Bump the go-modules group with 6 updates

[dependabot]

Bumps the go-modules group with 6 updates:

Package	From	To
github.com/anchore/syft	1.43.0	1.44.0
github.com/docker/cli	29.4.1+incompatible	29.4.2+incompatible
github.com/gookit/color	1.6.0	1.6.1
github.com/pelletier/go-toml/v2	2.3.0	2.3.1
github.com/pjbgf/sha1cd	0.5.0	0.6.0
google.golang.org/grpc	1.80.0	1.81.0

Updates github.com/anchore/syft from 1.43.0 to 1.44.0

Release notes

Sourced from github.com/anchore/syft's releases.

v1.44.0

Added Features

• Add support for linux-riscv64 [#4757 @​luhenry]

Bug Fixes

• Yarn lockfile cataloguing does not handle aliases [#4833 #4836 @​cyphercodes]
• Some snippet files are saved in the previous test directory [#4829 #4830 @​witchcraze]
• empty rockspec causes index out of range [#4824 #4827 @​aki1770-del]
• PE cataloger shows asp.net core ref assemblies using fileversion build stamp instead of productversion [#4813 #4814 @​rezmoss]
• Syft safeCopy silently swallows archive decompression errors [#4806 #4807 @​SAY-5]

(Full Changelog)

Commits

• 8cb78ce fix: resolve yarn lock aliases to source package (#4836)
• 3b046b3 chore: move snippet files from test-fixtures to testdata (#4830)
• 05cc8ee Add support for linux-riscv64 (#4757)
• 3562dab fix(lua-rockspec): handle empty and whitespace-only rockspec files gracefully...
• 014a4c9 chore: tidy go.mod (#4823)
• 3cb838e fixed pe dotnet wrong ver , fixed #4813 (#4814)
• 758324b fix: propagate non-EOF errors out of safeCopy (#4807)
• See full diff in compare view

Updates github.com/docker/cli from 29.4.1+incompatible to 29.4.2+incompatible

Commits

• See full diff in compare view

Updates github.com/gookit/color from 1.6.0 to 1.6.1

Release notes

Sourced from github.com/gookit/color's releases.

v1.6.1

Change Log

Fixed

• fix: re-apply color after nested reset in RenderString (#119) gookit/color@e58a899
• fix(detect): should enable VTP on windows CMD,PWSH gookit/color@2bb27a5
• fix(convert): incorrect conversion between integer types gookit/color@1245572

Other

• build(deps): bump github/codeql-action from 3 to 4 (#113) gookit/color@2e18426
• build(deps): bump actions/checkout from 5 to 6 (#115) gookit/color@ed1b9cc
• Add 'stable' to Go version matrix and update action gookit/color@de1e243
• ci(release): remove Go version matrix and simplify build steps in release action gookit/color@d232e11

Commits

• d232e11 ci(release): remove Go version matrix and simplify build steps in release action
• 1245572 fix(convert): incorrect conversion between integer types
• 2bb27a5 fix(detect): should enable VTP on windows CMD,PWSH
• e58a899 fix: re-apply color after nested reset in RenderString (#119)
• de1e243 Add 'stable' to Go version matrix and update action
• ed1b9cc build(deps): bump actions/checkout from 5 to 6 (#115)
• 2e18426 build(deps): bump github/codeql-action from 3 to 4 (#113)
• See full diff in compare view

Updates github.com/pelletier/go-toml/v2 from 2.3.0 to 2.3.1

Release notes

Sourced from github.com/pelletier/go-toml/v2's releases.

v2.3.1

What's Changed

Fixed bugs

• Fix incorrect error positions in unstable parser Range() (#1047) by @​pelletier in pelletier/go-toml#1056
• fix: change DisallowUnknownFields error from "missing field" to "unknown field" by @​Yanhu007 in pelletier/go-toml#1054

Other changes

• README.md: remove reference to old go versions and modules by @​maruel in pelletier/go-toml#1048

New Contributors

• @​Yanhu007 made their first contribution in pelletier/go-toml#1054
• @​maruel made their first contribution in pelletier/go-toml#1048

Full Changelog: pelletier/go-toml@v2.3.0...v2.3.1

Commits

• f85c4e8 README.md: remove reference to old go versions and modules (#1048)
• 45d4fb4 fix: change DisallowUnknownFields error from "missing field" to "unknown fiel...
• c171216 Fix incorrect error positions in unstable parser Range() (#1047) (#1056)
• See full diff in compare view

Updates github.com/pjbgf/sha1cd from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/pjbgf/sha1cd's releases.

v0.6.0

What's Changed

• Change the nightly fuzzer to weekly by @​pjbgf in pjbgf/sha1cd#200
• build(deps): Bump actions/checkout from 4.2.2 to 6.0.1 by @​dependabot[bot] in pjbgf/sha1cd#204
• build(deps): Bump github/codeql-action from 3.29.2 to 4.31.9 by @​dependabot[bot] in pjbgf/sha1cd#203
• build(deps): Bump golang from 1.24 to 1.25 by @​dependabot[bot] in pjbgf/sha1cd#202
• build(deps): Bump actions/setup-go from 5.5.0 to 6.1.0 by @​dependabot[bot] in pjbgf/sha1cd#201
• Performance improvements for AMD64 and Generic by @​pjbgf in pjbgf/sha1cd#205
• Remove self-registration via crypto.RegisterHash by @​pjbgf in pjbgf/sha1cd#206

Full Changelog: pjbgf/sha1cd@v0.5.0...v0.6.0

Commits

• f90af0d Merge pull request #206 from pjbgf/drop-self-registration
• 6ff015a Remove self-registration via crypto.RegisterHash
• ba31b91 Merge pull request #205 from pjbgf/performance
• 2f0cc80 Enable entire
• 11223cf perf(amd64): Replace LOADCS extract chain with shuffle+store
• 21916d9 perf: Pass collision-detection arrays by pointer
• 5470964 Merge pull request #201 from pjbgf/dependabot/github_actions/actions/setup-go...
• d7b3b63 build(deps): Bump actions/setup-go from 5.5.0 to 6.1.0
• 8750e70 Merge pull request #202 from pjbgf/dependabot/docker/golang-1.25
• 3bed41f Merge pull request #203 from pjbgf/dependabot/github_actions/github/codeql-ac...
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.80.0 to 1.81.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.0

Behavior Changes

• balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

• Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

• xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
• transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
• xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

• grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
• xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
• xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
• xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
• stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
• mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)
  • Special Thanks: @​ash2k

Performance Improvements

• alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
• transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Commits

• cb18228 Change version to 1.81.0 (#9062)
• 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
• 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
• 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
• af8a936 deps: update dependencies for all modules (#9065)
• cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
• 208d053 xds/resolver: pass complete XDSConfig in RPC context for HTTP filters (gRFC A...
• 50fe1cc test: Fix flaky test TestServerStreaming_ClientCallRecvMsgTwice in `end2end...
• d574bad build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#9050)
• b8bf4d0 build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /inte...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions