build(deps): bump the minor-and-patch group with 8 updates

[dependabot]

Bumps the minor-and-patch group with 8 updates:

Package	From	To
github.com/go-webauthn/webauthn	0.15.0	0.16.1
github.com/testcontainers/testcontainers-go/modules/postgres	0.40.0	0.41.0
golang.org/x/crypto	0.48.0	0.49.0
golang.org/x/oauth2	0.35.0	0.36.0
github.com/golang-jwt/jwt/v5	5.3.0	5.3.1
github.com/xraph/dispatch	1.3.0	1.3.1
github.com/xraph/ledger	1.3.0	1.3.1
github.com/xraph/vault	1.3.0	1.3.1

Updates github.com/go-webauthn/webauthn from 0.15.0 to 0.16.1

Release notes

Sourced from github.com/go-webauthn/webauthn's releases.

v0.16.1

v0.16.1 (2026-03-12)

Bug Fixes

• webauthncose: validate keys earlier (#615) (18ca901)

v0.16.0

0.16.0 (2026-03-01)

Bug Fixes

• webauthn: empty top origins not allowed (#562) (fe3b74c), closes #537
• webauthn: session expiration not enforced (#561) (f5adbbf), closes #552

Features

• protocol: compound attestation statements (#571) (cc4e649)
• protocol: enhance rpid validation (#564) (7610304), closes #553
• protocol: signals structs (#574) (f75a34a)
• webauthncose: allow ber integers in ecdsa sigs (#593) (68db4d4), closes #408
• webauthn: return explicit error on unknown credential (#560) (1defb4a), closes #550

Commits

• dbe10a2 build(deps): update module github.com/go-webauthn/x to v0.2.2 (#618)
• 18ca901 fix(webauthncose): validate keys earlier (#615)
• d45f1bb build(deps): update step-security/harden-runner action to v2.15.1 (#616)
• 70195d2 build(deps): update actions/dependency-review-action action to v4.9.0 (#614)
• 79cb507 build(deps): update github/codeql-action action to v4.32.6 (#613)
• bfefda6 build(deps): update dependency go to v1.26.1 (#617)
• 68db4d4 feat(webauthncose): allow ber integers in ecdsa sigs (#593)
• 16f192f build(deps): update actions/upload-artifact action to v7 (#612)
• 24f2869 build(deps): update actions/setup-go action to v6.3.0 (#611)
• 76502c0 build(deps): update step-security/harden-runner action to v2.15.0 (#610)
• Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go/modules/postgres from 0.40.0 to 0.41.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go/modules/postgres's releases.

v0.41.0

What's Changed

🚀 Features

• feat: add TiDB module (#3575) @​iyiola-dev
• feat: add Forgejo module (#3556) @​s04
• feat: improve container conflict detection (#3574) @​Desuuuu
• feat(azure): add lowkey vault container (#3542) @​nagyesta
• feat(chroma): update to chroma 1.x (#3552) @​tazarov
• feat(cassandra): add ssl option cassandra (#3151) @​MitulShah1

🐛 Bug Fixes

• fix(redpanda): closing provider in test after use (#3539) @​mabrarov
• fix: docker auth for docker.io images (#3482) @​LaurentGoderre
• fix(solace): set ulimits for container (#3497) @​mdelapenya
• fix(kafka): strip architecture suffix from Kafka image tags for semver parsing (#3276) @​asahasrabuddhe

📖 Documentation

• docs(metrics): automate usage metrics collection and publish it in the docs site (#3495) @​mdelapenya

🧹 Housekeeping

• chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#3560) @dependabot[bot]
• chore(pulsar): bump base image to 4.x, replacing the wait for log strategy with wait for listening port (deterministic) (#3573) @​mdelapenya
• chore(deps): bump github.com/modelcontextprotocol/go-sdk from 1.0.0 to 1.3.1 in /modules/dockermcpgateway (#3557) @dependabot[bot]
• chore: update usage metrics (2026-03-02) (#3565) @github-actions[bot]
• chore(deps): bump mkdocs-include-markdown-plugin from 7.2.0 to 7.2.1 (#3547) @dependabot[bot]
• chore(deps): bump tj-actions/changed-files from 47.0.0 to 47.0.1 (#3546) @dependabot[bot]
• chore(deps): bump actions/upload-artifact from 4.6.2 to 6.0.0 (#3545) @dependabot[bot]
• chore: update usage metrics (2026-02-02) (#3551) @github-actions[bot]
• chore(deps): bump pymdown-extensions from 10.8.1 to 10.16.1 (#3513) @dependabot[bot]
• chore: update usage metrics (2026-01-01) (#3515) @github-actions[bot]
• chore: update usage metrics (2025-12-01) (#3506) @github-actions[bot]
• chore(metrics): allow sending PRs from the workflow (#3503) @​mdelapenya
• fix(metrics): use the right CSV file (#3502) @​mdelapenya
• fix(metrics): use the right CSV file (#3501) @​mdelapenya
• chore(metrics): even better rate limit strategy (#3500) @​mdelapenya
• chore(metrics): properly detect rate limits (#3499) @​mdelapenya
• fix(metrics): set GH _TOKEN in workflow (#3498) @​mdelapenya

📦 Dependency updates

• fix: update compose-replace Makefile target to use compose/v5 (#3590) @​mdelapenya
• chore(deps): bump atomicjar/testcontainers-cloud-setup-action from 1.3.0 to 1.4.0 (#3559) @dependabot[bot]
• chore(deps): bump golang.org/x/text from 0.14.0 to 0.34.0 in /modulegen (#3582) @dependabot[bot]
• chore(deps): bump mkdocs-codeinclude-plugin from 0.2.1 to 0.3.1 (#3579) @dependabot[bot]
• chore(deps): bump golang.org/x/mod from 0.16.0 to 0.33.0 in /modulegen (#3583) @dependabot[bot]
• chore(deps): bump github.com/aerospike/aerospike-client-go/v8 from 8.2.0 to 8.6.0 in /modules/aerospike (#3584) @dependabot[bot]

... (truncated)

Commits

• 2ea97c8 chore: use new version (v0.41.0) in modules and examples
• 9a663f7 fix: update compose-replace Makefile target to use compose/v5 (#3590)
• 10481c2 chore(deps): bump atomicjar/testcontainers-cloud-setup-action (#3559)
• bdb12dd chore(deps): bump golang.org/x/text from 0.14.0 to 0.34.0 in /modulegen (#3582)
• 5bd7f07 chore(deps): bump mkdocs-codeinclude-plugin from 0.2.1 to 0.3.1 (#3579)
• c9ccfc5 chore(deps): bump golang.org/x/mod from 0.16.0 to 0.33.0 in /modulegen (#3583)
• 21ec740 chore(deps): bump github.com/aerospike/aerospike-client-go/v8 from 8.2.0 to 8...
• fb47b82 chore(deps): bump golang.org/x/mod in /modules/localstack (#3587)
• 6686e31 chore(deps): bump golang.org/x/mod in /modules/elasticsearch (#3585)
• 0656548 chore(deps): bump golang.org/x/mod in /modules/redpanda (#3588)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.49.0

Commits

• 982eaa6 go.mod: update golang.org/x dependencies
• 159944f ssh,acme: clean up tautological/impossible nil conditions
• a408498 acme: only require prompt if server has terms of service
• cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
• 2f26647 x509roots/fallback: update bundle
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits

• 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

• Add spellcheck Github action to catch common spelling mistakes by @​equalsgibson in golang-jwt/jwt#458
• Add WithNotBeforeRequired parser option and add test coverage by @​equalsgibson in golang-jwt/jwt#456
• Update godoc example func to properly refer to NewWithClaims() by @​equalsgibson in golang-jwt/jwt#459
• Update github workflows by @​mfridman in golang-jwt/jwt#462
• Additional test for CustomClaims that validates unmarshalling behaviour by @​equalsgibson in golang-jwt/jwt#457
• Fix early file close in jwt cli by @​mfridman in golang-jwt/jwt#472
• Add TPM signature reference by @​salrashid123 in golang-jwt/jwt#473
• Remove misleading ParserOptions documentation in golang-jwt/jwt#484
• Save signature to Token struct after successful signing by @​EgorSheff in golang-jwt/jwt#417
• Set token.Signature in ParseUnverified by @​slickwilli in golang-jwt/jwt#414

👒 Dependencies

• Bump crate-ci/typos from 1.34.0 to 1.35.3 by @​dependabot[bot] in golang-jwt/jwt#461
• Bump crate-ci/typos from 1.35.4 to 1.36.2 by @​dependabot[bot] in golang-jwt/jwt#470
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in golang-jwt/jwt#478
• Bump crate-ci/typos from 1.36.2 to 1.39.0 by @​dependabot[bot] in golang-jwt/jwt#480
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in golang-jwt/jwt#481
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#469
• Bump crate-ci/typos from 1.39.0 to 1.40.0 by @​dependabot[bot] in golang-jwt/jwt#488
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#487
• Bump crate-ci/typos from 1.40.0 to 1.41.0 by @​dependabot[bot] in golang-jwt/jwt#490
• Bump crate-ci/typos from 1.41.0 to 1.42.1 by @​dependabot[bot] in golang-jwt/jwt#492

New Contributors

• @​equalsgibson made their first contribution in golang-jwt/jwt#458
• @​salrashid123 made their first contribution in golang-jwt/jwt#473
• @​EgorSheff made their first contribution in golang-jwt/jwt#417
• @​slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits

• 7ceae61 Add release.yml for changelog configuration
• dce8e4d Set token.Signature in ParseUnverified (#414)
• 8889e20 Save signature to Token struct after successful signing (#417)
• d237f82 ci: update github-actions schedule interval to monthly
• d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
• e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
• e6a0afa Bump actions/checkout from 5 to 6 (#487)
• 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
• 60a8669 Bump actions/setup-go from 5 to 6 (#469)
• 76f5828 Remove misleading ParserOptions documentation (#484)
• Additional commits viewable in compare view

Updates github.com/xraph/dispatch from 1.3.0 to 1.3.1

Commits

• 1b8bebe refactor: add request schemas for job, workflow, DLQ, and cron routes
• See full diff in compare view

Updates github.com/xraph/ledger from 1.3.0 to 1.3.1

Release notes

Sourced from github.com/xraph/ledger's releases.

v1.3.1

Changes

• chore: update dependencies for forge and grove to version 1.3.1 (a29fce4)

---

Installation

go get github.com/xraph/ledger@v1.3.1

Full Changelog: xraph/ledger@v1.3.0...v1.3.1

Commits

• a29fce4 chore: update dependencies for forge and grove to version 1.3.1
• See full diff in compare view

Updates github.com/xraph/vault from 1.3.0 to 1.3.1

Release notes

Sourced from github.com/xraph/vault's releases.

v1.3.1

Changes

• fix: update forge and grove dependencies to version 1.3.1 (bd507c0)

---

Installation

go get github.com/xraph/vault@v1.3.1

Full Changelog: xraph/vault@v1.3.0...v1.3.1

Commits

• bd507c0 fix: update forge and grove dependencies to version 1.3.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
authsome	Ready	Preview, Comment	Mar 16, 2026 6:30pm