dev: bump the safe group across 1 directory with 20 updates

[dependabot]

Bumps the safe group with 11 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2/config	1.32.17	1.32.22
github.com/aws/aws-sdk-go-v2/service/s3	1.101.0	1.103.1
github.com/jackc/pgx/v5	5.9.2	5.10.0
github.com/nats-io/nats-server/v2	2.14.0	2.14.2
github.com/redis/go-redis/v9	9.18.0	9.20.0
github.com/uptrace/bun/dialect/pgdialect	1.2.15	1.2.18
github.com/uptrace/bun/driver/pgdriver	1.2.15	1.2.18
go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux	0.68.0	0.69.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	0.68.0	0.69.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	0.68.0	0.69.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	1.43.0	1.44.0

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.22

Commits

• fa369bd Release 2026-06-03
• 960ee4d Regenerated Clients
• 4b6df8b Update endpoints model
• 30b15dd Update API model
• e8c72af enable schema-serde (#3421)
• b4d02c5 Release 2026-06-02
• 48e375b Regenerated Clients
• b8a4fc1 Update API model
• e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
• 4e258a3 chore: update changelog description per review
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.101.0 to 1.103.1

Commits

• fa369bd Release 2026-06-03
• 960ee4d Regenerated Clients
• 4b6df8b Update endpoints model
• 30b15dd Update API model
• e8c72af enable schema-serde (#3421)
• b4d02c5 Release 2026-06-02
• 48e375b Regenerated Clients
• b8a4fc1 Update API model
• e8627b4 Merge pull request #3430 from aws/fix-remove-ioutil
• 4e258a3 chore: update changelog description per review
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

• Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)
• Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)
• Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)
• Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)
• pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

• Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)
• Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)
• Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)
• Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)
• Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
• Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
• Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)
• Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)
• Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

• Fix scanning "char" (OID 18) into *string in binary format (luongs3)
• Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)
• Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)
• Fix data race when context is cancelled during connect
• Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)
• pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)
• pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)
• pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check
• Add missing error check of rows.Err to load types (Jen Altavilla)

Commits

• 7293fb1 Update changelog for v5.10.0
• 1ade285 pgconn: document secure connection configuration
• b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
• 0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
• b28e65b pgtype: bound array element count against remaining message bytes
• cd1f389 pgtype: bound array binary decode element length against remaining bytes
• ff27b5b pgtype: bound hstore binary decode against malicious server input
• a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
• 44f6173 pgconn: cap server-supplied SCRAM iteration count
• 1a976f7 pgconn: add require_auth to restrict accepted server auth methods
• Additional commits viewable in compare view

Updates github.com/nats-io/nats-server/v2 from 2.14.0 to 2.14.2

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.14.2

Changelog

Refer to the 2.14 Upgrade Guide for backwards compatibility notes with 2.12.x. Please note that the 2.13.x version was skipped.

Go Version

• 1.26.3

Dependencies

• golang.org/x/crypto v0.52.0
• golang.org/x/sys v0.45.0
• github.com/nats-io/jwt/v2 v2.8.2
• github.com/nats-io/nkeys v0.4.16

Improved

General

• The client ID is now available through the embedded ClientAuthentication API (#8217)

Fixed

General

• A race condition when handling subscription interest over routes has been fixed (#8235)
• Potential protocol-level corruption from rewriting $JS.ACK subjects has been fixed (#8242)
• Potential protocol-level corruption from buffer misuse in compressed WebSocket clients has been fixed (#8244)
• The /accstatz monitoring endpoint no longer omits accounts with only leaf connections (#8252)

JetStream

• Fixed a case where Raft peers were not correctly tracked after an inactivity stall during catchup (#8226)
• Quorum needed is now calculated correctly when bootstrapping the metalayer when gateway URLs resolve to multiple IP addresses (#8238)
• The filestore no longer performs a block skip check on streams with extremely high subject counts, as it could result in runaway CPU usage (#8227)
• Fixed a case where the filestore would not release a lock after handling a write error (#8232)
• Purge operations on both file and memory stores are now more consistent with each other (#8241)
• Fixed a case where the consumer lock would not release a lock after handling a start sequence error (#8230)
• Counter streams and message schedules now have configuration constraints applied to prevent incorrect usage patterns (#8240)
• Improved stream and consumer scale down behaviour consistency (#8253)
• Fixed an issue where the per-subject state last block was not stored correctly with a max messages per subject limit of 1 (#8254)
• Fixed a drift that could occur in the peer sets after a peer remove of an online node (#8258)

Complete Changes

nats-io/nats-server@v2.14.1...v2.14.2

Release v2.14.2-RC.1

Changelog

... (truncated)

Commits

• 1d06592 Release v2.14.2
• 4e1aefa Cherry-picks for v2.14.2 (#8256)
• ac092ff Update dependencies
• 01e589d [FIXED] Peer set desync/re-add after stream peer-remove
• 3d122e8 De-flake TestJetStreamConsumerPrioritized
• 3836d96 [FIXED] Initial MaxMsgsPerSubject update not enforced
• 92cf2e3 [FIXED] Filestore only stores last block when MaxMsgsPerSubject 1
• 3288b4f (2.14) [IMPROVED] Remove redundant error check in filestore
• 6ea46d5 [FIXED] Stream and consumer scale down consistency
• 5edd91c [FIXED] AccountStatz omits accounts with only leaf connections
• Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.18.0 to 9.20.0

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.20.0

🚀 Highlights

Redis 8.8 Support

This release adds support for Redis 8.8. The README's supported-versions list now includes Redis 8.8 alongside 8.0/8.2/8.4, and CI exercises the 8.8 client-libs-test image across the full suite (Makefile, build workflow, doctests, run-tests action, and docker-compose).

Coverage for the new commands that ship in the 8.x line, rounded out in this release:

• AR* array data type (#3813) — new array data structure, exposed via the ArrayCmdable interface (see the experimental-features highlight below).
• INCREX (#3816) — atomic increment with expiration in a single round-trip.
• XNACK (#3790) — explicit negative-acknowledge of pending stream entries.
• XAUTOCLAIM PEL deletes (#3798) — XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the pending entries list.
• TS.RANGE multiple aggregators (#3791) — TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE accept multiple aggregators in a single call.
• Z(UNION|INTER|DIFF) COUNT aggregator (#3802) — COUNT reducer for sorted-set set operations.
• JSON.SET FPHA (#3797) — new FPHA argument that specifies the floating-point type for homogeneous FP arrays.

CI image bump (#3814) by @​ofekshenawa. Command coverage contributions by @​cxljs, @​elena-kolevska, @​Khukharr, @​ndyakov, and @​ofekshenawa.

Stable RESP3 for RediSearch (UnstableResp3 deprecated)

FT.SEARCH, FT.AGGREGATE, FT.INFO, FT.SPELLCHECK, and FT.SYNDUMP now parse RESP3 (map) responses into the same typed result objects as RESP2 — Val() and Result() work uniformly on both protocols, no flag required. Previously, RESP3 search responses required UnstableResp3: true and were returned as opaque maps accessible only via RawResult() / RawVal().

As a result, the UnstableResp3 option is now a no-op across every options struct (Options, ClusterOptions, UniversalOptions, FailoverOptions, RingOptions) and has been marked // Deprecated:. The field is retained for backwards compatibility — existing code that sets UnstableResp3: true will continue to compile and behave identically — but it will be removed in a future release and new code should not set it. RawResult() / RawVal() continue to work for callers that prefer the raw RESP payload.

(#3741) by @​ndyakov

Experimental Array Data Structure Commands

Adds an experimental ArrayCmdable interface with the AR* command family (ARSet, ARGet, ARGetRange, ARMSet, ARMGet, ARDel, ARDelRange, ARScan, ARSeek, ARNext, ARLastItems, ARGrep, ARGrepWithValues, ARInfo/ARInfoFull, and typed reducers AROpSum/AROpMin/AROpMax/AROpAnd/AROpOr/AROpXor/AROpMatch/AROpUsed) for working with Redis 8.8's new array data type. API is experimental and may change in a future release.

(#3813) by @​cxljs

✨ New Features

• RESP3 search parser: First-class RESP3 parsing for FT.SEARCH/FT.AGGREGATE/FT.INFO/FT.SPELLCHECK/FT.SYNDUMP responses with backwards compatibility for RESP2 (#3741) by @​ndyakov
• INCREX: New INCREX command support — atomic increment with expiration (#3816) by @​ndyakov
• XNACK: Client support for the XNACK stream command for explicitly negative-acknowledging pending entries (#3790) by @​elena-kolevska
• TS range multiple aggregators: TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE now accept multiple aggregators in a single call (#3791) by @​elena-kolevska
• XAutoClaim deleted IDs: XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the PEL (#3798) by @​Khukharr
• JSON.SET FPHA: JSON.SET accepts a new FPHA argument that specifies the floating-point type for homogeneous floating-point arrays (#3797) by @​ndyakov
• Sorted-set union/intersection COUNT: ZUNION/ZINTER/ZDIFF aggregator now supports COUNT (#3802) by @​ofekshenawa
• FT.HYBRID vector validation: Validates hybrid-search vector input types and adds proper typed vector parameters (#3756) by @​DengY11
• Cluster pool wait stats: ClusterClient.PoolStats() now accumulates WaitCount and WaitDurationNs across all node pools (previously always zero) (#3809) by @​LINKIWI

🐛 Bug Fixes

• TLS-only Cluster PubSub: CLUSTER SLOTS port-0 entries now fall back to the origin endpoint's port, fixing dial tcp <ip>:0: connection refused on TLS-only clusters started with --port 0 --tls-port <port> (fixes #3726) (#3828) by @​ndyakov
• Sharded PubSub reconnect routing: PubSub.conn() now passes both regular (c.channels) and sharded (c.schannels) channels into the per-PubSub newConn closure. Previously, ClusterClient.SSubscribe-only PubSubs reconnected to a random node (because the routing closure saw an empty channel list), the SSUBSCRIBE was sent to the wrong shard, and the resulting MOVED reply was silently dropped (#3829) by @​ndyakov
• ClusterClient Watch retry: User errors returned from a Watch callback are no longer subjected to cluster-retry classification; transient cluster errors still retry, but a callback returning e.g. net.ErrClosed short-circuits immediately (#3821) by @​obiyang

... (truncated)

Changelog

Sourced from github.com/redis/go-redis/v9's changelog.

9.20.0 (2026-05-28)

🚀 Highlights

Redis 8.8 Support

This release adds support for Redis 8.8. The README's supported-versions list now includes Redis 8.8 alongside 8.0/8.2/8.4, and CI exercises the 8.8-rc1 client-libs-test image across the full suite (Makefile, build workflow, doctests, run-tests action, and docker-compose).

Coverage for the new commands that ship in the 8.x line, rounded out in this release:

• AR* array data type (#3813) — new array data structure, exposed via the ArrayCmdable interface (see the experimental-features highlight below).
• INCREX (#3816) — atomic increment with expiration in a single round-trip.
• XNACK (#3790) — explicit negative-acknowledge of pending stream entries.
• XAUTOCLAIM PEL deletes (#3798) — XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the pending entries list.
• TS.RANGE multiple aggregators (#3791) — TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE accept multiple aggregators in a single call.
• Z(UNION|INTER|DIFF) COUNT aggregator (#3802) — COUNT reducer for sorted-set set operations.
• JSON.SET FPHA (#3797) — new FPHA argument that specifies the floating-point type for homogeneous FP arrays.

CI image bump (#3814) by @​ofekshenawa. Command coverage contributions by @​cxljs, @​elena-kolevska, @​Khukharr, @​ndyakov, and @​ofekshenawa.

Stable RESP3 for RediSearch (UnstableResp3 deprecated)

FT.SEARCH, FT.AGGREGATE, FT.INFO, FT.SPELLCHECK, and FT.SYNDUMP now parse RESP3 (map) responses into the same typed result objects as RESP2 — Val() and Result() work uniformly on both protocols, no flag required. Previously, RESP3 search responses required UnstableResp3: true and were returned as opaque maps accessible only via RawResult() / RawVal().

As a result, the UnstableResp3 option is now a no-op across every options struct (Options, ClusterOptions, UniversalOptions, FailoverOptions, RingOptions) and has been marked // Deprecated:. The field is retained for backwards compatibility — existing code that sets UnstableResp3: true will continue to compile and behave identically — but it will be removed in a future release and new code should not set it. RawResult() / RawVal() continue to work for callers that prefer the raw RESP payload.

(#3741) by @​ndyakov

Experimental Array Data Structure Commands

Adds an experimental ArrayCmdable interface with the AR* command family (ARSet, ARGet, ARGetRange, ARMSet, ARMGet, ARDel, ARDelRange, ARScan, ARSeek, ARNext, ARLastItems, ARGrep, ARGrepWithValues, ARInfo/ARInfoFull, and typed reducers AROpSum/AROpMin/AROpMax/AROpAnd/AROpOr/AROpXor/AROpMatch/AROpUsed) for working with Redis 8.8's new array data type. API is experimental and may change in a future release.

(#3813) by @​cxljs

✨ New Features

• RESP3 search parser: First-class RESP3 parsing for FT.SEARCH/FT.AGGREGATE/FT.INFO/FT.SPELLCHECK/FT.SYNDUMP responses with backwards compatibility for RESP2 (#3741) by @​ndyakov
• INCREX: New INCREX command support — atomic increment with expiration (#3816) by @​ndyakov
• XNACK: Client support for the XNACK stream command for explicitly negative-acknowledging pending entries (#3790) by @​elena-kolevska
• TS range multiple aggregators: TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE now accept multiple aggregators in a single call (#3791) by @​elena-kolevska
• XAutoClaim deleted IDs: XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the PEL (#3798) by @​Khukharr
• JSON.SET FPHA: JSON.SET accepts a new FPHA argument that specifies the floating-point type for homogeneous floating-point arrays (#3797) by @​ndyakov
• Sorted-set union/intersection COUNT: ZUNION/ZINTER/ZDIFF aggregator now supports COUNT (#3802) by @​ofekshenawa
• FT.HYBRID vector validation: Validates hybrid-search vector input types and adds proper typed vector parameters (#3756) by @​DengY11
• Cluster pool wait stats: ClusterClient.PoolStats() now accumulates WaitCount and WaitDurationNs across all node pools (previously always zero) (#3809) by @​LINKIWI

🐛 Bug Fixes

• TLS-only Cluster PubSub: CLUSTER SLOTS port-0 entries now fall back to the origin endpoint's port, fixing dial tcp <ip>:0: connection refused on TLS-only clusters started with --port 0 --tls-port <port> (fixes #3726) (#3828) by @​ndyakov
• Sharded PubSub reconnect routing: PubSub.conn() now passes both regular (c.channels) and sharded (c.schannels) channels into the per-PubSub newConn closure. Previously, ClusterClient.SSubscribe-only PubSubs reconnected to a random node (because the routing closure saw an empty channel list), the SSUBSCRIBE was sent to the wrong shard, and the resulting MOVED reply was silently dropped (#3829) by @​ndyakov

... (truncated)

Commits

• 7d05dd3 chore(release): v9.20.0 (#3832)
• 9756882 fix(test): make waitForSentinelClusterStable robust to disconnected r… (#3830)
• 875ce21 fix(sentinel): do not close sentinel when replica list is empty (#3795)
• 8a027f2 chore(ci): add govulncheck workflow (#3779)
• d8407df fix(pubsub): include shard channels in newConn routing list (#3829)
• 6af9bdc fix(cluster): fall back to origin port when CLUSTER SLOTS reports port 0 (#3828)
• fa5aa8c chore(doc): Update README and CI image. (#3822)
• fdcc6f9 refactor(keyPos): Enhance key position retrieval with CommandInfo caching (#3...
• 68a8bc1 fix(sentinel): close non-winning sentinel clients in MasterAddr concurrent pr...
• 00bf6d3 fix: avoid retrying ClusterClient Watch callback errors (#3821)
• Additional commits viewable in compare view

Updates github.com/uptrace/bun/dialect/pgdialect from 1.2.15 to 1.2.18

Release notes

Sourced from github.com/uptrace/bun/dialect/pgdialect's releases.

v1.2.18

Please refer to CHANGELOG.md for details

v1.2.17

Please refer to CHANGELOG.md for details

v1.2.16

Please refer to CHANGELOG.md for details

Changelog

Sourced from github.com/uptrace/bun/dialect/pgdialect's changelog.

1.2.18 (2026-02-28)

Bug Fixes

• handle []byte and [N]byte in Tuple, separate List from Tuple imp… (uptrace/bun#1340) (bec98b9)
• validate parenthesized content in ReadIdentifier to prevent ?(?, ?) misparse (#1338) (b8da15b), closes #1337

1.2.17 (2026-02-21)

Bug Fixes

• migrator exec error propagation (#1320) (b40f603)
• OrderAscNullsFirst mapping (fixes #1305) (43b6af2)
• panic in indirectAsKey when loading complex models. TypeOf(v) returns nil (2788c5b)
• RunMigration marks migration as applied after running (#1330) (990c2eb)

Features

• add Tuple and List (#1331) (5c2b3d1)
• create unique index on migration name column in Migrator.Init (#1332) (44ac056)
• update: use DEFAULT instead of NULL on databases that support it (#1315) (cabcffd)

1.2.16 (2025-11-20)

Bug Fixes

• data race in db clone stats (e92d910)
• db: data race in db clone stats (a78f382)
• db: move DBStats to noCopyState (c646241)
• return "custom" for unknown dialects instead of "invalid" (#1280) (106cc08), closes #1276
• revert CreateChannel rename (#1248) (a5b2ac6)
• sql injection #1228 (#1263) (c12edf0)
• update SelectQuery.Clone to properly handle non-nil empty arg slices (#1299) (b499cce), closes #1298

Features

• add Context to ConnResolver.ResolveConn (#1275) (d9f273f)
• add materialize cte support (#1260) (16ebb09)
• add SetValues (#1252) (9556d3c)
• add SortDir type to safely build order queries (#1284) (2ad0521)
• add WithQueryHook and deprecated AddQueryHook (#1272) (f662c1e)

... (truncated)

Commits

• 5de0fb9 chore: release v1.2.18 (release.sh) (#1341)
• bec98b9 fix: handle []byte and [N]byte in Tuple, separate List from Tuple imp… (#1340)
• b8da15b fix: validate parenthesized content in ReadIdentifier to prevent ?(?, ?) misp...
• 6b7a19b Add client cert support in postgres dsn (sslcert and sslkey) (#1336)
• 3c9f8fb chore: remove Go 1.24 from CI build matrix
• 43d07be chore: release v1.2.17 (release.sh) (#1333)
• a94579f chore: add doc comments for exported identifiers across sub-packages
• b19d8f7 chore: add doc comments for package, type, and exported functions
• 415f372 chore: re-order features by category and add missing documentation
• 44ac056 feat: create unique index on migration name column in Migrator.Init (#1332)
• Additional commits viewable in compare view

Updates github.com/uptrace/bun/driver/pgdriver from 1.2.15 to 1.2.18

Release notes

Sourced from github.com/uptrace/bun/driver/pgdriver's releases.

v1.2.18

Please refer to CHANGELOG.md for details

v1.2.17

Please refer to CHANGELOG.md for details

v1.2.16

Please refer to CHANGELOG.md for details

Changelog

Sourced from github.com/uptrace/bun/driver/pgdriver's changelog.

1.2.18 (2026-02-28)

Bug Fixes

• handle []byte and [N]byte in Tuple, separate List from Tuple imp… (uptrace/bun#1340) (bec98b9)
• validate parenthesized content in ReadIdentifier to prevent ?(?, ?) misparse (#1338) (b8da15b), closes #1337

1.2.17 (2026-02-21)

Bug Fixes

• migrator exec error propagation (#1320) (b40f603)
• OrderAscNullsFirst mapping (fixes #1305) (43b6af2)
• panic in indirectAsKey when loading complex models. TypeOf(v) returns nil (2788c5b)
• RunMigration marks migration as applied after running (#1330) (990c2eb)

Features

• add Tuple and List (#1331) (5c2b3d1)
• create unique index on migration name column in Migrator.Init (#1332) (44ac056)
• update: use DEFAULT instead of NULL on databases that support it (#1315) (cabcffd)

1.2.16 (2025-11-20)

Bug Fixes

• data race in db clone stats (e92d910)
• db: data race in db clone stats (a78f382)
• db: move DBStats to noCopyState (c646241)
• return "custom" for unknown dialects instead of "invalid" (#1280) (106cc08), closes #1276
• revert CreateChannel rename (#1248) (a5b2ac6)
• sql injection #1228 (#1263) (c12edf0)
• update SelectQuery.Clone to properly handle non-nil empty arg slices (#1299) (b499cce), closes #1298

Features

• add Context to ConnResolver.ResolveConn (#1275) (d9f273f)
• add materialize cte support (#1260) (16ebb09)
• add SetValues (#1252) (9556d3c)
• add SortDir type to safely build order queries (#1284) (2ad0521)
• add WithQueryHook and deprecated AddQueryHook (#1272) (f662c1e)

... (truncated)

Commits

• 5de0fb9 chore: release v1.2.18 (release.sh) (#1341)
• bec98b9 fix: handle []byte and [N]byte in Tuple, separate List from Tuple imp… (#1340)
• b8da15b fix: validate parenthesized content in ReadIdentifier to prevent ?(?, ?) misp...
• 6b7a19b Add client cert support in postgres dsn (sslcert and sslkey) (#1336)
• 3c9f8fb chore: remove Go 1.24 from CI build matrix
• 43d07be chore: release v1.2.17 (release.sh) (#1333)
• a94579f chore: add doc comments for exported identifiers across sub-packages
• b19d8f7 chore: add doc comments for package, type, and exported functions
• 415f372 chore: re-order features by category and add missing documentation
• 44ac056 feat: create unique index on migration name column in Migrator.Init (#1332)
• Additional commits viewable in compare view

Updates go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.68.0 to 0.69.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux's releases.

v1.44.0/v2.5.1/v0.69.0/v0.37.1/v0.24.0/v0.19.0/v0.16.1/v0.16.0

Added

• Add error.type attribute to http.client.request.duration for transport failures in otelhttp. (#8801)
• Add examples for prometheus compatibility document. (#8716)
• Add support for cardinality_limits in PeriodicMetricReader in otelconf. (#8885)
• Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/x to expose the resolved SDK resource from declarative configuration. (#8913)
• Add go.opentelemetry.io/contrib/detectors/hetzner, a new resource detector for Hetzner Cloud servers, ported from github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor/internal/hetzner. Detects cloud.provider, cloud.platform, cloud.region, cloud.availability_zone, host.id, and host.name. (#8979)

Changed

• Set error field as record.SetErr instead of a plain attribute in go.opentelemetry.io/contrib/bridges/otellogrus. (#8776)
• Set the "error" field (e.g. created via zap.Error) as record.SetErr instead of a plain attribute in go.opentelemetry.io/contrib/bridges/otelzap. (#8719)
• Set fields implementing error interface from slog records as record.SetErr instead of plain attributes in go.opentelemetry.io/contrib/bridges/otelslog. (#8774)
• Set emitted errors in go.opentelemetry.io/contrib/bridges/otellogr as record errors (Record.SetErr) instead of exception.message attributes. (#8775)

Fixed

• Fix header attributes lost when using sub-spans in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace. (#8797)
• Validate encoding configuration for OTLP HTTP exporters in go.opentelemetry.io/contrib/otelconf. (#8772)
• Remove the custom body wrapper from the request's body after the request is processed to allow body type comparisons with the original type in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp and go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux. (#6914)
• Unknown or empty HTTP methods now report "_OTHER" instead of "GET" across all HTTP instrumentations to align with OpenTelemetry semantic conventions. (#8868)
• The default span name formatter in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp now conforms to the OpenTelemetry HTTP semantic conventions for server span names. (#8871)
  • The default span name is now {method} {route} (e.g. GET /foo/{id}) when a route pattern is available, or {method} (e.g. GET) otherwise.

Removed

• Remove the deprecated WithSpanOptions option in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#8991)

What's Changed

• otelconf: validate encoding configuration for OTLP HTTP exporters by @​sonalgaud12 in open-telemetry/opentelemetry-go-contrib#8772
• fix(deps): update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.99.0 by @​renovate[bot] in

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.