fix(deps): update go dependencies

[TheFox0x7]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
connectrpc.com/connect	v1.19.1 → v1.19.2			require	patch
github.com/Azure/azure-sdk-for-go/sdk/azcore	v1.19.0 → v1.20.0			require	minor
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob	v1.6.2 → v1.6.3			require	patch
github.com/charmbracelet/git-lfs-transfer	6327009 → 1241631			require	digest
github.com/go-co-op/gocron/v2	v2.21.0 → v2.21.1			require	patch
github.com/go-webauthn/webauthn	v0.16.5 → v0.17.0			require	minor
github.com/jaytaylor/html2text	74c2419 → 1a4bdc8			require	digest
github.com/microsoft/go-mssqldb	v1.9.6 → v1.9.7			require	patch
github.com/urfave/cli/v3	v3.4.1 → v3.6.1			require	minor

---

Release Notes

connectrpc/connect-go (connectrpc.com/connect)

v1.19.2

Compare Source

What's Changed

Governance

• Add @​timostamm as a maintainer in #​905 🎉

Bugfixes

• Use 'deadline_exceeded' instead of 'canceled' on HTTP/2 cancelation when appropriate by @​jhump in #​904
• Fix nil pointer deref in duplexHTTPCall under concurrent Send + CloseAndReceive by @​simonferquel in #​919

Other changes

• Refactor memhttptest to work with Go 1.25 synctest by @​codefromthecrypt in #​881
• Doc clarifications by @​emcfarlane (#​911, #​912) and @​stefanvanburen (#​906)

New Contributors

• @​codefromthecrypt made their first contribution in #​881
• @​simonferquel made their first contribution in #​919

Full Changelog:

go-co-op/gocron (github.com/go-co-op/gocron/v2)

v2.21.1

Compare Source

What's Changed

• fix: remove jobs and respect stopTime in NextRuns when WithStopDateTi… by @​jcheyer in #​922

New Contributors

• @​jcheyer made their first contribution in #​922

Full Changelog: go-co-op/gocron@v2.21.0...v2.21.1

go-webauthn/webauthn (github.com/go-webauthn/webauthn)

v0.17.0

Compare Source

• fix!: split attestation type and format (#​658) (3c1e870), closes #​658 #​476
• feat!: tighten cross-origin defaults (#​647) (80cc224), closes #​647

Bug Fixes

• protocol: short-circuit apple attestation extension lookup (#​664) (5296bc7)

Features

• webauthn: add authenticator registration filtering (#​668) (0be632e)
• webauthn: credential message pack (#​660) (c7d933c)

BREAKING CHANGES

• A bug with the Credential Record which was
  introduced early in the libraries lifecycle has resulted in a
  breaking change to the Credential struct. If you are manually
  serializing this struct instead of using encoding/json you
  will be required to make manual changes; though Integrators
  should consider these notes regardless.

  • protocol.CredentialTypeFIDOU2F has been removed;
    replace uses with protocol.AttestationFormatFIDOUniversalSecondFactor
    (cast to string where the destination field is a plain string).

  • The semantics of the AttestationType field on webauthn.Credential
    and protocol.CredentialDescriptor have changed. Integrators that
    inspect this field to detect a format (typically checking for
    "fido-u2f") must switch to the new AttestationFormat field; the
    FIDO-U2F AppID and AppIDExclude extension helpers now key on
    AttestationFormat, so a descriptor literal constructed with
    AttestationType: "fido-u2f" will no longer trigger them.

  • Stored Credential JSON records are migrated transparently by the
    new UnmarshalJSON, but re-marshaled records will carry
    attestationFormat rather than a format string in attestationType;
    downstream consumers that parsed the legacy shape directly should
    be updated.

  • The Credential.Verify method has been updated and may fail in
    previous scenarios where it passed previously. It will also update
    the AttestationType value as a side-effect when used.

• The Cross-Origin verification semantics have changed
  significantly due to the stabilization of the WebAuthn Level 3
  specification. It is no longer possible to disable verification, and
  Cross-Origin ceremonies must explicitly be allowed in this release.

  • protocol.TopOriginIgnoreVerificationMode has been removed. Code that
    referenced it must switch to one of the other constants as there is
    no longer a mode which disables the Top Origin verification such as:

    • TopOriginExplicitVerificationMode; match against RPTopOrigins only
      (recommended, and the new coerced default)
    • TopOriginAutoVerificationMode; match against the union of
      RPTopOrigins and RPOrigins
    • TopOriginImplicitVerificationMode; match against RPOrigins only

  • webauthn.Config.validate now rewrites a zero-valued
    RPTopOriginVerificationMode to TopOriginExplicitVerificationMode.
    Integrators that left the field unset previously got ignore-mode
    semantics (any Top Origin accepted); they now get strict matching
    against RPTopOrigins and must populate that list, or explicitly
    select a different mode; for Cross-Origin flows to succeed.

  • Cross-Origin ceremonies (those where the authenticator reports
    crossOrigin = true in the ClientData) are rejected by default.
    Integrators that rely on iframe-embedded or other Cross-Origin WebAuthn
    flows must set webauthn.Config.RPAllowCrossOrigin = true. The library
    continues to enforce Top Origin verification on accepted Cross-Origin
    ceremonies per the configured mode.

  • protocol.CollectedClientData.Verify no longer accepts
    TopOriginIgnoreVerificationMode; callers that pass an unknown mode
    receive ErrNotImplemented with detail "unknown Top Origin
    verification mode".

microsoft/go-mssqldb (github.com/microsoft/go-mssqldb)

v1.9.7

Compare Source

What's Changed

• perf: do not copy columnStruct by @​lidavidm in #​308
• Add support for EPA by @​paraddise in #​295
• perf: use pointer receiver for columnStruct to avoid copy by @​lidavidm in #​316
• bulkcopy: fix column escaping by @​dlapko in #​253
• Fix handling of stateSep in batch package. Addresses bug #​247 by @​flaviopicci in #​248
• fix: update release-please action and config by @​dlevy-msft-sql in #​322
• Add unit tests for type conversion, SQL quoting, and error handling by @​Copilot in #​321
• docs: add LLM optimization files for AI code assistant discoverability by @​dlevy-msft-sql in #​311
• test: improve code coverage with comprehensive unit tests by @​dlevy-msft-sql in #​323

New Contributors

• @​paraddise made their first contribution in #​295
• @​flaviopicci made their first contribution in #​248
• @​dlevy-msft-sql made their first contribution in #​322

Full Changelog: microsoft/go-mssqldb@v1.9.6...v1.9.7

urfave/cli (github.com/urfave/cli/v3)

v3.6.1

Compare Source

What's Changed

• chore(deps): bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in #​2222
• feat: add ability to override usage text of default help command by @​Maks1mS in #​2196
• Fix:(issue_2223) Fix incorrect processing of empty value after = by @​dearchap in #​2224

New Contributors

• @​Maks1mS made their first contribution in #​2196

Full Changelog: urfave/cli@v3.6.0...v3.6.1

v3.6.0

Compare Source

What's Changed

• support parallel running of commands by @​oprudkyi in #​2215
• Fix:(issue_2208) Fix local flag by @​dearchap in #​2211
• chore(deps): bump the python-packages group with 2 updates by @​dependabot[bot] in #​2219
• Call actions on flags set from env by @​malclocke in #​2221

New Contributors

• @​malclocke made their first contribution in #​2221

Full Changelog: urfave/cli@v3.5.0...v3.6.0

v3.5.0

Compare Source

What's Changed

• Update mkdocs reqs by @​meatballhat in #​2190
• Allow the user to stop processing flags after seeing N args by @​adrian-thurston in #​2163
• chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @​dependabot[bot] in #​2194
• chore(deps): bump mkdocs-material from 9.6.16 to 9.6.18 in the python-packages group by @​dependabot[bot] in #​2195
• chore(deps): bump actions/setup-go from 5 to 6 by @​dependabot[bot] in #​2198
• chore(deps): bump actions/setup-node from 4 to 5 by @​dependabot[bot] in #​2199
• chore(deps): bump actions/setup-python from 5 to 6 by @​dependabot[bot] in #​2200
• chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @​dependabot[bot] in #​2197
• chore(deps): bump mkdocs-material from 9.6.18 to 9.6.19 in the python-packages group by @​dependabot[bot] in #​2201
• chore(deps): bump mkdocs-material from 9.6.19 to 9.6.20 in the python-packages group by @​dependabot[bot] in #​2202
• feat: add name of argument into error message when parsing fails by @​oprudkyi in #​2203
• chore(deps): bump mkdocs-material from 9.6.20 to 9.6.21 in the python-packages group by @​dependabot[bot] in #​2204
• add space between arguments usage by @​dimfu in #​2207
• chore(deps): bump mkdocs-material from 9.6.21 to 9.6.22 in the python-packages group by @​dependabot[bot] in #​2213
• Fix: Make DefaultText behaviour consistent by @​dearchap in #​2214

New Contributors

• @​adrian-thurston made their first contribution in #​2163
• @​oprudkyi made their first contribution in #​2203
• @​dimfu made their first contribution in #​2207

Full Changelog: urfave/cli@v3.4.1...v3.5.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.