Bump the go-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the go-dependencies group with 6 updates in the / directory:

Package	From	To
charm.land/bubbletea/v2	2.0.2	2.0.7
charm.land/lipgloss/v2	2.0.2	2.0.3
github.com/docker/go-connections	0.6.0	0.7.0
github.com/google/go-containerregistry	0.21.3	0.21.6
github.com/prometheus/common	0.67.5	0.68.0
github.com/shirou/gopsutil/v4	4.26.3	4.26.5

Updates charm.land/bubbletea/v2 from 2.0.2 to 2.0.7

Release notes

Sourced from charm.land/bubbletea/v2's releases.

v2.0.7

A few lil’ stability patches

Hi! This is a patch release with a few solid improvements around stability and correctness.

• @​lrstanley, one of our faves, fixed a race condition around mice in the Cursed Renderer
• @​lawrence3699 fixed a panic that could happen when input's not available
• We fixed a correctness issue with regard to mouse releases when Kitty Keyboard was active (thanks, @​mitchellh)

Thanks for using Bubble Tea, and if you see anything awry please do let us know!

—Charm 👋

Changelog

Fixed

• c60f0c53042238305ec13b486326588f12aea0ec: fix: prevent data race with cursedRenderer.onMouse (#1691) (@​lrstanley)
• 074596e14e2f5ca5e3986ee72e7c08f1569c4178: fix: skip input reader restore when input is disabled (#1680) (@​lawrence3699)
• 878d7df2f2b02f3ca8db177fa8553834bc35ea7c: fix(deps): bump ultraviolet for kitty keyboard fix (@​meowgorithm)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.6

This release fixes an issue with how Bubble Tea handled wide characters. Before, a wide character might be skipped or cause an infinite loop causing the CPU to spike. See charmbracelet/bubbletea@fdcd0cf and charmbracelet/ultraviolet#109 for more details.

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.5

A small release to remove accidental unwanted debug log file. See charmbracelet/bubbletea@1ed724a and charmbracelet/ultraviolet@b516641 for details.

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.4

This release includes a small fix related to width calculation in x/ansi. See charmbracelet/bubbletea@c788fe9 and charmbracelet/x@6921c75 for more details.

---

... (truncated)

Commits

• a23da80 v2.0.7
• 670963e chore(task): add release and fetch-tags tasks
• 29c4c32 fix(examples/deps): go mod tidy
• 878d7df chore(deps): bump ultraviolet for kitty keyboard fix
• c60f0c5 fix: prevent data race with cursedRenderer.onMouse (#1691)
• 640d879 docs(readme): update footer image
• 0fbefd2 chore: remove CODEOWNERS
• 074596e fix: skip input reader restore when input is disabled (#1680)
• fdcd0cf chore: bump ultraviolet to 489999b90468 to fix a wide char issue
• 1ed724a chore: bump ultraviolet to v0.0.0-20260413211237-bd52878bcec2
• Additional commits viewable in compare view

Updates charm.land/lipgloss/v2 from 2.0.2 to 2.0.3

Release notes

Sourced from charm.land/lipgloss/v2's releases.

v2.0.3

Changelog

Fixed

• 472d718e2314596549bee2c0c8ccf8beea5f25ae: fix: Avoid background color query hang (#636) (@​jedevc)

Docs

• 9e39a0ad4f4fc779d620f17783cee3494da6ae29: docs: fix README typo (#629) (@​Rohan5commit)
• cd93a9f5d2e3cb151da83150db29751d92585d23: docs: fix tree comment typo (#634) (@​Rohan5commit)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

• 472d718 fix: Avoid background color query hang (#636)
• 89fafba chore: bump x/ansi to v0.11.7 to fix width calculation bug
• d6d41e1 chore(deps): bump golang.org/x/sys in the all group (#663)
• 23a1bb1 chore(deps): bump github.com/lucasb-eyer/go-colorful in the all group (#640)
• cd93a9f docs: fix tree comment typo (#634)
• 25c5fb2 chore(deps): bump github.com/charmbracelet/colorprofile in the all group (#630)
• 9e39a0a docs: fix README typo (#629)
• See full diff in compare view

Updates github.com/charmbracelet/x/ansi from 0.11.6 to 0.11.7

Commits

• 6921c75 fix(ansi): width: always use grapheme finder for width calculation
• 266cf5a chore(deps): bump the all group across 1 directory with 2 updates (#836)
• ad0b1ae chore(scripts): update builds script to use codecov v6 and dependabot/fetch-m...
• b18aac2 chore(deps): bump golang.org/x/image in /vttest in the all group (#840)
• ffd2a07 chore(deps): bump golang.org/x/image in /mosaic in the all group (#839)
• 7664402 chore(deps): bump golang.org/x/sys in /input in the all group (#833)
• 44f725f chore(deps): bump github.com/mattn/go-runewidth (#838)
• ac9fd4b chore(deps): bump github.com/mattn/go-runewidth (#837)
• e969fb5 chore(deps): bump golang.org/x/sys in /termios in the all group (#828)
• acb1aa7 chore(deps): bump golang.org/x/crypto in /sshkey in the all group (#835)
• Additional commits viewable in compare view

Updates github.com/docker/go-connections from 0.6.0 to 0.7.0

Commits

• 7997b0f Merge pull request #156 from thaJeztah/bump_go_winio
• 329724a chore(deps): bump github.com/Microsoft/go-winio v0.6.2
• 161dc9b Merge pull request #155 from thaJeztah/pin_actions
• b115e42 Merge pull request #154 from thaJeztah/fix_non_linux_tests
• 4c35b2a ci: pin actions to sha
• b4454a6 tlsconfig: make root pool tests deterministic across platforms
• 0819711 tlsconfig: certPool: pass options as argument
• 0329635 tlsconfig: rename some vars that shadowed
• 894d811 Merge pull request #150 from thaJeztah/deprecate_SystemCertPool
• 0a1293a Merge pull request #153 from thaJeztah/chachacha
• Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.3 to 0.21.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.6

What's Changed

• fix: update dependencies to use new azure sdk components by @​gaganhr94 in google/go-containerregistry#2262
• transport: restore resp.Body in retryError so CheckError can parse it by @​alliasgher in google/go-containerregistry#2264
• pkg/registry: return 202 Accepted for PATCH chunk uploads by @​alliasgher in google/go-containerregistry#2265
• Follow OCI distribution spec for artifactType and annotations by @​malt3 in google/go-containerregistry#2269
• actions: attach Codecov token to coverage tests on main by @​Subserial in google/go-containerregistry#2270
• remote: use DeleteScope (with "delete" action) for manifest deletion by @​alliasgher in google/go-containerregistry#2266
• remote: limit concurrent layer pulls by @​gnix0 in google/go-containerregistry#2271
• pkg/registry: reject corrupt disk blobs by @​gnix0 in google/go-containerregistry#2272
• mutate: close layer readers during export by @​gnix0 in google/go-containerregistry#2277
• crane/flatten: preserve image media type when flattening by @​alliasgher in google/go-containerregistry#2267
• build(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 in the actions group across 1 directory by @​dependabot[bot] in google/go-containerregistry#2273
• build(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 by @​dependabot[bot] in google/go-containerregistry#2278
• build(deps): bump the go-deps group across 3 directories with 6 updates by @​dependabot[bot] in google/go-containerregistry#2280
• Replace go-homedir with os.UserHomeDir by @​jammie-jelly in google/go-containerregistry#2282
• pkg/name: only treat .localhost as non-HTTPS, not .local by @​blackwell-systems in google/go-containerregistry#2281
• transport: block unspecified IPs (0.0.0.0, ::) in validateRealmURL by @​marwan9696 in google/go-containerregistry#2285
• test(mutate): add Extract round-trip test for filesystem object preservation by @​blackwell-systems in google/go-containerregistry#2283
• experiments: remove deprecated support for estargz by @​thaJeztah in google/go-containerregistry#2288
• build(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 in the actions group by @​dependabot[bot] in google/go-containerregistry#2289
• fix: limit HTTP response body reads to prevent OOM by @​evilgensec in google/go-containerregistry#2296
• build(deps): bump the go-deps group across 3 directories with 6 updates by @​dependabot[bot] in google/go-containerregistry#2297
• transport: block redirects from token server to private/link-local addresses (SSRF fix) by @​evilgensec in google/go-containerregistry#2292
• pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract by @​anishesg in google/go-containerregistry#2279
• validate: skip non-layer layers by @​imjasonh in google/go-containerregistry#2298
• remote: validate foreign layer URLs to prevent SSRF (fixes #2259) by @​evilgensec in google/go-containerregistry#2293
• remote: block SSRF via private-IP Location headers in blob uploads by @​adilburaksen in google/go-containerregistry#2295
• fix(mutate): preserve config blob and layers for non-Docker OCI artifacts by @​blackwell-systems in google/go-containerregistry#2286
• fix: preserve per-occurrence layer identity in mutate.Image.Layers() by @​iahsanGill in google/go-containerregistry#2299
• transport: retry HTTP 429 (Too Many Requests) by @​iahsanGill in google/go-containerregistry#2301
• transport: allow bearer realm at same host:port as registry by @​iahsanGill in google/go-containerregistry#2302
• Update go version to 1.26.3 by @​Subserial in google/go-containerregistry#2300

New Contributors

• @​gaganhr94 made their first contribution in google/go-containerregistry#2262
• @​alliasgher made their first contribution in google/go-containerregistry#2264
• @​malt3 made their first contribution in google/go-containerregistry#2269
• @​gnix0 made their first contribution in google/go-containerregistry#2271
• @​blackwell-systems made their first contribution in google/go-containerregistry#2281
• @​marwan9696 made their first contribution in google/go-containerregistry#2285
• @​anishesg made their first contribution in google/go-containerregistry#2279
• @​adilburaksen made their first contribution in google/go-containerregistry#2295
• @​iahsanGill made their first contribution in google/go-containerregistry#2299

Full Changelog: google/go-containerregistry@v0.21.5...v0.21.6

v0.21.5

What's Changed

• Bump docker/cli v29.4.0, moby/api v1.54.1, moby/client v0.4.0 by @​thaJeztah in google/go-containerregistry#2254

... (truncated)

Commits

• 53f7e39 Update go version to 1.26.3 (#2300)
• bf87c3b transport: allow bearer realm at same host:port as registry (#2302)
• c55facd transport: retry HTTP 429 (Too Many Requests) (#2301)
• 68a569e fix: preserve per-occurrence layer identity in Layers() (#2299)
• 35b354b fix(mutate): preserve config blob and layers for non-Docker OCI artifacts (#2...
• e5983f2 remote: block SSRF via private-IP Location headers in blob uploads (#2295)
• 6dad820 remote: validate foreign layer URLs to prevent SSRF (fixes #2259) (#2293)
• 78bdf1b validate: skip non-layer layers (#2298)
• c29d91c pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract ...
• a70d75a transport: block redirects from token server to private/link-local addresses ...
• Additional commits viewable in compare view

Updates github.com/mattn/go-runewidth from 0.0.21 to 0.0.23

Commits

• 17a7a03 Merge pull request #95 from mattn/optimize-runewidth-performance
• 0a43bb8 Optimize RuneWidth and StringWidth performance
• 41dc6c5 Merge pull request #92 from mattn/stringwidth-single-rune-fast-path
• 254e529 optimize single-rune StringWidth
• See full diff in compare view

Updates github.com/prometheus/common from 0.67.5 to 0.68.0

Release notes

Sourced from github.com/prometheus/common's releases.

v0.68.0

What's Changed

• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#873
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#874
• build(deps): bump github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1 by @​dependabot[bot] in prometheus/common#879
• build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 by @​dependabot[bot] in prometheus/common#878
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#875
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#880
• Remove logic adding unit to metrics name by @​vesari in prometheus/common#877
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#881
• Update for Go 1.26 by @​SuperQ in prometheus/common#883
• build(deps): bump golang.org/x/net from 0.49.0 to 0.51.0 by @​dependabot[bot] in prometheus/common#882
• version: Add a slog helper by @​SuperQ in prometheus/common#886
• Remove Arthur from maintainers list by @​ArthurSens in prometheus/common#885
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#895
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#896
• config: change NewOAuth2RoundTripper to accept variadic HTTPClientOption by @​alliasgher in prometheus/common#898
• config: guard against nil oauth2 credential in RoundTrip by @​alliasgher in prometheus/common#897
• build(deps): bump golang.org/x/net from 0.51.0 to 0.52.0 by @​dependabot[bot] in prometheus/common#890
• build(deps): bump go.yaml.in/yaml/v2 from 2.4.3 to 2.4.4 by @​dependabot[bot] in prometheus/common#891
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.36.0 by @​dependabot[bot] in prometheus/common#892
• Move interface assertions to a test file by @​msiegen in prometheus/common#839
• fix(http_config): fix client cert rotation when no CA is configured by @​machine424 in prometheus/common#908
• Remove CircleCI by @​ArthurSens in prometheus/common#910
• Fix: apply DialContextFunc to OAuth2 token-fetch transport by @​yuri-tceretian in prometheus/common#911

New Contributors

• @​alliasgher made their first contribution in prometheus/common#898
• @​msiegen made their first contribution in prometheus/common#839
• @​machine424 made their first contribution in prometheus/common#908
• @​yuri-tceretian made their first contribution in prometheus/common#911

Full Changelog: prometheus/common@v0.67.5...v0.68.0

Commits

• 1e0ae83 config: apply DialContextFunc to OAuth2 token-fetch transport (#911)
• b51d01b Remove CircleCI (#910)
• 0f3c348 Merge pull request #908 from machine424/ttlsco
• 732a9cf fix(http_config): fix client cert rotation when no CA is configured
• ce9215c Move interface assertions to a test file (#839)
• 1ba5ed7 build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.36.0 (#892)
• 8f8ada6 build(deps): bump go.yaml.in/yaml/v2 from 2.4.3 to 2.4.4 (#891)
• 5bf00a4 build(deps): bump golang.org/x/net from 0.51.0 to 0.52.0 (#890)
• a4fac5c config: guard against nil oauth2 credential in RoundTrip (#897)
• 9e28363 Merge pull request #898 from alliasgher/fix/NewOAuth2RoundTripper-exported-op...
• Additional commits viewable in compare view

Updates github.com/shirou/gopsutil/v4 from 4.26.3 to 4.26.5

Release notes

Sourced from github.com/shirou/gopsutil/v4's releases.

v4.26.5

What's Changed

disk

• disk: report effective mount mode on Linux by @​paulojmdias in shirou/gopsutil#2085

net

• [net]: add more information on ProtoCounters godoc by @​shirou in shirou/gopsutil#2089

process

• [process]: fix envp leak into Cmdline on darwin by @​kerlenton in shirou/gopsutil#2092
• perf(process): build snapshot map once on Windows to fix O(N²) process listing by @​HarshalPatel1972 in shirou/gopsutil#2062

New Contributors

• @​paulojmdias made their first contribution in shirou/gopsutil#2085
• @​HarshalPatel1972 made their first contribution in shirou/gopsutil#2062

Full Changelog: shirou/gopsutil@v4.26.4...v4.26.5

v4.26.4

What's Changed

cpu

• [cpu][windows]: fix percpu stats on Windows hosts with multiple processor groups by @​shirou in shirou/gopsutil#2081

disk

• Fix infinite loop when failed to find path for volume on Windows by @​woct0rdho in shirou/gopsutil#2066

host

• host: add testInvoker dependency injection for AIX by @​Dylan-M in shirou/gopsutil#2040
• Use getconf instead of bootinfo on AIX to get kernel architecture by @​pgimalac in shirou/gopsutil#2079

load

• load: fix MiscWithContext process state parsing on AIX nocgo by @​Dylan-M in shirou/gopsutil#2037

mem

• Fix NetBSD mem / net stats by @​fraggerfox in shirou/gopsutil#2077

net

• net: populate BytesSent/BytesRecv via entstat on AIX nocgo by @​Dylan-M in shirou/gopsutil#2034
• fix: add bounds check for /proc/net/dev fields to prevent panic by @​Yanhu007 in shirou/gopsutil#2075
• net: add parseEntstat and parseNetstatI unit tests with AIX fixtures by @​Dylan-M in shirou/gopsutil#2073
• Implement net ProtoCounters for AIX by @​pgimalac in shirou/gopsutil#2083

process

• fix: add bounds check for /proc/[pid]/stat fields in fillFromTIDStat by @​Yanhu007 in shirou/gopsutil#2076
• [process][linux]: use TrimSuffix instead of Trim by @​shirou in shirou/gopsutil#2068

New Contributors

• @​woct0rdho made their first contribution in shirou/gopsutil#2066
• @​Yanhu007 made their first contribution in shirou/gopsutil#2075
• @​fraggerfox made their first contribution in shirou/gopsutil#2077

Full Changelog: shirou/gopsutil@v4.26.3...v4.26.4

Commits

• d781152 Merge pull request #2062 from HarshalPatel1972/fix/windows-process-snap-perf
• bf6e949 fix: address maintainer review — adjust PID 0 order, remove 0-thread guard, a...
• 71672e2 Merge pull request #2092 from kerlenton/fix/darwin-cmdline-envp-leak
• f806418 [process]: skip exact 4 bytes of nargs in darwin cmdlineSlice
• e9f021e [process]: fix envp leak into Cmdline on darwin
• 6a240d8 Merge pull request #2074 from shirou/dependabot/github_actions/actions/upload...
• ba20283 Merge pull request #2065 from shirou/dependabot/github_actions/actions/setup-...
• e7b2fd0 Merge pull request #2088 from shirou/dependabot/github_actions/actions/labele...
• e26eaf3 Merge pull request #2089 from shirou/feat/add_ProtoCounters_godoc
• 22bc830 [net]: add more information on ProtoCounters godoc
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.