Bump the go-dependencies group across 1 directory with 15 updates

[dependabot]

Bumps the go-dependencies group with 12 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2	1.38.2	1.38.3
github.com/aws/aws-sdk-go-v2/config	1.31.5	1.31.6
github.com/aws/aws-sdk-go-v2/service/cognitoidentity	1.33.1	1.33.2
github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider	1.57.2	1.57.3
github.com/aws/aws-sdk-go-v2/service/ecr	1.50.0	1.50.1
github.com/aws/aws-sdk-go-v2/service/signer	1.31.1	1.31.2
github.com/charmbracelet/fang	0.3.0	0.4.0
github.com/skpr/api	1.0.0	1.1.3
github.com/spf13/cobra	1.9.1	1.10.1
golang.org/x/oauth2	0.30.0	0.31.0
golang.org/x/sync	0.16.0	0.17.0
golang.org/x/term	0.34.0	0.35.0

Updates github.com/aws/aws-sdk-go-v2 from 1.38.2 to 1.38.3

Commits

• 640b808 Release 2025-08-29
• 657a6e8 Regenerated Clients
• 34a91bb Update partitions file
• 09f5a9c Update endpoints model
• fff96ca Update API model
• d46f566 deprecate service/sms (#3176)
• de16d4d Release 2025-08-28
• d6b83a8 Regenerated Clients
• b0f9cb7 Update API model
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.31.5 to 1.31.6

Commits

• 640b808 Release 2025-08-29
• 657a6e8 Regenerated Clients
• 34a91bb Update partitions file
• 09f5a9c Update endpoints model
• fff96ca Update API model
• d46f566 deprecate service/sms (#3176)
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.18.9 to 1.18.10

Commits

• 2b422c0 Release 2023-01-25
• 9fbc0e4 Regenerated Clients
• 31a07a9 Update endpoints model
• 7d42dcb Update API model
• 2e90d54 fix misleading timestamp value from tests and lint issues (#1994)
• 1f6df4a Release 2023-01-24
• e4e52ef Regenerated Clients
• b300bd3 Update endpoints model
• 8157d89 Update API model
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cognitoidentity from 1.33.1 to 1.33.2

Commits

• 640b808 Release 2025-08-29
• 657a6e8 Regenerated Clients
• 34a91bb Update partitions file
• 09f5a9c Update endpoints model
• fff96ca Update API model
• d46f566 deprecate service/sms (#3176)
• de16d4d Release 2025-08-28
• d6b83a8 Regenerated Clients
• b0f9cb7 Update API model
• 8225491 Release 2025-08-27
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider from 1.57.2 to 1.57.3

Commits

• 4344501 Release 2025-06-06
• 20a068e Regenerated Clients
• d8fdf86 Update endpoints model
• 73f0a46 Update API model
• 8238069 Release 2025-06-05
• 80bbf28 Regenerated Clients
• a209c7a Update endpoints model
• f882ffa Update API model
• 6d549a5 add sep-based query-compatible tests for both jsonrpc10 and rpcv2cbor (#3106)
• f82629c Release 2025-06-04
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.50.0 to 1.50.1

Commits

• 7cb105f Release 2024-02-19
• 7f9c4d2 Regenerated Clients
• a60d4b2 Update API model
• be0accd fix: panic due to potentially uncomparable wrapped fn in express_resolve (#2500)
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/signer from 1.31.1 to 1.31.2

Commits

• ba4ee4d Release 2025-08-21
• 40e3d87 Regenerated Clients
• b2be019 Update partitions file
• dece4e7 Update endpoints model
• 294af19 Update API model
• 0df860a changelog
• df2bca2 feature(s3/manager): add option to control default checksums (#3151)
• See full diff in compare view

Updates github.com/charmbracelet/fang from 0.3.0 to 0.4.0

Release notes

Sourced from github.com/charmbracelet/fang's releases.

v0.4.0

Changelog

New Features

• 58492d951ff03f9a0283421a319d0ec1f7e300f4: feat: handle redirects in examples (#59) (@​caarlos0)

Bug fixes

• d27cfc4cc5f4a894d9b413d11681aec2371b2839: fix: command alias styling (#69) (@​caarlos0)
• 71315377d789de37e60f54e4eec9e99300faf159: fix: spacing in help for default value (#63) (@​Ahhhh-man)
• 0275935c4ac46fd6bb6508b40800b15b52267371: fix: use u0020 (#58) (@​caarlos0)

Other work

• 6c05a2b341cce51e78d3a69c8b7a290a9b7f4e3b: ci: sync golangci-lint config (#68) (@​github-actions[bot])

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, Discord, Slack, The Fediverse.

Commits

• 008e912 chore: go mod tidy
• d27cfc4 fix: command alias styling (#69)
• 7131537 fix: spacing in help for default value (#63)
• 6c05a2b ci: sync golangci-lint config (#68)
• d5ebb8c chore(deps): use lipgloss@v2.0.0-beta.3
• 58492d9 feat: handle redirects in examples (#59)
• 3d716d2 chore(deps): update lipgloss
• 0275935 fix: use u0020 (#58)
• See full diff in compare view

Updates github.com/charmbracelet/lipgloss/v2 from 2.0.0-beta.2 to 2.0.0-beta.3

Release notes

Sourced from github.com/charmbracelet/lipgloss/v2's releases.

v2.0.0-beta.3

Padding, Schmadding

This new beta release reverts back to a major change when it comes to using regular spacing for padding. We found that using NBSP \u00a0 causes more problems than it solves. Things like simply copying the output from the terminal and then paste it back wouldn't work if NBSPs exist in a command.

To solve this, we've added style.PaddingChar(rune) and style.MarginChar(rune) to customize the characters used in padding and margins respectively.

Changelog

New Features

• d2233fa4e442ada229f1e43d8ede567f13f4e3fd: feat: add padding and margin character support (@​aymanbagabas)
• 045a87bf1420980d804387189c44d7b52a7b9047: feat: add padding and margin character support (#546) (@​aymanbagabas)

Bug fixes

• 99fc0ff4a68cbaec13ea1d4eac8b554b68acff34: fix: correct nbsp codepoint (@​aymanbagabas)
• 8e1c474f8a7182d0653ab63ab32e285b76b37215: fix: ensure we strip out \r\n from strings when getting lines (@​aymanbagabas)
• 4cb83b582065b1ff3939d963705fe9801f2edd8d: fix: make padding char a style prop (@​caarlos0)
• 07cadaec27499b6d61e51c60792e0e3642b3a9e7: fix: revert back to regular space (@​caarlos0)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

Commits

• a391435 chore: retract v2.0.0-beta1
• 045a87b feat: add padding and margin character support (#546)
• 99fc0ff fix: correct nbsp codepoint
• d2233fa feat: add padding and margin character support
• 833324a chore: godoc fix
• 4cb83b5 fix: make padding char a style prop
• 07cadae fix: revert back to regular space
• 8e1c474 fix: ensure we strip out \r\n from strings when getting lines
• See full diff in compare view

Updates github.com/skpr/api from 1.0.0 to 1.1.3

Release notes

Sourced from github.com/skpr/api's releases.

v1.1.3

What's Changed

• Improved backup/restore mock by @​nterbogt in skpr/api#26
• Resource summary from enviroments by @​nterbogt in skpr/api#27

Full Changelog: skpr/api@v1.1.2...v1.1.3

v1.1.2

Full Changelog: skpr/api@v1.1.1...v1.1.2

v1.1.1

What's Changed

• Projects modelled by @​nterbogt in skpr/api#24
• Config delete overridden by @​nterbogt in skpr/api#25
• Build system for container by @​nterbogt in skpr/api#23

Full Changelog: skpr/api@v1.1.0...v1.1.1

v1.1.0

What's Changed

• Adds List and updates Get project RPCs by @​nickschuch in skpr/api#1
• Adds environment resources by @​nickschuch in skpr/api#2
• Metrics by @​nickschuch in skpr/api#3
• New service: events by @​nickschuch in skpr/api#4
• Adds Compass by @​nickschuch in skpr/api#5
• Implemented Version API and enabled gRPC reflection on the mock API by @​nterbogt in skpr/api#6
• Golangci-lint action by @​nterbogt in skpr/api#7
• Cron endpoint by @​nterbogt in skpr/api#8
• Events endpoint by @​nterbogt in skpr/api#9
• Better state modelling by @​nterbogt in skpr/api#10
• Responsive cron by @​nterbogt in skpr/api#11
• Dependabot by @​nterbogt in skpr/api#13
• Bump google.golang.org/protobuf from 1.36.6 to 1.36.7 in the go-dependencies group by @​dependabot[bot] in skpr/api#14
• Purge endpoint by @​nterbogt in skpr/api#12
• Backup and Config endpoint by @​nterbogt in skpr/api#15
• Restore endpoint by @​nterbogt in skpr/api#16
• Mysql endpoint for list by @​nterbogt in skpr/api#18
• Metrics and Log stream endpoint by @​nterbogt in skpr/api#17
• Config add by @​nterbogt in skpr/api#20
• Updating the spacing in line with protolint by @​nterbogt in skpr/api#21
• Removing unused project apis by @​nterbogt in skpr/api#22
• Bump the go-dependencies group with 3 updates by @​dependabot[bot] in skpr/api#19

New Contributors

• @​nickschuch made their first contribution in skpr/api#1
• @​nterbogt made their first contribution in skpr/api#6
• @​dependabot[bot] made their first contribution in skpr/api#14

Full Changelog: skpr/api@v1.0.0...v1.1.0

... (truncated)

Commits

• c8cce27 Total up the environment resources to the project (#27)
• 8c35eb0 Improve backup and restore functionality for failed and restoring backups acr...
• 02fb79d Use goreleaser github-native for release notes
• b04d3f0 Build system for container (#23)
• fd48720 Restore system config if delete overridden (#25)
• 9ee9bce Better testing data
• 3daa15e Bumping up the base numbers
• b765445 Projects modelled (#24)
• 201f238 Bump the go-dependencies group with 3 updates (#19)
• 1a064be Removing no longer used project apis (#22)
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.9.1 to 1.10.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.1

🐛 Fix

• chore: upgrade pflags v1.0.9 by @​jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

• Bump pflag to 1.0.8 by @​tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

• If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
• or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

More details can be found here: spf13/cobra#2303

✨ Features

• Flow context to command in SetHelpFunc by @​Frassle in spf13/cobra#2241
• The default ShellCompDirective can be customized for a command and its subcommands by @​albers in spf13/cobra#2238

🐛 Fix

• Upgrade golangci-lint to v2, address findings by @​scop in spf13/cobra#2279

🪠 Testing

• Test with Go 1.24 by @​harryzcy in spf13/cobra#2236
• chore: Rm GitHub Action PR size labeler by @​jpmcb in spf13/cobra#2256

📝 Docs

• Remove traling curlybrace by @​yedayak in spf13/cobra#2237
• Update command.go by @​styee in spf13/cobra#2248
• feat: Add security policy by @​jpmcb in spf13/cobra#2253
• Update Readme (Warp) by @​ericdachen in spf13/cobra#2267
• Add Periscope to the list of projects using Cobra by @​anishathalye in spf13/cobra#2299

New Contributors

• @​harryzcy made their first contribution in spf13/cobra#2236
• @​yedayak made their first contribution in spf13/cobra#2237
• @​Frassle made their first contribution in spf13/cobra#2241

... (truncated)

Commits

• 7da941c chore: Bump pflag to v1.0.9 (#2305)
• 51d6751 Bump pflag to 1.0.8 (#2303)
• 3f3b818 Update README.md with new logo
• dcaf42e Add Periscope to the list of projects using Cobra (#2299)
• 6dec1ae The default ShellCompDirective can be customized for a command and its subcom...
• c8289c1 chore(golangci-lint): add some exclusion presets
• 4af7b64 refactor: apply golangci-lint autofixes, work around false positives
• 75790e4 chore(golangci-lint): upgrade to v2
• db3ddb5 Adding sponsorship to README.md
• 67171d6 putting sponsorship below header
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.30.0 to 0.31.0

Commits

• 014cf77 all: upgrade go directive to at least 1.24.0 [generated]
• 3c76ce5 endpoints: correct Naver OAuth2 endpoint URLs
• See full diff in compare view

Updates golang.org/x/sync from 0.16.0 to 0.17.0

Commits

• 04914c2 all: upgrade go directive to at least 1.24.0 [generated]
• See full diff in compare view

Updates golang.org/x/term from 0.34.0 to 0.35.0

Commits

• 1a11b45 go.mod: update golang.org/x dependencies
• d862cd5 all: upgrade go directive to at least 1.24.0 [generated]
• See full diff in compare view

Updates google.golang.org/grpc from 1.66.0 to 1.75.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.75.0

Behavior Changes

• xds: Remove support for GRPC_EXPERIMENTAL_XDS_FALLBACK environment variable. Fallback support can no longer be disabled. (#8482)
• stats: Introduce DelayedPickComplete event, a type alias of PickerUpdated. (#8465)
  • This (combined) event will now be emitted only once per call, when a transport is successfully selected for the attempt.
  • OpenTelemetry metrics will no longer have multiple "Delayed LB pick complete" events in Go, matching other gRPC languages.
  • A future release will delete the PickerUpdated symbol.
• credentials: Properly apply grpc.WithAuthority as the highest-priority option for setting authority, above the setting in the credentials themselves. (#8488)
  • Now that this WithAuthority is available, the credentials should not be used to override the authority.
• round_robin: Randomize the order in which addresses are connected to in order to spread out initial RPC load between clients. (#8438)
• server: Return status code INTERNAL when a client sends more than one request in unary and server streaming RPC. (#8385)
  • This is a behavior change but also a bug fix to bring gRPC-Go in line with the gRPC spec.

New Features

• dns: Add an environment variable (GRPC_ENABLE_TXT_SERVICE_CONFIG) to provide a way to disable TXT lookups in the DNS resolver (by setting it to false). By default, TXT lookups are enabled, as they were previously. (#8377)

Bug Fixes

• xds: Fix regression preventing empty node IDs in xDS bootstrap configuration. (#8476)
  • Special Thanks: @​davinci26
• xds: Fix possible panic when certain invalid resources are encountered. (#8412)
  • Special Thanks: @​wooffie
• xdsclient: Fix a rare panic caused by processing a response from a closed server. (#8389)
• stats: Fix metric unit formatting by enclosing non-standard units like call and endpoint in curly braces to comply with UCUM and gRPC OpenTelemetry guidelines. (#8481)
• xds: Fix possible panic when clusters are removed from the xds configuration. (#8428)
• xdsclient: Fix a race causing "resource doesn not exist" when rapidly subscribing and unsubscribing to the same resource. (#8369)
• client: When determining the authority, properly percent-encode (if needed, which is unlikely) when the target string omits the hostname and only specifies a port (grpc.NewClient(":<port-number-or-name>")). (#8488)

Release 1.74.2

New Features

• grpc: introduce new DialOptions and ServerOptions (WithStaticStreamWindowSize, WithStaticConnWindowSize, StaticStreamWindowSize, StaticConnWindowSize) that force fixed window sizes for all HTTP/2 connections. By default, gRPC uses dynamic sizing of these windows based upon a BDP estimation algorithm. The existing options (WithInitialWindowSize, etc) also disable BDP estimation, but this behavior will be changed in a following release. (#8283)

API Changes

• balancer: add ExitIdle method to Balancer interface. Earlier, implementing this method was optional. (#8367)

Behavior Changes

• xds: Remove the GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST environment variable that allows disabling the least request balancer with xDS. Least request was made available by default with xDS in v1.72.0. (#8248)
  • Special Thanks: @​atollena
• server: allow 0s grpc-timeout header values, which older gRPC-Java versions could send. This restores the behavior of grpc-go before v1.73.0. (#8439)

Bug Fixes

• googledirectpath: avoid logging the error message Attempt to set a bootstrap configuration... when creating multiple directpath channels. (#8419)

Performance Improvements

... (truncated)

Commits

• b9788ef Change version to 1.75.0 (#8493)
• 2bd74b2 credentials: fix behavior of grpc.WithAuthority and credential handshake prec...
• 9fa3267 xds: remove xds client fallback environment variable (#8482)
• 62ec29f grpc: Fix cardinality violations in non-client streaming RPCs. (#8385)
• 85240a5 stats: change non-standard units to annotations (#8481)
• ac13172 update deps (#8478)
• 0a895bc examples/opentelemetry: use experimental metrics in example (#8441)
• 8b61e8f xdsclient: do not process updates from closed server channels (#8389)
• 7238ab1 Allow empty nodeID (#8476)
• 9186ebd cleanup: use slices.Equal to simplify code (#8472)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions