chore(deps): bump the backend-dependencies group in /backend with 9 updates

[dependabot]

Bumps the backend-dependencies group in /backend with 9 updates:

Package	From	To
github.com/compose-spec/compose-go/v2	2.6.4	2.8.2
github.com/docker/docker	28.2.2+incompatible	28.4.0+incompatible
github.com/docker/go-connections	0.5.0	0.6.0
github.com/gin-contrib/cors	1.7.5	1.7.6
github.com/go-co-op/gocron/v2	2.16.2	2.16.5
github.com/golang-jwt/jwt/v5	5.2.2	5.3.0
github.com/golang-migrate/migrate/v4	4.18.3	4.19.0
golang.org/x/crypto	0.38.0	0.39.0
gorm.io/gorm	1.30.0	1.30.5

Updates github.com/compose-spec/compose-go/v2 from 2.6.4 to 2.8.2

Release notes

Sourced from github.com/compose-spec/compose-go/v2's releases.

v2.8.2

What's Changed

• Bump actions/download-artifact from 4 to 5 by @​dependabot[bot] in compose-spec/compose-go#816
• Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @​dependabot[bot] in compose-spec/compose-go#818
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in compose-spec/compose-go#817
• Bump actions/stale from 9 to 10 by @​dependabot[bot] in compose-spec/compose-go#821
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in compose-spec/compose-go#822
• report origin of yaml parsing error by @​ndeloof in compose-spec/compose-go#820

Full Changelog: compose-spec/compose-go@v2.8.1...v2.8.2

v2.8.1

What's Changed

• add functions to list models defined and services using models by @​glours in compose-spec/compose-go#812

Full Changelog: compose-spec/compose-go@v2.8.0...v2.8.1

v2.8.0

What's Changed

• bump go-viper/mapstructure to version v2.3.0 by @​glours in compose-spec/compose-go#804
• consistency check detects models reference without a matching definition by @​ndeloof in compose-spec/compose-go#803
• make modelToProject and toOptions funcs public by @​crazy-max in compose-spec/compose-go#805
• Update go-yaml to the official fork by @​lionello in compose-spec/compose-go#795
• fix: check for empty key in environment before accessing it by index by @​stasadev in compose-spec/compose-go#807
• fix ability to override values set in env file by interpolation by @​ndeloof in compose-spec/compose-go#793
• schema validate container_name with regex by @​kpbaks in compose-spec/compose-go#810
• introduce provenance and sbom in build section by @​ndeloof in compose-spec/compose-go#809
• fix extraction of variables by @​krjakbrjak in compose-spec/compose-go#811
• feat: add extensible transform API for custom field transformations by @​OrlovEvgeny in compose-spec/compose-go#808

New Contributors

• @​crazy-max made their first contribution in compose-spec/compose-go#805
• @​kpbaks made their first contribution in compose-spec/compose-go#810
• @​krjakbrjak made their first contribution in compose-spec/compose-go#811
• @​OrlovEvgeny made their first contribution in compose-spec/compose-go#808

Full Changelog: compose-spec/compose-go@v2.7.1...v2.8.0

v2.7.1

What's Changed

• introduce mode_var for model binding by @​ndeloof in compose-spec/compose-go#802

Full Changelog: compose-spec/compose-go@v2.7.0...v2.7.1

v2.7.0

What's Changed

• fix by @​ndeloof in compose-spec/compose-go#800

... (truncated)

Commits

• 0eb393d report origin of yaml parsing error
• f1ebeaf Bump actions/setup-go from 5 to 6
• d5d97f4 Bump actions/stale from 9 to 10
• e16f794 Bump actions/checkout from 4 to 5
• 4158cdb Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0
• c2a30d7 Bump actions/download-artifact from 4 to 5
• 0bd9107 add functions to list models defined and services using models
• 6d8281c feat: add extensible transform API for custom field transformations
• aa1ee1a fix extraction of variables
• a42e757 introduce provenance and sbom in build section
• Additional commits viewable in compare view

Updates github.com/docker/docker from 28.2.2+incompatible to 28.4.0+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.4.0

28.4.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.4.0 milestone
• moby/moby, 28.4.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

New

• Allow Docker CLI to set the GODEBUG environment variable when the key-value pair ("GODEBUG":"...") exists inside the docker context metadata. docker/cli#6399

Bug fixes and enhancements

• Add shell completion for docker pull and docker image pull. docker/cli#6420
• Fix a regression in v28.3.3 that could cause a panic on docker push if the client did not send an X-Registry-Auth header. moby/moby#50738
• Windows: Potentially fix an issue with "access denied" error when pulling images. moby/moby#50871
• containerd image store: Fix docker history failing with snapshot X does not exist when calling on a non-native image that was built locally. moby/moby#50875
• containerd image store: Fix docker image prune to emit correct untag and delete events and list only the deleted images root digests instead of every blob. moby/moby#50837
• Remove interactive login prompt from docker push and docker pull after a failure caused by missing authentication. docker/cli#6256

Packaging updates

• Update BuildKit to v0.24.0. moby#50888
• Update Go runtime to 1.24.7. moby/moby#50889, docker/cli#6422
• Update runc to v1.3.0. moby/moby#50699
• Update containerd (static binaries only) to v1.7.28. moby/moby#50700

Networking

• Fix an issue that could cause slow container restart on live-restore. moby/moby#50829

API

• Update deprecation message for AuthConfig.Email field. moby/moby#50797

Go SDK

• Deprecate profiles package which got migrated to github.com/moby/profiles. moby/moby#50513

Deprecations

• Deprecate special handling for quoted values for the --tlscacert, --tlscert, and --tlskey command-line flags. docker/cli#6291
• Mark legacy links env vars (DOCKER_KEEP_DEPRECATED_LEGACY_LINKS_ENV_VARS) as deprecated in v28.4 and set for removal in v30.0. docker/cli#6309
• Go-SDK: Deprecate field NetworkSettingsBase.Bridge, struct NetworkSettingsBase, all the fields of DefaultNetworkSettings, and struct DefaultNetworkSettings. moby/moby#50839
• Go-SDK: api/types: build.CacheDiskUsage, container.DiskUsage, images.DiskUsage and volumes.DiskUsage are now deprecated and will be removed in the next major release. moby/moby#50768
• Go-SDK: cli-plugins/manager: deprecate ReexecEnvvar. docker/cli#6411
• Go-SDK: cli-plugins/manager: deprecate annotation aliases (CommandAnnotationPlugin, CommandAnnotationPluginVendor, CommandAnnotationPluginVersion, CommandAnnotationPluginInvalid, CommandAnnotationPluginCommandPath) in favor of their equivalent in cli-plugins/manager/metadata. docker/cli#6298

... (truncated)

Commits

• 249d679 Merge pull request #50890 from vvoland/50889-28.x
• d664cfe update to go1.24.7
• b384cd2 Merge pull request #50888 from vvoland/50885-28.x
• c1ce88e vendor: update buildkit to v0.24.0
• 4a34e8e Merge pull request #50875 from vvoland/50867-28.x
• cfa70d0 gha/arm64: Setup qemu
• d70382e integration/internal: Print Buildkit logs
• 687b206 c8d/history: Fix non-native platforms
• e4224f8 integration/internal: Handle Buildkit in GetImageIDFromBody
• 5d5332b Merge pull request #50871 from vvoland/50870-28.x
• Additional commits viewable in compare view

Updates github.com/docker/go-connections from 0.5.0 to 0.6.0

Commits

• 42faf79 Merge pull request #138 from thaJeztah/sockets_move_unix_options
• 9ffab7e sockets: make NewUnixSocket, WithChown, WithChmod unix-only
• 6bb1d15 Merge pull request #135 from thaJeztah/rename_test_files
• b6c843d sockets: rename files to be considered test files
• 80898b6 Merge pull request #133 from thaJeztah/deprecate_socket_dialpipe
• a4399e5 socket: deprecate DialPipe
• b071e04 Merge pull request #128 from thaJeztah/remove_old_cyphers
• 578bfde Merge pull request #132 from thaJeztah/optimize_ParsePortSpec
• deccd71 tlsconfig: align client and server defaults, remove weak CBC ciphers
• 30b91c8 nat: ParsePortSpec: combine some conditions
• Additional commits viewable in compare view

Updates github.com/gin-contrib/cors from 1.7.5 to 1.7.6

Release notes

Sourced from github.com/gin-contrib/cors's releases.

v1.7.6

Changelog

Others

• f65f3f787bfa4425d557a2975f2c00ce377718d4: test: refactor and expand CORS AllowOrigins test coverage (@​appleboy)

Enhancements

• 28dfa405cf69fbaacd0a6012026e6dde68dbb1c9: chore: update core dependencies to latest supported versions (@​appleboy)
• a9706b1fc6fcd2f76de77c756d83d2fbd24362c1: chore: use http.MethodOptions instead of string literal (#164) (@​LombardiDaniel)
• 7161918d462067a93089e31b125a4bb5af8227f7: chore: update go codec library to improve serialization support (@​appleboy)
• ebd7f912c7f16d468ce530a8625f1a135f65a76f: chore: pin golangci-lint to a specific version (@​appleboy)

Refactor

• 47d9afe5a3f22e913dfd5dc0fab17d1fef58cbbc: refactor: refactor tests to table-driven style and simplify router logic (@​appleboy)

Build process updates

• 90bd363599befa876b8a8d351dea21aa5d58e5d7: ci: upgrade golangci-lint GitHub Action to v8 (@​appleboy)

Documentation updates

• 516207b6baef2029edd9a5c78e892546ab42b7bb: docs: rewrite and expand README for clarity and comprehensive guidance (@​appleboy)
• abfb2cb54b85cae2f72f6a7c5a4ee1decbca9bd4: docs: expand and clarify configuration documentation (@​appleboy)
• 8efeda3905b9493a2c1962393ea783b126ad27aa: docs: revise and expand project documentation for clarity and usability (@​appleboy)
• 4ee797ec66a133fb02afbcda6d27ef0a58473c9c: docs: reorganize and streamline README structure and content (@​appleboy)

Commits

• 47d9afe refactor: refactor tests to table-driven style and simplify router logic
• f65f3f7 test: refactor and expand CORS AllowOrigins test coverage
• 4ee797e docs: reorganize and streamline README structure and content
• 8efeda3 docs: revise and expand project documentation for clarity and usability
• abfb2cb docs: expand and clarify configuration documentation
• ebd7f91 chore: pin golangci-lint to a specific version
• 516207b docs: rewrite and expand README for clarity and comprehensive guidance
• 7161918 chore: update go codec library to improve serialization support
• 90bd363 ci: upgrade golangci-lint GitHub Action to v8
• a9706b1 chore: use http.MethodOptions instead of string literal (#164)
• Additional commits viewable in compare view

Updates github.com/go-co-op/gocron/v2 from 2.16.2 to 2.16.5

Release notes

Sourced from github.com/go-co-op/gocron/v2's releases.

v2.16.5

What's Changed

• Use errors.New for non-formatted strings by @​apocelipes in go-co-op/gocron#870
• Add go1.25 tests by @​apocelipes in go-co-op/gocron#869

Full Changelog: go-co-op/gocron@v2.16.4...v2.16.5

v2.16.4

What's Changed

• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in go-co-op/gocron#860
• Bump golang.org/x/crypto from 0.40.0 to 0.41.0 by @​dependabot[bot] in go-co-op/gocron#859
• Add comprehensive GitHub Copilot instructions for gocron development by @​Copilot in go-co-op/gocron#866
• Fix memory consumption issue by changing jobOutRequest channels to use pointers and reducing buffer size by @​Copilot in go-co-op/gocron#864
• Bump testify by @​JohnRoesler in go-co-op/gocron#868

New Contributors

• @​Copilot made their first contribution in go-co-op/gocron#866

Full Changelog: go-co-op/gocron@v2.16.3...v2.16.4

v2.16.3

What's Changed

• fix: cancel job contexts in create/update errors by @​JohnRoesler in go-co-op/gocron#858

Full Changelog: go-co-op/gocron@v2.16.2...v2.16.3

Commits

• 6e6485b Add go1.25 tests (#869)
• b383ca9 Use errors.New for non-formatted strings (#870)
• cc3a1db Bump testify (#868)
• 9e8c79d Fix memory consumption issue by changing jobOutRequest channels to use pointe...
• 8187978 Add comprehensive GitHub Copilot instructions for gocron development (#866)
• 5bf6802 Bump golang.org/x/crypto from 0.40.0 to 0.41.0 (#859)
• 78468fa Bump actions/checkout from 4 to 5 (#860)
• fcfcb87 fix: cancel job contexts in create/update errors (#858)
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.2.2 to 5.3.0

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.0

This release is almost identical to to v5.2.3 but now correctly indicates Go 1.21 as minimum requirement.

What's Changed

• Create CODEOWNERS by @​oxisto in golang-jwt/jwt#449
• Bump Go version to indicate correct minimum requirement by @​oxisto in golang-jwt/jwt#452

Full Changelog: golang-jwt/jwt@v5.2.3...v5.3.0

v5.2.3

What's Changed

• Bump GitHub workflows and Go versions by @​mfridman in golang-jwt/jwt#438
• Implementing validation of multiple audiences by @​oxisto in golang-jwt/jwt#433
• Bump golangci/golangci-lint-action from 7 to 8 by @​dependabot[bot] in golang-jwt/jwt#440
• replaced interface{} to any by @​aachex in golang-jwt/jwt#445
• Fix bug in validation of multiple audiences by @​sfinnman-cotn in golang-jwt/jwt#441

New Contributors

• @​aachex made their first contribution in golang-jwt/jwt#445
• @​sfinnman-cotn made their first contribution in golang-jwt/jwt#441

Full Changelog: golang-jwt/jwt@v5.2.2...v5.2.3

Commits

• e9547a1 Bump Go version to indicate correct minimum requirement (#452)
• 3839817 Create CODEOWNERS (#449)
• d83e545 Fix bug in validation of multiple audiences (#441)
• 75740f1 replaced interface{} to any (#445)
• 048854f Bump golangci/golangci-lint-action from 7 to 8 (#440)
• 497a38e Implementing validation of multiple audiences (#433)
• 12384ea Bump GitHub workflows and Go versions (#438)
• See full diff in compare view

Updates github.com/golang-migrate/migrate/v4 from 4.18.3 to 4.19.0

Release notes

Sourced from github.com/golang-migrate/migrate/v4's releases.

v4.19.0

What's Changed

• Fixed sqlserver not actually getting a lock if lock is already set by @​urbim in golang-migrate/migrate#1186
• Bump golang.org/x/oauth2 from 0.18.0 to 0.27.0 by @​dependabot[bot] in golang-migrate/migrate#1299
• Update apt-key to gpg by @​sandhilt in golang-migrate/migrate#1277
• Update dktest to v0.4.6 for docker vuln fix by @​dhui in golang-migrate/migrate#1309
• refactor: Remove go.uber.org/atomic in favor of std sync/atomic by @​romshark in golang-migrate/migrate#1303
• Ensure bufferWriter is always closed in Migration.Buffer and propagate close errors by @​ckantcs in golang-migrate/migrate#1308
• Add support for Go 1.25 and drop support for 1.23 by @​dhui in golang-migrate/migrate#1310

New Contributors

• @​urbim made their first contribution in golang-migrate/migrate#1186
• @​sandhilt made their first contribution in golang-migrate/migrate#1277
• @​romshark made their first contribution in golang-migrate/migrate#1303
• @​ckantcs made their first contribution in golang-migrate/migrate#1308

