fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
ariga.io/atlas	v1.0.0 → v1.1.0			require	minor
github.com/99designs/gqlgen	v0.17.86 → v0.17.87			require	patch
github.com/evanw/esbuild	v0.27.2 → v0.27.3			require	patch
github.com/uptrace/bun	v1.2.16 → v1.2.17			require	patch
github.com/uptrace/bun/dialect/pgdialect	v1.2.16 → v1.2.17			require	patch
github.com/uptrace/bun/dialect/sqlitedialect	v1.2.16 → v1.2.17			require	patch
github.com/uptrace/bun/driver/pgdriver	v1.2.16 → v1.2.17			require	patch
github.com/uptrace/bun/extra/bundebug	v1.2.16 → v1.2.17			require	patch
github.com/vektah/gqlparser/v2	v2.5.31 → v2.5.32			require	patch
go	1.25 → 1.26			uses-with	minor
golang	1.25-alpine → 1.26-alpine			stage	minor
golang.org/x/crypto	v0.47.0 → v0.48.0			require	minor
lucide-react (source)	^0.563.0 → ^0.575.0			dependencies	minor
modernc.org/sqlite	v1.44.3 → v1.46.1			require	minor
postgres	18.1-alpine → 18.2-alpine				minor
revotale/docker-multi-arch-release-action	v1.0.5 → v1.2.0			action	minor

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

ariga/atlas (ariga.io/atlas)

v1.1.0

Compare Source

We're excited to announce Atlas v1.1.

This release delivers on a promise we made in v1.0: Database Security as Code is now available for Atlas Pro users.

We're also shipping declarative data management for lookup tables and seed data, expanding database coverage with Aurora DSQL, Azure Fabric, and CockroachDB Cloud, and further improving our drivers and Atlas Cloud.

Here is what you can find in this release:

• Database Security as Code - Manage roles, users, and permissions declaratively across various popular Atlas-supported databases
• Declarative Data Management - Define lookup tables and seed data as code using various sync modes
• Aurora DSQL Support - Manage schemas on AWS's new serverless distributed SQL database
• Azure Fabric Support - Use Atlas to manage your Microsoft Azure Fabric databases
• Spanner Enhancements - Added support for Spanner's PostgreSQL dialect and vector indexes
• ClickHouse Improvements - Cluster mode and data retention on table recreation
• CockroachDB Support - Full Atlas support for CockroachDB Cloud and self-hosted deployments
• PostgreSQL Enhancements - CAST definitions and replica identity support
• Slack Integration - Connect to our native Slack app for real-time notifications
• Schema Exporters - Declarative export for schema inspection, drift and diff reporting, and more

Read the full announcement in our blogpost.

role "app_readonly" {
  comment = "Read-only access for application"
}

permission {
  for_each   = [table.users, table.orders, table.products]
  for        = each.value
  to         = role.app_readonly
  privileges = [SELECT]
}

role "app_admin" {
  superuser   = false
  create_db   = false
  create_role = false
  login       = true
  member_of   = [role.app_readonly]
}

permission {
  for        = schema.public
  to         = role.app_admin
  privileges = [ALL]
  grantable  = true
}

Quick installation

macOS + Linux:

curl -sSf https://atlasgo.sh | sh

Homebrew:

brew install ariga/tap/atlas

Docker:

docker pull arigaio/atlas

Windows

Download

Legal

The default binaries in this release are distributed released under Atlas EULA, and the community binaries are released under the Apache 2.0 license.

99designs/gqlgen (github.com/99designs/gqlgen)

v0.17.87

Compare Source

What's Changed

• refactor: fix modernize.slicescontains lint issues by @​alexandear in #​4004
• refactor(codegen): use graphql.Config type by @​tomoikey in #​4017
• feat(forceGenerate): forceGenerate argument added for @​goField directive by @​atzedus in #​4012
• feat(config): add batch flag to TypeMapField by @​tomoikey in #​4005
• feat(codegen): add Batch flag to Field struct (blocked by #​4005) by @​tomoikey in #​4006
• feat(resolvergen): add batch resolver stub generation (blocked by #​4006) by @​tomoikey in #​4007
• feat(exec): batch-only resolver generation (blocked by #​4007) by @​tomoikey in #​4008
• refactor(codegen): add graphql.ExecutableSchemaState as shared schema dependency holder by @​tomoikey in #​4023
• federation: apply OBJECT-level directives to entity resolvers by @​ravisastryk in #​4021
• Refactor slice marshaling to use MarshalSliceConcurrently helper. fixes #​4018 by @​advoretsky in #​4019
• refactor(codegen) move executionContext into static go file by @​tomoikey in #​4024
• fix: run go generate ./... & golangci-lint run --fix by @​tomoikey in #​4026
• test(graphql): implement test codes for execution_context struct by @​tomoikey in #​4028
• Update to Go 1.25 Minimum now that Go 1.26 is out by @​StevenACoffman in #​4027
• Bugfix/2281 directive hook fix by @​parkerroan in #​4029
• Update gqlparser to v2.5.32 by @​StevenACoffman in #​4030
• chore(deps-dev): bump @​graphql-codegen/cli from 6.1.0 to 6.1.1 in /integration by @​dependabot[bot] in #​3991
• chore(deps-dev): bump @​apollo/client from 4.0.11 to 4.0.12 in /integration by @​dependabot[bot] in #​3992
• chore(deps-dev): bump @​apollo/client from 4.0.12 to 4.1.0 in /integration by @​dependabot[bot] in #​3993
• chore(deps-dev): bump vitest from 4.0.16 to 4.0.17 in /integration by @​dependabot[bot] in #​3995
• chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.4.0 to 2.5.0 in /_examples by @​dependabot[bot] in #​3996
• chore(deps): bump github.com/urfave/cli/v3 from 3.6.1 to 3.6.2 by @​dependabot[bot] in #​3997
• chore(deps): bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in #​3999
• chore(deps): bump actions/setup-node from 6.1.0 to 6.2.0 by @​dependabot[bot] in #​4000
• chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.4.0 to 2.5.0 by @​dependabot[bot] in #​3994
• chore(deps): bump lodash from 4.17.21 to 4.17.23 in /integration in the npm_and_yarn group across 1 directory by @​dependabot[bot] in #​4002
• chore(deps-dev): bump @​apollo/client from 4.1.0 to 4.1.2 in /integration by @​dependabot[bot] in #​4009
• chore(deps-dev): bump vitest from 4.0.17 to 4.0.18 in /integration by @​dependabot[bot] in #​4010
• chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in #​4011
• chore(deps-dev): bump @​apollo/client from 4.1.2 to 4.1.3 in /integration by @​dependabot[bot] in #​4013
• chore(deps): bump dawidd6/action-download-artifact from 12 to 14 by @​dependabot[bot] in #​4016
• chore(deps-dev): bump graphql-ws from 6.0.6 to 6.0.7 in /integration by @​dependabot[bot] in #​4014
• chore(deps): bump mikepenz/action-junit-report from 6.1.0 to 6.2.0 by @​dependabot[bot] in #​4015
• chore(deps-dev): bump @​apollo/client from 4.1.3 to 4.1.4 in /integration by @​dependabot[bot] in #​4020
• chore(deps): bump golang.org/x/tools from 0.40.0 to 0.41.0 by @​dependabot[bot] in #​3998

New Contributors

• @​advoretsky made their first contribution in #​4019

Full Changelog: 99designs/gqlgen@v0.17.86...v0.17.87

evanw/esbuild (github.com/evanw/esbuild)

v0.27.3

Compare Source

• Preserve URL fragments in data URLs (#​4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

• Parse and print CSS @scope rules (#​4322)

  This release includes dedicated support for parsing @scope rules in CSS. These rules include optional "start" and "end" selector lists. One important consequence of this is that the local/global status of names in selector lists is now respected, which improves the correctness of esbuild's support for CSS modules. Minification of selectors inside @scope rules has also improved slightly.

  Here's an example:

  /* Original code */
  @​scope (:global(.foo)) to (:local(.bar)) {
    .bar {
      color: red;
    }
  }
  
  /* Old output (with --loader=local-css --minify) */
  @​scope (:global(.foo)) to (:local(.bar)){.o{color:red}}
  
  /* New output (with --loader=local-css --minify) */
  @​scope(.foo)to (.o){.o{color:red}}

• Fix a minification bug with lowering of for await (#​4378, #​4385)

  This release fixes a bug where the minifier would incorrectly strip the variable in the automatically-generated catch clause of lowered for await loops. The code that generated the loop previously failed to mark the internal variable references as used.

• Update the Go compiler from v1.25.5 to v1.25.7 (#​4383, #​4388)

  This PR was contributed by @​MikeWillCook.

uptrace/bun (github.com/uptrace/bun)

v1.2.17

Compare Source

Bug Fixes

• migrator exec error propagation (#​1320) (b40f603)
• OrderAscNullsFirst mapping (fixes #​1305) (43b6af2)
• panic in indirectAsKey when loading complex models. TypeOf(v) returns nil (2788c5b)
• RunMigration marks migration as applied after running (#​1330) (990c2eb)

Features

• add Tuple and List (#​1331) (5c2b3d1)
• create unique index on migration name column in Migrator.Init (#​1332) (44ac056)
• update: use DEFAULT instead of NULL on databases that support it (#​1315) (cabcffd)

vektah/gqlparser (github.com/vektah/gqlparser/v2)

v2.5.32

Compare Source

What's Changed

• lint and format by @​StevenACoffman in #​414
• Add formatter.WithNonIntrospectionBuiltin by @​fredzqm in #​415
• [Refactor] Fix linter error in dumper.go & path.go by @​fredzqm in #​416
• Bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 in the actions-deps group by @​dependabot[bot] in #​398
• Bump js-yaml from 4.1.0 to 4.1.1 in /validator/imported by @​dependabot[bot] in #​399
• Bump chai from 6.2.0 to 6.2.1 in /validator/imported in the actions-deps group by @​dependabot[bot] in #​400
• Bump the actions-deps group with 2 updates by @​dependabot[bot] in #​402
• Bump prettier from 3.6.2 to 3.7.3 in /validator/imported in the actions-deps group by @​dependabot[bot] in #​403
• Bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 in the actions-deps group by @​dependabot[bot] in #​405
• Bump prettier from 3.7.3 to 3.7.4 in /validator/imported in the actions-deps group by @​dependabot[bot] in #​404
• Bump chai from 6.2.1 to 6.2.2 in /validator/imported in the actions-deps group by @​dependabot[bot] in #​406
• Bump the actions-deps group across 1 directory with 6 updates by @​dependabot[bot] in #​410
• Bump the actions-deps group across 1 directory with 4 updates by @​dependabot[bot] in #​412

Full Changelog: vektah/gqlparser@v2.5.31...v2.5.32

actions/go-versions (go)

v1.26.0: 1.26.0

Compare Source

Go 1.26.0

lucide-icons/lucide (lucide-react)

v0.575.0: Version 0.575.0

Compare Source

What's Changed

• feat(icons): added message-square-check icon by @​karsa-mistmere in #​4076
• fix(lucide): Fix ESM Module output path in build by @​ericfennis in #​4084
• feat(icons): added metronome icon by @​edwloef in #​4063
• fix(icons): remove execution permission of SVG files by @​duckafire in #​4053
• fix(icons): changed file-pen-line icon by @​jguddas in #​3970
• feat(icons): added square-arrow-right-exit and square-arrow-right-enter icons by @​EthanHazel in #​3958
• fix(icons): renamed flip-* to square-centerline-dashed-* by @​jguddas in #​3945

New Contributors

• @​edwloef made their first contribution in #​4063
• @​duckafire made their first contribution in #​4053

Full Changelog: lucide-icons/lucide@0.573.0...0.575.0

v0.574.0: Version 0.574.0

Compare Source

What's Changed

• fix(icons): changed rocking-chair icon by @​jamiemlaw in #​3445
• fix(icons): flipped coins icon by @​jguddas in #​3158
• feat(icons): added x-line-top icon by @​jguddas in #​2838
• feat(icons): added mouse-left icon by @​marvfash in #​2788
• feat(icons): added mouse-right icon by @​marvfash in #​2787

New Contributors

• @​marvfash made their first contribution in #​2788

Full Changelog: lucide-icons/lucide@0.572.0...0.574.0

v0.573.0: Version 0.573.0

Compare Source

What's Changed

• fix(icons): changed rocking-chair icon by @​jamiemlaw in #​3445
• fix(icons): flipped coins icon by @​jguddas in #​3158
• feat(icons): added x-line-top icon by @​jguddas in #​2838
• feat(icons): added mouse-left icon by @​marvfash in #​2788
• feat(icons): added mouse-right icon by @​marvfash in #​2787

New Contributors

• @​marvfash made their first contribution in #​2788

Full Changelog: lucide-icons/lucide@0.572.0...0.573.0

v0.572.0: Version 0.572.0

Compare Source

What's Changed

• feat(icons): added message-circle-check icon by @​Shrinks99 in #​3770

New Contributors

• @​Shrinks99 made their first contribution in #​3770

Full Changelog: lucide-icons/lucide@0.571.0...0.572.0

v0.571.0: Version 0.571.0

Compare Source

What's Changed

• fix(icons): rearange circle-icons path and circle order by @​adamlindqvist in #​3746
• feat(icons): added shelving-unit icon by @​karsa-mistmere in #​3041

New Contributors

• @​adamlindqvist made their first contribution in #​3746

Full Changelog: lucide-icons/lucide@0.570.0...0.571.0

v0.570.0: Version 0.570.0

Compare Source

What's Changed

• feat(icons): added towel-rack icon by @​jguddas in #​3350

Full Changelog: lucide-icons/lucide@0.569.0...0.570.0

v0.569.0: Version 0.569.0

Compare Source

What's Changed

• fix(icons): changed clipboard-pen icon by @​Spleefies in #​4006
• feat(icons): add mirror-round and mirror-rectangular by @​Muhammad-Aqib-Bashir in #​3832

Full Changelog: lucide-icons/lucide@0.568.0...0.569.0

v0.568.0: Version 0.568.0

Compare Source

What's Changed

• fix(icons): adjusted clapperboard so slash is no longer protruding by @​torfmuer in #​3764
• feat(icons): Add git-merge-conflict icon by @​timmy471 in #​3008

New Contributors

• @​torfmuer made their first contribution in #​3764
• @​timmy471 made their first contribution in #​3008

Full Changelog: lucide-icons/lucide@0.567.0...0.568.0

v0.567.0: Version 0.567.0

Compare Source

What's Changed

• chore(tags): added tags to info by @​jamiemlaw in #​4047
• fix(icons): changed gift icon by @​jguddas in #​3977
• feat(icons): added line-dot-right-horizontal icon by @​nathan-de-pachtere in #​3742

Full Changelog: lucide-icons/lucide@0.566.0...0.567.0

v0.566.0: Version 0.566.0

Compare Source

What's Changed

• fix(icons): changed forklift icon by @​jguddas in #​4069
• fix(icons): changed rocket icon by @​jguddas in #​4067
• feat(icons): added globe-off icon by @​TimNekk in #​4051

New Contributors

• @​TimNekk made their first contribution in #​4051

Full Changelog: lucide-icons/lucide@0.565.0...0.566.0

v0.565.0: Version 0.565.0

Compare Source

What's Changed

• feat(icons): add lens-concave and lens-convex by @​Muhammad-Aqib-Bashir in #​3831

Full Changelog: lucide-icons/lucide@0.564.0...0.565.0

v0.564.0: Version 0.564.0

Compare Source

What's Changed

• chore(docs): Improve SEO icon detail pages by @​ericfennis in #​4040
• feat(icons): added database-search icon by @​Spleefies in #​4003
• fix(icons): changed user-lock icon by @​jguddas in #​3971
• fix(icons): changed bug-off icon by @​jguddas in #​3972
• fix(icons): changed bell-dot icon by @​jguddas in #​3973
• fix(icons): changed bandage icon by @​jguddas in #​3967
• fix(icons): changed hard-drive icon by @​jguddas in #​3622
• fix(icons): changed git-branch icon by @​jguddas in #​3938
• fix(icons): changed file-cog icon by @​jguddas in #​3965
• fix(icons): changed cloud-alert and cloud-check icon by @​jguddas in #​3976
• feat(icons): adds user-key and user-round-key, updates other -key icons to match by @​karsa-mistmere in #​4044

New Contributors

• @​Spleefies made their first contribution in #​4003

Full Changelog: lucide-icons/lucide@0.563.1...0.564.0

cznic/sqlite (modernc.org/sqlite)

v1.46.1

Compare Source

v1.46.0

Compare Source

v1.45.0

Compare Source

revotale/docker-multi-arch-release-action (revotale/docker-multi-arch-release-action)

v1.2.0

Compare Source

Features

• v1 format support (798b967)

v1.1.0

Compare Source

Features

• addd build args input (1210672)
• sematical release (aed7592)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: server/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 6 additional dependencies were updated

Details:

Package	Change
go.opentelemetry.io/otel	v1.39.0 -> v1.40.0
go.opentelemetry.io/otel/trace	v1.39.0 -> v1.40.0
golang.org/x/mod	v0.32.0 -> v0.33.0
golang.org/x/sys	v0.40.0 -> v0.41.0
golang.org/x/text	v0.33.0 -> v0.34.0
golang.org/x/tools	v0.41.0 -> v0.42.0