build(deps): bump the production-dependencies group across 1 directory with 2 updates

[dependabot]

Bumps the production-dependencies group with 2 updates in the / directory: github.com/ncruces/go-sqlite3 and github.com/pganalyze/pg_query_go/v6.

Updates github.com/ncruces/go-sqlite3 from 0.30.4 to 0.30.5

Release notes

Sourced from github.com/ncruces/go-sqlite3's releases.

v0.30.5

What's Changed

Updates:

• SQLite 3.51.2
• Litestream was moved

Full Changelog: ncruces/go-sqlite3@v0.30.4...v0.30.5

Artifact attestations

Commits

• 33bea52 Flags.
• c263381 Fix #349.
• c4f254b SQLite 3.51.2.
• c97c5a1 Type affinity.
• 3e1b131 Unquote identifiers.
• 83744cb More sqlite-createtable-parser.
• a36d72c Stricter vtabs, sqlite-createtable-parser.
• e7f5604 Stricter vtabs, get VFS name.
• e500839 Bump golang.org/x/crypto from 0.46.0 to 0.47.0 (#348)
• d4764fb Bump golang.org/x/sys from 0.39.0 to 0.40.0 (#346)
• Additional commits viewable in compare view

Updates github.com/pganalyze/pg_query_go/v6 from 6.1.0 to 6.2.2

Changelog

Sourced from github.com/pganalyze/pg_query_go/v6's changelog.

6.2.2 2026-01-27

• Upgrade to libpg_query 17-6.2.2
  • Add IsUtilityStmt function to determine if query text contains utility statements
    • This is a fast check for callers that don't actually need the parse tree itself
  • Add Summary function to get summary information about a statement quickly
    • This allows gathering certain information, for example which tables are referenced in a statement, without requiring a Protobuf serialization step in a higher level library
    • Additionally this can also be used to perform "smart truncation" of a query by omitting deeply nested information (e.g. a CTE definition, or a target list) whilst preserving more essential parts like the FROM clause
  • Normalize:
    • Fix handling of special strings in DefElem
      • This avoids a crash when running the normalize function on certain utility statements
    • Add support for CALL statements
  • Deparser:
    • Introduce pretty printing / formatting
      • Introduces a new optional pretty print mode that emits a human readable output. A detailed explanation of the mechanism can be found at the start of the deparser file.
    • Rework handling of expressions inside typecasts
      • Prefer (..)::type syntax, unless we are already in a function call.
    • Use lowercase keywords in xmlroot functions
      • This matches other XML functions as well as the Postgres documentation, since these are closer to function argument names than regular keywords.
    • Fix deparse of ALTER TABLE a ALTER b SET STATISTICS DEFAULT
    • Fix the null pointer dereference when handling identity columns
  • Allow alternate definitions of NAMEDATALEN identifier limit
    • This allows building libpg_query with an override of the built-time limit of Postgres identifiers (typically 63 characters)
  • Bump Postgres to 17.7 and switch back to release tarballs
• Avoid conflicts with other cgo libraries utilizing xxhash by using XXH_NAMESPACE #144
• Remove redundant copy of result in ParseToProtobuf #139

Commits

• 6a1adb4 Release 6.2.2 (#145)
• 5defd21 Add Summary helper to wrap pg_query_summary function (#147)
• 926ef9b Add IsUtilityStmt to return whether statements are utility statements (#146)
• 51c94ef Fix xxhash symbol conflict by using namespace (#144)
• b905b5e Remove redundant copy in ParseToProtobuf, require Go 1.20+ (#139)
• d64beeb Update libpg_query to 17-6.2.2 (#143)
• 6042d40 README: Remove modvendor note, update copyright to include pganalyze
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions