build(deps): bump the go-dev-dependencies group with 7 updates

[dependabot]

Bumps the go-dev-dependencies group with 7 updates:

Package	From	To
github.com/gin-contrib/logger	1.2.6	1.2.7
github.com/rs/zerolog	1.34.0	1.35.0
github.com/bytedance/sonic/loader	0.5.0	0.5.1
github.com/gin-contrib/sse	1.1.0	1.1.1
github.com/mattn/go-sqlite3	1.14.37	1.14.38
github.com/moby/patternmatcher	0.6.0	0.6.1
github.com/pelletier/go-toml/v2	2.2.4	2.3.0

Updates github.com/gin-contrib/logger from 1.2.6 to 1.2.7

Release notes

Sourced from github.com/gin-contrib/logger's releases.

v1.2.7

Changelog

Bug fixes

• f9a0c7ca1d53d1faefa14d60d1b178b367e3610a: fix: resolve golangci-lint issues in example (@​appleboy)

Enhancements

• e1ab9a1390f2e3c009a0473e278d7965e20d366f: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (@​appleboy)
• 01d915c17e45cdd1fe2934b78d7b8f0aa91d6500: chore: update Go version and refresh indirect dependencies (@​appleboy)
• 5bfe98ccd088e01fd8ffdfdfda0476a4ddb3ea65: chore: remove bearer.yml workflow (@​appleboy)
• 380fb5fd74f98ebd750702248e30360917383ee7: chore(deps): bump actions/checkout from 4 to 6 (@​appleboy)
• d5f8a20b31051a0b6a54cffb785534f666ace9fb: chore: drop Go 1.23 support, require Go 1.24+ (@​appleboy)
• b55893bf33597fb70b2a138a7bf37b662abfe598: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
• 401043278297839fa20854201a83453c6cb96a1d: chore(ci): update golangci-lint to v2.6 (@​appleboy)
• b1173c93f998a42d44aa3cfc628e60bbd7c344c2: chore(deps): bump actions/cache from 4 to 5 (@​appleboy)
• 1065dca6c0ad9d761b6a18a51d1bfc4fe5f1473a: chore(ci): upgrade trivy-action from 0.33.1 to 0.35.0 (@​appleboy)
• fa03ed2daf4d63e67bbf1310308f6d6458a7cf85: chore(deps): upgrade gin to v1.12.0 and update CI Go versions (@​appleboy)
• df37d7ee3224a7761d80bbb259c1755279546029: chore(deps): upgrade golang.org/x/text to v0.35.0 (@​appleboy)

Build process updates

• c641ef3a9fd1c519f9b9df8860792ac2c960dbce: ci: test against latest Go release in CI (@​appleboy)
• add07ca1e9403d499735c53ff5d5660f4a7b8a5f: ci: integrate automated Trivy security scanning and reporting (@​appleboy)
• ed9a35002424d17ee25245afc0080a46d227d5e5: ci(workflow): bump goreleaser/goreleaser-action from v6 to v7 (@​appleboy)

Documentation updates

• 2f3fddecfd3898d34d260aa8d862cf11ae0255c7: docs: update documentation badges in README (@​appleboy)

Others

• d329ea817e9e92c845eea2065166636204318926: Add Go 1.26 to GitHub Actions test matrix (@​appleboy)
• 59f29e56a8cd0d95a1259cde3579a17e6df798af: Update golangci-lint version to v2.9 (@​appleboy)

Commits

• df37d7e chore(deps): upgrade golang.org/x/text to v0.35.0
• ed9a350 ci(workflow): bump goreleaser/goreleaser-action from v6 to v7
• fa03ed2 chore(deps): upgrade gin to v1.12.0 and update CI Go versions
• 1065dca chore(ci): upgrade trivy-action from 0.33.1 to 0.35.0
• 59f29e5 Update golangci-lint version to v2.9
• d329ea8 Add Go 1.26 to GitHub Actions test matrix
• b1173c9 chore(deps): bump actions/cache from 4 to 5
• f9a0c7c fix: resolve golangci-lint issues in example
• 4010432 chore(ci): update golangci-lint to v2.6
• b55893b chore(deps): upgrade quic-go to v0.57.1
• Additional commits viewable in compare view

Updates github.com/rs/zerolog from 1.34.0 to 1.35.0

Commits

• 1396655 Bump CI Go matrix minimum from 1.21 to 1.23
• 4b65a2f Bump actions/cache from 4 to 5 (#741)
• b835796 Bump actions/setup-go from 5 to 6 (#742)
• 134caf8 Added sanitization of journald keys (#751)
• e133b6a Added variadic StrsV, ObjectsV, and StringersV (#752)
• 82017d8 Bump github.com/coreos/go-systemd/v22 from 22.6.0 to 22.7.0 (#753)
• 2f5b8a9 fix: UpdateContext skips Nop and zero-value loggers (#754)
• d64c9a7 Add slog.Handler implementation for zerolog (#755)
• a0d61dc fix: return dict to Event pool (#749)
• f6fbd33 Test coverage improvements (#748)
• Additional commits viewable in compare view

Updates github.com/bytedance/sonic/loader from 0.5.0 to 0.5.1

Commits

• d64ddf9 opt: unify JIT funcs in single moduledata on Pretouch (#932)
• 3835c03 feat:(encoder) not omit zero value for omitempty tag (#927)
• c9e5b0f fix(rt): align map IndirectElem semantics across Go versions (#924)
• 28040bd revert: drop integer range mismatch and related tests (#922)
• f8ba977 fix(decoder): align jit string-tag mismatch with encoding/json (#917)
• 9a1c148 fix(decoder): memory corruption when decode prefilled interface (#914)
• 0724463 chore: use go fmt format (#913)
• f7c86b9 ci: add macOS ARM (Apple Silicon) runners to workflows (#911)
• 646f13a refactor: improve code formatting and remove unused lookup_small_key … (#903)
• afa2fce chore: update go mod (#899)
• See full diff in compare view

Updates github.com/gin-contrib/sse from 1.1.0 to 1.1.1

Release notes

Sourced from github.com/gin-contrib/sse's releases.

v1.1.1

Changelog

Enhancements

• b4c679fb858b35f0fcd6e1aea546541e01d40be1: chore: update testify dependency to v1.11.1 (@​appleboy)
• 461e5c90edf077bb25c151b4cb1e411750dc7d07: chore: drop Go 1.23 support, require Go 1.24+ (@​appleboy)
• 379d0484303b05521874e376fe97a16618f8733e: chore(ci): update golangci-lint to v2.6 (@​appleboy)
• ba43f5100b1b76af9991ca5b8ea314b34f0b41ae: chore(deps): bump actions/cache from 4 to 5 (@​appleboy)
• 6adf0204f68f40b4b793271d02eacab2d99bd541: chore(ci): upgrade trivy-action from 0.33.1 to 0.35.0 (@​appleboy)
• 5f914ee6c43d65473eba80bbeb5d41366a95f928: chore(deps): upgrade gin to v1.12.0 and update CI Go versions (@​appleboy)

Build process updates

• 7398a9fc17be3c56cedc2ef6d08ca7bb9425f7ed: ci: update and enhance CI workflows and security scanning (@​appleboy)
• 41aa9c0d6d639b46ce650e49009820fd864f9df5: ci(workflow): bump goreleaser/goreleaser-action from v6 to v7 (@​appleboy)

Documentation updates

• 723ee83cdacb01e19b2bf442fc3c0f35a9b3c749: docs: add Trivy Security Scan badge to README (@​appleboy)

Others

• 124027c0d6919116feaf57301f6992a89f7a7138: Add Go 1.26 to GitHub Actions test matrix (@​appleboy)
• 8bfd80373f9aed515c32501ccadb34ebceb4a86a: Update golangci-lint version to v2.9 (@​appleboy)

Commits

• 41aa9c0 ci(workflow): bump goreleaser/goreleaser-action from v6 to v7
• 5f914ee chore(deps): upgrade gin to v1.12.0 and update CI Go versions
• 6adf020 chore(ci): upgrade trivy-action from 0.33.1 to 0.35.0
• 8bfd803 Update golangci-lint version to v2.9
• 124027c Add Go 1.26 to GitHub Actions test matrix
• ba43f51 chore(deps): bump actions/cache from 4 to 5
• 723ee83 docs: add Trivy Security Scan badge to README
• 379d048 chore(ci): update golangci-lint to v2.6
• 461e5c9 chore: drop Go 1.23 support, require Go 1.24+
• 7398a9f ci: update and enhance CI workflows and security scanning
• Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.37 to 1.14.38

Commits

• edadafa Merge pull request #1381 from mattn/eliminate-bounds-checks
• 8f9f86e Eliminate unnecessary bounds checks in hot paths
• 0d23881 Merge pull request #1379 from theimpostor/pr-1322-missing-constraint-op-types
• 84bdc43 add missing index constraint op types
• 57e5007 Merge pull request #1313 from Jaculabilis/json-example
• See full diff in compare view

Updates github.com/moby/patternmatcher from 0.6.0 to 0.6.1

Release notes

Sourced from github.com/moby/patternmatcher's releases.

v0.6.1

What's Changed

• fix panic / nil pointer dereference on invalid patterns moby/patternmatcher#9
• ci: update actions and test against "oldest", "oldstable" and "stable" moby/patternmatcher#8

Full Changelog: moby/patternmatcher@v0.6.0...v0.6.1

Commits

• 5a6d842 Merge pull request #9 from thaJeztah/fix_panic
• e5d80c7 fix panic / nil pointer dereference on invalid patterns
• 7f236f5 Merge pull request #8 from thaJeztah/update_ci
• a95e09c ci: update actions and test against "oldest", "oldstable" and "stable"
• See full diff in compare view

Updates github.com/pelletier/go-toml/v2 from 2.2.4 to 2.3.0

Release notes

Sourced from github.com/pelletier/go-toml/v2's releases.

v2.3.0

This is the first release built largely with the help of AI coding agents. Highlights include the complete removal of the unsafe package. go-toml is now fully safe Go code, with a geomean overhead of only ~1.4% vs v2.2.4 and zero additional allocations on benchmarks. This release also adds omitzero struct tag support, improves UnmarshalText/Unmarshaler handling for tables and array tables, and fixes several bugs including nil pointer marshaling, leap second handling, and datetime unmarshaling panics.

What's Changed

What's new

• marshal: don't escape quotes unnecessarily by @​virtuald in pelletier/go-toml#991
• Add omitzero tag support by @​NathanBaulch in pelletier/go-toml#998
• Support custom IsZero() methods with omitzero tag by @​pelletier in pelletier/go-toml#1020
• UnmarshalText fallbacks to struct unmarshaling for tables and arrays by @​pelletier in pelletier/go-toml#1026
• [unstable] Support Unmarshaler interface for tables and array tables by @​pelletier in pelletier/go-toml#1027

Fixed bugs

• Add missing UnmarshalTOML call by @​pelletier in pelletier/go-toml#996
• Handle array table into an empty slice by @​pelletier in pelletier/go-toml#997
• Unwrap strict errors by @​bersace in pelletier/go-toml#1012
• Fix leap second handling found by fuzz by @​pelletier in pelletier/go-toml#1019
• Fix nil pointer map values not being marshaled by @​pelletier in pelletier/go-toml#1025
• Fix panic when unmarshaling datetime values to incompatible types (#1028) by @​pelletier in pelletier/go-toml#1029
• Fix parser error pointing to wrong line at EOF without trailing newline by @​pelletier in pelletier/go-toml#1041

Documentation

• Improve Unmarshaling README by @​heckelson in pelletier/go-toml#1016
• Create AGENTS.md guidelines file by @​pelletier in pelletier/go-toml#1017

Other changes

• Unsafe package removal by @​pelletier in pelletier/go-toml#1021
• Bump CI and test scripts to Go 1.26 by @​pelletier in pelletier/go-toml#1030

New Contributors

• @​virtuald made their first contribution in pelletier/go-toml#991
• @​NathanBaulch made their first contribution in pelletier/go-toml#999
• @​bersace made their first contribution in pelletier/go-toml#1012
• @​flyn-org made their first contribution in pelletier/go-toml#1013
• @​heckelson made their first contribution in pelletier/go-toml#1016

Full Changelog: pelletier/go-toml@v2.2.4...v2.3.0

Commits

• f36a3ec Reduce marshal and unmarshal overhead (#1044)
• 77f3862 Fix benchmark script replacing internal package imports (#1042)
• 16b1ef5 Fix parser error pointing to wrong line when last line has no trailing newlin...
• e14bde7 build(deps): bump docker/login-action from 3 to 4 (#1039)
• 4b1ff01 build(deps): bump docker/setup-buildx-action from 3 to 4 (#1040)
• 048a25f Go 1.26 (#1030)
• b357558 build(deps): bump goreleaser/goreleaser-action from 6 to 7 (#1035)
• a0be52f build(deps): bump actions/upload-artifact from 6 to 7 (#1036)
• 316bfc6 Support Unmarshaler interface for tables and array tables (#1027)
• 2edc61f Fix panic when unmarshaling datetime values to incompatible types (#1028) (#1...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 4 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA f65078b.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/gin-contrib/sse	1.1.1	Null	Unknown License
github.com/moby/patternmatcher	0.6.1	Null	Unknown License
github.com/pelletier/go-toml/v2	2.3.0	Null	Unknown License
github.com/rs/zerolog	1.35.0	Null	Unknown License

Allowed Licenses:

0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, bzip2-1.0.6, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/bytedance/sonic/loader	0.5.1	🟢 6.7	Details Check Score Reason Maintained 🟢 10 10 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy ⚠️ 0 security policy file not detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found SAST 🟢 7 SAST tool is not run on all commits -- score normalized to 7
gomod/github.com/gin-contrib/logger	1.2.7	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 1 Found 3/30 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST 🟢 7 SAST tool detected but not run on all commits
gomod/github.com/gin-contrib/sse	1.1.1	Unknown	Unknown
gomod/github.com/mattn/go-sqlite3	1.14.38	🟢 4.8	Details Check Score Reason Code-Review ⚠️ 2 Found 5/18 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 18 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Security-Policy ⚠️ 0 security policy file not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/moby/patternmatcher	0.6.1	Unknown	Unknown
gomod/github.com/pelletier/go-toml/v2	2.3.0	Unknown	Unknown
gomod/github.com/rs/zerolog	1.35.0	Unknown	Unknown

Scanned Files

• go.mod

[github-actions]

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.23%. Comparing base (a304c06) to head (f65078b).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #301      +/-   ##
==========================================
+ Coverage   57.13%   57.23%   +0.10%     
==========================================
  Files          70       70              
  Lines        3945     3945              
==========================================
+ Hits         2254     2258       +4     
+ Misses       1493     1491       -2     
+ Partials      198      196       -2     

Flag	Coverage Δ
opensearch-tests	95.68% <ø> (ø)
postgres-tests	92.03% <ø> (ø)
unit-tests	51.84% <ø> (+0.11%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.