build(deps): bump the low-risk group across 1 directory with 6 updates

[dependabot]

Bumps the low-risk group with 6 updates in the / directory:

Package	From	To
github.com/Azure/azure-sdk-for-go/sdk/azcore	1.18.2	1.19.0
github.com/aws/aws-sdk-go-v2	1.38.0	1.38.3
github.com/aws/aws-sdk-go-v2/config	1.31.0	1.31.6
github.com/aws/aws-sdk-go-v2/service/secretsmanager	1.38.0	1.39.2
github.com/aws/aws-sdk-go-v2/service/ssm	1.63.0	1.64.2
github.com/spf13/cobra	1.9.1	1.10.1

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.18.2 to 1.19.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.19.0

1.19.0 (2025-08-21)

Features Added

• Added runtime.APIVersionLocationPath to be set by clients that set the API version in the path.

Commits

• f087199 Prep azcore v1.19.0 for release (#25133)
• 80c4d51 Sync eng/common directory with azure-sdk-tools for PR 11745 (#25122)
• 4956bdd Upgrade emitter and TypeSpec packages to latest versions (#25126)
• 7ce33a1 Sync eng/common directory with azure-sdk-tools for PR 11741 (#25121)
• a3684d1 Configurations: 'specification/impact/Impact.Management/tspconfig.yaml', API...
• 51f157b Sync eng/common directory with azure-sdk-tools for PR 11726 (#25097)
• cb9ef37 Increment package version after release of storage/azqueue (#24971)
• 2b7f1d6 [Release] sdk/resourcemanager/containerservicefleet/armcontainerservicefleet/...
• 519e8ab typespec merged stay on main (#25094)
• ee07fa9 Sync eng/common directory with azure-sdk-tools for PR 11559 (#25092)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2 from 1.38.0 to 1.38.3

Commits

• 640b808 Release 2025-08-29
• 657a6e8 Regenerated Clients
• 34a91bb Update partitions file
• 09f5a9c Update endpoints model
• fff96ca Update API model
• d46f566 deprecate service/sms (#3176)
• de16d4d Release 2025-08-28
• d6b83a8 Regenerated Clients
• b0f9cb7 Update API model
• 8225491 Release 2025-08-27
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.31.0 to 1.31.6

Commits

• 640b808 Release 2025-08-29
• 657a6e8 Regenerated Clients
• 34a91bb Update partitions file
• 09f5a9c Update endpoints model
• fff96ca Update API model
• d46f566 deprecate service/sms (#3176)
• de16d4d Release 2025-08-28
• d6b83a8 Regenerated Clients
• b0f9cb7 Update API model
• 8225491 Release 2025-08-27
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/secretsmanager from 1.38.0 to 1.39.2

Commits

• 640b808 Release 2025-08-29
• 657a6e8 Regenerated Clients
• 34a91bb Update partitions file
• 09f5a9c Update endpoints model
• fff96ca Update API model
• d46f566 deprecate service/sms (#3176)
• de16d4d Release 2025-08-28
• d6b83a8 Regenerated Clients
• b0f9cb7 Update API model
• 8225491 Release 2025-08-27
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ssm from 1.63.0 to 1.64.2

Commits

• bada512 Release 2025-04-03
• 1862687 Regenerated Clients
• 662996c Update partitions file
• beec308 Update endpoints model
• 4c943b6 Update API model
• a667c23 Release 2025-04-02
• a03cebc Regenerated Clients
• 59c4c08 Update endpoints model
• 2206d1d Update API model
• 8c422c5 Release 2025-04-01
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.9.1 to 1.10.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.1

🐛 Fix

• chore: upgrade pflags v1.0.9 by @​jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

• Bump pflag to 1.0.8 by @​tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

• If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
• or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

More details can be found here: spf13/cobra#2303

✨ Features

• Flow context to command in SetHelpFunc by @​Frassle in spf13/cobra#2241
• The default ShellCompDirective can be customized for a command and its subcommands by @​albers in spf13/cobra#2238

🐛 Fix

• Upgrade golangci-lint to v2, address findings by @​scop in spf13/cobra#2279

🪠 Testing

• Test with Go 1.24 by @​harryzcy in spf13/cobra#2236
• chore: Rm GitHub Action PR size labeler by @​jpmcb in spf13/cobra#2256

📝 Docs

• Remove traling curlybrace by @​yedayak in spf13/cobra#2237
• Update command.go by @​styee in spf13/cobra#2248
• feat: Add security policy by @​jpmcb in spf13/cobra#2253
• Update Readme (Warp) by @​ericdachen in spf13/cobra#2267
• Add Periscope to the list of projects using Cobra by @​anishathalye in spf13/cobra#2299

New Contributors

• @​harryzcy made their first contribution in spf13/cobra#2236
• @​yedayak made their first contribution in spf13/cobra#2237
• @​Frassle made their first contribution in spf13/cobra#2241

... (truncated)

Commits

• 7da941c chore: Bump pflag to v1.0.9 (#2305)
• 51d6751 Bump pflag to 1.0.8 (#2303)
• 3f3b818 Update README.md with new logo
• dcaf42e Add Periscope to the list of projects using Cobra (#2299)
• 6dec1ae The default ShellCompDirective can be customized for a command and its subcom...
• c8289c1 chore(golangci-lint): add some exclusion presets
• 4af7b64 refactor: apply golangci-lint autofixes, work around false positives
• 75790e4 chore(golangci-lint): upgrade to v2
• db3ddb5 Adding sponsorship to README.md
• 67171d6 putting sponsorship below header
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Assignees

The following users could not be added as assignees: elvenspellmaker. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.