From: go.mod → `golang/github.com/mattn/go-sqlite3@v1.14.34` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/mattn/go-sqlite3@v1.14.34`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `github.com/prometheus/client_golang` under Apache-2.0 AND BSD-3-Clause Location: Package overview From: go.mod → `golang/github.com/prometheus/client_golang@v1.23.2` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/prometheus/client_golang@v1.23.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `github.com/shirou/gopsutil/v4` Location: Package overview From: `?` → `golang/github.com/testcontainers/testcontainers-go@v0.40.0` → `golang/github.com/shirou/gopsutil/v4@v4.25.6` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/shirou/gopsutil/v4@v4.25.6`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `github.com/spf13/pflag` under BSD-3-Clause Location: Package overview From: `?` → `golang/github.com/stellar/go-stellar-sdk@v0.1.0` → `golang/github.com/spf13/viper@v1.21.0` → `golang/github.com/stellar/stellar-rpc@v0.9.6-0.20250618231249-2d3e8ff69365` → `golang/github.com/spf13/cobra@v1.10.2` → `golang/github.com/spf13/pflag@v1.0.10` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/spf13/pflag@v1.0.10`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `github.com/vektah/gqlparser/v2` under BSD-3-Clause AND MIT Location: Package overview From: go.mod → `golang/github.com/vektah/gqlparser/v2@v2.5.31` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/vektah/gqlparser/v2@v2.5.31`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `golang.org/x/crypto` under BSD-3-Clause Location: Package overview From: `?` → `golang/github.com/stellar/go-stellar-sdk@v0.1.0` → `golang/github.com/go-playground/validator/v10@v10.30.1` → `golang/github.com/prometheus/client_golang@v1.23.2` → `golang/github.com/stellar/stellar-rpc@v0.9.6-0.20250618231249-2d3e8ff69365` → `golang/github.com/testcontainers/testcontainers-go@v0.40.0` → `golang/golang.org/x/crypto@v0.46.0` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/crypto@v0.46.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `golang.org/x/net` under BSD-3-Clause Location: Package overview From: `?` → `golang/github.com/stellar/go-stellar-sdk@v0.1.0` → `golang/github.com/go-playground/validator/v10@v10.30.1` → `golang/github.com/prometheus/client_golang@v1.23.2` → `golang/github.com/stellar/stellar-rpc@v0.9.6-0.20250618231249-2d3e8ff69365` → `golang/github.com/testcontainers/testcontainers-go@v0.40.0` → `golang/golang.org/x/net@v0.48.0` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/net@v0.48.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `golang.org/x/sync` under BSD-3-Clause Location: Package overview From: `?` → `golang/github.com/stellar/go-stellar-sdk@v0.1.0` → `golang/github.com/jackc/pgx/v5@v5.8.0` → `golang/github.com/prometheus/client_golang@v1.23.2` → `golang/github.com/stellar/stellar-rpc@v0.9.6-0.20250618231249-2d3e8ff69365` → `golang/golang.org/x/sync@v0.19.0` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/sync@v0.19.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `golang.org/x/sys` under BSD-3-Clause Location: Package overview From: `?` → `golang/golang.org/x/term@v0.38.0` → `golang/github.com/stellar/go-stellar-sdk@v0.1.0` → `golang/github.com/tetratelabs/wazero@v1.11.0` → `golang/github.com/go-playground/validator/v10@v10.30.1` → `golang/github.com/sirupsen/logrus@v1.9.4` → `golang/github.com/getsentry/sentry-go@v0.42.0` → `golang/github.com/docker/go-connections@v0.6.0` → `golang/github.com/prometheus/client_golang@v1.23.2` → `golang/github.com/spf13/viper@v1.21.0` → `golang/github.com/stellar/stellar-rpc@v0.9.6-0.20250618231249-2d3e8ff69365` → `golang/github.com/testcontainers/testcontainers-go@v0.40.0` → `golang/golang.org/x/sys@v0.39.0` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/sys@v0.39.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `golang.org/x/term` under BSD-3-Clause Location: Package overview From: go.mod → `golang/golang.org/x/term@v0.38.0` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/term@v0.38.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `golang.org/x/text` under BSD-3-Clause Location: Package overview From: go.mod → `golang/golang.org/x/text@v0.33.0` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/golang.org/x/text@v0.33.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: golang `google.golang.org/protobuf` under BSD-3-Clause Location: Package overview From: `?` → `golang/github.com/stellar/go-stellar-sdk@v0.1.0` → `golang/github.com/99designs/gqlgen@v0.17.86` → `golang/github.com/prometheus/client_golang@v1.23.2` → `golang/github.com/stellar/stellar-rpc@v0.9.6-0.20250618231249-2d3e8ff69365` → `golang/google.golang.org/protobuf@v1.36.11` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/google.golang.org/protobuf@v1.36.11`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

…2 updates Bumps the minor-and-patch group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/99designs/gqlgen](https://github.com/99designs/gqlgen) | `0.17.76` | `0.17.86` | | [github.com/alitto/pond/v2](https://github.com/alitto/pond) | `2.5.0` | `2.6.0` | | [github.com/avast/retry-go/v4](https://github.com/avast/retry-go) | `4.6.1` | `4.7.0` | | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.55.7` | `1.55.8` | | [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.5.0` | `0.6.0` | | [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.34.1` | `0.42.0` | | [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) | `10.27.0` | `10.30.1` | | [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) | `5.2.3` | `5.3.1` | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.6` | `5.8.0` | | [github.com/lib/pq](https://github.com/lib/pq) | `1.10.9` | `1.11.0` | | [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.28` | `1.14.33` | | [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.22.0` | `1.23.2` | | [github.com/rubenv/sql-migrate](https://github.com/rubenv/sql-migrate) | `1.8.0` | `1.8.1` | | [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) | `1.9.3` | `1.9.4` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.9.1` | `1.10.2` | | [github.com/spf13/viper](https://github.com/spf13/viper) | `1.20.1` | `1.21.0` | | [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.37.0` | `0.40.0` | | [github.com/tetratelabs/wazero](https://github.com/tetratelabs/wazero) | `1.10.1` | `1.11.0` | | [github.com/vikstrous/dataloadgen](https://github.com/vikstrous/dataloadgen) | `0.0.9` | `0.0.10` | Updates `github.com/99designs/gqlgen` from 0.17.76 to 0.17.86 - [Release notes](https://github.com/99designs/gqlgen/releases) - [Changelog](https://github.com/99designs/gqlgen/blob/master/CHANGELOG.md) - [Commits](99designs/gqlgen@v0.17.76...v0.17.86) Updates `github.com/alitto/pond/v2` from 2.5.0 to 2.6.0 - [Release notes](https://github.com/alitto/pond/releases) - [Commits](alitto/pond@v2.5.0...v2.6.0) Updates `github.com/avast/retry-go/v4` from 4.6.1 to 4.7.0 - [Release notes](https://github.com/avast/retry-go/releases) - [Commits](avast/retry-go@4.6.1...4.7.0) Updates `github.com/aws/aws-sdk-go` from 1.55.7 to 1.55.8 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md) - [Commits](aws/aws-sdk-go@v1.55.7...v1.55.8) Updates `github.com/docker/go-connections` from 0.5.0 to 0.6.0 - [Commits](docker/go-connections@v0.5.0...v0.6.0) Updates `github.com/getsentry/sentry-go` from 0.34.1 to 0.42.0 - [Release notes](https://github.com/getsentry/sentry-go/releases) - [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-go@v0.34.1...v0.42.0) Updates `github.com/go-playground/validator/v10` from 10.27.0 to 10.30.1 - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](go-playground/validator@v10.27.0...v10.30.1) Updates `github.com/golang-jwt/jwt/v5` from 5.2.3 to 5.3.1 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Commits](golang-jwt/jwt@v5.2.3...v5.3.1) Updates `github.com/jackc/pgx/v5` from 5.7.6 to 5.8.0 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.7.6...v5.8.0) Updates `github.com/lib/pq` from 1.10.9 to 1.11.0 - [Release notes](https://github.com/lib/pq/releases) - [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md) - [Commits](lib/pq@v1.10.9...v1.11.0) Updates `github.com/mattn/go-sqlite3` from 1.14.28 to 1.14.33 - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](mattn/go-sqlite3@v1.14.28...v1.14.33) Updates `github.com/prometheus/client_golang` from 1.22.0 to 1.23.2 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.22.0...v1.23.2) Updates `github.com/rubenv/sql-migrate` from 1.8.0 to 1.8.1 - [Commits](rubenv/sql-migrate@v1.8.0...v1.8.1) Updates `github.com/sirupsen/logrus` from 1.9.3 to 1.9.4 - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.9.3...v1.9.4) Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.2 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.9.1...v1.10.2) Updates `github.com/spf13/viper` from 1.20.1 to 1.21.0 - [Release notes](https://github.com/spf13/viper/releases) - [Commits](spf13/viper@v1.20.1...v1.21.0) Updates `github.com/testcontainers/testcontainers-go` from 0.37.0 to 0.40.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.37.0...v0.40.0) Updates `github.com/tetratelabs/wazero` from 1.10.1 to 1.11.0 - [Release notes](https://github.com/tetratelabs/wazero/releases) - [Commits](wazero/wazero@v1.10.1...v1.11.0) Updates `github.com/vektah/gqlparser/v2` from 2.5.30 to 2.5.31 - [Release notes](https://github.com/vektah/gqlparser/releases) - [Commits](vektah/gqlparser@v2.5.30...v2.5.31) Updates `github.com/vikstrous/dataloadgen` from 0.0.9 to 0.0.10 - [Commits](vikstrous/dataloadgen@v0.0.9...v0.0.10) Updates `golang.org/x/term` from 0.33.0 to 0.38.0 - [Commits](golang/term@v0.33.0...v0.38.0) Updates `golang.org/x/text` from 0.27.0 to 0.33.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.27.0...v0.33.0) --- updated-dependencies: - dependency-name: github.com/99designs/gqlgen dependency-version: 0.17.86 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github.com/alitto/pond/v2 dependency-version: 2.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/avast/retry-go/v4 dependency-version: 4.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/aws/aws-sdk-go dependency-version: 1.55.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github.com/docker/go-connections dependency-version: 0.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/getsentry/sentry-go dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/go-playground/validator/v10 dependency-version: 10.30.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/golang-jwt/jwt/v5 dependency-version: 5.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/lib/pq dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/mattn/go-sqlite3 dependency-version: 1.14.33 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github.com/prometheus/client_golang dependency-version: 1.23.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/rubenv/sql-migrate dependency-version: 1.8.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github.com/sirupsen/logrus dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/spf13/viper dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/testcontainers/testcontainers-go dependency-version: 0.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/tetratelabs/wazero dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/vektah/gqlparser/v2 dependency-version: 2.5.31 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github.com/vikstrous/dataloadgen dependency-version: 0.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: golang.org/x/term dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: golang.org/x/text dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jan 28, 2026

Copilot AI review requested due to automatic review settings January 28, 2026 23:01

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jan 28, 2026

Copilot AI reviewed Jan 28, 2026

View reviewed changes

dependabot bot force-pushed the dependabot/go_modules/minor-and-patch-e6b9aceac9 branch 2 times, most recently from a1ea15f to c92300e Compare February 8, 2026 02:10

dependabot bot force-pushed the dependabot/go_modules/minor-and-patch-e6b9aceac9 branch from c92300e to 6d7d874 Compare February 15, 2026 02:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the minor-and-patch group across 1 directory with 22 updates#471

build(deps): bump the minor-and-patch group across 1 directory with 22 updates#471
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/minor-and-patch-e6b9aceac9

dependabot bot commented on behalf of github Jan 28, 2026 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

socket-security bot commented Jan 28, 2026 •

edited

Loading

Uh oh!

socket-security bot commented Jan 28, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Jan 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.17.86

What's Changed

New Contributors

v0.17.85

What's Changed

New Contributors

Release v2.6.0

What's Changed

Breaking Changes

v4.7.0

What's Changed

New Contributors

Release v1.55.8 (2025-07-31)

SDK Features

0.42.0

Breaking Changes 🛠

New Features ✨

Internal Changes 🔧

Release

Other

0.41.0

Features

0.40.0

0.42.0

Breaking Changes 🛠

New Features ✨

Internal Changes 🔧

Release

Other

0.41.0

Features

Release 10.30.1

What's Changed

New Contributors

Release 10.30.0

What's Changed

New Contributors

v10.29.0

What's Changed

New Contributors

v5.3.1

What's Changed

🔐 Features

👒 Dependencies

New Contributors

v5.3.0

What's Changed

5.8.0 (December 26, 2025)

v1.11.0

Features

Fixes

v1.11.0 (2025-01-28)

Features

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Uh oh!

socket-security bot commented Jan 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Jan 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Jan 28, 2026 •

edited

Loading

socket-security bot commented Jan 28, 2026 •

edited

Loading

socket-security bot commented Jan 28, 2026 •

edited

Loading