deps(deps): bump the gomod-minor-and-patch group across 1 directory with 31 updates

[dependabot]

Bumps the gomod-minor-and-patch group with 24 updates in the / directory:

Package	From	To
cloud.google.com/go/storage	1.49.0	1.62.2
github.com/MShekow/directory-checksum	1.4.9	1.4.18
github.com/atombender/go-jsonschema	0.23.0	0.23.1
github.com/aws/aws-lambda-go	1.47.0	1.54.0
github.com/aws/aws-sdk-go-v2/config	1.29.7	1.32.17
github.com/cloudflare/cloudflare-go	0.104.0	0.116.0
github.com/disgoorg/disgo	0.18.5	0.19.3
github.com/fatih/color	1.18.0	1.19.0
github.com/go-git/go-git/v5	5.19.0	5.19.1
github.com/onsi/gomega	1.38.2	1.41.0
github.com/otiai10/copy	1.14.0	1.14.1
github.com/pulumi/pulumi-aws/sdk/v6	6.83.0	6.83.3
github.com/pulumi/pulumi-cloudflare/sdk/v6	6.2.0	6.15.0
github.com/pulumi/pulumi-docker/sdk/v4	4.5.8	4.11.2
github.com/pulumi/pulumi-gcp/sdk/v8	8.0.0	8.41.1
github.com/pulumi/pulumi-kubernetes/sdk/v4	4.18.1	4.31.0
github.com/pulumi/pulumi-mongodbatlas/sdk/v3	3.30.0	3.38.0
github.com/pulumi/pulumi-random/sdk/v4	4.17.0	4.20.0
github.com/pulumi/pulumi/pkg/v3	3.184.0	3.241.0
github.com/samber/lo	1.38.1	1.53.0
github.com/tmc/langchaingo	0.1.13	0.1.14
go.mongodb.org/mongo-driver	1.16.1	1.17.9
k8s.io/apimachinery	0.35.0	0.36.1
k8s.io/client-go	0.35.0	0.36.1

Updates cloud.google.com/go/storage from 1.49.0 to 1.62.2

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.62.2

v1.62.2 (2026-05-18)

Features

• enable open telemetry attrs (#14426) (74eab64d)

Bug Fixes

• restore metadata operations timeout in gRPC (#14575) (275ff562)

• Set default chunkRetryDeadline to 32s in NewWriterFromAppendableObject (#14458) (ec7c7d66)

• refactor userProject metadata propagation in ListObjects (#14533) (fbb543e3)

storage: v1.59.3

v1.59.3 (2026-05-05)

Bug Fixes

• handle MRD hang corner case (#14509) (1ca3b6f0)

container: v1.52.0

v1.52.0 (2026-05-14)

Features

• update API sources and regenerate (#14581) (df96b2ec)

Commits

• 50a5755 chore: librarian release pull request: 20260518T161338Z (#14610)
• 585840f spanner: skip flaky TestIntegration_DbRemovalRecovery (#14607)
• f8bf88f test(spanner): retry query after database recreation in integration test (#14...
• 9168ab8 chore(librariangen): tweak release preview test (#14599)
• f8b9a93 fix(spanner/spannertest): Support UUID as a base data type (#14117)
• a42fd83 fix(internal/librariange): release preview support (#14588)
• d944830 fix(datastore): add retries to emulator (#14591)
• c5aaedc chore: migrate Go configuration in librarian.yaml (#14587)
• 8a0e849 doc(agentplatform): Add notes and quick examples to the README
• 033f4fe chore: librarian release pull request: 20260514T191310Z (#14589)
• Additional commits viewable in compare view

Updates github.com/MShekow/directory-checksum from 1.4.9 to 1.4.18

Release notes

Sourced from github.com/MShekow/directory-checksum's releases.

v1.4.18

Changelog

• 4ce00c57b5c7d95d5341b2af5d33a125f1559b0b chore(deps): update goreleaser/goreleaser-action action to v7.2.1 (#122)
• 238103b19a4526004e8be9eaf8853668ab7fd9fd chore(deps): update go toolchain directive to v1.26.3 (#121)
• c4d0ac4ccbf366b722c91ad3b00febec87166f27 chore(deps): update robinraju/release-downloader action to v1.13 (#120)
• 7cc7f005a503338f9980203ed35572d4f4d0d446 chore(deps): update goreleaser/goreleaser-action action to v7.1.0 (#119)

v1.4.17

Changelog

• b5ec9cb649e9298e020b860d44de3655d8dc99db chore(deps): pin GitHub Actions digests (#117)
• 9e14614cba7ea4d2e45bff7d898976b472033023 chore: configure Renovate to pin GitHub Action digests
• d0db2cce14af7ef180eab64db0a8f413a1b0a2bf chore(deps): update dependency go to v1.26.2 (#116)
• e7b210875c142a2858cccb0988451491413f064e chore(deps): update anchore/scan-action action to v7.4.0 (#115)
• ebcb84ba64784235854e0e9aeed2270a8af825ad chore(deps): update anchore/sbom-action action to v0.24.0 (#114)
• db43f1ecb8acf2c8cf9fa982f75aa762503a563b chore(deps): update actions/setup-go action to v6.4.0 (#113)
• a3f08e15d4a61e1c01cd0fb911db75b13cf66145 chore(deps): update anchore/sbom-action action to v0.23.1 (#112)
• 3dac27826410e350598c6aa2176dbaa05f6310f6 chore(deps): update dominikh/staticcheck-action action to v1.4.1 (#111)
• 1c6495a73c454eac1d963a6d8c4e3eda0fb04ec6 chore(deps): update actions/attest-build-provenance action to v4.1.0 (#110)
• b51cc5cb9a579d6c7ba0d18da8d3ce983e46cfba chore(deps): update actions/attest-build-provenance action to v4 (#109)
• 6c3b5f1771cf4d51dc2ed21e63a8f480b7a7d728 chore(deps): update actions/setup-go action to v6.3.0 (#108)

v1.4.16

Changelog

• 17f5c9e9ca5e402a02dddc513b235dbb27eac6c6 chore(deps): update anchore/sbom-action action to v0.23.0 (#107)
• 05a7b47be8bcdaaf7107212e8304adae17cf9675 chore(deps): update dependency go to v1.26.1 (#106)
• 1138ae7b4da6bea17e4c4cf98cf44f88de52f26b chore(deps): update goreleaser/goreleaser-action action to v7 (#105)

v1.4.15

Changelog

• d3231e88115606eff0747a131104d3405d941633 chore(renovate): remove digest pinning from GHA
• f821a8b45ec07ed8545950646f4bd61115595e00 chore: delete accidentally-committed file
• 068c44d880c0d8638e88d6f2a829f1fe0e20f159 ci: update GitHub action versions from digest to concrete semantic version
• afc8dbe2c5780828c308a177d2db27bd44c90022 chore(deps): update dependency go to v1.26.0 (#99)
• 0f4f17bdc2cf7aa323ba33c43bdf5506f594afd2 chore(deps): update anchore/sbom-action digest to deef08a (#89)
• 72ecf231f53888d31e777f32feeceb9f5b83543b chore(deps): update anchore/scan-action digest to 8d2fce0 (#90)
• e65eaab36e0cbbdc3f2018c39695cd63be4d4fac chore(deps): update actions/setup-go digest to 7a3fe6c (#91)

v1.4.14

Changelog

• 835dc1df98d09ea8dcb689bf7ec52255722d5118 chore(deps): update dependency go to v1.25.6 (#95)
• 1f0a046b816e12c7d68aeb5b4e22d48de5f8d784 chore(deps): update dependency go to v1.25.6 (#94)
• 1be2511f81925c1af8724c79af0791e39e24b228 chore(deps): update actions/checkout action to v6 (#93)

v1.4.13

Changelog

• f138506bd6dac9fd15ba9aa284ac96e1f0087f21 chore(deps): update dependency go to v1.25.5 (#92)
• bca7d0f7ddedd418cd3ce2cd34795a1e6eab7478 chore(deps): update dependency go (#87)
• 8626fc7cf66f87d73abdf757cf0ee18155dac816 chore(deps): update actions/checkout digest to 93cb6ef (#88)
• a82ae184c179610d72dda62204e0065c391232b9 chore(deps): update dependency go to v1.25.4 (#86)

... (truncated)

Commits

• 4ce00c5 chore(deps): update goreleaser/goreleaser-action action to v7.2.1 (#122)
• 238103b chore(deps): update go toolchain directive to v1.26.3 (#121)
• c4d0ac4 chore(deps): update robinraju/release-downloader action to v1.13 (#120)
• 7cc7f00 chore(deps): update goreleaser/goreleaser-action action to v7.1.0 (#119)
• b5ec9cb chore(deps): pin GitHub Actions digests (#117)
• 9e14614 chore: configure Renovate to pin GitHub Action digests
• d0db2cc chore(deps): update dependency go to v1.26.2 (#116)
• e7b2108 chore(deps): update anchore/scan-action action to v7.4.0 (#115)
• ebcb84b chore(deps): update anchore/sbom-action action to v0.24.0 (#114)
• db43f1e chore(deps): update actions/setup-go action to v6.4.0 (#113)
• Additional commits viewable in compare view

Updates github.com/atombender/go-jsonschema from 0.23.0 to 0.23.1

Release notes

Sourced from github.com/atombender/go-jsonschema's releases.

v0.23.1

What's Changed

• chore(deps): update dependency shfmt to v3.13.1 by @​renovate[bot] in omissis/go-jsonschema#539
• chore(deps): update dependency markdownlint-cli2 to v0.22.1 by @​renovate[bot] in omissis/go-jsonschema#543
• feat/update-deps-2026-05-09 by @​omissis in omissis/go-jsonschema#558
• Fix bugs in codegen when the struct has additional fields and constraints at the same time. by @​eliasdaler in omissis/go-jsonschema#545

New Contributors

• @​eliasdaler made their first contribution in omissis/go-jsonschema#545

Full Changelog: omissis/go-jsonschema@v0.23.0...v0.23.1

Commits

• 5c08d7e fix: replace deprecated goreleaser --debug flag with --verbose
• 9050015 fix: introduce specialized docker-container builder for buildx to make the sb...
• 07df3da fix: introduce containerd as driver to work with sbom attestation
• 22aebde Fix bugs in codegen when the struct has additional fields and constraints at ...
• 0827449 feat/update-deps-2026-05-09 (#558)
• d7e5ed1 chore(deps): update dependency markdownlint-cli2 to v0.22.1 (#543)
• 74f12af chore(deps): update dependency shfmt to v3.13.1 (#539)
• See full diff in compare view

Updates github.com/aws/aws-lambda-go from 1.47.0 to 1.54.0

Release notes

Sourced from github.com/aws/aws-lambda-go's releases.

v1.54.0

What's Changed

• Allow ClientContext.Custom unmarshaling for non-string (JSON) values by @​M-Elsaeed in aws/aws-lambda-go#620

New Contributors

• @​M-Elsaeed made their first contribution in aws/aws-lambda-go#620

Full Changelog: aws/aws-lambda-go@v1.54.0...v1.53.0

v1.53.0

What's Changed

• Add S3 event optional fields by @​yhamano0312 in aws/aws-lambda-go#612
• Update workflows for go 1.26 by @​bmoffatt in aws/aws-lambda-go#617
• Fix spelling typos by @​magnetikonline in aws/aws-lambda-go#616
• Add support for Cognito Inbound federation Lambda trigger by @​maximrub in aws/aws-lambda-go#619

New Contributors

• @​yhamano0312 made their first contribution in aws/aws-lambda-go#612
• @​magnetikonline made their first contribution in aws/aws-lambda-go#616
• @​maximrub made their first contribution in aws/aws-lambda-go#619

Full Changelog: aws/aws-lambda-go@v1.53.0...v1.52.0

v1.52.0

What's Changed

• lambdacontext feature: Adding structured logging helper by @​anzheyazzz in aws/aws-lambda-go#614

New Contributors

• @​anzheyazzz made their first contribution in aws/aws-lambda-go#614

Full Changelog: aws/aws-lambda-go@v1.51.2...v1.52.0

v1.51.2

What's Changed

• fix: always return PhysicalResourceID for CFn CustomResources by @​Youssef-Beltagy in aws/aws-lambda-go#613

New Contributors

• @​Youssef-Beltagy made their first contribution in aws/aws-lambda-go#613

Full Changelog: aws/aws-lambda-go@v1.51.1...v1.51.2

v1.51.1

What's Changed

• documentation rework by @​bmoffatt in aws/aws-lambda-go#608

Full Changelog: aws/aws-lambda-go@v1.51.0...v1.51.1

v1.51.0

What's Changed

... (truncated)

Commits

• ca19f6f Allow ClientContext.Custom unmarshaling for non-string (JSON) values (#620)
• 9c32960 Merge pull request #619 from maximrub/inbound-federation
• ebe38d9 add support for Cognito Inbound federation Lambda trigger
• 71624ac Fix spelling typos (#616)
• 33e4dc3 Update workflows for go 1.26 (#617)
• e1cb461 Merge pull request #612 from yhamano0312/feat/add-s3-event-fields
• a66ce2d Merge branch 'main' into feat/add-s3-event-fields
• 9dac8a5 Add structured logging helper (#614)
• 6252f73 fix: always return PhysicalResourceID for CFn CustomResources (#613)
• be52e48 feat: add lifecycle event data structure and corresponding test for S3 events
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.29.7 to 1.32.17

Commits

• 2223642 Release 2026-04-29
• 04c7e46 Regenerated Clients
• 5f56925 Update endpoints model
• aac6d2b Update API model
• bdaead7 upgrade to smithy-go v1.25.1 (#3399)
• 008e12c Release 2026-04-27
• ef109d9 Regenerated Clients
• 6411e63 Update API model
• e5bf970 Release 2026-04-24
• bdbb88c Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.60 to 1.19.16

Commits

• 2223642 Release 2026-04-29
• 04c7e46 Regenerated Clients
• 5f56925 Update endpoints model
• aac6d2b Update API model
• bdaead7 upgrade to smithy-go v1.25.1 (#3399)
• 008e12c Release 2026-04-27
• ef109d9 Regenerated Clients
• 6411e63 Update API model
• e5bf970 Release 2026-04-24
• bdbb88c Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/cloudflare/cloudflare-go from 0.104.0 to 0.116.0

Release notes

Sourced from github.com/cloudflare/cloudflare-go's releases.

v0.116.0

ENHANCEMENTS:

• access_service_tokens: Added graceful rotation support for client secrets (#4189)

v0.115.0

ENHANCEMENTS:

• access_service_token: add last_seen_at field (#3838)
• dns: Add settings to DNSRecord (#3670)
• teams_rules: add support for biso admin controls v2 (#3848)

DEPENDENCIES:

• deps: bumps dependabot/fetch-metadata from 2.2.0 to 2.3.0 (#3865)
• deps: bumps github.com/go-git/go-git/v5 from 5.11.0 to 5.13.0 (#3869)
• deps: bumps github.com/goccy/go-json from 0.10.4 to 0.10.5 (#3870)
• deps: bumps golang.org/x/net from 0.25.0 to 0.33.0 (#3868)

v0.114.0

NOTES:

• rulesets: remove http_request_sbfm phase (#3824)
• workers: The placement_mode attribute in script upload responses has been deprecated. The new attribute placement.mode should be used instead. (#3825)

ENHANCEMENTS:

• access_application: added more fields to private destinations (#3829)
• teams_rules: add support for resolve_dns_internally settings on dns_resolver rules (#3779)
• waiting_room: add waiting room turnstile integration fields (#3764)
• workers: Add new placement attribute object in script upload responses. It contains the mode and status attributes. (#3825)

DEPENDENCIES:

• deps: bumps golang.org/x/net from 0.33.0 to 0.34.0 (#3796)
• deps: bumps golang.org/x/time from 0.8.0 to 0.9.0 (#3783)

v0.113.0

ENHANCEMENTS:

• teams_location: make location parameters optional (#3758)

DEPENDENCIES:

• deps: bumps golang.org/x/net from 0.32.0 to 0.33.0 (#3756)

v0.112.0

ENHANCEMENTS:

• access_application: support Access service token + multi-valued authentication for SCIM provisioning (#3708)

... (truncated)

Changelog

Sourced from github.com/cloudflare/cloudflare-go's changelog.

0.116.0 (September 5th, 2025)

ENHANCEMENTS:

• access_service_tokens: Added graceful rotation support for client secrets (#4189)

0.115.0 (January 29th, 2025)

ENHANCEMENTS:

• access_service_token: add last_seen_at field (#3838)
• dns: Add settings to DNSRecord (#3670)
• teams_rules: add support for biso admin controls v2 (#3848)

DEPENDENCIES:

• deps: bumps dependabot/fetch-metadata from 2.2.0 to 2.3.0 (#3865)
• deps: bumps github.com/go-git/go-git/v5 from 5.11.0 to 5.13.0 (#3869)
• deps: bumps github.com/goccy/go-json from 0.10.4 to 0.10.5 (#3870)
• deps: bumps golang.org/x/net from 0.25.0 to 0.33.0 (#3868)

0.114.0 (January 15th, 2025)

NOTES:

• rulesets: remove http_request_sbfm phase (#3824)
• workers: The placement_mode attribute in script upload responses has been deprecated. The new attribute placement.mode should be used instead. (#3825)

ENHANCEMENTS:

• access_application: added more fields to private destinations (#3829)
• teams_rules: add support for resolve_dns_internally settings on dns_resolver rules (#3779)
• waiting_room: add waiting room turnstile integration fields (#3764)
• workers: Add new placement attribute object in script upload responses. It contains the mode and status attributes. (#3825)

DEPENDENCIES:

• deps: bumps golang.org/x/net from 0.33.0 to 0.34.0 (#3796)
• deps: bumps golang.org/x/time from 0.8.0 to 0.9.0 (#3783)

0.113.0 (January 1st, 2025)

ENHANCEMENTS:

• teams_location: make location parameters optional (#3758)

DEPENDENCIES:

• deps: bumps golang.org/x/net from 0.32.0 to 0.33.0 (#3756)

... (truncated)

Commits

• 1eda786 Update CHANGELOG.md
• 1317436 Update CHANGELOG.md for #4189
• fd41d6b Merge pull request #4189 from GreenStage/aholland/client_secret_version
• 8f93e33 Bump golangci/golangci-lint-action to fix CI errors
• d5bd4b9 Add graceful rotation support for client secrets
• 57714bf Update CHANGELOG.md
• b063df7 generate changelog
• 46140a1 Merge pull request #3870 from cloudflare/dependabot/go_modules/github.com/goc...
• 3abb34b add CHANGELOG for #3870
• c726fce Bump github.com/goccy/go-json from 0.10.4 to 0.10.5
• Additional commits viewable in compare view

Updates github.com/disgoorg/disgo from 0.18.5 to 0.19.3

Release notes

Sourced from github.com/disgoorg/disgo's releases.

v0.19.3

What's Changed

• chore: use separate struct for Invite roles by @​yokkkoso in disgoorg/disgo#522
• remove null-padded from udp conn address by @​iishabakaev in disgoorg/disgo#521
• fix(voice): gateway bail on non-retriable close codes by @​MohmmedAshraf in disgoorg/disgo#523
• fix(voice): add missing voice gateway close event codes by @​kshitijanurag in disgoorg/disgo#524
• feat(message): shared client themes by @​kshitijanurag in disgoorg/disgo#526
• feat: add BaseThemeTypeUnset to BaseThemeType enum by @​kshitijanurag in disgoorg/disgo#527
• feat: guild messages search by @​kshitijanurag in disgoorg/disgo#528
• feat(discord): add FileFormatWebP support to role icon CDN endpoint by @​kshitijanurag in disgoorg/disgo#531
• feat(discord): add LocaleSpanishLATAM by @​kshitijanurag in disgoorg/disgo#532
• feat(rest): add JSON error code 50278 by @​kshitijanurag in disgoorg/disgo#530
• refactor: rename duplicate JSON error code by @​kshitijanurag in disgoorg/disgo#533

New Contributors

• @​iishabakaev made their first contribution in disgoorg/disgo#521
• @​MohmmedAshraf made their first contribution in disgoorg/disgo#523
• @​kshitijanurag made their first contribution in disgoorg/disgo#524

Full Changelog: disgoorg/disgo@v0.19.2...v0.19.3

v0.19.2

What's Changed

• fix(component): update field name from 'value' to 'values' in CheckboxGroupComponent by @​ikafly144 in disgoorg/disgo#517

Full Changelog: disgoorg/disgo@v0.19.1...v0.19.2

v0.19.1

What's Changed

• feat: new RadioGroupComponent, CheckboxGroupComponent & CheckboxComponent by @​topi314 in disgoorg/disgo#510

Full Changelog: disgoorg/disgo@v0.19.0...v0.19.1

v0.19.0

What's Changed

[!NOTE] This release includes support DAVE (E2EE voice) which will be required for all voice connections starting on March 1st 2026. If you need help or found issues with our implementation please reach out to us via GitHub issues/discussions or our support server (see README.md for invite link). For a basic example see: https://github.com/disgoorg/disgo/blob/v0.19.0/_examples/voice/main.go

[!WARNING] This release includes breaking changes. Please review the Breaking Changes section below for details. If you need help migrating please reach out to us via GitHub discussions or our support server (see README.md for invite link).

Added

• Added support for AVIF emojis by @​sebm253 in disgoorg/disgo#456

... (truncated)

Commits

• b764859 refactor: rename duplicate JSON error code (#533)
• 247294c feat(rest): add JSON error code 50278 (#530)
• c6d4d9a feat(discord): add LocaleSpanishLATAM (#532)
• 2fbf502 feat(discord): add FileFormatWebP support to role icon CDN endpoint (#531)
• 4c8775e feat: guild messages search (#528)
• dd3528a enable gosec linter & fix issues
• 9053933 chore: gofumpt
• 6c014ea update actions
• 45163fa gofmt
• d5d4fbe Fix some lints from golangci-lint
• Additional commits viewable in compare view

Updates github.com/fatih/color from 1.18.0 to 1.19.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.19.0

What's Changed

• Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @​dependabot[bot] in fatih/color#246
• Fix for issue #230 set/unsetwriter symmetric wrt color support detection by @​ataypamart in fatih/color#243
• chore: go mod cleanup by @​sashamelentyev in fatih/color#244
• Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @​dependabot[bot] in fatih/color#249
• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot[bot] in fatih/color#248
• Update CI and go deps by @​fatih in fatih/color#254
• Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @​dependabot[bot] in fatih/color#268
• fix: include escape codes in byte counts from Fprint, Fprintf by @​qualidafial in fatih/color#282
• Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @​dependabot[bot] in fatih/color#277
• fix: add nil check for os.Stdout to prevent panic on Windows services by @​majiayu000 in fatih/color#275
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @​dependabot[bot] in fatih/color#259
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in fatih/color#273
• Optimize Color.Equals performance (O(n²) → O(n)) by @​UnSubble in fatih/color#269
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in fatih/color#266

New Contributors

• @​ataypamart made their first contribution in fatih/color#243
• @​sashamelentyev made their first contribution in fatih/color#244
• @​qualidafial made their first contribution in fatih/color#282
• @​majiayu000 made their first contribution in fatih/color#275
• @​UnSubble made their first contribution in fatih/color#269

Full Changelog: fatih/color@v1.18.0...v1.19.0

Commits

• ca25f6e Merge pull request #266 from fatih/dependabot/github_actions/actions/setup-go-6
• 1205984 Bump actions/setup-go from 5 to 6
• 5715c20 Merge pull request #269 from UnSubble/main
• 2f6e200 Merge branch 'main' into main
• f72ec94 Merge pull request #273 from fatih/dependabot/github_actions/actions/checkout-6
• 848e633 Merge branch 'main' into main
• 4c2cd34 Add tests
• 7f812f0 Bump actions/checkout from 4 to 6
• b7fc9f9 Merge pull request #259 from fatih/dependabot/github_actions/dominikh/staticc...
• 239a88f Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.19.1

What's Changed

• v5: plumbing: transport/ssh, Shell-quote path by @​hiddeco in go-git/go-git#2068
• v5: git: submodule, Fix relative URL resolution by @​hiddeco in go-git/go-git#2070
• v5: git: submodule, canonical remote for relative URLs by @​hiddeco in go-git/go-git#2074
• v5: git: submodule, error on remote without URLs by @​hiddeco in go-git/go-git#2078
• v5: plumbing: format/idxfile, Validate offset64 indices by @​hiddeco in go-git/go-git#2084
• v5: *: Reject malformed variable-length integers by @​hiddeco in go-git/go-git#2092
• v5: plumbing: format/packfile, Tighten delta validation by @​hiddeco in go-git/go-git#2091
• v5: Add worktreeFilesystem wrapper for worktree and hardening by @​hiddeco in go-git/go-git#2100
• v5: config: validate submodule names by @​hiddeco in go-git/go-git#2082
• build: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#2111
• v5: git: Allow MkdirAll on worktree-root paths by @​hiddeco in go-git/go-git#2117
• v5: git: Stop validating symlink target paths by @​pjbgf in go-git/go-git#2116
• v5: plumbing: format decoder input bounds and contracts by @​hiddeco in go-git/go-git#2125
• plumbing: format/packfile, cap delta chain depth in parser by @​pjbgf in go-git/go-git#2137

Full Changelog: go-git/go-git@v5.19.0...v5.19.1

Commits

• 3c3be60 Merge pull request #2137 from go-git/validate-v5
• 3fba897 plumbing: format/packfile, cap delta chain depth in parser
• a97d660 Merge pull request #2125 from hiddeco/v5/format-input-bounds
• aeaa125 plumbing: format/objfile, require Header before Read
• 1f38e17 plumbing: format/packfile, bound inflate size
• f7545a0 plumbing: format/idxfile, bound nr by file size
• 170b881 Merge pull request #2116 from pjbgf/symlink-v5
• 7b6d994 Merge pull request #2117 from hiddeco/v5/worktree-fs-mkdirall-root-noop
• f0709b3 git: Stop validating symlink target paths
• 776d00f git: Allow MkdirAll on worktree-root paths
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.38.2 to 1.41.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.41.0

No release notes provided.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

v1.39.1

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v1.39.0

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

v1.38.3

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.41.0

Features

Add BeASlice and BeAnArray matchers

Fixes

Object formatting now detects pointer cycles to avoid runaway formatting output.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

Commits

[github-actions]

Semgrep Scan Results

Repository: api | Commit: cf2e75a

Check	Status	Details
⚠️ Semgrep	Warning	10 warning(s), 10 total

Scanned at 2026-05-19 02:42 UTC

[github-actions]

Security Scan Results

Repository: api | Commit: cf2e75a

Check	Status	Details
🚨 Secret Scan	SECRETS FOUND	1 potential secret(s) detected
✅ Dependencies (Trivy)	Pass	0 total (no critical/high)
✅ Dependencies (Grype)	Pass	0 total (no critical/high)
📦 SBOM	Generated	527 components (CycloneDX)

Scanned at 2026-05-19 02:42 UTC

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml