Bump the gomod group across 1 directory with 5 updates

[dependabot]

Bumps the gomod group with 4 updates in the / directory: ariga.io/atlas, github.com/charmbracelet/lipgloss, github.com/microcosm-cc/bluemonday and github.com/tdewolff/minify/v2.

Updates ariga.io/atlas from 0.24.0 to 0.25.0

Release notes

Sourced from ariga.io/atlas's releases.

v0.25.0

We are excited to announce the release of Atlas v0.25 🎊

Thanks for joining us today for our v0.25 release announcement! In this version we are introducing a new feature that has been requested by many of you: support for Row-level Security Policies in PostgreSQL.

What are Row-level Security Policies?

Row-level security (RLS) in PostgreSQL allows tables to have policies that restrict which rows can be accessed or modified based on the user's role, enhancing the SQL-standard privilege system available through GRANT.

When enabled, all normal access to the table must comply with these policies, defaulting to a deny-all approach if no policies are set, ensuring that no rows are visible or modifiable. Policies can be specific to commands, roles, or both, providing fine-grained control over data access and modification.

policy "employee_policy" {
  on    = table.employees
  for   = SELECT
  to    = [PUBLIC]
  using = "(current_user = employee_role)"
}

Read the full announcement and in our blogpost: https://atlasgo.io/blog/2024/07/09/v025-row-level-security

Quick installation

macOS + Linux:

curl -sSf https://atlasgo.sh | sh

Homebrew:

brew install ariga/tap/atlas

Docker:

docker pull arigaio/atlas

Windows

Download

Legal

The default binaries in this release are distributed released under Atlas EULA, and the community binaries are released under the Apache 2.0 license.

Full Changelog: ariga/atlas@v0.24.0...v0.25.0

Commits

• 7e9e0d6 doc/website: new pricing page
• 2f7e534 schemahcl: support variables in dynamic blocks (#2932)
• f299d2f doc: add pg policy to hcl schema (#2931)
• 47603b5 sql/postgres: expose postgres policies (#2929)
• 8955e0c schemahcl: allow creating list with mixed strings/enums (#2928)
• 23e5130 all: update go version (#2927)
• 7759f4d sql/postgres: rearrange schema objects marshaling (#2926)
• 4c9d06b sql/migrate: expose the version creation (#2924)
• 23cce27 all: fix cve-2023-49559 (#2922)
• 1f36577 sql/postgres: more flexiable support for udf types (#2920)
• Additional commits viewable in compare view

Updates github.com/charmbracelet/lipgloss from 0.11.0 to 0.12.1

Release notes

Sourced from github.com/charmbracelet/lipgloss's releases.

v0.12.1

This release fixes a regression with regard to border calculations introduced in Lip Gloss v0.11.1.

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

v0.12.0

Lists, Check ✓

This release adds a new sub-package for rendering trees and lists.

import "github.com/charmbracelet/lipgloss/list"

Define a new list.

l := list.New("A", "B", "C")

Print the list.

fmt.Println(l)
// • A
// • B
// • C

Lists have the ability to nest.

l := list.New(
  "A", list.New("Artichoke"),
  "B", list.New("Baking Flour", "Bananas", "Barley", "Bean Sprouts"),
  "C", list.New("Cashew Apple", "Cashews", "Coconut Milk", "Curry Paste", "Currywurst"),
  "D", list.New("Dill", "Dragonfruit", "Dried Shrimp"),
  "E", list.New("Eggs"),
  "F", list.New("Fish Cake", "Furikake"),
  "J", list.New("Jicama"),
  "K", list.New("Kohlrabi"),
  "L", list.New("Leeks", "Lentils", "Licorice Root"),
)

... (truncated)

Commits

• 670898d chore: retract v0.11.1
• 1b3672b chore: upgrade x/ansi to v0.1.4
• 6348d59 docs: list documentation (#331)
• 2a67670 Drop Tree (#330)
• 9564423 feat(ci): use goreleaser for releases (#301)
• e6edbac chore: bump x/ansi to v0.1.3
• 5a82e41 chore: update CODEOWNERS
• 33b3263 fix: Deprecate UnsetBorderTopBackgroundColor in favor of UnsetBorderTopBackgr...
• bbd02ab chore(ci): also build examples (#310)
• 7838b4e feat: deprecate Style.ColorWhitespace
• Additional commits viewable in compare view

Updates github.com/microcosm-cc/bluemonday from 1.0.26 to 1.0.27

Commits

• 10b8ac6 Remove SPDX header from LICENSE to enable GitHub auto-detection
• 30fb5d7 Don't duplicate attrs if multiple global policies allow them
• e244202 Update CONTRIBUTING.md (fixup of 109c9cf)
• 206ce8a Update the security policy
• 109c9cf Clean up developer instructions to a vanilla Go project
• e602a4a Fix RequireCrossOriginAnonymous when crossorigin attr is allowed
• 37251d9 Consistently raise minimum Go version and update CI
• 135e7bb all: upgrade dependencies
• 5703ea6 Merge pull request #207 from silverwind/4hex
• af654ef Merge pull request #202 from caarlos0/tidy
• Additional commits viewable in compare view

Updates github.com/tdewolff/minify/v2 from 2.20.34 to 2.20.37

Release notes

Sourced from github.com/tdewolff/minify/v2's releases.

v2.20.37

• JS: fix !"" => true, fixes tdewolff/minify#723
• JS: don't remove group around optional chaining expressions when it's the left side of a dot expression, fixes tdewolff/minify#724
• JS: variable usage, indexing and dot expressions have side-effects, fixes tdewolff/minify#725
• cmd: allow forward and backward slashes for Windows platform, fixes tdewolff/minify#726

v2.20.36

• XML: keep all spaces inside CDATA, fixes tdewolff/minify#722

v2.20.35

• JS: improve decision to convert string to template literal; don't count \r, see tdewolff/minify#717
• Don't modify minifier options, fixes tdewolff/minify#720

Commits

• f50b46a cmd: allow forward and backward slashes for Windows platform, fixes #726
• 767148c JS: variable usage, indexing and dot expressions have side-effects, fixes #725
• 9fab517 JS: don't remove group around optional chaining expressions when it's the lef...
• 3354711 JS: fix !"" => true, fixes #723
• ba78373 Merge pull request #721 from tdewolff/dependabot/github_actions/pypa/cibuildw...
• d07e07f XML: keep all spaces inside CDATA, fixes #722
• 03662c3 Add test for #722
• dd47199 Bump pypa/cibuildwheel from 2.19.1 to 2.19.2
• fffa3db Merge pull request #718 from tdewolff/dependabot/github_actions/softprops/act...
• 2669b34 Merge pull request #716 from tdewolff/dependabot/github_actions/docker/build-...
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.21.0 to 0.24.0

Commits

• 332fd65 go.mod: update golang.org/x dependencies
• 0b431c7 x509roots/fallback: update bundle
• 349231f ssh: implement CryptoPublicKey on sk keys
• 44c9b0f ssh: allow server auth callbacks to send additional banners
• 67b1361 sha3: reenable s390x assembly
• 477a5b4 sha3: make APIs usable with zero allocations
• 59b5a86 sha3: disable s390x assembly
• 10f366e sha3: simplify XOR functions
• 905d78a go.mod: update golang.org/x dependencies
• ebb717d ssh: validate key type in SSH_MSG_USERAUTH_PK_OK response
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions