deps(deps): bump the go-minor-patch group with 4 updates

[dependabot]

Bumps the go-minor-patch group with 4 updates: github.com/spf13/cobra, github.com/spf13/viper, golang.org/x/crypto and golang.org/x/oauth2.

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• See full diff in compare view

Updates github.com/spf13/viper from 1.19.0 to 1.21.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.21.0

What's Changed

Enhancements 🚀

• Add support for flags pflag.BoolSlice, pflag.UintSlice and pflag.Float64Slice by @​nmvalera in spf13/viper#2015
• feat: use maintained yaml library by @​sagikazarmark in spf13/viper#2040

Bug Fixes 🐛

• fix(config): get config type from v.configType or config file ext by @​GuillaumeBAECHLER in spf13/viper#2003
• fix: config type check when loading any config by @​sagikazarmark in spf13/viper#2007

Dependency Updates ⬆️

• Update dependencies by @​sagikazarmark in spf13/viper#1993
• build(deps): bump github.com/spf13/cast from 1.7.1 to 1.8.0 by @​dependabot[bot] in spf13/viper#2017
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 by @​dependabot[bot] in spf13/viper#2013
• build(deps): bump github.com/sagikazarmark/locafero from 0.8.0 to 0.9.0 by @​dependabot[bot] in spf13/viper#2008
• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /remote by @​dependabot[bot] in spf13/viper#2016
• build(deps): bump github.com/spf13/cast from 1.8.0 to 1.9.2 by @​dependabot[bot] in spf13/viper#2020
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @​dependabot[bot] in spf13/viper#2028
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @​dependabot[bot] in spf13/viper#2035
• build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @​dependabot[bot] in spf13/viper#2036
• build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 by @​dependabot[bot] in spf13/viper#2012
• build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @​dependabot[bot] in spf13/viper#2052
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /remote by @​dependabot[bot] in spf13/viper#2048
• build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 by @​dependabot[bot] in spf13/viper#2056
• chore: update dependencies by @​sagikazarmark in spf13/viper#2057

Other Changes

• Update update guide with mapstructure package replacement. by @​aldas in spf13/viper#2004
• refactor: use the built-in max/min to simplify the code by @​yingshanghuangqiao in spf13/viper#2029

New Contributors

• @​GuillaumeBAECHLER made their first contribution in spf13/viper#2003
• @​aldas made their first contribution in spf13/viper#2004
• @​nmvalera made their first contribution in spf13/viper#2015
• @​yingshanghuangqiao made their first contribution in spf13/viper#2029
• @​ccoVeille made their first contribution in spf13/viper#2046
• @​spacez320 made their first contribution in spf13/viper#2050

Full Changelog: spf13/viper@v1.20.0...v1.21.0

v1.20.1

What's Changed

Bug Fixes 🐛

• Backport config type fixes to 1.20.x by @​sagikazarmark in spf13/viper#2005

Full Changelog: spf13/viper@v1.20.0...v1.20.1

v1.20.0

... (truncated)

Commits

• 394040c ci: build on go 1.25
• 812f548 chore: update dependencies
• d5271ef ci: update stale workflow
• dff303b feat: add a stale issue scheduled action
• 1287976 build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10
• 38932cd build(deps): bump github.com/go-viper/mapstructure/v2 in /remote
• 6d014be build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
• b74c7ee build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0
• acd05e1 fix: linting issues
• ae5a8e2 ci: upgrade golangci-lint
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.45.0 to 0.46.0

Commits

• 19acf81 go.mod: update golang.org/x dependencies
• 3a1c6b4 x509roots/fallback: update bundle
• f4602e4 ssh/agent: fix flaky test by ensuring a writeable home directory
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.33.0 to 0.34.0

Commits

• acc3815 endpoints: fix %q verb use with wrong type
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[privateip]

@dependabot close

[dependabot]

Beginning January 27, 2026, Dependabot will no longer support the @dependabot close command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml