chore(deps): bump the go-deps group in /apps/services with 4 updates

[dependabot]

Bumps the go-deps group in /apps/services with 4 updates: github.com/anthropics/anthropic-sdk-go, github.com/jackc/pgx/v5, google.golang.org/genai and modernc.org/sqlite.

Updates github.com/anthropics/anthropic-sdk-go from 1.26.0 to 1.27.1

Release notes

Sourced from github.com/anthropics/anthropic-sdk-go's releases.

v1.27.1

1.27.1 (2026-03-18)

Full Changelog: v1.27.0...v1.27.1

Chores

• internal: regenerate SDK with no functional changes (c963fd0)
• internal: tweak CI branches (95e3410)

v1.27.0

1.27.0 (2026-03-16)

Full Changelog: v1.26.0...v1.27.0

Features

• api: change array_format to brackets (ca5ae6e)
• api: chore(config): clean up model enum list (#31) (1db4ea7)
• api: GA thinking-display-setting (1924af2)
• api: remove publishing section from cli target (514282e)
• tests: update mock server (cf24ced)

Bug Fixes

• allow canceling a request while it is waiting to retry (32ee053)
• client: update model reference from claude-3-7-sonnet-latest to claude-sonnet-4-5 (2f42e73)

Chores

• client: reorganize code in Messages files to lead to less conflicts (c677bb5)
• internal: codegen related update (c978aac)
• internal: codegen related update (4ac31a2)
• internal: codegen related update (5b2b2fa)
• internal: codegen related update (9678c6c)
• internal: codegen related update (f6035d2)
• internal: codegen related update (9246bbb)
• internal: move custom custom json tags to api (4392627)
• tests: unskip tests that are now supported in steady (b0ca374)

Documentation

• streamline README, centralize documentation at docs.anthropic.com (33f6943), closes #587

Changelog

Sourced from github.com/anthropics/anthropic-sdk-go's changelog.

1.27.1 (2026-03-18)

Full Changelog: v1.27.0...v1.27.1

Chores

• internal: regenerate SDK with no functional changes (c963fd0)
• internal: tweak CI branches (95e3410)

1.27.0 (2026-03-16)

Full Changelog: v1.26.0...v1.27.0

Features

• api: change array_format to brackets (ca5ae6e)
• api: chore(config): clean up model enum list (#31) (1db4ea7)
• api: GA thinking-display-setting (1924af2)
• api: remove publishing section from cli target (514282e)
• tests: update mock server (cf24ced)

Bug Fixes

• allow canceling a request while it is waiting to retry (32ee053)
• client: update model reference from claude-3-7-sonnet-latest to claude-sonnet-4-5 (2f42e73)

Chores

• client: reorganize code in Messages files to lead to less conflicts (c677bb5)
• internal: codegen related update (c978aac)
• internal: codegen related update (4ac31a2)
• internal: codegen related update (5b2b2fa)
• internal: codegen related update (9678c6c)
• internal: codegen related update (f6035d2)
• internal: codegen related update (9246bbb)
• internal: move custom custom json tags to api (4392627)
• tests: unskip tests that are now supported in steady (b0ca374)

Documentation

• streamline README, centralize documentation at docs.anthropic.com (33f6943), closes #587

Commits

• 017d9ff release: 1.27.1
• 9acaf1b chore(internal): regenerate SDK with no functional changes
• ffead10 codegen metadata
• a879bf2 chore(internal): tweak CI branches
• 2bec06f release: 1.27.0
• d6afe5d feat(api): GA thinking-display-setting
• d8052e7 chore(internal): codegen related update
• db3c9fa chore(internal): codegen related update
• bcf8d02 chore(internal): codegen related update
• d6aab68 codegen metadata
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.8.0 to 5.9.0

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

• Require Go 1.25+
• Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
• Add OAuth authentication support for PostgreSQL 18 (David Schneider)
• Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
• Add tsvector type support (Adam Brightwell)
• Skip Describe Portal for cached prepared statements reducing network round trips
• Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
• Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
• Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
• Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
• Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
• Make RowsAffected faster (Abhishek Chanda)
• Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
• Fix: ContextWatcher goroutine leak (Hank Donnay)
• Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)
• Fix: pipelineBatchResults.Exec silently swallowing lastRows error
• Fix: ColumnTypeLength using BPCharArrayOID instead of BPCharOID
• Fix: TSVector text encoding returning nil for valid empty tsvector
• Fix: wrong error messages for Int2 and Int4 underflow
• Fix: Numeric nil Int pointer dereference with Valid: true
• Fix: reversed strings.ContainsAny arguments in Numeric.ScanScientific
• Fix: message length parsing on 32-bit platforms
• Fix: FunctionCallResponse.Decode mishandling of signed result size
• Fix: returning wrong error in configTLS when DecryptPEMBlock fails (Maxim Motyshen)
• Fix: misleading ParseConfig error when default_query_exec_mode is invalid (Skarm)
• Fix: missed Unwatch in Pipeline error paths
• Clarify too many failed acquire attempts error message
• Better error wrapping with context and SQL statement (Aneesh Makala)
• Enable govet and ineffassign linters (Federico Guerinoni)
• Guard against various malformed binary messages (arrays, hstore, multirange, protocol messages)
• Fix various godoc comments (ferhat elmas)
• Fix typos in comments (Oleksandr Redko)

Commits

• b4d8e62 Release v5.9.0
• c227cd4 Bump minimum Go version from 1.24 to 1.25
• f492c14 Use reflect.TypeFor instead of reflect.TypeOf for static types
• ad8fb08 Use sync.WaitGroup.Go to simplify goroutine spawning
• 3033773 Remove go1.26 build tag from synctest test
• 83ffb3c Validate multirange element count against source length before allocating
• 828f214 Fix message length parsing on 32-bit platforms
• e196a39 Add fuzz test for SQL lexer in sanitize package
• 7f969f8 Rename TraceQueryute to traceExecute
• ab52391 Use single Stat snapshot in checkMinConns
• Additional commits viewable in compare view

Updates google.golang.org/genai from 1.50.0 to 1.51.0

Release notes

Sourced from google.golang.org/genai's releases.

v1.51.0

1.51.0 (2026-03-17)

Features

• Support include_server_side_tool_invocations for genai. (cec4bfd)

Changelog

Sourced from google.golang.org/genai's changelog.

1.51.0 (2026-03-17)

Features

• Support include_server_side_tool_invocations for genai. (cec4bfd)

Commits

• 87c0e5a chore(main): release 1.51.0 (#726)
• cec4bfd feat: Support include_server_side_tool_invocations for genai.
• c7501d5 chore: Update the Copyright file headers
• See full diff in compare view

Updates modernc.org/sqlite from 1.46.1 to 1.47.0

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

• 2026-03-17 v1.47.0: Add CGO-free version of the vector extensions from https://github.com/asg017/sqlite-vec. See vec_test.go for example usage. From the GitHub project page:

  • Important: sqlite-vec is a pre-v1, so expect breaking changes!
  • Store and query float, int8, and binary vectors in vec0 virtual tables
  • Written in pure C, no dependencies, runs anywhere SQLite runs (Linux/MacOS/Windows, in the browser with WASM, Raspberry Pis, etc.)
  • Store non-vector data in metadata, auxiliary, or partition key columns
  • Thanks Zhenghao Zhang!

• 2026-03-16 v1.46.2: Upgrade to SQLite 3.51.3.

• 2026-02-17 v1.46.1:

  • Ensure connection state is reset if Tx.Commit fails. Previously, errors like SQLITE_BUSY during COMMIT could leave the underlying connection inside a transaction, causing errors when the connection was reused by the database/sql pool. The driver now detects this state and forces a rollback internally.
  • Fixes [GitHub issue #2](modernc-org/sqlite#2), thanks Edoardo Spadolini!

• 2026-02-17 v1.46.0:

  • Enable ColumnTypeScanType to report time.Time instead of string for TEXT columns declared as DATE, DATETIME, TIME, or TIMESTAMP via a new _texttotime URI parameter.
  • See [GitHub pull request #1](modernc-org/sqlite#1), thanks devhaozi!

• 2026-02-09 v1.45.0:

  • Introduce vtab subpackage (modernc.org/sqlite/vtab) exposing Module, Table, Cursor, and IndexInfo API for Go virtual tables.
  • Wire vtab registration into the driver: vtab.RegisterModule installs modules globally and each new connection calls sqlite3_create_module_v2.
  • Implement vtab trampolines for xCreate/xConnect/xBestIndex/xDisconnect/xDestroy/xOpen/xClose/xFilter/xNext/xEof/xColumn/xRowid.
  • Map SQLite’s sqlite3_index_info into vtab.IndexInfo, including constraints, ORDER BY terms, and constraint usage (ArgIndex → xFilter argv[]).
  • Add an in‑repo dummy vtab module and test (module_test.go) that validates registration, basic scanning, and constraint visibility.
  • See [GitLab merge request #90](https://gitlab.com/cznic/sqlite/-/merge_requests/90), thanks Adrian Witas!

• 2026-01-19 v1.44.3: Resolves [GitLab issue #243](https://gitlab.com/cznic/sqlite/-/issues/243).

• 2026-01-18 v1.44.2: Upgrade to SQLite 3.51.2.

• 2026-01-13 v1.44.0: Upgrade to SQLite 3.51.1.

• 2025-10-10 v1.39.1: Upgrade to SQLite 3.50.4.

• 2025-06-09 v1.38.0: Upgrade to SQLite 3.50.1.

• 2025-02-26 v1.36.0: Upgrade to SQLite 3.49.0.

• 2024-11-16 v1.34.0: Implement ResetSession and IsValid methods in connection

• 2024-07-22 v1.31.0: Support windows/386.

• 2024-06-04 v1.30.0: Upgrade to SQLite 3.46.0, release notes at https://sqlite.org/releaselog/3_46_0.html.

• 2024-02-13 v1.29.0: Upgrade to SQLite 3.45.1, release notes at https://sqlite.org/releaselog/3_45_1.html.

• 2023-12-14: v1.28.0: Add (*Driver).RegisterConnectionHook,

... (truncated)

Commits

• b4deaee include Zhenghao Zhang in CHANGELOG, AUTHORS, CONTRIBUTORS, updates !93
• ba4fc0b add sqlite_vec extension, updates !93
• 8b9ffba Merge branch 'windows' into 'master'
• 614a125 Add sqlite-vec support
• d7c9932 vendor libsqlite3/SQLite 3.51.3, updates #247
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions