fix(deps): bump the go-minor group across 2 directories with 7 updates

[dependabot]

Bumps the go-minor group with 5 updates in the /apps/cli-go directory:

Package	From	To
github.com/fsnotify/fsnotify	1.9.0	1.10.1
github.com/getsentry/sentry-go	0.44.1	0.46.2
github.com/google/jsonschema-go	0.4.2	0.4.3
github.com/posthog/posthog-go	1.11.2	1.13.0
golang.org/x/mod	0.35.0	0.36.0

Bumps the go-minor group with 3 updates in the /apps/cli-go/pkg directory: golang.org/x/mod, google.golang.org/grpc and github.com/oapi-codegen/runtime.

Updates github.com/fsnotify/fsnotify from 1.9.0 to 1.10.1

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.10.1

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#754)

• inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

v1.10.0

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.10.1 2026-05-04

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#754)

• inotify, windows: don't rename sibling watches sharing a path prefix (#755)

#754: fsnotify/fsnotify#754 #755: fsnotify/fsnotify#755

1.10.0 2026-04-30

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Commits

• 76b01a6 Release 1.10.1
• fec150b Update changelog
• 162b421 inotify, windows: don't rename sibling watches sharing a path prefix (#755)
• 224257f inotify: don't remove sibling watches sharing a path prefix (#754)
• e0c956c windows: document directory Write events and stabilize tests (#745)
• 8d01d7b Release 1.10.0
• 602284e Update changelog
• 7f03e59 kqueue: skip ENOENT entries in watchDirectoryFiles (#748)
• dab9dde windows: lock watch field updates against concurrent WatchList (#709) (#749)
• eadf267 kqueue: drop watches directly in Close() instead of going through remove() (#...
• Additional commits viewable in compare view

Updates github.com/getsentry/sentry-go from 0.44.1 to 0.46.2

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.46.2

Bug Fixes 🐛

• Add attachments to new event path by @​giortzisg in #1295

0.46.1

Bug Fixes 🐛

• Correctly capture request body for fasthttp and fiber by @​giortzisg in #1284
• (http) Avoid async transport shutdown panics by @​giortzisg in #1288
• (httpclient) Clone request before adding trace headers by @​giortzisg in #1290
• (scope) Use scoped client for request PII by @​giortzisg in #1289
• Safe concurrent access for span and scope by @​giortzisg in #1285

0.46.0

Breaking Changes 🛠

• Remove SetExtra by @​giortzisg in #1274
• Update compatibility policy to align with Go, supporting only the last two major Go versions by @​giortzisg in #1264
• Drop support for Go 1.24 by @​giortzisg in #1264

New Features ✨

• Add internal_sdk_error client report on serialization fail by @​giortzisg in #1273
• Add grpc integration support by @​ribice in #938
• Re-enable Telemetry Processor by default. To disable the behavior use the DisableTelemetryBuffer flag by @​giortzisg in #1254
• Simplify client DSN storage to internal/protocol.Dsn and make it safe to access by @​giortzisg in #1254

Internal Changes 🔧

Deps

• Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo by @​dependabot in #1253
• Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /crosstest by @​dependabot in #1272
• Bump golangci-lint action from 2.1.1 to 2.11.4 by @​giortzisg in #1265
• Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /otel by @​dependabot in #1256
• Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.40.0 to 1.43.0 in /otel/otlp by @​dependabot in #1255

Other

• Improve ci by @​giortzisg in #1271
• Add crosstest package by @​giortzisg in #1269
• Add sentrytest package by @​giortzisg in #1267

0.45.1

Bug Fixes 🐛

• Add missing TracesSampler fields for SamplingContext by @​giortzisg in #1259

0.45.0

... (truncated)

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.46.2

Bug Fixes 🐛

• Add attachments to new event path by @​giortzisg in #1295

0.46.1

Bug Fixes 🐛

• Correctly capture request body for fasthttp and fiber. by @​giortzisg in #1284
• (http) Avoid async transport shutdown panics by @​giortzisg in #1288
• (httpclient) Clone request before adding trace headers by @​giortzisg in #1290
• (scope) Use scoped client for request PII by @​giortzisg in #1289
• Safe concurrent access for span and scope by @​giortzisg in #1285

0.46.0

Breaking Changes 🛠

• Remove SetExtra by @​giortzisg in #1274
• Update compatibility policy to align with Go, supporting only the last two major Go versions by @​giortzisg in #1264
• Drop support for Go 1.24 by @​giortzisg in #1264

New Features ✨

• Add internal_sdk_error client report on serialization fail by @​giortzisg in #1273
• Add grpc integration support by @​ribice in #938
• Re-enable Telemetry Processor by default. To disable the behavior use the DisableTelemetryBuffer flag by @​giortzisg in #1254
• Simplify client DSN storage to internal/protocol.Dsn and make it safe to access by @​giortzisg in #1254

Internal Changes 🔧

Deps

• Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo by @​dependabot in #1253
• Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /crosstest by @​dependabot in #1272
• Bump golangci-lint action from 2.1.1 to 2.11.4 by @​giortzisg in #1265
• Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /otel by @​dependabot in #1256
• Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.40.0 to 1.43.0 in /otel/otlp by @​dependabot in #1255

Other

• Improve ci by @​giortzisg in #1271
• Add crosstest package by @​giortzisg in #1269
• Add sentrytest package by @​giortzisg in #1267

0.45.1

Bug Fixes 🐛

... (truncated)

Commits

• 1d2598e release: 0.46.2
• 57175c6 fix: flaky attachment test (#1296)
• 8d21468 fix: add attachments to new event path (#1295)
• e4bcedd Merge branch 'release/0.46.1'
• e972183 release: 0.46.1
• 6b9885c fix(http): avoid async transport shutdown panics (#1288)
• 79947a7 fix: safe concurrent access for span and scope (#1285)
• c8ea578 fix(scope): use scoped client for request PII (#1289)
• 0bb583e fix(httpclient): clone request before adding trace headers (#1290)
• bd20df0 fix(fasthttp,fiber): correctly capture request body on scope (#1284)
• Additional commits viewable in compare view

Updates github.com/google/jsonschema-go from 0.4.2 to 0.4.3

Release notes

Sourced from github.com/google/jsonschema-go's releases.

v0.4.3

What's Changed

• improve anyOf errors by @​jba in google/jsonschema-go#61
• fix: infer - support map with non-string key type by @​rafaeljusto in google/jsonschema-go#70

Full Changelog: google/jsonschema-go@v0.4.2...0.4.3

v0.4.3

What's Changed

• improve anyOf errors by @​jba in google/jsonschema-go#61
• fix: infer - support map with non-string key type by @​rafaeljusto in google/jsonschema-go#70

Full Changelog: google/jsonschema-go@v0.4.2...v0.4.3

Commits

• 8c4ab4f fix: infer - support map with non-string key type (#70)
• 8bd5742 improve anyOf errors (#61)
• See full diff in compare view

Updates github.com/posthog/posthog-go from 1.11.2 to 1.13.0

Release notes

Sourced from github.com/posthog/posthog-go's releases.

1.13.0

Unreleased

1.12.6

Unreleased

1.12.5

Unreleased

1.12.4 - 2026-04-30

• Full Changelog

1.12.3 - 2026-04-21

• Full Changelog

1.12.2 - 2026-04-20

• Full Changelog

v1.12.1

1.12.1 - 2026-04-20

• Full Changelog

v1.12.0

1.12.0 - 2026-04-20

• Full Changelog

v1.11.3

1.11.3 - 2026-04-14

• Full Changelog

• Added locally_evaluated property to $feature_flag_called events, indicating whether the flag was evaluated locally or via the remote /flags endpoint.

Changelog

Sourced from github.com/posthog/posthog-go's changelog.

1.13.0

Minor Changes

• dec8ade: Add opt-in panic capture for request context middleware.
• dec8ade: Add server-side request context helpers for net/http capture and exception events, plus EvaluateFlagsWithContext for using request-scoped distinct IDs during flag evaluation. Request-context flag evaluation does not generate personless IDs.

1.12.6

Patch Changes

• 9289d53: Reject semver values with leading zeros in local flag evaluation. Per semver 2.0.0 §2, numeric identifiers must not include leading zeros — values like 1.07.3 are not valid semver and should not match targeting conditions. Both override values and flag values are now validated; invalid inputs surface an InconclusiveMatchError so the condition does not match.

1.12.5

Patch Changes

• 6d243a6: Return ErrSDKDisabled from no-op clients when the project API key is missing, return ErrNoPersonalAPIKey before making requests for Personal API key dependent methods when no Personal API key is configured, and return ErrNoDistinctID from EvaluateFlags when distinct_id is missing.

New Features

• EvaluateFlags: New method on Client that returns a FeatureFlagEvaluations snapshot for a user using a single /flags request. The snapshot powers any number of IsEnabled / GetFlag / GetFlagPayload checks, fires deduped $feature_flag_called events with full v4 metadata (id, version, reason, request_id), and can be attached to a Capture event via the new Capture.Flags field to populate $feature/<key> and $active_feature_flags without another network call.
• Capture.Flags: New optional field on Capture that accepts a *FeatureFlagEvaluations snapshot. Takes precedence over SendFeatureFlags, avoids a hidden /flags request per event, and lets caller-supplied Properties override the auto-generated $feature/<key> values on conflict.

Internal

• Refactored the $feature_flag_called dedup logic into a shared helper so the existing single-flag path and the new snapshot path use identical semantics against the same per-distinct_id LRU cache.
• $feature_flag_called events from the snapshot path combine response-level errors (errors_while_computing_flags, quota_limited) with per-flag errors (flag_missing) comma-joined in $feature_flag_error, matching the granularity of the legacy single-flag path.

1.12.4 - 2026-04-30

• Full Changelog

1.12.3 - 2026-04-21

• Full Changelog

1.12.2 - 2026-04-20

• Full Changelog

1.12.1 - 2026-04-20

• Full Changelog

1.12.0 - 2026-04-20

• Full Changelog

1.11.3 - 2026-04-14

... (truncated)

Commits

• 9dbb061 chore: release v1.13.0 [version bump] [skip ci]
• dec8ade feat: add server-side request context (#201)
• 89147f5 chore(ci): bump pinned posthog-sdk-test-harness SHA (#204)
• 9978655 chore(ci): bump pinned PostHog/.github reusable workflow SHA (#203)
• a99dc57 chore: release v1.12.6 [version bump] [skip ci]
• 9289d53 fix: reject leading-zero semver values in local evaluation (#200)
• 4caaa1e chore: pin github actions to commit shas (#202)
• 22195ff chore: release v1.12.5 [version bump] [skip ci]
• 6d243a6 fix: revert d2c4dd2 (#199)
• d2c4dd2 chore: release v1.12.4 [version bump] [skip ci]
• Additional commits viewable in compare view

Updates golang.org/x/mod from 0.35.0 to 0.36.0

Commits

• 643da9b go.mod: update golang.org/x dependencies
• ccc3cdf zip: include 'but content has correct sum' note in TestVCS
• ab30318 zip: update zip hashes for new flate compression
• See full diff in compare view

Updates golang.org/x/mod from 0.34.0 to 0.36.0

Commits

• 643da9b go.mod: update golang.org/x dependencies
• ccc3cdf zip: include 'but content has correct sum' note in TestVCS
• ab30318 zip: update zip hashes for new flate compression
• See full diff in compare view

Updates google.golang.org/grpc from 1.80.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

• xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)
  • Special Thanks: @​al4an444

Bug Fixes

• otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)

Release 1.81.0

Behavior Changes

• balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

• Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

• xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
• transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
• xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

• grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
• xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
• xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
• xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
• stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
• mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)
  • Special Thanks: @​ash2k

Performance Improvements

• alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
• transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Commits

• caf0772 Change version from 1.81.1-dev to 1.81.1 (#9122)
• 6ccbeeb Cherry-pick #9111 into v1.81.x (#9121)
• b33c29e Cherry-pick #9081 into v1.81.x (#9102)
• c45fae6 Change version to 1.81.1-dev (#9063)
• cb18228 Change version to 1.81.0 (#9062)
• 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
• 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
• 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
• af8a936 deps: update dependencies for all modules (#9065)
• cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
• Additional commits viewable in compare view

Updates github.com/oapi-codegen/runtime from 1.3.1 to 1.4.1

Release notes

Sourced from github.com/oapi-codegen/runtime's releases.

Bug fixes

This is a bug fix release.

Changes in v1.4.0, coupled with changes in v2.7.0 of oapi-codegen exposed some new problems. deepObject style marshaling behavior now supports encoding unicode. UTF-8 can't be directly included in parameters, so we need to % escape it.

Form binding now detects maps, which makes binding to a Nullable possible. We can't use generics around Nullable[T], so we handle maps generically, assuming they're a Nullable with its behavior assumptions.

🐛 Bug fixes

• Fix form binding of Nullables (#133) @​mromaszewicz
• Percent-encode deepObject parameter wire output (#132) @​mromaszewicz

📦 Dependency updates

• chore(deps): update oapi-codegen/actions action to v0.7.0 (#127) @renovate[bot]
• chore(deps): update github/codeql-action action to v4 (#107) @renovate[bot]
• fix(deps): update module github.com/kataras/iris/v12 to v12.2.11 (#11) @renovate[bot]
• chore(deps): update release-drafter/release-drafter action to v7.2.0 (#122) @renovate[bot]

Sponsors

We would like to thank our sponsors for their support during this release.

Parameter handling improvements and fixes

This release fixes some missing edge cases in parameter binding and styling. We now handle all the permutations of style and explode, for the first time. Lots of tests have been added to catch regressions.

🚀 New features and improvements

• Improve deepobject unmarshalling to support nullable.Nullable and encode.TextUnmarshaler (#45) @​j-waters
• feat: support spaceDelimited and pipeDelimited query parameter binding (#117) @​mromaszewicz

🐛 Bug fixes

• Fix form/explode=false incorrectly splitting primitive string values on commas (#119) @​f-kanari

... (truncated)

Commits

• 2755f15 Fix form binding of Nullables (#133)
• 17de1dd Percent-encode deepObject parameter wire output (#132)
• d2b7c4c chore(deps): update oapi-codegen/actions action to v0.7.0
• 6fd6c25 chore(deps): update github/codeql-action action to v4
• 19040cc fix(deps): update module github.com/kataras/iris/v12 to v12.2.11
• e05282e chore(deps): update release-drafter/release-drafter action to v7.2.0 (#122)
• 247b459 fix(deps): update module github.com/labstack/echo/v4 to v4.15.1 (#105)
• 1d38dfa fix(deps): update module github.com/labstack/echo/v5 to v5.1.0 (#120)
• be9ed17 chore(deps): update release-drafter/release-drafter action to v7 (#113)
• 77570f9 Fix form/explode=false incorrectly splitting primitive string values on comma...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coveralls]

Coverage Report for CI Build 26873590575

Warning

Build has drifted: This PR's base is out of sync with its target branch, so coverage data may include unrelated changes.
Quick fix: rebase this PR. Learn more →

Warning

No base build found for commit fac40cf on develop.
Coverage changes can't be calculated without a base build.
If a base build is processing, this comment will update automatically when it completes.

Coverage: 63.906%

Details

• Patch coverage: No coverable lines changed in this PR.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

Requires a base build to compare against. How to fix this →

---

Coverage Stats

Relevant Lines:	15792
Covered Lines:	10092
Line Coverage:	63.91%
Coverage Strength:	7.08 hits per line

---

💛 - Coveralls