chore(deps): bump the go-deps group across 1 directory with 24 updates

[dependabot]

Bumps the go-deps group with 14 updates in the / directory:

Package	From	To
github.com/anthropics/anthropic-sdk-go	1.36.0	1.51.0
github.com/getkin/kin-openapi	0.135.0	0.140.0
github.com/jackc/pgx/v5	5.9.1	5.10.0
github.com/quic-go/quic-go	0.59.0	0.60.0
github.com/quic-go/webtransport-go	0.10.0	0.11.0
github.com/rabbitmq/amqp091-go	1.10.0	1.12.0
github.com/redis/go-redis/v9	9.18.0	9.20.1
go.opentelemetry.io/otel	1.43.0	1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	0.19.0	0.20.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	1.43.0	1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	1.43.0	1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	1.43.0	1.44.0
google.golang.org/genai	1.54.0	1.61.0
modernc.org/sqlite	1.48.2	1.52.0

Updates github.com/anthropics/anthropic-sdk-go from 1.36.0 to 1.51.0

Release notes

Sourced from github.com/anthropics/anthropic-sdk-go's releases.

v1.51.0

1.51.0 (2026-06-18)

Full Changelog: v1.50.2...v1.51.0

Features

• api: add support for new code_execution_20260120 tool (f54a4a8)

v1.50.2

1.50.2 (2026-06-15)

Full Changelog: v1.50.1...v1.50.2

Chores

• api: remove retired models from API and SDKs (11f5c82)

v1.50.1

1.50.1 (2026-06-09)

Full Changelog: v1.50.0...v1.50.1

Bug Fixes

• api: add frontier_llm refusal category (9ebbaf7)

v1.50.0

1.50.0 (2026-06-09)

Full Changelog: v1.49.0...v1.50.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (f72e1d8)

v1.49.0

1.49.0 (2026-06-09)

Full Changelog: v1.48.0...v1.49.0

Features

• api: add support for claude-mythos-5 and claude-fable-5, with support for server-side fallbacks on refusal (782f223)
• client: adds client-side fallbacks middleware for API providers that do not support server-side fallbacks (782f223)

Bug Fixes

• 3p middleware ordering (#38) (8f47086)

... (truncated)

Changelog

Sourced from github.com/anthropics/anthropic-sdk-go's changelog.

1.51.0 (2026-06-18)

Full Changelog: v1.50.2...v1.51.0

Features

• api: add support for new code_execution_20260120 tool (f54a4a8)

1.50.2 (2026-06-15)

Full Changelog: v1.50.1...v1.50.2

Chores

• api: remove retired models from API and SDKs (11f5c82)

1.50.1 (2026-06-09)

Full Changelog: v1.50.0...v1.50.1

Bug Fixes

• api: add frontier_llm refusal category (9ebbaf7)

1.50.0 (2026-06-09)

Full Changelog: v1.49.0...v1.50.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (f72e1d8)

1.49.0 (2026-06-09)

Full Changelog: v1.48.0...v1.49.0

Features

• api: add support for claude-mythos-5 and claude-fable-5, with support for server-side fallbacks on refusal (782f223)
• client: adds client-side fallbacks middleware for API providers that do not support server-side fallbacks (782f223)

Bug Fixes

• 3p middleware ordering (#38) (8f47086)

1.48.0 (2026-06-06)

Full Changelog: v1.47.0...v1.48.0

... (truncated)

Commits

• 4fad069 release: 1.51.0
• 0561e1b feat(api): add support for new code_execution_20260120 tool
• e65c5be release: 1.50.2
• 5494576 chore(api): remove retired models from API and SDKs
• def8bad release: 1.50.1
• df4ec29 fix(api): add frontier_llm refusal category
• 375a007 release: 1.50.0
• 3befb3e feat(api): add support for Managed Agents deployments and environment variabl...
• 4dbdaea release: 1.49.0
• 5aef221 feat(api): add support for claude-mythos-5 and claude-fable-5, with support f...
• Additional commits viewable in compare view

Updates github.com/getkin/kin-openapi from 0.135.0 to 0.140.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.140.0

What's Changed

• openapi3: document that a custom ReadFromURIFunc bypasses IsExternalRefsAllowed by @​reuvenharrison in getkin/kin-openapi#1191
• openapi3: remove deepcopy dependency by @​alexandear in getkin/kin-openapi#1193
• openapi3: remove decimal128 dependency by @​alexandear in getkin/kin-openapi#1194
• refactor: apply modernize fixes by @​alexandear in getkin/kin-openapi#1195
• openapi2,openapi3: replace marshmallow with encoding/json by @​alexandear in getkin/kin-openapi#1196
• docs: update GoDoc links to Go Reference by @​alexandear in getkin/kin-openapi#1197
• chore: bump jsonpointer to v0.22.5 by @​alexandear in getkin/kin-openapi#1198

Full Changelog: getkin/kin-openapi@v0.139.0...v0.140.0

v0.139.0

What's Changed

• feat(openapi3): batch-convert long-tail RequiredFieldError sites by @​reuvenharrison in getkin/kin-openapi#1170
• feat(openapi3): typed validation error clusters (combined: #1171-#1179) by @​reuvenharrison in getkin/kin-openapi#1180
• openapi3gen: skip component export for anonymous types by @​0-don in getkin/kin-openapi#1163
• feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTimestamps by @​reuvenharrison in getkin/kin-openapi#1181
• openapi3: typed context errors for Validate() wrapper chain by @​reuvenharrison in getkin/kin-openapi#1183
• openapi3: track Origin on the document root (T) by @​reuvenharrison in getkin/kin-openapi#1184
• openapi3: tests flakiness corrected by @​fenollp in getkin/kin-openapi#1159
• openapi3: aggregate independent validation errors via EnableMultiError by @​reuvenharrison in getkin/kin-openapi#1185
• openapi3: fix validation of duplicated path templates by @​reuvenharrison in getkin/kin-openapi#1189
• openapi3: type the remaining bare-error validation sites by @​reuvenharrison in getkin/kin-openapi#1187

Full Changelog: getkin/kin-openapi@v0.138.0...v0.139.0

v0.138.0

What's Changed

• openapi3gen: clear nullable on exported component bodies by @​0-don in getkin/kin-openapi#1164
• openapi3: add test for issue #927 (nullable not respected on $ref schemas) by @​fenollp in getkin/kin-openapi#1165
• test: move public-API tests to external _test packages by @​fenollp in getkin/kin-openapi#1168
• feat(openapi3): add per-type validation errors with cluster wrappers by @​reuvenharrison in getkin/kin-openapi#1166
• feat(openapi3conv): canonicalization pass for 3.0 -> 3.x by @​reuvenharrison in getkin/kin-openapi#1162
• openapi3conv: test Upgrade on many documents by @​fenollp in getkin/kin-openapi#1169

Full Changelog: getkin/kin-openapi@v0.137.0...v0.138.0

v0.137.0

What's Changed

• revert to go 1.25 and revert cc4f8d99 by @​fenollp in getkin/kin-openapi#1161

Full Changelog: getkin/kin-openapi@v0.136.0...v0.137.0

v0.136.0

What's Changed

... (truncated)

Commits

• 5124898 chore: bump jsonpointer to v0.22.5 (#1198)
• 5ece4a3 docs: update GoDoc links to Go Reference (#1197)
• b8600c5 openapi2,openapi3: remove marshmallow dependency (#1196)
• 3a5ddcd refactor: apply modernize fixes (#1195)
• 742704d openapi3: remove decimal128 dependency (#1194)
• 368327b openapi3: remove deepcopy dependency (#1193)
• 4dc207c openapi3: document that a custom ReadFromURIFunc bypasses IsExternalRefsAllow...
• 8381bfc openapi3: type the remaining bare-error validation sites (#1187)
• d29b5c0 openapi3: fix validation of duplicated path templates (#1189)
• e56c2c7 openapi3: aggregate independent validation errors via EnableMultiError (#1185)
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.1 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

• Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)
• Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)
• Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)
• Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)
• pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

• Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)
• Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)
• Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)
• Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)
• Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
• Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
• Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)
• Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)
• Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

• Fix scanning "char" (OID 18) into *string in binary format (luongs3)
• Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)
• Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)
• Fix data race when context is cancelled during connect
• Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)
• pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)
• pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)
• pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check
• Add missing error check of rows.Err to load types (Jen Altavilla)

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

1. The non-default simple protocol is used.
2. A dollar quoted string literal is used in the SQL query.
3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
4. The value of that placeholder is controllable by the attacker.

... (truncated)

Commits

• 7293fb1 Update changelog for v5.10.0
• 1ade285 pgconn: document secure connection configuration
• b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
• 0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
• b28e65b pgtype: bound array element count against remaining message bytes
• cd1f389 pgtype: bound array binary decode element length against remaining bytes
• ff27b5b pgtype: bound hstore binary decode against malicious server input
• a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
• 44f6173 pgconn: cap server-supplied SCRAM iteration count
• 1a976f7 pgconn: add require_auth to restrict accepted server auth methods
• Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.59.0 to 0.60.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.60.0

Starting with v0.60.0, quic-go is ready for use in FIPS 140-3 environments when built with Go 1.26 or newer and used with the Go Cryptographic Module. See FIPS140.md for details.

This required a number of changes:

• switch QUIC HKDF usage to the standard library crypto/hkdf: #5461
• use the Go standard library's TLS 1.3 AES-GCM implementation for QUIC packet protection AEADs: #5624
• use cipher.NewGCMWithRandomNonce for address validation token encryption: #5625
• disable FIPS 140-3 enforcement for the Retry packet integrity tag, which is outside the FIPS 140-3 scope: #5630
• disable FIPS 140-3 enforcement for Initial packet protection, whose secrets are derived from public RFC constants: #5640
• guard the internal ChaCha20-Poly1305 code path so it is not used in FIPS 140-3 mode: #5633
• add FIPS / non-FIPS data transfer integration tests, including Retry and key updates: #5646

Breaking Changes

• quic-go now requires Go 1.25 or newer: #5561

Notable Fixes

• path probe packets now correctly pass the OOB data (needed to select the correct network interface in some system configurations): #5544, thanks to @​on-keyday
• cancel the Stream and SendStream context when the connection is closed: #5556, thanks to @​zvdy
• http3: validate Extended CONNECT ``:protocol` pseudo-header values according to HTTP token syntax: #5639
• http3: always set http.Request.Scheme and http.Request.Host: #5554, thanks to @​qiulaidongfeng
• http3: fixed a nil pointer dereference when Server.Logger is unset: #5671
• fix maximum datagram size estimation after MTU discovery: #5650, thanks to @​jinq0123
• OpenStreamSync now reliably returns the context error when the context is cancelled: #5660

Behind the scenes

In the last couple of months, we have reworked our fuzz setup and the integration into OSS-Fuzz: First of all, all fuzzers were rewritten to Go native fuzzing (#5592, #5599, #5600, #5603, #5613). We also added new fuzzers for the HTTP/3 frame parser (#5595), HTTP/3 request, response and trailer decoding (#5602) and the STREAM / CRYPTO frame sorter (#5620).

Since native Go fuzzing uses a different seed corpus format, we now use the newly implemented go-ossfuzz-seeds library to generate OSS-Fuzz compatible seed corpus files from f.Add calls.

We also enable ClusterFuzzLite batch fuzzing (#5605), including. a seed corpus (#5607). Fuzz coverage for both ClusterFuzzLite batch fuzzing (#5641) and for OSS-Fuzz fuzzing (#5655) is now submitted to Codecov.

Changelog

• README: update nodepass link and description in quic-go/quic-go#5545
• ci: always use the latest Go patch release by @​marten-seemann in quic-go/quic-go#5560
• ci: update golangci-lint to v2.9.0 by @​marten-seemann in quic-go/quic-go#5559
• update to Go 1.26, drop Go 1.24 by @​marten-seemann in quic-go/quic-go#5561
• remove synctest wrapper needed for Go 1.24 by @​marten-seemann in quic-go/quic-go#5563
• ci: remove stray golangci-lint rule for ConnectionTracing(ID|Key) by @​marten-seemann in quic-go/quic-go#5565
• handshake: use the tls.QUICErrorEvent added in Go 1.26 by @​marten-seemann in quic-go/quic-go#5564
• pass OOB data to select network interface when sending path probes by @​on-keyday in quic-go/quic-go#5544
• remove special treatment for Go 1.24 in tests by @​marten-seemann in quic-go/quic-go#5568
• remove unneeded version switches for ECH ClientHello fragmentation test by @​marten-seemann in quic-go/quic-go#5567
• use sync.WaitGroup.Go added in Go 1.25 by @​marten-seemann in quic-go/quic-go#5566
• README: Fix NodePass GitHub stars badge link in quic-go/quic-go#5570
• cancel stream context when the connection is closed by @​zvdy in quic-go/quic-go#5556
• http3: always set Scheme and Host of Request.URL field by @​qiulaidongfeng in quic-go/quic-go#5554

... (truncated)

Commits

• 7612ad1 fix maximum datagram size estimation after MTU discovery (#5650)
• c29d679 log build date and revisions in OSS-Fuzz build script (#5674)
• 2728695 ci: bump docker/setup-qemu-action from 4.0.0 to 4.1.0 (#5673)
• 4e4845b http3: fix nil pointer dereference when Server.Logger is unset (#5671)
• 25c8e61 make frame sorter fuzz corpus accessible to OSS-Fuzz (#5670)
• e444e69 ci: bump docker/login-action from 4.1.0 to 4.2.0 (#5668)
• 23256b5 ci: bump docker/setup-buildx-action from 4.0.0 to 4.1.0 (#5665)
• a7a3ef9 ci: bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#5666)
• 0b49963 ci: bump docker/build-push-action from 7.1.0 to 7.2.0 (#5667)
• 4f3577c ci: bump codecov/codecov-action from 6.0.0 to 6.0.1 (#5664)
• Additional commits viewable in compare view

Updates github.com/quic-go/webtransport-go from 0.10.0 to 0.11.0

Release notes

Sourced from github.com/quic-go/webtransport-go's releases.

v0.11.0

This release focuses on full compatibility with draft-15. The server keeps limited backwards compatibility with older draft clients where this is straightforward, but that compatibility is intentionally not comprehensive.

WebTransport flow control is not supported yet (see issue #256).

Breaking Changes

• webtransport-go now requires Go 1.25 or newer: #243

Protocol Changes

• Use SETTINGS_WT_ENABLED for WebTransport draft-version negotiation. The server continues to accept the old ENABLE_WEBTRANSPORT setting for compatibility with older clients: #254
• Send SETTINGS_WT_ENABLED from the client, as required by draft-15: #271 (thanks to @​tobbee)
• Use webtransport-h3 as the Extended CONNECT :protocol token. The server continues to accept the legacy webtransport token for compatibility with older clients: #280 (thanks to @​tomholford)
• Use the WT_REQUIREMENTS_NOT_MET error when the peer does not advertise the required HTTP/3 or WebTransport capabilities: #252
• Add support for the WT_ALPN_ERROR session error: #277
• Validate WebTransport session IDs before accepting incoming streams: #283
• Advertise SETTINGS values as required by Safari 26.4: #261 (thanks to @​birros)

New Features

• Added a runnable example server and client, including browser-side JavaScript and certificate hash verification in the Go client: #285

Notable Fixes

• Fixed a stream close race condition where ReceiveStream.Read or SendStream.Write could block forever when the local and remote side closed a session concurrently: #267 (thanks to @​aler9)
• Server.ListenAndServe now closes the UDP socket it creates: #274

What's Changed

• update to Go 1.26, drop Go 1.24 by @​marten-seemann in quic-go/webtransport-go#243
• build an image for the WebTransport Interop Runner by @​marten-seemann in quic-go/webtransport-go#244
• Bump docker/setup-buildx-action from 3 to 4 by @​dependabot[bot] in quic-go/webtransport-go#249
• Bump docker/build-push-action from 6 to 7 by @​dependabot[bot] in quic-go/webtransport-go#250
• Bump docker/login-action from 3 to 4 by @​dependabot[bot] in quic-go/webtransport-go#251
• Bump docker/setup-qemu-action from 3 to 4 by @​dependabot[bot] in quic-go/webtransport-go#248
• use the WT_REQUIREMENTS_NOT_MET error by @​marten-seemann in quic-go/webtransport-go#252
• use SETTINGS_WT_ENABLED introduced in draft-15 by @​marten-seemann in quic-go/webtransport-go#254
• ci: bump codecov/codecov-action from 5 to 6 by @​dependabot[bot] in quic-go/webtransport-go#260
• ci: bump nanasess/setup-chromedriver from 2 to 3 by @​dependabot[bot] in quic-go/webtransport-go#266
• ci: bump codecov/codecov-action from 6 to 7 by @​dependabot[bot] in quic-go/webtransport-go#268
• ci: pin non-GitHub-owned GitHub Actions by @​marten-seemann in quic-go/webtransport-go#270
• README: update to draft-15 by @​marten-seemann in quic-go/webtransport-go#273
• send SETTINGS_WT_ENABLED from the client by @​tobbee in quic-go/webtransport-go#271
• close UDP socket created by Server.ListenAndServe by @​marten-seemann in quic-go/webtransport-go#274
• run go fix across the entire codebase by @​marten-seemann in quic-go/webtransport-go#275
• ci: run go fix as part of the lint workflow by @​marten-seemann in quic-go/webtransport-go#276
• add support for the WT_ALPN_ERROR by @​marten-seemann in quic-go/webtransport-go#277
• fix stream close race condition on session close by @​aler9 in quic-go/webtransport-go#267
• fix flaky TestDatagrams by @​marten-seemann in quic-go/webtransport-go#278

... (truncated)

Commits

• 683e220 update quic-go to v0.60.0 (#287)
• 39cf509 send WebTransport SETTINGS expected by Safari 26.4 (#261)
• c7ca10b add an example server and client (#285)
• 1cdd8a0 implement validation of session IDs (#283)
• 6b0bec9 use webtransport-h3 as the :protocol upgrade token (#280)
• 81409ba fix flaky TestDatagrams (#278)
• 041fa66 fix stream close race condition on session close (#267)
• 134464b add support for the WT_ALPN_ERROR (#277)
• f062c1d ci: run go fix as part of the lint workflow (#276)
• 1ea6cd6 run go fix across the entire codebase (#275)
• Additional commits viewable in compare view

Updates github.com/rabbitmq/amqp091-go from 1.10.0 to 1.12.0

Release notes

Sourced from github.com/rabbitmq/amqp091-go's releases.

v1.12.0

What's Changed

• Fix integration tests for RabbitMQ 4.3 by @​suchitd in rabbitmq/amqp091-go#331
• Add pull request template by @​suchitd in rabbitmq/amqp091-go#332
• Bump CI windows workflow RabbitMQ and Erlang versions by @​suchitd in rabbitmq/amqp091-go#333
• Fix inconsistencies in the Makefile by @​suchitd in rabbitmq/amqp091-go#334
• Update CONTRIBUTING.md and .gitignore files by @​suchitd in rabbitmq/amqp091-go#335
• Add integration test for exchange-to-exchange binding and unbinding by @​suchitd in rabbitmq/amqp091-go#336
• Add integration tests for QueueUnbind and QueuePurge by @​suchitd in rabbitmq/amqp091-go#337
• Add integration test for publish with immediate flag by @​suchitd in rabbitmq/amqp091-go#338
• Fix Client example to work with RabbitMQ 4.3 by @​suchitd in rabbitmq/amqp091-go#341
• Add CLAUDE.md to repo by @​Zerpet in rabbitmq/amqp091-go#342
• Feature: implement automatic connection and channel recovery with state change notifications by @​suchitd in rabbitmq/amqp091-go#339
• doc: remove auto-reconnect from non-goals in README by @​suchitd in rabbitmq/amqp091-go#343
• Release v1.12.0 by @​suchitd in rabbitmq/amqp091-go#345

New Contributors

• @​suchitd made their first contribution in rabbitmq/amqp091-go#331

Full Changelog: rabbitmq/amqp091-go@v1.11.0...v1.12.0

v1.11.0

What's Changed

• add methods Temporary and Recoverable to amqp.Error by @​peczenyj in rabbitmq/amqp091-go#265
• Small fixes and refactors by @​peczenyj in rabbitmq/amqp091-go#266
• chore: doc typo by @​AndrewWinterman in rabbitmq/amqp091-go#269
• Add test that demonstrates the issue by @​lukebakken in rabbitmq/amqp091-go#274
• Fixing simple errors by @​korolev-d-l in rabbitmq/amqp091-go#280
• Expose delivery not initialised error by @​Zerpet in rabbitmq/amqp091-go#293
• fix: unify receiver methods to avoid conflicts between value and pointer types by @​Raisul191491 in rabbitmq/amqp091-go#292
• Add warning about concurrency with Channels by @​Zerpet in rabbitmq/amqp091-go#294
• Return existing error instead of creating new for the same purpose by @​pingvincible in rabbitmq/amqp091-go#295
• Investigate GH-296 by @​lukebakken in rabbitmq/amqp091-go#297
• Fix linter error after migrating config to v2 by @​Zerpet in rabbitmq/amqp091-go#306
• feat: add MIME types constants for content types by @​YlanzinhoY in rabbitmq/amqp091-go#308
• Fix parseHeaderFrame to consume entire frame payload by @​lukebakken in rabbitmq/amqp091-go#314
• fix: typos in comments and tests by @​alexandear in rabbitmq/amqp091-go#312
• docs: update link to RabbitMQ tutorials by @​alexandear in rabbitmq/amqp091-go#313
• fix: modernize lint issues by @​alexandear in rabbitmq/amqp091-go#315
• Use RabbitMQ 4 in Makefile by @​Zerpet in rabbitmq/amqp091-go#319
• Add support for unsigned type values by @​Zerpet in rabbitmq/amqp091-go#317
• Fix incomplete routing diagram in QueueBind doc comment by @​Copilot in rabbitmq/amqp091-go#320
• refactor: simplify with atomic types by @​alexandear in rabbitmq/amqp091-go#318
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in rabbitmq/amqp091-go#321
• Bump the github-actions group with 4 updates by @​dependabot[bot] in rabbitmq/amqp091-go#326
• Eliminate race condition in Connection.Close() and related methods by @​Zerpet in rabbitmq/amqp091-go#328
• fix: respect context cancellation on publishing with context operations by @​NawafSwe in rabbitmq/amqp091-go#330

New Contributors

• @​peczenyj made their first contribution in rabbitmq/amqp091-go#265

... (truncated)

Changelog

Sourced from github.com/rabbitmq/amqp091-go's changelog.

v1.12.0 (2026-06-16)

Full Changelog

Implemented enhancements:

• Feature: implement automatic connection and channel recovery with state change notifications #339 (suchitd)
• Add integration test for publish with immediate flag #338 (suchitd)
• Add integration tests for QueueUnbind and QueuePurge #337 (suchitd)
• Add integration test for exchange-to-exchange binding and unbinding #336 (suchitd)

Fixed bugs:

• Fix Client example to work with RabbitMQ 4.3 #341 (suchitd)
• Update CONTRIBUTING.md and .gitignore files #335 (suchitd)
• Fix inconsistencies in the Makefile #334 (suchitd)
• Fix integration tests for RabbitMQ 4.3 #331 (suchitd)

Closed issues:

• PublishWithContext does not respect context cancellation #329

Merged pull requests:

• doc: remove auto-reconnect from non-goals in README #343 (suchitd)
• Add CLAUDE.md to repo #342 (Zerpet)
• Bump CI windows workflow RabbitMQ and Erlang versions #333 (suchitd)
• Add pull request template #332 (suchitd)

v1.11.0 (2026-04-21)

Full Changelog

Implemented enhancements:

• add better debug information on DialConfig #245

Fixed bugs:

• Channel error when acking via go-routines #296

Closed issues:

• PR #318 exposes a pre-existing race in Connection.Close(). #327
• Entire header frame isn't always read #309
• Incomplete support of 0-9-1 field type values #302
• Redelivered Flag Not Exposed #301
• consume input basicConsumeOk but response queueBindOk #291
• Channel is closed after Channel.ExchangeDeclarePassive fails #290
• Incomplete example in (*Channel).QueueBind documentation #279

... (truncated)

Commits

• 672e671 Release v1.12.0 (#345)
• 178f984 Merge pull request #343 from rabbitmq/doc/update-non-goals
• b6d3274 doc: remove auto-reconnect from non-goals in README
• 4f6ade4 Feature: implement automatic connection and channel recovery with state chang...
• f98134c Merge pull request #342 from rabbitmq/add-claude
• 840e11c Update CLAUDE.md to correct some technical inaccuracies
• 32d8249 Merge branch 'main' into add-claude
• ad86bd2 Merge pull request #341 from rabbitmq/fix/client-example-rmq-4.3
• d751223 Add CLAUDE.md
• 66a7a25 Fix Client example to work with RabbitMQ 4.3
• Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.18.0 to 9.20.1

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.20.1

This is a patch release containing bug fixes only. There are no new features or breaking changes; upgrading from 9.20.0 is a drop-in replacement.

🚀 Highlights

RESP3 pub/sub message loss fixed

PeekPushNotificationName previously inspected only the bytes already buffered by bufio, so when a push frame header straddled a buffer fill boundary it could return a truncated notification name (e.g. "messa" instead of "message"). The push processor then mis-routed the frame and ReadReply silently dropped it, causing intermittent RESP3 pub/sub message loss. The peek now grows its window (36 bytes → up to 4 KiB) and reads more from the connection until the header is complete, cleanly separating incomplete prefixes from corrupt frames (including overflow-safe bulk-length handling). Fixes #3839.

(#3842) by @​ndyakov

🐛 Bug Fixes

• RESP3 push peeking: PeekPushNotificationName no longer returns a truncated notifi...

  Description has been truncated