Upgrade jackc/pgx/v5 v5.5.5 -> v5.9.0

[ddl-rliu]

1. This should wait until Update to Go 1.25 flyteorg/flyte#7201 merges
2. Then, this should be merged upstream
3. Then, this should be cherry-picked / ported to the train-flyteadmin-docker repo.
4. Finally, this should be closed without merging.

Tracking issue

https://dominodatalab.atlassian.net/browse/VUL-11544

Why are the changes needed?

• pgx/v5 v5.5.5 -> v5.9.0

• pgservicefile -> v0.0.0-20240606120523-5a60cdf6a761

• puddle/v2 v2.2.1 -> v2.2.2

• Resolves vuln CVE-2026-33816

What changes were proposed in this pull request?

Upgrade github.com/jackc/pgx/v5 from v5.5.5 to v5.9.0 across all Go modules (flyteadmin, datacatalog, flytestdlib, root) to remediate critical vulnerability CVE-2026-33816. The go directive was also bumped from 1.24.0 to 1.25.0 as required by pgx v5.9.0.

Affected binaries: flyteadmin, flytescheduler, datacatalog.

How was this patch tested?

Dependency-only change. go mod tidy succeeds in all four modules.

Setup process

N/A

Screenshots

N/A

Check all the applicable boxes

• I updated the documentation accordingly.
• All new and existing tests passed.
• All commits are signed-off.

Related PRs

• Upgrade jackc/pgconn v1.14.1 -> v1.14.3 / pgx/v5 v5.4.3 -> v5.5.5 / pgproto3 v2.3.2 -> v2.3.3 flyteorg/flyte#5155 (previous pgx/pgconn upgrade for CVE-2024-27304)

Docs link

N/A

Made with Cursor