chore(deps): bump the go-minor-patch group in /go with 12 updates

[dependabot]

Bumps the go-minor-patch group in /go with 12 updates:

Package	From	To
github.com/a2aproject/a2a-go	0.3.13	0.3.15
github.com/anthropics/anthropic-sdk-go	1.35.0	1.37.0
github.com/aws/aws-sdk-go-v2/config	1.32.14	1.32.16
github.com/openai/openai-go/v3	3.31.0	3.32.0
google.golang.org/genai	1.53.0	1.54.0
k8s.io/api	0.35.3	0.35.4
k8s.io/apimachinery	0.35.3	0.35.4
k8s.io/client-go	0.35.3	0.35.4
github.com/aws/aws-sdk-go-v2	1.41.5	1.41.6
github.com/aws/aws-sdk-go-v2/service/bedrockruntime	1.50.4	1.50.5
github.com/jackc/pgx/v5	5.9.1	5.9.2
github.com/ollama/ollama	0.20.5	0.21.0

Updates github.com/a2aproject/a2a-go from 0.3.13 to 0.3.15

Release notes

Sourced from github.com/a2aproject/a2a-go's releases.

v0.3.15

0.3.15 (2026-04-15)

Bug Fixes

• fix message rejected during input_required resumption due to execution cleanup race (#303)

v0.3.14

0.3.14 (2026-04-15)

Bug Fixes

• fix unnecessary task store get in local execution mode

Changelog

Sourced from github.com/a2aproject/a2a-go's changelog.

0.3.15 (2026-04-15)

Bug Fixes

• fix message rejected during input_required resumption due to execution cleanup race (#303)

0.3.14 (2026-04-15)

Bug Fixes

• fix unnecessary task store get in local execution mode

Commits

• 081cf21 fix rejected during input_required resumption due to execution cleanup race #303
• 730788c fix unnecessary task store get in local execution mode
• 0a222de fix: drop original error after override (#304)
• See full diff in compare view

Updates github.com/anthropics/anthropic-sdk-go from 1.35.0 to 1.37.0

Release notes

Sourced from github.com/anthropics/anthropic-sdk-go's releases.

v1.37.0

1.37.0 (2026-04-16)

Full Changelog: v1.36.0...v1.37.0

Features

• api: add claude-opus-4-7, token budgets and user_profiles (6e758a9)

v1.36.0

1.36.0 (2026-04-14)

Full Changelog: v1.35.1...v1.36.0

Features

• api: mark Sonnet and Opus 4 as deprecated (fc49d21)
• bedrock: use auth header for mantle client (#734) (629eec1)

v1.35.1

1.35.1 (2026-04-13)

Full Changelog: v1.35.0...v1.35.1

Bug Fixes

• streaming: add missing events (227b83e)

Changelog

Sourced from github.com/anthropics/anthropic-sdk-go's changelog.

1.37.0 (2026-04-16)

Full Changelog: v1.36.0...v1.37.0

Features

• api: add claude-opus-4-7, token budgets and user_profiles (6e758a9)

1.36.0 (2026-04-14)

Full Changelog: v1.35.1...v1.36.0

Features

• api: mark Sonnet and Opus 4 as deprecated (fc49d21)
• bedrock: use auth header for mantle client (#734) (629eec1)

1.35.1 (2026-04-13)

Full Changelog: v1.35.0...v1.35.1

Bug Fixes

• streaming: add missing events (227b83e)

Commits

• b23d9dc release: 1.37.0
• 62d0297 feat(api): add claude-opus-4-7, token budgets and user_profiles
• 9a9dd58 release: 1.36.0
• 702322c feat(bedrock): use auth header for mantle client (#734)
• 1b7e4a5 feat(api): mark Sonnet and Opus 4 as deprecated
• 53f1077 codegen metadata
• 07302c8 release: 1.35.1
• 1717fb8 fix(streaming): add missing events
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.14 to 1.32.16

Commits

• 9bc9c51 Release 2026-04-17
• 2b41455 Regenerated Clients
• 2327a1b Update endpoints model
• 9225797 Update API model
• 7b6f675 Bump smithy-go to 1.25 (again) (#3390)
• c8b6a97 Release 2026-04-16
• 4a05c2b Regenerated Clients
• 6cd4cc9 Update endpoints model
• 3153bed Update API model
• fe3cef6 Make AccountIDEndpointRouting aware of bdd endpoints (#3387)
• Additional commits viewable in compare view

Updates github.com/openai/openai-go/v3 from 3.31.0 to 3.32.0

Release notes

Sourced from github.com/openai/openai-go/v3's releases.

v3.32.0

3.32.0 (2026-04-16)

Full Changelog: v3.31.0...v3.32.0

Features

• api: Add detail to InputFileContent (b8e782f)
• api: add OAuthErrorCode type (d54fff1)
• api: add prompt_cache_retention parameter to response compact (e2da10d)

Bug Fixes

• fix for union type names (0bc8ad5)

Documentation

• improve examples (c3c36ad)

Changelog

Sourced from github.com/openai/openai-go/v3's changelog.

3.32.0 (2026-04-16)

Full Changelog: v3.31.0...v3.32.0

Features

• api: Add detail to InputFileContent (b8e782f)
• api: add OAuthErrorCode type (d54fff1)
• api: add prompt_cache_retention parameter to response compact (e2da10d)

Bug Fixes

• fix for union type names (0bc8ad5)

Documentation

• improve examples (c3c36ad)

Commits

• fb77de1 release: 3.32.0
• a1547ab feat(api): add prompt_cache_retention parameter to response compact
• 2cd72bd codegen metadata
• 5b6d1e5 docs: improve examples
• 2345564 codegen metadata
• 37caff2 feat(api): Add detail to InputFileContent
• 51830fd codegen metadata
• b138fbf feat(api): add OAuthErrorCode type
• 05f02ff codegen metadata
• 8c5e47a fix: fix for union type names
• See full diff in compare view

Updates google.golang.org/genai from 1.53.0 to 1.54.0

Release notes

Sourced from google.golang.org/genai's releases.

v1.54.0

1.54.0 (2026-04-13)

Features

• Add "eu" as a supported service location for Vertex AI platform. (9245aba)
• Add Live Avatar new fields (2ae252c)
• Add webhook_config to batches.create() and models.generate_videos() (4790027)

Changelog

Sourced from google.golang.org/genai's changelog.

1.54.0 (2026-04-13)

Features

• Add "eu" as a supported service location for Vertex AI platform. (9245aba)
• Add Live Avatar new fields (2ae252c)
• Add webhook_config to batches.create() and models.generate_videos() (4790027)

Commits

• 2abde7d chore(main): release 1.54.0 (#750)
• 4790027 feat: Add webhook_config to batches.create() and models.generate_videos()
• 2db1072 chore: support new config mappings and fields for gemini-embedding-2 on GenAI...
• 5bc9bf4 No public description
• 2ae252c feat: Add Live Avatar new fields
• 6ccba36 chore: Clean up no-op converters
• 9245aba feat: Add "eu" as a supported service location for Vertex AI platform.
• See full diff in compare view

Updates k8s.io/api from 0.35.3 to 0.35.4

Commits

• e8f0e9f Update dependencies to v0.35.4 tag
• 0b2a75e Merge pull request #138356 from dims/update-moby-spdystream-v0.5.1-1.35
• e1ef9bc Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• See full diff in compare view

Updates k8s.io/apimachinery from 0.35.3 to 0.35.4

Commits

• 475c941 Merge pull request #138356 from dims/update-moby-spdystream-v0.5.1-1.35
• 6c08bb5 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 45398ef Merge pull request #137927 from lalitc375/cherry-pick-137864
• b414b94 Fix backport differences for 1.35 (remove WithOrigin and MarkAlpha)
• f933a4d Add slice and map union member support with tests
• 977ad5b Use IsZero instead of IsNil for union ratcheting check
• a128230 Fix union validation ratcheting when oldObj is nil
• See full diff in compare view

Updates k8s.io/client-go from 0.35.3 to 0.35.4

Commits

• d43aed2 Update dependencies to v0.35.4 tag
• 8ebd9bb Merge pull request #138356 from dims/update-moby-spdystream-v0.5.1-1.35
• 00b2f2b Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.5 to 1.41.6

Commits

• 9bc9c51 Release 2026-04-17
• 2b41455 Regenerated Clients
• 2327a1b Update endpoints model
• 9225797 Update API model
• 7b6f675 Bump smithy-go to 1.25 (again) (#3390)
• c8b6a97 Release 2026-04-16
• 4a05c2b Regenerated Clients
• 6cd4cc9 Update endpoints model
• 3153bed Update API model
• fe3cef6 Make AccountIDEndpointRouting aware of bdd endpoints (#3387)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/bedrockruntime from 1.50.4 to 1.50.5

Commits

• 61ed638 Release 2024-06-03
• 7aa6c91 Regenerated Clients
• 69b45ee Update endpoints model
• 3f8909d Update API model
• e3c589f add missing deprecation docs on global EndpointResolver interfaces (#2665)
• 4d3e8fd fix s3 expected bucket owner presigning (#2662)
• 75ab304 Release 2024-05-31
• 3e8a5ac Regenerated Clients
• 961e44f Update API model
• 5edcd29 Release 2024-05-30
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

1. The non-default simple protocol is used.
2. A dollar quoted string literal is used in the SQL query.
3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

Commits

• 0aeabbc Release v5.9.2
• 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
• a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
• e34e452 doc: Add godoc links
• 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
• 96b4dbd Remove unstable test
• acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
• 2f81f1f Update max_protocol_version and min_protocol_version defaults
• See full diff in compare view

Updates github.com/ollama/ollama from 0.20.5 to 0.21.0

Release notes

Sourced from github.com/ollama/ollama's releases.

v0.21.0

Hermes Agent

ollama launch hermes

Hermes learns with you, automatically creating skills to better serve your workflows. Great for research and engineering tasks.

What's Changed

• Gemma 4 on MLX. Added support for running Gemma 4 via MLX on Apple Silicon, including a text-only MLX runtime for the model. The MLX backend also picked up mixed-precision quantization, better capability detection, and a batch of new op wrappers (Conv2d, Pad, activations, trig, masked SDPA, and RoPE-with-freqs).
• Hermes and GitHub Copilot CLI in ollama launch. Added both integrations, which can now be configured in one command alongside the rest of the supported coding agents.
• OpenCode moved to inline config. ollama launch opencode now writes its config inline rather than to a separate file, matching how other integrations are handled.
• ollama launch no longer rewrites config when nothing changed. Pressing → on a configured multi-model integration, or passing --model with the current primary, used to trigger a confirmation prompt and rewrite both the editor's config file and config.json. Now it's a no-op when the resolved model list matches what's already saved.
• Fixed ollama launch openclaw --yes so it correctly skips the channels configuration step, so non-interactive setups complete cleanly.
• Restored the Gemma 4 nothink renderer with the e2b-style prompt.
• Fixed the Gemma 4 compiler error that was breaking Metal builds.
• Fixed macOS cross-compiles so they no longer trigger generate, which was breaking cmake builds on some Xcode versions.
• Quieted cgo builds by suppressing deprecated warnings during go build.

Full Changelog: ollama/ollama@v0.20.7...v0.21.0

v0.20.8

What's Changed

• ROCm: Update to ROCm 7.2.1 on Linux by @​saman-amd in ollama/ollama#15483
• gemma4: fix nothink case renderer by @​drifkin in ollama/ollama#15553
• gemma4: fix compiler error on metal by @​dhiltgen in ollama/ollama#15550
• gemma4: add nothink renderer tests by @​drifkin in ollama/ollama#15554
• mlx: mixed-precision quant and capability detection improvements by @​dhiltgen in ollama/ollama#15409
• mlx: add op wrappers for Conv2d, Pad, activations, trig, and masked SDPA by @​dhiltgen in ollama/ollama#14913
• Revert "gemma4: add nothink renderer tests" by @​drifkin in ollama/ollama#15555
• cgo: suppress deprecated warning to quiet down go build by @​dhiltgen in ollama/ollama#15438
• mac: prevent generate on cross-compiles by @​dhiltgen in ollama/ollama#15120
• Revert "gemma4: fix nothink case renderer" by @​drifkin in ollama/ollama#15556
• launch/opencode: use inline config by @​hoyyeva in ollama/ollama#15462
• gemma4: restore e2b-style nothink prompt by @​drifkin in ollama/ollama#15560
• Gemma4 on MLX by @​dhiltgen in ollama/ollama#15244

Full Changelog: ollama/ollama@v0.20.6...v0.20.8-rc0

v0.20.7

What's Changed

• Fix quality of gemma:e2b and gemma:e4b when thinking is disabled
• ROCm: Update to ROCm 7.2.1 on Linux by @​saman-amd in ollama/ollama#15483

Full Changelog: ollama/ollama@v0.20.6...v0.20.7

... (truncated)

Commits

• 57653b8 cmd/launch: show WSL guidance on Windows instead of handing off (#15637)
• a50ce61 launch: skip unchanged managed-single rewrite (#15633)
• 2bb7ea0 create: avoid gc race with create (#15628)
• 55fa80d mlx: additional gemma4 cache fixes (#15607)
• b9cb535 mlx: fix gemma4 cache to use logical view (#15617)
• 031baef mlx: fix imagegen lookup (#15588)
• 7d271e6 cmd/launch: add Copilot CLI integration (#15583)
• c88dae2 Merge pull request #15612 from ollama/drifkin/gemma4-split-templates
• 9e3618d make empty block conditional
• 5d920cc Keep Gemma4 router projection in source precision (#15613)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.