deps: bump the go-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the go-dependencies group with 5 updates in the / directory:

Package	From	To
github.com/hanwen/go-fuse/v2	2.9.0	2.10.1
github.com/jackc/pgx/v5	5.9.1	5.9.2
github.com/testcontainers/testcontainers-go/modules/postgres	0.41.0	0.42.0
github.com/willscott/go-nfs	0.0.3	0.0.4
go.uber.org/zap	1.27.1	1.28.0

Updates github.com/hanwen/go-fuse/v2 from 2.9.0 to 2.10.1

Commits

• 1d16325 virtiofs: skip tests if qemu not available
• 0c71566 README: document change
• a77f008 virtiofs: add TestPosixtest — run posixtest suite inside a QEMU VM against vi...
• d9be790 virtiofs: serve fuse.RawFileSystem to a VM directly
• 4640dfc vhostuser: vhost server for virtioFS
• 344ca7b fuse: public type ProtocolServer
• 3e80db7 posixtest: minor cleanup
• 58616b5 fuse: set up request output payload sizes early
• 496352e fuse: fix filename()
• 3bcfa7d posixtest: cover getxattr with nil buffer
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

1. The non-default simple protocol is used.
2. A dollar quoted string literal is used in the SQL query.
3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

Commits

• 0aeabbc Release v5.9.2
• 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
• a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
• e34e452 doc: Add godoc links
• 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
• 96b4dbd Remove unstable test
• acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
• 2f81f1f Update max_protocol_version and min_protocol_version defaults
• See full diff in compare view

Updates github.com/testcontainers/testcontainers-go/modules/postgres from 0.41.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go/modules/postgres's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

• chore!: migrate to moby modules (#3591) @​thaJeztah

🔒 Security

• chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah

🐛 Bug Fixes

• fix: return an error when docker host cannot be retrieved (#3613) @​ash2k

🧹 Housekeeping

• chore: gitignore Gas Town agent artifacts (#3633) @​mdelapenya
• fix(usage-metrics): include last release in the legend pop over (#3630) @​mdelapenya
• chore: update usage metrics (2026-04) (#3621) @github-actions[bot]
• fix(usage-metrics): order of actions matters (#3623) @​mdelapenya
• fix(usage-metrics): reduce rate-limit cascade errors (#3622) @​mdelapenya
• fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#3620) @​mdelapenya

📦 Dependency updates

• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]
• chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]
• chore: update to Go 1.25.9, 1.26.9 (#3647) @​thaJeztah
• chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @​thaJeztah
• chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah
• chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]
• chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]
• chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]
• fix(localstack): accept community-archive as a valid tag (#3601) @​johnduhart
• chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]
• chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]
• chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]
• chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]
• chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits

• 6e58418 chore: use new version (v0.42.0) in modules and examples
• f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
• 300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
• 7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
• 5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
• fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
• 95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
• 75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
• 2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
• 580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
• Additional commits viewable in compare view

Updates github.com/willscott/go-nfs from 0.0.3 to 0.0.4

Release notes

Sourced from github.com/willscott/go-nfs's releases.

v0.0.4

What's Changed

• map errors to NFS errors by @​ehazlett in willscott/go-nfs#145
• Use rwmutex to make reverseHandles map safe for concurrent access by @​sitole in willscott/go-nfs#146
• nfs: fix EOF flag in READ response not being set when read reaches end of file by @​ncw in willscott/go-nfs#149

New Contributors

• @​ehazlett made their first contribution in willscott/go-nfs#145
• @​sitole made their first contribution in willscott/go-nfs#146

Full Changelog: willscott/go-nfs@v0.0.3...v0.0.4

Commits

• 209a01f Merge pull request #149 from ncw/fix-eof
• 275aeb9 nfs: fix EOF flag in READ response not being set when read reaches end of file
• 527fb18 Use rwmutex to make reverseHandles map safe for concurrent access (#146)
• 28bb217 map errors to NFS errors (#145)
• See full diff in compare view

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

Commits

• 5b81b37 release v1.28.0 (#1547)
• 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
• d278c59 [chore] CI: test on Go 1.26 (#1535)
• 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.