Bump the go-modules group across 1 directory with 7 updates

[dependabot]

Bumps the go-modules group with 6 updates in the / directory:

Package	From	To
cloud.google.com/go	0.121.4	0.121.6
cloud.google.com/go/auth	0.16.4	0.16.5
github.com/anchore/syft	1.30.0	1.31.0
github.com/charmbracelet/colorprofile	0.3.1	0.3.2
github.com/sylabs/sif/v2	2.21.1	2.22.0
google.golang.org/api	0.246.0	0.247.0

Updates cloud.google.com/go from 0.121.4 to 0.121.6

Release notes

Sourced from cloud.google.com/go's releases.

v0.121.6

0.121.6 (2025-08-14)

Bug Fixes

• internal/librariangen: Fix Dockerfile permissions for go mod tidy (#12704) (0e70a0b)

v0.121.5

0.121.5 (2025-08-12)

Bug Fixes

• internal/librariangen: Get README title from service config yaml (#12676) (b3b8f70)
• internal/librariangen: Update source_paths to source_roots in generate-request.json (#12691) (2adb6f9)

Changelog

Sourced from cloud.google.com/go's changelog.

0.121.6 (2025-08-14)

Bug Fixes

• internal/librariangen: Fix Dockerfile permissions for go mod tidy (#12704) (0e70a0b)

0.121.5 (2025-08-12)

Bug Fixes

• internal/librariangen: Get README title from service config yaml (#12676) (b3b8f70)
• internal/librariangen: Update source_paths to source_roots in generate-request.json (#12691) (2adb6f9)

Commits

• 2fd5cec chore(main): release 0.121.6 (#12705)
• 6f34867 feat(bigtable): Create first response latencies instrument (#12706)
• 710d269 feat(shopping): new clients (#12712)
• d6571b9 feat(managedkafka): new clients (#12710)
• a8feaf0 feat(bigquery): new clients (#12711)
• 674eb0d docs(shopping/merchant/accounts): fix comment for online return policy (#12701)
• 0e70a0b fix(internal/librariangen): fix Dockerfile permissions for go mod tidy (#12704)
• 558b164 fix(auth): improve error message for unknown credentials type (#12673)
• ceb0581 chore(shopping): onboard new shopping clients (#12702)
• d77626f chore(bigquery): onboard datapolicies v2beta1 (#12651)
• Additional commits viewable in compare view

Updates cloud.google.com/go/auth from 0.16.4 to 0.16.5

Release notes

Sourced from cloud.google.com/go/auth's releases.

auth: v0.16.5

0.16.5 (2025-08-14)

Bug Fixes

• auth: Improve error message for unknown credentials type (#12673) (558b164)
• auth: Set Content-Type in userTokenProvider.exchangeToken (#12634) (1197ebc)

Commits

• a366278 chore(main): release auth 0.16.5 (#12690)
• 969cc74 chore: release main (#12713)
• 83d25a0 refactor(bigtable): Correct docs and handle error (#12707)
• 2fd5cec chore(main): release 0.121.6 (#12705)
• 6f34867 feat(bigtable): Create first response latencies instrument (#12706)
• 710d269 feat(shopping): new clients (#12712)
• d6571b9 feat(managedkafka): new clients (#12710)
• a8feaf0 feat(bigquery): new clients (#12711)
• 674eb0d docs(shopping/merchant/accounts): fix comment for online return policy (#12701)
• 0e70a0b fix(internal/librariangen): fix Dockerfile permissions for go mod tidy (#12704)
• Additional commits viewable in compare view

Updates github.com/anchore/syft from 1.30.0 to 1.31.0

Release notes

Sourced from github.com/anchore/syft's releases.

v1.31.0

Added Features

• Option to set PackageSupplier in root of SPDX document generated by CLI [#3098 #4131 @​spiffcs]

Bug Fixes

• closed reader during java binary detection [#4129 @​kzantow]
• support multiple letters in openssl patch version [#4106 @​honigbot]
• Can not have license ID [#1964 #4132 @​spiffcs]
• Syft sometimes reports URL for license value when scanning JARs with a URL in Bundle-License field of manifest [#3186]

(Full Changelog)

Commits

• ab9db00 chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 (#4135)
• 6b48bd4 feat: add package supplier flag (#4131)
• 89470ec feat: update syft license construction to be able to look up by URL (#4132)
• 104df88 chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 (#4134)
• 80e6117 fix: support multiple letters in openssl patch version (#4106)
• 9f956dc fix: closed reader during java binary detection (#4129)
• 6452a19 chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#4130)
• 21496e7 chore: update GoReleaser configurations (#4128)
• 3e5befc chore(deps): update CPE dictionary index (#4126)
• See full diff in compare view

Updates github.com/charmbracelet/colorprofile from 0.3.1 to 0.3.2

Release notes

Sourced from github.com/charmbracelet/colorprofile's releases.

v0.3.2

Changelog

Bug fixes

• 561b8ac1cff6f8c286c7dd86e95cab3875c7ac01: fix: avoid variable shadowing to properly cache color conversions (@​aymanbagabas)

Documentation updates

• 44171888e824da7c31e567d1184d329a16a2b37f: docs: add contributing guidelines (#47) (@​bashbunni)

Other work

• 8c9f0bacd3a711f9edac3b2a9636f0c6f648b0ae: ci: sync dependabot config (#44) (@​charmcli)
• 0164c5a5071f60123daac0e686d19e6555e94f79: ci: sync golangci-lint config (#46) (@​github-actions[bot])
• 531ba367a03735d35d80f6054e9c9004968c3f36: ci: sync golangci-lint config (#51) (@​github-actions[bot])
• f7fa2ac61e6a8fe85b08bdb5325da7000e3c7309: perf: cache color conversion (#43) (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, Discord, Slack, The Fediverse.

Commits

• 561b8ac fix: avoid variable shadowing to properly cache color conversions
• 9131352 chore(deps): bump golang.org/x/sys from 0.34.0 to 0.35.0 (#53)
• 4c71e65 chore(deps): bump github.com/charmbracelet/x/ansi from 0.9.3 to 0.10.1 (#52)
• 531ba36 ci: sync golangci-lint config (#51)
• 4b2086d chore(deps): bump golang.org/x/sys from 0.33.0 to 0.34.0 (#50)
• d648e8c chore(deps): bump github.com/charmbracelet/x/ansi from 0.9.2 to 0.9.3 (#49)
• 4417188 docs: add contributing guidelines (#47)
• 0164c5a ci: sync golangci-lint config (#46)
• c62230b chore(deps): bump golang.org/x/sys from 0.32.0 to 0.33.0 (#45)
• f7fa2ac perf: cache color conversion (#43)
• Additional commits viewable in compare view

Updates github.com/sylabs/sif/v2 from 2.21.1 to 2.22.0

Release notes

Sourced from github.com/sylabs/sif/v2's releases.

v2.22.0

This release drops support for Go 1.23.

What's Changed

• build(deps): bump github.com/sigstore/sigstore from 1.8.15 to 1.9.0 by @​dependabot[bot] in sylabs/sif#410
• build(deps): bump github.com/sigstore/sigstore from 1.9.0 to 1.9.1 by @​dependabot[bot] in sylabs/sif#411
• fix: remove deprecated goreleaser config by @​tri-adam in sylabs/sif#413
• chore: bump golangci-lint to v2.0 by @​tri-adam in sylabs/sif#412
• build(deps): bump github.com/sigstore/sigstore from 1.9.1 to 1.9.2 by @​dependabot[bot] in sylabs/sif#414
• build(deps): bump github.com/sigstore/sigstore from 1.9.2 to 1.9.3 by @​dependabot[bot] in sylabs/sif#415
• build(deps): bump github.com/ProtonMail/go-crypto from 1.1.6 to 1.2.0 by @​dependabot[bot] in sylabs/sif#416
• build(deps): bump github.com/sigstore/sigstore from 1.9.3 to 1.9.4 by @​dependabot[bot] in sylabs/sif#417
• build(deps): bump github.com/ProtonMail/go-crypto from 1.2.0 to 1.3.0 by @​dependabot[bot] in sylabs/sif#420
• build(deps): bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 by @​dependabot[bot] in sylabs/sif#421
• build(deps): bump github.com/sigstore/sigstore from 1.9.4 to 1.9.5 by @​dependabot[bot] in sylabs/sif#422
• build(deps): bump github.com/sebdah/goldie/v2 from 2.5.5 to 2.6.0 by @​dependabot[bot] in sylabs/sif#424
• build(deps): bump github.com/sebdah/goldie/v2 from 2.6.0 to 2.7.1 by @​dependabot[bot] in sylabs/sif#425
• chore: bump golangci-lint to v2.2 by @​tri-adam in sylabs/sif#427
• build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @​dependabot[bot] in sylabs/sif#428
• chore: bump module to Go 1.24 by @​tri-adam in sylabs/sif#426
• chore: bump golangci-lint to v2.4 by @​tri-adam in sylabs/sif#429
• build(deps): bump github.com/google/go-containerregistry from 0.20.3 to 0.20.6 by @​dependabot[bot] in sylabs/sif#423

Full Changelog: sylabs/sif@v2.21.1...v2.22.0

Commits

• 04aca0b Merge pull request #423 from sylabs/dependabot/go_modules/main/github.com/goo...
• cd819d0 build(deps): bump github.com/google/go-containerregistry
• 554c49a Merge pull request #429 from tri-adam/golangci-lint-2.4
• 1fbe8ce chore: bump golangci-lint to v2.4
• c7bef4a Merge pull request #426 from tri-adam/go-1.25
• 7fc33f5 chore: bump module to Go 1.24
• b6cad13 build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 (#428)
• 242b71b chore: bump golangci-lint to v2.2 (#427)
• 21f6359 build(deps): bump github.com/sebdah/goldie/v2 from 2.6.0 to 2.7.1 (#425)
• 9f3d540 build(deps): bump github.com/sebdah/goldie/v2 from 2.5.5 to 2.6.0 (#424)
• Additional commits viewable in compare view

Updates google.golang.org/api from 0.246.0 to 0.247.0

Release notes

Sourced from google.golang.org/api's releases.

v0.247.0

0.247.0 (2025-08-11)

Features

• all: Auto-regenerate discovery clients (#3264) (82513ca)
• all: Auto-regenerate discovery clients (#3266) (e57e8b1)
• all: Auto-regenerate discovery clients (#3267) (10c5490)
• all: Auto-regenerate discovery clients (#3268) (2dbf1ac)
• all: Auto-regenerate discovery clients (#3270) (23a4031)

Changelog

Sourced from google.golang.org/api's changelog.

0.247.0 (2025-08-11)

Features

• all: Auto-regenerate discovery clients (#3264) (82513ca)
• all: Auto-regenerate discovery clients (#3266) (e57e8b1)
• all: Auto-regenerate discovery clients (#3267) (10c5490)
• all: Auto-regenerate discovery clients (#3268) (2dbf1ac)
• all: Auto-regenerate discovery clients (#3270) (23a4031)

Commits

• 56a3682 chore(main): release 0.247.0 (#3265)
• fbed808 chore(all): update all (#3269)
• 23a4031 feat(all): auto-regenerate discovery clients (#3270)
• 2dbf1ac feat(all): auto-regenerate discovery clients (#3268)
• 10c5490 feat(all): auto-regenerate discovery clients (#3267)
• e57e8b1 feat(all): auto-regenerate discovery clients (#3266)
• 82513ca feat(all): auto-regenerate discovery clients (#3264)
• See full diff in compare view

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20250728155136-f173205681a0 to 0.0.0-20250804133106-a7a43d27e69b

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions