chore(deps): bump the go-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the go-dependencies group with 9 updates in the / directory:

Package	From	To
github.com/ProtonMail/go-crypto	1.4.0	1.4.1
github.com/charmbracelet/bubbles	0.21.0	1.0.0
github.com/charmbracelet/glamour	0.8.0	1.0.0
github.com/getsops/sops/v3	3.12.1	3.12.2
github.com/gruntwork-io/boilerplate	0.10.1	0.12.1
github.com/hashicorp/terraform-svchost	0.2.0	0.2.1
github.com/aws/aws-sdk-go-v2/service/dynamodb	1.56.1	1.56.2
github.com/aws/aws-sdk-go-v2/service/iam	1.53.4	1.53.6
github.com/testcontainers/testcontainers-go	0.40.0	0.41.0

Updates github.com/ProtonMail/go-crypto from 1.4.0 to 1.4.1

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

Release v1.4.1

What's Changed

• Properly handle ECC keys with invalid points in ProtonMail/go-crypto#304

Full Changelog: ProtonMail/go-crypto@v1.4.0...v1.4.1

Release v1.4.1-proton

This release is v1.4.1 with support for the following non-standardized features:

• Presistent symmetric keys experimental + latest draft draft-ietf-openpgp-persistent-symmetric-keys-00
• Automatic forwarding draft-wussler-openpgp-forwarding-00
• Post-quantum algorithms draft-ietf-openpgp-pqc (Updated to draft-ietf-openpgp-pqc-09)

Commits

• 2e73b11 Properly handle ECC keys with invalid points (#304)
• See full diff in compare view

Updates github.com/charmbracelet/bubbles from 0.21.0 to 1.0.0

Release notes

Sourced from github.com/charmbracelet/bubbles's releases.

v1.0.0

This is just an honorary release of Bubbles v1. Stay tuned for the next major version 🫧

Changelog

Fixed

• d0166363eb8176b331de98dba1d6e997560f216f: fix: changed 'recieve' to 'receive' for 100% quality of Go Report Card (#881) (@​Atennop1)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v0.21.1

Changelog

New!

• dff42ddb7cf28f022da475c69dba2e74f75af34d: feat: update keybindings in list setSize method (@​Broderick-Westrope)

Fixed

• c376ce3ef18cc26bbf1f6338cc8518ae329a18d6: fix(cursor): fix data race on blinkTag (#784) (@​DryHumour)
• 11d52ca426e5c594f7c6c10766935a7f30a83225: fix(table): preventing cursor from being out-of-bounds. (@​s0ders)
• 49ff5c03b7bada572da36c79269dc15ab03d569b: fix(textinput): improve placeholder (#768) (@​caarlos0)
• 7c44f63d3185e6f1d795e9369ba85185e6efe956: v1: fix(list): ensure correct cursor positions with page/cursor methods (#831) (@​lrstanley)

Docs

• 7fcf75da535ee7db938586044a02f0f74f40339e: docs(readme): update footer image and copyright date (@​meowgorithm)
• d4feefed7d674edbfbc8f09e99c56704706038c5: docs: remove Charm Cloud reference (#785) (@​ShalokShalom)

Other stuff

• daab808a4d85e0b616ca9e30c1c5d9acd365aa02: ci: sync dependabot config (#786) (@​charmcli)
• 4b2d311076480670a00b3f24fd9ad280c35c7c57: ci: sync dependabot config (#835) (@​charmcli)
• 8562e9075fb87edf45e99c5d63a6610254d6c6e7: ci: sync golangci-lint config (#781) (@​github-actions[bot])
• f54a125f7decd8fefa0db4a0853720200d50a631: test(table): improve table unit tests (#601) (@​Broderick-Westrope)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

• 4824eff chore(deps): bump github.com/charmbracelet/x/ansi in the all group (#859)
• d016636 fix: changed 'recieve' to 'receive' for 100% quality of Go Report Card (#881)
• 9329772 chore: update dependencies
• ff8b5a8 chore(deps): bump actions/checkout from 5 to 6 in the all group (#863)
• 62c7911 chore(deps): bump the all group with 2 updates (#855)
• 49ff5c0 fix(textinput): improve placeholder (#768)
• d6934a1 chore(deps): bump github.com/mattn/go-runewidth in the all group (#852)
• f2d1266 chore(deps): bump github.com/charmbracelet/bubbletea in the all group (#850)
• 5caedd7 chore(deps): bump the all group with 2 updates (#848)
• cfdc19b chore(deps): bump actions/setup-go from 5 to 6 in the all group (#842)
• Additional commits viewable in compare view

Updates github.com/charmbracelet/bubbletea from 1.3.5 to 1.3.10

Release notes

Sourced from github.com/charmbracelet/bubbletea's releases.

v1.3.10

Changelog

Bug fixes

• 9edf69c677c7353eca5fae6d3ea3986af39717b7: fix: handle setWindowTitleMsg and windowSizeMsg in eventLoop (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v1.3.9

Changelog

New Features

• 314b50c7b452fd737d28582ae9d27c04ea725001: feat: properly call nested sequenceMsg and batchMsg (@​wolfmagnate)

Bug fixes

• 9e0e8f0df1c55044ed04bd17f4b460e01e94dc9c: fix: recover from nested panics in Sequence and Batch commands (@​aymanbagabas)

Other work

• 6e1282a76358cb680de9d4de7520f9f99c9e2903: add example for the nested Sequence and Batch (@​wolfmagnate)
• 0290af4a499ee6a3e22822cebe1e74fdeac313be: simplify case for BatchMsg (@​wolfmagnate)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, Discord, Slack, The Fediverse.

v1.3.8

Changelog

Bug fixes

• 21eecd586367fd0cd78da6842c48f9c4b1185b6f: fix: send batch commands to cmds channel instead of executing them in event loop (#1473) (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, Discord, Slack, The Fediverse.

v1.3.7

Changelog

Bug fixes

• 28ab4f41b29fef14d900c46a4873a45891a9ee9b: fix(renderer): properly reset cursor position to start of line (#1472) (@​aymanbagabas)
• c76509a9d4974207cd66255707d14f4f938f7f52: fix: compact sequences like batches (#958) (@​jdhenke)
• f5da8d068af74764b271a197de54e2bc2bfedb38: fix: handle nested SequenceMsg in event loop and use sync.WaitGroup f… (#1463) (@​aymanbagabas)
• 80ea844a7650c84e13958de14cdd4f63ac1775aa: fix: lint issues in key_windows.go and tty_windows.go (@​aymanbagabas)

Documentation updates

• c3136ed49037a096fe05c6cb16f0a14a38e20c58: docs(license): update copyright date range (@​meowgorithm)
• 919805f8f0d134af7e3569b0054c13b561976dfa: docs(readme): update footer art (@​meowgorithm)
• f01583bb899e125c7a26d3b870eff585ec0f4816: docs: show the correct branch in the build badge (@​aymanbagabas)

Other work

... (truncated)

Commits

• 9edf69c fix: handle setWindowTitleMsg and windowSizeMsg in eventLoop
• 31c0299 chore(deps): bump github.com/lucasb-eyer/go-colorful (#1496)
• ffa0502 Merge pull request #848 from wolfmagnate/fix-nested-cmd-order
• 9e0e8f0 fix: recover from nested panics in Sequence and Batch commands
• 0966c3a Merge branch 'main' into fix-nested-cmd-order
• 21eecd5 fix: send batch commands to cmds channel instead of executing them in event l...
• 9aae1f0 chore(examples): go mod tidy
• 41f3995 chore(deps): bump golang.org/x/sys in the all group (#1492)
• 3da2d28 chore(deps): bump actions/setup-go from 5 to 6 in the all group (#1491)
• 28ab4f4 fix(renderer): properly reset cursor position to start of line (#1472)
• Additional commits viewable in compare view

Updates github.com/charmbracelet/glamour from 0.8.0 to 1.0.0

Release notes

Sourced from github.com/charmbracelet/glamour's releases.

v0.10.0

Actually readable tables

Big tables that included links were always hard to read. Links can be very long, and tables often have limited space to render them. This means that links often took the space of many lines and weren't properly clickable because they were being truncated in practice.

Starting on this release, Glamour will render links and images at the footer of the table, with a reference number so you can easily find the link you're looking for. If you want the old behavior, it is still supported via the new WithInlineTableLinks option.

The New Way

The Old Way

Wanna render tables with inline links? You still can:

r, err := glamour.NewTermRenderer(glamour.WithInlineTableLinks(true))
if err != nil { /*...*/ }
out, err := r.RenderBytes(in)
if err != nil { /.../ }
fmt.Fprintf(os.Stdout, "%s\n", out)

Prettier GitHub links

We also introduced a change so that GitHub links inside tables that reference issues, discussions or PRs will be shown in its shortened form, similar to how GitHub itself present the links on issue descriptions: owner/repo#123.

Extra

Also, we introduced WithTableWrap, so you can disable table text wrapping if really want:

r, err := glamour.NewTermRenderer(glamour.WithTableWrap(false))
if err != nil { ... }
out, err := r.RenderBytes(in)
if err != nil { ... }
fmt.Fprintf(os.Stdout, "%s\n", out)

Changelog

New Features

... (truncated)

Commits

• 69661fd chore(deps): bump actions/checkout from 5 to 6 in the all group (#491)
• 0af1a2d chore(deps): bump the all group with 2 updates (#482)
• a9ec019 chore(deps): bump github.com/charmbracelet/x/ansi in the all group (#477)
• 7a4cf0c ci: sync dependabot config (#476)
• 49c8248 chore(deps): bump the all group with 2 updates (#472)
• c1ce505 chore(deps): bump actions/setup-go from 5 to 6 in the all group (#471)
• f9c650c ci: sync dependabot config (#470)
• e3c481b chore(deps): bump actions/checkout from 4 to 5 (#469)
• 7209389 chore(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 (#468)
• f447e14 chore(deps): bump github.com/charmbracelet/x/ansi from 0.9.3 to 0.10.1 (#467)
• Additional commits viewable in compare view

Updates github.com/getsops/sops/v3 from 3.12.1 to 3.12.2

Release notes

Sourced from github.com/getsops/sops/v3's releases.

v3.12.2

Installation

To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release.

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.linux.amd64
Move the binary in to your PATH
mv sops-v3.12.2.linux.amd64 /usr/local/bin/sops
Make the binary executable
chmod +x /usr/local/bin/sops

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.checksums.txt
curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.checksums.pem
curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.checksums.sig
Verify the checksums file
cosign verify-blob sops-v3.12.2.checksums.txt 
--certificate sops-v3.12.2.checksums.pem 
--signature sops-v3.12.2.checksums.sig 
--certificate-identity-regexp=https://github.com/getsops 
--certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:

# Verify the binary using the checksums file
sha256sum -c sops-v3.12.2.checksums.txt --ignore-missing

Verify artifact provenance

The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.12.2.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:

</tr></table> 

... (truncated)

Changelog

Sourced from github.com/getsops/sops/v3's changelog.

3.12.2

Improvements:

• Dependency updates (#2085, #2087, #2089, #2095).

Bugfixes:

• GCP: Revert the fix introduced in 3.12.0 that sets quota project to API project in GCP KMS. This change unintentionally resulted in requiring more permissions for GCP users. The original issue will be addressed in another way in a future release (#2099).
• Ensure to delete temporary file and directory when editing in more situations, like when user presses Ctrl+C or SOPS receives a SIGTERM (#2104).
• Fix message that you need to enter (and not any key) after SOPS rejects an edited file (#2098).
• Reject files with sops keys when editing files (#2098).
• Fix handling of --mac-only-encrypted option in subcommands (#2100).

Project changes:

• CI dependency updates (#2084, #2091, #2101, #2106).
• Rust dependency updates for functional tests (#2090, #2105).
• Improve CI workflows (#2081).

Commits

• 4f2cc16 Merge pull request #2109 from felixfontein/release-3.12.2
• 5058042 Set version to 3.12.2.
• aa873eb Add 3.12.2 changelog entry.
• a594056 Merge pull request #2099 from felixfontein/gcp
• c8f175b Revert "Merge pull request #1697 from onjen/fix-1142"
• c48a98a Merge pull request #2105 from getsops/dependabot/cargo/functional-tests/rust-...
• f3cd56e build(deps): Bump tempfile in /functional-tests in the rust group
• 226e7f9 Merge pull request #2106 from getsops/dependabot/github_actions/ci-fed48c53ac
• 60c75fb build(deps): Bump the ci group with 4 updates
• 4009484 Merge pull request #2104 from felixfontein/ctrl-c
• Additional commits viewable in compare view

Updates github.com/gruntwork-io/boilerplate from 0.10.1 to 0.12.1

Release notes

Sourced from github.com/gruntwork-io/boilerplate's releases.

v0.12.1

What's Changed

• fix: re-export CustomValidationRule and expose validation arguments by @​josh-padnick in gruntwork-io/boilerplate#281

Full Changelog: gruntwork-io/boilerplate@v0.12.0...v0.12.1

v0.12.0

🛠️ Breaking Changes

Default variables no longer prompt for values by default in interactive mode

Variables with default values no longer prompt users for interactive input unless using the new confirm attribute.

variables:
  - name: AppName
    type: string
    default: "my-app"
    confirm: true  # User will be prompted, with "my-app" as the default

name: ContainerName
type: string
default: "container"
No confirm — silently uses the computed default

This ensures that dynamically determined values for variables won't cause errors during interactive generation and reduces the number of prompts users encounter while generating from a template interactively.

Validation length uses functional form now

The length validation now uses the functional form length(min, max) instead of the previous length-min-max form.

All validations with parameters will use this functional form going forward.

✨ New Features

New validation type regex(pattern) supported.

The validation type regex(pattern) is now supported to validate variable values against regex patterns.

e.g.

- name: SlugName
  type: string
  description: URL-friendly project slug
  validations:
    - required
    - length(3, 30)
</tr></table> 

... (truncated)

Commits

• d8414a9 re-export CustomValidationRule and expose validation arguments (#281)
• 9018fba feat: Avoiding prompt for defaults in non-interactive mode unless users ask f...
• 3366216 feat: Adding WASM build target (#277)
• af9f718 Add boilerplate docs site (#273)
• bac2bff Add regex(pattern) validation type (#272)
• f5c2300 fix: use per-sub-test output folders in TestExamplesShell to eliminate race c...
• dd646cb chore: update to Go 1.26 (#271)
• 6c211a7 Upgrade deploy and test_signing resource clases to m4 (#265)
• 1a85224 Upgrade dependencies (#263)
• 05d1508 fix: address gocritic hugeParam and rangeValCopy lint errors (#261)
• Additional commits viewable in compare view

Updates github.com/hashicorp/terraform-svchost from 0.2.0 to 0.2.1

Release notes

Sourced from github.com/hashicorp/terraform-svchost's releases.

v0.2.1

Features:

• disco now uses retryablehttp to retry the service discovery request up to 4 times (3 retries) over 15 seconds

Commits

• 1299e69 Merge pull request #118 from hashicorp/TF-34005-terraform-svchost-host-discov...
• cce3edb Fix data race in test
• facd314 replace hedged http transport with retryablehttp
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/dynamodb from 1.56.1 to 1.56.2

Commits

• 5a96470 Release 2024-12-19
• 653aa80 Regenerated Clients
• d02b239 Update endpoints model
• 698d709 Update API model
• 885de40 Fix improper use of Printf-style functions (#2934)
• 858298a Release 2024-12-18
• f58264a Regenerated Clients
• df31082 Update endpoints model
• 346690e Update API model
• 4515454 Release 2024-12-17
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/iam from 1.53.4 to 1.53.6

Commits

• 8fac7d4 Release 2025-01-15
• 9eff8ac Regenerated Clients
• f47aa72 Update endpoints model
• 5934dd3 Update API model
• 6636822 feat: flexible checksum updates (#2808)
• 4ffbb7c Release 2025-01-14
• 2f70ff4 Regenerated Clients
• 434159f Update endpoints model
• a80fac9 Update API model
• 44e779a fix several waiter issues (#2953)
• Additional commits viewable in compare view

Updates github.com/charmbracelet/x/term from 0.2.1 to 0.2.2

Commits

• d941777 feat(ansi): add cursor and mouse pointer shape sequences
• 57c5431 chore(deps): update bubbletea to v0.27 (#161)
• 2c0e84d chore(term): go mod tidy
• 61a8baf feat(input): update kitty keyboard flag name
• See full diff in compare view

Updates github.com/testcontainers/testcontainers-go from 0.40.0 to 0.41.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.41.0

What's Changed

🚀 Features

• feat: add TiDB module (#3575) @​iyiola-dev
• feat: add Forgejo module (#3556) @​s04
• feat: improve container conflict detection (#3574) @​Desuuuu
• feat(azure): add lowkey vault container (#3542) @​nagyesta
• feat(chroma): update to chroma 1.x (#3552) @​tazarov
• feat(cassandra): add ssl option cassandra (#3151) @​MitulShah1

