chore(deps): bump the ginkgo group with 2 updates

[dependabot]

Bumps the ginkgo group with 2 updates: github.com/onsi/ginkgo/v2 and github.com/onsi/gomega.

Updates github.com/onsi/ginkgo/v2 from 2.23.1 to 2.23.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.23.3

2.23.3

Fixes

• allow - as a standalone argument [cfcc1a5]
• Bug Fix: Add GinkoTBWrapper.Chdir() and GinkoTBWrapper.Context() [feaf292]
• ignore exit code for symbol test on linux [88e2282]

v2.23.2

2.23.2

🎉🎉🎉

At long last, some long-standing performance gaps between ginkgo and go test have been resolved!

Ginkgo operates by running go test -c to generate test binaries, and then running those binaries. It turns out that the compilation step of go test -c is slower than go test's compilation step because go test strips out debug symbols (ldflags=-w) whereas go test -c does not.

Ginkgo now passes the appropriate ldflags to go test -c when running specs to strip out symbols. This is only done when it is safe to do so and symbols are preferred when profiling is enabled and when ginkgo build is called explicitly.

This, coupled, with the instructions for disabling XProtect on MacOS yields a much better performance experience with Ginkgo.

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.23.3

Fixes

• allow - as a standalone argument [cfcc1a5]
• Bug Fix: Add GinkoTBWrapper.Chdir() and GinkoTBWrapper.Context() [feaf292]
• ignore exit code for symbol test on linux [88e2282]

2.23.2

🎉🎉🎉

At long last, some long-standing performance gaps between ginkgo and go test have been resolved!

Ginkgo operates by running go test -c to generate test binaries, and then running those binaries. It turns out that the compilation step of go test -c is slower than go test's compilation step because go test strips out debug symbols (ldflags=-w) whereas go test -c does not.

Ginkgo now passes the appropriate ldflags to go test -c when running specs to strip out symbols. This is only done when it is safe to do so and symbols are preferred when profiling is enabled and when ginkgo build is called explicitly.

This, coupled, with the instructions for disabling XProtect on MacOS yields a much better performance experience with Ginkgo.

Commits

• 04a9a74 v2.23.3
• cfcc1a5 allow - as a standalone argument
• feaf292 Bug Fix: Add GinkoTBWrapper.Chdir() and GinkoTBWrapper.Context()
• 88e2282 ignore exit code for symbol test on linux
• 979c969 v2.23.2
• 976a5c0 strip out symbols when running ginkgo
• See full diff in compare view

Updates github.com/onsi/gomega from 1.36.2 to 1.36.3

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.36.3

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822) [9fe5259]
• remove spurious "toolchain" from go.mod (#819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#800) [b55a92d]
• Fix typos (#813) [a1d518b]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.36.3

Maintenance

• bump all the things [adb8b49]
• chore: replace interface{} with any [7613216]
• Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822) [9fe5259]
• remove spurious "toolchain" from go.mod (#819) [a0e85b9]
• Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823) [604a8b1]
• Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772) [36fbc84]
• Bump github-pages from 231 to 232 in /docs (#778) [ced70d7]
• Bump rexml from 3.2.6 to 3.3.9 in /docs (#788) [c8b4a07]
• Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812) [06431b9]
• Bump webrick from 1.8.1 to 1.9.1 in /docs (#800) [b55a92d]
• Fix typos (#813) [a1d518b]

Commits

• 2251143 v1.36.3
• adb8b49 bump all the things
• 7613216 chore: replace interface{} with any
• 9fe5259 Bump google.golang.org/protobuf from 1.36.1 to 1.36.5 (#822)
• a0e85b9 remove spurious "toolchain" from go.mod (#819)
• 604a8b1 Bump golang.org/x/net from 0.33.0 to 0.35.0 (#823)
• 36fbc84 Bump activesupport from 6.0.6.1 to 6.1.7.5 in /docs (#772)
• ced70d7 Bump github-pages from 231 to 232 in /docs (#778)
• c8b4a07 Bump rexml from 3.2.6 to 3.3.9 in /docs (#788)
• 06431b9 Bump github.com/onsi/ginkgo/v2 from 2.22.1 to 2.22.2 (#812)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ❌ 1 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 4 package(s) with unknown licenses.

See the Details below.

Vulnerabilities

go.mod

Name	Version	Vulnerability	Severity
golang.org/x/net	0.37.0	golang.org/x/net vulnerable to Cross-site Scripting	moderate

License Issues

go.mod

Package	Version	License	Issue Type
golang.org/x/net	0.37.0	Null	Unknown License
golang.org/x/sys	0.32.0	Null	Unknown License
golang.org/x/term	0.30.0	Null	Unknown License
golang.org/x/tools	0.31.0	Null	Unknown License

Allowed Licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, BSL-1.0, CC0-1.0, ISC, MIT, MPL-2.0, Unlicense

OpenSSF Scorecard

Package	Version	Score	Details
gomod/golang.org/x/net	0.37.0	Unknown	Unknown
gomod/github.com/google/pprof	0.0.0-20250403155104-27863c87afa6	🟢 8	Details Check Score Reason Maintained 🟢 10 16 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 10 all changesets reviewed CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4
gomod/github.com/onsi/ginkgo/v2	2.23.4	🟢 5.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 5/24 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy ⚠️ 0 security policy file not detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 8 2 existing vulnerabilities detected
gomod/github.com/onsi/gomega	1.36.3	🟢 5.4	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 12 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 9/15 approved changesets -- score normalized to 6 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 9 1 existing vulnerabilities detected
gomod/go.uber.org/automaxprocs	1.6.0	🟢 4.6	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 8 Found 25/28 approved changesets -- score normalized to 8 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/golang.org/x/sys	0.32.0	Unknown	Unknown
gomod/golang.org/x/term	0.30.0	Unknown	Unknown
gomod/golang.org/x/tools	0.31.0	Unknown	Unknown

Scanned Files

• go.mod