Bump the minor-and-patch group with 5 updates

[dependabot]

Bumps the minor-and-patch group with 5 updates:

Package	From	To
github.com/charmbracelet/x/ansi	0.11.5	0.11.6
golang.org/x/mod	0.32.0	0.33.0
golang.org/x/oauth2	0.34.0	0.35.0
golang.org/x/sys	0.39.0	0.40.0
golang.org/x/text	0.32.0	0.33.0

Updates github.com/charmbracelet/x/ansi from 0.11.5 to 0.11.6

Commits

• 7642919 fix(ansi): use our own configuration for CJK width handling (#758)
• a1c6140 chore(cellbuf): bump ansi to reduce memory allocations
• See full diff in compare view

Updates golang.org/x/mod from 0.32.0 to 0.33.0

Commits

• 27761a2 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.34.0 to 0.35.0

Commits

• 89ff2e1 google: add safer credentials JSON loading options.
• See full diff in compare view

Updates golang.org/x/sys from 0.39.0 to 0.40.0

Commits

• 2f44229 sys/cpu: add symbolic constants for remaining cpuid bits
• e5770d2 sys/cpu: use symbolic names for masks
• 714a44c sys/cpu: modify x86 port to match what internal/cpu does
• See full diff in compare view

Updates golang.org/x/text from 0.32.0 to 0.33.0

Commits

• 536231a go.mod: update golang.org/x dependencies
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[roborev-ci]

roborev: Combined Review

Summary verdict: Clean dependency-only change; no issues found.

Critical

• None.

High

• None.

Medium

• None.

Low

• None.

All agents report no findings; the diff appears clean.

---

Synthesized from 4 reviews (agents: codex, gemini | types: review, security)

[roborev-ci]

roborev: Combined Review

Verdict: No issues found — this PR appears clean and safe to merge.

All four reviews agree the changes are limited to routine dependency updates (go.mod/go.sum) plus the matching vendorHash update in flake.nix, with no identified security, correctness, or maintainability issues.

---

Synthesized from 4 reviews (agents: codex, gemini | types: security, review)