fix(deps): bump the external group across 1 directory with 24 updates by dependabot[bot] · Pull Request #3561 · opentdf/platform

dependabot · 2026-06-03T02:13:21Z

Bumps the external group with 17 updates in the /service directory:

Package	From	To
buf.build/go/protovalidate	`1.0.0`	`1.2.0`
connectrpc.com/connect	`1.19.2`	`1.20.0`
github.com/casbin/casbin/v2	`2.108.0`	`2.135.0`
github.com/eko/gocache/lib/v4	`4.2.0`	`4.2.3`
github.com/fsnotify/fsnotify	`1.9.0`	`1.10.1`
github.com/go-chi/cors	`1.2.1`	`1.2.2`
github.com/go-playground/validator/v10	`10.26.0`	`10.30.3`
github.com/go-viper/mapstructure/v2	`2.4.0`	`2.5.0`
github.com/jackc/pgx/v5	`5.9.2`	`5.10.0`
github.com/lib/pq	`1.10.9`	`1.12.3`
github.com/mattn/go-sqlite3	`1.14.29`	`1.14.45`
github.com/open-policy-agent/opa	`1.5.1`	`1.17.0`
go.opentelemetry.io/otel	`1.43.0`	`1.44.0`
go.opentelemetry.io/otel/exporters/otlp/otlptrace	`1.43.0`	`1.44.0`
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	`1.43.0`	`1.44.0`
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	`1.42.0`	`1.44.0`
github.com/go-ldap/ldap/v3	`3.4.12`	`3.4.13`

Updates buf.build/go/protovalidate from 1.0.0 to 1.2.0

Release notes

Sourced from buf.build/go/protovalidate's releases.

v1.2.0

This release is compatible with the v1.2.0 release of Protovalidate.

What's Changed

Bump protovalidate to 1.2.0 by @srikrsna-buf in bufbuild/protovalidate-go#314

New Contributors

@AdrienVannson made their first contribution in bufbuild/protovalidate-go#315

Full Changelog: bufbuild/protovalidate-go@v1.1.3...v1.2.0

v1.1.3

What's Changed

Fix a few godoc comments and update golangci-lint by @pkwarren in bufbuild/protovalidate-go#306

Bump the go group across 1 directory with 2 updates by @dependabot[bot] in bufbuild/protovalidate-go#308

Fix registry chain for pb.Map in NativeToValue by @rodaine in bufbuild/protovalidate-go#309

Full Changelog: bufbuild/protovalidate-go@v1.1.2...v1.1.3

v1.1.2

What's Changed

Fix base type adapter missing builtin types by @rodaine in bufbuild/protovalidate-go#305

Full Changelog: bufbuild/protovalidate-go@v1.1.1...v1.1.2

v1.1.1

This release is compatible with the v1.1.0 release of Protovalidate.

What's Changed

Always provide all available variables by @srikrsna-buf in bufbuild/protovalidate-go#297

Wrap protoreflect.Map with type information so we don't need to cast to map[any]any by @rodaine in bufbuild/protovalidate-go#300

Avoid heap escape on kvPairs evaluation by @rodaine in bufbuild/protovalidate-go#301

Implement registry chaining for CEL type isolation by @rodaine in bufbuild/protovalidate-go#302

Full Changelog: bufbuild/protovalidate-go@v1.1.0...v1.1.1

v1.1.0

This release is compatible with the v1.1.0 release of Protovalidate.

What's Changed

Improve ValidationError strings by @bufdev in bufbuild/protovalidate-go#291

Make it so that you can define expression-only rules by @bufdev in bufbuild/protovalidate-go#288

Fix field paths for groups by @timostamm in bufbuild/protovalidate-go#292

Update protovalidate by @srikrsna-buf in bufbuild/protovalidate-go#293

... (truncated)

Commits

50eb290 Add release.yml (#315)
27c1667 Bump protovalidate to 1.2.0 (#314)
114be76 Pin buf version to 1.67.0 (#313)
eb2c16f Bump github.com/google/cel-go from 0.27.0 to 0.28.0 in the go group (#312)
85e074d Update license year for 2026 (#311)
61167be Fix registry chain for pb.Map in NativeToValue (#309)
58d9ffb Bump the go group across 1 directory with 2 updates (#308)
89a14f7 Fix a few godoc comments and update golangci-lint (#306)
e666f1a Fix base type adapter missing builtin types (#305)
3707b74 Implement registry chaining for CEL type isolation (#302)
Additional commits viewable in compare view

Updates connectrpc.com/connect from 1.19.2 to 1.20.0

Release notes

Sourced from connectrpc.com/connect's releases.

v1.20.0

What's Changed

Other changes

Bump minimum supported Go version to 1.25 by @jonbodner-buf in #922

Update Unary-Get query parameter order to match spec recommendation by @oliversun9 in #926

New Contributors

@jonbodner-buf made their first contribution in #922

Full Changelog: connectrpc/connect-go@v1.19.2...v1.20.0

Commits

1291a7d Prepare for v1.20.0 (#927)
6df682f Update Unary-Get query parameter order to match spec recommendation (#926)
c4aac92 Chore update buf v1.69.0 and license year (#925)
a5a6c30 Bump Go from v1.24 to v1.25 (#922)
138e270 Back to development (#921)
See full diff in compare view

Updates github.com/casbin/casbin/v2 from 2.108.0 to 2.135.0

Release notes

Sourced from github.com/casbin/casbin/v2's releases.

v2.135.0

2.135.0 (2025-12-09)

Features

remove Travis script and issue templates (5fc9fd8)

v2.134.0

2.134.0 (2025-11-14)

Features

fix inconsistent backslash handling between matcher literals and CSV-parsed values (#1577) (5d3134d)

v2.133.0

2.133.0 (2025-11-14)

Features

fix stale g() function cache in BuildRoleLinks causing incorrect permissions (#1580) (0a13664)

v2.132.0

2.132.0 (2025-11-04)

Features

improve README (4b6c4c8)

v2.131.0

2.131.0 (2025-11-02)

Features

fix EscapeAssertion (matcher) incorrectly matching p./r. patterns inside quoted strings (#1572) (1eef59a)

v2.130.0

2.130.0 (2025-11-01)

Features

fix duplicate CI workflow runs and optimize to test only Go 1.21 (#1571) (bb1e443)

v2.129.0

2.129.0 (2025-11-01)

... (truncated)

Commits

5fc9fd8 feat: remove Travis script and issue templates
5d3134d feat: fix inconsistent backslash handling between matcher literals and CSV-pa...
0a13664 feat: fix stale g() function cache in BuildRoleLinks causing incorrect permis...
4b6c4c8 feat: improve README
1eef59a feat: fix EscapeAssertion (matcher) incorrectly matching p./r. patterns insid...
bb1e443 feat: fix duplicate CI workflow runs and optimize to test only Go 1.21 (#1571)
91b9cf2 feat: add OrBAC (Organisation-Based Access Control) model support (#1567)
87e9956 feat: add ContextEnforcer: add ctx to AddPolicy and other APIs (#1553)
1ef00ac feat: enable concurrent transactions using optimistic locking, versioning and...
0c5a574 feat: add PBAC model support and test (#1548)
Additional commits viewable in compare view

Updates github.com/eko/gocache/lib/v4 from 4.2.0 to 4.2.3

Release notes

Sourced from github.com/eko/gocache/lib/v4's releases.

store/memcache/v4.2.3

What's Changed

Store memcache: moved from golang/mock to mockery by @eko in eko/gocache#295

Full Changelog: eko/gocache@lib/v4.2.1...store/memcache/v4.2.3

store/bigcache/v4.2.3

What's Changed

Hide mock interfaces from users by @Neo2308 in eko/gocache#296

New Contributors

@Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/bigcache/v4.2.3

store/freecache/v4.2.3

What's Changed

Hide mock interfaces from users by @Neo2308 in eko/gocache#296

New Contributors

@Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/freecache/v4.2.3

store/go_cache/v4.2.3

What's Changed

Hide mock interfaces from users by @Neo2308 in eko/gocache#296

New Contributors

@Neo2308 made their first contribution in eko/gocache#296

Full Changelog: eko/gocache@store/memcache/v4.2.3...store/go_cache/v4.2.3

lib/v4.2.3

What's Changed

chore(go-mod): bump outdated dependencies by @geigerj0 in eko/gocache#300

New Contributors

@geigerj0 made their first contribution in eko/gocache#300

Full Changelog: eko/gocache@lib/v4.2.2...lib/v4.2.3

What's Changed

chore(go-mod): bump outdated dependencies by @geigerj0 in eko/gocache#300

New Contributors

@geigerj0 made their first contribution in eko/gocache#300

Full Changelog: eko/gocache@lib/v4.2.2...lib/v4.2.3

... (truncated)

Commits

5654fdf Merge pull request #300 from geigerj0/bump-deps
3fabe46 bump all deps
7747003 bump deps
b4334a5 bump deps
f037427 bump deps
003ae39 Merge pull request #296 from Neo2308/feature/master/hide-mock-interfaces
42bb50e Rename import to resolve warnings
21cb8b5 Added mocks
c0e14c1 Hide mock interfaces from users
277d34a Merge pull request #295 from eko/memcache-mocks
Additional commits viewable in compare view

Updates github.com/fsnotify/fsnotify from 1.9.0 to 1.10.1

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.10.1

Changes and fixes

inotify: don't remove sibling watches sharing a path prefix (#754)

inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

v1.10.0

This version of fsnotify needs Go 1.23.

Changes and fixes

inotify: improve initialization error message (#731)

inotify: send Rename event if recursive watch is renamed (#696)

inotify: avoid copying event buffers when reading names (#741)

kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

windows: fix nil pointer dereference in remWatch (#736)

windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.10.1 2026-05-04

Changes and fixes

inotify: don't remove sibling watches sharing a path prefix (#754)

inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

1.10.0 2026-04-30

This version of fsnotify needs Go 1.23.

Changes and fixes

inotify: improve initialization error message (#731)

inotify: send Rename event if recursive watch is renamed (#696)

inotify: avoid copying event buffers when reading names (#741)

kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

windows: fix nil pointer dereference in remWatch (#736)

windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Commits

76b01a6 Release 1.10.1
fec150b Update changelog
162b421 inotify, windows: don't rename sibling watches sharing a path prefix (#755)
224257f inotify: don't remove sibling watches sharing a path prefix (#754)
e0c956c windows: document directory Write events and stabilize tests (#745)
8d01d7b Release 1.10.0
602284e Update changelog
7f03e59 kqueue: skip ENOENT entries in watchDirectoryFiles (#748)
dab9dde windows: lock watch field updates against concurrent WatchList (#709) (#749)
eadf267 kqueue: drop watches directly in Close() instead of going through remove() (#...
Additional commits viewable in compare view

Updates github.com/go-chi/cors from 1.2.1 to 1.2.2

Release notes

Sourced from github.com/go-chi/cors's releases.

v1.2.2

What's Changed

Update README with install by @Uyutaka in go-chi/cors#22

Fix broken credits link by @lordidiot in go-chi/cors#25

fix test_default error message #28 by @ablankz in go-chi/cors#29

Update Go version in CI by @VojtechVitek in go-chi/cors#32

Fix Origin header check by @c2h5oh in go-chi/cors#38

New Contributors

@Uyutaka made their first contribution in go-chi/cors#22

@lordidiot made their first contribution in go-chi/cors#25

@ablankz made their first contribution in go-chi/cors#29

@VojtechVitek made their first contribution in go-chi/cors#32

@c2h5oh made their first contribution in go-chi/cors#38

Full Changelog: go-chi/cors@v1.2.1...v1.2.2

Commits

3a53812 Fix Origin header check (#38)
f8fbaee Update Go version in CI (#32)
b41f767 fix test_default error message #28 (#29)
76ca797 Fix broken link (#25)
9aca617 Update README with install (#22)
See full diff in compare view

Updates github.com/go-playground/validator/v10 from 10.26.0 to 10.30.3

Release notes

Sourced from github.com/go-playground/validator/v10's releases.

v10.30.3

What's Changed

Fix/issue 1550 UUID case insensitive by @leo-jp-edwards in go-playground/validator#1551

Feat: Add NoneOf Validation by @Carmen-Shannon in go-playground/validator#1554

Add bcp47_strict_language_tag validator by @bfabio in go-playground/validator#1489

chore(deps): bump golang.org/x/text from 0.35.0 to 0.36.0 by @dependabot[bot] in go-playground/validator#1558

chore(deps): bump golang.org/x/crypto from 0.49.0 to 0.50.0 by @dependabot[bot] in go-playground/validator#1559

Add CLAUDE.md with repo guidance for Claude Code by @deankarn in go-playground/validator#1564

Reduce build size with dead code elimination by @zemzale in go-playground/validator#1542

Refactored out detectFileMIMEType, matchesMIMEType logic for reuse. Added standalone isMIMEType validator for flexibility by @dapzthelegend in go-playground/validator#1544

feat(translations): add timezone support for en and ja locales by @dedyf5 in go-playground/validator#1566

docs: use errors.As in README and translations example by @eyupcanakman in go-playground/validator#1563

docs: fix typos by @rymiyamoto in go-playground/validator#1568

feat: add origin validator for web origin URLs by @ahmedkamalio in go-playground/validator#1565

fix: reject hostnames with trailing hyphen in RFC 952 validator by @ahmedkamalio in go-playground/validator#1569

fix(lint): correctly disable govet inline analyzer & deprecated gomodguard by @nodivbyzero in go-playground/validator#1574

chore(deps): bump golang.org/x/text from 0.36.0 to 0.37.0 by @dependabot[bot] in go-playground/validator#1572

chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 by @dependabot[bot] in go-playground/validator#1571

fix(cron): anchor regex and accept full cron syntax by @ahmedkamalio in go-playground/validator#1577

chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 by @dependabot[bot] in go-playground/validator#1580

feat: omit blank tag names from namespace by @abemedia in go-playground/validator#1567

fix(docs): correct ripemd160 tag name in README validation table by @napoleonbot in go-playground/validator#1582

New Contributors

@leo-jp-edwards made their first contribution in go-playground/validator#1551

@Carmen-Shannon made their first contribution in go-playground/validator#1554

@dapzthelegend made their first contribution in go-playground/validator#1544

@dedyf5 made their first contribution in go-playground/validator#1566

@eyupcanakman made their first contribution in go-playground/validator#1563

@rymiyamoto made their first contribution in go-playground/validator#1568

@abemedia made their first contribution in go-playground/validator#1567

@napoleonbot made their first contribution in go-playground/validator#1582

Full Changelog: go-playground/validator@v10.30.2...v10.30.3

v10.30.2

What's Changed

chore(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @dependabot[bot] in go-playground/validator#1523

feat: add translations for alphaspace and alphanumspace tags in indonesian by @savioruz in go-playground/validator#1522

chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.12 to 1.4.13 by @dependabot[bot] in go-playground/validator#1526

feat: add cmyk(color) to validator by @thenicolau in go-playground/validator#1528

chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 by @dependabot[bot] in go-playground/validator#1534

chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @dependabot[bot] in go-playground/validator#1533

Go 1.26 support by @nodivbyzero in go-playground/validator#1535

fix: prevent panic in unique validation with nil pointer elements by @nodivbyzero in go-playground/validator#1532

docs: fix typos by @alexandear in go-playground/validator#1527

feat: implement ValidatorValuer interface feature by @thommeo in go-playground/validator#1416

docs: add Valuer interface documentation and example by @wofiporia in go-playground/validator#1540

chore(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 by @dependabot[bot] in go-playground/validator#1545

chore(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 by @dependabot[bot] in go-playground/validator#1546

... (truncated)

Commits

ac4c1ba fix(docs): correct ripemd160 tag name in README validation table (#1582)
feacb34 feat: omit blank tag names from namespace (#1567)
5ed0a7e chore(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 (#1580)
0364541 fix(cron): anchor regex and accept full cron syntax (#1577)
8eb2659 chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 (#1571)
f7e1721 chore(deps): bump golang.org/x/text from 0.36.0 to 0.37.0 (#1572)
cf37fce fix(lint): correctly disable govet inline analyzer & deprecated gomodguard (#...
7c334e5 fix: reject hostnames with trailing hyphen in RFC 952 validator (#1569)
6bcb7bc feat: add origin validator for web origin URLs (#1565)
6fd2fa8 docs: fix typos (#1568)
Additional commits viewable in compare view

Updates github.com/go-viper/mapstructure/v2 from 2.4.0 to 2.5.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.5.0

What's Changed

Print qualified type name when ErrorUnused=true causes errors for unused keys in embedded fields by @jmacd in go-viper/mapstructure#113

build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in go-viper/mapstructure#126

build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 by @dependabot[bot] in go-viper/mapstructure#131

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in go-viper/mapstructure#129

feat: support for automatically initializing squashed pointer structs by @tuunit in go-viper/mapstructure#71

build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in go-viper/mapstructure#134

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in go-viper/mapstructure#142

Fix slice deep map (owned) by @jphastings in go-viper/mapstructure#144

chore: fix lint violations by @sagikazarmark in go-viper/mapstructure#157

chore: switch to devenv by @sagikazarmark in go-viper/mapstructure#158

build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in go-viper/mapstructure#151

build(deps): bump github/codeql-action from 3.29.10 to 4.31.2 by @dependabot[bot] in go-viper/mapstructure#153

build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 by @dependabot[bot] in go-viper/mapstructure#154

build(deps): bump actions/checkout from 5.0.0 to 6.0.1 by @dependabot[bot] in go-viper/mapstructure#160

build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in go-viper/mapstructure#159

build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 by @dependabot[bot] in go-viper/mapstructure#162

build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in go-viper/mapstructure#161

build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 by @dependabot[bot] in go-viper/mapstructure#163

feature: Add map field name to convert structs dynamically instead of individually with a tag. by @thespags in go-viper/mapstructure#149

feat(decoder): support multiple tag names in order by @DarkiT in go-viper/mapstructure#59

feat: optional root object name by @andreev-fn in go-viper/mapstructure#137

Add unmarshaler interface by @sagikazarmark in go-viper/mapstructure#166

New Contributors

@jmacd made their first contribution in go-viper/mapstructure#113

@tuunit made their first contribution in go-viper/mapstructure#71

@jphastings made their first contribution in go-viper/mapstructure#144

@thespags made their first contribution in go-viper/mapstructure#149

@DarkiT made their first contribution in go-viper/mapstructure#59

@andreev-fn made their first contribution in go-viper/mapstructure#137

Full Changelog: go-viper/mapstructure@v2.4.0...v2.5.0

Commits

9aa3f77 Merge pull request #166 from go-viper/unmarshal2
ae32a61 doc: add more documentation
320c8c9 test: cover unmarshaler to map
5b22829 feat: add unmarshaler interface
fd74c75 Merge pull request #137 from andreev-fn/opt-root-name
dee4661 Merge pull request #59 from DarkiT/main
5605df4 chore: cover more test cases, fix edge cases, add docs
6166631 fix(mapstructure): add multi-tag support and regression tests
6471aa6 Merge pull request #149 from thespags/main
dbffaaa chore: add more tests and clarification to the documentation
Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)

Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)

Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)

Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)

pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)

Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)

Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)

Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)

Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)

Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)

Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

Fix scanning "char" (OID 18) into *string in binary format (luongs3)

Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)

Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)

Fix data race when context is cancelled during connect

Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)

pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)

pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)

pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check

Add missing error check of rows.Err to load types (Jen Altavilla)

Commits

7293fb1 Update changelog for v5.10.0
1ade285 pgconn: document secure connection configuration
b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
b28e65b pgtype: bound array element count against remaining message bytes
cd1f389 pgtype: bound array binary decode element length against remaining bytes
ff27b5b pgtype: bound hstore binary decode against malicious server input
a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
44f6173 pgconn: cap server-supplied SCRAM iteration count
1a976f7 pgconn: add require_auth to restrict accepted server auth methods
Additional commits viewable in compare view

Updates github.com/lib/pq from 1.10.9 to 1.12.3

Release notes

Sourc...

Description has been truncated

github-actions · 2026-06-03T02:25:12Z

X-Test Results

✅ go@main-v0.9.0
✅ go@main-pull-3561
✅ java@main-pull-3561
✅ js@main-pull-3561
✅ java@main-v0.9.0
✅ js@main-v0.9.0
cukes-report
opentdf~~platform~~ICLUI3.dockerbuild
govulncheck-failure-3
govulncheck-failure-8
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-5

github-actions · 2026-06-04T20:27:23Z

X-Test Results

✅ go@main-pull-3561
✅ java@main-pull-3561
✅ go@main-v0.9.0
✅ js@main-pull-3561
✅ java@main-v0.9.0
✅ js@main-v0.9.0
cukes-report
opentdf~~platform~~4YRWFV.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-5
govulncheck-failure-0

Bumps the external group with 17 updates in the /service directory: | Package | From | To | | --- | --- | --- | | [buf.build/go/protovalidate](https://github.com/bufbuild/protovalidate-go) | `1.0.0` | `1.2.0` | | [connectrpc.com/connect](https://github.com/connectrpc/connect-go) | `1.19.2` | `1.20.0` | | [github.com/casbin/casbin/v2](https://github.com/casbin/casbin) | `2.108.0` | `2.135.0` | | [github.com/eko/gocache/lib/v4](https://github.com/eko/gocache) | `4.2.0` | `4.2.3` | | [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) | `1.9.0` | `1.10.1` | | [github.com/go-chi/cors](https://github.com/go-chi/cors) | `1.2.1` | `1.2.2` | | [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) | `10.26.0` | `10.30.3` | | [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) | `2.4.0` | `2.5.0` | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.2` | `5.10.0` | | [github.com/lib/pq](https://github.com/lib/pq) | `1.10.9` | `1.12.3` | | [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.29` | `1.14.45` | | [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.5.1` | `1.17.0` | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` | | [go.opentelemetry.io/otel/exporters/stdout/stdouttrace](https://github.com/open-telemetry/opentelemetry-go) | `1.42.0` | `1.44.0` | | [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) | `3.4.12` | `3.4.13` | Updates `buf.build/go/protovalidate` from 1.0.0 to 1.2.0 - [Release notes](https://github.com/bufbuild/protovalidate-go/releases) - [Commits](bufbuild/protovalidate-go@v1.0.0...v1.2.0) Updates `connectrpc.com/connect` from 1.19.2 to 1.20.0 - [Release notes](https://github.com/connectrpc/connect-go/releases) - [Changelog](https://github.com/connectrpc/connect-go/blob/main/RELEASE.md) - [Commits](connectrpc/connect-go@v1.19.2...v1.20.0) Updates `github.com/casbin/casbin/v2` from 2.108.0 to 2.135.0 - [Release notes](https://github.com/casbin/casbin/releases) - [Commits](apache/casbin@v2.108.0...v2.135.0) Updates `github.com/eko/gocache/lib/v4` from 4.2.0 to 4.2.3 - [Release notes](https://github.com/eko/gocache/releases) - [Commits](eko/gocache@lib/v4.2.0...lib/v4.2.3) Updates `github.com/fsnotify/fsnotify` from 1.9.0 to 1.10.1 - [Release notes](https://github.com/fsnotify/fsnotify/releases) - [Changelog](https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md) - [Commits](fsnotify/fsnotify@v1.9.0...v1.10.1) Updates `github.com/go-chi/cors` from 1.2.1 to 1.2.2 - [Release notes](https://github.com/go-chi/cors/releases) - [Commits](go-chi/cors@v1.2.1...v1.2.2) Updates `github.com/go-playground/validator/v10` from 10.26.0 to 10.30.3 - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](go-playground/validator@v10.26.0...v10.30.3) Updates `github.com/go-viper/mapstructure/v2` from 2.4.0 to 2.5.0 - [Release notes](https://github.com/go-viper/mapstructure/releases) - [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md) - [Commits](go-viper/mapstructure@v2.4.0...v2.5.0) Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.9.2...v5.10.0) Updates `github.com/lib/pq` from 1.10.9 to 1.12.3 - [Release notes](https://github.com/lib/pq/releases) - [Changelog](https://github.com/lib/pq/blob/master/CHANGELOG.md) - [Commits](lib/pq@v1.10.9...v1.12.3) Updates `github.com/mattn/go-sqlite3` from 1.14.29 to 1.14.45 - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](mattn/go-sqlite3@v1.14.29...v1.14.45) Updates `github.com/open-policy-agent/opa` from 1.5.1 to 1.17.0 - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.5.1...v1.17.0) Updates `github.com/spf13/cobra` from 1.9.1 to 1.10.2 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.9.1...v1.10.2) Updates `github.com/spf13/viper` from 1.20.1 to 1.21.0 - [Release notes](https://github.com/spf13/viper/releases) - [Commits](spf13/viper@v1.20.1...v1.21.0) Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.42.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.42.0...v1.43.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/stdout/stdouttrace` from 1.42.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.42.0...v1.44.0) Updates `go.opentelemetry.io/otel/sdk` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/trace` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `golang.org/x/net` from 0.54.0 to 0.55.0 - [Commits](golang/net@v0.54.0...v0.55.0) Updates `google.golang.org/grpc` from 1.81.0 to 1.81.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.81.0...v1.81.1) Updates `github.com/go-ldap/ldap/v3` from 3.4.12 to 3.4.13 - [Release notes](https://github.com/go-ldap/ldap/releases) - [Commits](go-ldap/ldap@v3.4.12...v3.4.13) --- updated-dependencies: - dependency-name: buf.build/go/protovalidate dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: connectrpc.com/connect dependency-version: 1.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: github.com/casbin/casbin/v2 dependency-version: 2.135.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: github.com/eko/gocache/lib/v4 dependency-version: 4.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: external - dependency-name: github.com/fsnotify/fsnotify dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: github.com/go-chi/cors dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: external - dependency-name: github.com/go-ldap/ldap/v3 dependency-version: 3.4.13 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: external - dependency-name: github.com/go-playground/validator/v10 dependency-version: 10.30.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: github.com/go-viper/mapstructure/v2 dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: github.com/lib/pq dependency-version: 1.12.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: github.com/mattn/go-sqlite3 dependency-version: 1.14.44 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: external - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: github.com/spf13/viper dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: go.opentelemetry.io/otel dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: go.opentelemetry.io/otel/exporters/stdout/stdouttrace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: go.opentelemetry.io/otel/trace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: golang.org/x/net dependency-version: 0.55.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: external - dependency-name: google.golang.org/grpc dependency-version: 1.81.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: external ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-06-05T17:59:38Z

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

examples
otdfctl
sdk
service
lib/fixtures
tests-bdd

See the workflow run for details.

github-actions · 2026-06-05T18:10:54Z

X-Test Results

bats-test-results
✅ go@main-v0.9.0
✅ go@main-pull-3561
✅ java@main-pull-3561
✅ java@main-v0.9.0
✅ js@main-v0.9.0
✅ js@main-pull-3561
cukes-report
opentdf~~platform~~G82BDJ.dockerbuild
govulncheck-failure-1
govulncheck-failure-3
govulncheck-failure-0
govulncheck-failure-8
govulncheck-failure-5
govulncheck-failure-2

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 3, 2026

dependabot Bot requested review from a team as code owners June 3, 2026 02:13

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 3, 2026

github-actions Bot added the size/m label Jun 3, 2026

dependabot Bot force-pushed the dependabot/go_modules/service/external-0385dc6d49 branch from 96b6f86 to 10fd3b3 Compare June 4, 2026 20:14

dependabot Bot force-pushed the dependabot/go_modules/service/external-0385dc6d49 branch from 10fd3b3 to 2f782ba Compare June 5, 2026 17:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): bump the external group across 1 directory with 24 updates#3561

fix(deps): bump the external group across 1 directory with 24 updates#3561
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/service/external-0385dc6d49

dependabot Bot commented on behalf of github Jun 3, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Jun 3, 2026

Uh oh!

github-actions Bot commented Jun 4, 2026

Uh oh!

github-actions Bot commented Jun 5, 2026

Uh oh!

github-actions Bot commented Jun 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.2.0

What's Changed

New Contributors

v1.1.3

What's Changed

v1.1.2

What's Changed

v1.1.1

What's Changed

v1.1.0

What's Changed

v1.20.0

What's Changed

Other changes

New Contributors

v2.135.0

2.135.0 (2025-12-09)

Features

v2.134.0

2.134.0 (2025-11-14)

Features

v2.133.0

2.133.0 (2025-11-14)

Features

v2.132.0

2.132.0 (2025-11-04)

Features

v2.131.0

2.131.0 (2025-11-02)

Features

v2.130.0

2.130.0 (2025-11-01)

Features

v2.129.0

2.129.0 (2025-11-01)

store/memcache/v4.2.3

What's Changed

store/bigcache/v4.2.3

What's Changed

New Contributors

store/freecache/v4.2.3

What's Changed

New Contributors

store/go_cache/v4.2.3

What's Changed

New Contributors

lib/v4.2.3

What's Changed

New Contributors

What's Changed

New Contributors

v1.10.1

Changes and fixes

v1.10.0

Changes and fixes

1.10.1 2026-05-04

Changes and fixes

1.10.0 2026-04-30

Changes and fixes

v1.2.2

What's Changed

New Contributors

v10.30.3

What's Changed

New Contributors

v10.30.2

What's Changed

v2.5.0

What's Changed

New Contributors

5.10.0 (June 3, 2026)

Features

Security Hardening

Fixes

Uh oh!

github-actions Bot commented Jun 3, 2026

X-Test Results

dependabot Bot commented on behalf of github Jun 3, 2026 •

edited

Loading