chore(deps): bump the go-deps group across 1 directory with 21 updates

[dependabot]

Bumps the go-deps group with 12 updates in the / directory:

Package	From	To
github.com/anthropics/anthropic-sdk-go	1.36.0	1.50.1
github.com/getkin/kin-openapi	0.135.0	0.140.0
github.com/jackc/pgx/v5	5.9.1	5.10.0
github.com/rabbitmq/amqp091-go	1.10.0	1.11.0
github.com/redis/go-redis/v9	9.18.0	9.20.1
go.opentelemetry.io/otel	1.43.0	1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	0.19.0	0.20.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	1.43.0	1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	1.43.0	1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	1.43.0	1.44.0
google.golang.org/genai	1.54.0	1.60.0
modernc.org/sqlite	1.48.2	1.52.0

Updates github.com/anthropics/anthropic-sdk-go from 1.36.0 to 1.50.1

Release notes

Sourced from github.com/anthropics/anthropic-sdk-go's releases.

v1.50.1

1.50.1 (2026-06-09)

Full Changelog: v1.50.0...v1.50.1

Bug Fixes

• api: add frontier_llm refusal category (9ebbaf7)

v1.50.0

1.50.0 (2026-06-09)

Full Changelog: v1.49.0...v1.50.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (f72e1d8)

v1.49.0

1.49.0 (2026-06-09)

Full Changelog: v1.48.0...v1.49.0

Features

• api: add support for claude-mythos-5 and claude-fable-5, with support for server-side fallbacks on refusal (782f223)
• client: adds client-side fallbacks middleware for API providers that do not support server-side fallbacks (782f223)

Bug Fixes

• 3p middleware ordering (#38) (8f47086)

v1.48.0

1.48.0 (2026-06-06)

Full Changelog: v1.47.0...v1.48.0

Features

• api: small updates to Managed Agents types (3ebeea5)

v1.47.0

1.47.0 (2026-06-05)

Full Changelog: v1.46.0...v1.47.0

Features

• api: mark Claude Opus 4.1 as deprecated (64b20dc)

... (truncated)

Changelog

Sourced from github.com/anthropics/anthropic-sdk-go's changelog.

1.50.1 (2026-06-09)

Full Changelog: v1.50.0...v1.50.1

Bug Fixes

• api: add frontier_llm refusal category (9ebbaf7)

1.50.0 (2026-06-09)

Full Changelog: v1.49.0...v1.50.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (f72e1d8)

1.49.0 (2026-06-09)

Full Changelog: v1.48.0...v1.49.0

Features

• api: add support for claude-mythos-5 and claude-fable-5, with support for server-side fallbacks on refusal (782f223)
• client: adds client-side fallbacks middleware for API providers that do not support server-side fallbacks (782f223)

Bug Fixes

• 3p middleware ordering (#38) (8f47086)

1.48.0 (2026-06-06)

Full Changelog: v1.47.0...v1.48.0

Features

• api: small updates to Managed Agents types (3ebeea5)

1.47.0 (2026-06-05)

Full Changelog: v1.46.0...v1.47.0

Features

• api: mark Claude Opus 4.1 as deprecated (64b20dc)
• require Go 1.24 (#11) (00fae19)

Bug Fixes

... (truncated)

Commits

• def8bad release: 1.50.1
• df4ec29 fix(api): add frontier_llm refusal category
• 375a007 release: 1.50.0
• 3befb3e feat(api): add support for Managed Agents deployments and environment variabl...
• 4dbdaea release: 1.49.0
• 5aef221 feat(api): add support for claude-mythos-5 and claude-fable-5, with support f...
• 42ceb11 fix: 3p middleware ordering (#38)
• 9c60fa0 release: 1.48.0
• de79b99 feat(api): small updates to Managed Agents types
• dcdb44c release: 1.47.0
• Additional commits viewable in compare view

Updates github.com/getkin/kin-openapi from 0.135.0 to 0.140.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.140.0

