build(deps): bump the golangx group with 4 updates

[dependabot]

Bumps the golangx group with 4 updates: golang.org/x/sync, golang.org/x/oauth2, golang.org/x/sys and golang.org/x/time.

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits

• ec11c4a errgroup: fix a typo in the documentation
• 1a58307 all: modernize interface{} -> any
• 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits

• 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/sys from 0.41.0 to 0.42.0

Commits

• eaaaaee windows/registry: correct KeyInfo.ModTime calculation
• 942780b cpu: darwin/arm64 feature detection
• acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
• 3687fbd cpu: better defaults on darwin ARM64
• 48062e9 plan9: change Note to alias syscall.Note
• 4f23f80 windows: change Signal to alias syscall.Signal
• 7548802 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates golang.org/x/time from 0.14.0 to 0.15.0

Commits

• 812b343 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Walkthrough

Bumped versions in go.mod for four golang.org/x packages: sync v0.19.0→v0.20.0, oauth2 v0.35.0→v0.36.0 (indirect), sys v0.41.0→v0.42.0 (indirect), and time v0.14.0→v0.15.0 (indirect). No control-flow or error-handling changes.

Changes

Cohort / File(s)	Summary
Dependency Updates go.mod	Version bumps for golang.org/x packages: sync v0.19.0→v0.20.0, oauth2 v0.35.0→v0.36.0 (indirect), sys v0.41.0→v0.42.0 (indirect), time v0.14.0→v0.15.0 (indirect). Lines changed: +4/-4.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is a Dependabot-generated template that lacks required sections from the repository's description template.	Add a Summary section, specify the Change Type (e.g., 'Docs/Test' for dependency updates), and complete the Check List Before Merging section with checkmarks.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: bumping four golang.org/x dependencies as a group update.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/go_modules/golangx-c42f1c9028

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 87: The go.mod entry for module "golang.org/x/time" references a
non-existent version v0.15.0; update that dependency to a valid release
(v0.14.0) in go.mod by replacing the version string for golang.org/x/time with
v0.14.0 and then refresh modules (e.g., run go get golang.org/x/time@v0.14.0 or
go mod tidy) so the updated, valid version is resolved.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2c3a6eb6-497a-45c9-8ece-41f25241db69

📥 Commits

Reviewing files that changed from the base of the PR and between 45ab6c6 and 5f98c0f.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

golang.org/x/time v0.15.0 release security advisories

💡 Result:

• There is no golang.org/x/time v0.15.0 release. The module’s latest tagged release is v0.14.0 (published Sep 16, 2025), and the proxy index shows only 14 versions total, ending at v0.14.0. (pkg.go.dev)
• Security advisories: In the official Go vulnerability database (the source used by govulncheck), there do not appear to be any published vulnerability reports that affect golang.org/x/time (no entries show “Affects: golang.org/x/time” in the database listings/search UI). (pkg.go.dev)

If you meant a different module that does have a v0.15.0 (common mix-ups: golang.org/x/text, golang.org/x/sync, golang.org/x/sys), tell me which one and I’ll pull the relevant advisories.

Citations:

• 1: https://pkg.go.dev/golang.org/x/time?utm_source=openai
• 2: https://pkg.go.dev/vuln/?utm_source=openai

---

Downgrade golang.org/x/time to v0.14.0 — v0.15.0 does not exist.

The referenced version v0.15.0 does not exist. The latest available release of golang.org/x/time is v0.14.0. Update the dependency to a valid version.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 87, The go.mod entry for module "golang.org/x/time"
references a non-existent version v0.15.0; update that dependency to a valid
release (v0.14.0) in go.mod by replacing the version string for
golang.org/x/time with v0.14.0 and then refresh modules (e.g., run go get
golang.org/x/time@v0.14.0 or go mod tidy) so the updated, valid version is
resolved.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.