build(deps): bump github.com/hashicorp/cap from 0.12.0 to 0.13.0 in the go-dependencies group across 1 directory (#1771)

Bumps the go-dependencies group with 1 update in the / directory:
[github.com/hashicorp/cap](https://github.com/hashicorp/cap).

Updates `github.com/hashicorp/cap` from 0.12.0 to 0.13.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/cap/releases">github.com/hashicorp/cap's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: update CHANGELOG for 0.12.0 by <a
href="https://github.com/johanbrandhorst"><code>@​johanbrandhorst</code></a>
in <a
href="https://redirect.github.com/hashicorp/cap/pull/175">hashicorp/cap#175</a></li>
<li>[IND-4227] [COMPLIANCE] Update Copyright Headers (Batch 1 of 1) by
<a
href="https://github.com/oss-core-libraries-dashboard"><code>@​oss-core-libraries-dashboard</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/cap/pull/174">hashicorp/cap#174</a></li>
<li>fix unbounded split by <a
href="https://github.com/Ayomi-gh"><code>@​Ayomi-gh</code></a> in <a
href="https://redirect.github.com/hashicorp/cap/pull/177">hashicorp/cap#177</a></li>
<li>[VAULT-43467] saml: resolve CVE-2026-33487, GHSA-hwqm-qvj9-4jr2, and
GHSA-pcgw-qcv5-h8ch by <a
href="https://github.com/ryancragun"><code>@​ryancragun</code></a> in <a
href="https://redirect.github.com/hashicorp/cap/pull/180">hashicorp/cap#180</a></li>
<li>chore: update go-jose to address CVE-2026-34986 by <a
href="https://github.com/irenarindos"><code>@​irenarindos</code></a> in
<a
href="https://redirect.github.com/hashicorp/cap/pull/185">hashicorp/cap#185</a></li>
<li>JWT: add optional KeySetSearcher callback to Validator by <a
href="https://github.com/suraj-simha"><code>@​suraj-simha</code></a> in
<a
href="https://redirect.github.com/hashicorp/cap/pull/187">hashicorp/cap#187</a></li>
<li>chore: update CHANGELOG for 0.13.0 by <a
href="https://github.com/jimlambrt"><code>@​jimlambrt</code></a> in <a
href="https://redirect.github.com/hashicorp/cap/pull/189">hashicorp/cap#189</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/oss-core-libraries-dashboard"><code>@​oss-core-libraries-dashboard</code></a>[bot]
made their first contribution in <a
href="https://redirect.github.com/hashicorp/cap/pull/174">hashicorp/cap#174</a></li>
<li><a href="https://github.com/Ayomi-gh"><code>@​Ayomi-gh</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/cap/pull/177">hashicorp/cap#177</a></li>
<li><a
href="https://github.com/ryancragun"><code>@​ryancragun</code></a> made
their first contribution in <a
href="https://redirect.github.com/hashicorp/cap/pull/180">hashicorp/cap#180</a></li>
<li><a
href="https://github.com/irenarindos"><code>@​irenarindos</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/cap/pull/185">hashicorp/cap#185</a></li>
<li><a
href="https://github.com/suraj-simha"><code>@​suraj-simha</code></a>
made their first contribution in <a
href="https://redirect.github.com/hashicorp/cap/pull/187">hashicorp/cap#187</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/hashicorp/cap/compare/v0.12.0...v0.13.0">https://github.com/hashicorp/cap/compare/v0.12.0...v0.13.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/cap/blob/main/CHANGELOG.md">github.com/hashicorp/cap's
changelog</a>.</em></p>
<blockquote>
<h2>0.13.0</h2>
<ul>
<li>feat (jwt): add optional callback to dynamically fetch key sets in
validator ([PR <a
href="https://redirect.github.com/hashicorp/cap/issues/187">#187</a>](<a
href="https://redirect.github.com/hashicorp/cap/pull/187">hashicorp/cap#187</a>))</li>
<li>fix (saml): always validate response and assertion signatures when
signatures are present ([PR <a
href="https://redirect.github.com/hashicorp/cap/issues/180">#180</a>](<a
href="https://redirect.github.com/hashicorp/cap/pull/180">hashicorp/cap#180</a>))</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/hashicorp/cap/commit/2bc0bff05e1aececf634eba03ccf4c74c9ed4537"><code>2bc0bff</code></a>
chore: update CHANGELOG for 0.13.0 (<a
href="https://redirect.github.com/hashicorp/cap/issues/189">#189</a>)</li>
<li><a
href="https://github.com/hashicorp/cap/commit/9d4dd6dc28b40cab326ac2bcb0e22dd4108becc0"><code>9d4dd6d</code></a>
JWT: add optional KeySetSearcher callback to Validator (<a
href="https://redirect.github.com/hashicorp/cap/issues/187">#187</a>)</li>
<li><a
href="https://github.com/hashicorp/cap/commit/dfeea340b314ed435226da10e06d8c4a22513ea2"><code>dfeea34</code></a>
chore: update go-jose to address CVE-2026-34986 (<a
href="https://redirect.github.com/hashicorp/cap/issues/185">#185</a>)</li>
<li><a
href="https://github.com/hashicorp/cap/commit/2026dd0d954344274f5bff57f177e1ac1c625834"><code>2026dd0</code></a>
[VAULT-43467] saml: resolve CVE-2026-33487, GHSA-hwqm-qvj9-4jr2, and
GHSA-pcg...</li>
<li><a
href="https://github.com/hashicorp/cap/commit/666713f6d41233bf791043961984741f6fb3e8b4"><code>666713f</code></a>
fix unbounded split (<a
href="https://redirect.github.com/hashicorp/cap/issues/177">#177</a>)</li>
<li><a
href="https://github.com/hashicorp/cap/commit/b78ca4079ba6906784a99744a63c20760c2a9072"><code>b78ca40</code></a>
[COMPLIANCE] Update Copyright and License Headers (Batch 1 of 1) (<a
href="https://redirect.github.com/hashicorp/cap/issues/174">#174</a>)</li>
<li><a
href="https://github.com/hashicorp/cap/commit/b72d477d7f92c08b2dadd2ce2a9c97e45f1ec94c"><code>b72d477</code></a>
chore: update CHANGELOG for 0.12.0 (<a
href="https://redirect.github.com/hashicorp/cap/issues/175">#175</a>)</li>
<li>See full diff in <a
href="https://github.com/hashicorp/cap/compare/v0.12.0...v0.13.0">compare
view</a></li>
</ul>
</details>
<br />

