chore(deps): bump the go-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the go-dependencies group with 7 updates in the / directory:

Package	From	To
github.com/github/go-spdx/v2	2.4.0	2.6.0
github.com/maxbrunsfeld/counterfeiter/v6	6.12.1	6.12.2
github.com/olekukonko/tablewriter	0.0.5	1.1.4
github.com/package-url/packageurl-go	0.1.5	0.1.6
go.uber.org/zap	1.27.1	1.28.0
sigs.k8s.io/release-utils	0.11.1	0.12.4
github.com/fatih/color	1.18.0	1.19.0

Updates github.com/github/go-spdx/v2 from 2.4.0 to 2.6.0

Release notes

Sourced from github.com/github/go-spdx/v2's releases.

Release v2.6.0

Overview

This release makes two changes:

• more control over how licenses are validated
• performance improvements

Control over license validation

A new function was added, ValidateLicensesWithOptions, that uses options to allow the caller to specify what to consider invalid. All of these are valid by default which is consistent the with current behavior of ValidateLicenses.

• FailComplexExpressions - rejects license that includes a conjunctive (e.g. "MIT AND Apache-2.0")
• FailDeprecatedLicenses - rejects deprecated SPDX license identifiers (e.g. "eCos-2.0")
• FailAllLicenseRefs - rejects all SPDX license references (e.g. "LicenseRef-MyLicense")
• FailAllDocumentRefs - rejects all SPDX document references (e.g. "DocumentRef-MyDocument")

Usage

// equivalent to calling `ValidateLicenses`
valid, invalidLicenses := ValidateLicenses(licenses, ValidateLicensesOptions{})
// reject only expressions that have a conjunctive
valid, invalidLicenses := ValidateLicenses(licenses, ValidateLicensesOptions{FailComplexExpressions: true})
// reject expressions that have a conjunctive and deprecated licenses
valid, invalidLicenses := ValidateLicenses(licenses, ValidateLicensesOptions{FailComplexExpressions: true, FailDeprecatedLicenses: true})

What's Changed

• add options for validating licenses that limits what is considered valid (#144) @​elrayle

Full Changelog: github/go-spdx@v2.5.0...v2.6.0

v2.5.0

What's Changed

• Add simple cli to validate expressions by @​ahpook in github/go-spdx#137
• Make ExtractLicenses handle large expressions by @​dangoor in github/go-spdx#139
• Update SPDX license files (2026-04-10 05:06 UTC) by @​github-actions[bot] in github/go-spdx#135

Full Changelog: github/go-spdx@v2.4.0...v2.5.0

Commits

• 0315d0b Merge pull request #145 from github/v2.6.0-prep
• d440458 Update version to 2.6.0
• 6f11b7c Merge pull request #144 from github/elr/expressions-invalid
• c35ff93 do not expose license maps
• 609007d use strings.Fields to split exception expressions
• 364dd9a remove comment that isMIT ignore whitespace
• fd0ec02 fix exception check to treat deprecated licenses as valid unless options conf...
• 503f295 Update spdxexp/satisfies_test.go
• 02fc36a Update cmd/doc.go
• 2d1b791 fix linter error
• Additional commits viewable in compare view

Updates github.com/maxbrunsfeld/counterfeiter/v6 from 6.12.1 to 6.12.2

Release notes

Sourced from github.com/maxbrunsfeld/counterfeiter/v6's releases.

v6.12.2

What's Changed

• Bump golang.org/x/text from 0.31.0 to 0.32.0 by @​dependabot[bot] in maxbrunsfeld/counterfeiter#349
• Bump github.com/onsi/gomega from 1.38.2 to 1.38.3 by @​dependabot[bot] in maxbrunsfeld/counterfeiter#350
• Bump golang.org/x/tools from 0.39.0 to 0.40.0 by @​dependabot[bot] in maxbrunsfeld/counterfeiter#348
• Bump github.com/onsi/gomega from 1.38.3 to 1.39.0 by @​dependabot[bot] in maxbrunsfeld/counterfeiter#351
• Bump golang.org/x/tools from 0.40.0 to 0.41.0 by @​dependabot[bot] in maxbrunsfeld/counterfeiter#353
• Bump github.com/onsi/gomega from 1.39.0 to 1.39.1 by @​dependabot[bot] in maxbrunsfeld/counterfeiter#354
• Bump golang.org/x/text from 0.33.0 to 0.34.0 by @​dependabot[bot] in maxbrunsfeld/counterfeiter#356
• Bump golang.org/x/tools from 0.41.0 to 0.42.0 by @​dependabot[bot] in maxbrunsfeld/counterfeiter#355
• Bump golang.org/x/text from 0.34.0 to 0.35.0 by @​dependabot[bot] in maxbrunsfeld/counterfeiter#357
• Bump golang.org/x/tools from 0.42.0 to 0.43.0 by @​dependabot[bot] in maxbrunsfeld/counterfeiter#358

Full Changelog: maxbrunsfeld/counterfeiter@v6.12.1...v6.12.2

Commits

• 4fbda3b Merge pull request #358 from maxbrunsfeld/dependabot/go_modules/golang.org/x/...
• 49c41c0 Bump golang.org/x/tools from 0.42.0 to 0.43.0
• 266628f Merge pull request #357 from maxbrunsfeld/dependabot/go_modules/golang.org/x/...
• e19e05e Bump golang.org/x/text from 0.34.0 to 0.35.0
• 46bc143 Merge pull request #355 from maxbrunsfeld/dependabot/go_modules/golang.org/x/...
• 2fa471e Bump golang.org/x/tools from 0.41.0 to 0.42.0
• 0f165c0 Merge pull request #356 from maxbrunsfeld/dependabot/go_modules/golang.org/x/...
• 807573e Bump golang.org/x/text from 0.33.0 to 0.34.0
• 7c40434 Merge pull request #354 from maxbrunsfeld/dependabot/go_modules/github.com/on...
• 92c75ca Bump github.com/onsi/gomega from 1.39.0 to 1.39.1
• Additional commits viewable in compare view

Updates github.com/olekukonko/tablewriter from 0.0.5 to 1.1.4

Commits

• a0dea8a no need to disable twice
• a4fb40a Merge pull request #314 from sducamp/fix/rendition-debug-leak
• 6bc4cb4 fix: prevent debug output leak from renderer during Options() reconfiguration
• 54408fe update ll to v0.1.6
• 5ea5f3c add mote tab test ans update go mod
• 1455dd8 Merge pull request #311 from olekukonko/tabber
• d7b0a55 improve tab and make test more predictable
• 62117a2 add space default #312 for colorized renderer
• 4958831 ll v0.1.5 update enables logging by default hence disable
• 1c68e06 use space for padding as default #312
• Additional commits viewable in compare view

Updates github.com/package-url/packageurl-go from 0.1.5 to 0.1.6

Commits

• a74324e Optimize parsing and serialization performance (#86)
• b41f387 Address review feedback and add chrome-extension validation
• a546cc5 Optimize parsing and serialization performance
• See full diff in compare view

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

Commits

• 5b81b37 release v1.28.0 (#1547)
• 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
• d278c59 [chore] CI: test on Go 1.26 (#1535)
• 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
• See full diff in compare view

Updates sigs.k8s.io/release-utils from 0.11.1 to 0.12.4

Release notes

Sourced from sigs.k8s.io/release-utils's releases.

v0.12.4

Changes by Kind

Bug

• Fix shared default options mutation across http agents. NewAgent() previously returned agents all pointing to the same options struct, so calling any With*() method on one agent would mutate all agents. (#182, @​saschagrunert) [SIG Release]

Feature

• The http.Agent now supports setting custom clients with WithClient() (#169, @​puerco) [SIG Release]

Other (Cleanup or Flake)

• Bump cosign and golangci-lint (#179, @​cpanato) [SIG Release]

Dependencies

Added

• github.com/cespare/xxhash/v2: v2.3.0

Changed

• github.com/clipperhouse/displaywidth: v0.6.2 → v0.10.0
• github.com/clipperhouse/uax29/v2: v2.3.0 → v2.6.0
• github.com/olekukonko/errors: v1.1.0 → v1.2.0
• github.com/olekukonko/ll: 9e59c22 → v0.1.6
• github.com/olekukonko/tablewriter: v1.1.3 → v1.1.4

Removed

Nothing has changed.

v0.12.3

No release notes provided.

v0.12.2

No release notes provided.

v0.12.1

No release notes provided.

v0.12.0

What's Changed

• update tools by @​cpanato in kubernetes-sigs/release-utils#135
• add wrapper for tablewriter by @​cpanato in kubernetes-sigs/release-utils#136

Full Changelog: kubernetes-sigs/release-utils@v0.11.1...v0.12.0

Commits

• c5ec679 Merge pull request #182 from saschagrunert/fix/agent-shared-options
• e3734a4 Fix shared default options mutation across agents
• 96f97ba Merge pull request #181 from kubernetes-sigs/dependabot/github_actions/action...
• 6f678e3 build(deps): bump the actions group with 2 updates
• c2cdc95 Merge pull request #179 from cpanato/updates
• d5a73e4 fix lints
• a4f2787 bump cosign and golangci-lint
• d1b29d9 Merge pull request #177 from kubernetes-sigs/dependabot/docker/all-9adf8b7ea7
• ffec3c4 build(deps): bump golang from 1.26.0 to 1.26.1 in the all group
• ae59572 Merge pull request #178 from kubernetes-sigs/dependabot/go_modules/all-c0a0eb...
• Additional commits viewable in compare view

Updates github.com/fatih/color from 1.18.0 to 1.19.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.19.0

What's Changed

• Bump golang.org/x/sys from 0.25.0 to 0.28.0 by @​dependabot[bot] in fatih/color#246
• Fix for issue #230 set/unsetwriter symmetric wrt color support detection by @​ataypamart in fatih/color#243
• chore: go mod cleanup by @​sashamelentyev in fatih/color#244
• Bump golang.org/x/sys from 0.28.0 to 0.30.0 by @​dependabot[bot] in fatih/color#249
• Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by @​dependabot[bot] in fatih/color#248
• Update CI and go deps by @​fatih in fatih/color#254
• Bump golang.org/x/sys from 0.31.0 to 0.37.0 by @​dependabot[bot] in fatih/color#268
• fix: include escape codes in byte counts from Fprint, Fprintf by @​qualidafial in fatih/color#282
• Bump golang.org/x/sys from 0.37.0 to 0.40.0 by @​dependabot[bot] in fatih/color#277
• fix: add nil check for os.Stdout to prevent panic on Windows services by @​majiayu000 in fatih/color#275
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0 by @​dependabot[bot] in fatih/color#259
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in fatih/color#273
• Optimize Color.Equals performance (O(n²) → O(n)) by @​UnSubble in fatih/color#269
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in fatih/color#266

New Contributors

• @​ataypamart made their first contribution in fatih/color#243
• @​sashamelentyev made their first contribution in fatih/color#244
• @​qualidafial made their first contribution in fatih/color#282
• @​majiayu000 made their first contribution in fatih/color#275
• @​UnSubble made their first contribution in fatih/color#269

Full Changelog: fatih/color@v1.18.0...v1.19.0

Commits

• ca25f6e Merge pull request #266 from fatih/dependabot/github_actions/actions/setup-go-6
• 1205984 Bump actions/setup-go from 5 to 6
• 5715c20 Merge pull request #269 from UnSubble/main
• 2f6e200 Merge branch 'main' into main
• f72ec94 Merge pull request #273 from fatih/dependabot/github_actions/actions/checkout-6
• 848e633 Merge branch 'main' into main
• 4c2cd34 Add tests
• 7f812f0 Bump actions/checkout from 4 to 6
• b7fc9f9 Merge pull request #259 from fatih/dependabot/github_actions/dominikh/staticc...
• 239a88f Bump dominikh/staticcheck-action from 1.3.1 to 1.4.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.