build(deps): bump the go-dev-dependencies group with 10 updates

[dependabot]

Bumps the go-dev-dependencies group with 10 updates:

Package	From	To
github.com/testcontainers/testcontainers-go	0.39.0	0.40.0
github.com/docker/docker	28.5.1+incompatible	28.5.2+incompatible
github.com/ebitengine/purego	0.9.0	0.9.1
github.com/go-openapi/jsonreference	0.21.2	0.21.3
github.com/go-openapi/spec	0.22.0	0.22.1
github.com/golang-migrate/migrate/v4	4.18.3	4.19.0
github.com/quic-go/quic-go	0.55.0	0.56.0
golang.org/x/arch	0.22.0	0.23.0
golang.org/x/sync	0.17.0	0.18.0
golang.org/x/sys	0.37.0	0.38.0

Updates github.com/testcontainers/testcontainers-go from 0.39.0 to 0.40.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.40.0

What's Changed

⚠️ Breaking Changes

• chore(redpanda)!: use Run function (#3430) @​mdelapenya
• chore(rabbitmq)!: use Run function (#3428) @​mdelapenya
• chore(opensearch)!: use Run function (#3423) @​mdelapenya
• chore(elasticsearch)!: use Run function (#3407) @​mdelapenya
• chore(etcd)!: use Run function (#3409) @​mdelapenya

The below modules receive a breaking change in the signature of their functional options, as now all of them return an error when needed (returning nil for success). Therefore, you're only affected when assigning the options to variables.

• Old: type Option func(*options)
• New: type Option func(*options) error

🚀 Features

• feat(azure): add cosmosdb module (#3452) @​natsoman
• feat(azure): reduce time/memory by running specific sub-services (#3451) @​NathanBaulch

🐛 Bug Fixes

• fix(udp): expose UDP ports properly (#3485) @​blueprismo
• fix(compose): update to docker compose v2.40.2 and use api.Compose interface (#3456) @​mdelapenya
• fix(surrealdb): use true as value for WithAllowAllCaps option (#3436) @​mdelapenya
• fix: use path.Join instead of url.JoinPath when prepending a custom registry to an image (#3308) @​fedorkanin

📖 Documentation

• docs: add AI coding agent guidelines (#3446) @​mdelapenya
• docs(mssql): describe MSSQL issue with negative certificates (#3417) @​mdelapenya

🧹 Housekeeping

• feat(wait): add human-readable String() methods to all wait strategies (#3461) @​mdelapenya
• chore: enable prealloc linter and address issues (#3458) @​NathanBaulch
• chore(dockermcpgateway): skip testable example as it's not deterministic (#3457) @​mdelapenya
• fix(azurite): fix lint (#3453) @​mdelapenya
• chore: fix "Redpanda" copy-paste comment everywhere (#3450) @​NathanBaulch
• chore: remove redundant wait.ForAll everywhere (#3449) @​NathanBaulch
• chore(couchbase|etcd|firestore|mcpgateway|eventhubs|servicebus): apply consistent pattern for options (#3447) @​mdelapenya
• chore(modulegen): use Run function when generating modules (#3445) @​mdelapenya
• chore(vault): use Run function (#3443) @​mdelapenya
• chore(valkey): use Run function (#3440) @​mdelapenya
• chore(yugabytedb): use Run function (#3444) @​mdelapenya
• chore(weaviate): use Run function (#3442) @​mdelapenya
• chore(vearch): use Run function (#3441) @​mdelapenya
• chore(toxiproxy): use Run function (#3435) @​mdelapenya
• chore(clickhouse|k6|localstack|redpanda|registry|socat): use Run in tests (#3432) @​mdelapenya
• chore(surrealdb): use Run function (#3434) @​mdelapenya

... (truncated)

