build(deps): Bump github.com/fsnotify/fsnotify from 1.9.0 to 1.10.0 in /tools/cosmovisor

[dependabot]

Bumps github.com/fsnotify/fsnotify from 1.9.0 to 1.10.0.

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.10.0

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.10.0 2026-04-30

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Commits

• 8d01d7b Release 1.10.0
• 602284e Update changelog
• 7f03e59 kqueue: skip ENOENT entries in watchDirectoryFiles (#748)
• dab9dde windows: lock watch field updates against concurrent WatchList (#709) (#749)
• eadf267 kqueue: drop watches directly in Close() instead of going through remove() (#...
• fdcafbf avoid copying inotify event buffers (#741)
• 7cf61a8 update minimum Go version requirement to 1.23 in README.md (#747)
• 907df2a run go fix ./... (#746)
• e53b542 all: bump minimum Go version to 1.23 (#744)
• 0ead6d1 windows: re-enable chanClosed check in TestClose/events_not_read (#743)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

PR author is not in the allowed authors list.

[aljo242]

Pushed chore: merge main into dependabot fsnotify bump to refresh the branch (it was behind main) and re-run CI.

On the earlier run (2026-05-01), the three red checks look environment / org, not the dependency change:

1. check-signed-commits — workflow hit GitHub API rate limit (403) while listing PR commits (installation rate limit), not “unsigned commit” verification.
2. main (Lint PR / semantic PR) — same API rate limit in action-semantic-pull-request.
3. dependency-review — action reported “Dependency review is not supported on this repository” (dependency graph / security analysis settings), not a vulnerability in this bump.

Check go mod tidy, builds, lint, and the full test matrix were green on that run. fsnotify v1.10.0 requires Go 1.23+ per upstream; the repo is already on a newer toolchain, so that constraint is satisfied.

Please re-run failed jobs or wait for the new push’s workflows; if dependency-review keeps failing, org settings may need Dependency graph / dependency review enabled, or the workflow adjusted for this repo.

[github-actions]

🔒 WARNING: unsigned commits detected

This pull request contains 1 commit(s) without a verified signature.

How to fix:

1. Set up commit signing (GPG or SSH).
2. Amend/rebase so every commit in this PR is verified-signed.
3. Push the updated branch and open a new PR, or ask a maintainer to reopen once fixed.

Docs: https://docs.github.com/authentication/managing-commit-signature-verification

Unsigned commits:

• eb28c0f — chore: merge main into dependabot fsnotify bump

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.71%. Comparing base (af6f378) to head (e328bc9).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #26365      +/-   ##
==========================================
- Coverage   65.16%   64.71%   -0.46%     
==========================================
  Files         919      890      -29     
  Lines       60782    58840    -1942     
==========================================
- Hits        39609    38078    -1531     
+ Misses      21173    20762     -411     

see 63 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

🔒 WARNING: unsigned commits detected

This pull request contains 1 commit(s) without a verified signature.

How to fix:

1. Set up commit signing (GPG or SSH).
2. Amend/rebase so every commit in this PR is verified-signed.
3. Push the updated branch and open a new PR, or ask a maintainer to reopen once fixed.

Docs: https://docs.github.com/authentication/managing-commit-signature-verification

Unsigned commits:

• eb28c0f — chore: merge main into dependabot fsnotify bump