chore: update dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

Update Request | Renovate Bot

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/stale	action	digest	9971854 → a21a081
fosrl/newt		patch	1.8.0 → 1.8.1
git://git.kernel.org/pub/scm/utils/mdadm/mdadm.git		minor	4.4 → 4.5
github.com/anchore/grype	indirect	minor	v0.0.0-00010101000000-000000000000 → v0.104.3
github.com/anchore/syft	indirect	minor	v1.28.0 → v1.39.0
github.com/dsseng/grype	replace	digest	2197792 → 9b7e8e2
github.com/dsseng/syft	replace	minor	v1.26.2-0.20250703101014-f39c35d156d9 → v1.38.0
github.com/gomodule/redigo	replace	major	v0.0.0-20150301180006-535138d7bcd7 → v1.9.3
google/gvisor		patch	20251208.0 → 20251215.0
https://gitlab.gnome.org/GNOME/glib.git		patch	2.87.0 → 2.87.1
https://sourceware.org/git/glibc.git		minor	2.41 → 2.42
netbirdio/netbird		minor	0.60.9 → 0.61.2
tailscale/tailscale		patch	1.92.3 → 1.92.5

---

Release Notes

fosrl/newt (fosrl/newt)

v1.8.1

Compare Source

Container Images

• GHCR: ghcr.io/fosrl/newt@sha256:c05a8383fc8370e6211f0ab84e37993848aae224322d0c5aede7d3368414bdd0
• Docker Hub: docker.io/fosrl/newt@sha256:c05a8383fc8370e6211f0ab84e37993848aae224322d0c5aede7d3368414bdd0
  Digest: sha256:c05a8383fc8370e6211f0ab84e37993848aae224322d0c5aede7d3368414bdd0

What's Changed

• chore(nix): add nix hash update automation by @​water-sucks in #​217
• Fix health check leaking socket binds

Full Changelog: fosrl/newt@1.8.0...1.8.1

anchore/grype (github.com/anchore/grype)

v0.104.3

Compare Source

Bug Fixes

• Use specifier matching rules when comparing python versions [#​3121 @​wagoodman]

(Full Changelog)

v0.104.2

Compare Source

Bug Fixes

• Since version 0.104.0 shaded jars are not reported [#​3098]
• db search fails with misleading message (out of memory) when no db is present [#​3049 #​3077 @​JvD-Ericsson]

Additional Changes

• replace os.Chdir with t.Chdir in test code [#​3067 @​joonas]

(Full Changelog)

v0.104.1

Compare Source

Bug Fixes

• Redact during file output [#​3068 @​kzantow]
• Unaffected match table does not filter results if CPE matching is enabled [#​3056 #​3066 @​kzantow]

Additional Changes

• Migrate grype to use mholt/archives instead of anchore fork [#​3036 @​joonas]

(Full Changelog)

v0.104.0

Compare Source

Added Features

• Add --from flag [#​3035 @​wagoodman]
• Let a suppression expire to prevent that one will forget to resolve a vulnerability [#​3031]

Bug Fixes

• Unnormalized fix version triggers false-positive in mssql-jdbc [#​3042 #​3034 @​jamestexas]

Additional Changes

• junit template use CDATA block to prevent XML parse errors [#​3019 @​nvtkaszpir]
• Keep nested loggers labeled [#​3040 @​wagoodman]

(Full Changelog)

v0.103.0

Compare Source

Added Features

• Allow hyphen in version string [#​3021 @​willmurphyscode]
• Respect rpmmod PURL qualifier [#​3020 @​willmurphyscode]

(Full Changelog)

v0.102.0

Compare Source

Added Features

• Use Alma Linux specific advisories for Alma Linux scans [#​2745 #​2939 @​willmurphyscode]

Bug Fixes

• Bitnami packages with CPEs are not matched against CPE-based vulnerabilities [#​2997]

Additional Changes

• add markdown template [#​2987 @​sebdanielsson]

(Full Changelog)

v0.101.1

Compare Source

Bug Fixes

• Panic error scanning images with v0.101.0 on some java dependencies [#​3002]

(Full Changelog)

v0.101.0

Compare Source

Added Features

• Add cyclonedx to RpmMetadata [#​2935 @​sfc-gh-rmaj]
• grype db search can filter by fixed state [#​2968 @​willmurphyscode]
• Support using VEX documents with directory scans and SBOMs [#​2471 #​2811 @​alegrey91]

Bug Fixes

• Issue installing Grype using documented curl command [#​2985]
• Advisory ID blank in JSON output [#​2965]

Additional Changes

• update flags with v3 to not use default config [#​3000 @​spiffcs]
• fix Cosign documentation URL in installer [#​2995 @​lime]
• set advisory id again [#​2979 @​willmurphyscode]
• add db schema validation [#​2962 @​willmurphyscode]

(Full Changelog)

v0.100.0

Compare Source

Added Features

• Add unaffected package and CPE stores [#​2888 @​wagoodman]
• use unaffected match table to remove appropriate vulns [#​2886 @​CrosleyZack]

(Full Changelog)

v0.99.1

Compare Source

Bug Fixes

• Present fix available version in grype JSON output [#​2905 @​wagoodman]
• detect patch numbers in fuzzy version comparison [#​2844 @​willmurphyscode]
• Make timestamp in output configurable (so that results are more reproducible) [#​522 #​2724 @​gabetrau]
• Grype .98 misidentifies the container package version [#​2884]

(Full Changelog)

v0.99.0

Compare Source

Added Features

• Add fix availability information to DB schema [#​2862 @​wagoodman]
• Add support vulnerability matching for raspbian [#​2893 @​westonsteimel]
• Add Vex CSAF support [#​1826 @​juan131]

Bug Fixes

• include channel in grype db search output [#​2873 @​willmurphyscode]
• add UnmarshalJSON to fix availability blob [#​2889 @​willmurphyscode]
• Grype misdetect Grafana version [#​2783]

Breaking Changes

• CSAF support [#​1826 @​juan131]

(Full Changelog)

v0.98.0

Compare Source

Added Features

• move debian 13 (trixie) to released and debian 14 (forky) to testing/sid/unstable [#​2861 @​westonsteimel]

(Full Changelog)

v0.97.2

Compare Source

Grype v0.97.2

Added Features

• new syft version adds binary classifier for hashicorp vault [#​4121 @​willmurphyscode]

Bug Fixes

• fix: update syft's nondeterministic Java archive purl and improve groupID for better matching [#​3521 #​4118 @​kzantow]

(Full Changelog)

v0.97.1

Compare Source

Bug Fixes

• Multiple EUS advisories where only some are fixed result in unexpected vulnerabilities [#​2840 #​2841 @​kzantow]

(Full Changelog)

v0.97.0

Compare Source

Added Features

• Add support for RHEL EUS [#​2446 #​2787 @​wagoodman]

Bug Fixes

• Error scanning snap "unsupported source: source.SnapMetadata" [#​2819 #​2821 @​kzantow]

Additional Changes

• add channel to os / distro [#​2782 @​wagoodman]

(Full Changelog)

v0.96.1

Compare Source

Syft Improvments

• Update to latest version of syft v1.29.0

Performance Improvements

• Create ignore regex objects conditionally[#​2805 @​wagoodman ]

(Full Changelog)

v0.96.0

Compare Source

Added Features

• Added the EPSS score and KEV indications as CycloneDX vulnerabilities.ratings entries [#​2695 #​2765 @​AlinaPodoba]

Bug Fixes

• The go run and go install broken due to useless redirect directive in go.mod [#​2777 #​2780 @​stefanb]
• EPSS implementation using percentile instead of percent probability [#​2778 #​2785 @​wagoodman]
• Latest version of grype with V6 schema lists incorrect URL for v6 database [#​2513]

Additional Changes

• Add more detail around cataloging and DB load log statements [#​2779 @​wagoodman]
• add version set and combined constraint [#​2763 @​wagoodman]
• add v6 OS store [#​2766 @​wagoodman]

(Full Changelog)

v0.95.0

Compare Source

Added Features

• Add string severity to db search json results [#​2730 @​wagoodman]
• Add package specifier overrides for kb, dpkg, and apkg [#​2742 @​westonsteimel]

Bug Fixes

• show related NVD records for non-NVD matches [#​2755 @​kzantow]
• assume that a vulnerability with no ranges is always vulnerable [#​2759 @​wagoodman]
• DB should hydrate for when the client has new features [#​2758 @​wagoodman]
• show relationship back to NVD for all CVE ids [#​2756 @​westonsteimel]
• properly escape CPE segments [#​2731 @​kzantow]
• msrc matcher should search by package ecosystem, not by distro [#​2748 @​westonsteimel]
• Grype does not report any vulnerabilities for CPEs with target_sw field set to value that does not correspond to known package type [#​2768 #​2772 @​willmurphyscode]
• malformed CPE in grype db search output [#​2767 #​2769 @​westonsteimel]
• vex documents from the --vex flag do get processed or applied to the output correctly [#​1836 #​2741 @​willmurphyscode]

Additional Changes

• replace deprecated GoReleaser configurations [#​2729 @​emmanuel-ferdman]
• specify types for all match details [#​2762 @​wagoodman]
• Refactor the version package [#​2735 @​wagoodman]

(Full Changelog)

v0.94.0

Compare Source

Added Features

• Add echo os to grype [#​2647 @​orizerah]

Bug Fixes

• Nonroot can't load local docker image with docker socket bind [#​2721 #​2723 @​kzantow]
• "Harden Container Runtime with Non-Root User" breaks --output usage [#​2720 #​2723 @​kzantow]

(Full Changelog)

v0.93.0

Compare Source

Added Features

• Add support for MinimOS [#​2627 @​Daniel-Wachter]
• Use the upstream Bitmani vulndb data for matching [#​1609 #​2538 @​juan131]
• Support rubygems specific version comparision [#​2646 #​2712 @​willmurphyscode]

Bug Fixes

• Harden Container Runtime with Non-Root User [#​2716 @​wagoodman]
• valid cpes in db search output [#​2706 @​westonsteimel]
• Always show results with json output for db search commands [#​2692 @​wagoodman]
• False positive: CVE-2025-5702 reported with High severity on glibc 2.34 (wrong severity and affected version) [#​2718]

(Full Changelog)

v0.92.2

Compare Source

Bug Fixes

• unpin dockerfile base images to prevent wget TLS errors [#​2671 @​spiffcs]
• Parse java group ID and artifact ID from PURL when missing [#​2675 @​wagoodman]
• Grype can't update DB in docker volume (regression) [#​2517 #​2672 @​willmurphyscode]

Additional Changes

• Remove getDB() from the v6 DB reader [#​2669 @​wagoodman]

(Full Changelog)

v0.92.1

Compare Source

(Full Changelog)

v0.92.0

Compare Source

Added Features

• improve html template [#​2635 @​OnceUponALoop]
• Add EPSS metrics to grype results [#​1973 #​2587 @​wagoodman]
• Show indication of known exploited vulnerabilities (from CISA) [#​1511 #​2587 @​wagoodman]

Bug Fixes

• adjust namespace translation logic to be v5 compatible [#​2634 @​westonsteimel]
• fall back to fuzzy constraint units [#​2651 @​willmurphyscode]
• adjust version prefix check when excluding overlapping packages [#​2653 @​westonsteimel]
• Dropping group from npm package names leads to false positives [#​2554 #​2645 @​kzantow]
• Potential regression in CVE detection from 0.87.0 (v5 schema) to 0.88.0 (v6 schema) for go-module detection [#​2642]
• Removal of temporary files not working on Windows [#​2233 #​2657 @​popey]
• @​jridgewell/gen-mapping incorrectly attributed GHSA-8rmg-jf7p-4p22 [#​1886 #​2645 @​kzantow]
• Vulnerability reported on @​group/name dependency when actual vulnerability exists on name dependency [#​1701 #​2645 @​kzantow]
• Grype false negatives in versions v0.88.0 and later leading to missed critical vulnerabilities [#​2628 #​2645 @​kzantow]
• PHP pecl redis mixes with redis project itself and creates false positive cve [#​1804]
• False Positive: Openssl CVE-2022-2068, CVE-2022-1292, CVE-2021-3711 in SUSE Enterprise 15 SP5 [#​1729]
• Grype does not handle purl file input with packages from different distributions [#​2630 #​2639 @​chovanecadam]
• grype pkg:golang/k8s.io/ingress-nginx@​v1.11.2 does not show cve [#​2580 #​2586 @​goatwu1993]

(Full Changelog)

v0.91.2

Compare Source

Bug Fixes

• Various false positives starting with 0.91.1 [#​2618 #​2621 @​willmurphyscode]

(Full Changelog)

v0.91.1

Compare Source

Bug Fixes

• Assume that empty versions should match on all possible versions [#​2591 @​wagoodman]
• Fix severity field in db search vuln [#​2589 @​wagoodman]
• Recover from panic within a matcher [#​2590 @​wagoodman]
• Should only check maven central if pom info is missing [#​2216 #​2547 @​tdunlap607]
• grype db search GHSA-mrrh-fwg8-r2c3 doesn't return results [#​2530]
• Grype stopped reporting vulnerabilities after upgrade [#​2608 #​2610 @​willmurphyscode]
• Grype does not handle cache-dir containing ~ correctly [#​2599 #​2600 @​kzantow]
• Grype should expand ~ in paths in config file [#​2024 #​2600 @​kzantow]
• False Positive: Multiple old CVEs in chromium 134.0.6998.117 for apk ecosystem [#​2581]
• Missing grype DB update from 2025041 [#​2593]
• Does not fill in the Level field of the SARIF result object [#​2511 #​2571 @​bdovaz]

Additional Changes

• add timing info to log output [#​2597 @​kzantow]
• Replace os.ReadDir with afero.ReadDir for consistency [#​2579 @​joe-ton]

(Full Changelog)

v0.91.0

Compare Source

Added Features

• Add v5 namespace emulation to db search output [#​2539 @​wagoodman]
• Add CVSS metrics in search JSON output [#​2568 @​wagoodman]
• Exit with a different return code for a failed scan [#​1922]

Bug Fixes

• Use data driven approach when detecting Alpine:edge and Debian:sid [#​2556 @​wagoodman]
• db list should render out full URLs for text format [#​2553 @​wagoodman]
• grype db import fails since v0.88 and above [#​2542 #​2546 @​kzantow]

(Full Changelog)

v0.90.0

Compare Source

Added Features

• Match vulnerabilities by distro name when no version specified [#​2521 #​2534 @​kzantow]
• Allow DB import from a URL [#​2134 #​2532 @​wagoodman]
• Add the DB url to the JSON descriptor block [#​356 #​2529 @​wagoodman]

(Full Changelog)

v0.89.1

Compare Source

Bug Fixes

• Ensure fatal error from maven search bubbles up [#​2518 @​luhring]
• Source URLs missing/broken in output with latest release [#​2520 #​2523 @​kzantow]
• Grype results set a vulnerability as its own related vulnerability [#​2514 #​2515 @​kzantow]

(Full Changelog)

v0.89.0

Compare Source

[!IMPORTANT]
As of Grype v0.88.0, the listing file which hosts the URLs of databases to download has migrated from https://toolbox-data.anchore.io/grype/databases/listing.json to https://grype.anchore.io/databases/v6/latest.json.

Added Features

• Show suggested fixed version when there are multiple listed [#​2264 #​2271 @​tomersein]

Bug Fixes

• Check for vulnerability database update failed with unsupported protocol scheme when referencing local file [#​2507 #​2508 @​wagoodman]

(Full Changelog)

v0.88.0

Compare Source

[!IMPORTANT]
With #​2126 the listing file which hosts the URLs of databases to download has migrated from https://toolbox-data.anchore.io/grype/databases/listing.json to https://grype.anchore.io/databases/v6/latest.json.

Added Features

• Add KEV information to v6 DB [#​2464 @​wagoodman]
• Add pretty format option [#​2406 @​tomersein]
• Add configuration for maven rate limit functionality [#​2397 @​rawlingsj]
• Allow specifying literal CPEs via the CLI [#​2463 @​wagoodman]
• Add KEV & EPSS to db search schema [#​2481 @​wagoodman]
• Update vulnerability matchers to use v6 DB schema [#​2132 #​2311 @​kzantow]
• Configure and use new V6 DB distribution URLs [#​2126 #​2439 @​kzantow]

Bug Fixes

• fix golang 1.24 versions when not semver compliant [#​2486 @​xnox]
• error out on maven search rate limiting [#​2460 @​luhring]
• CPE search failed when considering target software for unknown package type [#​2434 #​2438 @​westonsteimel]
• Grype Does Not Clean TMPDIR When Running in a Docker Container [#​2500]
• GetMavenPackageBySha can be rate limited by maven central, grype will silently fail which results in inconsistent scan results [#​2383]
• Grype exits with error on JSON output with PURL input [#​2360]
• Removal of temporary files not working on Windows [#​2233 #​2439 @​kzantow]
• grype db status reports "valid" when the DB is missing [#​2077 #​2439 @​kzantow]
• grype db status doesn't always check the db's checksum and validity [#​1648 #​2439 @​kzantow]
• False positive of CVE-2023-45853 on apt zlib1g/now 1:1.2.13.dfsg-1 package [#​2412 #​2474 @​westonsteimel]
• GHSA-93ww-43rr-79v3 / CVE-2024-10039 does not get patched version [#​2408]
• "grype config" output swaps comments for search-indexed-archives / search-unindexed-archives [#​2409 #​2414 @​spiffcs]

Breaking Changes

• Remove DB schema v3 and v4 code [#​2435 @​wagoodman]
• Replace grype db diff with grype db search --modified-after and --published-after flags [#​2129 #​2439 @​kzantow]

Additional Changes

• Refactor presenters to use static model over dynamic lookups [#​2492 @​wagoodman]
• update syft to 1.20 [#​2473 @​kzantow]

(Full Changelog)

v0.87.0

Compare Source

Added Features

• Question: Custom Vulnerability Sources CSAF [#​2337]
• vex: Add package name to VEX product identifiers [#​1905 #​2355 @​ferozsalam]

Bug Fixes

• fix upstream match for linux-.-headers-. [#​2320 @​barnuri]
• external-sources: throttle requests to maven central to avoid being rate limited for large sets of java dependencies [#​2384 @​rawlingsj]
• Clean up config help text [#​2347 @​wagoodman]

(Full Changelog)

v0.86.1

Compare Source

Security Fixes

• archiver has been archived - replace with archives fork [#​2304 #​2313 @​spiffcs]

Bug Fixes

• archiver has been archived - replace with archives fork [#​2304 #​2313 @​spiffcs]
• Grype panics on certain output formats for PURL inputs [#​2324 #​2328 @​willmurphyscode]
• FP of upstream linux [#​2326]

Additional Changes

• move v5-specific interfaces and implementations to the v5 package [#​2322 @​kzantow]
• Fix broken link to cosign documentation [#​2321 @​uaqben]

(Full Changelog)

v0.86.0

Compare Source

Added Features

• Add missing package information for Sarif report [#​2267 #​2254 @​GeorgeLS]

Bug Fixes

• ignore linux-aws-headers-.* as well like linux-headers-.* [#​2295 @​barnuri]

Breaking Changes

• Remove DB v1 & v2 schemas [#​2278 @​wagoodman]

Additional Changes

• refactor v5-specific code out of core packages [#​2299 @​kzantow]

(Full Changelog)

v0.85.0

Compare Source

Added Features

• Add support for gradle in Java [#​2236]
• Prefer direct match information over indirect matches [#​1931 #​2241 @​wagoodman]

Bug Fixes

• Restore log on UI teardown [#​2248 @​wagoodman]
• Display warnings even when -v is not passed and no tty is present [#​2180 #​2268 @​willmurphyscode]

Additional Changes

• core dependencies: latest syft v1.17.0 and latest stereoscope v0.0.9 [#​2275 @​willmurphyscode]

(Full Changelog)

v0.84.0

Compare Source

Added Features

• Add support for scanning single purl from the CLI [#​2225 #​2223 @​wagoodman]

Bug Fixes

• Flaky checks on STDIN for purl provider [#​2192 #​2223 @​wagoodman]
• Missing alpine patch version yields inaccurate results [#​2222 #​2226 @​wagoodman]

Additional Changes

• update Syft to v1.16.0 [#​2237 @​anchore-actions-token-generator]

(Full Changelog)

v0.83.0

Compare Source

Added Features

• Merge config files hierarchically and add support for config profiles [#​2009 #​2194 @​kzantow]
• Add DB providers command [#​2131 #​2174 @​ADorigi]

(Full Changelog)

v0.82.2

Compare Source

Bug Fixes

• azurelinux considered as comprehensive distro [#​2197 @​westonsteimel]
• Java archive cataloger performance in 0.82.x much slower than 0.81.0 [#​2200]

Additional Changes

• Update to Syft v1.14.2 [#​2203 @​wagoodman]

(Full Changelog)

v0.82.1

Compare Source

Bug Fixes

• Skip matching on packages with missing version info [#​2182 @​wagoodman]
• correctly identify version of traefik binaries [#​2178 #​2179 @​westonsteimel]
• RPM version comparison oddity with release field [#​398 [#​2188](https:/

[renovate]

ℹ️ Artifact update notice

File name: internal/grype-scan/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 56 additional dependencies were updated

Details:

Package	Change
github.com/CycloneDX/cyclonedx-go	v0.9.2 -> v0.9.3
github.com/ProtonMail/go-crypto	v1.2.0 -> v1.3.0
github.com/STARRY-S/zip	v0.2.1 -> v0.2.3
github.com/anchore/go-collections	v0.0.0-20240216171411-9321230ce537 -> v0.0.0-20251016125210-a3c352120e8c
github.com/anchore/stereoscope	v0.1.6 -> v0.1.13
github.com/andybalholm/brotli	v1.1.2-0.20250424173009-453214e765f3 -> v1.2.0
github.com/bmatcuk/doublestar/v4	v4.8.1 -> v4.9.1
github.com/bodgit/sevenzip	v1.6.0 -> v1.6.1
github.com/charmbracelet/bubbletea	v1.3.6 -> v1.3.10
github.com/charmbracelet/x/ansi	v0.9.3 -> v0.10.1
github.com/containerd/containerd	v1.7.27 -> v1.7.29
github.com/cyphar/filepath-securejoin	v0.4.1 -> v0.6.0
github.com/diskfs/go-diskfs	v1.6.1-0.20250601133945-2af1c7ece24c -> v1.7.0
github.com/docker/cli	v28.3.0+incompatible -> v28.5.2+incompatible
github.com/docker/docker	v28.3.2+incompatible -> v28.5.2+incompatible
github.com/docker/docker-credential-helpers	v0.9.3 -> v0.9.4
github.com/docker/go-connections	v0.5.0 -> v0.6.0
github.com/fatih/color	v1.17.0 -> v1.18.0
github.com/gabriel-vasile/mimetype	v1.4.9 -> v1.4.11
github.com/github/go-spdx/v2	v2.3.3 -> v2.3.4
github.com/go-git/go-git/v5	v5.16.2 -> v5.16.3
github.com/go-viper/mapstructure/v2	v2.3.0 -> v2.4.0
github.com/gohugoio/hashstructure	v0.5.0 -> v0.6.0
github.com/gookit/color	v1.5.4 -> v1.6.0
github.com/hashicorp/go-getter	v1.7.8 -> v1.8.3
github.com/hashicorp/hcl/v2	v2.23.0 -> v2.24.0
github.com/jedib0t/go-pretty/v6	v6.6.7 -> v6.7.2
github.com/mattn/go-runewidth	v0.0.16 -> v0.0.19
github.com/mholt/archives	v0.1.3 -> v0.1.5
github.com/minio/minlz	v1.0.0 -> v1.0.1
github.com/nwaples/rardecode/v2	v2.1.0 -> v2.2.0
github.com/olekukonko/errors	v0.0.0-20250405072817-4e6d85265da6 -> v1.1.0
github.com/olekukonko/ll	v0.0.8 -> v0.1.2
github.com/olekukonko/tablewriter	v1.0.8 -> v1.1.1
github.com/opencontainers/selinux	v1.11.0 -> v1.13.0
github.com/sorairolake/lzip-go	v0.3.5 -> v0.3.8
github.com/spf13/afero	v1.14.0 -> v1.15.0
github.com/spf13/cobra	v1.9.1 -> v1.10.1
github.com/spf13/pflag	v1.0.6 -> v1.0.9
github.com/sylabs/sif/v2	v2.21.1 -> v2.22.0
github.com/ulikunitz/xz	v0.5.12 -> v0.5.15
github.com/vbatts/go-mtree	v0.5.4 -> v0.6.0
github.com/zclconf/go-cty	v1.14.0 -> v1.16.3
golang.org/x/crypto	v0.40.0 -> v0.44.0
golang.org/x/exp	v0.0.0-20250408133849-7e4ce0ab07d0 -> v0.0.0-20250620022241-b7579e27df2b
golang.org/x/mod	v0.26.0 -> v0.30.0
golang.org/x/net	v0.42.0 -> v0.47.0
golang.org/x/sync	v0.16.0 -> v0.18.0
golang.org/x/sys	v0.34.0 -> v0.38.0
golang.org/x/term	v0.33.0 -> v0.37.0
golang.org/x/text	v0.27.0 -> v0.31.0
golang.org/x/time	v0.12.0 -> v0.14.0
golang.org/x/tools	v0.35.0 -> v0.39.0
google.golang.org/protobuf	v1.36.4 -> v1.36.6
modernc.org/libc	v1.65.10 -> v1.66.10
modernc.org/sqlite	v1.38.0 -> v1.40.0