Commits

• 71b5775 chore: use new version (v0.40.0) in modules and examples
• 7e7e8cc chore(deps): bump amannn/action-semantic-pull-request from 5.5.3 to 6.1.1 (#3...
• f95900f feat(azure): add cosmosdb module (#3452)
• 1ed2735 fix(udp): expose UDP ports properly (#3485)
• 7527203 chore(deps): bump golang.org/x/sys from 0.36.0 to 0.37.0 and golang.org/x/cry...
• aa75771 chore(deps): bump github.com/docker/docker from 28.3.3+incompatible to 28.5.1...
• bddd936 feat(wait): add human-readable String() methods to all wait strategies (#3461)
• 666b20d chore(deps): bump mkdocs-include-markdown-plugin from 7.1.6 to 7.2.0 (#3463)
• 56b85e5 chore(deps): bump actions/setup-go from 5.4.0 to 6.0.0 (#3462)
• 9895e2e chore: enable prealloc linter and address issues (#3458)
• Additional commits viewable in compare view

Updates github.com/docker/docker from 28.5.1+incompatible to 28.5.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.5.2

28.5.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.5.2 milestone
• moby/moby, 28.5.2 milestone

[!CAUTION] This release contains fixes for three high-severity security vulnerabilities in runc:

• CVE-2025-31133
• CVE-2025-52565
• CVE-2025-52881

All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files.

Packaging updates

• Update runc to v1.3.3. moby/moby#51394

Bug fixes and enhancements

• dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51162
• Update Go runtime to 1.24.9. moby/moby#51387, docker/cli#6613

Deprecations

• Go-SDK: cli/command/image/build: deprecate DefaultDockerfileName, DetectArchiveReader, WriteTempDockerfile, ResolveAndValidateContextPath. These utilities were only used internally and will be removed in the next release. docker/cli#6610
• Go-SDK: cli/command/image/build: deprecate IsArchive utility. docker/cli#6560
• Go-SDK: opts: deprecate ValidateMACAddress. docker/cli#6560
• Go-SDK: opts: deprecate ListOpts.Delete(). docker/cli#6560

Commits

• 89c5e8f Merge pull request #51396 from thaJeztah/28.x_backport_api_docs
• 9b93878 Merge pull request #51395 from thaJeztah/28.x_backport_rootless_reject
• 6178456 Merge pull request #51398 from vvoland/51397-28.x
• 0cae4e5 vendor: github.com/moby/buildkit v0.25.2
• 33cc06f Merge pull request #51394 from vvoland/51393-28.x
• d525277 api/docs: remove BuildCache.Parent field for API v1.42 and up
• 2fbc51b dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host
• bd98008 integration-cli: Adjust nofile limits
• 1967515 Dockerfile: update runc binary to v1.3.3
• 4489660 Merge pull request #51387 from thaJeztah/28.x_bump_go
• Additional commits viewable in compare view

Updates github.com/ebitengine/purego from 0.9.0 to 0.9.1

Commits

• b9d062c purego: fix arm64 argument corruption on alignment flush (#360)
• cdb7cab purego: fix darwin int string mixing (#357)
• f0510f1 purego: fix bool field placement at non-zero offsets (#351)
• See full diff in compare view

Updates github.com/go-openapi/jsonreference from 0.21.2 to 0.21.3

Commits

• d5ff0ea tests: replaced stretchr/testify by go-openapi/testify
• 5cee2c3 chore: updated license marks in source files
• See full diff in compare view

Updates github.com/go-openapi/spec from 0.22.0 to 0.22.1

Commits

• f06cfff tests: replaced stretchr/testify by go-openapi/testify
• 9da6d8d chore: updated license marks in source files
• 3c1111c chore(linting): removed nolint directives when the linter has fixed false pos...
• See full diff in compare view

Updates github.com/golang-migrate/migrate/v4 from 4.18.3 to 4.19.0

Release notes

Sourced from github.com/golang-migrate/migrate/v4's releases.

v4.19.0

What's Changed

• Fixed sqlserver not actually getting a lock if lock is already set by @​urbim in golang-migrate/migrate#1186
• Bump golang.org/x/oauth2 from 0.18.0 to 0.27.0 by @​dependabot[bot] in golang-migrate/migrate#1299
• Update apt-key to gpg by @​sandhilt in golang-migrate/migrate#1277
• Update dktest to v0.4.6 for docker vuln fix by @​dhui in golang-migrate/migrate#1309
• refactor: Remove go.uber.org/atomic in favor of std sync/atomic by @​romshark in golang-migrate/migrate#1303
• Ensure bufferWriter is always closed in Migration.Buffer and propagate close errors by @​ckantcs in golang-migrate/migrate#1308
• Add support for Go 1.25 and drop support for 1.23 by @​dhui in golang-migrate/migrate#1310

New Contributors

• @​urbim made their first contribution in golang-migrate/migrate#1186
• @​sandhilt made their first contribution in golang-migrate/migrate#1277
• @​romshark made their first contribution in golang-migrate/migrate#1303
• @​ckantcs made their first contribution in golang-migrate/migrate#1308

Full Changelog: golang-migrate/migrate@v4.18.3...v4.19.0

Commits

• 8b9c5f7 Merge pull request #1310 from dhui/update_go
• b4ec9bc Add support for Go 1.25 and drop support for 1.23
• ed4bdd4 Ensure bufferWriter is always closed in Migration.Buffer and propagate close ...
• 8945e85 Merge pull request #1303 from romshark/master
• 7108d80 Merge pull request #1309 from dhui/dktest_v0.4.6
• 682016f Merge pull request #1277 from sandhilt/doc/change-apt-key-to-gpg
• f3e6b5a Replace usage of deprecated docker types
• 0a17402 Update dktest to v0.4.6 for docker vuln fix
• 5eee0c8 Merge pull request #1299 from golang-migrate/dependabot/go_modules/golang.org...
• 642a24d Bump golang.org/x/oauth2 from 0.18.0 to 0.27.0
• Additional commits viewable in compare view

Updates github.com/quic-go/quic-go from 0.55.0 to 0.56.0

Release notes

Sourced from github.com/quic-go/quic-go's releases.

v0.56.0

This release introduces qlog support for HTTP/3 (#5367, #5372, #5374, #5375, #5376, #5381, #5383).

For this, we completely changed how connection tracing works. Instead of a general-purpose logging.ConnectionTracer (which we removed entirely), we now have a qlog-specific tracer (#5356, #5417). quic-go users can now implement their own qlog events.

It also removes the Prometheus-based metrics collection. Please comment on the tracking issue (#5294) if you rely on metrics and are interested in seeing metrics brought back in a future release.

Notable Changes

• replaced the unmaintained gojay with a custom, performance-optimized JSON encoder (#5353, #5371)
• quicvarint: improved panic message for numbers larger than 2^62 (#5410)

Behind the Scenes

Go 1.25 introduced support for testing concurrent code using testing/synctest. We've been working on transitioning tests to use synctest (#5357, #5391, #5393, #5397, #5398, #5403, #5414, #5415), using @​MarcoPolo's simnet package to simulate a network in memory.

Using synctest makes test execution more reliable (reducing flakiness). The use of a synthetic clock leads to a massive speedup; the execution time of some integration tests was reduced from 20s to less than 1ms. The work will continue for the next release (see tracking issue: #5386).

Changelog

• qlog: implement a minimal jsontext-like JSON encoder by @​marten-seemann in quic-go/quic-go#5353
• ci: remove 386 (32 bit x86) by @​MarcoPolo in quic-go/quic-go#5352
• use synctest in more connection tests by @​marten-seemann in quic-go/quic-go#5357
• qlog: split serializiation and event definitions, remove logging abstraction by @​marten-seemann in quic-go/quic-go#5356
• qlogwriter: implement the draft-12 trace header by @​marten-seemann in quic-go/quic-go#5360
• qlogwriter: add support for event_schemas in the trace header by @​marten-seemann in quic-go/quic-go#5361
• qlogwriter: pass the event time to Event.Encode by @​marten-seemann in quic-go/quic-go#5362
• ackhandler: fix qlogging of alarm timer expiration time by @​marten-seemann in quic-go/quic-go#5363
• qlog: privatize Encode functions of non-Event structs by @​marten-seemann in quic-go/quic-go#5364
• fix qlogging of the short header payload length by @​marten-seemann in quic-go/quic-go#5365
• ci: include OS and Go version in Codecov test report upload by @​marten-seemann in quic-go/quic-go#5370
• http3: add basic server-side qlog support by @​marten-seemann in quic-go/quic-go#5367
• jsontext: add support for encoding null by @​marten-seemann in quic-go/quic-go#5371
• qlog: use PathEndpointInfo in connection_started by @​marten-seemann in quic-go/quic-go#5368
• http3: fix qlog encoding of frame_parsed and frame_created events by @​marten-seemann in quic-go/quic-go#5372
• http3: add basic client-side qlog support by @​marten-seemann in quic-go/quic-go#5374
• readme: update oss-fuzz link by @​kriztalz in quic-go/quic-go#5377
• http3: qlog sent and received GOAWAY frames by @​marten-seemann in quic-go/quic-go#5376
• http3: qlog sent and received DATAGRAMs by @​marten-seemann in quic-go/quic-go#5375
• http3: move qlogging of frames into the frame parser by @​marten-seemann in quic-go/quic-go#5378
• http3: qlog sent and received SETTINGS frames by @​marten-seemann in quic-go/quic-go#5379
• http3: qlog the frame length and payload length of parsed frames by @​marten-seemann in quic-go/quic-go#5380
• http3: qlog reserved, unsupported and unknown frames by @​marten-seemann in quic-go/quic-go#5381
• http3: add the qlog event schema to trace header by @​marten-seemann in quic-go/quic-go#5383
• use default RTT (100ms) for 0-RTT if no prior estimate by @​marten-seemann in quic-go/quic-go#5388
• congestion: avoid overflows when calculating pacer budget by @​marten-seemann in quic-go/quic-go#5390
• add simnet package to simulate a net.PacketConn in memory by @​marten-seemann in quic-go/quic-go#5385
• use synctest for transport tests by @​marten-seemann in quic-go/quic-go#5391
• use simnet in CONNECTION_CLOSE retransmission test by @​marten-seemann in quic-go/quic-go#5395
• use synctest for the packet drop test by @​marten-seemann in quic-go/quic-go#5393
• use synctest for the handshake drop test by @​marten-seemann in quic-go/quic-go#5397

... (truncated)

Commits

• eb7fcf5 qlog: split the PTO count updates ouf of the MetricsUpdated event (#5421)
• 4930f90 qlog: rework the ConnectionClosed event (#5417)
• a6de3e4 ackhandler: fix qlogging of RTT values (#5418)
• a882b9a use synctest for the stateless reset tests (#5415)
• d3211a4 qlog: rename owner to initiator (#5416)
• 7646b74 use synctest in handshake RTT tests (#5414)
• b25c128 ci: update golangci-lint to v2.6.0 (#5412)
• d526a3f ci: bump actions/upload-artifact from 4 to 5 (#5411)
• 2d4ba22 quicvarint: improve panic message for numbers larger 2^62 (#5410)
• cf01081 ci: use gcassert to check that quicvarint.Len is inlined (#5409)
• Additional commits viewable in compare view

Updates golang.org/x/arch from 0.22.0 to 0.23.0

Commits

• fea4a9e riscv64: add support for Zicond instructions
• See full diff in compare view

Updates golang.org/x/sync from 0.17.0 to 0.18.0

Commits

• 1966f53 errgroup: fix some typos in comment
• See full diff in compare view

Updates golang.org/x/sys from 0.37.0 to 0.38.0

Commits

• 15129aa cpu: also use MRS instruction in getmmfr1
• ed38ca2 unix: add SizeofNhmsg and SizeofNexthopGrp
• 3675c4c cpu: use MRS instruction to read arm64 system registers
• 2a15272 unix: add consts for ELF handling
• 6239615 cpu: add HPDS, LOR, PAN detection for arm64
• ea436ef windows: add iphlpapi routing functions
• 28c5bda unix: add SetMemPolicy and its mode/flag values
• b731f78 unix/linux: switch to ubuntu 25.04, Go 1.25.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[greenbonebot]

Scanning the following files:

go.mod
go.sum

Scan: 'go.mod'

Nothing detected in go.mod
Scan took 0.00 seconds

Scan: 'go.sum'

Nothing detected in go.sum
Scan took 0.00 seconds

[github-actions]

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.86%. Comparing base (5ff2345) to head (4acb3e2).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #261   +/-   ##
=======================================
  Coverage   55.86%   55.86%           
=======================================
  Files          61       61           
  Lines        3222     3222           
=======================================
  Hits         1800     1800           
  Misses       1293     1293           
  Partials      129      129           

Flag	Coverage Δ
opensearch-tests	95.62% <ø> (ø)
postgres-tests	91.96% <ø> (ø)
unit-tests	48.89% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.