chore(deps): bump the go-modules group with 7 updates

[dependabot]

Bumps the go-modules group with 7 updates:

Package	From	To
cloud.google.com/go/storage	1.59.2	1.60.0
github.com/anchore/stereoscope	0.1.19	0.1.20
github.com/anchore/syft	1.41.2	1.42.0
github.com/gpustack/gguf-parser-go	0.23.1	0.24.0
google.golang.org/api	0.265.0	0.266.0
google.golang.org/genproto/googleapis/api	0.0.0-20260128011058-8636f8732409	0.0.0-20260203192932-546029d2fa20
google.golang.org/genproto/googleapis/rpc	0.0.0-20260128011058-8636f8732409	0.0.0-20260203192932-546029d2fa20

Updates cloud.google.com/go/storage from 1.59.2 to 1.60.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage 1.60.0

1.60.0 (2026-02-10)

Features

• adding support for max-retry-duration for all api other than resumable-upload (#13749) (31c352bd)

• support checksum validation in resumable json uploads (#13573) (337ca078)

• Added a new field ComposeObjectRequest.delete_source_objects field (PiperOrigin-RevId: 863087065) (611f2392)

Bug Fixes

• change TestValidateChecksumFromServer error message (#13810) (07414143)

• fix panic error in transfermanager downloads (#13815) (42722719)

• deadlock in event loop while coordinating channels (#13652) (7d9d00c6)

Documentation

• Updated documentation for BidiReadObject, ReadObjectRequest, and ObjectContexts (PiperOrigin-RevId: 863087065) (611f2392)

Commits

• 0be35b0 chore(main): release spanner 1.60.0 (#9601)
• 79efda0 chore: add header & system param docs (#9591)
• 1c9a26e chore(storage/control): add config to generate apiv2 (#9600)
• 37ef892 chore(spanner): release v1.60.0 (#9597)
• e4b663c feat: allow attempt direct path xds via env var (#9582)
• 1a04baf feat(auth): move credentials to base auth package (#9590)
• 93c7bc0 chore(secretmanager): add config to generate apiv1beta2 (#9593)
• d6b1088 chore(internal/postprocessor): add validation command and CI (#9575)
• 141f2a5 chore: release main (#9571)
• 25c3f2d feat(datacatalog): Add RANGE type to Data Catalog (#9573)
• Additional commits viewable in compare view

Updates github.com/anchore/stereoscope from 0.1.19 to 0.1.20

Release notes

Sourced from github.com/anchore/stereoscope's releases.

v0.1.20

Bug Fixes

• tar without all path segments fail to load [#492 #514 @​cwrau]

Dependency Updates

• bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 in /.github/workflows [#519 @​dependabot]
• bump github.com/bmatcuk/doublestar/v4 from 4.9.2 to 4.10.0 [#515 @​dependabot]
• bump github.com/docker/cli from 29.1.5+incompatible to 29.2.0+incompatible [#516 @​dependabot]
• bump actions/cache from 5.0.2 to 5.0.3 in /.github/actions/bootstrap [#517 @​dependabot]
• bump actions/cache from 5.0.2 to 5.0.3 in /.github/workflows [#518 @​dependabot]

(Full Changelog)

Commits

• 3e0f488 chore(deps): bump zizmorcore/zizmor-action in /.github/workflows (#519)
• 87104f7 chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.9.2 to 4.10.0 (#515)
• 99f8b53 chore(deps): bump github.com/docker/cli (#516)
• 79a22ab chore(deps): bump actions/cache in /.github/actions/bootstrap (#517)
• c61a6f2 chore(deps): bump actions/cache in /.github/workflows (#518)
• f24caab fix: missing path segments after untarring (#514)
• See full diff in compare view

Updates github.com/anchore/syft from 1.41.2 to 1.42.0

Release notes

Sourced from github.com/anchore/syft's releases.

v1.42.0

Added Features

• Add support for scanning GGUF models from OCI registries [#4335 @​spiffcs]
• yarn lockfile scan doesnt catch dev dependencies [#4548 #4549 @​rezmoss]

Additional Changes

• CPE detection for APK libavif to use aomedia vendor [#4597 @​naag]

(Full Changelog)

Commits

• 9872ff3 chore(deps): update anchore dependencies (#4613)
• 31c5031 chore(deps): bump github.com/go-git/go-git/v5 from 5.16.4 to 5.16.5 (#4612)
• 2c5e193 feat: Add support for scanning GGUF models from OCI registries (#4335)
• 3a23cff chore(deps): update CPE dictionary index (#4610)
• 443de21 chore(deps): bump github.com/bmatcuk/doublestar/v4 (#4606)
• 1af8b1a chore(deps): bump the actions-minor-patch group across 2 directories with 2 u...
• c185657 feat: add yarn lock dev dep detection; fixed #4548
• 48ee12b ci(generate-capabilities): serialize writing and reading yaml (#4602)
• 0b05f0e chore(deps): update CPE dictionary index (#4601)
• 138cb1b fix(cpe-generation): set start and end date (#4600)
• Additional commits viewable in compare view

Updates github.com/gpustack/gguf-parser-go from 0.23.1 to 0.24.0

Commits

• a25d157 fix: validate GGUF header fields before allocations to prevent OOM (#18)
• See full diff in compare view

Updates google.golang.org/api from 0.265.0 to 0.266.0

Release notes

Sourced from google.golang.org/api's releases.

v0.266.0

0.266.0 (2026-02-10)

Features

• all: Auto-regenerate discovery clients (#3483) (a3a61ce)
• all: Auto-regenerate discovery clients (#3485) (200d140)
• all: Auto-regenerate discovery clients (#3486) (870909e)
• all: Auto-regenerate discovery clients (#3487) (6018e80)
• all: Auto-regenerate discovery clients (#3489) (402353b)
• all: Auto-regenerate discovery clients (#3490) (49c652f)

Changelog

Sourced from google.golang.org/api's changelog.

0.266.0 (2026-02-10)

Features

• all: Auto-regenerate discovery clients (#3483) (a3a61ce)
• all: Auto-regenerate discovery clients (#3485) (200d140)
• all: Auto-regenerate discovery clients (#3486) (870909e)
• all: Auto-regenerate discovery clients (#3487) (6018e80)
• all: Auto-regenerate discovery clients (#3489) (402353b)
• all: Auto-regenerate discovery clients (#3490) (49c652f)

Commits

• 26a317d chore(main): release 0.266.0 (#3484)
• 49c652f feat(all): auto-regenerate discovery clients (#3490)
• b9fd5c2 chore(all): update all (#3488)
• 402353b feat(all): auto-regenerate discovery clients (#3489)
• 6018e80 feat(all): auto-regenerate discovery clients (#3487)
• 870909e feat(all): auto-regenerate discovery clients (#3486)
• 200d140 feat(all): auto-regenerate discovery clients (#3485)
• a3a61ce feat(all): auto-regenerate discovery clients (#3483)
• See full diff in compare view

Updates google.golang.org/genproto/googleapis/api from 0.0.0-20260128011058-8636f8732409 to 0.0.0-20260203192932-546029d2fa20

Commits

• See full diff in compare view

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20260128011058-8636f8732409 to 0.0.0-20260203192932-546029d2fa20

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions