Upgrade: Bump cuelang.org/go from 0.11.1 to 0.11.2

[dependabot]

Bumps cuelang.org/go from 0.11.1 to 0.11.2.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The pull request updates the cuelang.org/go package from version 0.11.1 to 0.11.2 in the go.mod and go.sum files, representing a minor version update with potential bug fixes or small feature additions.

Expand for full summary

Summary:

The code changes in this pull request are focused on updating the dependency on the cuelang.org/go package from version 0.11.1 to version 0.11.2 in both the go.mod and go.sum files. This is a minor version update, which typically indicates a bug fix or small feature addition, rather than a significant change.

From an application security perspective, these updates do not appear to introduce any major security concerns. Version updates are generally a good practice to keep dependencies up-to-date and address any known vulnerabilities. However, it's always recommended to review the release notes or change logs for the new version to ensure there are no security-related changes that may impact the application. Additionally, it's important to have a thorough testing process in place to validate that the updated dependency does not introduce any regressions or unexpected behavior in the application.

Files Changed:

1. go.mod: The go.mod file has been updated to use version 0.11.2 of the cuelang.org/go package, which is a minor version update.
2. go.sum: The go.sum file has also been updated to reflect the new version 0.11.2 of the cuelang.org/go package.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

View PR in the DryRun Dashboard.

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
High	pkg:golang/cuelang.org/go@v0.11.2 upgrade to: > v0.11.2

More info on how to fix Vulnerable Libraries in Go.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.