build(deps): bump the go-dependencies group across 1 directory with 17 updates

[dependabot]

Bumps the go-dependencies group with 13 updates in the / directory:

Package	From	To
charm.land/lipgloss/v2	2.0.0-beta.3.0.20251106193318-19329a3e8410	2.0.2
github.com/aws/aws-sdk-go-v2	1.41.1	1.41.5
github.com/aws/aws-sdk-go-v2/config	1.32.9	1.32.13
github.com/aws/aws-sdk-go-v2/service/cognitoidentity	1.33.18	1.33.22
github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider	1.58.0	1.59.3
github.com/aws/aws-sdk-go-v2/service/ecr	1.55.2	1.56.2
github.com/charmbracelet/fang	0.4.4	1.0.0
github.com/fatih/color	1.18.0	1.19.0
github.com/moby/moby/api	1.53.0	1.54.0
github.com/moby/patternmatcher	0.6.0	0.6.1
github.com/skpr/api	1.4.0	1.5.0
golang.org/x/crypto	0.48.0	0.49.0
golang.org/x/oauth2	0.35.0	0.36.0

Updates charm.land/lipgloss/v2 from 2.0.0-beta.3.0.20251106193318-19329a3e8410 to 2.0.2

Release notes

Sourced from charm.land/lipgloss/v2's releases.

v2.0.2

Table patch

If you don't know, we made big improvements in table rendering recently shipped in v2.0.0.

@​MartinodF made a good job on improving it even further for tricky edge cases, in particular when content wrapping is enabled.

Changelog

Fixed

• c289bad531f2588fc7506d7fbd5cdfd3daf4cb27: fix(table): height and overflow with wrapping content (#620) (@​MartinodF)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.1

A small release to properly set style underline colors, as well as handling partial reads while querying the terminal.

Changelog

Fixed

• 30441468e81b8d5322c78e7a78cac1aaf6b1b57d: fix: add missing underlineColorKey case in getAsColor (#624) (@​flux627)

Docs

• 61e734b4628b1f808f2a40dde55c8886432a110b: docs: Charm logo link in upgrade guide (@​aymanbagabas)

Other stuff

• 92b13d8d3982df42416dddcad755f8700d5f1a76: ci: sync golangci-lint config (#621) (@​github-actions[bot])

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v2.0.0

Do you think you can handle Lip Gloss v2?

We’re really excited for you to try Lip Gloss v2! Read on for new features and a guide to upgrading.

If you (or your LLM) just want the technical details, take a look at Upgrade Guide.

[!NOTE] We take API changes seriously and strive to make the upgrade process as simple as possible. We believe the changes bring necessary improvements as well as pave the way for the future. If something feels way off, let us know.

What’s new?

... (truncated)

Commits

• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.1 to 1.41.5

Commits

• 90650dd Release 2026-03-26
• dd88818 Regenerated Clients
• b662c50 Update endpoints model
• 500a9cb Update API model
• 6221102 fix stale skew and delayed skew healing (#3359)
• 0a39373 fix order of generated event header handlers (#3361)
• 098f389 Only generate resolveAccountID when it's required (#3360)
• 6ebab66 Release 2026-03-25
• b2ec3be Regenerated Clients
• abc126f Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.9 to 1.32.13

Commits

• 90650dd Release 2026-03-26
• dd88818 Regenerated Clients
• b662c50 Update endpoints model
• 500a9cb Update API model
• 6221102 fix stale skew and delayed skew healing (#3359)
• 0a39373 fix order of generated event header handlers (#3361)
• 098f389 Only generate resolveAccountID when it's required (#3360)
• 6ebab66 Release 2026-03-25
• b2ec3be Regenerated Clients
• abc126f Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.9 to 1.19.13

Commits

• 90650dd Release 2026-03-26
• dd88818 Regenerated Clients
• b662c50 Update endpoints model
• 500a9cb Update API model
• 6221102 fix stale skew and delayed skew healing (#3359)
• 0a39373 fix order of generated event header handlers (#3361)
• 098f389 Only generate resolveAccountID when it's required (#3360)
• 6ebab66 Release 2026-03-25
• b2ec3be Regenerated Clients
• abc126f Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cognitoidentity from 1.33.18 to 1.33.22

Commits

• 967c920 Release 2026-03-03
• 23daf2b Regenerated Clients
• ae690a7 Update endpoints model
• 42acfb9 Update API model
• 790446e Run new Go tool 'go fix' on non-codegen files (#3337)
• e64a7d0 migrate protocol test codegen to smithy-go (#3335)
• d5b9ac6 Bump Go version to 1.24 (#3334)
• ddb9538 Release 2026-02-27
• deda70f Regenerated Clients
• 7d5acbd Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider from 1.58.0 to 1.59.3

Commits

• 6b53348 Release 2024-10-28
• 784d2d3 Regenerated Clients
• 7258bd2 Update endpoints model
• f322198 Update API model
• b65b80a Merge pull request #2852 from RanVaknin/signature-header-parsing-fix
• 803614d Fixing changelog description and implementation to use TrimSpace
• b12c8cf adding changelog
• f0caa97 patching GetSignedRequestSignature to cover edge cases with the signature
• e058903 drop service/nimble (#2851)
• 896793a Release 2024-10-25
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.55.2 to 1.56.2

Commits

• 5a96470 Release 2024-12-19
• 653aa80 Regenerated Clients
• d02b239 Update endpoints model
• 698d709 Update API model
• 885de40 Fix improper use of Printf-style functions (#2934)
• 858298a Release 2024-12-18
• f58264a Regenerated Clients
• df31082 Update endpoints model
• 346690e Update API model
• 4515454 Release 2024-12-17
• Additional commits viewable in compare view

Updates github.com/charmbracelet/fang from 0.4.4 to 1.0.0

Release notes

Sourced from github.com/charmbracelet/fang's releases.

v1.0.0

Changelog

Other stuff

• 3b93b3b1c60ff8e4957e62e20f35c6b12c5a6ad1: ci: sync golangci-lint config (#83) (@​github-actions[bot])

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

• 3b93b3b ci: sync golangci-lint config (#83)
• See full diff in compare view

Updates github.com/fatih/color from 1.18.0 to 1.19.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.19.0

What's Changed

• Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @​dependabot[bot] in fatih/color#246
• Fix for issue #230 set/unsetwriter symmetric wrt color support detection by @​ataypamart in fatih/color#243
• chore: go mod cleanup by @​sashamelentyev in fatih/color#244
• Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @​dependabot[bot] in fatih/color#249
• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot[bot] in fatih/color#248
• Update CI and go deps by @​fatih in fatih/color#254
• Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @​dependabot[bot] in fatih/color#268
• fix: include escape codes in byte counts from Fprint, Fprintf by @​qualidafial in fatih/color#282
• Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @​dependabot[bot] in fatih/color#277
• fix: add nil check for os.Stdout to prevent panic on Windows services by @​majiayu000 in fatih/color#275
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @​dependabot[bot] in fatih/color#259
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in fatih/color#273
• Optimize Color.Equals performance (O(n²) → O(n)) by @​UnSubble in fatih/color#269
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in fatih/color#266

New Contributors

• @​ataypamart made their first contribution in fatih/color#243
• @​sashamelentyev made their first contribution in fatih/color#244
• @​qualidafial made their first contribution in fatih/color#282
• @​majiayu000 made their first contribution in fatih/color#275
• @​UnSubble made their first contribution in fatih/color#269

Full Changelog: fatih/color@v1.18.0...v1.19.0

Commits

• ca25f6e Merge pull request #266 from fatih/dependabot/github_actions/actions/setup-go-6
• 1205984 Bump actions/setup-go from 5 to 6
• 5715c20 Merge pull request #269 from UnSubble/main
• 2f6e200 Merge branch 'main' into main
• f72ec94 Merge pull request #273 from fatih/dependabot/github_actions/actions/checkout-6
• 848e633 Merge branch 'main' into main
• 4c2cd34 Add tests
• 7f812f0 Bump actions/checkout from 4 to 6
• b7fc9f9 Merge pull request #259 from fatih/dependabot/github_actions/dominikh/staticc...
• 239a88f Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0
• Additional commits viewable in compare view

Updates github.com/moby/moby/api from 1.53.0 to 1.54.0

Release notes

Sourced from github.com/moby/moby/api's releases.

api/v1.54.0

1.54.0

New

• GET /images/json now supports an identity query parameter. When set, the response includes manifest summaries and may include an Identity field for each manifest with trusted identity and origin information. moby/moby#52030

Bug fixes and enhancements

• api/types/swarm: PortConfig: add Compare method. moby/moby#52047
• api: swagger: document "platform" param for GET /image/{name}/json. moby/moby#52082
• Fix swagger/OpenAPI return value specification for /system/df endpoint. moby/moby#52124
• Add a MediaType pseudo-type to help discoverability of available mediatypes. moby/moby#52089
• api/types/jsonstream: Add sanity-check for Message marshaling. moby/moby#52059
• api/types/jsonstream: Prevent panic on nil-Error. moby/moby#52059

Commits

• 7f1a670 Merge pull request #52140 from vvoland/drop-replace
• 4569055 Drop replace rules
• 37cc25c Merge pull request #52040 from vvoland/network-connect-macaddres
• 2fa6029 network/connect: Support MacAddress
• c0625f2 Merge pull request #52124 from chemodax/patch-1
• 4c19a01 Merge pull request #52048 from shiv-tyagi/vendor-detection
• 018cdea Merge pull request #52119 from ricardobranco777/saveload
• 6d771cc Merge pull request #52137 from vvoland/label-notesting
• 71c4815 gha/labeler: Remove *_test.go from area/testing label
• 13a8626 daemon/devices: Turn RegisterGPUDeviceDrivers into func
• Additional commits viewable in compare view

Updates github.com/moby/patternmatcher from 0.6.0 to 0.6.1

Release notes

Sourced from github.com/moby/patternmatcher's releases.

v0.6.1

What's Changed

• fix panic / nil pointer dereference on invalid patterns moby/patternmatcher#9
• ci: update actions and test against "oldest", "oldstable" and "stable" moby/patternmatcher#8

Full Changelog: moby/patternmatcher@v0.6.0...v0.6.1

Commits

• 5a6d842 Merge pull request #9 from thaJeztah/fix_panic
• e5d80c7 fix panic / nil pointer dereference on invalid patterns
• 7f236f5 Merge pull request #8 from thaJeztah/update_ci
• a95e09c ci: update actions and test against "oldest", "oldstable" and "stable"
• See full diff in compare view

Updates github.com/skpr/api from 1.4.0 to 1.5.0

Release notes

Sourced from github.com/skpr/api's releases.

v1.5.0

What's Changed

• Bump google.golang.org/grpc from 1.78.0 to 1.79.1 in the go-dependencies group by @​dependabot[bot] in skpr/api#45
• Bump to Go 1.26 by @​nickschuch in skpr/api#46
• Remove old metrics endpoints by @​nterbogt in skpr/api#47
• Bump the go-dependencies group with 2 updates by @​dependabot[bot] in skpr/api#48
• Bump google.golang.org/grpc from 1.79.1 to 1.79.3 by @​dependabot[bot] in skpr/api#49
• chore: Dockers_v2 upgrade to build system by @​nterbogt in skpr/api#50

Full Changelog: skpr/api@v1.4.0...v1.5.0

Commits

• ac08a7d Upgrade build to dockers_v2 (#50)
• 5c34ed3 Bump google.golang.org/grpc from 1.79.1 to 1.79.3 (#49)
• c28e94f Bump the go-dependencies group with 2 updates (#48)
• c6bcd37 Removing all the old endpoints for metrics (#47)
• f3a98c7 Bump to Go 1.26 (#46)
• d7553ef Bump google.golang.org/grpc in the go-dependencies group (#45)
• See full diff in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.49.0

Commits

• 982eaa6 go.mod: update golang.org/x dependencies
• 159944f ssh,acme: clean up tautological/impossible nil conditions
• a408498 acme: only require prompt if server has terms of service
• cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
• 2f26647 x509roots/fallback: update bundle
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits

• 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits

• ec11c4a errgroup: fix a typo in the documentation
• 1a58307 all: modernize interface{} -> any
• 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/term from 0.40.0 to 0.41.0

Commits

• 9d2dc07 go.mod: update golang.org/x dependencies
• d954e03 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates google.golang.org/grpc from 1.78.0 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

• server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

• stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

• grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

• mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • Special Thanks: @​vanja-p
• experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

• balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

• experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
• pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
  • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
• xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
• balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)
  • Special Thanks: @​marek-szews

Bug Fixes

• credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • Special Thanks: @​Atul1710
• xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
• health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • Special Thanks: @​sanki92
• transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • Special Thanks: @​joybestourous
• server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)
  • Special Thanks: @​joybestourous

Performance Improvements

• credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
• mem: Optimize pooling and creation of buffer objects. (#8784)
• transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

Commits

• dda86db Change version to 1.79.3 (#8983)
• 72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
• 97ca352 Changing version to 1.79.3-dev (#8954)
• 8902ab6 Change the version to release 1.79.2 (#8947)
• a928670 Cherry-pick #8874 to v1.79.x (#8904)
• 06df363 Change version to 1.79.2-dev (#8903)
• 782f2de Change version to 1.79.1 (#8902)
• 850eccb Change version to 1.79.1-dev (#8851)
• 765ff05 Change version to 1.79.0 (#8850)
• 68804be Cherry pick #8864 to v1.79.x (#8896)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions