build(deps): bump the minor-and-patch group across 1 directory with 18 updates by dependabot[bot] · Pull Request #23 · xraph/dispatch

dependabot · 2026-05-04T09:15:54Z

Bumps the minor-and-patch group with 15 updates in the / directory:

Package	From	To
github.com/jackc/pgx/v5	`5.8.0`	`5.9.2`
github.com/redis/go-redis/v9	`9.18.0`	`9.19.0`
github.com/testcontainers/testcontainers-go	`0.40.0`	`0.42.0`
github.com/testcontainers/testcontainers-go/modules/postgres	`0.40.0`	`0.42.0`
github.com/testcontainers/testcontainers-go/modules/redis	`0.40.0`	`0.42.0`
github.com/uptrace/bun	`1.2.16`	`1.2.18`
github.com/uptrace/bun/dialect/pgdialect	`1.2.16`	`1.2.18`
github.com/uptrace/bun/driver/pgdriver	`1.2.16`	`1.2.18`
github.com/xraph/forge	`1.6.0`	`1.6.1`
go.mongodb.org/mongo-driver/v2	`2.5.0`	`2.6.0`
go.opentelemetry.io/otel/sdk	`1.40.0`	`1.43.0`
golang.org/x/sync	`0.19.0`	`0.20.0`
golang.org/x/time	`0.12.0`	`0.15.0`
k8s.io/api	`0.35.0`	`0.36.0`
k8s.io/client-go	`0.35.0`	`0.36.0`

Updates github.com/jackc/pgx/v5 from 5.8.0 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

The non-default simple protocol is used.

A dollar quoted string literal is used in the SQL query.

That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.

The value of that placeholder is controllable by the attacker.

e.g.
attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)
This is unlikely to occur outside of a contrived scenario.

5.9.1 (March 22, 2026)

Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

Require Go 1.25+

Add SCRAM-SHA-256-PLUS support (Adam Brightwell)

Add OAuth authentication support for PostgreSQL 18 (David Schneider)

Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)

Add tsvector type support (Adam Brightwell)

Skip Describe Portal for cached prepared statements reducing network round trips

Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)

Default empty user to current OS user matching libpq behavior (ShivangSrivastava)

Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)

Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)

Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)

Make RowsAffected faster (Abhishek Chanda)

Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)

Fix: ContextWatcher goroutine leak (Hank Donnay)

Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)

... (truncated)

Commits

0aeabbc Release v5.9.2
60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
e34e452 doc: Add godoc links
08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
96b4dbd Remove unstable test
acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
2f81f1f Update max_protocol_version and min_protocol_version defaults
4e4eaed Release v5.9.1
6273188 Fix batch result format corruption when using cached prepared statements
Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.18.0 to 9.19.0

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.19.0

🚀 Highlights

FIPS-Compatible Script Helper

Script now supports a FIPS-safe execution mode that avoids client-side SHA-1 computation, which is blocked in strict FIPS environments. A new NewScriptServerSHA constructor uses SCRIPT LOAD to obtain and cache the digest from the server, then runs commands via EVALSHA/EVALSHA_RO. Falls back to EVAL/EVALRO if loading fails, and transparently retries once on NOSCRIPT. The default behavior is unchanged for existing users.

(#3700) by @chaitanyabodlapati

FT.AGGREGATE Step-Based Pipeline Builder

Added a new step-based FT.AGGREGATE pipeline API via FTAggregateOptions.Steps, allowing LOAD, APPLY, GROUPBY, and SORTBY (with per-step MAX) to be repeated and interleaved in arbitrary order — matching Redis's native multi-stage aggregation semantics. The legacy Load/Apply/GroupBy/SortBy/SortByMax fields are now deprecated.

(#3782) by @ndyakov

Raw RESP Protocol Access

Added DoRaw and DoRawWriteTo methods for executing arbitrary commands and reading the raw RESP response. Useful for proxying, custom protocol inspection, and working with commands not yet wrapped by go-redis.

(#3713) by @ofekshenawa

Configurable Dial Retry Backoff

Added DialerRetryBackoff option (plumbed through Options, ClusterOptions, RingOptions, FailoverOptions) to let callers customize the delay between failed dial attempts. Helpers DialRetryBackoffConstant and DialRetryBackoffExponential (with jitter and cap) are provided out of the box. Dial timeout is now also applied per attempt rather than across all retries.

(#3706, #3705) by @mwhooker

✨ New Features

FT.AGGREGATE Steps: Step-based pipeline builder for FT.AGGREGATE with support for repeated/interleaved LOAD, APPLY, GROUPBY, and SORTBY stages (#3782) by @ndyakov

VectorSet commands: Added VISMEMBER and WITHATTRIBS support (#3753) by @romanpovol

FIPS-safe Script: NewScriptServerSHA uses SCRIPT LOAD to obtain the digest from the server, avoiding client-side SHA-1 (#3700) by @chaitanyabodlapati

Raw RESP access: DoRaw and DoRawWriteTo for raw RESP protocol access (#3713) by @ofekshenawa

Dial retry backoff: DialerRetryBackoff function option with constant and exponential helpers (#3706) by @mwhooker

Typed NOSCRIPT error: Redis NOSCRIPT replies are now surfaced as a typed error for easier handling (#3738) by @LINKIWI

PubSub ClientSetName: Added ClientSetName method to PubSub (#3727) by @Flack74

ReplicaOf: New ReplicaOf method replaces the deprecated SlaveOf (#3720) by @Copilot

HSCAN BinaryUnmarshaler: HScan now supports types implementing encoding.BinaryUnmarshaler (#3768) by @Aaditya-dubey1

🐛 Bug Fixes

Auto hostname type detection: Improved endpoint type detection for maintenance notifications using DNS-based classification; handles empty hosts and expanded private-IP ranges (#3789) by @ndyakov

HELLO fallback: Don't send CLIENT MAINT_NOTIFICATIONS handshake when HELLO fails and connection falls back to RESP2; fail fast when explicitly enabled with RESP3 (#3788) by @ndyakov

Dial TCP retry: ShouldRetry now treats net.OpError with Op == "dial" timeout errors as safe to retry since no command was sent (#3787) by @vladisa88

wrappedOnClose leak: Fixed resource leak caused by repeatedly wrapping baseClient close logic; replaced with a bounded, concurrency-safe named-hook registry (#3785) by @ndyakov

Pool Close() on stale connections: Suppress close errors (e.g., TLS closeNotify timeouts) for connections already dropped by the server due to idle timeout (#3778) by @ofekshenawa

FIFO waiter ordering: Fixed race in ConnStateMachine.notifyWaiters that could wake multiple waiters under a single mutex hold and violate FIFO ordering (#3777) by @0x48core

Lua READONLY detection: Detect READONLY errors embedded in Lua script error messages on read-only replicas so commands are correctly retried (#3769) by @zhengjilei

VectorScoreSliceCmd RESP2: Fixed VSimWithScores, VSimWithArgsWithScores, and VLinksWithScores which were broken on RESP2 connections returning flat arrays instead of maps (#3767) by @Copilot

... (truncated)

Changelog

Sourced from github.com/redis/go-redis/v9's changelog.

9.19.0 (2026-04-27)

🚀 Highlights

FIPS-Compatible Script Helper

Script now supports a FIPS-safe execution mode that avoids client-side SHA-1 computation, which is blocked in strict FIPS environments. A new NewScriptServerSHA constructor uses SCRIPT LOAD to obtain and cache the digest from the server, then runs commands via EVALSHA/EVALSHA_RO. Falls back to EVAL/EVALRO if loading fails, and transparently retries once on NOSCRIPT. The default behavior is unchanged for existing users.

(#3700) by @chaitanyabodlapati

FT.AGGREGATE Step-Based Pipeline Builder

Added a new step-based FT.AGGREGATE pipeline API via FTAggregateOptions.Steps, allowing LOAD, APPLY, GROUPBY, and SORTBY (with per-step MAX) to be repeated and interleaved in arbitrary order — matching Redis's native multi-stage aggregation semantics. The legacy Load/Apply/GroupBy/SortBy/SortByMax fields are now deprecated.

(#3782) by @ndyakov

Raw RESP Protocol Access

Added DoRaw and DoRawWriteTo methods for executing arbitrary commands and reading the raw RESP response. Useful for proxying, custom protocol inspection, and working with commands not yet wrapped by go-redis.

(#3713) by @ofekshenawa

Configurable Dial Retry Backoff

Added DialerRetryBackoff option (plumbed through Options, ClusterOptions, RingOptions, FailoverOptions) to let callers customize the delay between failed dial attempts. Helpers DialRetryBackoffConstant and DialRetryBackoffExponential (with jitter and cap) are provided out of the box. Dial timeout is now also applied per attempt rather than across all retries.

(#3706, #3705) by @mwhooker

✨ New Features

FT.AGGREGATE Steps: Step-based pipeline builder for FT.AGGREGATE with support for repeated/interleaved LOAD, APPLY, GROUPBY, and SORTBY stages (#3782) by @ndyakov

VectorSet commands: Added VISMEMBER and WITHATTRIBS support (#3753) by @romanpovol

FIPS-safe Script: NewScriptServerSHA uses SCRIPT LOAD to obtain the digest from the server, avoiding client-side SHA-1 (#3700) by @chaitanyabodlapati

Raw RESP access: DoRaw and DoRawWriteTo for raw RESP protocol access (#3713) by @ofekshenawa

Dial retry backoff: DialerRetryBackoff function option with constant and exponential helpers (#3706) by @mwhooker

Typed NOSCRIPT error: Redis NOSCRIPT replies are now surfaced as a typed error for easier handling (#3738) by @LINKIWI

PubSub ClientSetName: Added ClientSetName method to PubSub (#3727) by @Flack74

ReplicaOf: New ReplicaOf method replaces the deprecated SlaveOf (#3720) by @Copilot

HSCAN BinaryUnmarshaler: HScan now supports types implementing encoding.BinaryUnmarshaler (#3768) by @Aaditya-dubey1

🐛 Bug Fixes

Auto hostname type detection: Improved endpoint type detection for maintenance notifications using DNS-based classification; handles empty hosts and expanded private-IP ranges (#3789) by @ndyakov

HELLO fallback: Don't send CLIENT MAINT_NOTIFICATIONS handshake when HELLO fails and connection falls back to RESP2; fail fast when explicitly enabled with RESP3 (#3788) by @ndyakov

Dial TCP retry: ShouldRetry now treats net.OpError with Op == "dial" timeout errors as safe to retry since no command was sent (#3787) by @vladisa88

wrappedOnClose leak: Fixed resource leak caused by repeatedly wrapping baseClient close logic; replaced with a bounded, concurrency-safe named-hook registry (#3785) by @ndyakov

Pool Close() on stale connections: Suppress close errors (e.g., TLS closeNotify timeouts) for connections already dropped by the server due to idle timeout (#3778) by @ofekshenawa

FIFO waiter ordering: Fixed race in ConnStateMachine.notifyWaiters that could wake multiple waiters under a single mutex hold and violate FIFO ordering (#3777) by @0x48core

Lua READONLY detection: Detect READONLY errors embedded in Lua script error messages on read-only replicas so commands are correctly retried (#3769) by @zhengjilei

VectorScoreSliceCmd RESP2: Fixed VSimWithScores, VSimWithArgsWithScores, and VLinksWithScores which were broken on RESP2 connections returning flat arrays instead of maps (#3767) by @Copilot

... (truncated)

Commits

e7e9866 chore(release): v9.19.0 (#3796)
22b26f4 feat(ft.aggregate): Add Steps for query building (#3782)
d9d7694 fix(pool): two fixes for closed connection handling (#3764)
44e8b73 fix(sch): auto hostname type detection (#3789)
ad21622 fix(hello): do not send maintnotifications handshake when hello fails (#3788)
1a7ac74 fix(pool): suppress pool Close() errors for stale connections (#3778)
903d6bd fix(retry): make dial tcp error redirectable (#3786) (#3787)
00a551b fix(credentials): leak in wrappedOnClose (#3785)
b5a6f99 refactor(pool): remove redundant Conn.closed atomic field (#3783)
928f27a feat(hscan): add support for encoding.BinaryUnmarshaler (#3768)
Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go from 0.40.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

chore!: migrate to moby modules (#3591) @thaJeztah

🔒 Security

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

🐛 Bug Fixes

fix: return an error when docker host cannot be retrieved (#3613) @ash2k

🧹 Housekeeping

chore: gitignore Gas Town agent artifacts (#3633) @mdelapenya

fix(usage-metrics): include last release in the legend pop over (#3630) @mdelapenya

chore: update usage metrics (2026-04) (#3621) @github-actions[bot]

fix(usage-metrics): order of actions matters (#3623) @mdelapenya

fix(usage-metrics): reduce rate-limit cascade errors (#3622) @mdelapenya

fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#3620) @mdelapenya

📦 Dependency updates

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]

chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]

chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]

chore: update to Go 1.25.9, 1.26.9 (#3647) @thaJeztah

chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @thaJeztah

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]

chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]

chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]

fix(localstack): accept community-archive as a valid tag (#3601) @johnduhart

chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]

chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]

chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]

chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits

6e58418 chore: use new version (v0.42.0) in modules and examples
f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go/modules/postgres from 0.40.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go/modules/postgres's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

chore!: migrate to moby modules (#3591) @thaJeztah

🔒 Security

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

🐛 Bug Fixes

fix: return an error when docker host cannot be retrieved (#3613) @ash2k

🧹 Housekeeping

chore: gitignore Gas Town agent artifacts (#3633) @mdelapenya

fix(usage-metrics): include last release in the legend pop over (#3630) @mdelapenya

chore: update usage metrics (2026-04) (#3621) @github-actions[bot]

fix(usage-metrics): order of actions matters (#3623) @mdelapenya

fix(usage-metrics): reduce rate-limit cascade errors (#3622) @mdelapenya

fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#3620) @mdelapenya

📦 Dependency updates

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]

chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]

chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]

chore: update to Go 1.25.9, 1.26.9 (#3647) @thaJeztah

chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @thaJeztah

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]

chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]

chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]

fix(localstack): accept community-archive as a valid tag (#3601) @johnduhart

chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]

chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]

chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]

chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits

6e58418 chore: use new version (v0.42.0) in modules and examples
f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go/modules/redis from 0.40.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go/modules/redis's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

chore!: migrate to moby modules (#3591) @thaJeztah

🔒 Security

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

🐛 Bug Fixes

fix: return an error when docker host cannot be retrieved (#3613) @ash2k

🧹 Housekeeping

chore: gitignore Gas Town agent artifacts (#3633) @mdelapenya

fix(usage-metrics): include last release in the legend pop over (#3630) @mdelapenya

chore: update usage metrics (2026-04) (#3621) @github-actions[bot]

fix(usage-metrics): order of actions matters (#3623) @mdelapenya

fix(usage-metrics): reduce rate-limit cascade errors (#3622) @mdelapenya

fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#3620) @mdelapenya

📦 Dependency updates

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]

chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]

chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]

chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]

chore: update to Go 1.25.9, 1.26.9 (#3647) @thaJeztah

chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @thaJeztah

chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @thaJeztah

chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]

chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]

chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]

fix(localstack): accept community-archive as a valid tag (#3601) @johnduhart

chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]

chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]

chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]

chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]

chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits

6e58418 chore: use new version (v0.42.0) in modules and examples
f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
Additional commits viewable in compare view

Updates github.com/uptrace/bun from 1.2.16 to 1.2.18

Release notes

Sourced from github.com/uptrace/bun's releases.

v1.2.18

Please refer to CHANGELOG.md for details

v1.2.17

Please refer to CHANGELOG.md for details

Changelog

Sourced from github.com/uptrace/bun's changelog.

1.2.18 (2026-02-28)

Bug Fixes

handle []byte and [N]byte in Tuple, separate List from Tuple imp… (uptrace/bun#1340) (bec98b9)

validate parenthesized content in ReadIdentifier to prevent ?(?, ?) misparse (#1338) (b8da15b), closes #1337

1.2.17 (2026-02-21)

Bug Fixes

migrator exec error propagation (#1320) (b40f603)

OrderAscNullsFirst mapping (fixes #1305) (43b6af2)

panic in indirectAsKey when loading complex models. TypeOf(v) returns nil (2788c5b)

RunMigration marks migration as applied after running (#1330) (990c2eb)

Features

add Tuple and List (#1331) (5c2b3d1)

create unique index on migration name column in Migrator.Init (#1332) (44ac056)

update: use DEFAULT instead of NULL on databases that support it (#1315) (cabcffd)

Commits

…8 updates Bumps the minor-and-patch group with 15 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.8.0` | `5.9.2` | | [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.18.0` | `9.19.0` | | [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.40.0` | `0.42.0` | | [github.com/testcontainers/testcontainers-go/modules/postgres](https://github.com/testcontainers/testcontainers-go) | `0.40.0` | `0.42.0` | | [github.com/testcontainers/testcontainers-go/modules/redis](https://github.com/testcontainers/testcontainers-go) | `0.40.0` | `0.42.0` | | [github.com/uptrace/bun](https://github.com/uptrace/bun) | `1.2.16` | `1.2.18` | | [github.com/uptrace/bun/dialect/pgdialect](https://github.com/uptrace/bun) | `1.2.16` | `1.2.18` | | [github.com/uptrace/bun/driver/pgdriver](https://github.com/uptrace/bun) | `1.2.16` | `1.2.18` | | [github.com/xraph/forge](https://github.com/xraph/forge) | `1.6.0` | `1.6.1` | | [go.mongodb.org/mongo-driver/v2](https://github.com/mongodb/mongo-go-driver) | `2.5.0` | `2.6.0` | | [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.40.0` | `1.43.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.19.0` | `0.20.0` | | [golang.org/x/time](https://github.com/golang/time) | `0.12.0` | `0.15.0` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.35.0` | `0.36.0` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.35.0` | `0.36.0` | Updates `github.com/jackc/pgx/v5` from 5.8.0 to 5.9.2 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.8.0...v5.9.2) Updates `github.com/redis/go-redis/v9` from 9.18.0 to 9.19.0 - [Release notes](https://github.com/redis/go-redis/releases) - [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md) - [Commits](redis/go-redis@v9.18.0...v9.19.0) Updates `github.com/testcontainers/testcontainers-go` from 0.40.0 to 0.42.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.40.0...v0.42.0) Updates `github.com/testcontainers/testcontainers-go/modules/postgres` from 0.40.0 to 0.42.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.40.0...v0.42.0) Updates `github.com/testcontainers/testcontainers-go/modules/redis` from 0.40.0 to 0.42.0 - [Release notes](https://github.com/testcontainers/testcontainers-go/releases) - [Commits](testcontainers/testcontainers-go@v0.40.0...v0.42.0) Updates `github.com/uptrace/bun` from 1.2.16 to 1.2.18 - [Release notes](https://github.com/uptrace/bun/releases) - [Changelog](https://github.com/uptrace/bun/blob/master/CHANGELOG.md) - [Commits](uptrace/bun@v1.2.16...v1.2.18) Updates `github.com/uptrace/bun/dialect/pgdialect` from 1.2.16 to 1.2.18 - [Release notes](https://github.com/uptrace/bun/releases) - [Changelog](https://github.com/uptrace/bun/blob/master/CHANGELOG.md) - [Commits](uptrace/bun@v1.2.16...v1.2.18) Updates `github.com/uptrace/bun/driver/pgdriver` from 1.2.16 to 1.2.18 - [Release notes](https://github.com/uptrace/bun/releases) - [Changelog](https://github.com/uptrace/bun/blob/master/CHANGELOG.md) - [Commits](uptrace/bun@v1.2.16...v1.2.18) Updates `github.com/xraph/forge` from 1.6.0 to 1.6.1 - [Release notes](https://github.com/xraph/forge/releases) - [Changelog](https://github.com/xraph/forge/blob/main/CHANGELOG.md) - [Commits](xraph/forge@v1.6.0...v1.6.1) Updates `go.mongodb.org/mongo-driver/v2` from 2.5.0 to 2.6.0 - [Release notes](https://github.com/mongodb/mongo-go-driver/releases) - [Commits](mongodb/mongo-go-driver@v2.5.0...v2.6.0) Updates `go.opentelemetry.io/otel` from 1.40.0 to 1.41.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.40.0...v1.41.0) Updates `go.opentelemetry.io/otel/sdk` from 1.40.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.40.0...v1.43.0) Updates `go.opentelemetry.io/otel/trace` from 1.40.0 to 1.43.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.40.0...v1.43.0) Updates `golang.org/x/sync` from 0.19.0 to 0.20.0 - [Commits](golang/sync@v0.19.0...v0.20.0) Updates `golang.org/x/time` from 0.12.0 to 0.15.0 - [Commits](golang/time@v0.12.0...v0.15.0) Updates `k8s.io/api` from 0.35.0 to 0.36.0 - [Commits](kubernetes/api@v0.35.0...v0.36.0) Updates `k8s.io/apimachinery` from 0.35.0 to 0.36.0 - [Commits](kubernetes/apimachinery@v0.35.0...v0.36.0) Updates `k8s.io/client-go` from 0.35.0 to 0.36.0 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.9.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/redis/go-redis/v9 dependency-version: 9.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/testcontainers/testcontainers-go dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/testcontainers/testcontainers-go/modules/postgres dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/testcontainers/testcontainers-go/modules/redis dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github.com/uptrace/bun dependency-version: 1.2.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github.com/uptrace/bun/dialect/pgdialect dependency-version: 1.2.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github.com/uptrace/bun/driver/pgdriver dependency-version: 1.2.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: github.com/xraph/forge dependency-version: 1.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: go.mongodb.org/mongo-driver/v2 dependency-version: 2.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: go.opentelemetry.io/otel dependency-version: 1.41.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: go.opentelemetry.io/otel/trace dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: golang.org/x/sync dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: golang.org/x/time dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: k8s.io/api dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: k8s.io/apimachinery dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: k8s.io/client-go dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-04T09:15:55Z

