build(deps): bump the everything-else group across 1 directory with 5 updates

[dependabot]

Bumps the everything-else group with 5 updates in the / directory:

Package	From	To
github.com/Masterminds/semver/v3	3.4.0	3.5.0
github.com/fsnotify/fsnotify	1.9.0	1.10.1
github.com/oracle/oci-go-sdk/v65	65.114.0	65.114.1
google.golang.org/grpc	1.80.0	1.81.0
modernc.org/sqlite	1.49.1	1.50.0

Updates github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.5.0

What's Changed

• Adding more prerelease tests by @​mattfarina in Masterminds/semver#273
• Update constraint error messages by @​mattfarina in Masterminds/semver#278
• Fix edge cases by @​mattfarina in Masterminds/semver#279
• Adding some checks in by @​mattfarina in Masterminds/semver#280
• Updating deps by @​mattfarina in Masterminds/semver#281
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in Masterminds/semver#282
• Bump actions/cache from 4.2.3 to 5.0.5 by @​dependabot[bot] in Masterminds/semver#283
• Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @​dependabot[bot] in Masterminds/semver#284
• Updating gitignore for devcontainers by @​mattfarina in Masterminds/semver#286
• Fixing some quality issues by @​mattfarina in Masterminds/semver#287

New Contributors

• @​dependabot[bot] made their first contribution in Masterminds/semver#282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits

• 8b89c86 Merge pull request #287 from mattfarina/fix-da-issues
• 29d51d0 Fixing some quality issues
• 87f651d Merge pull request #286 from mattfarina/update-devcontainer
• 158a685 Updating gitignore for devcontainers
• 7e83c08 Merge pull request #284 from Masterminds/dependabot/github_actions/golangci/g...
• 697e27f Merge pull request #283 from Masterminds/dependabot/github_actions/actions/ca...
• 1591f8e Merge pull request #282 from Masterminds/dependabot/github_actions/github/cod...
• 3f5ff17 Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0
• 04baa33 Bump actions/cache from 4.2.3 to 5.0.5
• 45939fe Bump github/codeql-action from 4.35.1 to 4.35.2
• Additional commits viewable in compare view

Updates github.com/fsnotify/fsnotify from 1.9.0 to 1.10.1

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.10.1

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#754)

• inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

v1.10.0

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.10.1 2026-05-04

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#754)

• inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

1.10.0 2026-04-30

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Commits

• 76b01a6 Release 1.10.1
• fec150b Update changelog
• 162b421 inotify, windows: don't rename sibling watches sharing a path prefix (#755)
• 224257f inotify: don't remove sibling watches sharing a path prefix (#754)
• e0c956c windows: document directory Write events and stabilize tests (#745)
• 8d01d7b Release 1.10.0
• 602284e Update changelog
• 7f03e59 kqueue: skip ENOENT entries in watchDirectoryFiles (#748)
• dab9dde windows: lock watch field updates against concurrent WatchList (#709) (#749)
• eadf267 kqueue: drop watches directly in Close() instead of going through remove() (#...
• Additional commits viewable in compare view

Updates github.com/oracle/oci-go-sdk/v65 from 65.114.0 to 65.114.1

Release notes

Sourced from github.com/oracle/oci-go-sdk/v65's releases.

65.114.1

Added

• Support for large generic v4 and v5 unit shapes in the Generative AI service

File Checksums (SHA256)

oci-go-sdk-65.114.1.zip fcaff6156c775aa65b0e8445e1684958b6f121832fef6a58ef93f3a048c14e01

Changelog

Sourced from github.com/oracle/oci-go-sdk/v65's changelog.

65.114.1 - 2026-05-05

Added

• Support for large generic v4 and v5 unit shapes in the Generative AI service

Commits

• ea3768b Releasing version 65.114.1
• 6350b63 Merge remote-tracking branch 'scm/github' into release_2026-05-05
• 1f90847 Releasing version 65.114.1
• See full diff in compare view

Updates google.golang.org/grpc from 1.80.0 to 1.81.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.0

Behavior Changes

• balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

• Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

• xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
• transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
• xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

• grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
• xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
• xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
• xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
• stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
• mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)
  • Special Thanks: @​ash2k

Performance Improvements

• alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
• transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Commits

• cb18228 Change version to 1.81.0 (#9062)
• 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
• 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
• 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
• af8a936 deps: update dependencies for all modules (#9065)
• cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
• 208d053 xds/resolver: pass complete XDSConfig in RPC context for HTTP filters (gRFC A...
• 50fe1cc test: Fix flaky test TestServerStreaming_ClientCallRecvMsgTwice in `end2end...
• d574bad build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#9050)
• b8bf4d0 build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /inte...
• Additional commits viewable in compare view

Updates modernc.org/sqlite from 1.49.1 to 1.50.0

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

• 2026-04-24 v1.50.0:

  • Upgrade to sqlite-vec v0.1.9.
  • Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).
  • This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.
  • See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

• 2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

  • Added -DSQLITE_ENABLE_DBPAGE_VTAB to the transpilation. See "The SQLITE_DBPAGE Virtual Table" for details.

• 2026-04-06 v1.48.2:

  • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
  • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
  • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
  • Fix the memory allocator used in (*conn).Deserialize.
  • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
  • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
  • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
  • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
  • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.
  • See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!
  • Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.
  • Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.
  • See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!
  • Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).
  • Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.
  • See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!
  • Fix data race on mutex.id in the mutexTry non-recursive path.
  • Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.
  • See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!
  • Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.
  • Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.
  • See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!
  • Fix Exec to fully drain rows when encountering SQLITE_ROW, preventing silent data loss in DML statements.
  • Previously, Exec aborted after the first row, meaning INSERT, UPDATE, or DELETE statements with a RETURNING clause would fail to process subsequent rows. The execution path now correctly loops until SQLITE_DONE and properly respects context cancellations during the drain loop, fully aligning with native C sqlite3_exec semantics.
  • See [GitLab merge request #106](https://gitlab.com/cznic/sqlite/-/merge_requests/106), thanks Josh Bleecher Snyder!
  • Fix "Shadowed err value (stmt.go)".
  • See [GitLab issue #249](https://gitlab.com/cznic/sqlite/-/work_items/249), thanks Emrecan BATI!
  • Fix silent omission of virtual table savepoint callbacks by correctly setting the sqlite3_module version.
  • See [GitLab merge request #107](https://gitlab.com/cznic/sqlite/-/merge_requests/107), thanks Josh Bleecher Snyder!
  • Fix vfsRead to properly handle partial and fragmented reads from io.Reader.
  • Replace f.Read with io.ReadFull to ensure the buffer is fully populated, preventing premature SQLITE_IOERR_SHORT_READ errors on valid mid-stream partial reads. Unread tail bytes at EOF are now efficiently zero-filled using the built-in clear function.
  • See [GitLab merge request #108](https://gitlab.com/cznic/sqlite/-/merge_requests/108), thanks Josh Bleecher Snyder!
  • Refactor internal error formatting to safely handle uninitialized or closed database pointers.
  • Prevent a misleading "out of memory" error message when an operation fails and the underlying SQLite database handle is NULL (db == 0).
  • See [GitLab merge request #109](https://gitlab.com/cznic/sqlite/-/merge_requests/109), thanks Josh Bleecher Snyder!
  • Fix error handling in database backup and restore initialization (sqlite3_backup_init).
  • Ensure error codes and messages are accurately read from the destination database handle rather than hardcoding the source or remote handle. This prevents swallowed errors or mismatched "not an error" messages when a backup or restore operation fails to start.
  • See [GitLab merge request #111](https://gitlab.com/cznic/sqlite/-/merge_requests/111), thanks Josh Bleecher Snyder!

... (truncated)

Commits

• e220cc9 CHANGELOG.md: add !113
• a58d5e5 Merge branch 'columns' into 'master'
• 119d8b1 add ColumnInfo, for inspecting query columns
• c353a4f upgrade to sqlite-vec v0.1.9
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[plombardi89]

Regenerate the NOTICE file @copilot

[Copilot]

Regenerate the NOTICE file @copilot

Updated in commit f1e401b: regenerated /home/runner/work/unbounded/unbounded/NOTICE via make notice, and make notice-check now passes.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• 192.0.2.1
  • Triggering command: /tmp/go-build1834934875/b1336/controller.test /tmp/go-build1834934875/b1336/controller.test -test.testlogfile=/tmp/go-build1834934875/b1336/testlog.txt -test.paniconexit0 -test.timeout=10m0s 2u1amfZmklhMKddLHpk9/2u1amfZmklhMKddLHpk9 -goversion go1.26.2 -c=4 -race -nolocalimports -importcfg /tmp/go-build1834934875/b1375/importcfg -o -tools@v0.4.8/si-p t ux-amd64/pkg/tool/linux_amd64/vet -p -tools@v0.4.8/si-o t ux-amd64/pkg/too-trimpath (packet block)
• invalid-ip
  • Triggering command: /tmp/go-build1834934875/b1336/controller.test /tmp/go-build1834934875/b1336/controller.test -test.testlogfile=/tmp/go-build1834934875/b1336/testlog.txt -test.paniconexit0 -test.timeout=10m0s 2u1amfZmklhMKddLHpk9/2u1amfZmklhMKddLHpk9 -goversion go1.26.2 -c=4 -race -nolocalimports -importcfg /tmp/go-build1834934875/b1375/importcfg -o -tools@v0.4.8/si-p t ux-amd64/pkg/tool/linux_amd64/vet -p -tools@v0.4.8/si-o t ux-amd64/pkg/too-trimpath (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)