build(deps): bump github.com/jackc/pgx/v5 from 5.7.4 to 5.8.0

[dependabot]

Bumps github.com/jackc/pgx/v5 from 5.7.4 to 5.8.0.

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.8.0 (December 26, 2025)

• Require Go 1.24+
• Remove golang.org/x/crypto dependency
• Add OptionShouldPing to control ResetSession ping behavior (ilyam8)
• Fix: Avoid overflow when MaxConns is set to MaxInt32
• Fix: Close batch pipeline after a query error (Anthonin Bonnefoy)
• Faster shutdown of pgxpool.Pool background goroutines (Blake Gentry)
• Add pgxpool ping timeout (Amirsalar Safaei)
• Fix: Rows.FieldDescriptions for empty query
• Scan unknown types into *any as string or []byte based on format code
• Optimize pgtype.Numeric (Philip Dubé)
• Add AfterNetConnect hook to pgconn.Config
• Fix: Handle for preparing statements that fail during the Describe phase
• Fix overflow in numeric scanning (Ilia Demianenko)
• Fix: json/jsonb sql.Scanner source type is []byte
• Migrate from math/rand to math/rand/v2 (Mathias Bogaert)
• Optimize internal iobufpool (Mathias Bogaert)
• Optimize stmtcache invalidation (Mathias Bogaert)
• Fix: missing error case in interval parsing (Maxime Soulé)
• Fix: invalidate statement/description cache in Exec (James Hartig)
• ColumnTypeLength method return the type length for varbit type (DengChan)
• Array and Composite codecs handle typed nils

5.7.6 (September 8, 2025)

• Use ParseConfigError in pgx.ParseConfig and pgxpool.ParseConfig (Yurasov Ilia)
• Add PrepareConn hook to pgxpool (Jonathan Hall)
• Reduce allocations in QueryContext (Dominique Lefevre)
• Add MarshalJSON and UnmarshalJSON for pgtype.Uint32 (Panos Koutsovasilis)
• Configure ping behavior on pgxpool with ShouldPing (Christian Kiely)
• zeronull int types implement Int64Valuer and Int64Scanner (Li Zeghong)
• Fix panic when receiving terminate connection message during CopyFrom (Michal Drausowski)
• Fix statement cache not being invalidated on error during batch (Muhammadali Nazarov)

5.7.5 (May 17, 2025)

• Support sslnegotiation connection option (divyam234)
• Update golang.org/x/crypto to v0.37.0. This placates security scanners that were unable to see that pgx did not use the behavior affected by https://pkg.go.dev/vuln/GO-2025-3487.
• TraceLog now logs Acquire and Release at the debug level (dave sinclair)
• Add support for PGTZ environment variable
• Add support for PGOPTIONS environment variable
• Unpin memory used by Rows quicker
• Remove PlanScan memoization. This resolves a rare issue where scanning could be broken for one type by first scanning another. The problem was in the memoization system and benchmarking revealed that memoization was not providing any meaningful benefit.

Commits

• fe8740a Release v5.8.0
• e5dde5a Skip test on CockroachDB
• 06f2d82 Remove trailing space
• 2cf78dd Merge pull request #2448 from DengChan/column_type_lenth_varbit
• 2d1c4ef Skip tests on CockroachDB
• 1a5fa7f Array and Composite codecs handle typed nils
• 5736d09 ColumnTypeLength method return the type length for varbit type.
• 4c1308c Revert "stdlib matches native pgx scanning support"
• 14ce2b7 Skip test on CockroachDB
• 65b2724 Merge pull request #2443 from jameshartig/x-invalidate-cache-in-exec
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[roborev-ci]

roborev: Combined Review (49102d7)

Summary verdict: The PR upgrades
github.com/jackc/pgx/v5 to v5.8.0 without introducing security regressions, but lacks the necessary go.sum updates.

Medium

• Location: go.mod:10
• Problem: The direct dependency is bumped from
  github.com/jackc/pgx/v5 v5.7.4 to v5.8.0, but the diff does not include the corresponding go.sum updates. On a clean checkout or in CI with readonly module resolution, this can fail with missing checksum entries or
  force an uncommitted lockfile change.
• Fix: Regenerate module metadata with go mod tidy and commit the resulting go.sum changes alongside the version bump.

---

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

[dependabot]

Looks like github.com/jackc/pgx/v5 is up-to-date now, so this is no longer needed.