chore: bump the go_modules group across 1 directory with 8 updates

[dependabot]

Bumps the go_modules group with 5 updates in the / directory:

Package	From	To
github.com/golang-jwt/jwt/v5	5.2.1	5.2.2
github.com/redis/go-redis/v9	9.7.0	9.7.3
github.com/snowflakedb/gosnowflake	1.12.0	1.13.3
github.com/go-jose/go-jose/v4	4.0.1	4.0.5
github.com/ClickHouse/ch-go	0.61.5	0.65.0

Updates github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.2.2

What's Changed

• Fixed GHSA-mh63-6h87-95cp by @​mfridman
• Fixed some typos by @​Ashikpaul in golang-jwt/jwt#382
• build: add go1.22 to ci workflows by @​mfridman in golang-jwt/jwt#383
• Bump golangci/golangci-lint-action from 4 to 5 by @​dependabot in golang-jwt/jwt#387
• Bump golangci/golangci-lint-action from 5 to 6 by @​dependabot in golang-jwt/jwt#389
• chore: bump ci tests to include go1.23 by @​mfridman in golang-jwt/jwt#405
• Fix jwt -show by @​AlexanderYastrebov in golang-jwt/jwt#406
• docs: typo by @​kvii in golang-jwt/jwt#407
• Update SECURITY.md by @​oxisto in golang-jwt/jwt#416
• Update jwt.Parse example to use jwt.WithValidMethods by @​mattt in golang-jwt/jwt#425

New Contributors

• @​Ashikpaul made their first contribution in golang-jwt/jwt#382
• @​kvii made their first contribution in golang-jwt/jwt#407
• @​mattt made their first contribution in golang-jwt/jwt#425

Full Changelog: golang-jwt/jwt@v5.2.1...v5.2.2

Commits

• 0951d18 Merge commit from fork
• c035977 Update Parse example to use WithValidMethods (#425)
• bc8bdca Update SECURITY.md (#416)
• 5ec246c docs: typo (#407)
• 0123f1a Fix jwt -show (#406)
• f961c72 chore: bump ci tests to include go1.23 (#405)
• 62e504c Bump golangci/golangci-lint-action from 5 to 6 (#389)
• 1a56dcf Bump golangci/golangci-lint-action from 4 to 5 (#387)
• c8043ea build: add go1.22 to ci workflows (#383)
• 7c3f6dc Update README.md (#382)
• See full diff in compare view

Updates github.com/redis/go-redis/v9 from 9.7.0 to 9.7.3

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

v9.7.3

What's Changed

• fix: handle network error on SETINFO (#3295) (CVE-2025-29923)
• Deprecating misspelled DisableIndentity flag in the client options.
• Introducing DisableIdentity flag in the client options.
• Updating the documentation related to the new flag and the one that was deprecated.

Full Changelog: redis/go-redis@v9.7.1...v9.7.3

v9.7.1

Changes

• Recognize byte slice for key argument in cluster client hash slot computation (#3049)
• fix(search&aggregate):fix error overwrite and typo #3220 (#3224)
• fix: linter configuration (#3279)
• fix(search): if ft.aggregate use limit when limitoffset is zero (#3275)
• Reinstate read-only lock on hooks access in dialHook to fix data race (#3225)
• fix: flaky ClientKillByFilter test (#3268)
• chore: fix some comments (#3226)
• fix(aggregate, search): ft.aggregate bugfixes (#3263)
• fix: add unstableresp3 to cluster client (#3266)
• Fix race condition in clusterNodes.Addrs() (#3219)
• SortByWithCount FTSearchOptions fix (#3201)
• Eliminate redundant dial mutex causing unbounded connection queue contention (#3088)
• Add guidance on unstable RESP3 support for RediSearch commands to README (#3177)

🚀 New Features

• Add guidance on unstable RESP3 support for RediSearch commands to README (#3177)

🐛 Bug Fixes

• fix(search): if ft.aggregate use limit when limitoffset is zero (#3275)
• fix: add unstableresp3 to cluster client (#3266)
• fix(aggregate, search): ft.aggregate bugfixes (#3263)
• SortByWithCount FTSearchOptions fix (#3201)
• Recognize byte slice for key argument in cluster client hash slot computation (#3049)

Contributors

We'd like to thank all the contributors who worked on this release!

@​ofekshenawa, @​Cgol9, @​LINKIWI, @​shawnwgit, @​zhuhaicity, @​bitsark, @​vladvildanov, @​ndyakov

Full Changelog: redis/go-redis@v9.7.0...v9.7.1

Commits

• a29d91d release 9.7.3, retract 9.7.2 (#3314)
• ce3034c bump version to 9.7.2
• 0af2b32 fix: handle network error on SETINFO (#3295) (CVE-2025-29923)
• 3d041a1 release: 9.7.1 patch (#3278)
• See full diff in compare view

Updates github.com/snowflakedb/gosnowflake from 1.12.0 to 1.13.3

Release notes

Sourced from github.com/snowflakedb/gosnowflake's releases.

Release

• Please check Snowflake Go Snowflake for release notes.

Release

• Please check Snowflake Go Snowflake for release notes.

Release

• Please check Snowflake Go Snowflake for release notes.

Release

• Please check Snowflake Go Snowflake for release notes.

Release

• Please check Snowflake Go Snowflake for release notes.

Commits

• 3d3e3b0 PATCH: Bumped up GoLang connector PATCH version from 1.13.2 to 1.13.3 (#1383)
• ba94a48 SNOW-1155452 Fix race condition on perm checking for easy logging (#1382)
• 14db80d SNOW-18254476 Readd PrPr for PAT and OAuth (#1381)
• 96413d8 SNOW-1825500: Add OAuth Authorization Code, Client Credentials & Refresh Toke...
• bee8f03 SNOW-2042000 Treat all non-Windows systems the same (#1372)
• 750a0f3 SNOW-2034185: Remove reencryption when retry PUT upload (#1364)
• c195281 SNOW-2026797 Adding PAT tests (#1374)
• ae006c1 SNOW-2040000 change default tag to bptp-stable (#1366)
• fb3995b SNOW-1825476 Remove PAT with password instead of token (#1357)
• 912819c NO-SNOW Hide logger enabled flag behind mutex (#1358)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.28.0 to 0.32.0

Commits

• 8929309 go.mod: update golang.org/x dependencies
• 4a75ba5 all: make function and struct comments match the names
• b4f1988 ssh: make the public key cache a 1-entry FIFO cache
• 7042ebc openpgp/clearsign: just use rand.Reader in tests
• 3e90321 go.mod: update golang.org/x dependencies
• 8c4e668 x509roots/fallback: update bundle
• 6018723 go.mod: update golang.org/x dependencies
• 71ed71b README: don't recommend go get
• 750a45f sha3: add MarshalBinary, AppendBinary, and UnmarshalBinary
• 36b1725 sha3: avoid trailing permutation
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.23.0 to 0.26.0

Commits

• b9c813b google: add warning about externally-provided credentials
• 49a531d all: make method and struct comments match the names
• 22134a4 README: don't recommend go get
• See full diff in compare view

Updates github.com/go-jose/go-jose/v4 from 4.0.1 to 4.0.5

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.0.5

What's Changed

• Don't allow unbounded amounts of splits by @​mcpherrinm in go-jose/go-jose#167

Fixes GHSA-c6gw-w398-hv78

Various other dependency updates, small fixes, and documentation updates in the full changelog

New Contributors

• @​tgeoghegan made their first contribution in go-jose/go-jose#161

Full Changelog: go-jose/go-jose@v4.0.4...v4.0.5

Version 4.0.4

Fixed

• Reverted "Allow unmarshalling JSONWebKeySets with unsupported key types" as a breaking change. See #136 / #137.

Version 4.0.3

Changed

• Allow unmarshalling JSONWebKeySets with unsupported key types (#130)
• Document that OpaqueKeyEncrypter can't be implemented (for now) (#129)
• Dependency updates

Version 4.0.2

What's Changed

• Improved documentation of Verify() to note that JSONWebKeySet is a supported argument type
• Defined exported error values for missing x5c header and unsupported elliptic curves error cases

New Contributors

• @​mitar made their first contribution in go-jose/go-jose#104
• @​milosgajdos made their first contribution in go-jose/go-jose#117

Full Changelog: go-jose/go-jose@v4.0.1...v4.0.2

Commits

• 99b346c Don't allow unbounded amounts of splits (#167)
• 22811e7 Fix broken link in README.md (#161)
• 9dde849 Remove CLA mentions from CONTRIBUTING.md (#160)
• 89172c5 Bump golang.org/x/crypto from 0.31.0 to 0.32.0 (#158)
• ee05e01 Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#157)
• c0aef3e Bump golang.org/x/crypto from 0.25.0 to 0.31.0 (#156)
• fdc2ceb Remove export disclaimer (#146)
• 10c69ef Short circuit return errors from JSONWebKey.UnmarshalJSON() (#141)
• 15bc4c2 Update CHANGELOG for 4.0.4 (#138)
• f3534ca Revert #130: JSONWebKeySet: ignore unsupported key types (#137)
• Additional commits viewable in compare view

Updates github.com/ClickHouse/ch-go from 0.61.5 to 0.65.0

Release notes

Sourced from github.com/ClickHouse/ch-go's releases.

v0.65.0

What's Changed

• perf(compress.writer): allow creating a compress.writer with custom supported methods by @​pablomatiasgomez in ClickHouse/ch-go#1039
• perf(compressor): reduce memory by using new compression code by @​SpencerTorres in ClickHouse/ch-go#1040
• fix(compressor): fixing an overflow that could potentially smuggle query in from data by @​santrancisco in ClickHouse/ch-go#1041

Breaking change if you were manually using the Writer from the compress package.

New Contributors

• @​pablomatiasgomez made their first contribution in ClickHouse/ch-go#1039
• @​santrancisco made their first contribution in ClickHouse/ch-go#1041

Full Changelog: ClickHouse/ch-go@v0.64.1...v0.65.0

v0.64.1

What's Changed

• docs: add LowCardinality(String) example by @​ernado in ClickHouse/ch-go#1036
• fix: expose underlying string column for json by @​SpencerTorres in ClickHouse/ch-go#1037

Full Changelog: ClickHouse/ch-go@v0.64.0...v0.64.1

v0.64.0

What's Changed

• ci: upd version list by @​ernado in ClickHouse/ch-go#938
• feat: col_datetime add appendraw method by @​lzf575 in ClickHouse/ch-go#957
• ci: update version list by @​ernado in ClickHouse/ch-go#1035
• feat: json string column by @​SpencerTorres in ClickHouse/ch-go#1034

New Contributors

• @​lzf575 made their first contribution in ClickHouse/ch-go#957
• @​SpencerTorres made their first contribution in ClickHouse/ch-go#1034

Full Changelog: ClickHouse/ch-go@v0.63.1...v0.64.0

v0.63.1

What's Changed

• fix(proto): properly handle Enum8 and Enum8(...) in conflicts checker by @​tdakkota in ClickHouse/ch-go#438

Full Changelog: ClickHouse/ch-go@v0.63.0...v0.63.1

... (truncated)

Commits

• 0e83566 Merge pull request #1041 from ClickHouse/fix_potential_overflow
• b64209f refactor: simplify overflow check
• 05fba0a fix(security): overflow that could smuggle query
• aadb7ee Merge pull request #1040 from ClickHouse/compressor_etc
• 65a3012 perf(compressor): use new compression code, refactor/optimize
• 4cdb83a Merge pull request #1039 from pablomatiasgomez/allow-creating-compressor-with...
• b9258c0 perf(compress.writer): revert back to ifs in NewWriterWithMethods
• 743c9d7 perf(compress.writer): use %s instead of %v
• b26ebf4 perf(compress.writer): revert nil check and use fixed length array
• 1d4ba47 perf(compress.writer): remove methods map and instaed do nil check
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.30.0 to 0.34.0

Commits

• 8da7ed1 go.mod: update golang.org/x dependencies
• 2124140 all: make function and struct comments match the names
• e9d95ba http2: do not surface errors from a conn's idle timer expiring
• c2be992 quic: remember which remote connection IDs have been retired
• dfc720d go.mod: update golang.org/x dependencies
• 8e66b04 html: use strings.EqualFold instead of lowering ourselves
• b935f7b html: avoid endless loop on error token
• 9af49ef route: remove unused sizeof* consts
• 6705db9 quic: clean up crypto streams when dropping packet protection keys
• 4ef7588 quic: handle ACK frame in packet which drops number space
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}