build(deps): bump the golang group across 1 directory with 6 updates

[dependabot]

Bumps the golang group with 4 updates in the / directory: github.com/Microsoft/hcsshim, github.com/buger/jsonparser, github.com/mattn/go-shellwords and github.com/onsi/ginkgo/v2.

Updates github.com/Microsoft/hcsshim from 0.14.0 to 0.14.1

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.14.1

What's Changed

fb5aa2e94 - Maksim An (2026-04-07): upgrade dependencies to fix CI 9a434d6e1 - Dawei Wei (2026-03-06): shim: skip SandboxPlatform validation when platform is not explicitly set (#2620) 98d74bb52 - Cory Snider (2026-02-10): WCOW: restore support for client-mounted roots (#2595)

Full Changelog: microsoft/hcsshim@v0.14.0...v0.14.1

Commits

• fb5aa2e upgrade dependencies to fix CI
• 9a434d6 shim: skip SandboxPlatform validation when platform is not explicitly set (#2...
• 98d74bb WCOW: restore support for client-mounted roots (#2595)
• See full diff in compare view

Updates github.com/buger/jsonparser from 1.1.2 to 1.2.0

Release notes

Sourced from github.com/buger/jsonparser's releases.

v1.2.0

What's Changed

• Fix 2 bugs, remove 7 dead code blocks, add formal verification using ReqProof by @​buger in buger/jsonparser#281
• Add support for tinygo by @​buger in buger/jsonparser#269

Full Changelog: buger/jsonparser@v1.1.2...v1.2.0

Commits

• c172c16 Merge pull request #269 from buger/tinygo
• 680cd2e Merge pull request #281 from buger/reqproof-assurance-hardening
• 9dce61c Migrate review storage from reviews/ folder to per-requirement timestamps
• c03b9ef feat: add property-based obligation classes with 24 new SYS-REQs
• 9c46110 chore: fix spec lint warnings — remove stale parent field, set review metadata
• 8bbb8a8 Close coverage gaps: SYS-REQ-007/008/010 fuzz harness coverage to 100%
• 552e93b Install Z3 via apt before audit
• 98133b4 Remove manual Z3 pre-download, now handled by proof-action
• 1b70ead Debug Z3 pre-download: remove output suppression
• aac1fbc Pre-download Z3 solver before audit
• Additional commits viewable in compare view

Updates github.com/mattn/go-shellwords from 1.0.12 to 1.0.13

Commits

• fd1aa6c Run gofmt: add missing //go:build directives and trailing newlines
• e73986e Treat bare ')' as syntax error regardless of ParseBacktick
• 9a78803 Merge pull request #60 from scumfrog/security-fix-cve
• b074fa0 fix: preserve parser compatibility for unmatched ')' handling
• 735b5e8 Implement tests for shellwords parser functionality
• e2951fc Fix dollarQuote state management in shellwords.go
• 551a1d0 Update CI: Go 1.25/1.26 and latest GitHub Actions
• f3bbb6f Merge pull request #53 from ndeloof/master
• f6737fe parse \t as TAB, not escaped t
• See full diff in compare view

Updates github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.3

2.28.3

Maintenance

Bump all dependencies

v2.28.2

2.28.2

• Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
• Implement shell completion [94151c8]
• Add asan CLI option mirroring msan implementation [4d21dbb]
• Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
• fix aspect ratio [9619647]
• update logos [5779304]

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.3

Maintenance

Bump all dependencies

2.28.2

• Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
• Implement shell completion [94151c8]
• Add asan CLI option mirroring msan implementation [4d21dbb]
• Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
• fix aspect ratio [9619647]
• update logos [5779304]

Commits

• 5de9c15 v2.28.3
• 7e2fa19 bump dependencies
• 1a81912 v2.28.2
• f3a36b6 Add ArtifactDir() to support Go 1.26 testing.TB interface
• 94151c8 Implement shell completion
• 4d21dbb Add asan CLI option mirroring msan implementation
• c102161 Bump uri from 1.0.3 to 1.0.4 in /docs (#1630)
• 9619647 fix aspect ratio
• 5779304 update logos
• See full diff in compare view

Updates github.com/onsi/gomega from 1.39.1 to 1.40.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

Commits

• 87ee9d3 v1.40.0
• ea66027 v1.40.0 (full)
• e3fd789 update docs to reflect new versioning strategy
• 7d4ee30 first push to master-lite
• e4a82d1 Bump github/codeql-action from 3 to 4 (#875)
• af62723 Bump rexml from 3.4.0 to 3.4.2 in /docs (#870)
• e164221 Bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 (#895)
• 334a282 Bump faraday from 2.12.2 to 2.14.1 in /docs (#896)
• See full diff in compare view

Updates golang.org/x/sys from 0.42.0 to 0.43.0

Commits

• f33a730 windows: support nil security descriptor on GetNamedSecurityInfo
• 493d172 cpu: add runtime import in cpu_darwin_arm64_other.go
• 2c2be75 windows: use syscall.SyscallN in Proc.Call
• a76ec62 cpu: roll back "use IsProcessorFeaturePresent to calculate ARM64 on windows"
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions