fix(deps): bump the external group across 1 directory with 18 updates

[dependabot]

Bumps the external group with 15 updates in the /service directory:

Package	From	To
buf.build/go/protovalidate	1.0.0	1.1.3
github.com/casbin/casbin/v2	2.108.0	2.135.0
github.com/eko/gocache/lib/v4	4.2.0	4.2.3
github.com/go-chi/cors	1.2.1	1.2.2
github.com/go-playground/validator/v10	10.26.0	10.30.2
github.com/go-viper/mapstructure/v2	2.4.0	2.5.0
github.com/jackc/pgx/v5	5.7.5	5.9.1
github.com/lib/pq	1.10.9	1.12.3
github.com/mattn/go-sqlite3	1.14.29	1.14.42
github.com/open-policy-agent/opa	1.5.1	1.15.2
github.com/pressly/goose/v3	3.24.3	3.27.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	1.42.0	1.43.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	1.42.0	1.43.0
golang.org/x/net	0.52.0	0.53.0
github.com/go-ldap/ldap/v3	3.4.12	3.4.13

Updates buf.build/go/protovalidate from 1.0.0 to 1.1.3

Release notes

Sourced from buf.build/go/protovalidate's releases.

v1.1.3

What's Changed

• Fix a few godoc comments and update golangci-lint by @​pkwarren in bufbuild/protovalidate-go#306
• Bump the go group across 1 directory with 2 updates by @​dependabot[bot] in bufbuild/protovalidate-go#308
• Fix registry chain for pb.Map in NativeToValue by @​rodaine in bufbuild/protovalidate-go#309

Full Changelog: bufbuild/protovalidate-go@v1.1.2...v1.1.3

v1.1.2

What's Changed

• Fix base type adapter missing builtin types by @​rodaine in bufbuild/protovalidate-go#305

Full Changelog: bufbuild/protovalidate-go@v1.1.1...v1.1.2

v1.1.1

This release is compatible with the v1.1.0 release of Protovalidate.

What's Changed

• Always provide all available variables by @​srikrsna-buf in bufbuild/protovalidate-go#297
• Wrap protoreflect.Map with type information so we don't need to cast to map[any]any by @​rodaine in bufbuild/protovalidate-go#300
• Avoid heap escape on kvPairs evaluation by @​rodaine in bufbuild/protovalidate-go#301
• Implement registry chaining for CEL type isolation by @​rodaine in bufbuild/protovalidate-go#302

Full Changelog: bufbuild/protovalidate-go@v1.1.0...v1.1.1

v1.1.0

This release is compatible with the v1.1.0 release of Protovalidate.

What's Changed

• Improve ValidationError strings by @​bufdev in bufbuild/protovalidate-go#291
• Make it so that you can define expression-only rules by @​bufdev in bufbuild/protovalidate-go#288
• Fix field paths for groups by @​timostamm in bufbuild/protovalidate-go#292
• Update protovalidate by @​srikrsna-buf in bufbuild/protovalidate-go#293

Full Changelog: bufbuild/protovalidate-go@v1.0.1...v1.1.0

v1.0.1

What's Changed

• Bump buf.build/go/hyperpb from 0.1.0 to 0.1.1 in the go group by @​dependabot[bot] in bufbuild/protovalidate-go#281
• Use opaque proto API by @​rodaine in bufbuild/protovalidate-go#283
• Bump buf.build/go/hyperpb from 0.1.1 to 0.1.3 in the go group by @​dependabot[bot] in bufbuild/protovalidate-go#284
• Bump the go group with 2 updates by @​dependabot[bot] in bufbuild/protovalidate-go#285
• Benchmark and performance improvements by @​rodaine in bufbuild/protovalidate-go#289

Full Changelog: bufbuild/protovalidate-go@v1.0.0...v1.0.1

Commits

• 61167be Fix registry chain for pb.Map in NativeToValue (#309)
• 58d9ffb Bump the go group across 1 directory with 2 updates (#308)
• 89a14f7 Fix a few godoc comments and update golangci-lint (#306)
• e666f1a Fix base type adapter missing builtin types (#305)
• 3707b74 Implement registry chaining for CEL type isolation (#302)
• a87f1c9 Avoid heap escape on kvPairs evaluation (#301)
• c2ae600 Wrap protoreflect.Map with type information so we don't need to cast to map[a...
• 5dd4789 Avoid copying types.Registry on env.Extend (#299)
• d9f7a10 Expand benchmark tests (#298)
• b90590a Always provide all available variables (#297)
• Additional commits viewable in compare view

Updates github.com/casbin/casbin/v2 from 2.108.0 to 2.135.0

Release notes

Sourced from github.com/casbin/casbin/v2's releases.

v2.135.0

2.135.0 (2025-12-09)

Features

• remove Travis script and issue templates (5fc9fd8)

v2.134.0

2.134.0 (2025-11-14)

Features

• fix inconsistent backslash handling between matcher literals and CSV-parsed values (#1577) (5d3134d)

v2.133.0

2.133.0 (2025-11-14)

Features

• fix stale g() function cache in BuildRoleLinks causing incorrect permissions (#1580) (0a13664)

v2.132.0

2.132.0 (2025-11-04)

Features

• improve README (4b6c4c8)

v2.131.0

2.131.0 (2025-11-02)

Features

• fix EscapeAssertion (matcher) incorrectly matching p./r. patterns inside quoted strings (#1572) (1eef59a)

v2.130.0

2.130.0 (2025-11-01)

Features

• fix duplicate CI workflow runs and optimize to test only Go 1.21 (#1571) (bb1e443)

v2.129.0

2.129.0 (2025-11-01)

... (truncated)

Commits

• 5fc9fd8 feat: remove Travis script and issue templates
• 5d3134d feat: fix inconsistent backslash handling between matcher literals and CSV-pa...
• 0a13664 feat: fix stale g() function cache in BuildRoleLinks causing incorrect permis...
• 4b6c4c8 feat: improve README
• 1eef59a feat: fix EscapeAssertion (matcher) incorrectly matching p./r. patterns insid...
• bb1e443 feat: fix duplicate CI workflow runs and optimize to test only Go 1.21 (#1571)
• 91b9cf2 feat: add OrBAC (Organisation-Based Access Control) model support (#1567)
• 87e9956 feat: add ContextEnforcer: add ctx to AddPolicy and other APIs (#1553)
• 1ef00ac feat: enable concurrent transactions using optimistic locking, versioning and...
• 0c5a574 feat: add PBAC model support and test (#1548)
• Additional commits viewable in compare view

Updates github.com/eko/gocache/lib/v4 from 4.2.0 to 4.2.3

Release notes

Sourced from github.com/eko/gocache/lib/v4's releases.

store/memcache/v4.2.3

What's Changed

• Store memcache: moved from golang/mock to mockery by @​eko in eko/gocache#295

Full Changelog: eko/gocache@lib/v4.2.1...store/memcache/v4.2.3

store/bigcache/v4.2.3

What's Changed

• Hide mock interfaces from users by @​Neo2308 in eko/gocache#296

New Contributors

• @​Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/bigcache/v4.2.3

store/freecache/v4.2.3

What's Changed

• Hide mock interfaces from users by @​Neo2308 in eko/gocache#296

New Contributors

• @​Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/freecache/v4.2.3

store/go_cache/v4.2.3

What's Changed

• Hide mock interfaces from users by @​Neo2308 in eko/gocache#296

New Contributors

• @​Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/go_cache/v4.2.3

lib/v4.2.3

What's Changed

• chore(go-mod): bump outdated dependencies by @​geigerj0 in eko/gocache#300

New Contributors

• @​geigerj0 made their first contribution in eko/gocache#300

Full Changelog: eko/gocache@lib/v4.2.2...lib/v4.2.3

What's Changed

• chore(go-mod): bump outdated dependencies by @​geigerj0 in eko/gocache#300

New Contributors

• @​geigerj0 made their first contribution in eko/gocache#300

Full Changelog: eko/gocache@lib/v4.2.2...lib/v4.2.3

... (truncated)

Commits

• 5654fdf Merge pull request #300 from geigerj0/bump-deps
• 3fabe46 bump all deps
• 7747003 bump deps
• b4334a5 bump deps
• f037427 bump deps
• 003ae39 Merge pull request #296 from Neo2308/feature/master/hide-mock-interfaces
• 42bb50e Rename import to resolve warnings
• 21cb8b5 Added mocks
• c0e14c1 Hide mock interfaces from users
• 277d34a Merge pull request #295 from eko/memcache-mocks
• Additional commits viewable in compare view

Updates github.com/go-chi/cors from 1.2.1 to 1.2.2

Release notes

Sourced from github.com/go-chi/cors's releases.

v1.2.2

What's Changed

• Update README with install by @​Uyutaka in go-chi/cors#22
• Fix broken credits link by @​lordidiot in go-chi/cors#25
• fix test_default error message #28 by @​ablankz in go-chi/cors#29
• Update Go version in CI by @​VojtechVitek in go-chi/cors#32
• Fix Origin header check by @​c2h5oh in go-chi/cors#38

New Contributors

• @​Uyutaka made their first contribution in go-chi/cors#22
• @​lordidiot made their first contribution in go-chi/cors#25
• @​ablankz made their first contribution in go-chi/cors#29
• @​VojtechVitek made their first contribution in go-chi/cors#32
• @​c2h5oh made their first contribution in go-chi/cors#38

Full Changelog: go-chi/cors@v1.2.1...v1.2.2

Commits

• 3a53812 Fix Origin header check (#38)
• f8fbaee Update Go version in CI (#32)
• b41f767 fix test_default error message #28 (#29)
• 76ca797 Fix broken link (#25)
• 9aca617 Update README with install (#22)
• See full diff in compare view

Updates github.com/go-playground/validator/v10 from 10.26.0 to 10.30.2

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

v10.30.2

What's Changed

• chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @​dependabot[bot] in go-playground/validator#1523
• feat: add translations for alphaspace and alphanumspace tags in indonesian by @​savioruz in go-playground/validator#1522
• chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @​dependabot[bot] in go-playground/validator#1526
• feat: add cmyk(color) to validator by @​thenicolau in go-playground/validator#1528
• chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 by @​dependabot[bot] in go-playground/validator#1534
• chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @​dependabot[bot] in go-playground/validator#1533
• Go 1.26 support by @​nodivbyzero in go-playground/validator#1535
• fix: prevent panic in unique validation with nil pointer elements by @​nodivbyzero in go-playground/validator#1532
• docs: fix typos by @​alexandear in go-playground/validator#1527
• feat: implement ValidatorValuer interface feature by @​thommeo in go-playground/validator#1416
• docs: add Valuer interface documentation and example by @​wofiporia in go-playground/validator#1540
• chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 by @​dependabot[bot] in go-playground/validator#1545
• chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 by @​dependabot[bot] in go-playground/validator#1546
• feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG) by @​j-ibarra in go-playground/validator#1547
• fix(fqdn): allow hyphens in last domain label by @​alihasan070707 in go-playground/validator#1548

New Contributors

• @​savioruz made their first contribution in go-playground/validator#1522
• @​thenicolau made their first contribution in go-playground/validator#1528
• @​thommeo made their first contribution in go-playground/validator#1416
• @​wofiporia made their first contribution in go-playground/validator#1540
• @​j-ibarra made their first contribution in go-playground/validator#1547
• @​alihasan070707 made their first contribution in go-playground/validator#1548

Full Changelog: go-playground/validator@v10.30.1...v10.30.2

Release 10.30.1

What's Changed

• Feat: uds_exists validator by @​barash-asenov in go-playground/validator#1482
• fix: Revert min limit of e164 regex by @​zemzale in go-playground/validator#1516
• Fix 1513 update ISO 3166-2 codes by @​xyz27900 in go-playground/validator#1514

New Contributors

• @​barash-asenov made their first contribution in go-playground/validator#1482
• @​xyz27900 made their first contribution in go-playground/validator#1514

Full Changelog: go-playground/validator@v10.30.0...v10.30.1

Release 10.30.0

What's Changed

• Bump golang.org/x/crypto from 0.45.0 to 0.46.0 by @​dependabot[bot] in go-playground/validator#1504
• Bump github.com/gabriel-vasile/mimetype from 1.4.11 to 1.4.12 by @​dependabot[bot] in go-playground/validator#1505
• docs: document omitzero by @​minoritea in go-playground/validator#1509
• fix: add missing translations for alpha validators by @​shindonghwi in go-playground/validator#1510
• fix: resolve panic when using aliases with OR operator by @​shindonghwi in go-playground/validator#1507
• fix: resolve panic when using cross-field validators with ValidateMap by @​shindonghwi in go-playground/validator#1508

New Contributors

... (truncated)

Commits

• b9258bd fix(fqdn): allow hyphens in last domain label (#1548)
• b9f1d79 feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG)...
• 7fa9599 chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 (#1546)
• 8ca29ec chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 (#1545)
• 5e1bedf docs: add Valuer interface documentation and example (#1540)
• 42927a0 feat: implement ValidatorValuer interface feature (#1416)
• c254ece docs: fix typos (#1527)
• 4325386 fix: prevent panic in unique validation with nil pointer elements (#1532)
• d3f35da Go 1.26 support (#1535)
• f5c74ce chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 (#1533)
• Additional commits viewable in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.4.0 to 2.5.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.5.0

What's Changed

• Print qualified type name when ErrorUnused=true causes errors for unused keys in embedded fields by @​jmacd in go-viper/mapstructure#113
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in go-viper/mapstructure#126
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 by @​dependabot[bot] in go-viper/mapstructure#131
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in go-viper/mapstructure#129
• feat: support for automatically initializing squashed pointer structs by @​tuunit in go-viper/mapstructure#71
• build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in go-viper/mapstructure#134
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in go-viper/mapstructure#142
• Fix slice deep map (owned) by @​jphastings in go-viper/mapstructure#144
• chore: fix lint violations by @​sagikazarmark in go-viper/mapstructure#157
• chore: switch to devenv by @​sagikazarmark in go-viper/mapstructure#158
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in go-viper/mapstructure#151
• build(deps): bump github/codeql-action from 3.29.10 to 4.31.2 by @​dependabot[bot] in go-viper/mapstructure#153
• build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 by @​dependabot[bot] in go-viper/mapstructure#154
• build(deps): bump actions/checkout from 5.0.0 to 6.0.1 by @​dependabot[bot] in go-viper/mapstructure#160
• build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in go-viper/mapstructure#159
• build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 by @​dependabot[bot] in go-viper/mapstructure#162
• build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in go-viper/mapstructure#161
• build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in go-viper/mapstructure#163
• feature: Add map field name to convert structs dynamically instead of individually with a tag. by @​thespags in go-viper/mapstructure#149
• feat(decoder): support multiple tag names in order by @​DarkiT in go-viper/mapstructure#59
• feat: optional root object name by @​andreev-fn in go-viper/mapstructure#137
• Add unmarshaler interface by @​sagikazarmark in go-viper/mapstructure#166

New Contributors

• @​jmacd made their first contribution in go-viper/mapstructure#113
• @​tuunit made their first contribution in go-viper/mapstructure#71
• @​jphastings made their first contribution in go-viper/mapstructure#144
• @​thespags made their first contribution in go-viper/mapstructure#149
• @​DarkiT made their first contribution in go-viper/mapstructure#59
• @​andreev-fn made their first contribution in go-viper/mapstructure#137

Full Changelog: go-viper/mapstructure@v2.4.0...v2.5.0

Commits

• 9aa3f77 Merge pull request #166 from go-viper/unmarshal2
• ae32a61 doc: add more documentation
• 320c8c9 test: cover unmarshaler to map
• 5b22829 feat: add unmarshaler interface
• fd74c75 Merge pull request #137 from andreev-fn/opt-root-name
• dee4661 Merge pull request #59 from DarkiT/main
• 5605df4 chore: cover more test cases, fix edge cases, add docs
• 6166631 fix(mapstructure): add multi-tag support and regression tests
• 6471aa6 Merge pull request #149 from thespags/main
• dbffaaa chore: add more tests and clarification to the documentation
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.7.5 to 5.9.1

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.1 (March 22, 2026)

• Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

• Require Go 1.25+
• Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
• Add OAuth authentication support for PostgreSQL 18 (David Schneider)
• Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
• Add tsvector type support (Adam Brightwell)
• Skip Describe Portal for cached prepared statements reducing network round trips
• Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
• Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
• Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
• Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
• Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
• Make RowsAffected faster (Abhishek Chanda)
• Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
• Fix: ContextWatcher goroutine leak (Hank Donnay)
• Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)
• Fix: pipelineBatchResults.Exec silently swallowing lastRows error
• Fix: ColumnTypeLength using BPCharArrayOID instead of BPCharOID
• Fix: TSVector text encoding returning nil for valid empty tsvector
• Fix: wrong error messages for Int2 and Int4 underflow
• Fix: Numeric nil Int pointer dereference with Valid: true
• Fix: reversed strings.ContainsAny arguments in Numeric.ScanScientific
• Fix: message length parsing on 32-bit platforms
• Fix: FunctionCallResponse.Decode mishandling of signed result size
• Fix: returning wrong error in configTLS when DecryptPEMBlock fails (Maxim Motyshen)
• Fix: misleading ParseConfig error when default_query_exec_mode is invalid (Skarm)
• Fix: missed Unwatch in Pipeline error paths
• Clarify too many failed acquire attempts error message
• Better error wrapping with context and SQL statement (Aneesh Makala)
• Enable govet and ineffassign linters (Federico Guerinoni)
• Guard against various malformed binary messages (arrays, hstore, multirange, protocol messages)
• Fix various godoc comments (ferhat elmas)
• Fix typos in comments (Oleksandr Redko)

5.8.0 (December 26, 2025)

... (truncated)

Commits

• 4e4eaed Release v5.9.1
• 6273188 Fix batch result format corruption when using cached prepared statements
• f7b90c2 Merge pull request #2524 from dbussink/pipeline-result-format-reuse
• 3ce6d75 Add failing test: batch scan corrupted in cache_statement mode
• b4d8e62 Release v5.9.0
• c227cd4 Bump minimum Go version from 1.24 to 1.25
• f492c14 Use reflect.TypeFor instead of reflect.TypeOf for static types
• ad8fb08 Use sync.WaitGroup.Go to simplify goroutine spawning
• 3033773 Remove go1.26 build tag from synctest test
• 83ffb3c Validate multirange element count against source length before allocating
• Additional commits viewable in compare view

Updates github.com/lib/pq from 1.10.9 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.3 (2026-04-03)

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2 (2026-04-02)

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1 (2026-03-30)

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0 (2026-03-18)

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

... (truncated)

Commits

• 1f3e3d9 Send datestyle as a startup parameter (#1312)
• 32ba56b Expand tests for multiple result sets
• c2cfac1 Release v1.12.2
• 859f104 Test CockroachDB
• 12e464c Allow multiple matches and regexps in pqtest.ErrorContains()
• 6d77ced Treat io.ErrUnexpectedEOF as driver.ErrBadConn in handleError
• 71daecb Ensure transactions are closed in pqtest
• 8f44823 Set PGAPPNAME for tests
• 4af2196 Fix healthcheck
• 38a54e4 Split out testdata/init a bit
• Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.29 to 1.14.42

Commits

• 5df13a0 Merge pull request #1387 from mattn/codex/stmt-cache
• e302e5c document that _stmt_cache_size is per connection
• 867dcbf move reset/clear into putCachedStmt and always finalize on failure
• 0e58fa4 simplify prepareWithCache to call prepare instead of duplicating logic
• e9f47da do not bail out on finalize error in closeCachedStmtsLocked
• 325cb8d remove redundant stmtCacheSize check in putCachedStmt
• 061c2a5 check stmtCacheSize before acquiring mutex in takeCachedStmt
• efa9b1c add opt-in statement cache
• 8d12439 Merge pull request #1386 from mattn/perf/reduce-cgo-overhead
• 89f4bbe fix build with SQLITE_ENABLE_UNLOCK_NOTIFY
• Additional commits viewable in compare view

Updates github.com/open-policy-agent/opa from 1.5.1 to 1.15.2

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v1.15.2

This release updates the version of Go used to build the OPA binaries and images to 1.26.2. This version of Go contains multiple security fixes.

v1.15.1

This patch release fixes a backwards-incompatible change in the v1/logging.Logger interface that inadvertently made it into Release v1.15.0. When using OPA as Go module, and when providing custom Logger implementations, this change would break your build.

[!TIP] Users of the binaries or Docker images can ignore this, the code is otherwise the same as v1.15.0.

Miscellaneous

• logging: make WithContext() optional (authored by @​srenatus)

v1.15.0

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

• Add logger plugin interface and file logger implementation with log rotation
• Custom HTTPAuthPlugin behavior change, all per-request authentication logic must be moved from NewClient() to Prepare()
• AWS signing supports for web identity for assume role credentials

Logger Plugin Support (#8434) (authored by @​srenatus)

OPA now supports pluggable logging implementations via the logger plugin interface, which is based on Go's standard log/slog.Handler interface. This allows any slog.Handler implementation to be used as a logger plugin. Loggers can be configured via the server.logger_plugin configuration option and used for both runtime logging and decision logs. OPA includes a built-in file logger plugin (file_logger) that writes structured JSON logs with rotation support using lumberjack. Users can also implement and register custom logger plugins when building OPA.

Example configuration for server logging:

server:
  logger_plugin: file_logger
plugins:
file_logger:
path: /var/log/opa/server.log
max_size_mb: 100
max_age_days: 28
max_backups: 3
compress: true
level: info

Example configuration for decision logs using the same plugin:

server:
  logger_plugin: file_logger
</tr></table> 

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa...

Description has been truncated

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• sdk
• service
• lib/fixtures
• tests-bdd

See the workflow run for details.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	197.089799ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	102.516641ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	369.782016ms
Throughput	270.43 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	41.21341966s
Average Latency	410.47239ms
Throughput	121.32 requests/second

[github-actions]

X-Test Results

✅ go-pull-3302
bats-test-results
✅ java-pull-3302
✅ go-v0.9.0
✅ js-pull-3302
✅ java-v0.9.0
✅ js-v0.9.0
cukes-report
opentdfplatformTTKD2K.dockerbuild
govulncheck-failure-7
govulncheck-failure-0
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-4