security: migrate to pgx/v5 and update Go to 1.26.1 to resolve vulnerabilities

Author: Pickle Rick

go.mod

@@ -1,6 +1,6 @@
 module github.com/sqlc-dev/sqlc
 
-go 1.26.0
+go 1.26.1
 
 require (
 	github.com/antlr4-go/antlr/v4 v4.13.1
@@ -10,8 +10,7 @@ require (
 	github.com/go-sql-driver/mysql v1.9.3
 	github.com/google/cel-go v0.27.0
 	github.com/google/go-cmp v0.7.0
-	github.com/jackc/pgx/v4 v4.18.3
-	github.com/jackc/pgx/v5 v5.8.0
+	github.com/jackc/pgx/v5 v5.9.0
 	github.com/jinzhu/inflection v1.0.0
 	github.com/lib/pq v1.11.2
 	github.com/ncruces/go-sqlite3 v0.30.5
@@ -34,13 +33,8 @@ require (
 	cel.dev/expr v0.25.1 // indirect
 	filippo.io/edwards25519 v1.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
-	github.com/jackc/pgconn v1.14.3 // indirect
-	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
-	github.com/jackc/pgproto3/v2 v2.3.3 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
-	github.com/jackc/pgtype v1.14.0 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/ncruces/julianday v1.0.0 // indirect
 	github.com/pingcap/errors v0.11.5-0.20240311024730-e056997136bb // indirect
@@ -53,7 +47,6 @@ require (
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.47.0 // indirect
 	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
 	golang.org/x/net v0.48.0 // indirect
 	golang.org/x/sys v0.40.0 // indirect

go.sum

@@ -11,7 +11,7 @@ import (
 
 	"github.com/sqlc-dev/sqlc/internal/sql/sqlpath"
 
-	"github.com/jackc/pgx/v4"
+	"github.com/jackc/pgx/v5"
 )
 
 func init() {

internal/sqltest/pgx.go

@@ -13,7 +13,7 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/jackc/pgx/v4"
+	"github.com/jackc/pgx/v5"
 )
 
 // https://dba.stackexchange.com/questions/255412/how-to-select-functions-that-belong-in-a-given-extension-in-postgresql

internal/tools/sqlc-pg-gen/main.go

@@ -4,7 +4,7 @@ import (
 	"context"
 	"strings"
 
-	pgx "github.com/jackc/pgx/v4"
+	pgx "github.com/jackc/pgx/v5"
 )
 
 // https://stackoverflow.com/questions/25308765/postgresql-how-can-i-inspect-which-arguments-to-a-procedure-have-a-default-valu

internal/tools/sqlc-pg-gen/proc.go

@@ -3,7 +3,7 @@ package main
 import (
 	"context"
 
-	pgx "github.com/jackc/pgx/v4"
+	pgx "github.com/jackc/pgx/v5"
 )
 
 // Relations are the relations available in pg_tables and pg_views

internal/tools/sqlc-pg-gen/relation.go

@@ -111,6 +111,8 @@ message Query {
   repeated string comments = 6 [json_name = "comments"];
   string filename = 7 [json_name = "filename"];
   Identifier insert_into_table = 8 [json_name = "insert_into_table"];
+  bool is_replace = 9 [json_name = "is_replace"];
+  bool ignore_err = 10 [json_name = "ignore_err"];
 }
 
 message Parameter {