Skip to content

build(deps): bump the go-dependencies group across 1 directory with 4 updates#1627

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-5de13213bb
Closed

build(deps): bump the go-dependencies group across 1 directory with 4 updates#1627
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-dependencies-5de13213bb

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

https://entire.io/gh/entireio/cli/trails/751

Bumps the go-dependencies group with 4 updates in the / directory: charm.land/bubbletea/v2, charm.land/lipgloss/v2, github.com/betterleaks/betterleaks and github.com/posthog/posthog-go.

Updates charm.land/bubbletea/v2 from 2.0.7 to 2.0.8

Release notes

Sourced from charm.land/bubbletea/v2's releases.

v2.0.8

Graphemes, schmraphemes

No terminal can render emojis perfectly, but we can try. This release improves some very specific edge cases around emoji rendering. Enjoy!

Changelog

  • db569adcb41d0eae251587e6a5f0cc3c7d77e8eb: fix(deps): bump ultraviolet for emoji-related rendering improvements

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits
  • fc707bb chore(examples): go mod tidy
  • db569ad chore(deps): bump ultraviolet for emoji-related rendering fixes
  • See full diff in compare view

Updates charm.land/lipgloss/v2 from 2.0.4 to 2.0.5

Release notes

Sourced from charm.land/lipgloss/v2's releases.

v2.0.5

Graphemes, Schmraphemes

If you’re using emojis in the terminal you're in for a rough ride. That said, we do what we can. This release brings some in some very specific edge case rendering improvements. Enjoy.

Enjoy!

Changelog

  • 10f9584edb197ddbbfc789081d33b6fadaea5742: chore(deps): bump ultraviolet for emoji-related improvements

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits
  • 5bd778d chore(deps): bump actions/checkout from 6 to 7 in the all group (#703)
  • f2a46ba chore(deps): bump golang.org/x/sys in the all group (#701)
  • See full diff in compare view

Updates github.com/betterleaks/betterleaks from 1.5.0 to 1.6.1

Release notes

Sourced from github.com/betterleaks/betterleaks's releases.

v1.6.1

Changelog

  • 28f08b4c8c4420a601f67ee9887c201697ff4568 config command (#218)
  • 228352ff340c6861f64482a8a5adbc5dd80c3ace build: upgrade crypto to v0.53.0 (#217)

v1.6.0

What's New

v1.6.0 focuses on faster startup, lower cold-scan overhead, and the migration of Betterleaks’ expression runtime from CEL to Expr.

  • Replaced CEL-based filtering and validation with Expr. Existing CEL-shaped configs are still accepted for compatibility, but new configs should use Expr syntax.
  • Improved cold-start performance by lazily initializing expensive runtime work (160ms -> 20ms) :
    • regex compilation
    • global finding filters
    • per-rule filters
    • validation expressions
    • cl100k_base tokenizer loading
  • Added rule specificity support for more accurate generic-rule suppression. More specific rules now run first and can suppress lower-specificity generic matches earlier.
  • Switched keyword prefiltering to github.com/RRethy/ahocorasick. (faster startup, less mem)
  • Added lazy regex compilation while preserving early regex validation.
  • Added --validation-debug support with safer redaction of sensitive HTTP headers.
  • Reduced dependency weight by removing cel-go and related protobuf/genproto dependencies. Release binary size goes from 30MB to 22.7MB.

Note on CEL vs Expr and compatibility

When filtering and validation logic was implemented in CEL I was unaware of expr-lang. Expr provides all the bells and whistles that CEL provided but at a smaller cost. Expr is slightly faster and a much smaller dependency.

  • Existing CEL-style configs remain supported through compatibility handling.
  • New configs should prefer Expr syntax.
  • The deprecated allowlist translation path remains available.

What's Changed

Full Changelog: betterleaks/betterleaks@v1.5.0...v1.6.0

Commits

Updates github.com/posthog/posthog-go from 1.16.2 to 1.17.4

Release notes

Sourced from github.com/posthog/posthog-go's releases.

1.17.4

Unreleased

1.17.3

Unreleased

1.17.2

Unreleased

1.17.1

Unreleased

1.17.0

Unreleased

Changelog

Sourced from github.com/posthog/posthog-go's changelog.

1.17.4

Patch Changes

  • 25e43f8: Stop duplicating distinct_id inside /flags person properties.

1.17.3

Patch Changes

  • dafed74: Retry remote feature flag requests after transient 502 and 504 responses.

1.17.2

Patch Changes

  • d98ef79: Retry feature flag requests after transient network errors only. The feature flag request retry count defaults to 1 and can be set to 0 to disable retries.

1.17.1

Patch Changes

  • 651b303: Preserve caller-provided system context values when building capture v1 event properties.
  • e0eb8bd: Send capture batches uncompressed when request-body compression fails instead of failing the batch.
  • 71f5c2e: Expose capture default properties to BeforeSend hooks before serialization.

1.17.0

Minor Changes

  • ff0e74b: Enrich capture-v1 failure reporting with typed errors and verbose result logging. When CaptureMode is CaptureModeAnalyticsV1, Callback.Failure now receives either a *CaptureEventError (a single event the server dropped, or one still asking to retry once attempts are exhausted — exposing EventUUID, Result, Details, and Exhausted) or a *CaptureRequestError (a whole request that failed on a non-2xx status, transport error, or malformed body — exposing StatusCode, Code, Description, and unwrapping to the underlying error). Inspect them with errors.As. Additionally, with Verbose: true the SDK logs one debug line per 2xx response summarizing the per-event directive counts (ok/warning/drop/retry/other) so partial-submission outcomes are easy to debug. The legacy path and its callback errors are unchanged.
  • ff0e74b: Add opt-in capture-v1 support via a new Config.CaptureMode option. It defaults to CaptureModeLegacy (the existing POST /batch/ endpoint), so upgrading is transparent and requires no code changes. Set CaptureMode: posthog.CaptureModeAnalyticsV1 to send events to POST /i/v1/analytics/events instead, which uses Bearer auth, per-event delivery results, and partial retry (only the events the server asks to retry are re-sent). For v1, the Callback interface is unchanged but outcomes become per-event: a drop result fails an individual event (and can fire Failure on an HTTP 200), warning counts as success, and a uuid missing from the results is silently dropped. All other configuration (host, API key, Callback, Logger, MaxRetries, Compression) is reused across both modes.
  • ff0e74b: Add zstd, deflate, and brotli compression for the capture-v1 path, alongside the existing gzip. Select one via Config.Compression (CompressionZstd, CompressionDeflate, CompressionBrotli) and the SDK sets the matching Content-Encoding header (zstd, deflate, br). These three codecs require CaptureMode: posthog.CaptureModeAnalyticsV1 — the legacy POST /batch/ endpoint only understands gzip, so configuring them with CaptureModeLegacy returns a validation error. CompressionGzip and CompressionNone continue to work on both capture modes. All codecs use pure-Go libraries (stdlib compress/zlib, github.com/klauspost/compress/zstd, github.com/andybalholm/brotli), so CGO_ENABLED=0 builds are unaffected.
Commits
  • 93b9681 chore: release v1.17.4 [version bump] [skip ci]
  • 25e43f8 fix: stop duplicating distinct_id in flags person properties (#250)
  • 01e60bf chore: release v1.17.3 [version bump] [skip ci]
  • dafed74 fix: Retry flags requests on 502 and 504 (#251)
  • ed70fae fix: make TCP drop recovery test deterministic (#248)
  • 2b6e187 ci: update SDK harness to 0.9.0 (#247)
  • 856a0d4 fix: satisfy SDK compliance harness 0.8.0 (#245)
  • c2ee6b1 chore: release v1.17.2 [version bump] [skip ci]
  • d98ef79 fix(flags): retry flag requests on transient network errors (#240)
  • 63feb5e chore: release v1.17.1 [version bump] [skip ci]
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates

Bumps the go-dependencies group with 4 updates in the / directory: [charm.land/bubbletea/v2](https://github.com/charmbracelet/bubbletea), [charm.land/lipgloss/v2](https://github.com/charmbracelet/lipgloss), [github.com/betterleaks/betterleaks](https://github.com/betterleaks/betterleaks) and [github.com/posthog/posthog-go](https://github.com/posthog/posthog-go).


Updates `charm.land/bubbletea/v2` from 2.0.7 to 2.0.8
- [Release notes](https://github.com/charmbracelet/bubbletea/releases)
- [Commits](charmbracelet/bubbletea@v2.0.7...v2.0.8)

Updates `charm.land/lipgloss/v2` from 2.0.4 to 2.0.5
- [Release notes](https://github.com/charmbracelet/lipgloss/releases)
- [Commits](charmbracelet/lipgloss@v2.0.4...v2.0.5)

Updates `github.com/betterleaks/betterleaks` from 1.5.0 to 1.6.1
- [Release notes](https://github.com/betterleaks/betterleaks/releases)
- [Commits](betterleaks/betterleaks@v1.5.0...v1.6.1)

Updates `github.com/posthog/posthog-go` from 1.16.2 to 1.17.4
- [Release notes](https://github.com/posthog/posthog-go/releases)
- [Changelog](https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md)
- [Commits](PostHog/posthog-go@v1.16.2...v1.17.4)

---
updated-dependencies:
- dependency-name: charm.land/bubbletea/v2
  dependency-version: 2.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: charm.land/lipgloss/v2
  dependency-version: 2.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
- dependency-name: github.com/betterleaks/betterleaks
  dependency-version: 1.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
- dependency-name: github.com/posthog/posthog-go
  dependency-version: 1.17.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 3, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 3, 2026 18:23
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 3, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 6, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/go-dependencies-5de13213bb branch July 6, 2026 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Development

Successfully merging this pull request may close these issues.

0 participants