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

CHANGELOG.md

@@ -21,6 +21,7 @@
 - build(deps): `golang.org/x/text` from 0.35.0 to 0.36.0 ([#1726](https://github.com/fastly/cli/pull/1726))
 - build(deps): `acifani/setup-tinygo` from 2 to 3 ([#1729](https://github.com/fastly/cli/pull/1729))
 - build(deps): `github.com/mattn/go-isatty` from 0.0.21 to 0.0.22 ([#1735](https://github.com/fastly/cli/pull/1735))
+- build(deps): `github.com/hashicorp/cap` from 0.12.0 to 0.13.0 ([#1771](https://github.com/fastly/cli/pull/1771))
 
 ## [v14.3.1](https://github.com/fastly/cli/releases/tag/v14.3.1) (2026-04-13)
 

go.mod

@@ -27,7 +27,7 @@ require (
 )
 
 require (
-	github.com/hashicorp/cap v0.12.0
+	github.com/hashicorp/cap v0.13.0
 	github.com/kennygrant/sanitize v1.2.4
 	github.com/otiai10/copy v1.14.1
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06

go.sum

@@ -54,8 +54,8 @@ github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfh
 github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU=
 github.com/google/jsonapi v1.0.0 h1:qIGgO5Smu3yJmSs+QlvhQnrscdZfFhiV6S8ryJAglqU=
 github.com/google/jsonapi v1.0.0/go.mod h1:YYHiRPJT8ARXGER8In9VuLv4qvLfDmA9ULQqptbLE4s=
-github.com/hashicorp/cap v0.12.0 h1:z1PU5j8iqLpyortK8JatvPVqEGSl3eN2vxZUWtOgdZU=
-github.com/hashicorp/cap v0.12.0/go.mod h1:KmO21ZfHvXuAUZBc3Ycqu5NhwMahvfmfR4HlW4f+b3c=
+github.com/hashicorp/cap v0.13.0 h1:bzLS1er9am6hOiw//TEjmwZ3t975iFfRfvXY6VRLKEw=
+github.com/hashicorp/cap v0.13.0/go.mod h1:Kbu5owAOJzQ/HH4Ba/76wsIXN2tRiJgToJKBO2MAEFE=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=