gomod(deps): Bump the go-deps group with 4 updates

[dependabot]

Bumps the go-deps group with 4 updates: charm.land/bubbletea/v2, github.com/charmbracelet/x/ansi, github.com/containerd/containerd/v2 and github.com/posthog/posthog-go.

Updates charm.land/bubbletea/v2 from 2.0.2 to 2.0.6

Release notes

Sourced from charm.land/bubbletea/v2's releases.

v2.0.6

Changelog

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.5

Changelog

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.4

Changelog

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.3

Extra Extra Extended Keyboard Enhancements!

This release adds support for the full set of Keyboard Enhancements. Now you can enable any enhancements on top of the default disambiguate one.

func (m model) View() tea.View {
  var v tea.View
  v.KeyboardEnhancements.ReportAlternateKeys = true
  v.KeyboardEnhancements.ReportAllKeysAsEscapeCodes = true
  return v
}

Smarter Renderer

We also fixed a few renderer related bugs and made the Cursed Renderer smarter. Now, we always reset the terminal tab stops for the Bubble Tea program process context. People using tabs -N in their shell profiles shouldn't be affected.

See the full changelog below.

Changelog

New!

• 05df5aecf81f67ba8dd312367246bc1c9465adfa: feat: support extended keyboard enhancements (#1626) (@​aymanbagabas)

... (truncated)

Commits

• fdcd0cf chore: bump ultraviolet to 489999b90468 to fix a wide char issue
• 1ed724a chore: bump ultraviolet to v0.0.0-20260413211237-bd52878bcec2
• c8aaaba chore(examples): update lipgloss to v2.0.3
• c788fe9 chore: bump x/ansi to v0.11.7 to fix a width calculation bug
• 2e0dc62 chore(examples): views: change KeyMsg to KeyPressMsg in Update function (#1611)
• d1ec982 chore(tests): update testdata
• 48acc33 chore: bump ultraviolet to v0.0.0-20260413133134-73592393e1ad
• ac355fe fix(renderer): restore tab stops if hard tabs are enabled (#1677)
• d81b6b6 chore(examples): update dependencies and remove go-isatty
• 7a2ea6e chore(deps): bump golang.org/x/sys in the all group (#1676)
• Additional commits viewable in compare view

Updates github.com/charmbracelet/x/ansi from 0.11.6 to 0.11.7

Commits

• 6921c75 fix(ansi): width: always use grapheme finder for width calculation
• 266cf5a chore(deps): bump the all group across 1 directory with 2 updates (#836)
• ad0b1ae chore(scripts): update builds script to use codecov v6 and dependabot/fetch-m...
• b18aac2 chore(deps): bump golang.org/x/image in /vttest in the all group (#840)
• ffd2a07 chore(deps): bump golang.org/x/image in /mosaic in the all group (#839)
• 7664402 chore(deps): bump golang.org/x/sys in /input in the all group (#833)
• 44f725f chore(deps): bump github.com/mattn/go-runewidth (#838)
• ac9fd4b chore(deps): bump github.com/mattn/go-runewidth (#837)
• e969fb5 chore(deps): bump golang.org/x/sys in /termios in the all group (#828)
• acb1aa7 chore(deps): bump golang.org/x/crypto in /sshkey in the all group (#835)
• Additional commits viewable in compare view

Updates github.com/containerd/containerd/v2 from 2.2.2 to 2.2.3

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.2.3

Welcome to the v2.2.3 release of containerd!

The third patch release for containerd 2.2 contains various fixes and updates including a security patch.

Security Updates

• spdystream
  • CVE-2026-35469

Highlights

Container Runtime Interface (CRI)

• Preserve cgroup mount options for privileged containers (#13120)
• Ensure UpdatePodSandbox returns Unimplemented instead of a generic error (#13023)

Go client

• Handle absolute symlinks in rootfs user lookup to fix regressions when using Go 1.24 (#13015)

Image Distribution

• Enable mount manager in diff walking to fix layer extraction errors with some snapshotters (e.g., EROFS) (#13198)
• Apply hardening to prevent TOCTOU race during tar extraction (#12971)

Runtime

• Restore support for client-mounted roots in Windows containers using process isolation (#13195)
• Update runc to v1.3.5 (#13061)
• Apply absolute symlink resolution to /etc/group in OCI spec to fix lookups on NixOS-style systems (#13019)
• Handle absolute symlinks in rootfs user lookup to fix regressions when using Go 1.24 (#13015)

Snapshotters

• Fix bug that caused whiteouts to be ignored when parallel unpack was used (#13125)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Sebastiaan van Stijn
• Maksym Pavlenko
• Chris Henzie
• Derek McGowan
• Paulo Oliveira
• Henry Wang

... (truncated)

Commits

• 77c8424 Merge pull request #13224 from samuelkarp/prepare-release-2.2.3
• 8a0f4ed Prepare release notes for v2.2.3
• 1383828 Merge pull request #13217 from samuelkarp/update-spdystream-2.2
• 31bd34a update github.com/moby/spdystream v0.5.1
• d2c2fc3 Merge pull request #13197 from thaJeztah/2.2_bump_compress
• 6b3c2de Merge pull request #13198 from k8s-infra-cherrypick-robot/cherry-pick-13186-t...
• 409f75b diff/walking: enable mount manager
• 1336f6c vendor: github.com/klauspost/compress v1.18.5
• 33e9334 Merge pull request #13195 from thaJeztah/2.2_bump_runhcs
• 0d85aef Merge pull request #13196 from thaJeztah/2.2_bump_hcsshim
• Additional commits viewable in compare view

Updates github.com/posthog/posthog-go from 1.11.2 to 1.11.3

Release notes

Sourced from github.com/posthog/posthog-go's releases.

v1.11.3

1.11.3 - 2026-04-14

• Full Changelog

• Added locally_evaluated property to $feature_flag_called events, indicating whether the flag was evaluated locally or via the remote /flags endpoint.

Changelog

Sourced from github.com/posthog/posthog-go's changelog.

1.11.3 - 2026-04-14

• Full Changelog

• Added locally_evaluated property to $feature_flag_called events, indicating whether the flag was evaluated locally or via the remote /flags endpoint.

Commits

• 0da2e52 chore: bump version to 1.11.3 [version bump]
• e545f21 feat: add locally_evaluated property to $feature_flag_called (#176)
• 5cdecbe chore: add GitHub community health files (#177)
• 158fd47 chore: add stale workflow for issues and PRs (#175)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[jedevc]

Reviewed-by: Justin Chadwell justin@unikraft.com
Approved-by: Justin Chadwell justin@unikraft.com