chore(deps): bump the gomod group across 1 directory with 6 updates

[dependabot]

Bumps the gomod group with 5 updates in the / directory:

Package	From	To
github.com/Masterminds/semver/v3	3.4.0	3.5.0
github.com/ProtonMail/gopenpgp/v3	3.4.0	3.4.1
github.com/goreleaser/nfpm/v2	2.45.2	2.47.0
mvdan.cc/sh/v3	3.13.0	3.13.1
pault.ag/go/debian	0.19.0	0.21.0

Updates github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.5.0

What's Changed

• Adding more prerelease tests by @​mattfarina in Masterminds/semver#273
• Update constraint error messages by @​mattfarina in Masterminds/semver#278
• Fix edge cases by @​mattfarina in Masterminds/semver#279
• Adding some checks in by @​mattfarina in Masterminds/semver#280
• Updating deps by @​mattfarina in Masterminds/semver#281
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in Masterminds/semver#282
• Bump actions/cache from 4.2.3 to 5.0.5 by @​dependabot[bot] in Masterminds/semver#283
• Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @​dependabot[bot] in Masterminds/semver#284
• Updating gitignore for devcontainers by @​mattfarina in Masterminds/semver#286
• Fixing some quality issues by @​mattfarina in Masterminds/semver#287

New Contributors

• @​dependabot[bot] made their first contribution in Masterminds/semver#282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits

• 8b89c86 Merge pull request #287 from mattfarina/fix-da-issues
• 29d51d0 Fixing some quality issues
• 87f651d Merge pull request #286 from mattfarina/update-devcontainer
• 158a685 Updating gitignore for devcontainers
• 7e83c08 Merge pull request #284 from Masterminds/dependabot/github_actions/golangci/g...
• 697e27f Merge pull request #283 from Masterminds/dependabot/github_actions/actions/ca...
• 1591f8e Merge pull request #282 from Masterminds/dependabot/github_actions/github/cod...
• 3f5ff17 Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0
• 04baa33 Bump actions/cache from 4.2.3 to 5.0.5
• 45939fe Bump github/codeql-action from 4.35.1 to 4.35.2
• Additional commits viewable in compare view

Updates github.com/ProtonMail/gopenpgp/v3 from 3.4.0 to 3.4.1

Release notes

Sourced from github.com/ProtonMail/gopenpgp/v3's releases.

Release v3.4.1

What's Changed

• Fix EOF behavior of the verification Reader in ProtonMail/gopenpgp#358

Full Changelog: ProtonMail/gopenpgp@v3.4.0...v3.4.1

Release v3.4.1-proton

This release is v3.4.1 with support for the following non-standardized features:

• Presistent symmetric keys draft-ietf-openpgp-persistent-symmetric-keys-00
• Automatic forwarding draft-wussler-openpgp-forwarding-00
• Post-quantum algorithms draft-ietf-openpgp-pqc (draft-09)
• Proton profiles

Changelog

Sourced from github.com/ProtonMail/gopenpgp/v3's changelog.

[3.4.1] – 2026-04-29

Fixed

• Fixed EOF behavior of the verification Reader after first io.EOF.

Commits

• 0cb3933 chore: Prepare release v3.4.1 (#359)
• 7c3abbe fix(crypto): EOF behavior of the verification Reader (#358)
• 6097ee3 ci: Constrain CI runner access (#357)
• See full diff in compare view

Updates github.com/goreleaser/nfpm/v2 from 2.45.2 to 2.47.0

Release notes

Sourced from github.com/goreleaser/nfpm/v2's releases.

v2.47.0

Changelog

New Features

• 5c2f7caebfee70a3c656cfe0bee0d2d71683e4df: feat: RiscV64 support (#1091) (@​ahqsoftwares)
• 64b788a887641a1c492d815b52bf9a74de0c9a70: feat: add Requires(Post) for RPMS (#1085) (@​teddelin)
• dc960732751ac28baf361dcc12ff1fd7e00872d5: feat: add fang support for styled CLI output (#1068) (@​caarlos0)

Security updates

• 060af046636f4adc478e437196449122e4417346: sec(deps): update golang.org/x/crypto (@​caarlos0)
• f769631fdded535d6723b7951d9fcae10f691ff6: sec(deps): update golang.org/x/net (@​caarlos0)

Bug fixes

• 3118ec19d59f3e60f2c1b35d09d5e2e722b2de15: fix: tolerate empty overrides packager clause (#1080) (@​dleske)

Dependency updates

• a2d9ce583fb9ba683a306fd37751d5a7f7a77385: feat(deps): go1.26.4 (@​caarlos0)
• 9b16218b1556e3fdf1f4e421653a55a249fff28c: fix(deps): bump alpine from 3.23.3 to 3.23.4 (#1075) (@​dependabot[bot])
• e3102b31f07ed91ab0a21afbb6967d473f7b6d79: fix(deps): bump alpine from 3.23.3 to 3.23.4 in /testdata/acceptance (#1076) (@​dependabot[bot])
• 62c555edf6ace54d42d7de13a71d9ef5fd467e83: fix(deps): bump alpine from 3.23.4 to 3.24.0 (#1098) (@​dependabot[bot])
• 071ae1836142ec60ce2b767cc8ab310be657d2bf: fix(deps): bump alpine from 3.23.4 to 3.24.0 in /testdata/acceptance (#1099) (@​dependabot[bot])

Build process updates

• 4c62d34ff4562b2a63888f0932ddb484dd7c12c6: ci(deps): bump github/codeql-action in the actions group (#1083) (@​dependabot[bot])
• 38a05deed6cc5c71b43d1e8e3bf044bd0f76fa33: ci(deps): bump the actions group across 1 directory with 3 updates (#1096) (@​dependabot[bot])
• 6fe4da4e4f9c0d53bc212f77afd7d11a32fac14e: ci(deps): bump the actions group across 1 directory with 7 updates (#1095) (@​dependabot[bot])
• cd95f9ffeed090edb8edff13cf61754ffe405926: ci(deps): bump the actions group with 2 updates (#1078) (@​dependabot[bot])
• 8f9cbef3c311f3488c9f6b347217f5d2d33d5da1: ci(deps): bump the actions group with 3 updates (#1090) (@​dependabot[bot])
• 9ff0e2f09a748adc41efa3d247bea3a97efb20bc: ci(deps): bump the actions group with 4 updates (#1086) (@​dependabot[bot])
• 2ce1832d348292b413778df6b0e6da7cb9a85697: ci(deps): bump the actions group with 5 updates (#1074) (@​dependabot[bot])
• 1bd2fed8fb99229a32a4bf44cbffeb5c892d5841: ci: fix docs build test (@​caarlos0)
• 4695cdccbf99bd66ed99ee5187d92a480c4f29ff: ci: fix license check (@​caarlos0)
• a40b461a8f0b402ce489f167e3bedb2dedda5a41: ci: update build (@​caarlos0)

Other work

• d16d75f9435d8ed69d227e57dbf6a5731b63761d: docs(deps): update hextra (@​caarlos0)
• c6a6a27ba29912fc88a613e6debb271a85cd2e16: docs: update cmd docs (@​caarlos0)

Full Changelog: goreleaser/nfpm@v2.46.3...v2.47.0

Helping out

This release is only possible thanks to all the support of awesome people!

Want to be one of them? You can sponsor or contribute with code.

Where to go next?

• nFPM is a satellite project from GoReleaser. Check it out!
• Find examples and commented usage of all options in our website.
• Reach out on Discord and Twitter!

v2.46.3

... (truncated)

Commits

• 40c7c8f chore: remove duplicated code
• 64b788a feat: add Requires(Post) for RPMS (#1085)
• 1bd2fed ci: fix docs build test
• 071ae18 fix(deps): bump alpine from 3.23.4 to 3.24.0 in /testdata/acceptance (#1099)
• 62c555e fix(deps): bump alpine from 3.23.4 to 3.24.0 (#1098)
• 38a05de ci(deps): bump the actions group across 1 directory with 3 updates (#1096)
• df30aca chore: update sponsors
• f769631 sec(deps): update golang.org/x/net
• 4695cdc ci: fix license check
• 060af04 sec(deps): update golang.org/x/crypto
• Additional commits viewable in compare view

Updates golang.org/x/mod from 0.34.0 to 0.35.0

Commits

• 03901d3 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates mvdan.cc/sh/v3 from 3.13.0 to 3.13.1

Release notes

Sourced from mvdan.cc/sh/v3's releases.

v3.13.1

• cmd/shfmt
  • Add support for [[zsh]] in EditorConfig files
  • Detect the shell variant from filenames like .zshrc and .bash_profile
  • Fix --apply-ignore when used with explicit args - #1310
• syntax
  • Revert an accidental change to how array subscripts are formatted - #1314
  • Never join ;; with the previous line when formatting - #1289
  • Fix a bug where $1[foo] was parsed as a subscript in Zsh - #1288
  • Correctly parse $! in double quotes in Zsh - #1298
  • Allow indexing into special parameters in Zsh - #1299
  • Allow parameter expansions with empty names in Zsh - #1280
• interp
  • Test against Bash 5.3 and fix three new discrepancies
  • Fix a few bugs related to nameref variables
  • Avoid panics when user input encounters unimplemented features

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.26.1 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Changelog

Sourced from mvdan.cc/sh/v3's changelog.

[3.13.1] - 2026-03-09

• cmd/shfmt
  • Add support for [[zsh]] in EditorConfig files
  • Detect the shell variant from filenames like .zshrc and .bash_profile
  • Fix --apply-ignore when used with explicit args - #1310
• syntax
  • Revert an accidental change to how array subscripts are formatted - #1314
  • Never join ;; with the previous line when formatting - #1289
  • Fix a bug where $1[foo] was parsed as a subscript in Zsh - #1288
  • Correctly parse $! in double quotes in Zsh - #1298
  • Allow indexing into special parameters in Zsh - #1299
  • Allow parameter expansions with empty names in Zsh - #1280
• interp
  • Test against Bash 5.3 and fix three new discrepancies
  • Fix a few bugs related to nameref variables
  • Avoid panics when user input encounters unimplemented features

Commits

• 2f3f5e3 CHANGELOG: add entry for v3.13.1
• 1b77144 CHANGELOG: add late entry for v3.13.0
• 4fe0cc2 README: bring output in caveats examples up to date
• d2b044b syntax: only make index expressions compact when it's a comma
• 1569230 syntax: add test cases for issue #1314
• e97b2b0 interp: avoid the last panics which can be triggered by users
• f299f47 cmd/shfmt: --apply-ignore should not skip explicit args based on extension
• 2315483 interp: fix a few nameref bugs
• 7e3be04 interp: test with Bash 5.3 and fix three bugs uncovered by it
• 8852860 pattern: tokenize patterns rune by rune
• Additional commits viewable in compare view

Updates pault.ag/go/debian from 0.19.0 to 0.21.0

Commits

• cffc6a7 Switch from golang.org/x/crypto/openpgp to github.com/ProtonMail/go-crypto/op...
• 6381c0b control: expose Build-Depends-Arch and Build-Conflicts-Arch on Source
• e4f9c3c dependency: trim multi-line field whitespace from Possibility names
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions