Bump the all-go-deps group across 1 directory with 7 updates

[dependabot]

Bumps the all-go-deps group with 6 updates in the / directory:

Package	From	To
cloud.google.com/go/storage	1.42.0	1.62.1
github.com/lib/pq	1.10.9	1.12.3
github.com/sirupsen/logrus	1.9.3	1.9.4
github.com/spf13/cobra	1.7.0	1.10.2
github.com/spf13/viper	1.17.0	1.21.0
github.com/stellar/go-stellar-sdk	0.0.0-20260325174035-031e5bfdc4bd	0.5.0

Updates cloud.google.com/go/storage from 1.42.0 to 1.62.1

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.62.1

v1.62.1 (2026-04-13)

Changelog

Sourced from cloud.google.com/go/storage's changelog.

Changes

1.46.0 (2026-04-13)

1.45.0 (2026-04-09)

1.44.0 (2026-04-02)

1.43.0 (2026-03-23)

Features

• Add a field for upgrading previous processor version when fine tuning (790bab5)

Commits

• f4b10ee chore: librarian release pull request: 20260413T041034Z (#14421)
• dc245af feat(storage): add client feature tracking support (#14320)
• cfdd7ba chore(.github/CODEOWNERS): Add AION SDK as code owners for the auth library (...
• e2d578c test(datastore): skip flaky tests due to datastore contention (#14416)
• 56e1a62 chore: librarian release pull request: 20260409T222456Z (#14413)
• 5ca653a chore: regenerate libraries using protobuf 31, and update generation check wo...
• b4c40aa chore(all): update module go.opentelemetry.io/otel/sdk to v1.43.0 [SECURITY] ...
• eb896d0 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /comp...
• 26c0341 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /cont...
• 8a7febc feat(firestore): Implement Search pipeline stage and related expressions (#14...
• Additional commits viewable in compare view

Updates github.com/lib/pq from 1.10.9 to 1.12.3

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.3

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.3 (2026-04-03)

• Send datestyle startup parameter, improving compatbility with database engines that use a different default datestyle such as EnterpriseDB (#1312).

#1312: lib/pq#1312

v1.12.2 (2026-04-02)

• Treat io.ErrUnexpectedEOF as driver.ErrBadConn so database/sql discards the connection. Since v1.12.0 this could result in permanently broken connections, especially with CockroachDB which frequently sends partial messages (#1299).

#1299: lib/pq#1299

v1.12.1 (2026-03-30)

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0 (2026-03-18)

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

... (truncated)

Commits

• 1f3e3d9 Send datestyle as a startup parameter (#1312)
• 32ba56b Expand tests for multiple result sets
• c2cfac1 Release v1.12.2
• 859f104 Test CockroachDB
• 12e464c Allow multiple matches and regexps in pqtest.ErrorContains()
• 6d77ced Treat io.ErrUnexpectedEOF as driver.ErrBadConn in handleError
• 71daecb Ensure transactions are closed in pqtest
• 8f44823 Set PGAPPNAME for tests
• 4af2196 Fix healthcheck
• 38a54e4 Split out testdata/init a bit
• Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Changelog

Sourced from github.com/sirupsen/logrus's changelog.

1.9.4

Fixes:

• Remove uses of deprecated ioutil package

Features:

• Add GNU/Hurd support
• Add WASI wasip1 support

Code quality:

• Update minimum supported Go version to 1.17
• Documentation updates

Commits

• b61f268 Merge pull request #1472 from goldlinker/master
• 15c29db refactor: replace the deprecated function in the ioutil package
• cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
• 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
• d916819 Merge pull request #1427 from dolmen/fix-testify-usage
• 135e482 README: small touch-ups
• 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
• 877ecec README: remove travis badge
• 55cf256 Merge pull request #1393 from jsoref/grammar
• 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.7.0 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

v1.10.1

🐛 Fix

• chore: upgrade pflags v1.0.9 by @​jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

• Bump pflag to 1.0.8 by @​tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

• If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
• or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

... (truncated)

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• 7da941c chore: Bump pflag to v1.0.9 (#2305)
• 51d6751 Bump pflag to 1.0.8 (#2303)
• 3f3b818 Update README.md with new logo
• dcaf42e Add Periscope to the list of projects using Cobra (#2299)
• Additional commits viewable in compare view

Updates github.com/spf13/pflag from 1.0.5 to 1.0.9

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.9

What's Changed

• fix: Restore ParseErrorsWhitelist name for now by @​tomasaschan in spf13/pflag#446

Full Changelog: spf13/pflag@v1.0.8...v1.0.9

v1.0.8

⚠️ Breaking Change

This version, while only a patch bump, includes a (very minor) breaking change: the flag.ParseErrorsWhitelist struct and corresponding FlagSet.parseErrorsWhitelist field have been renamed to ParseErrorsAllowlist.

This should result in compilation errors in any code that uses these fields, which can be fixed by adjusting the names at call sites. There is no change in semantics or behavior of the struct or field referred to by these names. If your code compiles without errors after bumping to/past v1.0.8, you are not affected by this change.

The breaking change was reverted in v1.0.9, by means of re-introducing the old names with deprecation warnings. The plan is still to remove them in a future release, so if your code does depend on the old names, please change them to use the new names at your earliest convenience.

What's Changed

• Remove Redundant "Unknown-Flag" Error by @​vaguecoder in spf13/pflag#364
• Switching from whitelist to Allowlist terminology by @​dubrie in spf13/pflag#261
• Omit zero time.Time default from usage line by @​mologie in spf13/pflag#438
• implement CopyToGoFlagSet by @​pohly in spf13/pflag#330
• flag: Emulate stdlib behavior and do not print ErrHelp by @​tmc in spf13/pflag#407
• Print Default Values of String-to-String in Sorted Order by @​vaguecoder in spf13/pflag#365
• fix: Don't print ErrHelp in ParseAll by @​tomasaschan in spf13/pflag#443
• Reset args on re-parse even if empty by @​tomasaschan in spf13/pflag#444

New Contributors

• @​vaguecoder made their first contribution in spf13/pflag#364
• @​dubrie made their first contribution in spf13/pflag#261
• @​mologie made their first contribution in spf13/pflag#438
• @​pohly made their first contribution in spf13/pflag#330
• @​tmc made their first contribution in spf13/pflag#407
• @​tomasaschan made their first contribution in spf13/pflag#443

Full Changelog: spf13/pflag@v1.0.7...v1.0.8

v1.0.7

What's Changed

• Fix defaultIsZeroValue check for generic Value types by @​MidnightRocket in spf13/pflag#422
• feat: Use structs for errors returned by pflag. by @​eth-p in spf13/pflag#425
• Fix typos by @​co63oc in spf13/pflag#428
• fix #423 : Add helper function and some documentation to parse shorthand go test flags. by @​valdar in spf13/pflag#424
• add support equivalent to golang flag.TextVar(), also fixes the test failure as described in #368 by @​hujun-open in spf13/pflag#418
• add support for Func() and BoolFunc() #426 by @​LeGEC in spf13/pflag#429
• fix: correct argument length check in FlagSet.Parse by @​ShawnJeffersonWang in spf13/pflag#409
• fix usage message for func flags, fix arguments order by @​LeGEC in spf13/pflag#431
• Add support for time.Time flags by @​max-frank in spf13/pflag#348

New Contributors

• @​MidnightRocket made their first contribution in spf13/pflag#422

... (truncated)

Commits

• 1043857 Merge pull request #446 from spf13/fix-backwards-compat
• 7412009 fix: Restore ParseErrorsWhitelist name for now
• b9c16fa Merge pull request #444 from spf13/reset-args-even-if-empty
• 40abc49 Merge pull request #443 from spf13/silence-errhelp
• 1bf832c Use errors.Is instead of equality check
• d25dd24 Reset args on re-parse even if empty
• 094909d Merge pull request #365 from vaguecoder/str2str-sorted
• ccb49e5 Print Default Values of String-to-String in Sorted Order
• b55ffb6 fix: Don't print ErrHelp in ParseAll
• 7c651d1 Merge pull request #407 from tmc/fix-errhelp
• Additional commits viewable in compare view

Updates github.com/spf13/viper from 1.17.0 to 1.21.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.21.0

What's Changed

Enhancements 🚀

• Add support for flags pflag.BoolSlice, pflag.UintSlice and pflag.Float64Slice by @​nmvalera in spf13/viper#2015
• feat: use maintained yaml library by @​sagikazarmark in spf13/viper#2040

Bug Fixes 🐛

• fix(config): get config type from v.configType or config file ext by @​GuillaumeBAECHLER in spf13/viper#2003
• fix: config type check when loading any config by @​sagikazarmark in spf13/viper#2007

Dependency Updates ⬆️

• Update dependencies by @​sagikazarmark in spf13/viper#1993
• build(deps): bump github.com/spf13/cast from 1.7.1 to 1.8.0 by @​dependabot[bot] in spf13/viper#2017
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 by @​dependabot[bot] in spf13/viper#2013
• build(deps): bump github.com/sagikazarmark/locafero from 0.8.0 to 0.9.0 by @​dependabot[bot] in spf13/viper#2008
• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /remote by @​dependabot[bot] in spf13/viper#2016
• build(deps): bump github.com/spf13/cast from 1.8.0 to 1.9.2 by @​dependabot[bot] in spf13/viper#2020
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @​dependabot[bot] in spf13/viper#2028
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @​dependabot[bot] in spf13/viper#2035
• build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @​dependabot[bot] in spf13/viper#2036
• build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 by @​dependabot[bot] in spf13/viper#2012
• build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @​dependabot[bot] in spf13/viper#2052
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /remote by @​dependabot[bot] in spf13/viper#2048
• build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 by @​dependabot[bot] in spf13/viper#2056
• chore: update dependencies by @​sagikazarmark in spf13/viper#2057

