chore(deps): bump the minor-and-patch group across 1 directory with 9 updates

[dependabot]

Bumps the minor-and-patch group with 7 updates in the / directory:

Package	From	To
github.com/go-webauthn/webauthn	0.15.0	0.16.4
github.com/testcontainers/testcontainers-go/modules/postgres	0.40.0	0.42.0
go.mongodb.org/mongo-driver/v2	2.5.0	2.5.1
golang.org/x/oauth2	0.35.0	0.36.0
github.com/xraph/dispatch	1.4.0	1.5.0
github.com/xraph/ledger	1.4.0	1.5.0
github.com/xraph/vault	1.4.0	1.4.1

Updates github.com/go-webauthn/webauthn from 0.15.0 to 0.16.4

Release notes

Sourced from github.com/go-webauthn/webauthn's releases.

v0.16.4

v0.16.4 (2026-04-10)

This release just updates dependencies.

v0.16.3

v0.16.3 (2026-04-05)

Bug Fixes

• webauthncose: replace elliptic (#635) (3b8a663)

Features

• metadata: update metadata authenticator statuses (#641) (95d28bc)
• webauthncose: add dilithium cose types (#636) (4106b24)

v0.16.2

v0.16.2 (2026-04-02)

Bug Fixes

• top origins always fails (#626) (514306b)
• webauthn: credential flags not fully updated (#629) (a4b68c8)
• webauthn: nil panic on discovery (#631) (3545ead)

Features

• webauthn: messagepack encoding (#621) (bf8fe28)

v0.16.1

v0.16.1 (2026-03-12)

Bug Fixes

• webauthncose: validate keys earlier (#615) (18ca901)

v0.16.0

0.16.0 (2026-03-01)

Bug Fixes

• webauthn: empty top origins not allowed (#562) (fe3b74c), closes #537
• webauthn: session expiration not enforced (#561) (f5adbbf), closes #552

... (truncated)

Changelog

Sourced from github.com/go-webauthn/webauthn's changelog.

0.16.3 (2026-04-05)

Bug Fixes

• webauthncose: replace elliptic (#635) (3b8a663)

Features

• metadata: update metadata authenticator statuses (#641) (95d28bc)
• webauthncose: add dilithium cose types (#636) (4106b24)

0.16.2 (2026-03-30)

Bug Fixes

• top origins always fails (#626) (514306b)
• webauthn: credential flags not fully updated (#629) (a4b68c8)
• webauthn: nil panic on discovery (#631) (3545ead)

Features

• webauthn: messagepack encoding (#621) (bf8fe28)

0.16.1 (2026-03-12)

Bug Fixes

• webauthncose: validate keys earlier (#615) (18ca901)

0.16.0 (2026-03-01)

Bug Fixes

• webauthn: empty top origins not allowed (#562) (fe3b74c), closes #537
• webauthn: session expiration not enforced (#561) (f5adbbf), closes #552

Features

• protocol: compound attestation statements (#571) (cc4e649)
• protocol: enhance rpid validation (#564) (7610304), closes #553
• protocol: signals structs (#574) (f75a34a)
• webauthncose: allow ber integers in ecdsa sigs (#593) (68db4d4), closes #408
• webauthn: return explicit error on unknown credential (#560) (1defb4a), closes #550

Commits

• 64e5752 build(deps): update module github.com/go-webauthn/x to v0.2.3 (#651)
• 596a6ea build(deps): update step-security/harden-runner action to v2.17.0 (#650)
• e47dd77 build(deps): update dependency go to v1.26.2 (#649)
• 7359b13 docs(metadata): document all mds fields (#648)
• de7db31 test(protocol): add remaining test vectors (#645)
• a1c438f docs: add changelog (#646)
• 9dbfee2 docs(webauthn): enhance credential docs (#644)
• 504410e docs(protocol): enhance parse docs (#643)
• 2118701 docs: fix examples (#642)
• 95d28bc feat(metadata): update metadata authenticator statuses (#641)
• Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go/modules/postgres from 0.40.0 to 0.42.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go/modules/postgres's releases.

v0.42.0

What's Changed

⚠️ Breaking Changes

• chore!: migrate to moby modules (#3591) @​thaJeztah

🔒 Security

• chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah

🐛 Bug Fixes

• fix: return an error when docker host cannot be retrieved (#3613) @​ash2k

🧹 Housekeeping

• chore: gitignore Gas Town agent artifacts (#3633) @​mdelapenya
• fix(usage-metrics): include last release in the legend pop over (#3630) @​mdelapenya
• chore: update usage metrics (2026-04) (#3621) @github-actions[bot]
• fix(usage-metrics): order of actions matters (#3623) @​mdelapenya
• fix(usage-metrics): reduce rate-limit cascade errors (#3622) @​mdelapenya
• fix(usage-metrics): replace the per-version inline retry with a multi-pass approach (#3620) @​mdelapenya

📦 Dependency updates

• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.28.0 to 1.43.0 in /modules/grafana-lgtm (#3639) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 in /modules/compose (#3641) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in /modules/compose (#3645) @dependabot[bot]
• chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626) @dependabot[bot]
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.2 to 1.97.3 in /modules/localstack (#3638) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.41.0 to 1.43.0 in /modules/grafana-lgtm (#3643) @dependabot[bot]
• chore(deps): bump go.opentelemetry.io/otel/sdk from 1.41.0 to 1.43.0 in /modules/milvus (#3644) @dependabot[bot]
• chore: update to Go 1.25.9, 1.26.9 (#3647) @​thaJeztah
• chore(deps): bump bump github.com/klauspost/compress v1.18.5, github.com/docker/compose v5.1.2 (#3646) @​thaJeztah
• chore(deps): bump moby/client v0.4.0, moby/api v1.54.1 (#3634) @​thaJeztah
• chore(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 (#3629) @dependabot[bot]
• chore(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 (#3628) @dependabot[bot]
• chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.2 to 4.26.3 (#3627) @dependabot[bot]
• fix(localstack): accept community-archive as a valid tag (#3601) @​johnduhart
• chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /modules/gcloud (#3632) @dependabot[bot]
• chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#3625) @dependabot[bot]
• chore(deps): bump pygments from 2.19.2 to 2.20.0 (#3615) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/milvus (#3612) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/etcd (#3611) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/ollama (#3610) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/pinecone (#3609) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.67.0 to 1.79.3 in /modules/couchbase (#3608) @dependabot[bot]
• chore(deps): bump requests from 2.32.4 to 2.33.0 (#3604) @dependabot[bot]
• chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /modules/meilisearch (#3607) @dependabot[bot]
• chore(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.1 in /modules/compose (#3605) @dependabot[bot]

... (truncated)

Commits

• 6e58418 chore: use new version (v0.42.0) in modules and examples
• f713dc0 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
• 300827a chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetr...
• 7a15ac1 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
• 5bae3d2 fix: return an error when docker host cannot be retrieved (#3613)
• fc19484 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.1 to 7.2.2 (#3626)
• 95bdc0c chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 (#3638)
• 75aa226 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...
• 2f59938 chore(deps): bump go.opentelemetry.io/otel/sdk in /modules/milvus (#3644)
• 580abf6 chore: update to Go 1.25.9, 1.26.9 (#3647)
• Additional commits viewable in compare view

Updates go.mongodb.org/mongo-driver/v2 from 2.5.0 to 2.5.1

Release notes

Sourced from go.mongodb.org/mongo-driver/v2's releases.

MongoDB Go Driver 2.5.1

The MongoDB Go Driver Team is pleased to release version 2.5.1 of the official MongoDB Go Driver.

Release Highlights

This release fixes two BSON unmarshaling edge cases.

What's Changed

🐛 Fixed

• GODRIVER-3768 Check unmatched type in Unmarshal(). by @​qingyang-hu in mongodb/mongo-go-driver#2318
• GODRIVER-3809 Fix *streamingByteSrc.readSlice(). by @​qingyang-hu in mongodb/mongo-go-driver#2326

Full Changelog: mongodb/mongo-go-driver@v2.5.0...v2.5.1

For a full list of tickets included in this release, please see the list of fixed issues.

Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!

Commits

• 4782a98 BUMP v2.5.1
• 908a3ef Merge release/2.4 into release/2.5 (#2356)
• b2db9b5 Remove spaces from config.yml
• b1a4757 Merge branch 'release/2.5' into merge-release/2.4-into-release/2.5-1775787864909
• 65d61d4 GODRIVER-3854 Remove "backport pr" Evergreen task. (#2355)
• 09f572d Merge branch 'release/2.4' into release/2.5
• e9c841f BUMP v2.4.3
• fcfea70 GODRIVER-3809 Fix *streamingByteSrc.readSlice(). (#2326)
• 889822d GODRIVER-3768 Check unmatched type in Unmarshal(). (#2318)
• 484ea44 Merge branch 'release/1.17' into release/2.5
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.50.0

Commits

• 03ca0dc go.mod: update golang.org/x dependencies
• 8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
• 81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
• 982eaa6 go.mod: update golang.org/x dependencies
• 159944f ssh,acme: clean up tautological/impossible nil conditions
• a408498 acme: only require prompt if server has terms of service
• cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
• 2f26647 x509roots/fallback: update bundle
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits

• 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

• Add spellcheck Github action to catch common spelling mistakes by @​equalsgibson in golang-jwt/jwt#458
• Add WithNotBeforeRequired parser option and add test coverage by @​equalsgibson in golang-jwt/jwt#456
• Update godoc example func to properly refer to NewWithClaims() by @​equalsgibson in golang-jwt/jwt#459
• Update github workflows by @​mfridman in golang-jwt/jwt#462
• Additional test for CustomClaims that validates unmarshalling behaviour by @​equalsgibson in golang-jwt/jwt#457
• Fix early file close in jwt cli by @​mfridman in golang-jwt/jwt#472
• Add TPM signature reference by @​salrashid123 in golang-jwt/jwt#473
• Remove misleading ParserOptions documentation in golang-jwt/jwt#484
• Save signature to Token struct after successful signing by @​EgorSheff in golang-jwt/jwt#417
• Set token.Signature in ParseUnverified by @​slickwilli in golang-jwt/jwt#414

👒 Dependencies

• Bump crate-ci/typos from 1.34.0 to 1.35.3 by @​dependabot[bot] in golang-jwt/jwt#461
• Bump crate-ci/typos from 1.35.4 to 1.36.2 by @​dependabot[bot] in golang-jwt/jwt#470
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in golang-jwt/jwt#478
• Bump crate-ci/typos from 1.36.2 to 1.39.0 by @​dependabot[bot] in golang-jwt/jwt#480
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in golang-jwt/jwt#481
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#469
• Bump crate-ci/typos from 1.39.0 to 1.40.0 by @​dependabot[bot] in golang-jwt/jwt#488
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#487
• Bump crate-ci/typos from 1.40.0 to 1.41.0 by @​dependabot[bot] in golang-jwt/jwt#490
• Bump crate-ci/typos from 1.41.0 to 1.42.1 by @​dependabot[bot] in golang-jwt/jwt#492

New Contributors

• @​equalsgibson made their first contribution in golang-jwt/jwt#458
• @​salrashid123 made their first contribution in golang-jwt/jwt#473
• @​EgorSheff made their first contribution in golang-jwt/jwt#417
• @​slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits

• 7ceae61 Add release.yml for changelog configuration
• dce8e4d Set token.Signature in ParseUnverified (#414)
• 8889e20 Save signature to Token struct after successful signing (#417)
• d237f82 ci: update github-actions schedule interval to monthly
• d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
• e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
• e6a0afa Bump actions/checkout from 5 to 6 (#487)
• 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
• 60a8669 Bump actions/setup-go from 5 to 6 (#469)
• 76f5828 Remove misleading ParserOptions documentation (#484)
• Additional commits viewable in compare view

Updates github.com/xraph/dispatch from 1.4.0 to 1.5.0

Release notes

Sourced from github.com/xraph/dispatch's releases.

v1.5.0

Changes

• refactor: enhance scheduler and worker pool with context cancellation support (6d06398)

---

Installation

go get github.com/xraph/dispatch@v1.5.0

Full Changelog: xraph/dispatch@v1.4.2...v1.5.0

v1.4.2

Changes

• refactor: update logger initialization and dashboard base path (c91b7ee)

---

Installation

go get github.com/xraph/dispatch@v1.4.2

Full Changelog: xraph/dispatch@v1.4.1...v1.4.2

v1.4.1

Changes

• chore: update grove and its drivers to v1.4.1 in go.mod and go.sum (9e6e530)

---

Installation

go get github.com/xraph/dispatch@v1.4.1

Full Changelog: xraph/dispatch@v1.4.0...v1.4.1

Commits

• 6d06398 refactor: enhance scheduler and worker pool with context cancellation support
• c91b7ee refactor: update logger initialization and dashboard base path
• 9e6e530 chore: update grove and its drivers to v1.4.1 in go.mod and go.sum
• See full diff in compare view

Updates github.com/xraph/ledger from 1.4.0 to 1.5.0

Release notes

Sourced from github.com/xraph/ledger's releases.

v1.5.0

Changes

• chore: update dependencies for forge to version 1.6.0 and grove to version 1.5.1 (85439cb)

---

Installation

go get github.com/xraph/ledger@v1.5.0

Full Changelog: xraph/ledger@v1.4.2...v1.5.0

v1.4.2

Changes

• chore: update dependencies for forge to version 1.4.5 and grove to version 1.4.3 (dc747a5)

---

Installation

go get github.com/xraph/ledger@v1.4.2

Full Changelog: xraph/ledger@v1.4.1...v1.4.2

v1.4.1

Changes

• chore: update dependencies for forge and grove to version 1.4.1 and confy to version 0.5.0 (a87d3e4)

---

Installation

go get github.com/xraph/ledger@v1.4.1

Full Changelog: xraph/ledger@v1.4.0...v1.4.1

Commits

• 85439cb chore: update dependencies for forge to version 1.6.0 and grove to version 1.5.1
• dc747a5 chore: update dependencies for forge to version 1.4.5 and grove to version 1.4.3
• a87d3e4 chore: update dependencies for forge and grove to version 1.4.1 and confy to ...
• See full diff in compare view

Updates github.com/xraph/vault from 1.4.0 to 1.4.1

Release notes

Sourced from github.com/xraph/vault's releases.

v1.4.1

Changes

• fix: update forge and grove dependencies to version 1.4.1 and confy to version 0.5.0 (d67bed7)

---

Installation

go get github.com/xraph/vault@v1.4.1

Full Changelog: xraph/vault@v1.4.0...v1.4.1

Commits

• d67bed7 fix: update forge and grove dependencies to version 1.4.1 and confy to versio...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
authsome	Ready	Preview, Comment	Apr 16, 2026 3:35pm