Bump the go-dependencies group across 1 directory with 13 updates

[dependabot]

Bumps the go-dependencies group with 10 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2	1.39.0	1.39.2
github.com/aws/aws-sdk-go-v2/config	1.31.8	1.31.12
github.com/aws/aws-sdk-go-v2/service/cognitoidentity	1.33.4	1.33.6
github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider	1.57.5	1.57.7
github.com/aws/aws-sdk-go-v2/service/ecr	1.50.3	1.50.5
github.com/aws/aws-sdk-go-v2/service/signer	1.31.4	1.31.6
github.com/charmbracelet/fang	0.4.2	0.4.3
github.com/skpr/api	1.0.0	1.2.0
golang.org/x/crypto	0.42.0	0.43.0
golang.org/x/oauth2	0.31.0	0.32.0

Updates github.com/aws/aws-sdk-go-v2 from 1.39.0 to 1.39.2

Commits

• 67db690 Release 2025-09-26
• 32ee1b5 Regenerated Clients
• 0b43122 Update endpoints model
• 44786d9 Update API model
• c98edb7 update internal endpts comment that was wrong (#3194)
• 88da3c8 Release 2025-09-25
• 74a74fc Regenerated Clients
• 5e6f7ae Update endpoints model
• 0e722ab Update API model
• 41a7d00 Release 2025-09-24
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.31.8 to 1.31.12

Commits

• 4f599a5 Release 2025-09-29
• c32a7a8 Regenerated Clients
• 18a065d Update endpoints model
• af534aa Update API model
• 67db690 Release 2025-09-26
• 32ee1b5 Regenerated Clients
• 0b43122 Update endpoints model
• 44786d9 Update API model
• c98edb7 update internal endpts comment that was wrong (#3194)
• 88da3c8 Release 2025-09-25
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.18.12 to 1.18.16

Commits

• 18bff5e Release 2023-03-10
• cca7003 Regenerated Clients
• 87bde6f Update endpoints model
• 361bd48 Update API model
• 61d474d Fix staticcheck linter warnings (#2044)
• 59a58ae Release 2023-03-09
• aa1d8ae Regenerated Clients
• 3441f5f Update endpoints model
• 826cc36 Update API model
• 5799416 Release 2023-03-08
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cognitoidentity from 1.33.4 to 1.33.6

Commits

• 61ed638 Release 2024-06-03
• 7aa6c91 Regenerated Clients
• 69b45ee Update endpoints model
• 3f8909d Update API model
• e3c589f add missing deprecation docs on global EndpointResolver interfaces (#2665)
• 4d3e8fd fix s3 expected bucket owner presigning (#2662)
• 75ab304 Release 2024-05-31
• 3e8a5ac Regenerated Clients
• 961e44f Update API model
• 5edcd29 Release 2024-05-30
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider from 1.57.5 to 1.57.7

Commits

• 70e9f3d Release 2025-09-10
• e620ecb Regenerated Clients
• b412203 Update endpoints model
• 89f42ef Update API model
• d71b109 Bump smithy go version to allow unused required parameter in endpoint rule se...
• f68827f Release 2025-09-09
• d1748bf Regenerated Clients
• 00307c0 Update endpoints model
• 424be93 Update API model
• 648027e Release 2025-09-08
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.50.3 to 1.50.5

Commits

• 67db690 Release 2025-09-26
• 32ee1b5 Regenerated Clients
• 0b43122 Update endpoints model
• 44786d9 Update API model
• c98edb7 update internal endpts comment that was wrong (#3194)
• 88da3c8 Release 2025-09-25
• 74a74fc Regenerated Clients
• 5e6f7ae Update endpoints model
• 0e722ab Update API model
• 41a7d00 Release 2025-09-24
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/signer from 1.31.4 to 1.31.6

Commits

• 640b808 Release 2025-08-29
• 657a6e8 Regenerated Clients
• 34a91bb Update partitions file
• 09f5a9c Update endpoints model
• fff96ca Update API model
• d46f566 deprecate service/sms (#3176)
• de16d4d Release 2025-08-28
• d6b83a8 Regenerated Clients
• b0f9cb7 Update API model
• See full diff in compare view

Updates github.com/charmbracelet/fang from 0.4.2 to 0.4.3

Release notes

Sourced from github.com/charmbracelet/fang's releases.

v0.4.3

Changelog

Bug fixes

• 87643980480f2e44fe4c50d6bda544e4d46e178b: fix: check term inside default error handler (#77) (@​caarlos0)
• c3d013dfba6a664bdd97f90a890efe35fa7799b2: fix: preserve multiline formatting in flag descriptions (#71) (@​caarlos0)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

• 8764398 fix: check term inside default error handler (#77)
• c3d013d fix: preserve multiline formatting in flag descriptions (#71)
• See full diff in compare view

Updates github.com/skpr/api from 1.0.0 to 1.2.0

Release notes

Sourced from github.com/skpr/api's releases.

v1.2.0

What's Changed

• Rename Compass service to Trace by @​nickschuch in skpr/api#32

Full Changelog: skpr/api@v1.1.5...v1.2.0

v1.1.5

Full Changelog: skpr/api@v1.1.4...v1.1.5

v1.1.4

What's Changed

• Stream Compass Traces by @​nickschuch in skpr/api#30
• Update Compass mock by @​nickschuch in skpr/api#31
• Bump the go-dependencies group across 1 directory with 2 updates by @​dependabot[bot] in skpr/api#29

Full Changelog: skpr/api@v1.1.3...v1.1.4

v1.1.3

What's Changed

• Improved backup/restore mock by @​nterbogt in skpr/api#26
• Resource summary from enviroments by @​nterbogt in skpr/api#27

Full Changelog: skpr/api@v1.1.2...v1.1.3

v1.1.2

Full Changelog: skpr/api@v1.1.1...v1.1.2

v1.1.1

What's Changed

• Projects modelled by @​nterbogt in skpr/api#24
• Config delete overridden by @​nterbogt in skpr/api#25
• Build system for container by @​nterbogt in skpr/api#23

Full Changelog: skpr/api@v1.1.0...v1.1.1

v1.1.0

What's Changed

• Adds List and updates Get project RPCs by @​nickschuch in skpr/api#1
• Adds environment resources by @​nickschuch in skpr/api#2
• Metrics by @​nickschuch in skpr/api#3
• New service: events by @​nickschuch in skpr/api#4
• Adds Compass by @​nickschuch in skpr/api#5
• Implemented Version API and enabled gRPC reflection on the mock API by @​nterbogt in skpr/api#6
• Golangci-lint action by @​nterbogt in skpr/api#7
• Cron endpoint by @​nterbogt in skpr/api#8
• Events endpoint by @​nterbogt in skpr/api#9
• Better state modelling by @​nterbogt in skpr/api#10

... (truncated)

Commits

• e3d55e0 Rename Compass service to Trace (#32)
• ed2d06c Adds method to Compass mock
• 469cbdb Bump the go-dependencies group across 1 directory with 2 updates (#29)
• e29a27f Update Compass mock (#31)
• 91f9675 Stream Compass Traces (#30)
• c8cce27 Total up the environment resources to the project (#27)
• 8c35eb0 Improve backup and restore functionality for failed and restoring backups acr...
• 02fb79d Use goreleaser github-native for release notes
• b04d3f0 Build system for container (#23)
• fd48720 Restore system config if delete overridden (#25)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.42.0 to 0.43.0

Commits

• 627cb89 go.mod: update golang.org/x dependencies
• dca4914 acme: fix autocert TestHTTPHandlerDefaultFallback
• 1336e21 x509roots/fallback: update bundle
• 2beaa59 ssh: add VerifiedPublicKeyCallback
• 66c3d8c ssh: add support for FIPS mode
• ddb4e80 ssh: remove custom contains, use slices.Contains
• f4d47b0 ssh: return clearer error when signature algorithm is used as key format
• 96dc232 x509roots/fallback/bundle: add bundle package to export root certs
• 8c9ba31 all: freeze and deprecate more packages
• 559e062 ssh/agent: return an error for unexpected message types
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.31.0 to 0.32.0

Commits

• 792c877 oauth2: use strings.Builder instead of bytes.Buffer
• See full diff in compare view

Updates golang.org/x/term from 0.35.0 to 0.36.0

Commits

• 3a0828a go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates google.golang.org/grpc from 1.58.3 to 1.75.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.75.0

Behavior Changes

• xds: Remove support for GRPC_EXPERIMENTAL_XDS_FALLBACK environment variable. Fallback support can no longer be disabled. (#8482)
• stats: Introduce DelayedPickComplete event, a type alias of PickerUpdated. (#8465)
  • This (combined) event will now be emitted only once per call, when a transport is successfully selected for the attempt.
  • OpenTelemetry metrics will no longer have multiple "Delayed LB pick complete" events in Go, matching other gRPC languages.
  • A future release will delete the PickerUpdated symbol.
• credentials: Properly apply grpc.WithAuthority as the highest-priority option for setting authority, above the setting in the credentials themselves. (#8488)
  • Now that this WithAuthority is available, the credentials should not be used to override the authority.
• round_robin: Randomize the order in which addresses are connected to in order to spread out initial RPC load between clients. (#8438)
• server: Return status code INTERNAL when a client sends more than one request in unary and server streaming RPC. (#8385)
  • This is a behavior change but also a bug fix to bring gRPC-Go in line with the gRPC spec.

New Features

• dns: Add an environment variable (GRPC_ENABLE_TXT_SERVICE_CONFIG) to provide a way to disable TXT lookups in the DNS resolver (by setting it to false). By default, TXT lookups are enabled, as they were previously. (#8377)

Bug Fixes

• xds: Fix regression preventing empty node IDs in xDS bootstrap configuration. (#8476)
  • Special Thanks: @​davinci26
• xds: Fix possible panic when certain invalid resources are encountered. (#8412)
  • Special Thanks: @​wooffie
• xdsclient: Fix a rare panic caused by processing a response from a closed server. (#8389)
• stats: Fix metric unit formatting by enclosing non-standard units like call and endpoint in curly braces to comply with UCUM and gRPC OpenTelemetry guidelines. (#8481)
• xds: Fix possible panic when clusters are removed from the xds configuration. (#8428)
• xdsclient: Fix a race causing "resource doesn not exist" when rapidly subscribing and unsubscribing to the same resource. (#8369)
• client: When determining the authority, properly percent-encode (if needed, which is unlikely) when the target string omits the hostname and only specifies a port (grpc.NewClient(":<port-number-or-name>")). (#8488)

Release 1.74.3

Bug Fixes

• xds: Fix a regression preventing empty node IDs in the bootstrap configuration. (#8476 , #8483)
• xdsclient: Fix a data race caused while reporting load to LRS. (#8483)
• server: Fix a regression preventing streams from being cancelled or timed out when blocked on flow control. (#8528)

Release 1.74.2

New Features

• grpc: introduce new DialOptions and ServerOptions (WithStaticStreamWindowSize, WithStaticConnWindowSize, StaticStreamWindowSize, StaticConnWindowSize) that force fixed window sizes for all HTTP/2 connections. By default, gRPC uses dynamic sizing of these windows based upon a BDP estimation algorithm. The existing options (WithInitialWindowSize, etc) also disable BDP estimation, but this behavior will be changed in a following release. (#8283)

API Changes

• balancer: add ExitIdle method to Balancer interface. Earlier, implementing this method was optional. (#8367)

Behavior Changes

• xds: Remove the GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST environment variable that allows disabling the least request balancer with xDS. Least request was made available by default with xDS in v1.72.0. (#8248)
  • Special Thanks: @​atollena

... (truncated)

Commits

• b9788ef Change version to 1.75.0 (#8493)
• 2bd74b2 credentials: fix behavior of grpc.WithAuthority and credential handshake prec...
• 9fa3267 xds: remove xds client fallback environment variable (#8482)
• 62ec29f grpc: Fix cardinality violations in non-client streaming RPCs. (#8385)
• 85240a5 stats: change non-standard units to annotations (#8481)
• ac13172 update deps (#8478)
• 0a895bc examples/opentelemetry: use experimental metrics in example (#8441)
• 8b61e8f xdsclient: do not process updates from closed server channels (#8389)
• 7238ab1 Allow empty nodeID (#8476)
• 9186ebd cleanup: use slices.Equal to simplify code (#8472)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions