build(deps): bump the go-dev-dependencies group with 7 updates

[dependabot]

Bumps the go-dev-dependencies group with 7 updates:

Package	From	To
github.com/testcontainers/testcontainers-go	0.40.0	0.41.0
golang.org/x/crypto	0.48.0	0.49.0
github.com/goccy/go-json	0.10.5	0.10.6
golang.org/x/mod	0.33.0	0.34.0
golang.org/x/net	0.51.0	0.52.0
golang.org/x/text	0.34.0	0.35.0
golang.org/x/tools	0.42.0	0.43.0

Updates github.com/testcontainers/testcontainers-go from 0.40.0 to 0.41.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.41.0

What's Changed

🚀 Features

• feat: add TiDB module (#3575) @​iyiola-dev
• feat: add Forgejo module (#3556) @​s04
• feat: improve container conflict detection (#3574) @​Desuuuu
• feat(azure): add lowkey vault container (#3542) @​nagyesta
• feat(chroma): update to chroma 1.x (#3552) @​tazarov
• feat(cassandra): add ssl option cassandra (#3151) @​MitulShah1

🐛 Bug Fixes

• fix(redpanda): closing provider in test after use (#3539) @​mabrarov
• fix: docker auth for docker.io images (#3482) @​LaurentGoderre
• fix(solace): set ulimits for container (#3497) @​mdelapenya
• fix(kafka): strip architecture suffix from Kafka image tags for semver parsing (#3276) @​asahasrabuddhe

📖 Documentation

• docs(metrics): automate usage metrics collection and publish it in the docs site (#3495) @​mdelapenya

🧹 Housekeeping

• chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#3560) @dependabot[bot]
• chore(pulsar): bump base image to 4.x, replacing the wait for log strategy with wait for listening port (deterministic) (#3573) @​mdelapenya
• chore(deps): bump github.com/modelcontextprotocol/go-sdk from 1.0.0 to 1.3.1 in /modules/dockermcpgateway (#3557) @dependabot[bot]
• chore: update usage metrics (2026-03-02) (#3565) @github-actions[bot]
• chore(deps): bump mkdocs-include-markdown-plugin from 7.2.0 to 7.2.1 (#3547) @dependabot[bot]
• chore(deps): bump tj-actions/changed-files from 47.0.0 to 47.0.1 (#3546) @dependabot[bot]
• chore(deps): bump actions/upload-artifact from 4.6.2 to 6.0.0 (#3545) @dependabot[bot]
• chore: update usage metrics (2026-02-02) (#3551) @github-actions[bot]
• chore(deps): bump pymdown-extensions from 10.8.1 to 10.16.1 (#3513) @dependabot[bot]
• chore: update usage metrics (2026-01-01) (#3515) @github-actions[bot]
• chore: update usage metrics (2025-12-01) (#3506) @github-actions[bot]
• chore(metrics): allow sending PRs from the workflow (#3503) @​mdelapenya
• fix(metrics): use the right CSV file (#3502) @​mdelapenya
• fix(metrics): use the right CSV file (#3501) @​mdelapenya
• chore(metrics): even better rate limit strategy (#3500) @​mdelapenya
• chore(metrics): properly detect rate limits (#3499) @​mdelapenya
• fix(metrics): set GH _TOKEN in workflow (#3498) @​mdelapenya

📦 Dependency updates

• fix: update compose-replace Makefile target to use compose/v5 (#3590) @​mdelapenya
• chore(deps): bump atomicjar/testcontainers-cloud-setup-action from 1.3.0 to 1.4.0 (#3559) @dependabot[bot]
• chore(deps): bump golang.org/x/text from 0.14.0 to 0.34.0 in /modulegen (#3582) @dependabot[bot]
• chore(deps): bump mkdocs-codeinclude-plugin from 0.2.1 to 0.3.1 (#3579) @dependabot[bot]
• chore(deps): bump golang.org/x/mod from 0.16.0 to 0.33.0 in /modulegen (#3583) @dependabot[bot]
• chore(deps): bump github.com/aerospike/aerospike-client-go/v8 from 8.2.0 to 8.6.0 in /modules/aerospike (#3584) @dependabot[bot]

... (truncated)

Commits

• 2ea97c8 chore: use new version (v0.41.0) in modules and examples
• 9a663f7 fix: update compose-replace Makefile target to use compose/v5 (#3590)
• 10481c2 chore(deps): bump atomicjar/testcontainers-cloud-setup-action (#3559)
• bdb12dd chore(deps): bump golang.org/x/text from 0.14.0 to 0.34.0 in /modulegen (#3582)
• 5bd7f07 chore(deps): bump mkdocs-codeinclude-plugin from 0.2.1 to 0.3.1 (#3579)
• c9ccfc5 chore(deps): bump golang.org/x/mod from 0.16.0 to 0.33.0 in /modulegen (#3583)
• 21ec740 chore(deps): bump github.com/aerospike/aerospike-client-go/v8 from 8.2.0 to 8...
• fb47b82 chore(deps): bump golang.org/x/mod in /modules/localstack (#3587)
• 6686e31 chore(deps): bump golang.org/x/mod in /modules/elasticsearch (#3585)
• 0656548 chore(deps): bump golang.org/x/mod in /modules/redpanda (#3588)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.49.0

Commits

• 982eaa6 go.mod: update golang.org/x dependencies
• 159944f ssh,acme: clean up tautological/impossible nil conditions
• a408498 acme: only require prompt if server has terms of service
• cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
• 2f26647 x509roots/fallback: update bundle
• See full diff in compare view

Updates github.com/goccy/go-json from 0.10.5 to 0.10.6

Release notes

Sourced from github.com/goccy/go-json's releases.

0.10.6

What's Changed

• fix: panic on embedded struct with recursive by @​NgoKimPhu in goccy/go-json#483

New Contributors

• @​NgoKimPhu made their first contribution in goccy/go-json#483

Full Changelog: goccy/go-json@v0.10.5...v0.10.6

Commits

• e4877d5 fix: panic on embedded struct with recursive (#483)
• See full diff in compare view

Updates golang.org/x/mod from 0.33.0 to 0.34.0

Commits

• 1ac721d go.mod: update golang.org/x dependencies
• fb1fac8 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/net from 0.51.0 to 0.52.0

Commits

• 316e20c go.mod: update golang.org/x dependencies
• 9767a42 internal/http3: add support for plugging into net/http
• 4a81284 http2: update docs to disrecommend this package
• dec6603 dns/dnsmessage: reject too large of names early during unpack
• 8afa12f http2: deprecate write schedulers
• 38019a2 http2: add missing copyright header to export_test.go
• 039b87f internal/http3: return error when Write is used after status 304 is set
• 6267c6c internal/http3: add HTTP 103 Early Hints support to ClientConn
• 591bdf3 internal/http3: add HTTP 103 Early Hints support to Server
• 1faa6d8 internal/http3: avoid potential race when aborting RoundTrip
• Additional commits viewable in compare view

Updates golang.org/x/text from 0.34.0 to 0.35.0

Commits

• 7ca2c6d go.mod: update golang.org/x dependencies
• 73d1ba9 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/tools from 0.42.0 to 0.43.0

Commits

• 24a8e95 go.mod: update golang.org/x dependencies
• 3dd57fb gopls/internal/mcp: refactor unified diff generation
• fcc014d cmd/digraph: fix package doc
• 39f0f5c cmd/stress: add -failfast flag
• 063c264 gopls/test/integration/misc: add diagnostics to flaky test
• deb6130 gopls/internal/golang: fix hover panic in raw strings with CRLF
• 5f1186b gopls/internal/analysis/driverutil: remove unnecessary new imports
• ff45494 go/analysis: expose GoMod etc. to Pass.Module
• 62daff4 go/analysis/passes/inline: fix panic in inlineAlias with instantiated generic...
• fcb6088 x/tools: delete obsolete code
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 6 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 1c52726.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/testcontainers/testcontainers-go	0.41.0	Null	Unknown License
golang.org/x/crypto	0.49.0	Null	Unknown License
golang.org/x/mod	0.34.0	Null	Unknown License
golang.org/x/net	0.52.0	Null	Unknown License
golang.org/x/text	0.35.0	Null	Unknown License
golang.org/x/tools	0.43.0	Null	Unknown License

Allowed Licenses:

0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, bzip2-1.0.6, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/goccy/go-json	0.10.6	🟢 3.8	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 6 Found 16/26 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained ⚠️ 0 0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/testcontainers/testcontainers-go	0.41.0	Unknown	Unknown
gomod/golang.org/x/crypto	0.49.0	Unknown	Unknown
gomod/golang.org/x/mod	0.34.0	Unknown	Unknown
gomod/golang.org/x/net	0.52.0	Unknown	Unknown
gomod/golang.org/x/text	0.35.0	Unknown	Unknown
gomod/golang.org/x/tools	0.43.0	Unknown	Unknown

Scanned Files

• go.mod

[github-actions]

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.23%. Comparing base (4e57f18) to head (1c52726).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #297   +/-   ##
=======================================
  Coverage   57.23%   57.23%           
=======================================
  Files          70       70           
  Lines        3945     3945           
=======================================
  Hits         2258     2258           
  Misses       1491     1491           
  Partials      196      196           

Flag	Coverage Δ
opensearch-tests	95.68% <ø> (ø)
postgres-tests	92.03% <ø> (ø)
unit-tests	51.84% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.