chore(deps): bump the go-updates group across 1 directory with 10 updates

[dependabot]

Bumps the go-updates group with 8 updates in the / directory:

Package	From	To
github.com/btcsuite/btcd/btcec/v2	2.3.6	2.5.0
github.com/decred/dcrd/dcrec/secp256k1/v4	4.4.0	4.4.1
github.com/go-git/go-git/v5	5.18.0	5.19.1
github.com/go-resty/resty/v2	2.17.1	2.17.2
github.com/labstack/echo/v4	4.15.0	4.15.2
github.com/pressly/goose/v3	3.26.0	3.27.1
github.com/rabbitmq/amqp091-go	1.10.0	1.11.0
github.com/testcontainers/testcontainers-go	0.40.0	0.42.0

Updates github.com/btcsuite/btcd/btcec/v2 from 2.3.6 to 2.5.0

Commits

• 258049c Merge pull request #1825 from guggero/btcec-v2-no-circular-dep
• b29ce97 rpcwebsocket: fi linter complaint about unused functions
• 9dfa926 server: fix linter issue
• c0cfa06 multi: update make and CI goals with new packages
• dccea8f multi: use new v2 modules everywhere
• c0db6df psbt: move to top-level module, use v2, remove btcutil dep
• e9ec6ec btcutil: remove circular dependency, use v2
• 55a463a txscript: turn into own module, use v2
• 3000c45 address: move to top-level module, use v2
• bd65d6d chaincfg: add own module, use v2
• Additional commits viewable in compare view

Updates github.com/decred/dcrd/dcrec/secp256k1/v4 from 4.4.0 to 4.4.1

Commits

• 76c0dc4 secp256k1: Deprecate elliptic.Curve impl methods.
• 9cfcb7e secp256k1: Reduce compat shim inputs mod prime.
• 0186937 secp256k1: Add compat shim unreduced input tests.
• 3612094 secp256k1: Add more compat shim curve member tests.
• fa3f704 docs: Update README.md to required Go 1.25/1.26.
• f3224a6 build: Test against Go 1.26.
• cc82c10 build: Update golangci-lint to v2.9.0.
• 7c01e57 build: Update to latest action versions.
• 9516143 mixing: Increment PRNG seed nonce for each test
• 8aa2ac0 docker: Update image to golang:1.26.0-alpine3.23.
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.18.0 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

• v5: plumbing: transport/ssh, Shell-quote path by @​hiddeco in go-git/go-git#2068
• v5: git: submodule, Fix relative URL resolution by @​hiddeco in go-git/go-git#2070
• v5: git: submodule, canonical remote for relative URLs by @​hiddeco in go-git/go-git#2074
• v5: git: submodule, error on remote without URLs by @​hiddeco in go-git/go-git#2078
• v5: plumbing: format/idxfile, Validate offset64 indices by @​hiddeco in go-git/go-git#2084
• v5: *: Reject malformed variable-length integers by @​hiddeco in go-git/go-git#2092
• v5: plumbing: format/packfile, Tighten delta validation by @​hiddeco in go-git/go-git#2091
• v5: Add worktreeFilesystem wrapper for worktree and hardening by @​hiddeco in go-git/go-git#2100
• v5: config: validate submodule names by @​hiddeco in go-git/go-git#2082
• build: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#2111
• v5: git: Allow MkdirAll on worktree-root paths by @​hiddeco in go-git/go-git#2117
• v5: git: Stop validating symlink target paths by @​pjbgf in go-git/go-git#2116
• v5: plumbing: format decoder input bounds and contracts by @​hiddeco in go-git/go-git#2125
• plumbing: format/packfile, cap delta chain depth in parser by @​pjbgf in go-git/go-git#2137

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

v5.19.0

What's Changed

• build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#2010
• v5: Bump sha1cd and go-billy by @​pjbgf in go-git/go-git#2060
• v5: Align object encoding with upstream by @​pjbgf in go-git/go-git#2065

Full Changelog: go-git/go-git@v5.18.0...v5.19.0

Commits

• 3c3be60 Merge pull request #2137 from go-git/validate-v5
• 3fba897 plumbing: format/packfile, cap delta chain depth in parser
• a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
• aeaa125 plumbing: format/objfile, require Header before Read
• 1f38e17 plumbing: format/packfile, bound inflate size
• f7545a0 plumbing: format/idxfile, bound nr by file size
• 170b881 Merge pull request #2116 from pjbgf/symlink-v5
• 7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
• f0709b3 git: Stop validating symlink target paths
• 776d00f git: Allow MkdirAll on worktree-root paths
• Additional commits viewable in compare view

Updates github.com/go-resty/resty/v2 from 2.17.1 to 2.17.2

Release notes

Sourced from github.com/go-resty/resty/v2's releases.

v2.17.2

Release Notes

Backport

• backport: header deepcopy fix by @​jeevatkm in go-resty/resty#1110

Release

• release: version bump to v2.17.2 and readme update by @​jeevatkm in go-resty/resty#1112

Full Changelog: go-resty/resty@v2.17.1...v2.17.2

Commits

• b1b3aaa release: version bump to v2.17.2 and readme update (#1112)
• fb4a091 backport: header deepcopy fix (#1110)
• See full diff in compare view

Updates github.com/labstack/echo/v4 from 4.15.0 to 4.15.2

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.15.1

What's Changed

• CSRF: support older token-based CSRF protection handler that want to render token into template by @​aldas in labstack/echo#2905

Full Changelog: labstack/echo@v4.15.0...v4.15.1

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.15.2 - 2026-05-01

Security

• Context.Scheme() should validate values taken from header by @​aldas in labstack/echo#2962

Thanks to @​shblue21 for reporting this issue.

v4.15.1 - 2026-02-22

Enhancements

• CSRF: support older token-based CSRF protection handler that want to render token into template by @​aldas in labstack/echo#2905

Commits

• 25685e6 Merge pull request #2963 from aldas/v4_changelog_4_15_2
• f9d7689 Changelog for v4.15.2
• 37fff28 Merge pull request #2962 from aldas/v4_valid_proto
• ca4f38a Context.Scheme should validate values taken from header
• 2e527a7 Update CI, update deps
• 6f3a84a Merge pull request #2905 from aldas/v4_crsf_token_fallback
• 24fa4d0 CSRF: support older token-based CSRF protection handler that want to render t...
• See full diff in compare view

Updates github.com/labstack/gommon from 0.4.2 to 0.5.0

Release notes

Sourced from github.com/labstack/gommon's releases.

v0.5.0

Highlights

• email: SMTPS / implicit TLS on port 465. smtp.SendMail only speaks plain + STARTTLS, so Resend/SendGrid/etc. on :465 hang on the handshake. Detect port 465 and dial TLS directly. Added Email.TLSConfig (custom root pool / ServerName; always cloned per send) and Email.DialTimeout (scoped to the TCP/TLS connect phase).
• email: no silent cleartext downgrade. Drive Hello() explicitly so a failed EHLO can't be swallowed and mis-read as "STARTTLS not advertised".
• log: silence 14 go vet printf warnings. Split the internal log() method; public signatures unchanged. TestCallerFile guards the runtime.Caller skip.
• random: fix sync.Pool copy in New(). Construct the pool directly on the struct — sync.Pool must not be copied after first use.

Toolchain (breaking)

• Go directive bumped 1.18 → 1.23.0 to align with labstack/echo. Consumers on Go <1.23 should stay on v0.4.2.
• CI matrix: 1.23 / 1.24 / 1.25 / 1.26 × ubuntu / macos / windows.
• Deps refreshed: testify 1.8.4 → 1.11.1, go-colorable 0.1.13 → 0.1.14, go-isatty 0.0.20 → 0.0.21, x/sys 0.15.0 → 0.29.0 (highest that still supports Go 1.23).

Non-breaking code changes

• bytes/bytes_test.go: replaced Parse(\"8EiB\") assertions with Parse(\"7EiB\") — 2^63 overflowed int64 and relied on implementation-defined float-to-int behavior.

Full diff

labstack/gommon#62

Commits

• 2659cda fix: SMTPS support + align toolchain with echo (#62)
• See full diff in compare view

Updates github.com/pressly/goose/v3 from 3.26.0 to 3.27.1

Release notes

Sourced from github.com/pressly/goose/v3's releases.

v3.27.1

What's Changed

• Dependency updates

Full Changelog: pressly/goose@v3.27.0...v3.27.1

v3.27.0

What's Changed

Added

• Preliminary Spanner dialect support (#966)

Changed

• Minimum Go version is now 1.25
• SQL migration templates no longer include StatementBegin and StatementEnd annotations. These are only needed for complex statements containing semicolons (e.g., stored procedures). See docs for details.
• Various dependency upgrades

Other

• Added formatting for YDB table names to include folder (#1007)
• Fix tests for StarRocks 3.5 (#1024)
• CI improvements (#1000, #1005, #1008)

Full Changelog: pressly/goose@v3.26.0...v3.27.0

Changelog

Sourced from github.com/pressly/goose/v3's changelog.

[v3.27.1] - 2026-04-24

Changed

• Bump minimum Go version to 1.25.7
• Various dependency upgrades

[v3.27.0] - 2026-02-22

Added

• Preliminary Spanner dialect support (#966)

Changed

• Minimum Go version is now 1.25
• SQL migration templates no longer include StatementBegin and StatementEnd annotations. These are only needed for complex statements containing semicolons (e.g., stored procedures). See docs for details.
• Various dependency upgrades

Commits

• e3235f7 release: v3.27.1
• 883e2f7 build(deps): bump Go and dependency versions (#1067)
• 2e2fe5c build(deps): bump the gomod group with 3 updates (#1048)
• 21176ca build(deps): bump modernc.org/sqlite from 1.46.1 to 1.47.0 in the gomod group...
• e7bd535 build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 (#1042)
• f9c7cb4 build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /internal/t...
• b6220db build(deps): bump the gomod group across 1 directory with 3 updates (#1041)
• 65e320f docs: fix README escaping marker in ENVSUB example (#1037)
• 18f6ef7 build(deps): bump goreleaser/goreleaser-action from 6 to 7 (#1036)
• de28e04 docs: update v3.27.0 release notes with Go 1.25 minimum and dep upgrades
• Additional commits viewable in compare view

Updates github.com/rabbitmq/amqp091-go from 1.10.0 to 1.11.0

Release notes

Sourced from github.com/rabbitmq/amqp091-go's releases.

v1.11.0

What's Changed

• add methods Temporary and Recoverable to amqp.Error by @​peczenyj in rabbitmq/amqp091-go#265
• Small fixes and refactors by @​peczenyj in rabbitmq/amqp091-go#266
• chore: doc typo by @​AndrewWinterman in rabbitmq/amqp091-go#269
• Add test that demonstrates the issue by @​lukebakken in rabbitmq/amqp091-go#274
• Fixing simple errors by @​korolev-d-l in rabbitmq/amqp091-go#280
• Expose delivery not initialised error by @​Zerpet in rabbitmq/amqp091-go#293
• fix: unify receiver methods to avoid conflicts between value and pointer types by @​Raisul191491 in rabbitmq/amqp091-go#292
• Add warning about concurrency with Channels by @​Zerpet in rabbitmq/amqp091-go#294
• Return existing error instead of creating new for the same purpose by @​pingvincible in rabbitmq/amqp091-go#295
• Investigate GH-296 by @​lukebakken in rabbitmq/amqp091-go#297
• Fix linter error after migrating config to v2 by @​Zerpet in rabbitmq/amqp091-go#306
• feat: add MIME types constants for content types by @​YlanzinhoY in rabbitmq/amqp091-go#308
• Fix parseHeaderFrame to consume entire frame payload by @​lukebakken in rabbitmq/amqp091-go#314
• fix: typos in comments and tests by @​alexandear in rabbitmq/amqp091-go#312
• docs: update link to RabbitMQ tutorials by @​alexandear in rabbitmq/amqp091-go#313
• fix: modernize lint issues by @​alexandear in rabbitmq/amqp091-go#315
• Use RabbitMQ 4 in Makefile by @​Zerpet in rabbitmq/amqp091-go#319
• Add support for unsigned type values by @​Zerpet in rabbitmq/amqp091-go#317
• Fix incomplete routing diagram in QueueBind doc comment by @​Copilot in rabbitmq/amqp091-go#320
• refactor: simplify with atomic types by @​alexandear in rabbitmq/amqp091-go#318
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in rabbitmq/amqp091-go#321
• Bump the github-actions group with 4 updates by @​dependabot[bot] in rabbitmq/amqp091-go#326
• Eliminate race condition in Connection.Close() and related methods by @​Zerpet in rabbitmq/amqp091-go#328
• fix: respect context cancellation on publishing with context operations by @​NawafSwe in rabbitmq/amqp091-go#330

New Contributors

• @​peczenyj made their first contribution in rabbitmq/amqp091-go#265
• @​AndrewWinterman made their first contribution in rabbitmq/amqp091-go#269
• @​korolev-d-l made their first contribution in rabbitmq/amqp091-go#280
• @​Raisul191491 made their first contribution in rabbitmq/amqp091-go#292
• @​pingvincible made their first contribution in rabbitmq/amqp091-go#295
• @​YlanzinhoY made their first contribution in rabbitmq/amqp091-go#308
• @​alexandear made their first contribution in rabbitmq/amqp091-go#312
• @​Copilot made their first contribution in rabbitmq/amqp091-go#320
• @​NawafSwe made their first contribution in rabbitmq/amqp091-go#330

Full Changelog: rabbitmq/amqp091-go@v1.10.0...v1.11.0

Changelog

Sourced from github.com/rabbitmq/amqp091-go's changelog.

v1.11.0 (2026-04-21)

Full Changelog

Implemented enhancements:

• add better debug information on DialConfig #245

Fixed bugs:

• Channel error when acking via go-routines #296

Closed issues:

• PR #318 exposes a pre-existing race in Connection.Close(). #327
• Entire header frame isn't always read #309
• Incomplete support of 0-9-1 field type values #302
• Redelivered Flag Not Exposed #301
• consume input basicConsumeOk but response queueBindOk #291
• Channel is closed after Channel.ExchangeDeclarePassive fails #290
• Incomplete example in (*Channel).QueueBind documentation #279
• QueueDeclarePassive does not report queue type mismatch #273
• Release 1.10.0 #261
• Update minimum Go version to 1.18 #146

Merged pull requests:

• fix: respect context cancellation on publishing with context operations #330 (NawafSwe)
• Eliminate race condition in Connection.Close() and related methods #328 (Zerpet)
• Bump the github-actions group with 4 updates #326 (dependabot[bot])
• Bump github/codeql-action from 3 to 4 #321 (dependabot[bot])
• Fix incomplete routing diagram in QueueBind doc comment #320 (Copilot)
• Use RabbitMQ 4 in Makefile #319 (Zerpet)
• refactor: simplify with atomic types #318 (alexandear)
• Add support for unsigned type values #317 (Zerpet)
• fix: modernize lint issues #315 (alexandear)
• Fix parseHeaderFrame to consume entire frame payload #314 (lukebakken)
• docs: update link to RabbitMQ tutorials #313 (alexandear)
• fix: typos in comments and tests #312 (alexandear)
• feat: add MIME types constants for content types #308 (YlanzinhoY)
• Fix linter error after migrating config to v2 #306 (Zerpet)
• Investigate GH-296 #297 (lukebakken)
• Return existing error instead of creating new for the same purpose #295 (pingvincible)
• Add warning about concurrency with Channels #294 (Zerpet)
• Expose delivery not initialised error #293 (Zerpet)
• fix: unify receiver methods to avoid conflicts between value and pointer types #292 (Raisul191491)
• Fixing simple errors #280 (korolev-d-l)
• Add test that demonstrates the issue #274 (lukebakken)
• chore: doc typo #269 (AndrewWinterman)
• Small fixes and refactors #266 (peczenyj)

... (truncated)

Commits

• 5fdceeb Version 1.11.0
• a426238 Merge pull request #330 from NawafSwe/chore-329/publish-with-context-fix
• 6d3ec4f chore: follow gate-keeper approach for context management in publish
• 301e296 chore: respect context cancellation in PublishWithDeferredConfirmWithContext ...
• dbf5f69 chore: respect context cancellation in PublishWithContext function
• 9665ac6 Merge pull request #328 from rabbitmq/fix-race-condition
• 86058c1 go fmt
• e6b63d7 Add a concurrent connection closure test #328
• b5b3c52 Connection: briefly explain the purpose of each sync.Once
• 5f7f528 fix: eliminate race condition in Connection.Close() and related methods
• Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go from 0.40.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

• chore!: migrate to moby modules (#3591) @​thaJeztah

🔒 Security

• chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah

🐛 Bug Fixes

• fix: return an error when docker host cannot be retrieved (#3613) @​ash2k

🧹 Housekeeping

• chore: gitignore Gas Town agent artifacts (#3633) @​mdelapenya
• fix(usage-metrics): include last release in the legend pop over (#3630) @​mdelapenya
• chore: update usage metrics (2026-04) (#3621) @github-actions[bot]
• fix(usage-metrics): order of actions matters (#3623) @​mdelapenya
• fix(usage-metrics): reduce rate-limit cascade errors (#3622) @​mdelapenya
• fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#3620) @​mdelapenya

📦 Dependency updates

• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]
• chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]
• chore: update to Go 1.25.9, 1.26.9 (#3647) @​thaJeztah
• chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @​thaJeztah
• chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah
• chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]
• chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]
• chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]
• fix(localstack): accept community-archive as a valid tag (#3601) @​johnduhart
• chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]
• chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]
• chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]
• chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]
• chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits

• 6e58418 chore: use new version (v0.42.0) in modules and examples
• f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
• 300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
• 7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
• 5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
• fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
• 95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
• 75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
• 2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
• 580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
• Additional commits viewable in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits

• ec11c4a errgroup: fix a typo in the documentation
• 1a58307 all: modernize interface{} -> any
• 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view