fix(deps): bump the external group across 1 directory with 20 updates

[dependabot]

Bumps the external group with 17 updates in the /service directory:

Package	From	To
buf.build/go/protovalidate	1.0.0	1.1.3
connectrpc.com/connect	1.19.1	1.19.2
github.com/casbin/casbin/v2	2.108.0	2.135.0
github.com/eko/gocache/lib/v4	4.2.0	4.2.3
github.com/go-chi/cors	1.2.1	1.2.2
github.com/go-playground/validator/v10	10.26.0	10.30.2
github.com/go-viper/mapstructure/v2	2.4.0	2.5.0
github.com/grpc-ecosystem/grpc-gateway/v2	2.28.0	2.29.0
github.com/jackc/pgx/v5	5.9.0	5.9.2
github.com/lib/pq	1.10.9	1.12.3
github.com/mattn/go-sqlite3	1.14.29	1.14.42
github.com/open-policy-agent/opa	1.5.1	1.15.2
github.com/pressly/goose/v3	3.24.3	3.27.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	1.42.0	1.43.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	1.42.0	1.43.0
golang.org/x/net	0.52.0	0.53.0
github.com/go-ldap/ldap/v3	3.4.12	3.4.13

Updates buf.build/go/protovalidate from 1.0.0 to 1.1.3

Release notes

Sourced from buf.build/go/protovalidate's releases.

v1.1.3

What's Changed

• Fix a few godoc comments and update golangci-lint by @​pkwarren in bufbuild/protovalidate-go#306
• Bump the go group across 1 directory with 2 updates by @​dependabot[bot] in bufbuild/protovalidate-go#308
• Fix registry chain for pb.Map in NativeToValue by @​rodaine in bufbuild/protovalidate-go#309

Full Changelog: bufbuild/protovalidate-go@v1.1.2...v1.1.3

v1.1.2

What's Changed

• Fix base type adapter missing builtin types by @​rodaine in bufbuild/protovalidate-go#305

Full Changelog: bufbuild/protovalidate-go@v1.1.1...v1.1.2

v1.1.1

This release is compatible with the v1.1.0 release of Protovalidate.

What's Changed

• Always provide all available variables by @​srikrsna-buf in bufbuild/protovalidate-go#297
• Wrap protoreflect.Map with type information so we don't need to cast to map[any]any by @​rodaine in bufbuild/protovalidate-go#300
• Avoid heap escape on kvPairs evaluation by @​rodaine in bufbuild/protovalidate-go#301
• Implement registry chaining for CEL type isolation by @​rodaine in bufbuild/protovalidate-go#302

Full Changelog: bufbuild/protovalidate-go@v1.1.0...v1.1.1

v1.1.0

This release is compatible with the v1.1.0 release of Protovalidate.

What's Changed

• Improve ValidationError strings by @​bufdev in bufbuild/protovalidate-go#291
• Make it so that you can define expression-only rules by @​bufdev in bufbuild/protovalidate-go#288
• Fix field paths for groups by @​timostamm in bufbuild/protovalidate-go#292
• Update protovalidate by @​srikrsna-buf in bufbuild/protovalidate-go#293

Full Changelog: bufbuild/protovalidate-go@v1.0.1...v1.1.0

v1.0.1

What's Changed

• Bump buf.build/go/hyperpb from 0.1.0 to 0.1.1 in the go group by @​dependabot[bot] in bufbuild/protovalidate-go#281
• Use opaque proto API by @​rodaine in bufbuild/protovalidate-go#283
• Bump buf.build/go/hyperpb from 0.1.1 to 0.1.3 in the go group by @​dependabot[bot] in bufbuild/protovalidate-go#284
• Bump the go group with 2 updates by @​dependabot[bot] in bufbuild/protovalidate-go#285
• Benchmark and performance improvements by @​rodaine in bufbuild/protovalidate-go#289

Full Changelog: bufbuild/protovalidate-go@v1.0.0...v1.0.1

Commits

• 61167be Fix registry chain for pb.Map in NativeToValue (#309)
• 58d9ffb Bump the go group across 1 directory with 2 updates (#308)
• 89a14f7 Fix a few godoc comments and update golangci-lint (#306)
• e666f1a Fix base type adapter missing builtin types (#305)
• 3707b74 Implement registry chaining for CEL type isolation (#302)
• a87f1c9 Avoid heap escape on kvPairs evaluation (#301)
• c2ae600 Wrap protoreflect.Map with type information so we don't need to cast to map[a...
• 5dd4789 Avoid copying types.Registry on env.Extend (#299)
• d9f7a10 Expand benchmark tests (#298)
• b90590a Always provide all available variables (#297)
• Additional commits viewable in compare view

Updates connectrpc.com/connect from 1.19.1 to 1.19.2

Release notes

Sourced from connectrpc.com/connect's releases.

v1.19.2

What's Changed

Governance

• Add @​timostamm as a maintainer in connectrpc/connect-go#905 🎉

Bugfixes

• Use 'deadline_exceeded' instead of 'canceled' on HTTP/2 cancelation when appropriate by @​jhump in connectrpc/connect-go#904
• Fix nil pointer deref in duplexHTTPCall under concurrent Send + CloseAndReceive by @​simonferquel in connectrpc/connect-go#919

Other changes

• Refactor memhttptest to work with Go 1.25 synctest by @​codefromthecrypt in connectrpc/connect-go#881
• Doc clarifications by @​emcfarlane (#911, #912) and @​stefanvanburen (#906)

New Contributors

• @​codefromthecrypt made their first contribution in connectrpc/connect-go#881
• @​simonferquel made their first contribution in connectrpc/connect-go#919

Full Changelog: connectrpc/connect-go@v1.19.1...v1.19.2

Commits

• 1c195ae Prepare for v1.19.2 (#920)
• 96abc6b Upgrade golangci-lint to v2 (#917)
• be72fa5 Clarify concurrent use semantics for streaming types (#911)
• 299d2e7 Fix nil pointer deref in duplexHTTPCall under concurrent Send + CloseAndRecei...
• e299aa6 Bump google.golang.org/grpc from 1.76.0 to 1.79.3 in /internal/conformance (#...
• 7b531c0 Clarify UnaryFunc response type (#912)
• 02f23a3 Fix typo in RELEASE.md (#906)
• ec6f523 Add Timo Stamm to maintainers (#905)
• 59cc697 Use 'deadline_exceeded' instead of 'canceled' on HTTP/2 cancelation when appr...
• e9aff4a Bump connectrpc.com/conformance from 1.0.4 to 1.0.5 in /internal/conformance ...
• Additional commits viewable in compare view

Updates github.com/casbin/casbin/v2 from 2.108.0 to 2.135.0

Release notes

Sourced from github.com/casbin/casbin/v2's releases.

v2.135.0

2.135.0 (2025-12-09)

Features

• remove Travis script and issue templates (5fc9fd8)

v2.134.0

2.134.0 (2025-11-14)

Features

• fix inconsistent backslash handling between matcher literals and CSV-parsed values (#1577) (5d3134d)

v2.133.0

2.133.0 (2025-11-14)

Features

• fix stale g() function cache in BuildRoleLinks causing incorrect permissions (#1580) (0a13664)

v2.132.0

2.132.0 (2025-11-04)

Features

• improve README (4b6c4c8)

v2.131.0

2.131.0 (2025-11-02)

Features

• fix EscapeAssertion (matcher) incorrectly matching p./r. patterns inside quoted strings (#1572) (1eef59a)

v2.130.0

2.130.0 (2025-11-01)

Features

• fix duplicate CI workflow runs and optimize to test only Go 1.21 (#1571) (bb1e443)

v2.129.0

2.129.0 (2025-11-01)

... (truncated)

Commits

• 5fc9fd8 feat: remove Travis script and issue templates
• 5d3134d feat: fix inconsistent backslash handling between matcher literals and CSV-pa...
• 0a13664 feat: fix stale g() function cache in BuildRoleLinks causing incorrect permis...
• 4b6c4c8 feat: improve README
• 1eef59a feat: fix EscapeAssertion (matcher) incorrectly matching p./r. patterns insid...
• bb1e443 feat: fix duplicate CI workflow runs and optimize to test only Go 1.21 (#1571)
• 91b9cf2 feat: add OrBAC (Organisation-Based Access Control) model support (#1567)
• 87e9956 feat: add ContextEnforcer: add ctx to AddPolicy and other APIs (#1553)
• 1ef00ac feat: enable concurrent transactions using optimistic locking, versioning and...
• 0c5a574 feat: add PBAC model support and test (#1548)
• Additional commits viewable in compare view

Updates github.com/eko/gocache/lib/v4 from 4.2.0 to 4.2.3

Release notes

Sourced from github.com/eko/gocache/lib/v4's releases.

store/memcache/v4.2.3

What's Changed

• Store memcache: moved from golang/mock to mockery by @​eko in eko/gocache#295

Full Changelog: eko/gocache@lib/v4.2.1...store/memcache/v4.2.3

store/bigcache/v4.2.3

What's Changed

• Hide mock interfaces from users by @​Neo2308 in eko/gocache#296

New Contributors

• @​Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/bigcache/v4.2.3

store/freecache/v4.2.3

What's Changed

• Hide mock interfaces from users by @​Neo2308 in eko/gocache#296

New Contributors

• @​Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/freecache/v4.2.3

store/go_cache/v4.2.3

What's Changed

• Hide mock interfaces from users by @​Neo2308 in eko/gocache#296

New Contributors

• @​Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/go_cache/v4.2.3

lib/v4.2.3

What's Changed

• chore(go-mod): bump outdated dependencies by @​geigerj0 in eko/gocache#300

New Contributors

• @​geigerj0 made their first contribution in eko/gocache#300

Full Changelog: eko/gocache@lib/v4.2.2...lib/v4.2.3

What's Changed

• chore(go-mod): bump outdated dependencies by @​geigerj0 in eko/gocache#300

New Contributors

• @​geigerj0 made their first contribution in eko/gocache#300

Full Changelog: eko/gocache@lib/v4.2.2...lib/v4.2.3

... (truncated)

Commits

• 5654fdf Merge pull request #300 from geigerj0/bump-deps
• 3fabe46 bump all deps
• 7747003 bump deps
• b4334a5 bump deps
• f037427 bump deps
• 003ae39 Merge pull request #296 from Neo2308/feature/master/hide-mock-interfaces
• 42bb50e Rename import to resolve warnings
• 21cb8b5 Added mocks
• c0e14c1 Hide mock interfaces from users
• 277d34a Merge pull request #295 from eko/memcache-mocks
• Additional commits viewable in compare view

Updates github.com/go-chi/cors from 1.2.1 to 1.2.2

Release notes

Sourced from github.com/go-chi/cors's releases.

v1.2.2

What's Changed

• Update README with install by @​Uyutaka in go-chi/cors#22
• Fix broken credits link by @​lordidiot in go-chi/cors#25
• fix test_default error message #28 by @​ablankz in go-chi/cors#29
• Update Go version in CI by @​VojtechVitek in go-chi/cors#32
• Fix Origin header check by @​c2h5oh in go-chi/cors#38

New Contributors

• @​Uyutaka made their first contribution in go-chi/cors#22
• @​lordidiot made their first contribution in go-chi/cors#25
• @​ablankz made their first contribution in go-chi/cors#29
• @​VojtechVitek made their first contribution in go-chi/cors#32
• @​c2h5oh made their first contribution in go-chi/cors#38

Full Changelog: go-chi/cors@v1.2.1...v1.2.2

Commits

• 3a53812 Fix Origin header check (#38)
• f8fbaee Update Go version in CI (#32)
• b41f767 fix test_default error message #28 (#29)
• 76ca797 Fix broken link (#25)
• 9aca617 Update README with install (#22)
• See full diff in compare view

Updates github.com/go-playground/validator/v10 from 10.26.0 to 10.30.2

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

v10.30.2

What's Changed

• chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @​dependabot[bot] in go-playground/validator#1523
• feat: add translations for alphaspace and alphanumspace tags in indonesian by @​savioruz in go-playground/validator#1522
• chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @​dependabot[bot] in go-playground/validator#1526
• feat: add cmyk(color) to validator by @​thenicolau in go-playground/validator#1528
• chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 by @​dependabot[bot] in go-playground/validator#1534
• chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @​dependabot[bot] in go-playground/validator#1533
• Go 1.26 support by @​nodivbyzero in go-playground/validator#1535
• fix: prevent panic in unique validation with nil pointer elements by @​nodivbyzero in go-playground/validator#1532
• docs: fix typos by @​alexandear in go-playground/validator#1527
• feat: implement ValidatorValuer interface feature by @​thommeo in go-playground/validator#1416
• docs: add Valuer interface documentation and example by @​wofiporia in go-playground/validator#1540
• chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 by @​dependabot[bot] in go-playground/validator#1545
• chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 by @​dependabot[bot] in go-playground/validator#1546
• feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG) by @​j-ibarra in go-playground/validator#1547
• fix(fqdn): allow hyphens in last domain label by @​alihasan070707 in go-playground/validator#1548

New Contributors

• @​savioruz made their first contribution in go-playground/validator#1522
• @​thenicolau made their first contribution in go-playground/validator#1528
• @​thommeo made their first contribution in go-playground/validator#1416
• @​wofiporia made their first contribution in go-playground/validator#1540
• @​j-ibarra made their first contribution in go-playground/validator#1547
• @​alihasan070707 made their first contribution in go-playground/validator#1548

Full Changelog: go-playground/validator@v10.30.1...v10.30.2

Release 10.30.1

What's Changed

• Feat: uds_exists validator by @​barash-asenov in go-playground/validator#1482
• fix: Revert min limit of e164 regex by @​zemzale in go-playground/validator#1516
• Fix 1513 update ISO 3166-2 codes by @​xyz27900 in go-playground/validator#1514

New Contributors

• @​barash-asenov made their first contribution in go-playground/validator#1482
• @​xyz27900 made their first contribution in go-playground/validator#1514

Full Changelog: go-playground/validator@v10.30.0...v10.30.1

Release 10.30.0

What's Changed

• Bump golang.org/x/crypto from 0.45.0 to 0.46.0 by @​dependabot[bot] in go-playground/validator#1504
• Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 by @​dependabot[bot] in go-playground/validator#1505
• docs: document omitzero by @​minoritea in go-playground/validator#1509
• fix: add missing translations for alpha validators by @​shindonghwi in go-playground/validator#1510
• fix: resolve panic when using aliases with OR operator by @​shindonghwi in go-playground/validator#1507
• fix: resolve panic when using cross-field validators with ValidateMap by @​shindonghwi in go-playground/validator#1508

New Contributors

... (truncated)

Commits

• b9258bd fix(fqdn): allow hyphens in last domain label (#1548)
• b9f1d79 feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG)...
• 7fa9599 chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 (#1546)
• 8ca29ec chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 (#1545)
• 5e1bedf docs: add Valuer interface documentation and example (#1540)
• 42927a0 feat: implement ValidatorValuer interface feature (#1416)
• c254ece docs: fix typos (#1527)
• 4325386 fix: prevent panic in unique validation with nil pointer elements (#1532)
• d3f35da Go 1.26 support (#1535)
• f5c74ce chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 (#1533)
• Additional commits viewable in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.4.0 to 2.5.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.5.0

What's Changed

• Print qualified type name when ErrorUnused=true causes errors for unused keys in embedded fields by @​jmacd in go-viper/mapstructure#113
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in go-viper/mapstructure#126
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 by @​dependabot[bot] in go-viper/mapstructure#131
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in go-viper/mapstructure#129
• feat: support for automatically initializing squashed pointer structs by @​tuunit in go-viper/mapstructure#71
• build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in go-viper/mapstructure#134
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in go-viper/mapstructure#142
• Fix slice deep map (owned) by @​jphastings in go-viper/mapstructure#144
• chore: fix lint violations by @​sagikazarmark in go-viper/mapstructure#157
• chore: switch to devenv by @​sagikazarmark in go-viper/mapstructure#158
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in go-viper/mapstructure#151
• build(deps): bump github/codeql-action from 3.29.10 to 4.31.2 by @​dependabot[bot] in go-viper/mapstructure#153
• build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 by @​dependabot[bot] in go-viper/mapstructure#154
• build(deps): bump actions/checkout from 5.0.0 to 6.0.1 by @​dependabot[bot] in go-viper/mapstructure#160
• build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in go-viper/mapstructure#159
• build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 by @​dependabot[bot] in go-viper/mapstructure#162
• build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in go-viper/mapstructure#161
• build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in go-viper/mapstructure#163
• feature: Add map field name to convert structs dynamically instead of individually with a tag. by @​thespags in go-viper/mapstructure#149
• feat(decoder): support multiple tag names in order by @​DarkiT in go-viper/mapstructure#59
• feat: optional root object name by @​andreev-fn in go-viper/mapstructure#137
• Add unmarshaler interface by @​sagikazarmark in go-viper/mapstructure#166

New Contributors

• @​jmacd made their first contribution in go-viper/mapstructure#113
• @​tuunit made their first contribution in go-viper/mapstructure#71
• @​jphastings made their first contribution in go-viper/mapstructure#144
• @​thespags made their first contribution in go-viper/mapstructure#149
• @​DarkiT made their first contribution in go-viper/mapstructure#59
• @​andreev-fn made their first contribution in go-viper/mapstructure#137

Full Changelog: go-viper/mapstructure@v2.4.0...v2.5.0

Commits

• 9aa3f77 Merge pull request #166 from go-viper/unmarshal2
• ae32a61 doc: add more documentation
• 320c8c9 test: cover unmarshaler to map
• 5b22829 feat: add unmarshaler interface
• fd74c75 Merge pull request #137 from andreev-fn/opt-root-name
• dee4661 Merge pull request #59 from DarkiT/main
• 5605df4 chore: cover more test cases, fix edge cases, add docs
• 6166631 fix(mapstructure): add multi-tag support and regression tests
• 6471aa6 Merge pull request #149 from thespags/main
• dbffaaa chore: add more tests and clarification to the documentation
• Additional commits viewable in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.28.0 to 2.29.0

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.29.0

What's Changed

• fix: use proto.Merge to avoid copylocks with use_opaque_api=true by @​emahiro in grpc-ecosystem/grpc-gateway#6383
• fix: allow proto3 optional fields in path parameters by @​susanachl in grpc-ecosystem/grpc-gateway#6416
• Add option to disable HTTP method override by @​achew22 in grpc-ecosystem/grpc-gateway#6447
• Add Go documentation badge to README by @​achew22 in grpc-ecosystem/grpc-gateway#6448
• fix: add missing return statements in error handler paths by @​jet-go in grpc-ecosystem/grpc-gateway#6561
• Deprecate fields and methods if file is deprecated by @​aidandj in grpc-ecosystem/grpc-gateway#6613
• Add edition 2024 support by @​printfn in grpc-ecosystem/grpc-gateway#6622

New Contributors

• @​emahiro made their first contribution in grpc-ecosystem/grpc-gateway#6383
• @​susanachl made their first contribution in grpc-ecosystem/grpc-gateway#6416
• @​jet-go made their first contribution in grpc-ecosystem/grpc-gateway#6561
• @​aidandj made their first contribution in grpc-ecosystem/grpc-gateway#6613
• @​printfn made their first contribution in grpc-ecosystem/grpc-gateway#6622

Full Changelog: grpc-ecosystem/grpc-gateway@v2.28.0...v2.29.0

Commits

• ba9b55c chore(deps): update dependency rules_shell to v0.8.0 (#6626)
• 284a82e chore(deps): update googleapis digest to bcfcbda (#6625)
• f74bc7f chore(deps): update google/oss-fuzz digest to d58fd64 (#6624)
• efb665d Add edition 2024 support (#6622)
• c58da15 chore(deps): update google/oss-fuzz digest to 32b8df7 (#6621)
• 42997a1 Deprecate fields and methods if file is deprecated (#6613)
• 6f4af8b chore(deps): update googleapis digest to bf85cad (#6620)
• 68fde5f chore(deps): update google/oss-fuzz digest to 7b814a1 (#6619)
• 6da2a46 chore(deps): update googleapis digest to 898f25c (#6617)
• c9c7ad4 chore(deps): update googleapis digest to fc96870 (#6616)
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.0 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