🐛 Bug Fixes

• fix(redpanda): closing provider in test after use (#3539) @​mabrarov
• fix: docker auth for docker.io images (#3482) @​LaurentGoderre
• fix(solace): set ulimits for container (#3497) @​mdelapenya
• fix(kafka): strip architecture suffix from Kafka image tags for semver parsing (#3276) @​asahasrabuddhe

📖 Documentation

• docs(metrics): automate usage metrics collection and publish it in the docs site (#3495) @​mdelapenya

🧹 Housekeeping

• chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#3560) @dependabot[bot]
• chore(pulsar): bump base image to 4.x, replacing the wait for log strategy with wait for listening port (deterministic) (#3573) @​mdelapenya
• chore(deps): bump github.com/modelcontextprotocol/go-sdk from 1.0.0 to 1.3.1 in /modules/dockermcpgateway (#3557) @dependabot[bot]
• chore: update usage metrics (2026-03-02) (#3565) @github-actions[bot]
• chore(deps): bump mkdocs-include-markdown-plugin from 7.2.0 to 7.2.1 (#3547) @dependabot[bot]
• chore(deps): bump tj-actions/changed-files from 47.0.0 to 47.0.1 (#3546) @dependabot[bot]
• chore(deps): bump actions/upload-artifact from 4.6.2 to 6.0.0 (#3545) @dependabot[bot]
• chore: update usage metrics (2026-02-02) (#3551) @github-actions[bot]
• chore(deps): bump pymdown-extensions from 10.8.1 to 10.16.1 (#3513) @dependabot[bot]
• chore: update usage metrics (2026-01-01) (#3515) @github-actions[bot]
• chore: update usage metrics (2025-12-01) (#3506) @github-actions[bot]
• chore(metrics): allow sending PRs from the workflow (#3503) @​mdelapenya
• fix(metrics): use the right CSV file (#3502) @​mdelapenya
• fix(metrics): use the right CSV file (#3501) @​mdelapenya
• chore(metrics): even better rate limit strategy (#3500) @​mdelapenya
• chore(metrics): properly detect rate limits (#3499) @​mdelapenya
• fix(metrics): set GH _TOKEN in workflow (#3498) @​mdelapenya

📦 Dependency updates

• fix: update compose-replace Makefile target to use compose/v5 (#3590) @​mdelapenya
• chore(deps): bump atomicjar/testcontainers-cloud-setup-action from 1.3.0 to 1.4.0 (#3559) @dependabot[bot]
• chore(deps): bump golang.org/x/text from 0.14.0 to 0.34.0 in /modulegen (#3582) @dependabot[bot]
• chore(deps): bump mkdocs-codeinclude-plugin from 0.2.1 to 0.3.1 (#3579) @dependabot[bot]
• chore(deps): bump golang.org/x/mod from 0.16.0 to 0.33.0 in /modulegen (#3583) @dependabot[bot]
• chore(deps): bump github.com/aerospike/aerospike-client-go/v8 from 8.2.0 to 8.6.0 in /modules/aerospike (#3584) @dependabot[bot]

... (truncated)

Commits

• 2ea97c8 chore: use new version (v0.41.0) in modules and examples
• 9a663f7 fix: update compose-replace Makefile target to use compose/v5 (#3590)
• 10481c2 chore(deps): bump atomicjar/testcontainers-cloud-setup-action (#3559)
• bdb12dd chore(deps): bump golang.org/x/text from 0.14.0 to 0.34.0 in /modulegen (#3582)
• 5bd7f07 chore(deps): bump mkdocs-codeinclude-plugin from 0.2.1 to 0.3.1 (#3579)
• c9ccfc5 chore(deps): bump golang.org/x/mod from 0.16.0 to 0.33.0 in /modulegen (#3583)
• 21ec740 chore(deps): bump github.com/aerospike/aerospike-client-go/v8 from 8.2.0 to 8...
• fb47b82 chore(deps): bump golang.org/x/mod in /modules/localstack (#3587)
• 6686e31 chore(deps): bump golang.org/x/mod in /modules/elasticsearch (#3585)
• 0656548 chore(deps): bump golang.org/x/mod in /modules/redpanda (#3588)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
terragrunt-docs	Ready	Preview, Comment	Mar 18, 2026 9:39pm

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.