Skip to content

chore(deps): bump the gomod-patch-and-minor group with 3 updates#89

Merged
ToeiRei merged 1 commit into
mainfrom
dependabot/go_modules/gomod-patch-and-minor-54ea89d934
Mar 23, 2026
Merged

chore(deps): bump the gomod-patch-and-minor group with 3 updates#89
ToeiRei merged 1 commit into
mainfrom
dependabot/go_modules/gomod-patch-and-minor-54ea89d934

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 23, 2026

Copy link
Copy Markdown
Contributor

Bumps the gomod-patch-and-minor group with 3 updates: github.com/jackc/pgx/v5, github.com/klauspost/compress and modernc.org/sqlite.

Updates github.com/jackc/pgx/v5 from 5.8.0 to 5.9.1

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.1 (March 22, 2026)

  • Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

  • Require Go 1.25+
  • Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
  • Add OAuth authentication support for PostgreSQL 18 (David Schneider)
  • Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
  • Add tsvector type support (Adam Brightwell)
  • Skip Describe Portal for cached prepared statements reducing network round trips
  • Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
  • Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
  • Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
  • Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
  • Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
  • Make RowsAffected faster (Abhishek Chanda)
  • Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
  • Fix: ContextWatcher goroutine leak (Hank Donnay)
  • Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)
  • Fix: pipelineBatchResults.Exec silently swallowing lastRows error
  • Fix: ColumnTypeLength using BPCharArrayOID instead of BPCharOID
  • Fix: TSVector text encoding returning nil for valid empty tsvector
  • Fix: wrong error messages for Int2 and Int4 underflow
  • Fix: Numeric nil Int pointer dereference with Valid: true
  • Fix: reversed strings.ContainsAny arguments in Numeric.ScanScientific
  • Fix: message length parsing on 32-bit platforms
  • Fix: FunctionCallResponse.Decode mishandling of signed result size
  • Fix: returning wrong error in configTLS when DecryptPEMBlock fails (Maxim Motyshen)
  • Fix: misleading ParseConfig error when default_query_exec_mode is invalid (Skarm)
  • Fix: missed Unwatch in Pipeline error paths
  • Clarify too many failed acquire attempts error message
  • Better error wrapping with context and SQL statement (Aneesh Makala)
  • Enable govet and ineffassign linters (Federico Guerinoni)
  • Guard against various malformed binary messages (arrays, hstore, multirange, protocol messages)
  • Fix various godoc comments (ferhat elmas)
  • Fix typos in comments (Oleksandr Redko)
Commits
  • 4e4eaed Release v5.9.1
  • 6273188 Fix batch result format corruption when using cached prepared statements
  • f7b90c2 Merge pull request #2524 from dbussink/pipeline-result-format-reuse
  • 3ce6d75 Add failing test: batch scan corrupted in cache_statement mode
  • b4d8e62 Release v5.9.0
  • c227cd4 Bump minimum Go version from 1.24 to 1.25
  • f492c14 Use reflect.TypeFor instead of reflect.TypeOf for static types
  • ad8fb08 Use sync.WaitGroup.Go to simplify goroutine spawning
  • 3033773 Remove go1.26 build tag from synctest test
  • 83ffb3c Validate multirange element count against source length before allocating
  • Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.18.4 to 1.18.5

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.18.5

What's Changed

Full Changelog: klauspost/compress@v1.18.4...v1.18.5

Commits

Updates modernc.org/sqlite from 1.46.1 to 1.47.0

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

  • 2026-03-17 v1.47.0: Add CGO-free version of the vector extensions from https://github.com/asg017/sqlite-vec. See vec_test.go for example usage. From the GitHub project page:

    • Important: sqlite-vec is a pre-v1, so expect breaking changes!
    • Store and query float, int8, and binary vectors in vec0 virtual tables
    • Written in pure C, no dependencies, runs anywhere SQLite runs (Linux/MacOS/Windows, in the browser with WASM, Raspberry Pis, etc.)
    • Store non-vector data in metadata, auxiliary, or partition key columns
    • Thanks Zhenghao Zhang!

  • 2026-03-16 v1.46.2: Upgrade to SQLite 3.51.3.

  • 2026-02-17 v1.46.1:

    • Ensure connection state is reset if Tx.Commit fails. Previously, errors like SQLITE_BUSY during COMMIT could leave the underlying connection inside a transaction, causing errors when the connection was reused by the database/sql pool. The driver now detects this state and forces a rollback internally.
    • Fixes [GitHub issue #2](modernc-org/sqlite#2), thanks Edoardo Spadolini!

  • 2026-02-17 v1.46.0:

    • Enable ColumnTypeScanType to report time.Time instead of string for TEXT columns declared as DATE, DATETIME, TIME, or TIMESTAMP via a new _texttotime URI parameter.
    • See [GitHub pull request #1](modernc-org/sqlite#1), thanks devhaozi!

  • 2026-02-09 v1.45.0:

    • Introduce vtab subpackage (modernc.org/sqlite/vtab) exposing Module, Table, Cursor, and IndexInfo API for Go virtual tables.
    • Wire vtab registration into the driver: vtab.RegisterModule installs modules globally and each new connection calls sqlite3_create_module_v2.
    • Implement vtab trampolines for xCreate/xConnect/xBestIndex/xDisconnect/xDestroy/xOpen/xClose/xFilter/xNext/xEof/xColumn/xRowid.
    • Map SQLite’s sqlite3_index_info into vtab.IndexInfo, including constraints, ORDER BY terms, and constraint usage (ArgIndex → xFilter argv[]).
    • Add an in‑repo dummy vtab module and test (module_test.go) that validates registration, basic scanning, and constraint visibility.
    • See [GitLab merge request #90](https://gitlab.com/cznic/sqlite/-/merge_requests/90), thanks Adrian Witas!

  • 2026-01-19 v1.44.3: Resolves [GitLab issue #243](https://gitlab.com/cznic/sqlite/-/issues/243).

  • 2026-01-18 v1.44.2: Upgrade to SQLite 3.51.2.

  • 2026-01-13 v1.44.0: Upgrade to SQLite 3.51.1.

  • 2025-10-10 v1.39.1: Upgrade to SQLite 3.50.4.

  • 2025-06-09 v1.38.0: Upgrade to SQLite 3.50.1.

  • 2025-02-26 v1.36.0: Upgrade to SQLite 3.49.0.

  • 2024-11-16 v1.34.0: Implement ResetSession and IsValid methods in connection

  • 2024-07-22 v1.31.0: Support windows/386.

  • 2024-06-04 v1.30.0: Upgrade to SQLite 3.46.0, release notes at https://sqlite.org/releaselog/3_46_0.html.

  • 2024-02-13 v1.29.0: Upgrade to SQLite 3.45.1, release notes at https://sqlite.org/releaselog/3_45_1.html.

  • 2023-12-14: v1.28.0: Add (*Driver).RegisterConnectionHook,

... (truncated)

Commits
  • b4deaee include Zhenghao Zhang in CHANGELOG, AUTHORS, CONTRIBUTORS, updates !93
  • ba4fc0b add sqlite_vec extension, updates !93
  • 8b9ffba Merge branch 'windows' into 'master'
  • 614a125 Add sqlite-vec support
  • d7c9932 vendor libsqlite3/SQLite 3.51.3, updates #247
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the gomod-patch-and-minor group with 3 updates
61aa991 
Bumps the gomod-patch-and-minor group with 3 updates: [github.com/jackc/pgx/v5](https://github.com/jackc/pgx), [github.com/klauspost/compress](https://github.com/klauspost/compress) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `github.com/jackc/pgx/v5` from 5.8.0 to 5.9.1
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.8.0...v5.9.1)

Updates `github.com/klauspost/compress` from 1.18.4 to 1.18.5
- [Release notes](https://github.com/klauspost/compress/releases)
- [Commits](klauspost/compress@v1.18.4...v1.18.5)

Updates `modernc.org/sqlite` from 1.46.1 to 1.47.0
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.46.1...v1.47.0)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-patch-and-minor
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.18.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-patch-and-minor
- dependency-name: modernc.org/sqlite
  dependency-version: 1.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-patch-and-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Welcome to hell. go Runtime issues labels Mar 23, 2026
@ToeiRei ToeiRei merged commit 4eeb767 into main Mar 23, 2026
3 of 4 checks passed
@ToeiRei ToeiRei deleted the dependabot/go_modules/gomod-patch-and-minor-54ea89d934 branch March 23, 2026 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Welcome to hell. go Runtime issues

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ToeiRei