Bump the go-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the go-dependencies group with 3 updates in the / directory: github.com/fatih/color, github.com/shiftleftcyber/securesbom-sdk-golang/v2 and sigs.k8s.io/release-utils.

Updates github.com/fatih/color from 1.18.0 to 1.19.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.19.0

What's Changed

• Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @​dependabot[bot] in fatih/color#246
• Fix for issue #230 set/unsetwriter symmetric wrt color support detection by @​ataypamart in fatih/color#243
• chore: go mod cleanup by @​sashamelentyev in fatih/color#244
• Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @​dependabot[bot] in fatih/color#249
• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot[bot] in fatih/color#248
• Update CI and go deps by @​fatih in fatih/color#254
• Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @​dependabot[bot] in fatih/color#268
• fix: include escape codes in byte counts from Fprint, Fprintf by @​qualidafial in fatih/color#282
• Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @​dependabot[bot] in fatih/color#277
• fix: add nil check for os.Stdout to prevent panic on Windows services by @​majiayu000 in fatih/color#275
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @​dependabot[bot] in fatih/color#259
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in fatih/color#273
• Optimize Color.Equals performance (O(n²) → O(n)) by @​UnSubble in fatih/color#269
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in fatih/color#266

New Contributors

• @​ataypamart made their first contribution in fatih/color#243
• @​sashamelentyev made their first contribution in fatih/color#244
• @​qualidafial made their first contribution in fatih/color#282
• @​majiayu000 made their first contribution in fatih/color#275
• @​UnSubble made their first contribution in fatih/color#269

Full Changelog: fatih/color@v1.18.0...v1.19.0

Commits

• ca25f6e Merge pull request #266 from fatih/dependabot/github_actions/actions/setup-go-6
• 1205984 Bump actions/setup-go from 5 to 6
• 5715c20 Merge pull request #269 from UnSubble/main
• 2f6e200 Merge branch 'main' into main
• f72ec94 Merge pull request #273 from fatih/dependabot/github_actions/actions/checkout-6
• 848e633 Merge branch 'main' into main
• 4c2cd34 Add tests
• 7f812f0 Bump actions/checkout from 4 to 6
• b7fc9f9 Merge pull request #259 from fatih/dependabot/github_actions/dominikh/staticc...
• 239a88f Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0
• Additional commits viewable in compare view

Updates github.com/shiftleftcyber/securesbom-sdk-golang/v2 from 2.3.0 to 2.5.0

Release notes

Sourced from github.com/shiftleftcyber/securesbom-sdk-golang/v2's releases.

v2.5.0

SecureSBOM Go SDK v2.5.0

What's Changed

This release includes the SecureSBOM Go SDK and example applications.

Installation

Go SDK

go get github.com/shiftleftcyber/securesbom-sdk-golang@v2.5.0

Example Binaries

Download the appropriate binary for your platform from the assets below.

Linux (amd64):

curl -LO https://github.com/shiftleftcyber/securesbom-sdk-golang/releases/download/v2.5.0/securesbom-examples-v2.5.0-linux-amd64.tar.gz
tar xzf securesbom-examples-v2.5.0-linux-amd64.tar.gz

macOS (Apple Silicon):

curl -LO https://github.com/shiftleftcyber/securesbom-sdk-golang/releases/download/v2.5.0/securesbom-examples-v2.5.0-darwin-arm64.tar.gz
tar xzf securesbom-examples-v2.5.0-darwin-arm64.tar.gz

Windows (amd64): Download the zip file and extract it.

Checksums

All release artifacts include SHA256 checksums for verification.

Documentation

• API Documentation
• Examples

Full Changelog

shiftleftcyber/securesbom-sdk-golang@...v2.5.0

What's Changed

• feat: add function for digest signing by @​VinnyBarton in shiftleftcyber/securesbom-sdk-golang#21
• feat: update to Digest API by @​VinnyBarton in shiftleftcyber/securesbom-sdk-golang#22

... (truncated)

Commits

• d4098e4 feat: update to Digest API (#22)
• 4e588d7 feat: add function for digest signing (#21)
• 4d55dee fix: fix rearm workflow (#20)
• f90e123 feat: pull actions via hash (#19)
• 736e290 fix: fix workflows (#18)
• e507e07 feat!: migrate SDK to v2 API, remove v1 support and refactor request/response...
• b4088ee fix: update workflow (#16)
• c54064d chore: update version of SecureSBOM Action (#15)
• 012273b chore: allow ReARM rebuilds (#14)
• 68ec0d6 chore: use Dockerfile.sbom with ReARM (#13)
• See full diff in compare view

Updates sigs.k8s.io/release-utils from 0.12.3 to 0.12.4

Release notes

Sourced from sigs.k8s.io/release-utils's releases.

v0.12.4

Changes by Kind

Bug

• Fix shared default options mutation across http agents. NewAgent() previously returned agents all pointing to the same options struct, so calling any With*() method on one agent would mutate all agents. (#182, @​saschagrunert) [SIG Release]

Feature

• The http.Agent now supports setting custom clients with WithClient() (#169, @​puerco) [SIG Release]

Other (Cleanup or Flake)

• Bump cosign and golangci-lint (#179, @​cpanato) [SIG Release]

Dependencies

Added

• github.com/cespare/xxhash/v2: v2.3.0

Changed

• github.com/clipperhouse/displaywidth: v0.6.2 → v0.10.0
• github.com/clipperhouse/uax29/v2: v2.3.0 → v2.6.0
• github.com/olekukonko/errors: v1.1.0 → v1.2.0
• github.com/olekukonko/ll: 9e59c22 → v0.1.6
• github.com/olekukonko/tablewriter: v1.1.3 → v1.1.4

Removed

Nothing has changed.

Commits

• c5ec679 Merge pull request #182 from saschagrunert/fix/agent-shared-options
• e3734a4 Fix shared default options mutation across agents
• 96f97ba Merge pull request #181 from kubernetes-sigs/dependabot/github_actions/action...
• 6f678e3 build(deps): bump the actions group with 2 updates
• c2cdc95 Merge pull request #179 from cpanato/updates
• d5a73e4 fix lints
• a4f2787 bump cosign and golangci-lint
• d1b29d9 Merge pull request #177 from kubernetes-sigs/dependabot/docker/all-9adf8b7ea7
• ffec3c4 build(deps): bump golang from 1.26.0 to 1.26.1 in the all group
• ae59572 Merge pull request #178 from kubernetes-sigs/dependabot/go_modules/all-c0a0eb...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions