chore(deps): bump the gomod group across 1 directory with 5 updates

[dependabot]

Bumps the gomod group with 5 updates in the / directory:

Package	From	To
github.com/Masterminds/semver/v3	3.4.0	3.5.0
github.com/ProtonMail/gopenpgp/v3	3.4.0	3.4.1
github.com/goreleaser/nfpm/v2	2.45.2	2.46.3
golang.org/x/mod	0.34.0	0.35.0
mvdan.cc/sh/v3	3.13.0	3.13.1

Updates github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.5.0

What's Changed

• Adding more prerelease tests by @​mattfarina in Masterminds/semver#273
• Update constraint error messages by @​mattfarina in Masterminds/semver#278
• Fix edge cases by @​mattfarina in Masterminds/semver#279
• Adding some checks in by @​mattfarina in Masterminds/semver#280
• Updating deps by @​mattfarina in Masterminds/semver#281
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in Masterminds/semver#282
• Bump actions/cache from 4.2.3 to 5.0.5 by @​dependabot[bot] in Masterminds/semver#283
• Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @​dependabot[bot] in Masterminds/semver#284
• Updating gitignore for devcontainers by @​mattfarina in Masterminds/semver#286
• Fixing some quality issues by @​mattfarina in Masterminds/semver#287

New Contributors

• @​dependabot[bot] made their first contribution in Masterminds/semver#282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

Commits

• 8b89c86 Merge pull request #287 from mattfarina/fix-da-issues
• 29d51d0 Fixing some quality issues
• 87f651d Merge pull request #286 from mattfarina/update-devcontainer
• 158a685 Updating gitignore for devcontainers
• 7e83c08 Merge pull request #284 from Masterminds/dependabot/github_actions/golangci/g...
• 697e27f Merge pull request #283 from Masterminds/dependabot/github_actions/actions/ca...
• 1591f8e Merge pull request #282 from Masterminds/dependabot/github_actions/github/cod...
• 3f5ff17 Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0
• 04baa33 Bump actions/cache from 4.2.3 to 5.0.5
• 45939fe Bump github/codeql-action from 4.35.1 to 4.35.2
• Additional commits viewable in compare view

Updates github.com/ProtonMail/gopenpgp/v3 from 3.4.0 to 3.4.1

Release notes

Sourced from github.com/ProtonMail/gopenpgp/v3's releases.

Release v3.4.1

What's Changed

• Fix EOF behavior of the verification Reader in ProtonMail/gopenpgp#358

Full Changelog: ProtonMail/gopenpgp@v3.4.0...v3.4.1

Release v3.4.1-proton

This release is v3.4.1 with support for the following non-standardized features:

• Presistent symmetric keys draft-ietf-openpgp-persistent-symmetric-keys-00
• Automatic forwarding draft-wussler-openpgp-forwarding-00
• Post-quantum algorithms draft-ietf-openpgp-pqc (draft-09)
• Proton profiles

Changelog

Sourced from github.com/ProtonMail/gopenpgp/v3's changelog.

[3.4.1] – 2026-04-29

Fixed

• Fixed EOF behavior of the verification Reader after first io.EOF.

Commits

• 0cb3933 chore: Prepare release v3.4.1 (#359)
• 7c3abbe fix(crypto): EOF behavior of the verification Reader (#358)
• 6097ee3 ci: Constrain CI runner access (#357)
• See full diff in compare view

Updates github.com/goreleaser/nfpm/v2 from 2.45.2 to 2.46.3

Release notes

Sourced from github.com/goreleaser/nfpm/v2's releases.

v2.46.3

Changelog

Build process updates

• dbae6d52f782080e1a0203e704603f0a37b19f8f: ci: fix deprecated config (@​caarlos0)

Full Changelog: goreleaser/nfpm@v2.46.2...v2.46.3

Helping out

This release is only possible thanks to all the support of awesome people!

Want to be one of them? You can sponsor or contribute with code.

Where to go next?

• nFPM is a satellite project from GoReleaser. Check it out!
• Find examples and commented usage of all options in our website.
• Reach out on Discord and Twitter!

v2.46.2

Changelog

Build process updates

• 6d0592bdb060c7c5da530bebee2a01947ff068da: ci: improve PAT usage (@​caarlos0)

Other work

• ed2a05442374300f1467df147685254535f50f1b: docs: update cmd docs (@​caarlos0)

Full Changelog: goreleaser/nfpm@v2.46.1...v2.46.2

Helping out

This release is only possible thanks to all the support of awesome people!

Want to be one of them? You can sponsor or contribute with code.

Where to go next?

• nFPM is a satellite project from GoReleaser. Check it out!
• Find examples and commented usage of all options in our website.
• Reach out on Discord and Twitter!

v2.46.1

Changelog

Bug fixes

• 74c150997bfab0fff1eb5a135741c813847641f1: fix(files): check ownedByFilesystem after destination is set (@​caarlos0)

... (truncated)

Commits

• dbae6d5 ci: fix deprecated config
• 6d0592b ci: improve PAT usage
• 12336c6 chore(deps): bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 (#1073)
• ed2a054 docs: update cmd docs
• 74c1509 fix(files): check ownedByFilesystem after destination is set
• 1ecd691 fix(files): use info.Mode() instead of d.Type() for tree files
• 752d21f fix: rename Unwarp to Unwrap on ErrSigningFailure
• b2abd8c chore: go mod tidy
• 92dd1ee fix(#1067): update go-msix version (#1071)
• 63f7e59 ci(deps): bump the actions group with 2 updates (#1070)
• Additional commits viewable in compare view

Updates golang.org/x/mod from 0.34.0 to 0.35.0

Commits

• 03901d3 go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates mvdan.cc/sh/v3 from 3.13.0 to 3.13.1

Release notes

Sourced from mvdan.cc/sh/v3's releases.

v3.13.1

• cmd/shfmt
  • Add support for [[zsh]] in EditorConfig files
  • Detect the shell variant from filenames like .zshrc and .bash_profile
  • Fix --apply-ignore when used with explicit args - #1310
• syntax
  • Revert an accidental change to how array subscripts are formatted - #1314
  • Never join ;; with the previous line when formatting - #1289
  • Fix a bug where $1[foo] was parsed as a subscript in Zsh - #1288
  • Correctly parse $! in double quotes in Zsh - #1298
  • Allow indexing into special parameters in Zsh - #1299
  • Allow parameter expansions with empty names in Zsh - #1280
• interp
  • Test against Bash 5.3 and fix three new discrepancies
  • Fix a few bugs related to nameref variables
  • Avoid panics when user input encounters unimplemented features

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.26.1 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Changelog

Sourced from mvdan.cc/sh/v3's changelog.

[3.13.1] - 2026-03-09

• cmd/shfmt
  • Add support for [[zsh]] in EditorConfig files
  • Detect the shell variant from filenames like .zshrc and .bash_profile
  • Fix --apply-ignore when used with explicit args - #1310
• syntax
  • Revert an accidental change to how array subscripts are formatted - #1314
  • Never join ;; with the previous line when formatting - #1289
  • Fix a bug where $1[foo] was parsed as a subscript in Zsh - #1288
  • Correctly parse $! in double quotes in Zsh - #1298
  • Allow indexing into special parameters in Zsh - #1299
  • Allow parameter expansions with empty names in Zsh - #1280
• interp
  • Test against Bash 5.3 and fix three new discrepancies
  • Fix a few bugs related to nameref variables
  • Avoid panics when user input encounters unimplemented features

Commits

• 2f3f5e3 CHANGELOG: add entry for v3.13.1
• 1b77144 CHANGELOG: add late entry for v3.13.0
• 4fe0cc2 README: bring output in caveats examples up to date
• d2b044b syntax: only make index expressions compact when it's a comma
• 1569230 syntax: add test cases for issue #1314
• e97b2b0 interp: avoid the last panics which can be triggered by users
• f299f47 cmd/shfmt: --apply-ignore should not skip explicit args based on extension
• 2315483 interp: fix a few nameref bugs
• 7e3be04 interp: test with Bash 5.3 and fix three bugs uncovered by it
• 8852860 pattern: tokenize patterns rune by rune
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions