build(deps): Bump the go group across 1 directory with 20 updates

[dependabot]

Bumps the go group with 11 updates in the / directory:

Package	From	To
cloud.google.com/go/storage	1.60.0	1.61.3
github.com/ProtonMail/go-crypto	1.3.0	1.4.1
github.com/aws/aws-sdk-go-v2	1.41.1	1.41.5
github.com/aws/aws-sdk-go-v2/config	1.32.9	1.32.13
github.com/aws/aws-sdk-go-v2/feature/s3/manager	1.22.2	1.22.10
github.com/aws/aws-sdk-go-v2/service/kms	1.50.0	1.50.4
github.com/fatih/color	1.18.0	1.19.0
github.com/hashicorp/vault/api	1.22.0	1.23.0
github.com/huaweicloud/huaweicloud-sdk-go-v3	0.1.187	0.1.190
github.com/lib/pq	1.11.2	1.12.0
golang.org/x/crypto	0.48.0	0.49.0

Updates cloud.google.com/go/storage from 1.60.0 to 1.61.3

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.61.3

v1.61.3 (2026-03-13)

Documentation

• Fix godoc formatting (#14169) (428b2288)

storage: v1.61.2

v1.61.2 (2026-03-12)

storage: v1.61.1

v1.61.1 (2026-03-11)

storage: v1.61.0

v1.61.0 (2026-03-10)

Features

• add bucket encryption enforcement configuration (#13874) (245c8d76)

• add multistream options to MRD (#13758) (4557675e)

• add a DeleteFolderRecursive API definition (PiperOrigin-RevId: 866471251) (6f310199)

• add multistream support to MRD (#13792) (ffa7268c)

Bug Fixes

• Fix TM download dir corner case (#14142) (87cdcc9f)

• Omit auto checksum in final request when MD5 is given (#14024) (d4047774)

• optimize gRPC writer with zero-copy and lazy allocation (#13481) (df641476)

Commits

• 35cd86a chore: librarian release pull request: 20260313T045834Z (#14170)
• 428b228 docs(storage): Fix godoc formatting (#14169)
• e56381c feat(vertexai): Support AgentEngine for Agent Development Kit (#14168)
• d38abf9 feat(auth): add OpenTelemetry gRPC and HTTP wrappers for T4 tracing (#14133)
• 9f56e9f chore: librarian release pull request: 20260312T071057Z (#14164)
• 2dc8c9f chore: librarian release pull request: 20260312T041544Z (#14162)
• aeffa93 feat(pubsub/v2): add keep alive support (#13457)
• bb64998 feat(bigtable): add load balancing penalty for channel (#14149)
• 704a21f Revert "Revert "chore: librarian release pull request: 20260311T074420Z"" (#1...
• b1b0586 Revert "chore: librarian release pull request: 20260311T074420Z" (#14157)
• Additional commits viewable in compare view

Updates github.com/ProtonMail/go-crypto from 1.3.0 to 1.4.1

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

Release v1.4.1

What's Changed

• Properly handle ECC keys with invalid points in ProtonMail/go-crypto#304

Full Changelog: ProtonMail/go-crypto@v1.4.0...v1.4.1

Release v1.4.1-proton

This release is v1.4.1 with support for the following non-standardized features:

• Presistent symmetric keys experimental + latest draft draft-ietf-openpgp-persistent-symmetric-keys-00
• Automatic forwarding draft-wussler-openpgp-forwarding-00
• Post-quantum algorithms draft-ietf-openpgp-pqc (Updated to draft-ietf-openpgp-pqc-09)

Release v1.4.0

What's Changed

• Ignore leading and trailing whitespaces in the armor body in ProtonMail/go-crypto#288
• Update key_generation.go, rename variables to avoid shadowing in ProtonMail/go-crypto#290
• Add InsecureGenerateNonCriticalKeyFlags option to generate non-critical key flags signature subpackets in ProtonMail/go-crypto#291
• Add InsecureGenerateNonCriticalSignatureCreationTime option to generate non-critical signature creation time subpackets in ProtonMail/go-crypto#292
• Bump dependencies and min go version to 1.23 in ProtonMail/go-crypto#294
• ECDHv4: Error on low-order x25519 public key curve points in ProtonMail/go-crypto#299
• Cleartext: Only allow valid hashes in header in ProtonMail/go-crypto#298

Full Changelog: ProtonMail/go-crypto@v1.3.0...v1.4.0

Release v1.4.0-proton

This release is v1.4.0 with support for the following non-standardized features:

• Presistent symmetric keys experimental + latest draft draft-ietf-openpgp-persistent-symmetric-keys-00
• Automatic forwarding draft-wussler-openpgp-forwarding-00
• Post-quantum algorithms draft-ietf-openpgp-pqc (Updated to draft-ietf-openpgp-pqc-09)

Commits

• 2e73b11 Properly handle ECC keys with invalid points (#304)
• a8cc4f0 Merge pull request #298 from ProtonMail/feat/cleartext-hash-header
• 57f891b Merge branch 'main' into feat/cleartext-hash-header
• da5c190 Merge pull request #299 from ProtonMail/fix/ecdh-low-order-curve-points
• 3cc59b0 Merge branch 'main' into feat/cleartext-hash-header
• b11bd23 fix(ecdh): Do not allow low order public key points
• b6bdd12 Merge pull request #294 from ProtonMail/chore/bump-go-and-circl
• b1ff3d5 Bump crypto dependencies and min go version to 1.23
• cfb2af9 fix(cleartext): Check hashes in headers
• de87788 Add InsecureGenerateNonCriticalSignatureCreationTime option to generate non-c...
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.41.1 to 1.41.5

Commits

• 90650dd Release 2026-03-26
• dd88818 Regenerated Clients
• b662c50 Update endpoints model
• 500a9cb Update API model
• 6221102 fix stale skew and delayed skew healing (#3359)
• 0a39373 fix order of generated event header handlers (#3361)
• 098f389 Only generate resolveAccountID when it's required (#3360)
• 6ebab66 Release 2026-03-25
• b2ec3be Regenerated Clients
• abc126f Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.9 to 1.32.13

Commits

• 90650dd Release 2026-03-26
• dd88818 Regenerated Clients
• b662c50 Update endpoints model
• 500a9cb Update API model
• 6221102 fix stale skew and delayed skew healing (#3359)
• 0a39373 fix order of generated event header handlers (#3361)
• 098f389 Only generate resolveAccountID when it's required (#3360)
• 6ebab66 Release 2026-03-25
• b2ec3be Regenerated Clients
• abc126f Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.9 to 1.19.13

Commits

• 90650dd Release 2026-03-26
• dd88818 Regenerated Clients
• b662c50 Update endpoints model
• 500a9cb Update API model
• 6221102 fix stale skew and delayed skew healing (#3359)
• 0a39373 fix order of generated event header handlers (#3361)
• 098f389 Only generate resolveAccountID when it's required (#3360)
• 6ebab66 Release 2026-03-25
• b2ec3be Regenerated Clients
• abc126f Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.22.2 to 1.22.10

Commits

• d872461 Release 2024-06-07
• dd82156 Regenerated Clients
• 85ebac0 Update endpoints model
• 490e6cb Update API model
• 4892b05 Merge pull request #2668 from aws/feature-clock-skew
• 8bdbe6a Merge branch 'main' into feature-clock-skew
• c4f8ba3 run goimports
• 2474a05 update snapshot tests
• 9fa716b regen clients
• 6d365fb address feedback from pr, mostly moving things around
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/kms from 1.50.0 to 1.50.4

Commits

• 8abec4c Release 2024-05-23
• 70e7095 Regenerated Clients
• 0b2a340 Update partitions file
• c1eb2d9 Update endpoints model
• 4c990d1 Update API model
• c6c1626 s3: handle unrecognized values for Expires in responses (#2653)
• 8209abb Release 2024-05-22
• 81ad168 Regenerated Clients
• 5c92ae7 Update endpoints model
• 6eeecd9 Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.96.0 to 1.97.3

Commits

• 90650dd Release 2026-03-26
• dd88818 Regenerated Clients
• b662c50 Update endpoints model
• 500a9cb Update API model
• 6221102 fix stale skew and delayed skew healing (#3359)
• 0a39373 fix order of generated event header handlers (#3361)
• 098f389 Only generate resolveAccountID when it's required (#3360)
• 6ebab66 Release 2026-03-25
• b2ec3be Regenerated Clients
• abc126f Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sts from 1.41.6 to 1.41.10

Commits

• 728f21f Release 2024-05-16
• 3dbd5ca Regenerated Clients
• c87adfd Update endpoints model
• e209d02 Update API model
• ef4a9a0 internal: capture user-agent in metrics (#2644)
• c964dbd Release 2024-05-15
• ce84395 Regenerated Clients
• 8de9119 Update API model
• 05fcf66 internal: true up internal metrics collection for post-SRA middleware (#2642)
• 1148427 reformat signer/v4 package doc (#2640)
• Additional commits viewable in compare view

Updates github.com/fatih/color from 1.18.0 to 1.19.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.19.0

What's Changed

• Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @​dependabot[bot] in fatih/color#246
• Fix for issue #230 set/unsetwriter symmetric wrt color support detection by @​ataypamart in fatih/color#243
• chore: go mod cleanup by @​sashamelentyev in fatih/color#244
• Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @​dependabot[bot] in fatih/color#249
• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot[bot] in fatih/color#248
• Update CI and go deps by @​fatih in fatih/color#254
• Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @​dependabot[bot] in fatih/color#268
• fix: include escape codes in byte counts from Fprint, Fprintf by @​qualidafial in fatih/color#282
• Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @​dependabot[bot] in fatih/color#277
• fix: add nil check for os.Stdout to prevent panic on Windows services by @​majiayu000 in fatih/color#275
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @​dependabot[bot] in fatih/color#259
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in fatih/color#273
• Optimize Color.Equals performance (O(n²) → O(n)) by @​UnSubble in fatih/color#269
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in fatih/color#266

New Contributors

• @​ataypamart made their first contribution in fatih/color#243
• @​sashamelentyev made their first contribution in fatih/color#244
• @​qualidafial made their first contribution in fatih/color#282
• @​majiayu000 made their first contribution in fatih/color#275
• @​UnSubble made their first contribution in fatih/color#269

Full Changelog: fatih/color@v1.18.0...v1.19.0

Commits

• ca25f6e Merge pull request #266 from fatih/dependabot/github_actions/actions/setup-go-6
• 1205984 Bump actions/setup-go from 5 to 6
• 5715c20 Merge pull request #269 from UnSubble/main
• 2f6e200 Merge branch 'main' into main
• f72ec94 Merge pull request #273 from fatih/dependabot/github_actions/actions/checkout-6
• 848e633 Merge branch 'main' into main
• 4c2cd34 Add tests
• 7f812f0 Bump actions/checkout from 4 to 6
• b7fc9f9 Merge pull request #259 from fatih/dependabot/github_actions/dominikh/staticc...
• 239a88f Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0
• Additional commits viewable in compare view

Updates github.com/hashicorp/vault/api from 1.22.0 to 1.23.0

Commits

• d430306 Merge remote-tracking branch 'remotes/from/ce/main'
• a3bc0a3 (enos): Add LDAP secrets engine blackbox tests to Plugin Scenario (#13072) (#...
• f8df539 Merge remote-tracking branch 'remotes/from/ce/main'
• 2b0ec25 VAULT-43444 Addressed races in tests (#13278) (#13285)
• a097d1f Merge remote-tracking branch 'remotes/from/ce/main'
• 7e587fd Update vault-plugin-auth-kubernetes to v0.24.1 (#13259) (#13287)
• 1331818 UI: Fix namespace search showing empty state when namespaces exist (#13257) (...
• 7b12feb Merge remote-tracking branch 'remotes/from/ce/main'
• 7d4395c Update vault-plugin-auth-jwt to v0.26.1 (#13242) (#13283)
• 6d4b615 adds flag to fix chrome in ci (#13279) (#13282)
• Additional commits viewable in compare view

Updates github.com/huaweicloud/huaweicloud-sdk-go-v3 from 0.1.187 to 0.1.190

Release notes

Sourced from github.com/huaweicloud/huaweicloud-sdk-go-v3's releases.

v0.1.190

Release 0.1.190

v0.1.189

Release 0.1.189

v0.1.188

Release 0.1.188

Changelog

Sourced from github.com/huaweicloud/huaweicloud-sdk-go-v3's changelog.

0.1.190 2026-03-26

HuaweiCloud SDK CDN

• API Version
  • V2
• Features
  • None
• Bug Fix
  • None
• Change
  • ShowDomainLocationStats
    • changes of request param
      • + ip_version

HuaweiCloud SDK CloudDC

• API Version
  • V1
• Features
  • None
• Bug Fix
  • None
• Change
  • ShowServer
    • changes of response param
      • + frozen_state
      • - manage_state: enum value [frozen]
      • - power_state: enum value [powering-on,rebooting,powering-off]
  • ListServers
    • changes of request param
      • + manage_state: enum value [frozen]
    • changes of response param
      • + frozen_state
      • + servers.frozen_state
      • - servers.manage_state: enum value [frozen]
      • - servers.power_state: enum value [powering-on,rebooting,powering-off]
  • ShowServerStatus
    • changes of response param
      • + server_manage_state

HuaweiCloud SDK Cloudtest

• API Version
  • V1
• Features
  • Support the API BatchAddCaseResultInTask
• Bug Fix
  • None
• Change

... (truncated)

Commits

• 981ca7f release 0.1.190 source code
• 26011b7 release 0.1.189 source code
• 1cd70eb Merge pull request #103 from mabcd-9527/master
• 5872009 Update and rename go-download.yml to verify-download.yml
• a401a4f Refactor Go download workflow for version handling
• e4390f5 release 0.1.188 source code
• d503fc8 Update release trigger types in Go download workflow
• 65d8277 Update go-download.yml
• 7dd42ac Update workflow to trigger on release events
• af0e3c4 Change tag retrieval method in go-download.yml
• Additional commits viewable in compare view

Updates github.com/lib/pq from 1.11.2 to 1.12.0

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.0

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

  pqErr := pq.As(err, pqerror.UniqueViolation)
  if pqErr != nil {
      log.Fatalf("email %q already exsts", email)
  }
  

Fixes

• Fix SSL key permission check to allow modes stricter than 0600/0640 (#1265).

• Fix Hstore to work with binary parameters (#1278).

• Clearer error when starting a new query while pq is still processing another query (#1272).

• Send intermediate CAs with client certificates, so they can be signed by an intermediate CA (#1267).

• Use time.UTC for UTC aliases such as Etc/UTC (#1283).

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.0 (2026-03-18)

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/master/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

  pqErr := pq.As(err, pqerror.UniqueViolation)
  if pqErr != nil {
      log.Fatalf("email %q already exsts", email)
  }
  

Fixes

• Fix SSL key permission check to allow modes stricter than 0600/06400600 (#1265).

• Fix Hstore to work with binary parameters (#1278).

... (truncated)

Commits

• 42ab0ff Change default sslmode from "require" to "prefer"
• 6d40f13 Release v1.12.0
• 386fc0e Document NULL behaviour with COPY
• a62682e Better staticcheck cache 2
• 87ee06c Better staticcheck cache
• 0962458 Rewrite tests to use pqerror, pq.As()
• 0d20981 Don't move pq.Error to pqerror.Error
• 4332138 Add pqerror package
• 620d6d5 Make tests run faster
• dc8ff5d Implement connection service file
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.49.0

Commits

• 982eaa6 go.mod: update golang.org/x dependencies
• 159944f ssh,acme: clean up tautological/impossible nil conditions
• a408498 acme: only require prompt if server has terms of service
• cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
• 2f26647 x509roots/fallback: update bundle
• See full diff in compare view

Updates golang.org/x/net from 0.50.0 to 0.51.0

Commits

• 60b3f6f internal/http3: prevent Server handler from writing longer body than declared
• b0ca456 internal/http3: fix Write in Server Handler returning the wrong value
• 1558ba7 publicsuffix: update to 2026-02-06
• 4e1c745 internal/http3: make Server response include headers that can be inferred
• 19f580f http2: fix nil panic in typeFrameParser for unassigned frame types
• 818aad7 internal/http3: add server to client trailer header support
• c1bbe1a internal/http3: add client to server trailer header support
• 29181b8 all: remove go1.25 and older build constraints
• 8109305 all: upgrade go directive to at least 1.25.0 [generated]
• 0b37bdf quic: don't run TestStreamsCreateConcurrency in synctest bubble
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits

• 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/sys from 0.41.0 to 0.42.0

Commits

• eaaaaee windows/registry: correct KeyInfo.ModTime calculation
• 942780b cpu: darwin/arm64 feature detection
• acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
• 3687fbd cpu: better defaults on darwin ARM64
• 48062e9 plan9: change Note to alias syscall.Note
• 4f23f80 windows: change Signal to alias syscall.Signal
• 7548802 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/term from 0.40.0 to 0.41.0

Commits

• 9d2dc07 go.mod: update golang.org/x dependencies
• d954e03 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates google.golang.org/api from 0.267.0 to 0.271.0

Release notes

Sourced from google.golang.org/api's releases.

v0.271.0

0.271.0 (2026-03-10)

Features

• all: Auto-regenerate discovery clients (#3532) (ccff5b3)

v0.270.0

0.270.0 (2026-03-08)

Features

• all: Auto-regenerate discovery clients (#3515) (44db8ef)
• all: Auto-regenerate discovery clients (#3518) (b3dc663)
• all: Auto-regenerate discovery clients (#3519) (01c06b9)
• all: Auto-regenerate discovery clients (#3520) (7ed0454)
• all: Auto-regenerate discovery clients (#3521) (d11f54e)
• all: Auto-regenerate discovery clients (#3523) (ce39b40)
• all: Auto-regenerate discovery clients (#3525) (15b140d)
• all: Auto-regenerate discovery clients (#3526) (1b18158)
• all: Auto-regenerate discovery clients (#3527) (a932a45)
• all: Auto-regenerate discovery clients (#3528) (f6ede69)
• all: Auto-regenerate discovery clients (#3529) (b73e4fb)
• option/internaloption: Add more option introspection (#3524) (ac5da8f)
• option/internaloption: Unsafe option resolver (#3514) (b263cee)

v0.269.0

0.269.0 (2026-02-24)

Features

• all: Auto-regenerate discovery clients (#3512) (7565f1c)

Bug Fixes

• generator: Handle preview version pkg name (#3511) (2a249ce)

v0.268.0

0.268.0 (2026-02-23)

Features

• all: Auto-regenerate discovery clients (#3502) (5ccf9b9)
• all: Auto-regenerate discovery clients (#3505) (f405df9)
• all: Auto-regenerate discovery clients (#3506) (cda923a)

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.271.0 (2026-03-10)

Features

• all: Auto-regenerate discovery clients (#3532) (ccff5b3)

0.270.0 (2026-03-08)

Features

• all: Auto-regenerate discovery clients (#3515) (44db8ef)
• all: Auto-regenerate discovery clients (#3518) (b3dc663)
• all: Auto-regenerate discovery clients (#3519) (01c06b9)
• all: Auto-regenerate discovery clients (#3520) (7ed0454)
• all: Auto-regenerate discovery clients (#3521) (d11f54e)
• all: Auto-regenerate discovery clients (#3523) (ce39b40)
• all: Auto-regenerate discovery clients (#3525) (15b140d)
• all: Auto-regenerate discovery clients (#3526) (1b18158)
• all: Auto-regenerate discovery clients (#3527) (a932a45)
• all: Auto-regenerate discovery clients (#3528) (f6ede69)
• all: Auto-regenerate discovery clients (

[felixfontein]

Same problem as #2118 (review).

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.