Full Changelog: golang-migrate/migrate@v4.18.3...v4.19.0

Commits

• 8b9c5f7 Merge pull request #1310 from dhui/update_go
• b4ec9bc Add support for Go 1.25 and drop support for 1.23
• ed4bdd4 Ensure bufferWriter is always closed in Migration.Buffer and propagate close ...
• 8945e85 Merge pull request #1303 from romshark/master
• 7108d80 Merge pull request #1309 from dhui/dktest_v0.4.6
• 682016f Merge pull request #1277 from sandhilt/doc/change-apt-key-to-gpg
• f3e6b5a Replace usage of deprecated docker types
• 0a17402 Update dktest to v0.4.6 for docker vuln fix
• 5eee0c8 Merge pull request #1299 from golang-migrate/dependabot/go_modules/golang.org...
• 642a24d Bump golang.org/x/oauth2 from 0.18.0 to 0.27.0
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.38.0 to 0.39.0

Commits

• 3bf9d2a ssh/test: skip KEX test if unsupported by system SSH client
• 9bab967 go.mod: update golang.org/x dependencies
• 4f9f0ca x509roots/fallback: add init time benchmark
• eac7cf0 x509roots/fallback: move parsing code to a non-generated file
• 18228cd acme: return err from deprecated TLS-SNI-[01|02] functions
• 73f6362 acme: remove dead code
• ebc8e46 ssh: add server side support for Diffie Hellman Group Exchange
• e944286 ssh: expose negotiated algorithms
• 78a1fd7 ssh: automatically add curve25519-sha256@libssh.org KEX alias
• ac58737 ssh: export supported algorithms
• Additional commits viewable in compare view

Updates gorm.io/gorm from 1.30.0 to 1.30.5

Release notes

Sourced from gorm.io/gorm's releases.

Release v1.30.5

Changes

• No changes

Release v1.30.4

Changes

• Add Set-based Create and Update support to Generics API @​jinzhu (#7578)
• fix: build failure on Go versions below 1.21 @​iTanken (#7572)
• fix slogLogger to support ParameterizedQueries Config @​EricWvi (#7574)

Release v1.30.3

Changes

• No changes

Release v1.30.2

Changes

• avoid copying structures with embedded mutexs @​drakkan (#7571)
• Add DefaultContextTimeout option @​jinzhu (#7567)
• Update the docker compose file @​moseszane168 (#7524)
• fix: returning all columns with "on conflict do update" @​phongphan (#7534)
• feat(slog-integration) @​rezamokaram (#7537)
• fix data race in some case go-gorm/gorm@725aa5b
• performance improvement

Release v1.30.1

Changes

• optimize: field.ReflectValueOf @​liov (#7530)
• optimize: performance optimization @​liov (#7526)
• fix(schema): check the hook function parameter type @​demoManito (#7468)
• Fix: Unexpected OR Conditions force converted to AND @​Riseif (#7512)
• Add GaussDB Database Support @​moseszane168 (#7508)
• Call after initialize for gorm.Config @​jinzhu (#7518)
• A little optimization for filed.ValueOf @​liov (#7499)
• fixes #7486 @​Eshan-Jogwar (#7492)
• fix decimal migrate error. @​Chise1 (#7450)
• test: update MySQL test matrix to use official images and add 9.0, 8.4 versions @​enomotodev (#7476)

Commits

• 688e8ea Set accepts Assigner for Generics API
• 1901911 Add Set-based Create and Update support to Generics API (#7578)
• cb65743 fix: build failure on Go versions below 1.21, add build constraint for slog.g...
• 4087ac7 fix slogLogger to support ParameterizedQueries Config (#7574)
• 3840425 fix(generics): resolve CurrentTable in Raw/Exec
• cace4a6 avoid copying structures with embedded mutexs (#7571)
• 7ceb0d9 Add DefaultContextTimeout option (#7567)
• 4e34a6d Add tests for sub model
• 67de7a8 performance improve for schema
• 725aa5b Fix data race, close #7287 #7110 #7539 #7108
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions