chore(deps): bump the go group across 3 directories with 20 updates

[dependabot]

Bumps the go group with 12 updates in the / directory:

Package	From	To
github.com/fatih/color	1.18.0	1.19.0
github.com/go-ldap/ldap/v3	3.4.12	3.4.13
github.com/grpc-ecosystem/grpc-gateway/v2	2.27.8	2.28.0
github.com/hashicorp/go-bexpr	0.1.15	0.1.16
github.com/hashicorp/go-version	1.8.0	1.9.0
github.com/hashicorp/vault/api	1.22.0	1.23.0
github.com/jackc/pgx/v5	5.8.0	5.9.1
github.com/lib/pq	1.11.2	1.12.3
github.com/mr-tron/base58	1.2.0	1.3.0
github.com/zalando/go-keyring	0.2.6	0.2.8
golang.org/x/crypto	0.48.0	0.49.0
google.golang.org/grpc	1.79.3	1.80.0

Bumps the go group with 4 updates in the /api directory: github.com/mr-tron/base58, google.golang.org/grpc, github.com/hashicorp/boundary/sdk and golang.org/x/time.
Bumps the go group with 2 updates in the /sdk directory: github.com/grpc-ecosystem/grpc-gateway/v2 and google.golang.org/grpc.

Updates github.com/fatih/color from 1.18.0 to 1.19.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.19.0

What's Changed

• Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @​dependabot[bot] in fatih/color#246
• Fix for issue #230 set/unsetwriter symmetric wrt color support detection by @​ataypamart in fatih/color#243
• chore: go mod cleanup by @​sashamelentyev in fatih/color#244
• Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @​dependabot[bot] in fatih/color#249
• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot[bot] in fatih/color#248
• Update CI and go deps by @​fatih in fatih/color#254
• Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @​dependabot[bot] in fatih/color#268
• fix: include escape codes in byte counts from Fprint, Fprintf by @​qualidafial in fatih/color#282
• Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @​dependabot[bot] in fatih/color#277
• fix: add nil check for os.Stdout to prevent panic on Windows services by @​majiayu000 in fatih/color#275
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @​dependabot[bot] in fatih/color#259
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in fatih/color#273
• Optimize Color.Equals performance (O(n²) → O(n)) by @​UnSubble in fatih/color#269
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in fatih/color#266

New Contributors

• @​ataypamart made their first contribution in fatih/color#243
• @​sashamelentyev made their first contribution in fatih/color#244
• @​qualidafial made their first contribution in fatih/color#282
• @​majiayu000 made their first contribution in fatih/color#275
• @​UnSubble made their first contribution in fatih/color#269

Full Changelog: fatih/color@v1.18.0...v1.19.0

Commits

• ca25f6e Merge pull request #266 from fatih/dependabot/github_actions/actions/setup-go-6
• 1205984 Bump actions/setup-go from 5 to 6
• 5715c20 Merge pull request #269 from UnSubble/main
• 2f6e200 Merge branch 'main' into main
• f72ec94 Merge pull request #273 from fatih/dependabot/github_actions/actions/checkout-6
• 848e633 Merge branch 'main' into main
• 4c2cd34 Add tests
• 7f812f0 Bump actions/checkout from 4 to 6
• b7fc9f9 Merge pull request #259 from fatih/dependabot/github_actions/dominikh/staticc...
• 239a88f Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0
• Additional commits viewable in compare view

Updates github.com/go-ldap/ldap/v3 from 3.4.12 to 3.4.13

Release notes

Sourced from github.com/go-ldap/ldap/v3's releases.

v3.4.13

What's Changed

• fix DirSync flags encoding by @​johnallers in go-ldap/ldap#571
• Remove execute bit from test file by @​gibmat in go-ldap/ldap#572
• chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 in /v3 by @​dependabot[bot] in go-ldap/ldap#573
• Update search.go: fix typo by @​reshke in go-ldap/ldap#574
• Fix ExtendedResponse parsing by @​giggsoff in go-ldap/ldap#575
• fix: correct extended request/response handling in Extended by @​cpuschma in go-ldap/ldap#576
• refactor: simplify WhoAmI implementation using Extended API by @​cpuschma in go-ldap/ldap#577
• feat: add PostalAddress type by @​cpuschma in go-ldap/ldap#579
• chore: update dependencies by @​cpuschma in go-ldap/ldap#581
• Address panic in GetLDAPError, add fuzzer by @​TomSellers in go-ldap/ldap#582

New Contributors

• @​johnallers made their first contribution in go-ldap/ldap#571
• @​gibmat made their first contribution in go-ldap/ldap#572
• @​reshke made their first contribution in go-ldap/ldap#574
• @​giggsoff made their first contribution in go-ldap/ldap#575

Full Changelog: go-ldap/ldap@v3.4.12...v3.4.13

Commits

• 3bbbfb1 Address panic in GetLDAPError, add fuzzer (#582)
• 539d8f5 chore: update dependencies (#581)
• 570560b feat: add PostalAddress type (#579)
• 8bb1a96 refactor: simplify WhoAmI implementation using Extended API (#577)
• f881ce8 refactor: remove redundant ResultCode field from ExtendedResponse struct
• 5f4b937 refactor: remove accidently published Referral field from `ExtendedResponse...
• bdde9c5 fix: correct extended request/response handling in Extended
• d5557d0 refactor: simplify container command resolution in Makefile
• dbef7be Fix ExtendedResponse parsing (#575)
• 0935f92 Update search.go: fix typo (#574)
• Additional commits viewable in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.27.8 to 2.28.0

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.28.0

What's Changed

• feat: add option to disable chunked headers by @​irenarindos in grpc-ecosystem/grpc-gateway#6354
• fix(protoc-gen-openapiv2): fix panic on enum resolution in nested messages by @​franchb in grpc-ecosystem/grpc-gateway#6367

New Contributors

• @​irenarindos made their first contribution in grpc-ecosystem/grpc-gateway#6354

Full Changelog: grpc-ecosystem/grpc-gateway@v2.27.8...v2.28.0

Commits

• 13a31f4 fix(protoc-gen-openapiv2): fix panic on enum resolution in nested messages (#...
• 8e678ff chore(deps): update googleapis digest to 27ffde2 (#6369)
• 41651ff chore(deps): update googleapis digest to b026ba8 (#6368)
• d083140 chore(deps): update googleapis digest to 537554c (#6365)
• eb2fada chore(deps): update googleapis digest to 7b25d8c (#6364)
• d8dddc9 chore(deps): update googleapis digest to 6781051 (#6363)
• 3c4354f chore(deps): update googleapis digest to 055f92c (#6362)
• b2eb1b5 fix(deps): update module google.golang.org/grpc to v1.79.1 (#6361)
• 61b9d73 chore(deps): update googleapis digest to d84d3c2 (#6360)
• e0880e3 chore(deps): update googleapis digest to 6eead6e (#6359)
• Additional commits viewable in compare view

Updates github.com/hashicorp/go-bexpr from 0.1.15 to 0.1.16

Release notes

Sourced from github.com/hashicorp/go-bexpr's releases.

v0.1.16

Improvements

• Adds "is nil" and "is not nil" selector. [GH-129]

Bug Fixes

• Fixed a bug where using "is empty" or "is not empty" with a non-slice or non-map value would panic. [GH-129]

Full Changelog: hashicorp/go-bexpr@v0.1.15...v0.1.16

Changelog

Sourced from github.com/hashicorp/go-bexpr's changelog.

0.1.16 (March 5, 2026)

Improvements

• Adds "is nil" and "is not nil" selector. [GH-129]

Bug Fixes

• Fixed a bug where using "is empty" or "is not empty" with a non-slice or non-map value would panic. [GH-129]

Security

Commits

• 51ee900 changelog for 0.1.16 (#130)
• 2fcb6f9 support "is nil" and "is not nil" and make "is empty" safer (#129)
• 27250df [chore] : Bump actions/setup-go from 6.2.0 to 6.3.0 (#127)
• b31a265 [chore] : Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#128)
• e811c0e [chore] : Bump golangci/golangci-lint-action from 3.4.0 to 9.2.0 (#122)
• 562069a [chore] : Bump actions/checkout from 6.0.0 to 6.0.2 (#125)
• 010cd61 [chore] : Bump actions/setup-go from 6.0.0 to 6.2.0 (#124)
• 61f1983 [chore] : Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#123)
• ee482b7 [chore] : Bump actions/checkout from 5.0.0 to 6.0.0 (#118)
• 5e27ec8 Merge pull request #116 from hashicorp/compliance/update-headers
• Additional commits viewable in compare view

Updates github.com/hashicorp/go-version from 1.8.0 to 1.9.0

Release notes

Sourced from github.com/hashicorp/go-version's releases.

v1.9.0

What's Changed

Enhancements

• Add support for prefix of any character by @​brondum in hashicorp/go-version#79

Internal

• Update CHANGELOG for version 1.8.0 enhancements by @​sonamtenzin2 in hashicorp/go-version#178
• Bump the github-actions-backward-compatible group across 1 directory with 2 updates by @​dependabot[bot] in hashicorp/go-version#179
• Bump the github-actions-breaking group with 4 updates by @​dependabot[bot] in hashicorp/go-version#180
• Bump the github-actions-backward-compatible group with 3 updates by @​dependabot[bot] in hashicorp/go-version#182
• Update GitHub Actions to trigger on pull requests and update go version by @​ssagarverma in hashicorp/go-version#185
• Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions-breaking group across 1 directory by @​dependabot[bot] in hashicorp/go-version#183
• Bump the github-actions-backward-compatible group across 1 directory with 2 updates by @​dependabot[bot] in hashicorp/go-version#186

New Contributors

• @​sonamtenzin2 made their first contribution in hashicorp/go-version#178
• @​brondum made their first contribution in hashicorp/go-version#79
• @​ssagarverma made their first contribution in hashicorp/go-version#185

Full Changelog: hashicorp/go-version@v1.8.0...v1.9.0

Changelog

Sourced from github.com/hashicorp/go-version's changelog.

1.9.0 (Mar 30, 2026)

ENHANCEMENTS:

Support parsing versions with custom prefixes via opt-in option in hashicorp/go-version#79

INTERNAL:

• Bump the github-actions-backward-compatible group across 1 directory with 2 updates in hashicorp/go-version#179
• Bump the github-actions-breaking group with 4 updates in hashicorp/go-version#180
• Bump the github-actions-backward-compatible group with 3 updates in hashicorp/go-version#182
• Update GitHub Actions to trigger on pull requests and update go version in hashicorp/go-version#185
• Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions-breaking group across 1 directory in hashicorp/go-version#183
• Bump the github-actions-backward-compatible group across 1 directory with 2 updates in hashicorp/go-version#186

Commits

• b80b1e6 Update CHANGELOG for version 1.9.0 (#187)
• e93736f Bump the github-actions-backward-compatible group across 1 directory with 2 u...
• c009de0 Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions-breaki...
• 0474357 Update GitHub Actions to trigger on pull requests and update go version (#185)
• b4ab5fc Support parsing versions with custom prefixes via opt-in option (#79)
• 25c683b Merge pull request #182 from hashicorp/dependabot/github_actions/github-actio...
• 4f2bcd8 Bump the github-actions-backward-compatible group with 3 updates
• acb8b18 Merge pull request #180 from hashicorp/dependabot/github_actions/github-actio...
• 0394c4f Merge pull request #179 from hashicorp/dependabot/github_actions/github-actio...
• b2fbaa7 Bump the github-actions-backward-compatible group across 1 directory with 2 u...
• Additional commits viewable in compare view

Updates github.com/hashicorp/vault/api from 1.22.0 to 1.23.0

Commits

• d430306 Merge remote-tracking branch 'remotes/from/ce/main'
• a3bc0a3 (enos): Add LDAP secrets engine blackbox tests to Plugin Scenario (#13072) (#...
• f8df539 Merge remote-tracking branch 'remotes/from/ce/main'
• 2b0ec25 VAULT-43444 Addressed races in tests (#13278) (#13285)
• a097d1f Merge remote-tracking branch 'remotes/from/ce/main'
• 7e587fd Update vault-plugin-auth-kubernetes to v0.24.1 (#13259) (#13287)
• 1331818 UI: Fix namespace search showing empty state when namespaces exist (#13257) (...
• 7b12feb Merge remote-tracking branch 'remotes/from/ce/main'
• 7d4395c Update vault-plugin-auth-jwt to v0.26.1 (#13242) (#13283)
• 6d4b615 adds flag to fix chrome in ci (#13279) (#13282)
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.8.0 to 5.9.1

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.1 (March 22, 2026)

• Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

• Require Go 1.25+
• Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
• Add OAuth authentication support for PostgreSQL 18 (David Schneider)
• Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
• Add tsvector type support (Adam Brightwell)
• Skip Describe Portal for cached prepared statements reducing network round trips
• Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
• Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
• Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
• Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
• Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
• Make RowsAffected faster (Abhishek Chanda)
• Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
• Fix: ContextWatcher goroutine leak (Hank Donnay)
• Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)
• Fix: pipelineBatchResults.Exec silently swallowing lastRows error
• Fix: ColumnTypeLength using BPCharArrayOID instead of BPCharOID
• Fix: TSVector text encoding returning nil for valid empty tsvector
• Fix: wrong error messages for Int2 and Int4 underflow
• Fix: Numeric nil Int pointer dereference with Valid: true
• Fix: reversed strings.ContainsAny arguments in Numeric.ScanScientific
• Fix: message length parsing on 32-bit platforms
• Fix: FunctionCallResponse.Decode mishandling of signed result size
• Fix: returning wrong error in configTLS when DecryptPEMBlock fails (Maxim Motyshen)
• Fix: misleading ParseConfig error when default_query_exec_mode is invalid (Skarm)
• Fix: missed Unwatch in Pipeline error paths
• Clarify too many failed acquire attempts error message
• Better error wrapping with context and SQL statement (Aneesh Makala)
• Enable govet and ineffassign linters (Federico Guerinoni)
• Guard against various malformed binary messages (arrays, hstore, multirange, protocol messages)
• Fix various godoc comments (ferhat elmas)
• Fix typos in comments (Oleksandr Redko)

Commits

• 4e4eaed Release v5.9.1
• 6273188 Fix batch result format corruption when using cached prepared statements
• f7b90c2 Merge pull request #2524 from dbussink/pipeline-result-format-reuse
• 3ce6d75 Add failing test: batch scan corrupted in cache_statement mode
• b4d8e62 Release v5.9.0
• c227cd4 Bump minimum Go version from 1.24 to 1.25
• f492c14 Use reflect.TypeFor instead of reflect.TypeOf for static types
• ad8fb08 Use sync.WaitGroup.Go to simplify goroutine spawning
• 3033773 Remove go1.26 build tag from synctest test
• 83ffb3c Validate multirange element count against source length before allocating
• Additional commits viewable in compare view

Updates github.com/lib/pq from 1.11.2 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.3 (2026-04-03)

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2 (2026-04-02)

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1 (2026-03-30)

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0 (2026-03-18)

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

... (truncated)

Commits

• 1f3e3d9 Send datestyle as a startup parameter (#1312)
• 32ba56b Expand tests for multiple result sets
• c2cfac1 Release v1.12.2
• 859f104 Test CockroachDB
• 12e464c Allow multiple matches and regexps in pqtest.ErrorContains()
• 6d77ced Treat io.ErrUnexpectedEOF as driver.ErrBadConn in handleError
• 71daecb Ensure transactions are closed in pqtest
• 8f44823 Set PGAPPNAME for tests
• 4af2196 Fix healthcheck
• 38a54e4 Split out testdata/init a bit
• Additional commits viewable in compare view

Updates github.com/mr-tron/base58 from 1.2.0 to 1.3.0

Release notes

Sourced from github.com/mr-tron/base58's releases.

x10 speedup

What's Changed

• More tests and nits by @​ribasushi in mr-tron/base58#17
• Big refactoring with speed up to x10.

Previous version:

cpu: Apple M4
BenchmarkTrivialBase58Encoding
BenchmarkTrivialBase58Encoding-10       	  704328	      1554 ns/op
BenchmarkFastBase58Encoding
BenchmarkFastBase58Encoding-10          	 1000000	      1065 ns/op
BenchmarkTrivialBase58Decoding
BenchmarkTrivialBase58Decoding-10       	 1541754	       767.0 ns/op
BenchmarkFastBase58Decoding
BenchmarkFastBase58Decoding-10          	 4358894	       278.3 ns/op
BenchmarkTrivialBase58Encoding32
BenchmarkTrivialBase58Encoding32-10     	  729949	      1627 ns/op
BenchmarkFastBase58Encoding32
BenchmarkFastBase58Encoding32-10        	 1000000	      1118 ns/op
BenchmarkTrivialBase58Encoding36
BenchmarkTrivialBase58Encoding36-10     	  608595	      1813 ns/op
BenchmarkFastBase58Encoding36
BenchmarkFastBase58Encoding36-10        	  893626	      1275 ns/op
BenchmarkTrivialBase58Encoding64
BenchmarkTrivialBase58Encoding64-10     	  284566	      4028 ns/op
BenchmarkFastBase58Encoding64
BenchmarkFastBase58Encoding64-10        	  279295	      3955 ns/op
BenchmarkTrivialBase58Encoding256
BenchmarkTrivialBase58Encoding256-10    	   33140	     35533 ns/op
BenchmarkFastBase58Encoding256
BenchmarkFastBase58Encoding256-10       	   17833	     67081 ns/op
BenchmarkTrivialBase58Decoding32
BenchmarkTrivialBase58Decoding32-10     	 1512828	       875.7 ns/op
BenchmarkFastBase58Decoding32
BenchmarkFastBase58Decoding32-10        	 4247128	       341.9 ns/op
BenchmarkTrivialBase58Decoding36
BenchmarkTrivialBase58Decoding36-10     	 1319317	       880.9 ns/op
BenchmarkFastBase58Decoding36
BenchmarkFastBase58Decoding36-10        	 3449229	       366.6 ns/op
BenchmarkTrivialBase58Decoding64
BenchmarkTrivialBase58Decoding64-10     	  663181	      1636 ns/op
BenchmarkFastBase58Decoding64
BenchmarkFastBase58Decoding64-10        	 1327443	       903.0 ns/op
BenchmarkTrivialBase58Decoding256
BenchmarkTrivialBase58Decoding256-10    	  153183	      7469 ns/op
BenchmarkFastBase58Decoding256
BenchmarkFastBase58Decoding256-10       	   93289	     12428 ns/op

... (truncated)

Commits

• 14609f6 big refactorig. speedup x10. better tests. add more benchmarks.
• 957145f mark deprecated functions
• 7feefc8 Merge pull request #17 from ribasushi/more_tests_and_nits
• 925b607 Slightly better README rendering
• d3aa3a3 Better handling of custom alphabets + tests
• 82a293c Seed the math/rand PRNG on every test run
• dfe7821 Works without changes on go1.11: lower dep
• d2877cb Add myself to authors
• See full diff in compare view

Updates github.com/zalando/go-keyring from 0.2.6 to 0.2.8

Release notes

Sourced from github.com/zalando/go-keyring's releases.

v0.2.8

What's Changed

• gh: hardening workflows by @​szuecs in zalando/go-keyring#141

Full Changelog: zalando/go-keyring@v0.2.7...v0.2.8

v0.2.7

What's Changed

• Inline shellescape dependency by @​williammartin in zalando/go-keyring#117
• docs: Fix 404-ing secret service link by @​tinder-ryantrontz in zalando/go-keyring#120
• fix(readme): remove extra trailing slash by @​tinder-ryantrontz in zalando/go-keyring#121
• docs: document how to set data via the CLI and then access it via the Go library by @​alexec in zalando/go-keyring#128
• security: GH Actions by @​szuecs in zalando/go-keyring#137
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in zalando/go-keyring#138
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in zalando/go-keyring#139
• Bump the all-go-mod-patch-and-minor group with 2 updates by @​dependabot[bot] in zalando/go-keyring#140

New Contributors

• @​tinder-ryantrontz made their first contribution in zalando/go-keyring#120
• @​alexec made their first contribution in zalando/go-keyring#128
• @​dependabot[bot] made their first contribution in zalando/go-keyring#138

Full Changelog: zalando/go-keyring@v0.2.6...v0.2.7

Commits

• a8cdfe3 Merge pull request #141 from zalando/gh/hardening-workflows
• d4162d9 gh: hardening workflows
• e0dd98f Merge pull request #140 from zalando/dependabot/go_modules/all-go-mod-patch-a...
• 98f9091 Merge pull request #139 from zalando/dependabot/github_actions/actions/setup-...
• 40806c2 Merge pull request #138 from zalando/dependabot/github_actions/actions/checko...
• 1d4d07c Bump the all-go-mod-patch-and-minor group with 2 updates
• e6c0d8a Bump actions/setup-go from 5 to 6
• 0151d30 Bump actions/checkout from 4 to 6
• d6ac580 Merge pull request #137 from zalando/security/gh-actions
• 036041f security: GH Actions should be able read only
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.49.0

Commits

• 982eaa6 go.mod: update golang.org/x dependencies
• 159944f ssh,acme: clean up tautological/impossible nil conditions
• a408498 acme: only require prompt if server has terms of service
• cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
• 2f26647 x509roots/fallback: update bundle
• See full diff in compare view

Updates golang.org/x/net from 0.49.0 to 0.51.0

Commits

• 60b3f6f internal/http3: prevent Server handler from writing longer body than declared
• b0ca456 internal/http3: fix Write in Server Handler returning the wrong value
• 1558ba7 publicsuffix: update to 2026-02-06
• 4e1c745 internal/http3: make Server response include headers that can be inferred
• 19f580f http2: fix nil panic in typeFrameParser for unassigned frame types
• 818aad7 internal/http3: add server to client trailer header support
• c1bbe1a internal/http3: add client to server trailer header support
• 29181b8 all: remove go1.25 and older build constraints
• 8109305 all: upgrade go directive to at least 1.25.0 [generated]
• 0b37bdf quic: don't run TestStreamsCreateConcurrency in synctest bubble
• Additional commits viewable in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits

• ec11c4a errgroup: fix a typo in the documentation
• 1a58307 all: modernize interface{} -> any
• 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/sys from 0.41.0 to 0.42.0

Commits

• eaaaaee windows/registry: correct KeyInfo.ModTime calculation
• 942780b cpu: darwin/arm64 feature detection
• acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
• 3687fbd cpu: better defaults on darwin ARM64
• 48062e9 plan9: change Note to alias syscall.Note
• 4f23f80 windows: change Signal to alias syscall.Signal
• 7548802 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/term from 0.40.0 to 0.41.0

Commits

• 9d2dc07 go.mod: update golang.org/x dependencies
• d954e03 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/text from 0.34.0 to 0.35.0

Commits

• 7ca2c6d go.mod: update golang.org/x dependencies
• 73d1ba9 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/tools from 0.41.0 to 0.42.0

Commits

• 009367f go.mod: update golang.org/x dependencies
• 2182926 go/ast/inspector: add Cursor.ParentEdge{Kind,Index} methods
• 27020ac internal/server: add module upgrade pathway after vulncheck scanning
• c4ec0f5 internal/server: list vulnerabilities within vulncheck prompt
• 80d1715 gopls/internal/protocol: add document uri field type
• 0e23509 gopls/doc: update link to Acme LSP plugin
• 7b3ed75 gopls/internal/server: respect SemanticTokens option during initialization