1. The non-default simple protocol is used.
2. A dollar quoted string literal is used in the SQL query.
3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

5.9.1 (March 22, 2026)

• Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

Commits

• 0aeabbc Release v5.9.2
• 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
• a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
• e34e452 doc: Add godoc links
• 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
• 96b4dbd Remove unstable test
• acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
• 2f81f1f Update max_protocol_version and min_protocol_version defaults
• 4e4eaed Release v5.9.1
• 6273188 Fix batch result format corruption when using cached prepared statements
• Additional commits viewable in compare view

Updates github.com/lib/pq from 1.10.9 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.3 (2026-04-03)

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2 (2026-04-02)

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broke...

  Description has been truncated

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	148.070305ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	73.257625ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	329.511547ms
Throughput	303.48 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	34.016757957s
Average Latency	338.94106ms
Throughput	146.99 requests/second

[jakedoublev]

Looks like the protovalidate bump broke all our protovalidate unit test error assertions.

[github-actions]

X-Test Results

✅ go-pull-3334
✅ java-pull-3334
✅ go-v0.9.0
✅ js-pull-3334
✅ java-v0.9.0
✅ js-v0.9.0
bats-test-results
cukes-report
opentdfplatformOTLEUL.dockerbuild
govulncheck-failure-7
govulncheck-failure-2
govulncheck-failure-0
govulncheck-failure-4
govulncheck-failure-1

Invalidated by push of 402511e

[github-actions]

X-Test Failure Report

opentdfplatformC62BOB.dockerbuild
govulncheck-failure-8
govulncheck-failure-0
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	196.907981ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	101.486433ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	384.126187ms
Throughput	260.33 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.524562316s
Average Latency	433.836828ms
Throughput	114.88 requests/second

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	201.897956ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	100.464985ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	366.990444ms
Throughput	272.49 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	42.381007237s
Average Latency	421.606862ms
Throughput	117.98 requests/second

[github-actions]

X-Test Results

✅ go-pull-3334
✅ go-v0.9.0
✅ java-pull-3334
✅ js-pull-3334
✅ java-v0.9.0
✅ js-v0.9.0
bats-test-results
cukes-report
opentdfplatformU3GM0F.dockerbuild
govulncheck-failure-3
govulncheck-failure-8
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-0
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	194.547885ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	101.381122ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	367.759236ms
Throughput	271.92 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	44.238137519s
Average Latency	440.673014ms
Throughput	113.02 requests/second

[github-actions]

X-Test Results

✅ go-pull-3334
✅ java-pull-3334
bats-test-results
✅ go-v0.9.0
✅ js-pull-3334
✅ java-v0.9.0
✅ js-v0.9.0
cukes-report
govulncheck-failure-3
opentdfplatformZ8TJJ8.dockerbuild
govulncheck-failure-0
govulncheck-failure-8
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	197.027493ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	95.962652ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	360.972934ms
Throughput	277.03 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.734300945s
Average Latency	435.862ms
Throughput	114.33 requests/second

[github-actions]

X-Test Results

✅ go-pull-3334
✅ java-pull-3334
✅ go-v0.9.0
✅ js-pull-3334
✅ java-v0.9.0
bats-test-results
✅ js-v0.9.0
cukes-report
opentdfplatformMQ2YN0.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-0
govulncheck-failure-1
govulncheck-failure-5

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• otdfctl
• sdk
• service
• lib/fixtures
• tests-bdd

See the workflow run for details.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	192.968063ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	91.74658ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	360.854163ms
Throughput	277.12 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	41.734067257s
Average Latency	415.788027ms
Throughput	119.81 requests/second

[github-actions]

X-Test Results

✅ go-pull-3334
bats-test-results
✅ java-pull-3334
✅ js-pull-3334
✅ go-v0.9.0
✅ java-v0.9.0
✅ js-v0.9.0
cukes-report
opentdfplatform7B78WI.dockerbuild
govulncheck-failure-5
govulncheck-failure-8
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-3
govulncheck-failure-1

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.