[gomod] Bump the dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates in the / directory:

Package	From	To
entgo.io/ent	0.14.5	0.14.6
github.com/gin-contrib/cors	1.7.6	1.7.7
github.com/gin-contrib/secure	1.1.2	1.1.3
github.com/lib/pq	1.11.2	1.12.1
google.golang.org/grpc	1.79.3	1.80.0
k8s.io/apimachinery	0.35.2	0.35.3
k8s.io/client-go	0.35.2	0.35.3

Updates entgo.io/ent from 0.14.5 to 0.14.6

Commits

• e0ba79d chore: bump tablewriter to latest version (#4490)
• ab05406 entc/gen: support external ValueScanner for id field (#4487)
• d056659 dialect/sql/sqlgraph: set schema when clearing foreign key edges (#4429)
• 2eb3641 entc/gen: add support for collation on edge schema (#4480)
• 397ebe9 dialect/sql/schema: allow running migration concurrently without copying the ...
• 49be309 doc: update list of tested pg versions (#4463)
• ff2b4a6 doc/md: add the new CollectedFor annotation to graphql fields mapping (#4462)
• cf1482e entc/gen: add support for custom collations on ID fields (#4453)
• a777c08 Clean up old & irrelevant references to Facebook (#4452)
• 4d347ca doc: mention how to use schemaconfig with schema annotation (#4444)
• Additional commits viewable in compare view

Updates github.com/gin-contrib/cors from 1.7.6 to 1.7.7

Release notes

Sourced from github.com/gin-contrib/cors's releases.

v1.7.7

Changelog

Others

• 2816d6da1754dae141f65310dfbf4a1600af782a: Add Go 1.26 to GitHub Actions test matrix (@​appleboy)
• a92928f098c146faaa5e691399c0ab3c2b808d2f: Update golangci-lint version to v2.9 (@​appleboy)
• b77776e77f9daaf63076e696016cf99340cdc79e: Fix Trivy badge URL in README.md (@​appleboy)

Bug fixes

• 123928c03ce0b7336b4322d38d57bf7cf4e9b808: fix: allow ^ anchor in regex CORS origin patterns (#177) (@​brokenthumbs)
• 3585a5e62daa3d1b40e134b6d2a8bf07b33b2d57: fix: resolve golangci-lint issues in tests (@​appleboy)

Enhancements

• 21c982fe706deec13d8012eb66b8feaed5c1acd2: chore: update Go version and refresh dependencies to latest releases (@​appleboy)
• 402233a7419c785098703756402484dae63f4417: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (@​appleboy)
• 0c142794c2885f61c16db122c343da553801a9dd: chore(deps): bump actions/checkout from 4 to 6 (@​appleboy)
• 3333b3d0d3ff5d3d6e5f715665a0920522e091ea: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
• 754ef53f194ecb7faa198ca6c9365b8975217aba: chore(ci): update golangci-lint to v2.6 (@​appleboy)
• c5dcea89610356ca36bd8bd2534943105f731b20: chore(deps): bump actions/cache from 4 to 5 (@​appleboy)
• 139173a220a23bae1172280cfaaf86addd2c5248: chore(ci): upgrade trivy-action from 0.33.1 to 0.35.0 (@​appleboy)
• 9e6ec27fa96936d68a516d5367486e262812275b: chore(deps): upgrade gin to v1.12.0 and update CI Go versions (@​appleboy)
• e19d20de2b561cdd642ed336fcca368fd8e251cf: chore(deps): upgrade golang.org/x/text to v0.35.0 (@​appleboy)

Build process updates

• f46b87eacdb9f84a99136501d3e50873b9ebdb7a: ci: integrate Trivy vulnerability scanning into CI workflow (@​appleboy)
• c4b4ccff788f6a1ec0d796054d870f1a432b4193: ci: broaden CI Go version testing (@​appleboy)
• 33f131c7e60abbda06621e3db880ea3b87200c59: ci: add dedicated Trivy security scanning and status badge (@​appleboy)
• fe8e9d050af48828d10c39a76c03b0ca91cf1061: ci: integrate automated Trivy security scanning via GitHub Actions (@​appleboy)
• f20e310cdc56e1eabc1a247230e073cc11c1f134: ci: update CI tooling and refine supported Go versions (@​appleboy)
• d94e4773a2a44fc8c0738ad4fa77d82dc7f57c5f: ci: modernize and consolidate CI workflows and security scanning (@​appleboy)
• b16eb9fe4380bf20f4725be6714555203d347126: ci: rename Trivy workflow file for enhanced clarity (@​appleboy)
• ec180b59ed3a195d28938bfa138627714a1316dc: ci(workflow): bump goreleaser/goreleaser-action from v6 to v7 (@​appleboy)

Commits

• e19d20d chore(deps): upgrade golang.org/x/text to v0.35.0
• ec180b5 ci(workflow): bump goreleaser/goreleaser-action from v6 to v7
• 9e6ec27 chore(deps): upgrade gin to v1.12.0 and update CI Go versions
• 139173a chore(ci): upgrade trivy-action from 0.33.1 to 0.35.0
• b77776e Fix Trivy badge URL in README.md
• a92928f Update golangci-lint version to v2.9
• 2816d6d Add Go 1.26 to GitHub Actions test matrix
• c5dcea8 chore(deps): bump actions/cache from 4 to 5
• 3585a5e fix: resolve golangci-lint issues in tests
• 754ef53 chore(ci): update golangci-lint to v2.6
• Additional commits viewable in compare view

Updates github.com/gin-contrib/secure from 1.1.2 to 1.1.3

Release notes

Sourced from github.com/gin-contrib/secure's releases.

v1.1.3

Changelog

Enhancements

• 8260b2b1095f94917206d1f21d7b494964769a65: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (@​appleboy)
• eebbe30bdb09b3dec9fafe2f8f2b94ad63030851: chore: bump Go version and update indirect dependencies (@​appleboy)
• 32c4e8fec37d470acebe127e8c37cabece8bc071: chore: remove bearer.yml workflow (@​appleboy)
• 17eb51356eccc868b820dbc5d418bd5943dc460a: chore(deps): bump actions/checkout from 4 to 6 (@​appleboy)
• 1c78005857f40c07de94eb33db01f6545aa102c4: chore: drop Go 1.23 support, require Go 1.24+ (@​appleboy)
• b010ffec52655d6b3d59e40b76819ea7c8f63b4a: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
• 3d14e16a3a0650b3db2569e0b58838d053fd97ae: chore(ci): update golangci-lint to v2.6 (@​appleboy)
• cc9ce22de140df3a94223d264737436cd7ea79fc: chore(deps): bump actions/cache from 4 to 5 (@​appleboy)
• 3a3960fad0d8a95ddf3cf266128747a92721f6a5: chore(ci): upgrade trivy-action from 0.33.1 to 0.35.0 (@​appleboy)
• bd0132c306a8550b09fd95ea7e415db8b0783c26: chore(deps): upgrade gin to v1.12.0 and update CI Go versions (@​appleboy)
• e2a3cc24aa5395ce4417e4ff21fb7712fd5a4eab: chore(deps): upgrade golang.org/x/text to v0.35.0 (@​appleboy)

Build process updates

• 8db12d888f294666a56fd356bdc86f7dd9de96e9: ci: integrate automated Trivy security scans into GitHub Actions (@​appleboy)
• c3ce999503dc2ed8c53ddb44517f29009a8731c4: ci(workflow): bump goreleaser/goreleaser-action from v6 to v7 (@​appleboy)

Others

• b813ce39093a1aaf8ba41ce12a2a7f688b0ec21b: Add Go 1.26 to GitHub Actions test matrix (@​appleboy)
• 59f053fcff773d46f254d8c96c2137186a2879ab: Update golangci-lint version to v2.9 (@​appleboy)

Commits

• e2a3cc2 chore(deps): upgrade golang.org/x/text to v0.35.0
• c3ce999 ci(workflow): bump goreleaser/goreleaser-action from v6 to v7
• bd0132c chore(deps): upgrade gin to v1.12.0 and update CI Go versions
• 3a3960f chore(ci): upgrade trivy-action from 0.33.1 to 0.35.0
• 59f053f Update golangci-lint version to v2.9
• b813ce3 Add Go 1.26 to GitHub Actions test matrix
• cc9ce22 chore(deps): bump actions/cache from 4 to 5
• 3d14e16 chore(ci): update golangci-lint to v2.6
• b010ffe chore(deps): upgrade quic-go to v0.57.1
• 1c78005 chore: drop Go 1.23 support, require Go 1.24+
• Additional commits viewable in compare view

Updates github.com/lib/pq from 1.11.2 to 1.12.1

Release notes

Sourced from github.com/lib/pq's releases.

v1.12.1

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/HEAD/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

  pqErr := pq.As(err, pqerror.UniqueViolation)
  if pqErr != nil {
      log.Fatalf("email %q already exsts", email)
  }
  

Fixes

• Fix SSL key permission check to allow modes stricter than 0600/0640 (#1265).

... (truncated)

Changelog

Sourced from github.com/lib/pq's changelog.

v1.12.1 (2026-03-30)

• Look for pgpass file in ~/.pgpass instead of ~/.postgresql/pgpass (#1300).

• Don't clear password if directly set on pq.Config (#1302).

#1300: lib/pq#1300 #1302: lib/pq#1302

v1.12.0 (2026-03-18)

• The next release may change the default sslmode from require to prefer. See #1271 for details.

• CopyIn() and CopyInToSchema() have been marked as deprecated. These are simple query builders and not needed for COPY [..] FROM STDIN support (which is not deprecated). (#1279)

  // Old
  tx.Prepare(CopyIn("temp", "num", "text", "blob", "nothing"))
  // Replacement
  tx.Prepare(copy temp (num, text, blob, nothing) from stdin)
  

Features

• Support protocol 3.2, and the min_protocol_version and max_protocol_version DSN parameters (#1258).

• Support sslmode=prefer and sslmode=allow (#1270).

• Support ssl_min_protocol_version and ssl_max_protocol_version (#1277).

• Support connection service file to load connection details (#1285).

• Support sslrootcert=system and use ~/.postgresql/root.crt as the default value of sslrootcert (#1280, #1281).

• Add a new pqerror package with PostgreSQL error codes (#1275).

  For example, to test if an error is a UNIQUE constraint violation:

  if pqErr, ok := errors.AsType[*pq.Error](https://github.com/lib/pq/blob/master/err); ok && pqErr.Code == pqerror.UniqueViolation {
      log.Fatalf("email %q already exsts", email)
  }
  

  To make this a bit more convenient, it also adds a pq.As() function:

... (truncated)

Commits

• 1464d69 Release v1.12.1
• 5a64c11 Fix fromDSN() doc comment
• 7f79f1b Fix trailing quote in fromDSN() error message
• e0a292e Don't clear password if directly set on pq.Config
• ce3c881 Use correct location for default ~/.pgpass location
• 6d40f13 Release v1.12.0
• 386fc0e Document NULL behaviour with COPY
• a62682e Better staticcheck cache 2
• 87ee06c Better staticcheck cache
• 0962458 Rewrite tests to use pqerror, pq.As()
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.79.3 to 1.80.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.80.0

Behavior Changes

• balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see #5288 for details. (#8837)
• xds: update resource error handling and re-resolution logic (#8907)
  • Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.
  • Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

• xds: support the LB policy configured in LOGICAL_DNS cluster resources instead of defaulting to pick_first. (#8733)
• credentials/tls: perform per-RPC authority validation against the leaf certificate instead of the entire peer certificate chain. (#8831)
• xds: enabling A76 ring hash endpoint keys no longer causes EDS resources with invalid proxy metadata to be NACKed when HTTP CONNECT (gRFC A86) is disabled. (#8875)
• xds: validate that the sum of endpoint weights in a locality does not exceed the maximum uint32 value. (#8899)
  • Special Thanks: @​RAVEYUS
• xds: fix incorrect proto field access in the weighted round robin (WRR) configuration where blackout_period was used instead of weight_expiration_period. (#8915)
  • Special Thanks: @​gregbarasch
• xds/rbac: handle addresses with ports in IP matchers. (#8990)

New Features

• ringhash: enable gRFC A76 (endpoint hash keys and request hash headers) by default. (#8922)

Performance Improvements

• credentials/alts: pool write buffers to reduce memory allocations and usage. (#8919)
• grpc: enable the use of pooled write buffers for buffering HTTP/2 frame writes by default. This reduces memory usage when connections are idle. Use the WithSharedWriteBuffer dial option or the SharedWriteBuffer server option to disable this feature. (#8957)
• xds/priority: stop caching child LB policies removed from the configuration. This will help reduce memory and cpu usage when localities are constantly switching between priorities. (#8997)
• mem: add a faster tiered buffer pool; use the experimental mem.NewBinaryTieredBufferPool function to create such pools. (#8775)

Commits

• 397e45e Change version to 1.80.0 (#8948)
• 64ebf0a Cherry-pick #8997 to v1.80.x (#9027)
• e45ed24 xds/rbac: add additional handling for addresses with ports (#8990) (#9022)
• c78d26e Cherry-pick #8957 to v1.80.x (#9007)
• bd7cd3c grpc: enforce strict path checking for incoming requests on the server (#8987)
• b6597b3 xds/clusterimpl: use xdsConfig for updates and remove redundant fields from L...
• 1d4fa8a xds: change cdsbalancer to use update from dependency manager (#8907)
• 8f47d36 attributes: Replace internal map with linked list (#8933)
• 22e1ee8 xds: add panic recovery in xdsclient resource unmarshalling. (#8895)
• 7136e99 credentials/alts: Pool write buffers (#8919)
• Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.35.2 to 0.35.3

Commits

• See full diff in compare view

Updates k8s.io/client-go from 0.35.2 to 0.35.3

Commits

• 4f1f0a2 Update dependencies to v0.35.3 tag
• f80003c Merge pull request #136903pohly/automated-cherry-pick-of-#136455
• 8b41556 fake client-go: un-deprecate NewSimpleClientset
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions