fix(deps): bump the external group across 1 directory with 7 updates

[dependabot]

Bumps the external group with 7 updates in the /otdfctl directory:

Package	From	To
github.com/charmbracelet/bubbles	0.21.1-0.20250623103423-23b8fd6302d7	1.0.0
github.com/charmbracelet/glamour	0.10.0	1.0.0
github.com/charmbracelet/huh	0.8.0	1.0.0
github.com/evertras/bubble-table	0.19.2	0.22.3
github.com/golang-jwt/jwt/v5	5.3.0	5.3.1
github.com/zitadel/oidc/v3	3.45.1	3.47.5
golang.org/x/term	0.43.0	0.44.0

Updates github.com/charmbracelet/bubbles from 0.21.1-0.20250623103423-23b8fd6302d7 to 1.0.0

Release notes

Sourced from github.com/charmbracelet/bubbles's releases.

v1.0.0

This is just an honorary release of Bubbles v1. Stay tuned for the next major version 🫧

Changelog

Fixed

• d0166363eb8176b331de98dba1d6e997560f216f: fix: changed 'recieve' to 'receive' for 100% quality of Go Report Card (#881) (@​Atennop1)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v0.21.1

Changelog

New!

• dff42ddb7cf28f022da475c69dba2e74f75af34d: feat: update keybindings in list setSize method (@​Broderick-Westrope)

Fixed

• c376ce3ef18cc26bbf1f6338cc8518ae329a18d6: fix(cursor): fix data race on blinkTag (#784) (@​DryHumour)
• 11d52ca426e5c594f7c6c10766935a7f30a83225: fix(table): preventing cursor from being out-of-bounds. (@​s0ders)
• 49ff5c03b7bada572da36c79269dc15ab03d569b: fix(textinput): improve placeholder (#768) (@​caarlos0)
• 7c44f63d3185e6f1d795e9369ba85185e6efe956: v1: fix(list): ensure correct cursor positions with page/cursor methods (#831) (@​lrstanley)

Docs

• 7fcf75da535ee7db938586044a02f0f74f40339e: docs(readme): update footer image and copyright date (@​meowgorithm)
• d4feefed7d674edbfbc8f09e99c56704706038c5: docs: remove Charm Cloud reference (#785) (@​ShalokShalom)

Other stuff

• daab808a4d85e0b616ca9e30c1c5d9acd365aa02: ci: sync dependabot config (#786) (@​charmcli)
• 4b2d311076480670a00b3f24fd9ad280c35c7c57: ci: sync dependabot config (#835) (@​charmcli)
• 8562e9075fb87edf45e99c5d63a6610254d6c6e7: ci: sync golangci-lint config (#781) (@​github-actions[bot])
• f54a125f7decd8fefa0db4a0853720200d50a631: test(table): improve table unit tests (#601) (@​Broderick-Westrope)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

• See full diff in compare view

Updates github.com/charmbracelet/glamour from 0.10.0 to 1.0.0

Commits

• 69661fd chore(deps): bump actions/checkout from 5 to 6 in the all group (#491)
• 0af1a2d chore(deps): bump the all group with 2 updates (#482)
• a9ec019 chore(deps): bump github.com/charmbracelet/x/ansi in the all group (#477)
• 7a4cf0c ci: sync dependabot config (#476)
• 49c8248 chore(deps): bump the all group with 2 updates (#472)
• c1ce505 chore(deps): bump actions/setup-go from 5 to 6 in the all group (#471)
• f9c650c ci: sync dependabot config (#470)
• e3c481b chore(deps): bump actions/checkout from 4 to 5 (#469)
• 7209389 chore(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 (#468)
• f447e14 chore(deps): bump github.com/charmbracelet/x/ansi from 0.9.3 to 0.10.1 (#467)
• Additional commits viewable in compare view

Updates github.com/charmbracelet/huh from 0.8.0 to 1.0.0

Commits

• 9dc45e3 chore(deps): bump github.com/charmbracelet/bubbles (#733)
• bffc99a chore(deps): bump github.com/charmbracelet/bubbles (#739)
• 5c5971e chore(deps): bump github.com/charmbracelet/bubbles (#732)
• 04fe1e4 ci: sync golangci-lint config
• cf33835 chore(deps): bump github.com/charmbracelet/x/exp/strings (#729)
• 6f7d32f chore: minor wording change in match select (#716)
• 6575a6e chore(deps): bump actions/checkout from 5 to 6 in the all group (#715)
• 25888d1 chore(deps): bump golangci/golangci-lint-action in the all group (#712)
• See full diff in compare view

Updates github.com/evertras/bubble-table from 0.19.2 to 0.22.3

Release notes

Sourced from github.com/evertras/bubble-table's releases.

v0.22.3

What's Changed

• fix: ensure WithTargetHeight works properly when WithRowBorder is enabled by @​wheelibin in Evertras/bubble-table#230

Full Changelog: Evertras/bubble-table@v0.22.2...v0.22.3

v0.22.2

What's Changed

• fix: invalidate pageStartIndices on filter change in targetHeight mode by @​wheelibin in Evertras/bubble-table#229

Full Changelog: Evertras/bubble-table@v0.22.1...v0.22.2

v0.22.1

What's Changed

• fix: handle hyphen wrapping bug by @​wheelibin in Evertras/bubble-table#228

Full Changelog: Evertras/bubble-table@v0.22.0...v0.22.1

v0.22.0

What's Changed

• fix: add WithBorderForeground to all examples by @​wheelibin in Evertras/bubble-table#226
• feat(#188): add WithTargetHeight for fixed terminal-line pagination by @​wheelibin in Evertras/bubble-table#227

Full Changelog: Evertras/bubble-table@v0.21.0...v0.22.0

v0.21.0

What's Changed

• chore: remove runewidth dep by @​wheelibin in Evertras/bubble-table#220
• fix(#165): use ansi.StringWidth calculation rather than len by @​wheelibin in Evertras/bubble-table#221
• Pr 214 rebased by @​wheelibin in Evertras/bubble-table#222
• fix: prevent HeaderStyle border definitions from breaking table layout by @​wheelibin in Evertras/bubble-table#223
• feat(#186): add native time.Time sort support by @​wheelibin in Evertras/bubble-table#224
• fix(#130): apply column style padding to headers and cells by @​wheelibin in Evertras/bubble-table#225

Full Changelog: Evertras/bubble-table@v0.20.1...v0.21.0

v0.20.1

What's Changed

• fix(#77): replace reflow with charmbracelet/x/ansi and added working hyperlinks example by @​wheelibin in Evertras/bubble-table#218
• feat(#192): add WithRowBorder and WithOuterBorder by @​wheelibin in Evertras/bubble-table#219

Full Changelog: Evertras/bubble-table@v0.20.0...v0.20.1

v0.20.0

... (truncated)

Commits

• 6062daf fix: ensure WithTargetHeight works properly when WithRowBorder is enabled (#230)
• 38ede76 fix: invalidate pageStartIndices on filter change in targetHeight mode (#229)
• 88d0435 fix: handle hyphen wrapping bug (#228)
• 31688b5 feat(#188): add WithTargetHeight for fixed terminal-line pagination (#227)
• b4aaed1 fix: add WithBorderForeground to all examples (#226)
• 3017c55 fix(#130): apply column style padding to headers and cells (#225)
• 1d6b45c feat(#186): add native time.Time sort support (#224)
• 363b994 fix: prevent HeaderStyle border definitions from breaking table layout (#223)
• df4a5aa Pr 214 rebased (#222)
• ffbe1e1 fix(#165): use ansi.StringWidth calculation rather than len (#221)
• Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

• Add spellcheck Github action to catch common spelling mistakes by @​equalsgibson in golang-jwt/jwt#458
• Add WithNotBeforeRequired parser option and add test coverage by @​equalsgibson in golang-jwt/jwt#456
• Update godoc example func to properly refer to NewWithClaims() by @​equalsgibson in golang-jwt/jwt#459
• Update github workflows by @​mfridman in golang-jwt/jwt#462
• Additional test for CustomClaims that validates unmarshalling behaviour by @​equalsgibson in golang-jwt/jwt#457
• Fix early file close in jwt cli by @​mfridman in golang-jwt/jwt#472
• Add TPM signature reference by @​salrashid123 in golang-jwt/jwt#473
• Remove misleading ParserOptions documentation in golang-jwt/jwt#484
• Save signature to Token struct after successful signing by @​EgorSheff in golang-jwt/jwt#417
• Set token.Signature in ParseUnverified by @​slickwilli in golang-jwt/jwt#414

👒 Dependencies

• Bump crate-ci/typos from 1.34.0 to 1.35.3 by @​dependabot[bot] in golang-jwt/jwt#461
• Bump crate-ci/typos from 1.35.4 to 1.36.2 by @​dependabot[bot] in golang-jwt/jwt#470
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in golang-jwt/jwt#478
• Bump crate-ci/typos from 1.36.2 to 1.39.0 by @​dependabot[bot] in golang-jwt/jwt#480
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in golang-jwt/jwt#481
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#469
• Bump crate-ci/typos from 1.39.0 to 1.40.0 by @​dependabot[bot] in golang-jwt/jwt#488
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#487
• Bump crate-ci/typos from 1.40.0 to 1.41.0 by @​dependabot[bot] in golang-jwt/jwt#490
• Bump crate-ci/typos from 1.41.0 to 1.42.1 by @​dependabot[bot] in golang-jwt/jwt#492

New Contributors

• @​equalsgibson made their first contribution in golang-jwt/jwt#458
• @​salrashid123 made their first contribution in golang-jwt/jwt#473
• @​EgorSheff made their first contribution in golang-jwt/jwt#417
• @​slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits

• 7ceae61 Add release.yml for changelog configuration
• dce8e4d Set token.Signature in ParseUnverified (#414)
• 8889e20 Save signature to Token struct after successful signing (#417)
• d237f82 ci: update github-actions schedule interval to monthly
• d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
• e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
• e6a0afa Bump actions/checkout from 5 to 6 (#487)
• 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
• 60a8669 Bump actions/setup-go from 5 to 6 (#469)
• 76f5828 Remove misleading ParserOptions documentation (#484)
• Additional commits viewable in compare view

Updates github.com/zitadel/oidc/v3 from 3.45.1 to 3.47.5

Release notes

Sourced from github.com/zitadel/oidc/v3's releases.

v3.47.5

3.47.5 (2026-04-20)

Bug Fixes

• op: allow dynamic loopback ports in post_logout_redirect_uri per RFC 8252 §7.3 (#875) (fb9fbfe), closes /datatracker.ietf.org/doc/html/rfc8252#section-7 zitadel/zitadel#6615

v3.47.4

3.47.4 (2026-04-17)

Bug Fixes

• URL-encode client credentials in Basic Auth per RFC 6749 §2.3.1 (#873) (178e018), closes /datatracker.ietf.org/doc/html/rfc6749#section-2 #857 #858

v3.47.3

3.47.3 (2026-04-15)

Bug Fixes

• propagate signature verification errors correctly (#872) (49664bf)

v3.47.2

3.47.2 (2026-04-10)

Bug Fixes

• tolerate string amr claims from external providers (#855) (5f70eff)

v3.47.1

3.47.1 (2026-04-09)

Bug Fixes

• oidc server error to http status mapping (#865) (d118dd7)

v3.47.0

This release adds signing of opaque tokens. By secure default, all existing opaque access tokens emitted by OP implementations, will be invalid. Users will need to re-login. If you want a more gradual upgrade use the op.WithCrypto() option to pass a op.NewCompositeCrypto(). Use aop.NewAESCrypto() in the Decrypter slice with the existing master key.

This change does not affect client / RP / RS libraries.

What's Changed

• feat: use jose for bearer-token encryption by @​wim07101993 in zitadel/oidc@b4cf422
• chore: package upgrades by @​wim07101993 in zitadel/oidc#866

... (truncated)

Commits

• fb9fbfe fix(op): allow dynamic loopback ports in post_logout_redirect_uri per RFC 825...
• 178e018 fix: URL-encode client credentials in Basic Auth per RFC 6749 §2.3.1 (#873)
• 49664bf fix: propagate signature verification errors correctly (#872)
• 5f70eff fix: tolerate string amr claims from external providers (#855)
• 97b71d3 chore(deps): bump golang.org/x/text from 0.35.0 to 0.36.0 (#869)
• d118dd7 fix: oidc server error to http status mapping (#865)
• 2534f81 docs: update semantic title requirements (#863)
• d016375 example: set device cookie httpOnly (#868)
• b4cf422 Merge commit from fork
• 0bf0ade chore: package upgrades (#866)
• Additional commits viewable in compare view

Updates golang.org/x/term from 0.43.0 to 0.44.0

Commits

• 3b43943 go.mod: update golang.org/x dependencies
• See full diff in compare view

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	198.435939ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	97.143686ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	415.305717ms
Throughput	240.79 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	44.051157457s
Average Latency	438.94614ms
Throughput	113.50 requests/second

[github-actions]

X-Test Results

✅ go@main-v0.9.0
✅ go@main-pull-3640
✅ java@main-pull-3640
✅ js@main-pull-3640
✅ js@main-v0.9.0
cukes-report
✅ java@main-v0.9.0
opentdfplatform0YP9N5.dockerbuild
govulncheck-failure-1
govulncheck-failure-8
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-3
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	190.697808ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	91.684098ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	457.616967ms
Throughput	218.52 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	45.530901729s
Average Latency	453.183309ms
Throughput	109.82 requests/second

[github-actions]

X-Test Results

✅ go@main-pull-3640
✅ go@main-v0.9.0
✅ java@main-pull-3640
✅ java@main-v0.9.0
✅ js@main-pull-3640
✅ js@main-v0.9.0
opentdfplatformNHD718.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-5
govulncheck-failure-0
govulncheck-failure-1

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	186.437811ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	96.038591ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	416.361939ms
Throughput	240.18 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	44.629135113s
Average Latency	444.702792ms
Throughput	112.03 requests/second

[github-actions]

X-Test Results

✅ go@main-pull-3640
✅ go@main-v0.9.0
✅ java@main-pull-3640
✅ java@main-v0.9.0
✅ js@main-pull-3640
✅ js@main-v0.9.0
cukes-report
opentdfplatformOW8IGR.dockerbuild
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-3
govulncheck-failure-8
govulncheck-failure-5
govulncheck-failure-1

[github-actions]

X-Test Failure Report

server-logs-go@main-main
server-logs-go@main-pull-3640
server-logs-js@main-v0.9.0
server-logs-java@main-pull-3640
server-logs-java@main-v0.9.0
server-logs-go@pull-3640-main
server-logs-js@main-main
server-logs-go@pull-3640-pull-3640
server-logs-go@main-v0.9.0
server-logs-go@pull-3640-v0.9.0
server-logs-js@main-pull-3640
server-logs-java@main-main
opentdfplatformM35G6W.dockerbuild
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-0
govulncheck-failure-1
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	292.741407ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	142.549177ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	442.645876ms
Throughput	225.91 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.141114602s
Average Latency	429.212643ms
Throughput	115.90 requests/second

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• otdfctl
• sdk
• service
• lib/fixtures
• tests-bdd

See the workflow run for details.

[github-actions]

X-Test Failure Report

server-logs-go@pull-3640-v0.9.0
server-logs-js@main-v0.9.0
server-logs-js@main-pull-3640
server-logs-go@main-main
server-logs-java@main-v0.9.0
server-logs-go@main-v0.9.0
server-logs-go@main-pull-3640
server-logs-go@pull-3640-main
server-logs-java@main-main
server-logs-java@main-pull-3640
server-logs-go@pull-3640-pull-3640
server-logs-js@main-main
opentdfplatformA0YYBL.dockerbuild
govulncheck-failure-8
govulncheck-failure-1
govulncheck-failure-0
govulncheck-failure-5
govulncheck-failure-3
govulncheck-failure-2

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	198.95283ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	108.284963ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	431.289626ms
Throughput	231.86 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.427003425s
Average Latency	431.827784ms
Throughput	115.14 requests/second