Chore(deps): Bump the minor-and-patch group across 1 directory with 12 updates

[dependabot]

Bumps the minor-and-patch group with 9 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2	1.39.5	1.40.0
github.com/aws/aws-sdk-go-v2/config	1.31.16	1.32.1
github.com/aws/aws-sdk-go-v2/service/ses	1.34.8	1.34.13
github.com/aws/aws-sdk-go-v2/service/sns	1.39.2	1.39.6
github.com/getsentry/sentry-go	0.36.2	0.38.0
github.com/nyaruka/phonenumbers	1.6.6	1.6.7
github.com/rubenv/sql-migrate	1.8.0	1.8.1
github.com/shopspring/decimal	1.3.1	1.4.0
github.com/twilio/twilio-go	1.28.5	1.28.7

Updates github.com/aws/aws-sdk-go-v2 from 1.39.5 to 1.40.0

Commits

• 466d9d5 Release 2025-11-19.2
• ca4b05e Regenerated Clients
• d780944 add logincreds provider (#3230)
• 115ff14 Release 2025-11-19
• 964750d Regenerated Clients
• 5b181c4 Update API model
• 1e2c145 Release 2025-11-18
• 163dcfe Regenerated Clients
• 38b8afe Update endpoints model
• 0252675 Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.31.16 to 1.32.1

Commits

• b737dc9 Release 2024-10-07
• 7279a51 Regenerated Clients
• a1b1f5a Update endpoints model
• 4853c41 Update API model
• 99e2be8 Allow empty values on prefix headers (#2816)
• 18e6b6e remove autoscaling smoke tests (#2817)
• 8200000 remove private metrics collection APIs (#2818)
• 7a76a2a Release 2024-10-04
• e35b8be Regenerated Clients
• 6e95871 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.18.20 to 1.19.1

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/credentials's changelog.

Release (2023-07-28)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/sqs: v1.23.4
  • Documentation: Documentation changes related to SQS APIs.

Release (2023-07-27)

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/autoscaling: v1.29.0
  • Feature: This release updates validation for instance types used in the AllowedInstanceTypes and ExcludedInstanceTypes parameters of the InstanceRequirements property of a MixedInstancesPolicy.
• github.com/aws/aws-sdk-go-v2/service/ebs: v1.17.0
  • Feature: SDK and documentation updates for Amazon Elastic Block Store API
• github.com/aws/aws-sdk-go-v2/service/ec2: v1.108.0
  • Feature: SDK and documentation updates for Amazon Elastic Block Store APIs
• github.com/aws/aws-sdk-go-v2/service/eks: v1.28.0
  • Feature: Add multiple customer error code to handle customer caused failure when managing EKS node groups
• github.com/aws/aws-sdk-go-v2/service/sagemaker: v1.95.0
  • Feature: Expose ProfilerConfig attribute in SageMaker Search API response.

Release (2023-07-26)

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/entityresolution: v1.0.0
  • Release: New AWS service client module
  • Feature: AWS Entity Resolution can effectively match a source record from a customer relationship management (CRM) system with a source record from a marketing system containing campaign information.
• github.com/aws/aws-sdk-go-v2/service/glue: v1.58.0
  • Feature: Release Glue Studio Snowflake Connector Node for SDK/CLI
• github.com/aws/aws-sdk-go-v2/service/healthlake: v1.16.4
  • Documentation: Updating the HealthLake service documentation.
• github.com/aws/aws-sdk-go-v2/service/managedblockchainquery: v1.0.0
  • Release: New AWS service client module
  • Feature: Amazon Managed Blockchain (AMB) Query provides serverless access to standardized, multi-blockchain datasets with developer-friendly APIs.
• github.com/aws/aws-sdk-go-v2/service/mediaconvert: v1.39.1
  • Documentation: This release includes general updates to user documentation.
• github.com/aws/aws-sdk-go-v2/service/omics: v1.5.2
  • Documentation: The service is renaming as a part of AWS Health.
• github.com/aws/aws-sdk-go-v2/service/opensearchserverless: v1.3.0
  • Feature: This release adds new collection type VectorSearch.
• github.com/aws/aws-sdk-go-v2/service/polly: v1.27.0
  • Feature: Amazon Polly adds 1 new voice - Lisa (nl-BE)
• github.com/aws/aws-sdk-go-v2/service/route53: v1.28.5
  • Documentation: Update that corrects the documents for received feedback.

Release (2023-07-25)

General Highlights

... (truncated)

Commits

• a5d5009 Release 2023-07-28
• ff82299 Regenerated Clients
• fc5a86f Update API model
• 62ffb94 fix v4.go PresignHTTP doc (#2212)
• b4d8d26 Release 2023-07-27
• ad52106 Regenerated Clients
• f335bcf Update API model
• d5a9934 Release 2023-07-26
• 247060d Regenerated Clients
• 61540ee Update endpoints model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ses from 1.34.8 to 1.34.13

Commits

• b01c60e Release 2025-11-12
• 17946cc Regenerated Clients
• a435b3c Update API model
• 1e4148a collapse changelogs
• 86618e5 track allocation improvements from codegen (#3227)
• ab56437 Release 2025-11-11
• 3dcd1d8 Regenerated Clients
• 51e8881 Update API model
• 1ed4f27 add MAINTAINERS.md
• a5136d5 host label
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/sns from 1.39.2 to 1.39.6

Commits

• aacca0a Release 2025-11-04
• f2f7085 Regenerated Clients
• 98ac357 Update endpoints model
• 545573f Update API model
• 0c4b1ae upgrade to smithy-go v1.23.2 to track allocation improvements (#3222)
• bae1d68 Release 2025-11-03
• 67d7b9c Regenerated Clients
• 74be9b9 Update API model
• 3242971 Release 2025-10-31
• 2db47dc Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/getsentry/sentry-go from 0.36.2 to 0.38.0

Release notes

Sourced from github.com/getsentry/sentry-go's releases.

0.38.0

Breaking Changes

Features

• Introduce a new async envelope transport and telemetry buffer to prioritize and batch events (#1094, #1093, #1107).

  • Advantages:
    • Prioritized, per-category buffers (errors, transactions, logs, check-ins) reduce starvation and improve resilience under load
    • Batching for high-volume logs (up to 100 items or 5s) cuts network overhead
    • Bounded memory with eviction policies
    • Improved flush behavior with context-aware flushing

• Add ClientOptions.DisableTelemetryBuffer to opt out and fall back to the legacy transport layer (HTTPTransport / HTTPSyncTransport).

  err := sentry.Init(sentry.ClientOptions{
    Dsn: "__DSN__",
    DisableTelemetryBuffer: true, // fallback to legacy transport
  })

Notes

• If a custom Transport is provided, the SDK automatically disables the telemetry buffer and uses the legacy transport for compatibility.

0.37.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.37.0.

Breaking Changes

• Behavioral change for the TraceIgnoreStatusCodes option. The option now defaults to ignoring 404 status codes (#1122).

Features

• Add sentry.origin attribute to structured logs to identify log origin for slog and logrus integrations (auto.log.slog, auto.log.logrus) (#1121).

Bug Fixes

• Fix slog event handler to use the initial context, ensuring events use the correct hub/span when the emission context lacks one (#1133).
• Improve exception chain processing by checking pointer values when tracking visited errors, avoiding instability for certain wrapped errors (#1132).

Misc

• Bump golang.org/x/net to v0.38.0 (#1126).

Changelog

Sourced from github.com/getsentry/sentry-go's changelog.

0.38.0

Breaking Changes

Features

• Introduce a new async envelope transport and telemetry buffer to prioritize and batch events (#1094, #1093, #1107).

  • Advantages:
    • Prioritized, per-category buffers (errors, transactions, logs, check-ins) reduce starvation and improve resilience under load
    • Batching for high-volume logs (up to 100 items or 5s) cuts network overhead
    • Bounded memory with eviction policies
    • Improved flush behavior with context-aware flushing

• Add ClientOptions.DisableTelemetryBuffer to opt out and fall back to the legacy transport layer (HTTPTransport / HTTPSyncTransport).

  err := sentry.Init(sentry.ClientOptions{
    Dsn: "__DSN__",
    DisableTelemetryBuffer: true, // fallback to legacy transport
  })

Notes

• If a custom Transport is provided, the SDK automatically disables the telemetry buffer and uses the legacy transport for compatibility.

0.37.0

The Sentry SDK team is happy to announce the immediate availability of Sentry Go SDK v0.37.0.

Breaking Changes

• Behavioral change for the TraceIgnoreStatusCodes option. The option now defaults to ignoring 404 status codes (#1122).

Features

• Add sentry.origin attribute to structured logs to identify log origin for slog and logrus integrations (auto.log.slog, auto.log.logrus) (#1121).

Bug Fixes

• Fix slog event handler to use the initial context, ensuring events use the correct hub/span when the emission context lacks one (#1133).
• Improve exception chain processing by checking pointer values when tracking visited errors, avoiding instability for certain wrapped errors (#1132).

Misc

• Bump golang.org/x/net to v0.38.0 (#1126).

Commits

• eb9fd9f release: 0.38.0
• 2687af7 chore: prepare 0.38.0 (#1137)
• a2df7fa feat: add telemetry scheduler (#1107)
• 99f304e Merge branch 'release/0.37.0'
• 1cd6b6a release: 0.37.0
• a1ef42f chore: prepare 0.37.0 (#1134)
• 73e93c3 chore: X handle update (#1130)
• 4dc3b98 fix: provide initial ctx to slog eventHandler (#1133)
• d131251 fix: check ptr value instead of whole error for visited chains (#1132)
• 2d82e58 feat: ignore 404 status codes (#1122)
• Additional commits viewable in compare view

Updates github.com/nyaruka/phonenumbers from 1.6.6 to 1.6.7

Changelog

Sourced from github.com/nyaruka/phonenumbers's changelog.

v1.6.7 (2025-11-12)

• Update metadata

Commits

• aad7da1 Update CHANGELOG.md for v1.6.7
• d77de60 Bump go versions for CI
• 22cecb0 Merge pull request #215 from nyaruka/update_metadata
• 1bbe862 Update metadata
• See full diff in compare view

Updates github.com/rubenv/sql-migrate from 1.8.0 to 1.8.1

Commits

• b9b1fe7 Bump golang.org/x/crypto from 0.37.0 to 0.45.0
• e2b42d1 use fixed length array (#288)
• See full diff in compare view

Updates github.com/shopspring/decimal from 1.3.1 to 1.4.0

Release notes

Sourced from github.com/shopspring/decimal's releases.

v1.4.0

Full Changelog can be found in CHANGELOG.md

New Contributors

• @​VadimKulagin made their first contribution in shopspring/decimal#278
• @​CAEL0 made their first contribution in shopspring/decimal#341
• @​zlasd made their first contribution in shopspring/decimal#301
• @​falsaffa made their first contribution in shopspring/decimal#342
• @​frankli0324 made their first contribution in shopspring/decimal#322
• @​cbelsole made their first contribution in shopspring/decimal#265
• @​acln0 made their first contribution in shopspring/decimal#346
• @​davseby made their first contribution in shopspring/decimal#288
• @​serprex made their first contribution in shopspring/decimal#355
• @​agmt made their first contribution in shopspring/decimal#352
• @​richardJiang made their first contribution in shopspring/decimal#285
• @​axopadyani made their first contribution in shopspring/decimal#328
• @​Bububuger made their first contribution in shopspring/decimal#131

Changelog

Sourced from github.com/shopspring/decimal's changelog.

Decimal v1.4.0

BREAKING

• Drop support for Go version older than 1.10 #361

FEATURES

• Add implementation of natural logarithm #339 #357
• Add improved implementation of power operation #358
• Add Compare method which forwards calls to Cmp #346
• Add NewFromBigRat constructor #288
• Add NewFromUint64 constructor #352

ENHANCEMENTS

• Migrate to Github Actions #245 #340
• Fix examples for RoundDown, RoundFloor, RoundUp, and RoundCeil #285 #328 #341
• Use Godoc standard to mark deprecated Equals and StringScaled methods #342
• Removed unnecessary min function for RescalePair method #265
• Avoid reallocation of initial slice in MarshalBinary (GobEncode) #355
• Optimize NumDigits method #301 #356
• Optimize BigInt method #359
• Support scanning uint64 #131 #364
• Add docs section with alternative libraries #363

BUGFIXES

• Fix incorrect calculation of decimal modulo #258 #317
• Allocate new(big.Int) in Copy method to deeply clone it #278
• Fix overflow edge case in QuoRem method #322

Commits

• a1bdfc3 Release version 1.4.0 (#365)
• 275e48e Add docs section with alternative libraries (#363)
• dd603cb Support scanning uint64 (#364)
• 80ec940 Add NewFromUint64 constructor (#352)
• 2fa107d Remove production usage from docs (#362)
• 645a76e Optimize BigInt (#359)
• ed8f76e Drop support for Go versions older than 1.10 (#361)
• 0e69d5c Run CI on both push to origin branches and pull requests (#360)
• bf7794e Optimize NumDigits method (#356)
• 547861c Avoid reallocation of initial slice in MarshalBinary (GobEncode) (#355)
• Additional commits viewable in compare view

Updates github.com/twilio/twilio-go from 1.28.5 to 1.28.7

Release notes

Sourced from github.com/twilio/twilio-go's releases.

v1.28.7

Release Notes

Memory

• Memory API Changes

• Added initial Memory API endpoints with darkseagreen badge status

Docs

v1.28.6

Release Notes

Twiml

• Add new noun <ConversationRelaySession>
• Add support for <Recording> noun under <Start> verb

Docs

Changelog

Sourced from github.com/twilio/twilio-go's changelog.

[2025-11-20] Version 1.28.7

Memory

• Memory API Changes

• Added initial Memory API endpoints with darkseagreen badge status

[2025-11-11] Version 1.28.6

Twiml

• Add new noun <ConversationRelaySession>
• Add support for <Recording> noun under <Start> verb

Commits

• 0205580 Release v1.28.7
• 30bdc65 [Librarian] Regenerated @ e23430afd3fa493c96b42fc37f0314ad84bbe6ef 23e59a55e7...
• 7f3095e Release v1.28.6
• b9e7d07 [Librarian] Regenerated @ 453fa63ec6f75d83162a32a588214a40ecafec8f 73cdb4763e...
• See full diff in compare view

Updates golang.org/x/crypto from 0.43.0 to 0.45.0

Commits

• 4e0068c go.mod: update golang.org/x dependencies
• e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
• f91f7a7 ssh/agent: prevent panic on malformed constraint
• 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
• bcf6a84 acme: pass context to request
• b4f2b62 ssh: fix error message on unsupported cipher
• 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
• 122a78f go.mod: update golang.org/x dependencies
• c0531f9 all: eliminate vet diagnostics
• 0997000 all: fix some comments
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.46.0 to 0.47.0

Commits

• 9a29643 go.mod: update golang.org/x dependencies
• 07cefd8 context: deprecate
• 5ac9dac publicsuffix: don't treat ip addresses as domain names
• d1f64cc quic: use testing/synctest
• fff0469 http2: document that RFC 7540 prioritization does not work with small payloads
• f35e3a4 http2: fix weight overflow in RFC 7540 write scheduler
• 89adc90 http2: fix typo referring to RFC 9218 as RFC 9128 instead
• 8d76a2c quic: don't defer MAX_STREAMS frames indefinitely
• 027f8b7 quic: fix expected ACK Delay in client's ACK after HANDSHAKE_DONE
• dec9fe7 dns/dnsmessage: update SVCB packing to prohibit name compression
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	golang/​github.com/​aws/​aws-sdk-go-v2@​v1.39.5 ⏵ v1.40.0	+1
	golang/​golang.org/​x/​crypto@​v0.43.0 ⏵ v0.45.0		+6
	golang/​github.com/​twilio/​twilio-go@​v1.28.5 ⏵ v1.28.7	+1
	golang/​golang.org/​x/​net@​v0.46.0 ⏵ v0.47.0	+1
	golang/​github.com/​getsentry/​sentry-go@​v0.36.2 ⏵ v0.39.0	+1
	golang/​github.com/​aws/​aws-sdk-go-v2/​config@​v1.31.16 ⏵ v1.32.1
	golang/​github.com/​aws/​aws-sdk-go-v2/​credentials@​v1.18.20 ⏵ v1.19.1
	golang/​github.com/​aws/​aws-sdk-go-v2/​service/​sns@​v1.39.2 ⏵ v1.39.6
	golang/​github.com/​aws/​aws-sdk-go-v2/​service/​ses@​v1.34.8 ⏵ v1.34.13
	golang/​github.com/​nyaruka/​phonenumbers@​v1.6.6 ⏵ v1.6.7
	golang/​github.com/​shopspring/​decimal@​v1.3.1 ⏵ v1.4.0	+1
	golang/​github.com/​rubenv/​sql-migrate@​v1.8.0 ⏵ v1.8.1

View full report

[marwen-abid]

@dependabot squash and merge

[dependabot]

Beginning January 27, 2026, Dependabot will no longer support the @dependabot squash and merge command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.