build(deps): bump the other-dependencies group across 2 directories with 1 update by dependabot[bot] · Pull Request #263 · go-openapi/strfmt

dependabot · 2026-06-05T13:33:46Z

Bumps the other-dependencies group with 1 update in the / directory: github.com/jackc/pgx/v5.
Bumps the other-dependencies group with 1 update in the /internal/testintegration directory: github.com/jackc/pgx/v5.

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)

Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)

Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)

Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)

pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)

Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)

Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)

Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)

Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)

Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)

Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

Fix scanning "char" (OID 18) into *string in binary format (luongs3)

Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)

Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)

Fix data race when context is cancelled during connect

Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)

pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)

pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)

pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check

Add missing error check of rows.Err to load types (Jen Altavilla)

Commits

7293fb1 Update changelog for v5.10.0
1ade285 pgconn: document secure connection configuration
b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
b28e65b pgtype: bound array element count against remaining message bytes
cd1f389 pgtype: bound array binary decode element length against remaining bytes
ff27b5b pgtype: bound hstore binary decode against malicious server input
a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
44f6173 pgconn: cap server-supplied SCRAM iteration count
1a976f7 pgconn: add require_auth to restrict accepted server auth methods
Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)

Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)

Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)

Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)

pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)

Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)

Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)

Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)

Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)

Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)

Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

Fix scanning "char" (OID 18) into *string in binary format (luongs3)

Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)

Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)

Fix data race when context is cancelled during connect

Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)

pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)

pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)

pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check

Add missing error check of rows.Err to load types (Jen Altavilla)

Commits

7293fb1 Update changelog for v5.10.0
1ade285 pgconn: document secure connection configuration
b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
b28e65b pgtype: bound array element count against remaining message bytes
cd1f389 pgtype: bound array binary decode element length against remaining bytes
ff27b5b pgtype: bound hstore binary decode against malicious server input
a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
44f6173 pgconn: cap server-supplied SCRAM iteration count
1a976f7 pgconn: add require_auth to restrict accepted server auth methods
Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)

Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)

Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)

Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)

pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)

Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)

Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)

Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)

Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)

Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)

Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

Fix scanning "char" (OID 18) into *string in binary format (luongs3)

Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)

Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)

Fix data race when context is cancelled during connect

Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)

pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)

pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)

pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check

Add missing error check of rows.Err to load types (Jen Altavilla)

Commits

7293fb1 Update changelog for v5.10.0
1ade285 pgconn: document secure connection configuration
b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
b28e65b pgtype: bound array element count against remaining message bytes
cd1f389 pgtype: bound array binary decode element length against remaining bytes
ff27b5b pgtype: bound hstore binary decode against malicious server input
a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
44f6173 pgconn: cap server-supplied SCRAM iteration count
1a976f7 pgconn: add require_auth to restrict accepted server auth methods
Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.2 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)

Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)

Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)

Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)

pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)

Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)

Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)

Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)

Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)

Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)

Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)

Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

Fix scanning "char" (OID 18) into *string in binary format (luongs3)

Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)

Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)

Fix data race when context is cancelled during connect

Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)

pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)

pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)

pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check

Add missing error check of rows.Err to load types (Jen Altavilla)

Commits

7293fb1 Update changelog for v5.10.0
1ade285 pgconn: document secure connection configuration
b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
b28e65b pgtype: bound array element count against remaining message bytes
cd1f389 pgtype: bound array binary decode element length against remaining bytes
ff27b5b pgtype: bound hstore binary decode against malicious server input
a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
44f6173 pgconn: cap server-supplied SCRAM iteration count
1a976f7 pgconn: add require_auth to restrict accepted server auth methods
Additional commits viewable in compare view

codecov · 2026-06-05T13:38:01Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.50%. Comparing base (7841767) to head (1e69fbb).
⚠️ Report is 4 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #263   +/-   ##
=======================================
  Coverage   86.50%   86.50%           
=======================================
  Files          18       18           
  Lines        2467     2467           
=======================================
  Hits         2134     2134           
  Misses        230      230           
  Partials      103      103

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

…ith 1 update Bumps the other-dependencies group with 1 update in the / directory: [github.com/jackc/pgx/v5](https://github.com/jackc/pgx). Bumps the other-dependencies group with 1 update in the /internal/testintegration directory: [github.com/jackc/pgx/v5](https://github.com/jackc/pgx). Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.9.2...v5.10.0) Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.9.2...v5.10.0) Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.9.2...v5.10.0) Updates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0 - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](jackc/pgx@v5.9.2...v5.10.0) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: other-dependencies - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: other-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 5, 2026

github-actions Bot approved these changes Jun 5, 2026

View reviewed changes

dependabot Bot force-pushed the dependabot/go_modules/other-dependencies-13d5ccba70 branch from aada2a2 to 1e69fbb Compare June 7, 2026 09:45

github-actions Bot approved these changes Jun 7, 2026

View reviewed changes

fredbi merged commit 0ac85fa into master Jun 7, 2026
23 checks passed

fredbi deleted the dependabot/go_modules/other-dependencies-13d5ccba70 branch June 7, 2026 10:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the other-dependencies group across 2 directories with 1 update#263

build(deps): bump the other-dependencies group across 2 directories with 1 update#263
fredbi merged 1 commit into
masterfrom
dependabot/go_modules/other-dependencies-13d5ccba70

dependabot Bot commented on behalf of github Jun 5, 2026 •

edited

Loading

Uh oh!

codecov Bot commented Jun 5, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

5.10.0 (June 3, 2026)

Features

Security Hardening

Fixes

5.10.0 (June 3, 2026)

Features

Security Hardening

Fixes

5.10.0 (June 3, 2026)

Features

Security Hardening

Fixes

5.10.0 (June 3, 2026)

Features

Security Hardening

Fixes

Uh oh!

codecov Bot commented Jun 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Jun 5, 2026 •

edited

Loading

codecov Bot commented Jun 5, 2026 •

edited

Loading