chore(deps): bump the backend group in /backend with 16 updates

[dependabot]

Bumps the backend group in /backend with 16 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2	1.41.1	1.41.7
github.com/aws/aws-sdk-go-v2/config	1.32.7	1.32.17
github.com/aws/aws-sdk-go-v2/credentials	1.19.7	1.19.16
github.com/aws/aws-sdk-go-v2/service/s3	1.96.0	1.100.1
github.com/go-playground/validator/v10	10.30.1	10.30.2
github.com/gofiber/fiber/v2	2.52.10	2.52.13
github.com/jackc/pgx/v5	5.8.0	5.9.2
github.com/lib/pq	1.11.1	1.12.3
github.com/nyaruka/phonenumbers	1.6.8	1.7.2
github.com/pressly/goose/v3	3.26.0	3.27.1
github.com/redis/go-redis/v9	9.17.3	9.19.0
github.com/slack-go/slack	0.14.0	0.23.0
github.com/uptrace/bun	1.2.16	1.2.18
github.com/uptrace/bun/dialect/pgdialect	1.2.16	1.2.18
go.temporal.io/sdk	1.39.0	1.43.0
golang.org/x/net	0.49.0	0.53.0

Updates github.com/aws/aws-sdk-go-v2 from 1.41.1 to 1.41.7

Commits

• 2223642 Release 2026-04-29
• 04c7e46 Regenerated Clients
• 5f56925 Update endpoints model
• aac6d2b Update API model
• bdaead7 upgrade to smithy-go v1.25.1 (#3399)
• 008e12c Release 2026-04-27
• ef109d9 Regenerated Clients
• 6411e63 Update API model
• e5bf970 Release 2026-04-24
• bdbb88c Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.7 to 1.32.17

Commits

• 2223642 Release 2026-04-29
• 04c7e46 Regenerated Clients
• 5f56925 Update endpoints model
• aac6d2b Update API model
• bdaead7 upgrade to smithy-go v1.25.1 (#3399)
• 008e12c Release 2026-04-27
• ef109d9 Regenerated Clients
• 6411e63 Update API model
• e5bf970 Release 2026-04-24
• bdbb88c Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.7 to 1.19.16

Commits

• 2223642 Release 2026-04-29
• 04c7e46 Regenerated Clients
• 5f56925 Update endpoints model
• aac6d2b Update API model
• bdaead7 upgrade to smithy-go v1.25.1 (#3399)
• 008e12c Release 2026-04-27
• ef109d9 Regenerated Clients
• 6411e63 Update API model
• e5bf970 Release 2026-04-24
• bdbb88c Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.96.0 to 1.100.1

Commits

• 2223642 Release 2026-04-29
• 04c7e46 Regenerated Clients
• 5f56925 Update endpoints model
• aac6d2b Update API model
• bdaead7 upgrade to smithy-go v1.25.1 (#3399)
• 008e12c Release 2026-04-27
• ef109d9 Regenerated Clients
• 6411e63 Update API model
• e5bf970 Release 2026-04-24
• bdbb88c Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/go-playground/validator/v10 from 10.30.1 to 10.30.2

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

v10.30.2

What's Changed

• chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @​dependabot[bot] in go-playground/validator#1523
• feat: add translations for alphaspace and alphanumspace tags in indonesian by @​savioruz in go-playground/validator#1522
• chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @​dependabot[bot] in go-playground/validator#1526
• feat: add cmyk(color) to validator by @​thenicolau in go-playground/validator#1528
• chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 by @​dependabot[bot] in go-playground/validator#1534
• chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @​dependabot[bot] in go-playground/validator#1533
• Go 1.26 support by @​nodivbyzero in go-playground/validator#1535
• fix: prevent panic in unique validation with nil pointer elements by @​nodivbyzero in go-playground/validator#1532
• docs: fix typos by @​alexandear in go-playground/validator#1527
• feat: implement ValidatorValuer interface feature by @​thommeo in go-playground/validator#1416
• docs: add Valuer interface documentation and example by @​wofiporia in go-playground/validator#1540
• chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 by @​dependabot[bot] in go-playground/validator#1545
• chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 by @​dependabot[bot] in go-playground/validator#1546
• feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG) by @​j-ibarra in go-playground/validator#1547
• fix(fqdn): allow hyphens in last domain label by @​alihasan070707 in go-playground/validator#1548

New Contributors

• @​savioruz made their first contribution in go-playground/validator#1522
• @​thenicolau made their first contribution in go-playground/validator#1528
• @​thommeo made their first contribution in go-playground/validator#1416
• @​wofiporia made their first contribution in go-playground/validator#1540
• @​j-ibarra made their first contribution in go-playground/validator#1547
• @​alihasan070707 made their first contribution in go-playground/validator#1548

Full Changelog: go-playground/validator@v10.30.1...v10.30.2

Commits

• b9258bd fix(fqdn): allow hyphens in last domain label (#1548)
• b9f1d79 feat: add postcode patterns for Colombia (CO) and British Virgin Islands (VG)...
• 7fa9599 chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 (#1546)
• 8ca29ec chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 (#1545)
• 5e1bedf docs: add Valuer interface documentation and example (#1540)
• 42927a0 feat: implement ValidatorValuer interface feature (#1416)
• c254ece docs: fix typos (#1527)
• 4325386 fix: prevent panic in unique validation with nil pointer elements (#1532)
• d3f35da Go 1.26 support (#1535)
• f5c74ce chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 (#1533)
• Additional commits viewable in compare view

Updates github.com/gofiber/fiber/v2 from 2.52.10 to 2.52.13

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.52.13

What's Changed

🐛 Bug Fixes

• Escape HTML output in Ctx.Format by @​gaby in gofiber/fiber#4232

Full Changelog: gofiber/fiber@v2.52.12...v2.52.13

v2.52.12

🐛 Fixes

• CVE fix GHSA-mrq8-rjmw-wpq3

Full Changelog: gofiber/fiber@v2.52.11...v2.52.12

v2.52.11

What's Changed

🧹 Updates

• Improve mount functionality by @​gaby in gofiber/fiber#3900

🐛 Bug Fixes

• Backport defensive copying fixes from #3828 and #3829 to v2 by @​sixcolors in gofiber/fiber#3888
• Fixes and improvements for limiter middleware by @​gaby in gofiber/fiber#3899

Full Changelog: gofiber/fiber@v2.52.10...v2.52.11

Commits

• 0c8cc20 Update fiber package version to 2.52.13
• 616de00 Merge pull request #4232 from gofiber/update-html-format-to-escape-content
• ba5a98e 🐛 bug: escape HTML output in Ctx.Format
• 6cba195 Bump fiber package version to 2.52.12
• 5ebbee7 docs: update image paths to v2 in README files
• 5028167 Merge commit from fork
• 42380aa fix: adapt tests for v2 - use defer/recover pattern and correct Handler signa...
• 7cffe29 refactor: use helper function for param route generation in tests
• 5494de8 🐛 bug: add panic for routes with >30 parameters (GHSA-mrq8-rjmw-wpq3)
• 65b0f3d Bump version to 2.52.11
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.8.0 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

1. The non-default simple protocol is used.
2. A dollar quoted string literal is used in the SQL query.
3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

5.9.1 (March 22, 2026)

• Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

• Require Go 1.25+
• Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
• Add OAuth authentication support for PostgreSQL 18 (David Schneider)
• Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
• Add tsvector type support (Adam Brightwell)
• Skip Describe Portal for cached prepared statements reducing network round trips
• Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
• Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
• Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
• Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
• Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
• Make RowsAffected faster (Abhishek Chanda)
• Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
• Fix: ContextWatcher goroutine leak (Hank Donnay)
• Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)

... (truncated)

Commits

• 0aeabbc Release v5.9.2
• 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
• a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
• e34e452 doc: Add godoc links
• 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
• 96b4dbd Remove unstable test
• acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
• 2f81f1f Update max_protocol_version and min_protocol_version defaults
• 4e4eaed Release v5.9.1
• 6273188 Fix batch result format corruption when using cached prepared statements
• Additional commits viewable in compare view

Updates github.com/lib/pq from 1.11.1 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.3 (2026-04-03)

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2 (2026-04-02)

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1 (2026-03-30)

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0 (2026-03-18)

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

... (truncated)

Commits

• 1f3e3d9 Send datestyle as a startup parameter (#1312)
• 32ba56b Expand tests for multiple result sets
• c2cfac1 Release v1.12.2
• 859f104 Test CockroachDB
• 12e464c Allow multiple matches and regexps in pqtest.ErrorContains()
• 6d77ced Treat io.ErrUnexpectedEOF as driver.ErrBadConn in handleError
• 71daecb Ensure transactions are closed in pqtest
• 8f44823 Set PGAPPNAME for tests
• 4af2196 Fix healthcheck
• 38a54e4 Split out testdata/init a bit
• Additional commits viewable in compare view

Updates github.com/nyaruka/phonenumbers from 1.6.8 to 1.7.2

Changelog

Sourced from github.com/nyaruka/phonenumbers's changelog.

v1.7.2 (2026-04-27)

• Update metadata

v1.7.1 (2026-04-01)

• Fix four logic differences with upstream libphonenumber

v1.7.0 (2026-03-31)

• Fix behavioral differences with upstream libphonenumber

v1.6.13 (2026-03-31)

• Update metadata
• Change to use slices instead of exp/slices

v1.6.12 (2026-03-17)

• Update metadata

v1.6.11 (2026-03-06)

• Update metadata

v1.6.10 (2026-02-18)

• Update metadata

v1.6.9 (2026-02-09)

• Update metadata

Commits

• 2943fb0 Update CHANGELOG.md for v1.7.2
• 09e5050 Updated metadata
• 29eedcc Merge pull request #225 from alexandear-org/fix/typos
• 20f8025 Fix typos in usage message and comments across multiple files
• 5a15ccb Update CHANGELOG.md for v1.7.1
• 9669473 Merge pull request #224 from nyaruka/fix/upstream-logic-diffs
• 8dd1d33 Fix carrier code guard to check group(1) indices instead of last group
• 96bbd6a Fix four logic differences with upstream libphonenumber
• 15253e5 Update CHANGELOG.md for v1.7.0
• b7788f8 Merge pull request #223 from nyaruka/fix/extension-patterns
• Additional commits viewable in compare view

Updates github.com/pressly/goose/v3 from 3.26.0 to 3.27.1

Release notes

Sourced from github.com/pressly/goose/v3's releases.

v3.27.1

What's Changed

• Dependency updates

Full Changelog: pressly/goose@v3.27.0...v3.27.1

v3.27.0

What's Changed

Added

• Preliminary Spanner dialect support (#966)

Changed

• Minimum Go version is now 1.25
• SQL migration templates no longer include StatementBegin and StatementEnd annotations. These are only needed for complex statements containing semicolons (e.g., stored procedures). See docs for details.
• Various dependency upgrades

Other

• Added formatting for YDB table names to include folder (#1007)
• Fix tests for StarRocks 3.5 (#1024)
• CI improvements (#1000, #1005, #1008)

Full Changelog: pressly/goose@v3.26.0...v3.27.0

Changelog

Sourced from github.com/pressly/goose/v3's changelog.

[v3.27.1] - 2026-04-24

Changed

• Bump minimum Go version to 1.25.7
• Various dependency upgrades

[v3.27.0] - 2026-02-22

Added

• Preliminary Spanner dialect support (#966)

Changed

• Minimum Go version is now 1.25
• SQL migration templates no longer include StatementBegin and StatementEnd annotations. These are only needed for complex statements containing semicolons (e.g., stored procedures). See docs for details.
• Various dependency upgrades

Commits

• e3235f7 release: v3.27.1
• 883e2f7 build(deps): bump Go and dependency versions (#1067)
• 2e2fe5c build(deps): bump the gomod group with 3 updates (#1048)
• 21176ca build(deps): bump modernc.org/sqlite from 1.46.1 to 1.47.0 in the gomod group...
• e7bd535 build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 (#1042)
• f9c7cb4 build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /internal/t...
• b6220db build(deps): bump the gomod group across 1 directory with 3 updates (#1041)
• 65e320f docs: fix README escaping marker in ENVSUB example (#1037)
• 18f6ef7 build(deps): bump goreleaser/goreleaser-action from 6 to 7 (#1036)
• de28e04 docs: update v3.27.0 release notes with Go 1.25 minimum and dep upgrades
• Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.17.3 to 9.19.0

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.19.0

🚀 Highlights

FIPS-Compatible Script Helper

Script now supports a FIPS-safe execution mode that avoids client-side SHA-1 computation, which is blocked in strict FIPS environments. A new NewScriptServerSHA constructor uses SCRIPT LOAD to obtain and cache the digest from the server, then runs commands via EVALSHA/EVALSHA_RO. Falls back to EVAL/EVALRO if loading fails, and transparently retries once on NOSCRIPT. The default behavior is unchanged for existing users.

(#3700) by @​chaitanyabodlapati

FT.AGGREGATE Step-Based Pipeline Builder

Added a new step-based FT.AGGREGATE pipeline API via FTAggregateOptions.Steps, allowing LOAD, APPLY, GROUPBY, and SORTBY (with per-step MAX) to be repeated and interleaved in arbitrary order — matching Redis's native multi-stage aggregation semantics. The legacy Load/Apply/GroupBy/SortBy/SortByMax fields are now deprecated.

(#3782) by @​ndyakov

Raw RESP Protocol Access

Added DoRaw and DoRawWriteTo methods for executing arbitrary commands and reading the raw RESP response. Useful for proxying, custom protocol inspection, and working with commands not yet wrapped by go-redis.

(#3713) by @​ofekshenawa

Configurable Dial Retry Backoff

Added DialerRetryBackoff option (plumbed through Options, ClusterOptions, RingOptions, FailoverOptions) to let callers customize the delay between failed dial attempts. Helpers DialRetryBackoffConstant and DialRetryBackoffExponential (with jitter and cap) are provided out of the box. Dial timeout is now also applied per attempt rather than across all retries.

(#3706, #3705) by @​mwhooker

✨ New Features

• FT.AGGREGATE Steps: Step-based pipeline builder for FT.AGGREGATE with support for repeated/interleaved LOAD, APPLY, GROUPBY, and SORTBY stages (#3782) by @​ndyakov
• VectorSet commands: Added VISMEMBER and WITHATTRIBS support (#3753) by @​romanpovol
• FIPS-safe Script: NewScriptServerSHA uses SCRIPT LOAD to obtain the digest from the server, avoiding client-side SHA-1 (#3700) by @​chaitanyabodlapati
• Raw RESP access: DoRaw and DoRawWriteTo for raw RESP protocol access (#3713) by @​ofekshenawa
• Dial retry backoff: DialerRetryBackoff function option with constant and exponential helpers (#3706) by @​mwhooker
• Typed NOSCRIPT error: Redis NOSCRIPT replies are now surfaced as a typed error for easier handling (#3738) by @​LINKIWI
• PubSub ClientSetName: Added ClientSetName method to PubSub (#3727) by @​Flack74
• ReplicaOf: New ReplicaOf method replaces the deprecated SlaveOf (#3720) by @​Copilot
• HSCAN BinaryUnmarshaler: HScan now supports types implementing encoding.BinaryUnmarshaler (#3768) by @​Aaditya-dubey1

🐛 Bug Fixes

• Auto hostname type detection: Improved endpoint type detection for maintenance notifications using DNS-based classification; handles empty hosts and expanded private-IP ranges (#3789) by @​ndyakov
• HELLO fallback: Don't send CLIENT MAINT_NOTIFICATIONS handshake when HELLO fails and connection falls back to RESP2; fail fast when explicitly enabled with RESP3 (#3788) by @​ndyakov
• Dial TCP retry: ShouldRetry now treats net.OpError with Op == "dial" timeout errors as safe to retry since no command was sent (#3787) by @​vladisa88
• wrappedOnClose leak: Fixed resource leak caused by repeatedly wrapping baseClient close logic; replaced with a bounded, concurrency-safe named-hook registry (#3785) by @​ndyakov
• Pool Close() on stale connections: Suppress close errors (e.g., TLS closeNotify timeouts) for connections already dropped by the server due to idle timeout (#3778) by @​ofekshenawa
• FIFO waiter ordering: Fixed race in ConnStateMachine.notifyWaiters that could wake multiple waiters under a single mutex hold and violate FIFO ordering (#3777) by @​0x48core
• Lua READONLY detection: Detect READONLY errors embedded in Lua script error messages on read-only replicas so commands are correctly retried (#3769) by @​zhengjilei
• VectorScoreSliceCmd RESP2: Fixed VSimWithScores, VSimWithArgsWithScores, and VLinksWithScores which were broken on RESP2 connections returning flat arrays instead of maps (#3767) by @​Copilot

... (truncated)

Changelog

Sourced from github.com/redis/go-redis/v9's changelog.

9.19.0 (2026-04-27)

🚀 Highlights

FIPS-Compatible Script Helper

Script now supports a FIPS-safe execution mode that avoids client-side SHA-1 computation, which is blocked in strict FIPS environments. A new NewScriptServerSHA constructor uses SCRIPT LOAD to obtain and cache the digest from the server, then runs commands via EVALSHA/EVALSHA_RO. Falls back to EVAL/EVALRO if loading fails, and transparently retries once on NOSCRIPT. The default behavior is unchanged for existing users.

(#3700) by @​chaitanyabodlapati

FT.AGGREGATE Step-Based Pipeline Builder

Added a new step-based FT.AGGREGATE pipeline API via FTAggregateOptions.Steps, allowing LOAD, APPLY, GROUPBY, and SORTBY (with per-step MAX) to be repeated and interleaved in arbitrary order — matching Redis's native multi-stage aggregation semantics. The legacy Load/Apply/GroupBy/SortBy/SortByMax fields are now deprecated.

(#3782) by @​ndyakov

Raw RESP Protocol Access

Added DoRaw and DoRawWriteTo methods for executing arbitrary commands and reading the raw RESP response. Useful for proxying, custom protocol inspection, and working with commands not yet wrapped by go-redis.

(#3713) by @​ofekshenawa

Configurable Dial Retry Backoff

Added DialerRetryBackoff option (plumbed through Options, ClusterOptions, RingOptions, FailoverOptions) to let callers customize the delay between failed dial attempts. Helpers DialRetryBackoffConstant and DialRetryBackoffExponential (with jitter and cap) are provided out of the box. Dial timeout is now also applied per attempt rather than across all retries.

(#3706, #3705) by @​mwhooker

✨ New Features

• FT.AGGREGATE Steps: Step-based pipeline builder for FT.AGGREGATE with support for repeated/interleaved LOAD, APPLY, GROUPBY, and SORTBY stages (#3782) by @​ndyakov
• VectorSet commands: Added VISMEMBER and WITHATTRIBS support (#3753) by @​romanpovol
• FIPS-safe Script: NewScriptServerSHA uses SCRIPT LOAD to obtain the digest from the server, avoiding client-side SHA-1 (#3700) by @​chaitanyabodlapati
• Raw RESP access: DoRaw and DoRawWriteTo for raw RESP protocol access (#3713) by @​ofekshenawa
• Dial retry backoff: DialerRetryBackoff function option with constant and exponential helpers (#3706) by @​mwhooker
• Typed NOSCRIPT error: Redis NOSCRIPT replies are now surfaced as a typed error for easier handling (#3738) by @​LINKIWI
• PubSub ClientSetName: Added ClientSetName method to PubSub (#3727) by @​Flack74
• ReplicaOf: New ReplicaOf method replaces the deprecated SlaveOf (#3720) by @​Copilot
• HSCAN BinaryUnmarshaler: HScan now supports types implementing encoding.BinaryUnmarshaler (#3768) by @​Aaditya-dubey1

🐛 Bug Fixes

• Auto hostname type detection: Improved endpoint type detection for maintenance notifications using DNS-based classification; handles empty hosts and expanded private-IP ranges (#3789) by @​ndyakov
• HELLO fallback: Don't send CLIENT MAINT_NOTIFICATIONS handshake when HELLO fails and connection falls back to RESP2; fail fast when explicitly enabled with RESP3 (#3788) by @​ndyakov
• Dial TCP retry: ShouldRetry now treats net.OpError with Op == "dial" timeout errors as safe to retry since no command was sent (#3787) by @​vladisa88
• wrappedOnClose leak: Fixed resource leak caused by repeatedly wrapping baseClient close logic; replaced with a bounded, concurrency-safe named-hook registry (#3785) by @​ndyakov
• Pool Close() on stale connections: Suppress close errors (e.g., TLS closeNotify timeouts) for connections already dropped by the server due to idle timeout (#3778) by @​ofekshenawa
• FIFO waiter ordering: Fixed race in ConnStateMachine.notifyWaiters that could wake multiple waiters under a single mutex hold and violate FIFO ordering (#3777) by @​0x48core
• Lua READONLY detection: Detect READONLY errors embedded in Lua script error messages on read-only replicas so commands are correctly retried (#3769) by @​zhengjilei
• VectorScoreSliceCmd RESP2: Fixed VSimWithScores, VSimWithArgsWithScores, and VLinksWithScores which were broken on RESP2 connections returning flat arrays instead of maps (#3767) by @​Copilot

... (truncated)

Commits

• e7e9866 chore(release): v9.19.0 (#3796)
• 22b26f4 feat(ft.aggregate): Add Steps for query building (#3782)
• d9d7694 fix(pool): two fixes for closed connection handling (#3764)
• 44e8b73 fix(sch): auto hostname type detection (#3789)
• ad21622 fix(hello): do not send maintnotifications handshake when hello fails (#3788)
• 1a7ac74 fix(pool): suppress pool Close() errors for stale connections (#3778)
• 903d6bd fix(retry): make dial tcp error redirectable (#3786) (#3787)
• 00a551b fix(credentials): leak in wrappedOnClose (#3785)
• b5a6f99 refactor(pool): remove redundant Conn.closed atomic field (#3783)
• 928f27a feat(hscan): add support for encoding.BinaryUnmarshaler (#3768)
• Additional commits viewable in compare view

Updates github.com/slack-go/slack from 0.14.0 to 0.23.0

Release notes

Sourced from github.com/slack-go/slack's releases.

v0.23.0

Added

• feat(socketmode): expose socketmode handler dispatcher method by @​nlopes in slack-go/slack#1550
• feat(block): add card and carousel blocks by @​nlopes in slack-go/slack#1551
• feat(assistant): add username and icon to status update by @​charleenwang in slack-go/slack#1553
• feat(block): add alert block by @​nlopes in slack-go/slack#1552

New Contributors

• @​charleenwang made their first contribution in slack-go/slack#1553

Full Changelog: slack-go/slack@v0.22.0...v0.23.0

v0.22.0

What's Changed

Added

• OAuth PKCE support - OAuthOptionCodeVerifier option for GetOAuthV2Response, plus GenerateCodeVerifier() and GenerateCodeChallenge() helpers (RFC 7636). client_secret is now condit...

  Description has been truncated