What's Changed

• openapi3: document that a custom ReadFromURIFunc bypasses IsExternalRefsAllowed by @​reuvenharrison in getkin/kin-openapi#1191
• openapi3: remove deepcopy dependency by @​alexandear in getkin/kin-openapi#1193
• openapi3: remove decimal128 dependency by @​alexandear in getkin/kin-openapi#1194
• refactor: apply modernize fixes by @​alexandear in getkin/kin-openapi#1195
• openapi2,openapi3: replace marshmallow with encoding/json by @​alexandear in getkin/kin-openapi#1196
• docs: update GoDoc links to Go Reference by @​alexandear in getkin/kin-openapi#1197
• chore: bump jsonpointer to v0.22.5 by @​alexandear in getkin/kin-openapi#1198

Full Changelog: getkin/kin-openapi@v0.139.0...v0.140.0

v0.139.0

What's Changed

• feat(openapi3): batch-convert long-tail RequiredFieldError sites by @​reuvenharrison in getkin/kin-openapi#1170
• feat(openapi3): typed validation error clusters (combined: #1171-#1179) by @​reuvenharrison in getkin/kin-openapi#1180
• openapi3gen: skip component export for anonymous types by @​0-don in getkin/kin-openapi#1163
• feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTimestamps by @​reuvenharrison in getkin/kin-openapi#1181
• openapi3: typed context errors for Validate() wrapper chain by @​reuvenharrison in getkin/kin-openapi#1183
• openapi3: track Origin on the document root (T) by @​reuvenharrison in getkin/kin-openapi#1184
• openapi3: tests flakiness corrected by @​fenollp in getkin/kin-openapi#1159
• openapi3: aggregate independent validation errors via EnableMultiError by @​reuvenharrison in getkin/kin-openapi#1185
• openapi3: fix validation of duplicated path templates by @​reuvenharrison in getkin/kin-openapi#1189
• openapi3: type the remaining bare-error validation sites by @​reuvenharrison in getkin/kin-openapi#1187

Full Changelog: getkin/kin-openapi@v0.138.0...v0.139.0

v0.138.0

What's Changed

• openapi3gen: clear nullable on exported component bodies by @​0-don in getkin/kin-openapi#1164
• openapi3: add test for issue #927 (nullable not respected on $ref schemas) by @​fenollp in getkin/kin-openapi#1165
• test: move public-API tests to external _test packages by @​fenollp in getkin/kin-openapi#1168
• feat(openapi3): add per-type validation errors with cluster wrappers by @​reuvenharrison in getkin/kin-openapi#1166
• feat(openapi3conv): canonicalization pass for 3.0 -> 3.x by @​reuvenharrison in getkin/kin-openapi#1162
• openapi3conv: test Upgrade on many documents by @​fenollp in getkin/kin-openapi#1169

Full Changelog: getkin/kin-openapi@v0.137.0...v0.138.0

v0.137.0

What's Changed

• revert to go 1.25 and revert cc4f8d99 by @​fenollp in getkin/kin-openapi#1161

Full Changelog: getkin/kin-openapi@v0.136.0...v0.137.0

v0.136.0

What's Changed

... (truncated)

Commits

• 5124898 chore: bump jsonpointer to v0.22.5 (#1198)
• 5ece4a3 docs: update GoDoc links to Go Reference (#1197)
• b8600c5 openapi2,openapi3: remove marshmallow dependency (#1196)
• 3a5ddcd refactor: apply modernize fixes (#1195)
• 742704d openapi3: remove decimal128 dependency (#1194)
• 368327b openapi3: remove deepcopy dependency (#1193)
• 4dc207c openapi3: document that a custom ReadFromURIFunc bypasses IsExternalRefsAllow...
• 8381bfc openapi3: type the remaining bare-error validation sites (#1187)
• d29b5c0 openapi3: fix validation of duplicated path templates (#1189)
• e56c2c7 openapi3: aggregate independent validation errors via EnableMultiError (#1185)
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.1 to 5.10.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.10.0 (June 3, 2026)

This release includes a significant amount of hardening against malicious or compromised PostgreSQL servers, contributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled message sizes, caps server-supplied SCRAM iteration counts, adds require_auth to restrict which authentication methods a server may use (mitigating downgrade attacks under sslmode=prefer), and ensures cancellation requests are sent over TLS when the original connection used TLS.

Features

• Add require_auth to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)
• Add ParseConfigOptions.ConnStringAllowedKeys to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)
• Add StructArgs and StrictStructArgs for @-named queries (Tubelight30)
• Add ErrConnClosed sentinel error and unwrap it from connLockError (Charlie Tonneslan)
• pgxpool: check if connection is expired before acquire (arthurdotwork)

Security Hardening

• Encrypt CancelRequest connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)
• Cap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)
• Default Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)
• Bound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)
• Bound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
• Bound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)
• Bound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)
• Document secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)
• Fix panic on malformed geometric text; return an error instead (MaIII)

Fixes

• Fix scanning "char" (OID 18) into *string in binary format (luongs3)
• Fix handling of typed-nil driver.Valuer in array and composite codecs (Donncha Fahy)
• Fix CopyData.Data hex decoding in UnmarshalJSON (Charlie Tonneslan)
• Fix data race when context is cancelled during connect
• Fix parseKeywordValueSettings rejecting trailing whitespace (alliasgher)
• pgconn: preserve full error chain in normalizeTimeoutError (Charlie Tonneslan)
• pgconn: use a fresh context for the fallback connection in connectPreferred (Charlie Tonneslan)
• pgxpool: fix MaxLifetimeDestroyCount and ping order for acquire-time expiry check
• Add missing error check of rows.Err to load types (Jen Altavilla)

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

1. The non-default simple protocol is used.
2. A dollar quoted string literal is used in the SQL query.
3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
4. The value of that placeholder is controllable by the attacker.

... (truncated)

Commits

• 7293fb1 Update changelog for v5.10.0
• 1ade285 pgconn: document secure connection configuration
• b4d6d4d pgtype: bound range, multirange, and tsvector binary decoders
• 0639b37 pgconn: add ParseConfigOptions.ConnStringAllowedKeys
• b28e65b pgtype: bound array element count against remaining message bytes
• cd1f389 pgtype: bound array binary decode element length against remaining bytes
• ff27b5b pgtype: bound hstore binary decode against malicious server input
• a6002e1 pgproto3: default Frontend max message body length to ~1 GiB
• 44f6173 pgconn: cap server-supplied SCRAM iteration count
• 1a976f7 pgconn: add require_auth to restrict accepted server auth methods
• Additional commits viewable in compare view

Updates github.com/rabbitmq/amqp091-go from 1.10.0 to 1.11.0

Release notes

Sourced from github.com/rabbitmq/amqp091-go's releases.

v1.11.0

What's Changed

• add methods Temporary and Recoverable to amqp.Error by @​peczenyj in rabbitmq/amqp091-go#265
• Small fixes and refactors by @​peczenyj in rabbitmq/amqp091-go#266
• chore: doc typo by @​AndrewWinterman in rabbitmq/amqp091-go#269
• Add test that demonstrates the issue by @​lukebakken in rabbitmq/amqp091-go#274
• Fixing simple errors by @​korolev-d-l in rabbitmq/amqp091-go#280
• Expose delivery not initialised error by @​Zerpet in rabbitmq/amqp091-go#293
• fix: unify receiver methods to avoid conflicts between value and pointer types by @​Raisul191491 in rabbitmq/amqp091-go#292
• Add warning about concurrency with Channels by @​Zerpet in rabbitmq/amqp091-go#294
• Return existing error instead of creating new for the same purpose by @​pingvincible in rabbitmq/amqp091-go#295
• Investigate GH-296 by @​lukebakken in rabbitmq/amqp091-go#297
• Fix linter error after migrating config to v2 by @​Zerpet in rabbitmq/amqp091-go#306
• feat: add MIME types constants for content types by @​YlanzinhoY in rabbitmq/amqp091-go#308
• Fix parseHeaderFrame to consume entire frame payload by @​lukebakken in rabbitmq/amqp091-go#314
• fix: typos in comments and tests by @​alexandear in rabbitmq/amqp091-go#312
• docs: update link to RabbitMQ tutorials by @​alexandear in rabbitmq/amqp091-go#313
• fix: modernize lint issues by @​alexandear in rabbitmq/amqp091-go#315
• Use RabbitMQ 4 in Makefile by @​Zerpet in rabbitmq/amqp091-go#319
• Add support for unsigned type values by @​Zerpet in rabbitmq/amqp091-go#317
• Fix incomplete routing diagram in QueueBind doc comment by @​Copilot in rabbitmq/amqp091-go#320
• refactor: simplify with atomic types by @​alexandear in rabbitmq/amqp091-go#318
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in rabbitmq/amqp091-go#321
• Bump the github-actions group with 4 updates by @​dependabot[bot] in rabbitmq/amqp091-go#326
• Eliminate race condition in Connection.Close() and related methods by @​Zerpet in rabbitmq/amqp091-go#328
• fix: respect context cancellation on publishing with context operations by @​NawafSwe in rabbitmq/amqp091-go#330

New Contributors

• @​peczenyj made their first contribution in rabbitmq/amqp091-go#265
• @​AndrewWinterman made their first contribution in rabbitmq/amqp091-go#269
• @​korolev-d-l made their first contribution in rabbitmq/amqp091-go#280
• @​Raisul191491 made their first contribution in rabbitmq/amqp091-go#292
• @​pingvincible made their first contribution in rabbitmq/amqp091-go#295
• @​YlanzinhoY made their first contribution in rabbitmq/amqp091-go#308
• @​alexandear made their first contribution in rabbitmq/amqp091-go#312
• @​Copilot made their first contribution in rabbitmq/amqp091-go#320
• @​NawafSwe made their first contribution in rabbitmq/amqp091-go#330

Full Changelog: rabbitmq/amqp091-go@v1.10.0...v1.11.0

Changelog

Sourced from github.com/rabbitmq/amqp091-go's changelog.

v1.11.0 (2026-04-21)

Full Changelog

Implemented enhancements:

• add better debug information on DialConfig #245

Fixed bugs:

• Channel error when acking via go-routines #296

Closed issues:

• PR #318 exposes a pre-existing race in Connection.Close(). #327
• Entire header frame isn't always read #309
• Incomplete support of 0-9-1 field type values #302
• Redelivered Flag Not Exposed #301
• consume input basicConsumeOk but response queueBindOk #291
• Channel is closed after Channel.ExchangeDeclarePassive fails #290
• Incomplete example in (*Channel).QueueBind documentation #279
• QueueDeclarePassive does not report queue type mismatch #273
• Release 1.10.0 #261
• Update minimum Go version to 1.18 #146

Merged pull requests:

• fix: respect context cancellation on publishing with context operations #330 (NawafSwe)
• Eliminate race condition in Connection.Close() and related methods #328 (Zerpet)
• Bump the github-actions group with 4 updates #326 (dependabot[bot])
• Bump github/codeql-action from 3 to 4 #321 (dependabot[bot])
• Fix incomplete routing diagram in QueueBind doc comment #320 (Copilot)
• Use RabbitMQ 4 in Makefile #319 (Zerpet)
• refactor: simplify with atomic types #318 (alexandear)
• Add support for unsigned type values #317 (Zerpet)
• fix: modernize lint issues #315 (alexandear)
• Fix parseHeaderFrame to consume entire frame payload #314 (lukebakken)
• docs: update link to RabbitMQ tutorials #313 (alexandear)
• fix: typos in comments and tests #312 (alexandear)
• feat: add MIME types constants for content types #308 (YlanzinhoY)
• Fix linter error after migrating config to v2 #306 (Zerpet)
• Investigate GH-296 #297 (lukebakken)
• Return existing error instead of creating new for the same purpose #295 (pingvincible)
• Add warning about concurrency with Channels #294 (Zerpet)
• Expose delivery not initialised error #293 (Zerpet)
• fix: unify receiver methods to avoid conflicts between value and pointer types #292 (Raisul191491)
• Fixing simple errors #280 (korolev-d-l)
• Add test that demonstrates the issue #274 (lukebakken)
• chore: doc typo #269 (AndrewWinterman)
• Small fixes and refactors #266 (peczenyj)

... (truncated)

Commits

• 5fdceeb Version 1.11.0
• a426238 Merge pull request #330 from NawafSwe/chore-329/publish-with-context-fix
• 6d3ec4f chore: follow gate-keeper approach for context management in publish
• 301e296 chore: respect context cancellation in PublishWithDeferredConfirmWithContext ...
• dbf5f69 chore: respect context cancellation in PublishWithContext function
• 9665ac6 Merge pull request #328 from rabbitmq/fix-race-condition
• 86058c1 go fmt
• e6b63d7 Add a concurrent connection closure test #328
• b5b3c52 Connection: briefly explain the purpose of each sync.Once
• 5f7f528 fix: eliminate race condition in Connection.Close() and related methods
• Additional commits viewable in compare view

Updates github.com/redis/go-redis/v9 from 9.18.0 to 9.20.1

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.20.1

This is a patch release containing bug fixes only. There are no new features or breaking changes; upgrading from 9.20.0 is a drop-in replacement.

🚀 Highlights

RESP3 pub/sub message loss fixed

PeekPushNotificationName previously inspected only the bytes already buffered by bufio, so when a push frame header straddled a buffer fill boundary it could return a truncated notification name (e.g. "messa" instead of "message"). The push processor then mis-routed the frame and ReadReply silently dropped it, causing intermittent RESP3 pub/sub message loss. The peek now grows its window (36 bytes → up to 4 KiB) and reads more from the connection until the header is complete, cleanly separating incomplete prefixes from corrupt frames (including overflow-safe bulk-length handling). Fixes #3839.

(#3842) by @​ndyakov

🐛 Bug Fixes

• RESP3 push peeking: PeekPushNotificationName no longer returns a truncated notification name when a push frame header spans a buffer boundary, preventing silent RESP3 pub/sub message loss (fixes #3839) (#3842) by @​ndyakov
• FT.HYBRID vector params: Vector data is now always sent via PARAMS with auto-generated param names (__vector_param_N, with collision avoidance) when VectorParamName is omitted, since Redis no longer accepts inline vector blobs; the FTHybridOptions.Params map is no longer mutated, so the same options struct can be reused across calls (#3844) by @​ndyakov
• CLUSTER SHARDS forward compatibility: Unknown shard- and node-level attributes in the CLUSTER SHARDS reply are now skipped via DiscardNext() instead of erroring, so clients keep working when the server introduces new fields (#3843) by @​madolson
• PubSub double reconnect: PubSub.releaseConn no longer reconnects twice when a connection is both unusable (or pending handoff) and reports a bad-connection error, avoiding a wasted connection establish-then-close cycle (#3833) by @​cxljs

👥 Contributors

We'd like to thank all the contributors who worked on this release!

@​cxljs, @​madolson, @​ndyakov

---

Full Changelog: redis/go-redis@v9.20.0...v9.20.1

9.20.0

🚀 Highlights

Redis 8.8 Support

This release adds support for Redis 8.8. The README's supported-versions list now includes Redis 8.8 alongside 8.0/8.2/8.4, and CI exercises the 8.8 client-libs-test image across the full suite (Makefile, build workflow, doctests, run-tests action, and docker-compose).

Coverage for the new commands that ship in the 8.x line, rounded out in this release:

• AR* array data type (#3813) — new array data structure, exposed via the ArrayCmdable interface (see the experimental-features highlight below).
• INCREX (#3816) — atomic increment with expiration in a single round-trip.
• XNACK (#3790) — explicit negative-acknowledge of pending stream entries.
• XAUTOCLAIM PEL deletes (#3798) — XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the pending entries list.
• TS.RANGE multiple aggregators (#3791) — TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE accept multiple aggregators in a single call.
• Z(UNION|INTER|DIFF) COUNT aggregator (#3802) — COUNT reducer for sorted-set set operations.
• JSON.SET FPHA (#3797) — new FPHA argument that specifies the floating-point type for homogeneous FP arrays.

CI image bump (#3814) by @​ofekshenawa. Command coverage contributions by @​cxljs, @​elena-kolevska, @​Khukharr, @​ndyakov, and @​ofekshenawa.

Stable RESP3 for RediSearch (UnstableResp3 deprecated)

... (truncated)

Changelog

Sourced from github.com/redis/go-redis/v9's changelog.

9.20.1 (2026-06-11)

This is a patch release containing bug fixes only. There are no new features or breaking changes; upgrading from 9.20.0 is a drop-in replacement.

🚀 Highlights

RESP3 pub/sub message loss fixed

PeekPushNotificationName previously inspected only the bytes already buffered by bufio, so when a push frame header straddled a buffer fill boundary it could return a truncated notification name (e.g. "messa" instead of "message"). The push processor then mis-routed the frame and ReadReply silently dropped it, causing intermittent RESP3 pub/sub message loss. The peek now grows its window (36 bytes → up to 4 KiB) and reads more from the connection until the header is complete, cleanly separating incomplete prefixes from corrupt frames (including overflow-safe bulk-length handling). Fixes #3839.

(#3842) by @​ndyakov

🐛 Bug Fixes

• RESP3 push peeking: PeekPushNotificationName no longer returns a truncated notification name when a push frame header spans a buffer boundary, preventing silent RESP3 pub/sub message loss (fixes #3839) (#3842) by @​ndyakov
• FT.HYBRID vector params: Vector data is now always sent via PARAMS with auto-generated param names (__vector_param_N, with collision avoidance) when VectorParamName is omitted, since Redis no longer accepts inline vector blobs; the FTHybridOptions.Params map is no longer mutated, so the same options struct can be reused across calls (#3844) by @​ndyakov
• CLUSTER SHARDS forward compatibility: Unknown shard- and node-level attributes in the CLUSTER SHARDS reply are now skipped via DiscardNext() instead of erroring, so clients keep working when the server introduces new fields (#3843) by @​madolson
• PubSub double reconnect: PubSub.releaseConn no longer reconnects twice when a connection is both unusable (or pending handoff) and reports a bad-connection error, avoiding a wasted connection establish-then-close cycle (#3833) by @​cxljs

👥 Contributors

We'd like to thank all the contributors who worked on this release!

@​cxljs, @​madolson, @​ndyakov

---

Full Changelog: redis/go-redis@v9.20.0...v9.20.1

9.20.0 (2026-05-28)

🚀 Highlights

Redis 8.8 Support

This release adds support for Redis 8.8. The README's supported-versions list now includes Redis 8.8 alongside 8.0/8.2/8.4, and CI exercises the 8.8-rc1 client-libs-test image across the full suite (Makefile, build workflow, doctests, run-tests action, and docker-compose).

Coverage for the new commands that ship in the 8.x line, rounded out in this release:

• AR* array data type (#3813) — new array data structure, exposed via the ArrayCmdable interface (see the experimental-features highlight below).
• INCREX (#3816) — atomic increment with expiration in a single round-trip.
• XNACK (#3790) — explicit negative-acknowledge of pending stream entries.
• XAUTOCLAIM PEL deletes (#3798) — XAUTOCLAIM/XAUTOCLAIMJUSTID now return the list of deleted message IDs from the pending entries list.
• TS.RANGE multiple aggregators (#3791) — TS.RANGE/TS.REVRANGE/TS.MRANGE/TS.MREVRANGE accept multiple aggregators in a single call.
• Z(UNION|INTER|DIFF) COUNT aggregator (#3802) — COUNT reducer for sorted-set set operations.
• JSON.SET FPHA (#3797) — new FPHA argument that specifies the floating-point type for homogeneous FP arrays.

CI image bump (#3814) by @​ofekshenawa. Command coverage contributions by @​cxljs, @​elena-kolevska, @​Khukharr, @​ndyakov, and @​ofekshenawa.

Stable RESP3 for RediSearch (UnstableResp3 deprecated)

... (truncated)

Commits

• a13416b chore(release): 9.20.1 (#3847)
• 10dc44f fix(push): fix peeking when push name is truncated (#3842)
• e1a2d68 fix(ft.hybrid): Always generate vector param names if they are not provided b...
• a4b234f chore(deps): bump codecov/codecov-action from 6 to 7 (#3845)
• 974e717 fix(command): ignore unknown fields in CLUSTER SHARDS response (#3843)
• 65d6abd fix(pubsub): prevent double reconnect in releaseConn (#3833)
• 7d05dd3 chore(release): v9.20.0 (#3832)
• 9756882 fix(test): make waitForSentinelClusterStable robust to disconnected r… (#3830)
• 875ce21 fix(sentinel): do not close sentinel when replica list is empty (#3795)
• 8a027f2 chore(ci): add govulncheck workflow (#3779)
• Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.43.0 to 1.44.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.44.0/0.66.0/0.20.0/0.0.17] 2026-05-27

Added

• Add ByteSlice and ByteSliceValue functions for new BYTESLICE attribute type in go.opentelemetry.io/otel/attribute. (#7948)
• Apply attribute value limit to the KindBytes attribute type in go.opentelemetry.io/otel/sdk/log. (#7990)
• Apply attribute value limit to the BYTESLICE attribute type in go.opentelemetry.io/otel/sdk/trace. (#7990)
• Support BYTESLICE attributes in go.opentelemetry.io/otel/trace. (#8153)
• Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlptrace. (#8153)
• Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlplog. (#8153)
• Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlpmetric. (#8153)
• Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/zipkin. (#8153)
• Add String method for Value type in go.opentelemetry.io/otel/attribute. (#8142)
• Add Slice and SliceValue functions for new SLICE attribute type in go.opentelemetry.io/otel/attribute. (#8166)
• Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlptrace. (#8216)
• Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlplog. (#8216)
• Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlpmetric. (#8216)
• Support SLICE attributes in go.opentelemetry.io/otel/exporters/zipkin. (#8216)
• Apply AttributeValueLengthLimit to attribute.SLICE type attribute values in go.opentelemetry.io/otel/sdk/trace, recursively truncating contained string values. (#8217)
• Add Error field on Record type in go.opentelemetry.io/otel/log/logtest. (#8148)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8157)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8157)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8157)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8157)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8157)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8157)
• Add Settable to go.opentelemetry.io/otel/metric/x to allow reusing attribute options. (#8178)
• Add experimental support for splitting metric data across multiple batches in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE=<max_size> to enable for all periodic readers. See go.opentelemetry.io/otel/sdk/metric/internal/x for feature documentation. (#8071)
• Add experimental self-observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. Enable with OTEL_GO_X_SELF_OBSERVABILITY=true environment variable. See go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x for feature documentation. (#8192)
• Add experimental self-observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. Enable with OTEL_GO_X_SELF_OBSERVABILITY=true environment variable. See go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x for feature documentation. (#8194)
• Add experimental self-observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutlog. Enable with OTEL_GO_X_SELF_OBSERVABILITY=true environment variable. See go.opentelemetry.io/otel/stdout/stdoutlog/internal/x for feature documentation. (#8263)
• Add WithDefaultAttributes to go.opentelemetry.io/otel/metric/x to support setting default attributes on instruments. (#8135)
• Add go.opentelemetry.io/otel/semconv/v1.41.0 package. The package contains semantic conventions from the v1.41.0 version of the OpenTelemetry Semantic Conventions. See the migration d...

  Description has been truncated