Merged PRs

doltgresql

• 2747: Add tests for DROP INDEX Depends on: https://github.com/dolthub/go-mysql-server/pull/3555
• 2740: Update docs URLs to new paths Migrate all docs.dolthub.com, docs.doltgres.com references to the new dolthub.com/docs, doltgres.com/docs URLs in the READMEs.
• 2730: support array_to_json and row_to_json functions Depends on: https://github.com/dolthub/go-mysql-server/pull/3551
• 2729: bug fix: load non-built-in types when looking for an array type's element type Various bug fixes for regressions reported in PR https://github.com/dolthub/doltgresql/pull/2642, primarily related to resolving arrays of non-built-in types. The major change is adding ctx to the ArrayBaseType() method, but not all call sites could be updated, so unfortunately results in a new ArrayBaseTypeCtx(ctx) method until we can find a way to always provide a sql context and completely remove the old method form.
• 2720: Fix scripts/build.sh to work on RedHat-based distros On CentOS and other RH-based distros the output of "go version" contains the "(Red Hat 1.26.2-2.el10)" string, which confuses the parser.
• 2694: fix: correct deserialization order of sequence/routine/membership in … …auth The serialize() function wrote fields in this order: tablePrivileges → sequencePrivileges → routinePrivileges → roleMembership But deserializeV1() read them in a different order: tablePrivileges → roleMembership → routinePrivileges → sequencePrivileges This mismatch went unnoticed because all three sections (sequencePrivileges, routinePrivileges, roleMembership) have the same zero-value byte representation (count=0) when no privileges exist. Once GRANT ALL PRIVILEGES ON ALL ROUTINES or GRANT ALL PRIVILEGES ON ALL FUNCTIONS is executed, routinePrivileges becomes non-empty, the reader offset shifts, and doltgres panics with an index out of range error on the next startup when attempting to read the persisted auth file. Fix deserializeV1() to match the order used by serialize(). Fixes [#2693]
• 2692: Bug fix: don't round JSON numeric values when outside of float64 range Fixes: https://github.com/dolthub/doltgresql/issues/2686
• 2688: Bug fix: include view columns in pg_catalog.pg_attribute Adds columns in views to pg_catalog.pg_attribute to match PostgreSQL behavior. This requires parsing and analyzing the view, which may require caching if performance for queries on pg_attribute becomes slow when many complex views are present. Fixes: https://github.com/dolthub/doltgresql/issues/2682
• 2687: Bug fix for out of bounds slice access Fixes: https://github.com/dolthub/doltgresql/issues/2684
• 2668: Bump lodash from 4.17.21 to 4.18.1 in /testing/postgres-client-tests/node Bumps lodash from 4.17.21 to 4.18.1.
  
  Release notes

  Sourced from lodash's releases.

  4.18.1

  Bugs

  Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167](https://github.com/href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash/issues/6167)

  These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

  There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

  • lodash: https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm
  • lodash-es: https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es
  • lodash-amd: https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd
  • lodash.templatehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages

  4.18.0

  v4.18.0

  Full Changelog: https://github.com/lodash/lodash/compare/4.17.23...4.18.0

  Security

  _.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

  _.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

  Docs

  • Add security notice for _.template in threat model and API docs (#6099](https://github.com/href="https://redirect.github.com/lodash/lodash/pull/6099">/issues/6099))
  • Document lower > upper behavior in _.random (#6115](https://github.com/href="https://redirect.github.com/lodash/lodash/pull/6115">/issues/6115))
  • Fix quotes in _.compact jsdoc (#6090](https://github.com/href="https://redirect.github.com/lodash/lodash/pull/6090">/issues/6090))

  lodash.* modular packages

  Diff

  We have also regenerated and published a select number of the lodash.* modular packages.

  These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

  • lodash.orderby (www.npmjs.com)
  • lodash.tonumber (www.npmjs.com)
  • lodash.trim (www.npmjs.com)
  • lodash.trimend (www.npmjs.com)
  • lodash.sortedindexby (www.npmjs.com)
  • lodash.zipobjectdeep (www.npmjs.com)
  • lodash.unset (www.npmjs.com)
  • lodash.omit (www.npmjs.com)
  • lodash.template (www.npmjs.com)

Commits

• cb0b9b9 release(patch): bump main to 4.18.1 (#6177](https://github.com/href="https://redirect.github.com/lodash/lodash/issues/6177">/issues/6177))
• 75535f5 chore: prune stale advisory refs (#6170](https://github.com/href="https://redirect.github.com/lodash/lodash/issues/6170">/issues/6170))
• 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165](https://github.com/href="https://redirect.github.com/lodash/lodash/issues/6165">/issues/6165))
• 59be2de release(minor): bump to 4.18.0 (#6161](https://github.com/href="https://redirect.github.com/lodash/lodash/issues/6161">/issues/6161))
• af63457 fix: broken tests for _.template 879aaa9
• 1073a76 fix: linting issues
• 879aaa9 fix: validate imports keys in _.template
• fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
• 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153](https://github.com/href="https://redirect.github.com/lodash/lodash/issues/6153">/issues/6153))
• b819080 ci: add dist sync validation workflow (#6137](https://github.com/href="https://redirect.github.com/lodash/lodash/issues/6137">/issues/6137))
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dolthub/doltgresql/network/alerts).

• 2666: Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 Bumps github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4.
  
  Release notes

  Sourced from github.com/go-jose/go-jose/v4's releases.

  v4.1.4

  What's Changed

  Fixes Panic in JWE decryption. See https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8

  Full Changelog: https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4

Commits

• 0e59876 Merge commit from fork
• ddffdbc Bump actions/checkout from 5 to 6 (#213](https://github.com/href="https://redirect.github.com/go-jose/go-jose/issues/213">/issues/213))
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dolthub/doltgresql/network/alerts).

• 2663: Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 Bumps go.opentelemetry.io/otel/sdk (github.com) from 1.40.0 to 1.43.0.
  
  Changelog

  Sourced from go.opentelemetry.io/otel/sdk's changelog (github.com).

  [1.43.0/0.65.0/0.19.0] 2026-04-02

  Added

  • Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace for W3C Trace Context Level 2 Random Trace ID Flag support. (#8012](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">/issues/8012))
  • Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (#7642](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">/issues/7642))
  • Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (#8051](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">/issues/8051))
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8038](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">/issues/8038))
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8038](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">/issues/8038))
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8038](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">/issues/8038))
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8038](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">/issues/8038))
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8038](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">/issues/8038))
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8038](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">/issues/8038))
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8038](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">/issues/8038))
  • Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (#8060](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">/issues/8060))
  • Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (#7855](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">/issues/7855))

  Changed

  • Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated alias of EMPTY. (#8038](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">/issues/8038))
  • Improve slice handling in go.opentelemetry.io/otel/attribute to optimize short slice values with fixed-size fast paths. (#8039](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">/issues/8039))
  • Improve performance of span metric recording in go.opentelemetry.io/otel/sdk/trace by returning early if self-observability is not enabled. (#8067](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">/issues/8067))
  • Improve formatting of metric data diffs in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8073](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">/issues/8073))

  Deprecated

  • Deprecate INVALID in go.opentelemetry.io/otel/attribute. Use EMPTY instead. (#8038](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">/issues/8038))

  Fixed

  • Return spec-compliant TraceIdRatioBased description. This is a breaking behavioral change, but it is necessary to make the implementation spec-compliant. (#8027](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">/issues/8027))
  • Fix a race condition in go.opentelemetry.io/otel/sdk/metric where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (#8056](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">/issues/8056))
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">/issues/8108))
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">/issues/8108))
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">/issues/8108))
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for kenv command on BSD. (#8113](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">/issues/8113))
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to correctly handle HTTP2 GOAWAY frame. (#8096](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">/issues/8096))

  [1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

  Added

  • Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">/issues/7985))

  ... (truncated)

Commits

• 9276201 Release v1.43.0 / v0.65.0 / v0.19.0 (#8128](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">/issues/8128))
• 61b8c94 chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (#8131](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">/issues/8131))
• 97a086e chore(deps): update github.com/golangci/dupl digest to c99c5cf (#8122](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">/issues/8122))
• 5e363de limit response body size for OTLP HTTP exporters (#8108](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">/issues/8108))
• 35214b6 Use an absolute path when calling bsd kenv (#8113](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">/issues/8113))
• 290024c fix(deps): update module google.golang.org/grpc to v1.80.0 (#8121](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">/issues/8121))
• e70658e fix: support getBody in otelploghttp (#8096](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">/issues/8096))
• 4afe468 fix(deps): update googleapis to 9d38bb4 (#8117](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">/issues/8117))
• b9ca729 chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#8115](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">/issues/8115))
• 69472ec chore(deps): update fossas/fossa-action action to v1.9.0 (#8118](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">/issues/8118))
• Additional commits viewable in compare view

* 2660: security: update AWS SDK v2 (eventstream, s3) ## Summary - Updates aws/protocol/eventstream from v1.6.10 to v1.7.8 - Updates aws/service/s3 from v1.78.0 to v1.97.3 - Fixes Dependabot alert [#49] (medium: DoS via eventstream decoder panic) - Fixes Dependabot alert [#50] (medium: DoS via S3 eventstream decoder panic) - Also pulls in updated smithy-go and internal AWS SDK packages ## Test plan - [ ] CI passes 🤖 Generated with Claude Code * 2656: Bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 Bumps go.opentelemetry.io/otel (github.com) from 1.40.0 to 1.41.0.

Changelog

Sourced from go.opentelemetry.io/otel's changelog (github.com).

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

This release is the last to support [Go 1.24]. The next release will require at least [Go 1.25].

Added

• Support testing of [Go 1.26]. (#7902](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7902">/issues/7902))

Fixed

• Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (#7880](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7880">/issues/7880))
• Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7914](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914">/issues/7914))
• Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#7914](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914">/issues/7914))
• Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7914](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7914">/issues/7914))

Commits

• 4575a97 Release 1.41.0/0.63.0/0.17.0/0.0.15 (#7977](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7977">/issues/7977))
• 66fc10d fix: add error handling for insecure HTTP endpoints with TLS client configura...
• 76e6eec chore(deps): update github/codeql-action action to v4.32.5 (#7980](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7980">/issues/7980))
• 0d50f90 Revert "Generate semconv/v1.40.0" (#7978](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7978">/issues/7978))
• c38a4a5 Generate semconv/v1.40.0 (#7929](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7929">/issues/7929))
• 0f1a224 chore(deps): update module github.com/securego/gosec/v2 to v2.23.0 (#7899](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7899">/issues/7899))
• c79ebf4 chore(deps): update module github.com/daixiang0/gci to v0.14.0 (#7973](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7973">/issues/7973))
• f758157 chore(deps): update module github.com/sonatard/noctx to v0.5.0 (#7968](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7968">/issues/7968))
• 92a1164 fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to d566b...
• 3cd7c27 chore(deps): update module github.com/protonmail/go-crypto to v1.4.0 (#7969](https://github.com/href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7969">/issues/7969))
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dolthub/doltgresql/network/alerts).

• 2655: Bump rand from 0.8.5 to 0.8.6 in /testing/postgres-client-tests/rust Bumps rand from 0.8.5 to 0.8.6.
  
  Changelog

  Sourced from rand's changelog.

  [0.8.6] - 2026-04-14

  This release back-ports a fix from v0.10. See also #1763](https://github.com/href="https://redirect.github.com/rust-random/rand/issues/1763">/issues/1763).

  Changes

  • Deprecate feature log (#1772](https://github.com/href="https://redirect.github.com/rust-random/rand/issues/1772">/issues/1772))

  #1763](https://github.com/href="https://redirect.github.com/rust-random/rand/issues/1763">/issues/1763): rust-random/rand#1763](https://github.com/href="https://redirect.github.com/rust-random/rand/pull/1763">rust-random/rand/issues/1763) #1772](https://github.com/href="https://redirect.github.com/rust-random/rand/issues/1772">/issues/1772): rust-random/rand#1772](https://github.com/href="https://redirect.github.com/rust-random/rand/pull/1772">rust-random/rand/issues/1772)

  • Drop the experimental simd_support feature.

Commits

• 5309f25 0.8.6 (#1772](https://github.com/href="https://redirect.github.com/rust-random/rand/issues/1772">/issues/1772)): update for recent nightly rustc and backport #1764](https://github.com/href="https://redirect.github.com/rust-random/rand/issues/1764">/issues/1764)
• 1126d03 When testing rustc 1.36, use compatible dependencies.
• 143b602 Add Cargo.lock.msrv.
• 9be86f2 Fix cross build test.
• 5e0d50d Drop simd_support.
• 8ff02f0 Upgrade cache action.
• 4ad0cc3 Don't test for unsupported target architecture.
• 258e6d0 Address warning.
• 9f0e676 Mark some internal traits as potentially unused.
• 6f123c1 Workaround never constructed and never used warning.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dolthub/doltgresql/network/alerts).

• 2653: Bump openssl from 0.10.75 to 0.10.78 in /testing/postgres-client-tests/rust Bumps openssl from 0.10.75 to 0.10.78.
  
  Release notes

  Sourced from openssl's releases.

  openssl-v0.10.78

  What's Changed

  • Fix Suite B flag assignments in verify.rs by @​alex in rust-openssl/rust-openssl#2592](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2592">rust-openssl/rust-openssl/issues/2592)
  • Use cvt_p for OPENSSL_malloc error handling by @​alex in rust-openssl/rust-openssl#2593](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2593">rust-openssl/rust-openssl/issues/2593)
  • Mark BIO_get_mem_data on AWS-LC to be unsafe by @​alex in rust-openssl/rust-openssl#2594](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2594">rust-openssl/rust-openssl/issues/2594)
  • Set timeout for package installation step by @​alex in rust-openssl/rust-openssl#2595](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2595">rust-openssl/rust-openssl/issues/2595)
  • Panic in Crypter::new when IV is required but not provided by @​alex in rust-openssl/rust-openssl#2596](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2596">rust-openssl/rust-openssl/issues/2596)
  • openssl 4 support by @​reaperhulk in rust-openssl/rust-openssl#2591](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2591">rust-openssl/rust-openssl/issues/2591)
  • Avoid panic for overlong OIDs by @​botovq in rust-openssl/rust-openssl#2598](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2598">rust-openssl/rust-openssl/issues/2598)
  • Fix dangling stack pointer in custom extension add callback by @​alex in rust-openssl/rust-openssl#2599](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2599">rust-openssl/rust-openssl/issues/2599)
  • Add support for LibreSSL 4.3.x by @​botovq in rust-openssl/rust-openssl#2603](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2603">rust-openssl/rust-openssl/issues/2603)
  • fix inverted bounds assertion in AES key unwrap by @​reaperhulk in rust-openssl/rust-openssl#2604](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2604">rust-openssl/rust-openssl/issues/2604)
  • Reject oversized length returns from password callback trampoline by @​alex in rust-openssl/rust-openssl#2605](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2605">rust-openssl/rust-openssl/issues/2605)
  • Validate callback-returned lengths in PSK and cookie trampolines by @​alex in rust-openssl/rust-openssl#2607](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2607">rust-openssl/rust-openssl/issues/2607)
  • Error for short out in MdCtxRef::digest_final() by @​botovq in rust-openssl/rust-openssl#2608](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2608">rust-openssl/rust-openssl/issues/2608)
  • Check derive output buffer length on OpenSSL 1.1.x by @​alex in rust-openssl/rust-openssl#2606](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2606">rust-openssl/rust-openssl/issues/2606)
  • Release openssl v0.10.78 and openssl-sys v0.9.114 by @​alex in rust-openssl/rust-openssl#2609](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2609">rust-openssl/rust-openssl/issues/2609)

  Full Changelog: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.77...openssl-v0.10.78

  openssl-v0.10.77

  What's Changed

  • CI: Hash-pin all action usage, avoid credential persistence in actions/checkout by @​woodruffw in rust-openssl/rust-openssl#2587](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2587">rust-openssl/rust-openssl/issues/2587)
  • Bump aws-lc-sys to 0.39 by @​goffrie in rust-openssl/rust-openssl#2588](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2588">rust-openssl/rust-openssl/issues/2588)
  • md_ctx: enable sign/verify/reset on BoringSSL, LibreSSL, and AWS-LC by @​alex in rust-openssl/rust-openssl#2589](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2589">rust-openssl/rust-openssl/issues/2589)
  • Release openssl v0.10.77 and openssl-sys v0.9.113 by @​alex in rust-openssl/rust-openssl#2590](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2590">rust-openssl/rust-openssl/issues/2590)

  New Contributors

  • @​woodruffw made their first contribution in rust-openssl/rust-openssl#2587](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2587">rust-openssl/rust-openssl/issues/2587)

  Full Changelog: https://github.com/rust-openssl/rust-openssl/compare/openssl-v0.10.76...openssl-v0.10.77

  openssl-v0.10.76

  What's Changed

  • feat: New methods EVP_PKEY_new_raw_*_key_ex and EVP_PKEY_is_a by @​FinnRG in rust-openssl/rust-openssl#2521](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2521">rust-openssl/rust-openssl/issues/2521)
  • Fix invalid value parsing of OCSP revocation reason by @​danpashin in rust-openssl/rust-openssl#2523](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2523">rust-openssl/rust-openssl/issues/2523)
  • Bump actions/checkout from 5 to 6 by @​dependabot[bot] in rust-openssl/rust-openssl#2524](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2524">rust-openssl/rust-openssl/issues/2524)
  • Bump aws-lc-sys from 0.27 to 0.34 by @​goffrie in rust-openssl/rust-openssl#2526](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2526">rust-openssl/rust-openssl/issues/2526)
  • Expose X509_NAME_dup on all versions of OpenSSL by @​alex in rust-openssl/rust-openssl#2529](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2529">rust-openssl/rust-openssl/issues/2529)
  • Unconditionally expose some *_dup() functions by @​botovq in rust-openssl/rust-openssl#2530](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2530">rust-openssl/rust-openssl/issues/2530)
  • reintroduce dir_name support for subject_alt_names by @​mqqz in rust-openssl/rust-openssl#2528](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2528">rust-openssl/rust-openssl/issues/2528)
  • Fix cipher comparison with NID instead of pointers by @​lwestlund in rust-openssl/rust-openssl#2531](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2531">rust-openssl/rust-openssl/issues/2531)
  • Remove ASN1_STRING_data for LibreSSL 4.3.0 by @​botovq in rust-openssl/rust-openssl#2534](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2534">rust-openssl/rust-openssl/issues/2534)
  • drop openssl 1.0.2 by @​alex in rust-openssl/rust-openssl#2545](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2545">rust-openssl/rust-openssl/issues/2545)
  • Bump actions/cache from 4 to 5 by @​dependabot[bot] in rust-openssl/rust-openssl#2542](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2542">rust-openssl/rust-openssl/issues/2542)
  • Add Debug implementation for EcdsaSig{,Ref} by @​buytenh in rust-openssl/rust-openssl#2540](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2540">rust-openssl/rust-openssl/issues/2540)
  • Add HKDF support by @​Zenkibou in rust-openssl/rust-openssl#2543](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2543">rust-openssl/rust-openssl/issues/2543)
  • Enhance Debug implementation for Nid by @​buytenh in rust-openssl/rust-openssl#2547](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2547">rust-openssl/rust-openssl/issues/2547)
  • Remove X509_VERIFY_PARAM_ID for LibreSSL 4.3.0 by @​botovq in rust-openssl/rust-openssl#2549](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/pull/2549">rust-openssl/rust-openssl/issues/2549)

  ... (truncated)

Commits

• a6debf5 Release openssl v0.10.78 and openssl-sys v0.9.114 (#2609](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/issues/2609">/issues/2609))
• 09b425e Check derive output buffer length on OpenSSL 1.1.x (#2606](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/issues/2606">/issues/2606))
• 826c388 Error for short out in MdCtxRef::digest_final() (#2608](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/issues/2608">/issues/2608))
• 1d10902 Validate callback-returned lengths in PSK and cookie trampolines (#2607](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/issues/2607">/issues/2607))
• 5af6895 Reject oversized length returns from password callback trampoline (#2605](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/issues/2605">/issues/2605))
• 718d07f fix inverted bounds assertion in AES key unwrap (#2604](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/issues/2604">/issues/2604))
• 53cc69d Add support for LibreSSL 4.3.x (#2603](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/issues/2603">/issues/2603))
• 0b41e79 Fix dangling stack pointer in custom extension add callback (#2599](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/issues/2599">/issues/2599))
• cbdedf8 Avoid panic for overlong OIDs (#2598](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/issues/2598">/issues/2598))
• 1fc51ef openssl 4 support (#2591](https://github.com/href="https://redirect.github.com/rust-openssl/rust-openssl/issues/2591">/issues/2591))
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dolthub/doltgresql/network/alerts).

• 2652: Bump uuid, @actions/core and @aws-sdk/client-ses in /.github/actions/ses-email-action Removes uuid. It's no longer used after updating ancestor dependencies uuid, @actions/core and @aws-sdk/client-ses. These dependencies need to be updated together. Removes uuid Updates @actions/core from 1.10.1 to 1.11.1
  
  Changelog

  Sourced from @​actions/core's changelog.

  1.11.1

  • Fix uses of crypto.randomUUID on Node 18 and earlier #1842](https://github.com/href="https://redirect.github.com/actions/toolkit/pull/1842">/issues/1842)

  1.11.0

  • Add platform info utilities #1551](https://github.com/href="https://redirect.github.com/actions/toolkit/pull/1551">/issues/1551)
  • Remove dependency on uuid package #1824](https://github.com/href="https://redirect.github.com/actions/toolkit/pull/1824">/issues/1824)

Commits

• See full diff in compare view

Updates @aws-sdk/client-ses from 3.554.0 to 3.1038.0

Release notes

Sourced from @​aws-sdk/client-ses's releases.

v3.1038.0

3.1038.0(2026-04-27)

Chores

• codegen: sync for typed waiter-result values (#7965](https://github.com/href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/7965">/issues/7965)) (e9f8d8a9)

Documentation Changes

• client-gameliftstreams: Adds Proton 10.0-4 to the list of runtime environment options available when creating an Amazon GameLift Streams application (eee81edd)

New Features

• client-sagemaker: Updated API documentation for endpoint MetricsConfig. Added details on supported metric publish frequencies and clarified how EnableEnhancedMetrics controls utilization and invocation metric behavior. (c3a61e2d)
• client-billingconductor: Add support for Passthrough pricing plan (31ed64a4)
• client-glue: Addition of AdditionalAuditContext to GetPartition, GetPartitions, GetTableVersion, and GetTableVersions (eaf5eef0)
• client-kms: KMS GetKeyLastUsage API provides information on the last successful cryptographic operation performed on KMS keys. This new API provides KMS customers with the last timestamp, CloudTrail eventId, and the cryptographic operation that was performed on the key. (7edc07d4)
• client-ivs: Adds tags parameter to the CreateAdConfiguration operation (6e9a5a05)
• client-workspaces: Added support for Protocol as modified resource and added update failure as modification state (6bd9ee46)
• client-application-signals: Application Signals now supports creating composite Service Level Objectives on Service Operations. Users can now create service SLO on multiple operations. (6a04d604)
• client-cloudwatch-logs: Adds support for selecting all logs sources and types in a single association. (0f944495)
• client-omics: Enable Public Internet or VPC configuration to BatchRun (345017d3)
• client-mgn: Added network modernization support, enabling customers to edit, resize, merge, and split VPCs and subnets during migration while retaining functional, non-conflicting IP addresses. (8cc99968)
• client-opensearch: Amazon OpenSearch Service now supports JWKS URL configuration for JWT authentication (5dfd0544)

Bug Fixes

• xml-builder: use xml 1.1 parsing behavior for entities (#7964](https://github.com/href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/7964">/issues/7964)) (7a30bce0)

---

For list of updated packages, view updated-packages.md in assets-3.1038.0.zip

v3.1037.0

3.1037.0(2026-04-24)

New Features

• clients: update client endpoints as of 2026-04-24 (ca3df2be)
• client-evs: EVS now supports i7i.metal-24xl EC2 bare metal instance type, delivering high random IOPS performance with real-time latency, ideal for IO intensive and latency-sensitive workloads such as transactional databases, real-time analytics, and AI ML pre-processing. (fd92ee48)
• client-cloudwatch-logs: Adding nextToken and maxItems to the GetQueryResults API. (1a5ef619)
• client-transfer: AWS Transfer Family now support configurable IP address types for Web Apps of type VPC, enabling customers to select IPv4-only or dual-stack (IPv4 and IPv6) configurations based on their network requirements. (f2a72a85)
• client-bedrock-agentcore-control: Added support for configuring identity providers and inbound authorizers within a private VPC for AWS Bedrock AgentCore, enabling secure network connection without public internet access (a0bf24cd)
• client-connect: Amazon Connect is expanding attachment capabilities to give customers greater flexibility and control. Currently limited to predefined file types, the new feature will allow contact center administrators to customize which file extensions and sizes are supported across chat, email, tasks, and cases. (7e987e88)
• client-connecthealth: Corrected CreateWebAppConfiguration documentation. Adding slash as an allowed character for the Ambient documentation agent to allow pronoun specifications. (c21882c4)

Bug Fixes

• client-kinesis: tolerance for flaky H2 session ordering assertion in E2E test (#7959](https://github.com/href="https://redirect.github.com/aws/aws-sdk-js-v3/pull/7959">/issues/7959)) (58734960)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-ses's changelog.

3.1038.0 (2026-04-27)

Note: Version bump only for package @​aws-sdk/client-ses

3.1037.0 (2026-04-24)

Note: Version bump only for package @​aws-sdk/client-ses

3.1036.0 (2026-04-23)

Note: Version bump only for package @​aws-sdk/client-ses

3.1035.0 (2026-04-22)

Note: Version bump only for package @​aws-sdk/client-ses

3.1034.0 (2026-04-21)

Note: Version bump only for package @​aws-sdk/client-ses

3.1033.0 (2026-04-20)

Features

• clients: use binary decision diagrams for endpoint resolution (#7931](https://github.com/href="https://redirect.github.com/aws/aws-sdk-js-v3/issues/7931">/issues/7931)) (ff1b2ba)

... (truncated)

Commits

• 3fbf6c5 Publish v3.1038.0
• e9f8d8a chore(codegen): sync for typed waiter-result values (#7965](https://github.com/href="https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ses/issues/7965">/issues/7965))
• 7babd8b Publish v3.1037.0
• 46e4ac5 Publish v3.1036.0
• 107aefc chore(codegen): sync for http2 session closure, retry longpoll backoff, and f...
• d8fbfbc Publish v3.1035.0
• d08b5a7 Publish v3.1034.0
• 273ad5b chore(codegen): sync for http2 session concurrency fixes (#7942](https://github.com/href="https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ses/issues/7942">/issues/7942))
• a62021b Publish v3.1033.0
• ff1b2ba feat(clients): use binary decision diagrams for endpoint resolution (#7931](https://github.com/href="https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ses/issues/7931">/issues/7931))
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dolthub/doltgresql/network/alerts).

• 2651: add stack traces to recovered panic errors The previous code didn't wrap any recovered panic that was implemented error, which made it impossible to see from error messages what the context of the panic was. This fixes that defect and adds a stack trace to messages as well.
• 2649: compatibility testing
• 2644: pg_catalog changes System tables now appear in pg_catalog only if dolt_show_system_tables is set to 1. This has a couple of benefits:
• ORMs (and possibly other tools) sometimes won't want to see these tables, as it can cause issues when they try to drop them or modify them. There currently isn't a way to hide these tables right now.
• Treating the system tables the same way dolt does fixes several mistakes that currently exist. Because we hard code in the system tables, they'll be duplicated if you set dolt_show_system_tables, and some fields will be incorrect and/or incomplete.
• 2643: update decimal.Decimal to *apd.Decimal Depends on https://github.com/dolthub/go-mysql-server/pull/3532 and https://github.com/dolthub/dolt/pull/10990
• 2642: Enable functional index support Minor changes to enable functional index support and run Dolt's functional index enginetests. There are three regressions reported in this PR. One is a valid issue where CREATE TABLE ... INHERITS can't copy a table with a functional index. I'll tackle this one in a follow-up PR. There's another recovered panic that seems to have to do with polymorphic array handling and doesn't seem directly related to this PR. I tested the last regression listed (from vaccum) and it's an issue with returning elements from a wrapped function, which also doesn't appear directly related to this PR. Related to https://github.com/dolthub/doltgresql/issues/2298
• 2623: go.mod: Bump golang to 1.26.2.
• 2612: Threaded context through all GMS interfaces Threads the context as added by:
• https://github.com/dolthub/go-mysql-server/pull/3513
• https://github.com/dolthub/dolt/pull/10910
• 2602: fix SET NULL on NOT NULL constraint error and use same foreign key na… …me on different tables Depends on https://github.com/dolthub/go-mysql-server/pull/3514 and https://github.com/dolthub/dolt/pull/10889
• 2568: pg_type index implementation Adds the two internal indices that should exist on pg_type. Very similar to the existing implementation of pg_class.
• 2566: Rewrote casts as a root object collection This removes casts from being strictly built-in functionality to now being a root object collection, which will allow for users to be able to use CREATE CAST. With this PR, there are two major pieces of work that still need to be done. 1) We need to thread a *sql.Context everywhere in GMS. sql.Node functions such as WithChildren do not currently take a context, and we've tried to hack around this for too long by storing contexts inside of the struct itself, but that can only go so far. For now, I have a hack that creates a faux collection in the presence of a nil context, and that collection only allows access to the built-in casts. 2) We currently don't persist changes to the cast root object collection. We have an issue where, upon root creation, all root object collections are persisted as simply being nil in the root. However, once the collection has been loaded (or created on first load), they end up trying to persist which actually changes the root, as it will overwrite the nil with an empty value instead, which changes the hash. This (incorrectly) can trigger our dual-branch-modification check, which effectively prevents future updates in a session. Attempting to write empty values upon root creation isn't working for some reason, so I'm still investigating the best way to proceed. This is a pre-existing bug that hasn't been caught as all tests that feature multiple branches have not used the other root object collections.
• 2559: change basic primitive types to use dolt encodings Companions: https://github.com/dolthub/dolt/pull/10826 https://github.com/dolthub/go-mysql-server/pull/3512
• 2039: Fix test expectations to include new author columns Fix dolthub/dolt#1374 Blocked by dolthub/dolt#10104 Close [#2673]

Closed Issues

• 2572: SELECT 'NaN'::numeric --> spurious error
• 2686: High precision JSONB numbers lose numeric cast fidelity
• 2693: panic: index out of range in SequencePrivileges.deserialize after GRANT ALL PRIVILEGES ON ALL FUNCTIONS/ROUTINES
• 2682: pg_catalog tables missing data
• 2684: Panic from invalid JSON content
• 2437: pg_class duplicates dolt_* system tables with dolt_show_system_tables active.
• 2621: Bump Go toolchain to 1.25.9 to address CVE-2026-27143 and CVE-2026-27144