Bump the gomod group across 1 directory with 4 updates

[dependabot]

Bumps the gomod group with 4 updates in the / directory: github.com/carabiner-dev/hasher, github.com/rodaine/table, github.com/sirupsen/logrus and github.com/spf13/cobra.

Updates github.com/carabiner-dev/hasher from 0.2.2 to 0.2.4

Release notes

Sourced from github.com/carabiner-dev/hasher's releases.

v0.2.4

No release notes provided.

v0.2.3

No release notes provided.

Commits

• 2023127 Merge pull request #36 from carabiner-dev/ci
• cf49e0a Deflake test, bump go
• 7d15bae Update CI to latest patterns
• 41325c1 Bump go to latest 1.25
• 4cac30d Merge pull request #34 from carabiner-dev/dependabot/github_actions/actions-3...
• acbd84c Merge pull request #35 from carabiner-dev/dependabot/go_modules/golang.org/x/...
• 798fe50 Bump golang.org/x/crypto from 0.49.0 to 0.50.0
• c6967fd Bump kubernetes-sigs/release-actions in the actions group
• a8b6de5 Merge pull request #33 from carabiner-dev/dependabot/github_actions/actions-8...
• 6c577ac Merge pull request #32 from carabiner-dev/dependabot/go_modules/github.com/in...
• Additional commits viewable in compare view

Updates github.com/rodaine/table from 1.3.0 to 1.3.1

Release notes

Sourced from github.com/rodaine/table's releases.

v1.3.1

What's Changed

• Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 in the go group by @​dependabot[bot] in rodaine/table#44
• Bump github.com/google/go-cmp from 0.6.0 to 0.7.0 in the go group by @​dependabot[bot] in rodaine/table#45
• Bump actions/checkout from 4 to 5 in the github-actions group by @​dependabot[bot] in rodaine/table#48
• Bump github.com/stretchr/testify from 1.10.0 to 1.11.0 in the go group by @​dependabot[bot] in rodaine/table#49
• Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 in the go group by @​dependabot[bot] in rodaine/table#51
• Bump actions/setup-go from 5 to 6 in the github-actions group by @​dependabot[bot] in rodaine/table#50
• Bump github.com/mattn/go-runewidth from 0.0.16 to 0.0.17 in the go group by @​dependabot[bot] in rodaine/table#52
• Bump github.com/mattn/go-runewidth from 0.0.17 to 0.0.19 in the go group by @​dependabot[bot] in rodaine/table#53
• Bump github/codeql-action from 3 to 4 in the github-actions group by @​dependabot[bot] in rodaine/table#54
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in rodaine/table#55
• Bump github.com/mattn/go-runewidth from 0.0.19 to 0.0.20 in the go group by @​dependabot[bot] in rodaine/table#56
• Bump github.com/mattn/go-runewidth from 0.0.20 to 0.0.21 in the go group by @​dependabot[bot] in rodaine/table#57

Full Changelog: rodaine/table@v1.3.0...v1.3.1

Commits

• ba18044 Bump github.com/mattn/go-runewidth from 0.0.20 to 0.0.21 in the go group (#57)
• a109f9c Bump github.com/mattn/go-runewidth from 0.0.19 to 0.0.20 in the go group (#56)
• acbecfd Bump actions/checkout from 5 to 6 in the github-actions group (#55)
• 3f2898f Bump github/codeql-action from 3 to 4 in the github-actions group (#54)
• d6fde3f Bump github.com/mattn/go-runewidth from 0.0.17 to 0.0.19 in the go group (#53)
• 92208b2 Bump github.com/mattn/go-runewidth from 0.0.16 to 0.0.17 in the go group (#52)
• a4b58c5 Bump actions/setup-go from 5 to 6 in the github-actions group (#50)
• 6016b4a Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 in the go group (#51)
• 7356c13 Bump github.com/stretchr/testify from 1.10.0 to 1.11.0 in the go group (#49)
• 0a60c0a Bump actions/checkout from 4 to 5 in the github-actions group (#48)
• Additional commits viewable in compare view

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Changelog

Sourced from github.com/sirupsen/logrus's changelog.

1.9.4

Fixes:

• Remove uses of deprecated ioutil package

Features:

• Add GNU/Hurd support
• Add WASI wasip1 support

Code quality:

• Update minimum supported Go version to 1.17
• Documentation updates

Commits

• b61f268 Merge pull request #1472 from goldlinker/master
• 15c29db refactor: replace the deprecated function in the ioutil package
• cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
• 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
• d916819 Merge pull request #1427 from dolmen/fix-testify-usage
• 135e482 README: small touch-ups
• 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
• 877ecec README: remove travis badge
• 55cf256 Merge pull request #1393 from jsoref/grammar
• 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• See full diff in compare view

[kusari-inspector]

Kusari Analysis Results:

Caution

Flagged Issues Detected
These changes contain flagged issues that may introduce security risks.

While the code analysis confirms zero security findings (no exposed secrets, no workflow issues, no code vulnerabilities), the dependency analysis identifies a blocking concern: the updated golang.org/x/net v0.52.0 carries an active advisory CVE-2026-33814 (infinite loop in HTTP/2 transport when receiving SETTINGS_MAX_FRAME_SIZE=0, leading to denial of service). This vulnerability is introduced transitively via github.com/prometheus/common. Although this PR remediates 5 CVEs in golang.org/x/crypto and golang.org/x/net (older versions), it inadvertently introduces a new active DoS vulnerability. The fix is straightforward: upgrade golang.org/x/net to v0.53.0 by adding an explicit override in go.mod and running go mod tidy. Once this is addressed, the PR should be re-evaluated, as the net security posture improvement is otherwise significant.

Note

View full detailed analysis result for more information on the output and the checks that were run.

Required Dependency Mitigations

• golang.org/x/net v0.52.0 has an active advisory: CVE-2026-33814 / GO-2026-4918 - Infinite loop in HTTP/2 transport when receiving SETTINGS_MAX_FRAME_SIZE with a value of 0, causing denial of service. Dependency path: github.com/carabiner-dev/drop -> github.com/prometheus/common -> golang.org/x/net. The latest version is v0.53.0. Since this is a transitive dependency, update golang.org/x/net to v0.53.0 by adding an explicit override in go.mod: require golang.org/x/net v0.53.0. Then run go mod tidy to resolve the dependency graph.

---

@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 5b1c8b4, performed at: 2026-05-08T00:13:42Z

Found this helpful? Give it a 👍 or 👎 reaction!