Bump the smallweb-deps group across 1 directory with 8 updates

[dependabot]

Bumps the smallweb-deps group with 7 updates in the / directory:

Package	From	To
github.com/cli/go-gh/v2	2.12.1	2.13.0
github.com/knadh/koanf/providers/file	1.2.0	1.2.1
github.com/knadh/koanf/v2	2.2.2	2.3.2
github.com/spf13/cobra	1.9.1	1.10.2
golang.org/x/term	0.35.0	0.39.0
github.com/caddyserver/certmagic	0.23.0	0.25.1
github.com/samber/slog-http	1.7.0	1.10.0

Updates github.com/cli/go-gh/v2 from 2.12.1 to 2.13.0

Release notes

Sourced from github.com/cli/go-gh/v2's releases.

v2.13.0

What's Changed

✨ Features

• Expose replace sprig function by @​iamazeem in cli/go-gh#196

🐛 Fixes

• Update Go version to 1.25.0 by @​BagToad in cli/go-gh#201
• fix: handle HTTP status 205 properly by @​nobe4 in cli/go-gh#163

📚 Docs & Chores

• docs(pkg/api): explain HandleHTTPError does not close response body by @​babakks in cli/go-gh#202

Dependencies

• Upgrade Golangci-lint to v2.6 by @​babakks in cli/go-gh#200

New Contributors

• @​nobe4 made their first contribution in cli/go-gh#163
• @​babakks made their first contribution in cli/go-gh#200

Full Changelog: cli/go-gh@v2.12.2...v2.13.0

v2.12.2

What's Changed

• Bump golang.org/x/net from 0.36.0 to 0.38.0 by @​dependabot[bot] in cli/go-gh#190

Full Changelog: cli/go-gh@v2.12.1...v2.12.2

Commits

• a0a6e89 Merge pull request #201 from cli/kw/bump-go-1.25.0
• 1585603 Merge pull request #202 from cli/babakks/explain-resp-body-close
• ec8f5ca docs(pkg/api): explain HandleHTTPError does not close resp body
• 5a975a9 Update Go version to 1.25.0
• 41e1e0d Merge pull request #200 from cli/babakks/upgrade-golangci-lint
• f6d1f60 chore: upgrade to Golangci-lint v2.6
• b7798dc docs: fix incorrect godoc usages
• 32287ae refactor: lift break condition into the loop
• ff8ebd0 chore: disable QF1008 from staticcheck rules
• c6bd235 chore: remove redundant/deprecated // +build tags
• Additional commits viewable in compare view

Updates github.com/knadh/koanf/providers/file from 1.2.0 to 1.2.1

Release notes

Sourced from github.com/knadh/koanf/providers/file's releases.

v1.2.1

changelog for v1.2.0 -> v1.2.1

• 29cce50 Merge pull request #101 from e-nikolov/fix-pflag-map-types
• 0202243 posflag: add support for pflag map types

Commits

• 29cce50 Merge pull request #101 from e-nikolov/fix-pflag-map-types
• 0202243 posflag: add support for pflag map types
• See full diff in compare view

Updates github.com/knadh/koanf/v2 from 2.2.2 to 2.3.2

Release notes

Sourced from github.com/knadh/koanf/v2's releases.

v2.3.2

What's Changed

• fix: preserve nil pointer types in Get() method by @​Asakuri in knadh/koanf#397

New Contributors

• @​Asakuri made their first contribution in knadh/koanf#397

Full Changelog: knadh/koanf@v2.3.1...v2.3.2

v2.3.1

What's Changed

• providers/cliflagv3: Set the flags if they have a default value by @​xescugc in knadh/koanf#382
• fix panic in dotenv parser when callback function is not provided by @​nilsocket in knadh/koanf#387
• Bump golang.org/x/crypto from 0.40.0 to 0.45.0 in /providers/kiln by @​dependabot[bot] in knadh/koanf#391
• Bump golang.org/x/crypto from 0.37.0 to 0.45.0 in /providers/nats by @​dependabot[bot] in knadh/koanf#390
• refactor interface{} to any by @​nilsocket in knadh/koanf#385
• fix: pass event to callback instead of nil when file changes detected by @​josepdcs in knadh/koanf#384

New Contributors

• @​xescugc made their first contribution in knadh/koanf#382
• @​nilsocket made their first contribution in knadh/koanf#387
• @​josepdcs made their first contribution in knadh/koanf#384

Full Changelog: knadh/koanf@v2.3.0...v2.3.1

v2.3.0

What's Changed

• feat: add provider for kiln by @​Thunderbottom in knadh/koanf#369
• Fix rendering of header and add it to the table of contents by @​remyzandwijk in knadh/koanf#373
• Bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1 to 2.4.0 in /examples by @​dependabot[bot] in knadh/koanf#375
• feat: add HUML parser support by @​rhnvrm in knadh/koanf#374
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0 in /tests by @​dependabot[bot] in knadh/koanf#376
• Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.4.0 in /providers/cliflagv3 by @​dependabot[bot] in knadh/koanf#378
• Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /providers/cliflagv2 by @​dependabot[bot] in knadh/koanf#380
• Add thread safety to resolve race conditions in Issues #305 and #335 by @​rhnvrm in knadh/koanf#377
• fix: bump mapstructure version by @​rostislaved in knadh/koanf#381

New Contributors

• @​remyzandwijk made their first contribution in knadh/koanf#373
• @​rostislaved made their first contribution in knadh/koanf#381

Full Changelog: knadh/koanf@v2.2.2...v2.3.0

Commits

• ec91994 fix: preserve nil pointer types in Get() method (#397)
• 99a91c6 Fix Get() panic on nil pointers. Fixes #396.
• fbccb44 Upgrade go-huml (v0.2.0 spec).
• 9c90b76 fix: pass event to callback instead of nil when file changes detected (#384)
• 45d1dc2 Refactor all instances of interface{} to any (#385)
• 7e04a35 Bump golang.org/x/crypto from 0.37.0 to 0.45.0 in /providers/nats (#390)
• 733704a Bump golang.org/x/crypto from 0.40.0 to 0.45.0 in /providers/kiln (#391)
• 8818413 fix panic in dotenv parser when callback function is not provided (#387)
• e38d5b4 providers/cliflagv3: Set the flags if they have a default value (#382)
• 20c4cba fix: bump mapstructure version (#381)
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.9.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

v1.10.1

🐛 Fix

• chore: upgrade pflags v1.0.9 by @​jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

• Bump pflag to 1.0.8 by @​tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

• If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
• or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

... (truncated)

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• 7da941c chore: Bump pflag to v1.0.9 (#2305)
• 51d6751 Bump pflag to 1.0.8 (#2303)
• 3f3b818 Update README.md with new logo
• dcaf42e Add Periscope to the list of projects using Cobra (#2299)
• Additional commits viewable in compare view

Updates golang.org/x/term from 0.35.0 to 0.39.0

Commits

• a7e5b04 go.mod: update golang.org/x dependencies
• 943f25d x/term: handle transpose
• 9b991dd x/term: handle delete key
• 3863673 go.mod: update golang.org/x dependencies
• 1231d54 go.mod: update golang.org/x dependencies
• 3475bc8 term: fix some comments
• 3a0828a go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates github.com/caddyserver/certmagic from 0.23.0 to 0.25.1

Release notes

Sourced from github.com/caddyserver/certmagic's releases.

v0.25.0

Adds support for disabling distributed solving, but still allows distributed solving of the http-01 challenge as long as the right ACME account is used.

What's Changed

• Implement precise lock lease renewal for storage backends that support lease renewal. by @​zoltan-frm in caddyserver/certmagic#347

New Contributors

• @​zoltan-frm made their first contribution in caddyserver/certmagic#347

Full Changelog: caddyserver/certmagic@v0.24.0...v0.25.0

v0.24.0

What's Changed

• Bump golang.org/x/net from 0.37.0 to 0.38.0 by @​dependabot[bot] in caddyserver/certmagic#342
• refactor: replace the file storage logger with the default logger by @​jinrenjie in caddyserver/certmagic#311
• acmeissuer: LE now supports IP certs by @​mohammed90 in caddyserver/certmagic#345
• Move cfg nil check from RenewManagedCertificates to getConfig by @​joga84 in caddyserver/certmagic#348

New Contributors

• @​jinrenjie made their first contribution in caddyserver/certmagic#311
• @​joga84 made their first contribution in caddyserver/certmagic#348

Full Changelog: caddyserver/certmagic@v0.23.0...v0.24.0

Commits

• d2a7286 Upgrade dependencies, esp. zerossl
• 20b57b0 Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#358)
• 80e9a59 Explicitly allow small RSA key sizes for testing
• d66689d Add TryLock for use with optional tasks like ARI updates to reduce lock conte...
• aba1313 Fix edge case panic in case of repeated account recreation failure (fix #354)
• 14972fd Don't log about OCSP when disabled (Fixes #353)
• 5a448ab Ability to disable distributed solvers
• 7084df0 Precise lock lease renewal for storages that support it (#347)
• 621b7e9 Move cfg nil check from RenewManagedCertificates to getConfig (#348)
• 17fb245 readme: Update draft-ari link to RFC 9773
• Additional commits viewable in compare view

Updates github.com/samber/slog-http from 1.7.0 to 1.10.0

Release notes

Sourced from github.com/samber/slog-http's releases.

v1.10.0

What's Changed

• fix: recovery handler suppresses http.ErrAbortHandler by @​wI2L in samber/slog-http#12
• feat: add WithClientIP property by @​ItalyPaleAle in samber/slog-http#16

New Contributors

• @​ItalyPaleAle made their first contribution in samber/slog-http#16

Full Changelog: samber/slog-http@v1.9.0...v1.10.0

v1.9.0

feat: add variadic parameters to AddCustomAttributes and AddContextAttributes

v1.8.2

fix: fix out of bounds slice

v1.8.1

What's Changed

• Huma sse support by @​dianlight in samber/slog-http#8

Full Changelog: samber/slog-http@v1.8.0...v1.8.1

v1.8.0

What's Changed

• Add support for SSE connections by @​dianlight in samber/slog-http#7

New Contributors

• @​dianlight made their first contribution in samber/slog-http#7

Full Changelog: samber/slog-http@v1.7.0...v1.8.0

Commits

• 4873072 bump v1.10.0
• 32ac81c feat: add WithClientIP property (#16)
• 2f02e32 fix: recovery handler suppresses http.ErrAbortHandler (#12)
• c945fd6 feat: variadic slog.Attr arg list to Add*Attributes functions (#11)
• 9d29b35 fix: fix out of bounds slice
• 328e75e Huma sse support (#8)
• f6a1a47 Add support for SSE connections (#7)
• c549f1f Update README.md
• 34f5ebe Update README.md
• a7a5d98 Update README.md
• See full diff in compare view

Updates go.uber.org/zap from 1.27.0 to 1.27.1

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.1

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.1 (19 Nov 2025)

Enhancements:

• #1501[]: prevent Object from panicking on nils
• #1511[]: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

#1501: uber-go/zap#1501 #1511: uber-go/zap#1511

Commits

• 7b755a3 release 1.27.1 (#1521)
• d6b395b Update lazy logger not to materialize unless it's being written to (#1519)
• 4b9cea0 ci: Test with Go 1.24, Go 1.25 (#1508)
• 7c80d7b Fix race condition in WithLazy implementation (#1426) (#1511)
• 07077a6 Prevent zap.Object from panicing on nils (#1501)
• a6afd05 Fix lint check name (#1502)
• 6d48253 chore: fix typo (#1482)
• 32f2ec1 Fix the field test for bool type (#1480)
• fe16eb5 Upgrade grpc in zapgrc test package & bump go version (#1478)
• 5f00c34 test(AtomicLevel): demonstrate Handler is not vulnerable to XSS (#1477)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions