gomod(deps): Bump the go-deps group with 6 updates

[dependabot]

Bumps the go-deps group with 6 updates:

Package	From	To
charm.land/bubbles/v2	2.0.0	2.1.0
github.com/containerd/platforms	1.0.0-rc.2	1.0.0-rc.3
github.com/docker/cli	29.3.0+incompatible	29.3.1+incompatible
github.com/moby/buildkit	0.28.0	0.28.1
github.com/posthog/posthog-go	1.11.1	1.11.2
github.com/rs/zerolog	1.34.0	1.35.0

Updates charm.land/bubbles/v2 from 2.0.0 to 2.1.0

Release notes

Sourced from charm.land/bubbles/v2's releases.

v2.1.0

Shrink ’n’ grow your textareas

The update adds a new feature to automatically resize your textarea vertically as its content changes.

ta := textarea.New()
ta.DynamicHeight = true   // Enable dynamic resizing
ta.MinHeight = 3          // Minimum visible rows
ta.MaxHeight = 10         // Maximum visible rows
ta.MaxContentHeight = 20  // Maximum rows of content

Piece of cake, right?

Enjoy! 💘

Changelog

New!

• f1daacfa0cfee07e31a12498078426d275aa5286: feat(textarea): dynamic height (#910) (@​meowgorithm)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

• f1daacf feat(textarea): dynamic height (#910)
• d2b804e chore(deps): bump the all group with 2 updates (#908)
• c2c79e3 chore(deps): bump the all group with 2 updates (#902)
• See full diff in compare view

Updates github.com/containerd/platforms from 1.0.0-rc.2 to 1.0.0-rc.3

Release notes

Sourced from github.com/containerd/platforms's releases.

v1.0.0-rc.3

What's Changed

• Update GitHub actions by @​dmcgowan in containerd/platforms#27
• Add support for OS Features in the format by @​dmcgowan in containerd/platforms#16
• Match and Compare platforms with OSFeatures by @​dmcgowan in containerd/platforms#20
• Add encoding to os version and features by @​dmcgowan in containerd/platforms#28

Full Changelog: containerd/platforms@v1.0.0-rc.2...v1.0.0-rc.3

Commits

• e543b9f Merge pull request #28 from dmcgowan/encode-os-version
• 3cff7fa Add encoding to os version and features
• 54c1ef4 Merge pull request #20 from dmcgowan/match-features
• 1b8cf34 Add compare and matching for OS features
• b42036f Merge pull request #16 from dmcgowan/add-os-features
• 2474351 Sort OSFeatures on format
• 5b124ef Add support for OS Features in the format
• 005d370 Merge pull request #27 from dmcgowan/update-github-actions
• 7c872f6 Update golangci lint
• 50e5387 Update go version to latest
• Additional commits viewable in compare view

Updates github.com/docker/cli from 29.3.0+incompatible to 29.3.1+incompatible

Commits

• c2be9cc Merge pull request #6887 from thaJeztah/29.x_backport_pin_actions
• 0da6a51 ci: pin actions to digests
• 6b3ca8f Merge pull request #6884 from thaJeztah/29.x_backport_missing_buildtags
• f47603c Merge pull request #6885 from thaJeztah/29.x_backport_update_actions
• 9709c8f build(deps): bump docker/metadata-action from 5 to 6
• af45a23 build(deps): bump docker/bake-action from 6 to 7
• bc97f5a Merge pull request #6883 from thaJeztah/29.x_backport_update_go1.25.8
• 6d71967 cli/command: add missing "go:build" comments
• 9b51892 update to go1.25.8
• See full diff in compare view

Updates github.com/moby/buildkit from 0.28.0 to 0.28.1

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.28.1

Welcome to the v0.28.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Sebastiaan van Stijn

Notable Changes

• Fix insufficient validation of Git URL #ref:subdir fragments that could allow access to restricted files outside the checked-out repository root. GHSA-4vrq-3vrq-g6gg
• Fix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. GHSA-4c29-8rgm-jvjj
• Fix a panic when processing invalid .dockerignore patterns during COPY. #6610 moby/patternmatcher#9

Dependency Changes

• github.com/moby/patternmatcher v0.6.0 -> v0.6.1

Previous release can be found at v0.28.0

Commits

• 45b038c git: normalize and validate subdir paths
• f5462c2 git: harden ref arg handling
• 71577a5 source: extract SafeFileName into shared pathutil package
• df43783 source/http: use os.Root for saved file operations
• 9ce6f62 source/http: sanitize downloaded filenames
• 099cf80 executor: validate container IDs centrally
• 2642113 Merge pull request #6610 from thaJeztah/0.28_backport_bump_patternmatcher
• 802da78 vendor: github.com/moby/patternmatcher v0.6.1
• See full diff in compare view

Updates github.com/posthog/posthog-go from 1.11.1 to 1.11.2

Release notes

Sourced from github.com/posthog/posthog-go's releases.

v1.11.2

1.11.2 - 2026-03-26

• Full Changelog

Changelog

Sourced from github.com/posthog/posthog-go's changelog.

1.11.2 - 2026-03-26

• Full Changelog

Commits

• 582bcf4 chore: bump version to 1.11.2 [version bump]
• deed4e0 chore: update release workflow action versions (#173)
• 2a75905 fix: dramatically reduce memory allocations in feature flag evaluation (#172)
• a9cb449 chore: extract releasing docs and add PR template (#171)
• 3ea4481 feat: add automatic system context to all events (#167)
• 5846581 fix: target master branch in CodeQL workflow (#170)
• a1fe65a chore: add CodeQL workflow and update actions to latest versions (#169)
• See full diff in compare view

Updates github.com/rs/zerolog from 1.34.0 to 1.35.0

Commits

• 1396655 Bump CI Go matrix minimum from 1.21 to 1.23
• 4b65a2f Bump actions/cache from 4 to 5 (#741)
• b835796 Bump actions/setup-go from 5 to 6 (#742)
• 134caf8 Added sanitization of journald keys (#751)
• e133b6a Added variadic StrsV, ObjectsV, and StringersV (#752)
• 82017d8 Bump github.com/coreos/go-systemd/v22 from 22.6.0 to 22.7.0 (#753)
• 2f5b8a9 fix: UpdateContext skips Nop and zero-value loggers (#754)
• d64c9a7 Add slog.Handler implementation for zerolog (#755)
• a0d61dc fix: return dict to Event pool (#749)
• f6fbd33 Test coverage improvements (#748)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[jedevc]

We need to hold containerd rc2 - see moby/buildkit#6616.

[jedevc]

Reviewed-by: Justin Chadwell justin@unikraft.com
Approved-by: Justin Chadwell justin@unikraft.com