Other Changes

• Update update guide with mapstructure package replacement. by @​aldas in spf13/viper#2004
• refactor: use the built-in max/min to simplify the code by @​yingshanghuangqiao in spf13/viper#2029

New Contributors

• @​GuillaumeBAECHLER made their first contribution in spf13/viper#2003
• @​aldas made their first contribution in spf13/viper#2004
• @​nmvalera made their first contribution in spf13/viper#2015
• @​yingshanghuangqiao made their first contribution in spf13/viper#2029
• @​ccoVeille made their first contribution in spf13/viper#2046
• @​spacez320 made their first contribution in spf13/viper#2050

Full Changelog: spf13/viper@v1.20.0...v1.21.0

v1.20.1

What's Changed

Bug Fixes 🐛

• Backport config type fixes to 1.20.x by @​sagikazarmark in spf13/viper#2005

Full Changelog: spf13/viper@v1.20.0...v1.20.1

v1.20.0

... (truncated)

Commits

• 394040c ci: build on go 1.25
• 812f548 chore: update dependencies
• d5271ef ci: update stale workflow
• dff303b feat: add a stale issue scheduled action
• 1287976 build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10
• 38932cd build(deps): bump github.com/go-viper/mapstructure/v2 in /remote
• 6d014be build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
• b74c7ee build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0
• acd05e1 fix: linting issues
• ae5a8e2 ci: upgrade golangci-lint
• Additional commits viewable in compare view

Updates github.com/stellar/go-stellar-sdk from 0.0.0-20260325174035-031e5bfdc4bd to 0.5.0

Release notes

Sourced from github.com/stellar/go-stellar-sdk's releases.

v0.5.0

What's Changed

• Fix VerifyEvents to handle amounts exceeding int64 range by @​karthikiyer56 in stellar/go-stellar-sdk#5932

Full Changelog: stellar/go-stellar-sdk@v0.4.0...v0.5.0

v0.4.0

Add Support for Protocol 26

What's Changed

• support/datastore: Fix ListFilePath for datastore bucket with no prefix by @​urvisavla in stellar/go-stellar-sdk#5923
• Merge protocol-next (P26) back to main by @​urvisavla in stellar/go-stellar-sdk#5930

Full Changelog: stellar/go-stellar-sdk@v0.3.0...v0.4.0

v0.3.0

What's Changed

• xdr: add SafeUnmarshalBase64WithOptions and regenerate by @​tamirms in stellar/go-stellar-sdk#5916
• historyarchive: add size bound to GetPathHAS to prevent resource exhaustion by @​tamirms in stellar/go-stellar-sdk#5918
• Update changelog for v0.3.0 release by @​urvisavla in stellar/go-stellar-sdk#5920

Full Changelog: stellar/go-stellar-sdk@v0.2.0...v0.3.0

v0.2.0

Breaking Changes

• Replaced SetExpectedHash/Close hash validation pattern with explicit ValidateHash method; Close now only releases resources. Added SetMaxRecordSize to configure per-record allocation limit (default 64MB) (#5900)

Security Fixes

• Fixed InputLen() guard bypass in streaming XDR decoders (#5905)
• strkey: Fixed panic on invalid payload length in DecodeSignedPayload (#5909)
• keypair: Fixed panic on invalid payload length in ParseAddress (#5908)

New Features

• rpcclient: Added PollTransaction with exponential backoff (#5876)
• support/datastore: Added filesystem datastore support (#5892)

Full Changelog: stellar/go-stellar-sdk@v0.1.0...v0.2.0

v0.1.0

v0.1.0

Inaugural release of restructured SDK. This is first release of the newly restructured GO SDK. It is a single Go module providing multiple platform SDK's and utility packages such as:

• horizonclient
• txnbuild

... (truncated)

Commits

• See full diff in compare view

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/​stellar/​go-stellar-sdk@​v0.0.0-20260325174035-031e5bfdc4bd ⏵ v0.5.0	+1
	cloud.google.com/​go/​storage@​v1.42.0 ⏵ v1.62.1	-5
	github.com/​lib/​pq@​v1.10.9 ⏵ v1.12.3
	github.com/​spf13/​cobra@​v1.7.0 ⏵ v1.10.2	-1
	github.com/​spf13/​pflag@​v1.0.5 ⏵ v1.0.10
	github.com/​sirupsen/​logrus@​v1.9.3 ⏵ v1.9.4	+1
	github.com/​spf13/​viper@​v1.17.0 ⏵ v1.21.0	+2

View full report

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml