⬆️ go: Bump the go group across 1 directory with 3 updates

[dependabot]

Bumps the go group with 3 updates in the / directory: github.com/alecthomas/kong, github.com/fatih/color and github.com/zclconf/go-cty.

Updates github.com/alecthomas/kong from 1.14.0 to 1.15.0

Commits

• 14c97a2 fix: Allow the root node to define Help() (#593)
• db42183 feat: allow explicitly set path with default to an empty string to clear it (...
• a2df5f5 Add a generic BindFor that can usually replace BindTo (#590)
• 258b13a fix: Do not open the default file that might be non existent if the value was...
• 95675de feat: signature defaults (#581)
• See full diff in compare view

Updates github.com/fatih/color from 1.18.0 to 1.19.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.19.0

What's Changed

• Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @​dependabot[bot] in fatih/color#246
• Fix for issue #230 set/unsetwriter symmetric wrt color support detection by @​ataypamart in fatih/color#243
• chore: go mod cleanup by @​sashamelentyev in fatih/color#244
• Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @​dependabot[bot] in fatih/color#249
• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot[bot] in fatih/color#248
• Update CI and go deps by @​fatih in fatih/color#254
• Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @​dependabot[bot] in fatih/color#268
• fix: include escape codes in byte counts from Fprint, Fprintf by @​qualidafial in fatih/color#282
• Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @​dependabot[bot] in fatih/color#277
• fix: add nil check for os.Stdout to prevent panic on Windows services by @​majiayu000 in fatih/color#275
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @​dependabot[bot] in fatih/color#259
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in fatih/color#273
• Optimize Color.Equals performance (O(n²) → O(n)) by @​UnSubble in fatih/color#269
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in fatih/color#266

New Contributors

• @​ataypamart made their first contribution in fatih/color#243
• @​sashamelentyev made their first contribution in fatih/color#244
• @​qualidafial made their first contribution in fatih/color#282
• @​majiayu000 made their first contribution in fatih/color#275
• @​UnSubble made their first contribution in fatih/color#269

Full Changelog: fatih/color@v1.18.0...v1.19.0

Commits

• ca25f6e Merge pull request #266 from fatih/dependabot/github_actions/actions/setup-go-6
• 1205984 Bump actions/setup-go from 5 to 6
• 5715c20 Merge pull request #269 from UnSubble/main
• 2f6e200 Merge branch 'main' into main
• f72ec94 Merge pull request #273 from fatih/dependabot/github_actions/actions/checkout-6
• 848e633 Merge branch 'main' into main
• 4c2cd34 Add tests
• 7f812f0 Bump actions/checkout from 4 to 6
• b7fc9f9 Merge pull request #259 from fatih/dependabot/github_actions/dominikh/staticc...
• 239a88f Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0
• Additional commits viewable in compare view

Updates github.com/zclconf/go-cty from 1.18.0 to 1.18.1

Changelog

Sourced from github.com/zclconf/go-cty's changelog.

1.18.1 (April 16, 2026)

• stdlib: ContainsFunc now allows its second argument to be null, to test whether the given collection contains any null elements.
• stdlib: MergeFunc no longer panics if all of its arguments are null values of the same object type with at least one attribute.

Commits

• dcb5db6 v1.18.1
• 77d87c2 stdlib: no MergeFunc crash with null values of object type
• 6854da9 stdlib: ContainsFunc allows testing for presence of null value
• ddb73de Begin development of v1.18.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 4 package(s) with unknown licenses.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/alecthomas/kong	1.15.0	Null	Unknown License
github.com/fatih/color	1.19.0	Null	Unknown License
github.com/mattn/go-colorable	0.1.14	Null	Unknown License
github.com/zclconf/go-cty	1.18.1	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/alecthomas/kong	1.15.0	Unknown	Unknown
gomod/github.com/fatih/color	1.19.0	Unknown	Unknown
gomod/github.com/mattn/go-colorable	0.1.14	Unknown	Unknown
gomod/github.com/zclconf/go-cty	1.18.1	Unknown	Unknown
gomod/golang.org/x/sys	0.42.0	Unknown	Unknown

Scanned Files

• go.mod