[auto-bump] [no-release-notes] dependency by angelamayxie

[coffeegoddd]

☕ An Automated Dependency Version Bump PR 👑

Initial Changes

The changes contained in this PR were produced by `go get`ing the dependency.

```bash
go get github.com/dolthub/[dependency]/go@[commit]
```

[github-actions]

	Main	PR
covering_index_scan_postgres	1885.94/s	1849.22/s	-2.0%
groupby_scan_postgres	137.18/s	136.19/s	-0.8%
index_join_postgres	648.52/s	642.49/s	-1.0%
index_join_scan_postgres	791.18/s	792.44/s	+0.1%
index_scan_postgres	25.07/s	25.06/s	-0.1%
oltp_delete_insert_postgres	783.48/s	803.84/s	+2.5%
oltp_insert	693.43/s	691.26/s	-0.4%
oltp_point_select	2887.82/s	2881.57/s	-0.3%
oltp_read_only	2916.89/s	2913.07/s	-0.2%
oltp_read_write	2307.03/s	2301.20/s	-0.3%
oltp_update_index	729.21/s	719.31/s	-1.4%
oltp_update_non_index	766.54/s	763.28/s	-0.5%
oltp_write_only	1751.96/s	1731.57/s	-1.2%
select_random_points	1852.00/s	1866.40/s	+0.7%
select_random_ranges	1101.55/s	1118.37/s	+1.5%
table_scan_postgres	23.38/s	23.45/s	+0.2%
types_delete_insert_postgres	766.26/s	764.41/s	-0.3%
types_table_scan_postgres	8.15/s	8.21/s	+0.7%

[github-actions]

	Main	PR
Total	42090	42090
Successful	18259	18259
Failures	23831	23831
Partial Successes1	5332	5332

	Main	PR
Successful	43.3809%	43.3809%
Failures	56.6191%	56.6191%

Footnotes

1. These are tests that we're marking as Successful, however they do not match the expected output in some way. This is due to small differences, such as different wording on the error messages, or the column names being incorrect while the data itself is correct. ↩

[itoqa]

Commit: 5fdd502: 13 test cases ran, 0 failed ❌, 12 passed ✅, 1 additional finding ⚠️.

Summary

Across 13 QA cases, 12 passed and 1 failed, showing broad success across authentication flows, query/portal protocol behavior, COPY ingestion scenarios, and startup/replication bootstrap and recovery checks. The most important issue is a SCRAM nonce-mismatch classification bug where tampered logins are correctly rejected but reported as internal error XX000 with implementation-detail text instead of generic auth failure 28P01, while valid login, unknown-user privacy parity, OID inference, extended-query ordering, COPY retry correctness, TLS startup, and restart/reconfiguration recovery all worked as expected.

Tests run by Ito

Result	Severity	Type	Description
✅	—	Auth	Valid SCRAM login reached query-ready state and successful SELECT responses.
✅	—	Auth	Invalid credentials for known and unknown users produced equivalent password-auth failure behavior.
✅	—	Copy	COPY FROM STDIN text mode inserted and committed 3 rows as expected.
✅	—	Copy	COPY retry after a mid-stream failure completed cleanly with only retry rows persisted.
✅	—	Query	Simple query execution returned row data and completed cleanly in the remediation run.
✅	—	Query	Parse with parameter OID 0 inferred types correctly and returned expected row output.
✅	—	Query	Extended-query success/error/success transitions preserved client-compatible message ordering.
✅	—	Startup	Fresh empty-data startup created the default postgres database and accepted client queries.
✅	—	Startup	With a complete replication configuration and source prerequisites in place, logical replication started successfully.
✅	—	Startup	TLS-enabled startup path accepted SSL negotiation and authenticated queries in the rerun verification.
✅	—	Startup	After an intentionally failed bootstrap attempt, immediate restart with corrected settings recovered cleanly.
✅	—	Startup	After a deliberate replication-init failure, corrected replication settings recovered service and replication worker startup.
⚠️		Auth	The server correctly rejects the tampered nonce, but it returns FATAL XX000 with invalid SASLResponse: nonce does not match authentication session instead of a generic password/authentication failure classification.

Additional Findings Details

These findings are unrelated to the current changes but were observed during testing.

🟡 SCRAM nonce mismatch returns internal error class

• Severity: Medium
• Description: The server correctly rejects the tampered nonce, but it returns FATAL XX000 with invalid SASLResponse: nonce does not match authentication session instead of a generic password/authentication failure classification.
• Impact: Clients receive an internal-error SQLSTATE and implementation-detail text on a login failure path, which weakens error semantics on a core authentication workflow. Login still fails closed, so users are blocked from sign-in only for malformed/tampered handshakes.
• Steps to Reproduce:
  1. Start the server with authentication enabled.
  2. Begin SCRAM login and capture the server nonce from AuthenticationSASLContinue.
  3. Send a crafted SASLResponse with a different nonce and inspect the returned SQLSTATE and message.
• Stub / mock content: No stubs, mocks, or bypasses were applied for this test in the recorded run.
• Code Analysis: I inspected server/authentication_scram.go and server/connection_handler.go. Nonce mismatch is detected in readSASLResponse, and that specific parse error is surfaced as XX000 in the auth handler rather than auth-failure class 28P01, while later proof-verification failures do use 28P01.

Tip

Reply with @itoqa to send us feedback on this test run.