Bump the gomod group with 3 updates (#2063)

Bumps the gomod group with 3 updates:
[github.com/bufbuild/buf](https://github.com/bufbuild/buf),
[golang.org/x/mod](https://github.com/golang/mod) and
[golang.org/x/oauth2](https://github.com/golang/oauth2).

Updates `github.com/bufbuild/buf` from 1.57.2 to 1.58.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/bufbuild/buf/releases">github.com/bufbuild/buf's
releases</a>.</em></p>
<blockquote>
<h2>v1.58.0</h2>
<ul>
<li>Update <code>PROTOVALIDATE</code> lint rule to check
<code>IGNORE_IF_ZERO_VALUE</code> on fields that track presence.</li>
<li>Fix <code>buf format</code> on fields with missing field number
tags.</li>
<li>Optimize <code>include</code> and <code>exclude</code> path handling
for workspaces to avoid unnecessary file system
operations. This change can result in a performance improvement for
large workspaces.</li>
<li>Fix buf curl for HTTP/2 services with <code>
--http2-prior-knowledge</code> flag set.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bufbuild/buf/blob/main/CHANGELOG.md">github.com/bufbuild/buf's
changelog</a>.</em></p>
<blockquote>
<h2>[v1.58.0] - 2025-10-09</h2>
<ul>
<li>Update <code>PROTOVALIDATE</code> lint rule to check
<code>IGNORE_IF_ZERO_VALUE</code> on fields that track presence.</li>
<li>Fix <code>buf format</code> on fields with missing field number
tags.</li>
<li>Optimize <code>include</code> and <code>exclude</code> path handling
for workspaces to avoid unnecessary file system
operations. This change can result in a performance improvement for
large workspaces.</li>
<li>Fix buf curl for HTTP/2 services with <code>
--http2-prior-knowledge</code> flag set.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/bufbuild/buf/commit/106d2653183a84ceac4738170483a0251bc635cd"><code>106d265</code></a>
Release v1.58.0 (<a
href="https://redirect.github.com/bufbuild/buf/issues/4044">#4044</a>)</li>
<li><a
href="https://github.com/bufbuild/buf/commit/f9fe4392942d73ab81c0943538c1326167e5e15b"><code>f9fe439</code></a>
Bump buf.build/gen/go/bufbuild/registry/protocolbuffers/go (<a
href="https://redirect.github.com/bufbuild/buf/issues/4039">#4039</a>)</li>
<li><a
href="https://github.com/bufbuild/buf/commit/24d2185e56e5b638225066ecb9c40b06b25740de"><code>24d2185</code></a>
Use include and exclude directories to reduce filepath traversal (<a
href="https://redirect.github.com/bufbuild/buf/issues/4025">#4025</a>)</li>
<li><a
href="https://github.com/bufbuild/buf/commit/2358ba2949a42213a24056959dac6b57f01894d7"><code>2358ba2</code></a>
Only set HTTP1 when HTTP/2 Prior Knowledge flag is false in <code>buf
curl</code> (<a
href="https://redirect.github.com/bufbuild/buf/issues/4036">#4036</a>)</li>
<li><a
href="https://github.com/bufbuild/buf/commit/f74c416bf5f1a85c9dd7cb0f75fce9aeb1bd5dd2"><code>f74c416</code></a>
Add audit event to track ignore configs changes (<a
href="https://redirect.github.com/bufbuild/buf/issues/4041">#4041</a>)</li>
<li><a
href="https://github.com/bufbuild/buf/commit/521b61e82418ea5d76526a7a7fe688a974ca40f1"><code>521b61e</code></a>
Make upgrade (<a
href="https://redirect.github.com/bufbuild/buf/issues/4042">#4042</a>)</li>
<li><a
href="https://github.com/bufbuild/buf/commit/58e10d4a854ea55d1945abcb66e3691ec5a39b3c"><code>58e10d4</code></a>
Fix format on missing field numbers (<a
href="https://redirect.github.com/bufbuild/buf/issues/4029">#4029</a>)</li>
<li><a
href="https://github.com/bufbuild/buf/commit/7471eb6817e604885bd7632cd8472de8940bec48"><code>7471eb6</code></a>
Add rule to check <code>IGNORE_IF_ZERO_VALUE</code> on fields that track
presence (<a
href="https://redirect.github.com/bufbuild/buf/issues/4021">#4021</a>)</li>
<li><a
href="https://github.com/bufbuild/buf/commit/c2411d567d058a02573fb80572b28c00b00bd095"><code>c2411d5</code></a>
Make upgrade (<a
href="https://redirect.github.com/bufbuild/buf/issues/4024">#4024</a>)</li>
<li><a
href="https://github.com/bufbuild/buf/commit/5681daf5d10d687f6ffcc4a52ebf3b4959afd2e5"><code>5681daf</code></a>
Update to protovalidate v1 (<a
href="https://redirect.github.com/bufbuild/buf/issues/4020">#4020</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/bufbuild/buf/compare/v1.57.2...v1.58.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/mod` from 0.28.0 to 0.29.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/mod/commit/bba3e065a67271df90253c78c98f2cea7f572948"><code>bba3e06</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/mod/compare/v0.28.0...v0.29.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/oauth2` from 0.31.0 to 0.32.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/oauth2/commit/792c8776358f0c8689d84eef0d0c966937d560fb"><code>792c877</code></a>
oauth2: use strings.Builder instead of bytes.Buffer</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.31.0...v0.32.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

go.mod

@@ -7,14 +7,14 @@ require (
 	buf.build/go/app v0.1.0
 	buf.build/go/interrupt v1.1.0
 	buf.build/go/standard v0.1.0
-	github.com/bufbuild/buf v1.57.2
+	github.com/bufbuild/buf v1.58.0
 	github.com/google/go-containerregistry v0.20.6
 	github.com/google/go-github/v72 v72.0.0
 	github.com/hashicorp/go-retryablehttp v0.7.8
 	github.com/spf13/pflag v1.0.10
 	github.com/stretchr/testify v1.11.1
-	golang.org/x/mod v0.28.0
-	golang.org/x/oauth2 v0.31.0
+	golang.org/x/mod v0.29.0
+	golang.org/x/oauth2 v0.32.0
 	golang.org/x/sync v0.17.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -24,9 +24,9 @@ require (
 	github.com/containerd/stargz-snapshotter/estargz v0.17.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v28.4.0+incompatible // indirect
+	github.com/docker/cli v28.5.0+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.9.3 // indirect
+	github.com/docker/docker-credential-helpers v0.9.4 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect

go.sum

@@ -8,8 +8,8 @@ buf.build/go/spdx v0.2.0 h1:IItqM0/cMxvFJJumcBuP8NrsIzMs/UYjp/6WSpq8LTw=
 buf.build/go/spdx v0.2.0/go.mod h1:bXdwQFem9Si3nsbNy8aJKGPoaPi5DKwdeEp5/ArZ6w8=
 buf.build/go/standard v0.1.0 h1:g98T9IyvAl0vS3Pq8iVk6Cvj2ZiFvoUJRtfyGa0120U=
 buf.build/go/standard v0.1.0/go.mod h1:PiqpHz/7ZFq+kqvYhc/SK3lxFIB9N/aiH2CFC2JHIQg=
-github.com/bufbuild/buf v1.57.2 h1:2vxP0giB8DVo0Lkem9T8WDUYIEC3zqY98+NHqAlP4ig=
-github.com/bufbuild/buf v1.57.2/go.mod h1:8cygE3L/J84dtgQAaquZKpXLo9MjAn+dSdFuXvbUNYg=
+github.com/bufbuild/buf v1.58.0 h1:TMgp0jmfPD5SixbUCB2iqGnK/X+2KQXTzsVc7F2LbLc=
+github.com/bufbuild/buf v1.58.0/go.mod h1:guevy4hwwKlc9h69k4E9O/D23ecJHnP5LJ9QlDQoBtg=
 github.com/containerd/stargz-snapshotter/estargz v0.17.0 h1:+TyQIsR/zSFI1Rm31EQBwpAA1ovYgIKHy7kctL3sLcE=
 github.com/containerd/stargz-snapshotter/estargz v0.17.0/go.mod h1:s06tWAiJcXQo9/8AReBCIo/QxcXFZ2n4qfsRnpl71SM=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
@@ -18,12 +18,12 @@ github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6N
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/docker/cli v28.4.0+incompatible h1:RBcf3Kjw2pMtwui5V0DIMdyeab8glEw5QY0UUU4C9kY=
-github.com/docker/cli v28.4.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v28.5.0+incompatible h1:crVqLrtKsrhC9c00ythRx435H8LiQnUKRtJLRR+Auxk=
+github.com/docker/cli v28.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8=
-github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo=
+github.com/docker/docker-credential-helpers v0.9.4 h1:76ItO69/AP/V4yT9V4uuuItG0B1N8hvt0T0c0NN/DzI=
+github.com/docker/docker-credential-helpers v0.9.4/go.mod h1:v1S+hepowrQXITkEfw6o4+BMbGot02wiKpzWhGUZK6c=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@@ -76,10 +76,10 @@ github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnn
 github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
 golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
 golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
-golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
-golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
-golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
-golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
+golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
+golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
+golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=