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

vercel · 2026-05-04T09:15:57Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
dispatch	Ready	Preview, Comment	May 4, 2026 9:16am

vercel Bot deployed to Preview May 4, 2026 09:16 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the minor-and-patch group across 1 directory with 18 updates#23

build(deps): bump the minor-and-patch group across 1 directory with 18 updates#23
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/minor-and-patch-4cd6831cb5

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

vercel Bot commented May 4, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 4, 2026

5.9.2 (April 18, 2026)

5.9.1 (March 22, 2026)

5.9.0 (March 21, 2026)

9.19.0

🚀 Highlights

FIPS-Compatible Script Helper

FT.AGGREGATE Step-Based Pipeline Builder

Raw RESP Protocol Access

Configurable Dial Retry Backoff

✨ New Features

🐛 Bug Fixes

9.19.0 (2026-04-27)

🚀 Highlights

FIPS-Compatible Script Helper

FT.AGGREGATE Step-Based Pipeline Builder

Raw RESP Protocol Access

Configurable Dial Retry Backoff

✨ New Features

🐛 Bug Fixes

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

🧹 Housekeeping

📦 Dependency updates

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

🧹 Housekeeping

📦 Dependency updates

v0.42.0

What's Changed

⚠️ Breaking Changes

🔒 Security

🐛 Bug Fixes

🧹 Housekeeping

📦 Dependency updates

v1.2.18

v1.2.17

1.2.18 (2026-02-28)

Bug Fixes

1.2.17 (2026-02-21)

Bug Fixes

Features

Uh oh!

dependabot Bot commented on behalf of github May 4, 2026

Labels

Uh oh!

vercel Bot commented May 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

vercel Bot commented May 4, 2026 •

edited

Loading