Bump the go-modules group with 3 updates

[dependabot]

Bumps the go-modules group with 3 updates: cloud.google.com/go/storage, github.com/anchore/syft and go.opentelemetry.io/auto/sdk.

Updates cloud.google.com/go/storage from 1.56.1 to 1.56.2

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.56.2

1.56.2 (2025-09-15)

Bug Fixes

• storage: Free buffers in Bidi Reader (#12839) (10c8fac)

Commits

• bda509d chore(release-storage-1.56.2): release storage 1.56.2 (#12873)
• 10c8fac fix(storage): free buffers in Bidi Reader (#12839)
• See full diff in compare view

Updates github.com/anchore/syft from 1.32.0 to 1.33.0

Release notes

Sourced from github.com/anchore/syft's releases.

v1.33.0

Added Features

• Modify RpmDBEntry to include modularityLabel for cyclonedx [#4212 @​sfc-gh-rmaj]
• Add locations onto packages read from Java native image SBOMs [#4186 @​rudsberg]

(Full Changelog)

Commits

• b87b919 chore(deps): update anchore dependencies (#4220)
• a51994d chore(deps): update tools to latest versions (#4215)
• 333b951 chore(deps): bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 (#4216)
• 90c733d chore(deps): bump 8398a7/action-slack from 3.18.0 to 3.19.0 (#4217)
• dacc2f6 chore(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 (#4218)
• 06b01aa chore(deps): bump modernc.org/sqlite from 1.38.2 to 1.39.0 (#4219)
• e1762a2 chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.8 to 1.3.9 (#4214)
• c5cbc89 fix: include RpmDBEntry modularityLabel in CycloneDX (#4212)
• 7bc15e3 Native Image SBOM: Add Support for Locations Data (#4186)
• c6cd663 chore(deps): bump github.com/spf13/afero from 1.14.0 to 1.15.0 (#4202)
• Additional commits viewable in compare view

Updates go.opentelemetry.io/auto/sdk from 1.2.0 to 1.2.1

Release notes

Sourced from go.opentelemetry.io/auto/sdk's releases.

sdk/v1.2.1

Overview

Fixed

• Fix uint32 bounding on 32 bit architectures in the go.opentelemetry.io/auto/sdk module. (#2810)

Removed

• Build support for Go 1.23 in go.opentelemetry.io/auto/sdk has been removed. Use Go >= 1.24 to develop and build the project. (#2799)

What's Changed

• Drop development support for Go 1.23 by @​MrAlias in open-telemetry/opentelemetry-go-instrumentation#2799
• fix(deps): update golang.org/x by @​renovate[bot] in open-telemetry/opentelemetry-go-instrumentation#2762
• Fix 32bit arch int overflow in sdk by @​MrAlias in https://github.com/open-
• Release go.opentelemetry.io/auto/sdk v1.2.1 by @​MrAlias in open-telemetry/opentelemetry-go-instrumentation#2811

Full Changelog: open-telemetry/opentelemetry-go-instrumentation@v0.23.0...sdk/v1.2.1

Changelog

Sourced from go.opentelemetry.io/auto/sdk's changelog.

[go.opentelemetry.io/auto/sdk v1.2.1] - 2025-09-15

Fixed

• Fix uint32 bounding on 32 bit architectures in the go.opentelemetry.io/auto/sdk module. (#2810)

Commits

• 715f58c Release go.opentelemetry.io/auto/sdk v1.2.1 (#2811)
• 2ffdc0d chore(deps): update module github.com/prometheus/otlptranslator to v1 (#2800)
• edae086 chore(deps): update golang:1.25.1 docker digest to 8305f5f (#2807)
• c0a461c Fix 32bit arch int overflow in sdk (#2810)
• 146fa4d fix(deps): update google.golang.org/grpc/examples digest to ca78c90 (#2806)
• a734c70 chore(deps): update module github.com/nunnatsa/ginkgolinter to v0.21.0 (#2805)
• 3d60895 chore(deps): update module github.com/tetafro/godot to v1.5.2 (#2804)
• 23bec2c chore(deps): update module github.com/antonboom/testifylint to v1.6.4 (#2803)
• 3b82e63 fix(deps): update golang.org/x (#2762)
• 65fc170 chore(deps): update module github.com/spf13/viper to v1.21.0 (#2796)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions