build(deps): bump the go-dependency group across 1 directory with 4 updates

[dependabot]

Bumps the go-dependency group with 3 updates in the / directory: github.com/absmach/magistrala, github.com/dgraph-io/badger/v4 and oras.land/oras-go/v2.

Updates github.com/absmach/magistrala from 0.20.0 to 0.30.0

Release notes

Sourced from github.com/absmach/magistrala's releases.

v0.30.0

What's Changed

• Bump github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2 in the go-dependency group by @​dependabot[bot] in absmach/magistrala#3479
• Bump the go-dependency group with 3 updates by @​dependabot[bot] in absmach/magistrala#3506
• NOISSUE - Update ui env variables and remove unused and repeated variables by @​ianmuchyri in absmach/magistrala#3507
• NOISSUE - Add migration scripts for Rules, Alarms and Reports by @​arvindh123 in absmach/magistrala#3482
• Bump the go-dependency group with 7 updates by @​dependabot[bot] in absmach/magistrala#3508
• NOISSUE - Update bootstrap and provision service by @​nyagamunene in absmach/magistrala#3476
• Bump golang from 1.26.2-alpine3.22 to 1.26.3-alpine3.22 in /docker in the docker-dependency group by @​dependabot[bot] in absmach/magistrala#3511
• MG-3512 - Add rendered context field to update endpoint by @​nyagamunene in absmach/magistrala#3513
• Bump the go-dependency group across 1 directory with 7 updates by @​dependabot[bot] in absmach/magistrala#3516
• NOISSUE - Update bootstrap content format, update profile method and add profile search by @​nyagamunene in absmach/magistrala#3515
• NOISSUE - Add a fast Certbot startup by @​dborovcanin in absmach/magistrala#3517
• Bump the go-dependency group with 5 updates by @​dependabot[bot] in absmach/magistrala#3521
• MG-3509 - Add FluxMQ m stream queue to fix messages not appearing in web UI by @​nyagamunene in absmach/magistrala#3518
• Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 in /.github/workflows in the gh-dependency group by @​dependabot[bot] in absmach/magistrala#3520
• NOISSUE - Fix queue subscriptions by @​dborovcanin in absmach/magistrala#3522
• NOISSUE - Sign server certificate with SANs for container hostnames by @​rodneyosodo in absmach/magistrala#3524
• Bump the go-dependency group across 1 directory with 12 updates by @​dependabot[bot] in absmach/magistrala#3526
• Bump codecov/codecov-action from 6 to 7 in /.github/workflows in the gh-dependency group across 1 directory by @​dependabot[bot] in absmach/magistrala#3525
• Bump golang from 1.26.3-alpine3.22 to 1.26.4-alpine3.22 in /docker in the docker-dependency group by @​dependabot[bot] in absmach/magistrala#3527
• Bump the go-dependency group with 4 updates by @​dependabot[bot] in absmach/magistrala#3528

Full Changelog: absmach/magistrala@v0.20.0...v0.30.0

Commits

• cb364d0 NOISSUE - Update FluxMQ dependency
• b68c9fe NOISSUE - Bump the go-dependency group with 4 updates (#3528)
• 0d50489 NOISSUE - Update FMQ version
• 24edbe6 NOISSUE - Bump golang from 1.26.3-alpine3.22 to 1.26.4-alpine3.22 in /docker ...
• 610da72 NOISSUE - Bump codecov/codecov-action from 6 to 7 in /.github/workflows in th...
• 90672e5 NOISSUE - Bump the go-dependency group across 1 directory with 12 updates (#3...
• 5821d2a NOISSUE - Sign server certificate with SANs for container hostnames (#3524)
• 4948873 NOISSUE - Fix queue subscriptions (#3522)
• 493073a NOISSUE - Update dependencies
• 5a528dd NOISSUE - Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 in /.github/...
• Additional commits viewable in compare view

Updates github.com/dgraph-io/badger/v4 from 4.9.1 to 4.9.2

Release notes

Sourced from github.com/dgraph-io/badger/v4's releases.

v4.9.2

What's Changed

• chore(core): remove unused event log by @​xqqp in dgraph-io/badger#2257
• fix(cd): upload build artifacts to GitHub Release by @​matthewmcneely in dgraph-io/badger#2273
• fix: Prevent NPE on sync with inmemory DB by @​alpe in dgraph-io/badger#2264
• perf: skip lsm lookup for expired entries during value log rewrite by @​lamb007 in dgraph-io/badger#2269
• chore: update jemalloc to 5.3.1 by @​solracsf in dgraph-io/badger#2275
• fix : read only user should be able to open db on ReadOnly mode by @​Naelpuissant in dgraph-io/badger#2268
• fix(compaction): clamp baseLevel to >=1 to prevent L0->L0 panic on la… by @​shiva-istari in dgraph-io/badger#2296

New Contributors

• @​xqqp made their first contribution in dgraph-io/badger#2257
• @​alpe made their first contribution in dgraph-io/badger#2264
• @​lamb007 made their first contribution in dgraph-io/badger#2269
• @​Naelpuissant made their first contribution in dgraph-io/badger#2268
• @​shiva-istari made their first contribution in dgraph-io/badger#2296

Full Changelog: dgraph-io/badger@v4.9.1...v4.9.2

Changelog

Sourced from github.com/dgraph-io/badger/v4's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog.

Commits

• 284cea0 fix(compaction): clamp baseLevel to >=1 to prevent L0->L0 panic on la… (#2296)
• 897f12f fix : read only user should be able to open db on ReadOnly mode (#2268)
• ca9e10b enh: compile with jemalloc 5.3.1 (#2275)
• 7427d56 perf: skip lsm lookup for expired entries during value log rewrite (#2269)
• 773a835 fix: Prevent NPE on sync with inmemory DB (#2264)
• abbb9a5 fix(cd): upload build artifacts to GitHub Release (#2273)
• 796cb85 chore(core): remove unused event log (#2257)
• See full diff in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

• 5071ed6 all: fix some comments to improve readability
• See full diff in compare view

Updates oras.land/oras-go/v2 from 2.6.0 to 2.6.1

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.6.1

This is a security patch release addressing five advisories in the authentication, remote, and content layers, plus accumulated bug fixes and maintenance since v2.6.0.

Security Fixes

• Drop the Authorization header on cross-origin redirects to prevent origin credentials leaking to a redirect target on a different scheme/port of the same host (GHSA-vh4v-2xq2-g5cg)
• Validate the bearer realm host before sending credentials to prevent credential exfiltration to an attacker-controlled token service, including TLS downgrades and IP-literal metadata endpoints; adds TrustedRealmHosts (GHSA-28r5-37g7-p6mp, GHSA-xf85-363p-868w)
• Validate the Location host before blob upload to prevent credentials being forwarded to a cross-host upload endpoint (SSRF / CWE-918) (#1152, GHSA-jxpm-75mh-9fp7)
• Reject descriptor sizes exceeding 32 MiB in content.ReadAll to prevent a crafted OCI layout from triggering a makeslice panic and crashing the process (#1153, GHSA-f36w-mj3v-6jqv)
• Resolve symlinks when enforcing the workingDir write boundary in content/file, blocking writes that escape the boundary via a symlinked path component when AllowPathTraversalOnWrite=false

Bug Fixes

• graph.Memory should use digest as map key (#1095)
• Fix credentials key for the Docker registry-1 host (#966)
• Support an empty credentials file (#959)

Other Changes

• Add GitOps release workflow with goreleaser (#1161)
• Shift the Go support window to [1.24, 1.25] (#991)
• Run go modernize (#1005)
• Sync CODEOWNERS and OWNERS.md from main to v2 (#1122)
• Remove scripts reference from the Makefile (#960)
• Bump golang.org/x/sync 0.14.0 → 0.20.0 (#971, #978, #1001, #1037, #1078, #1121)
• Bump GitHub Actions: actions/checkout 4→5 (#989), actions/setup-go 5→6 (#998), actions/stale 9→10 (#997), github/codeql-action 3→4 (#1016)

Commits

• 47b7c80 release: v2.6.1 (#1195)
• 3c2e884 Merge commit from fork
• cc323e5 Merge commit from fork
• 7a9f4b0 Merge commit from fork
• d593d50 feat: add gitops release workflow with goreleaser (#1161)
• 5fd67f9 fix(content): reject descriptor sizes exceeding 32 MiB in ReadAll (#1153)
• 4683c46 fix: validate Location host before blob upload to prevent credential leak (#1...
• 4a3e611 build(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 (#1121)
• 00de1f0 chore: sync CODEOWNERS and OWNERS.md from main to v2 (#1122)
• d7b6f8e fix: graph.Memory should use digest as map key (#1095)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions