Chore: bump github.com/oschwald/maxminddb-golang/v2 from 2.1.1 to 2.2.0

[dependabot]

Bumps github.com/oschwald/maxminddb-golang/v2 from 2.1.1 to 2.2.0.

Release notes

Sourced from github.com/oschwald/maxminddb-golang/v2's releases.

2.2.0

• Improved reflection decoding performance by skipping Unmarshaler checks for destination types that cannot implement the interface.
• Fixed verifier search-tree size arithmetic to match the reader's safe multiplication order instead of using an overflow-prone equivalent formula.
• Fixed unsigned bounds checks in search-tree node reads and traversal so very short malformed buffers return errors instead of underflowing the bounds calculation.
• Fixed the reflection decoder so pointer fields are not allocated when decoding fails with a type mismatch.
• Fixed Result.Prefix() to use the reader's measured IPv4 subtree depth instead of assuming IPv4 records always start at bit 96 in IPv6 databases.
• Fixed reflection decoding of negative int32 values into unsigned Go fields so it now returns a type error instead of wrapping them to large integers.
• Fixed lookups that followed malformed search-tree pointers past the data section so they now fail during Lookup instead of surfacing a deferred decode error.
• An error is returned when a maxminddb struct tag is clearly invalid (non UTF-8) instead of silently ignoring validation failures.
• Increased internal string cache size to 4096 entries to reduce cache thrashing and improve concurrent performance.

Changelog

Sourced from github.com/oschwald/maxminddb-golang/v2's changelog.

2.2.0 - 2026-04-26

• Improved reflection decoding performance by skipping Unmarshaler checks for destination types that cannot implement the interface.
• Fixed verifier search-tree size arithmetic to match the reader's safe multiplication order instead of using an overflow-prone equivalent formula.
• Fixed unsigned bounds checks in search-tree node reads and traversal so very short malformed buffers return errors instead of underflowing the bounds calculation.
• Fixed the reflection decoder so pointer fields are not allocated when decoding fails with a type mismatch.
• Fixed Result.Prefix() to use the reader's measured IPv4 subtree depth instead of assuming IPv4 records always start at bit 96 in IPv6 databases.
• Fixed reflection decoding of negative int32 values into unsigned Go fields so it now returns a type error instead of wrapping them to large integers.
• Fixed lookups that followed malformed search-tree pointers past the data section so they now fail during Lookup instead of surfacing a deferred decode error.
• An error is returned when a maxminddb struct tag is clearly invalid (non UTF-8) instead of silently ignoring validation failures.
• Increased internal string cache size to 4096 entries to reduce cache thrashing and improve concurrent performance.

Commits

• 93d73cc Set release date
• f1bb8c4 Merge pull request #207 from oschwald/greg/fix
• 117ee98 Increase size of string cache
• f56a2ba Skip impossible Unmarshaler checks
• fb4ee44 Exercise iteration on malformed fixtures
• 3f4a9c5 Align verifier tree size arithmetic
• e7a5225 Harden search tree bounds checks
• 6dd38e4 Avoid allocating pointer fields on decode errors
• b6022ce Cover all malformed database fixtures
• 79c523a Use reader IPv4 subtree depth for prefixes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)