From ed2ae78f07973e7545bb2cdcdcf4d69e5a22d6a6 Mon Sep 17 00:00:00 2001
From: "david.woolger@civo.com" <david.woolger@civo.com>
Date: Mon, 11 May 2026 17:12:35 +0100
Subject: [PATCH 1/3] chore: bump civogo to v0.7.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pulls in civogo v0.7.2 which:
- Auto-paginates the no-arg List* helpers (civo/civogo#285) — fixes
  silent truncation in `civo ip ls`, `civo kubernetes ls`,
  `civo database ls`, `civo objectstore ls`, `civo account ls`,
  and any other CLI command resolving by name/id past page 1.
- Auto-paginates `ListVPCIPs` / `FindVPCIP` (follow-up to #285,
  civogo PR #287).
- Auto-paginates `ListDatabaseBackup` / `FindDatabaseBackup` — fixes
  `civo db backup list` and `civo db backup delete <name>` for any
  database with > 20 backups.
- Adds `ListAllActions` sibling to `ListActions` (latent, no current
  CLI callers).

Customer-visible symptom: an account with > 20 Reserved IPs in a
region could not see one specific IP via `civo ip ls`. The same shape
of bug affected several other commands at smaller boundary points
(>20 K8s clusters, >20 databases, >20 object stores, etc.). With this
bump, the CLI iterates server-side pagination transparently.

Also bumps the go.mod `go` directive 1.25.9 -> 1.25.10 (transitively
required by civogo v0.7.2 to clear stdlib advisories from civo/civogo#286).

Verified locally with go1.25.10:
- go build ./...        clean
- go test ./...         pass
---
 go.mod | 4 ++--
 go.sum | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 729ffbb..1fdf705 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-go 1.25.9
+go 1.25.10
 
 module github.com/civo/cli
 
@@ -6,7 +6,7 @@ require (
 	github.com/MichaelMure/go-term-markdown v0.1.4
 	github.com/adhocore/gronx v1.19.5
 	github.com/briandowns/spinner v1.23.2
-	github.com/civo/civogo v0.7.0-alpha1
+	github.com/civo/civogo v0.7.2
 	github.com/google/go-github/v57 v57.0.0
 	github.com/google/uuid v1.6.0
 	github.com/gookit/color v1.5.4
diff --git a/go.sum b/go.sum
index f79f866..dd6cffc 100644
--- a/go.sum
+++ b/go.sum
@@ -28,8 +28,8 @@ github.com/c4milo/unpackit v0.0.0-20170704181138-4ed373e9ef1c h1:aprLqMn7gSPT+vd
 github.com/c4milo/unpackit v0.0.0-20170704181138-4ed373e9ef1c/go.mod h1:Ie6SubJv/NTO9Q0UBH0QCl3Ve50lu9hjbi5YJUw03TE=
 github.com/chengxilo/virtualterm v1.0.4 h1:Z6IpERbRVlfB8WkOmtbHiDbBANU7cimRIof7mk9/PwM=
 github.com/chengxilo/virtualterm v1.0.4/go.mod h1:DyxxBZz/x1iqJjFxTFcr6/x+jSpqN0iwWCOK1q10rlY=
-github.com/civo/civogo v0.7.0-alpha1 h1:ggGS3PsOZ65C7ij9Mp7D3Oa275yX+MfHyJ63xa8Joz8=
-github.com/civo/civogo v0.7.0-alpha1/go.mod h1:0RNiA3NDI1imXDADWSCtzcHjUCV02E+SnRLoZKKo1wY=
+github.com/civo/civogo v0.7.2 h1:kaUDRkIM696zRDGsleLChDSV7En7JvBCKtpu9imQC1M=
+github.com/civo/civogo v0.7.2/go.mod h1:Nb15x35xtG7TjCt+Hk20UVIAtMOGMLH2eJoaW9zSj4Y=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 h1:y5HC9v93H5EPKqaS1UYVg1uYah5Xf51mBfIoWehClUQ=
 github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk=

From e96976883382ef4e158bb2b618a408778d977f44 Mon Sep 17 00:00:00 2001
From: "david.woolger@civo.com" <david.woolger@civo.com>
Date: Mon, 11 May 2026 17:27:15 +0100
Subject: [PATCH 2/3] ci: bump Go to 1.25.10 in workflow defaults

Matches the go.mod directive required by civogo v0.7.2 (transitively
bumped in the previous commit). Without this, the Test / Lint /
Security jobs install Go 1.25.9 and fail:

  go: go.mod requires go >= 1.25.10 (running go 1.25.9; GOTOOLCHAIN=local)

Same change shape as civo/civogo#286. Bumps the fallback in:
  - .github/workflows/go.yml          (3 refs: test, lint, security)
  - .github/workflows/goreleaser-check.yml (1 ref)

release.yml already uses the floating `1.25.x` tag and is unaffected.
The repo-level `vars.GO_VERSION` (if set) overrides the fallback;
maintainers may want to update that too.
---
 .github/workflows/go.yml               | 6 +++---
 .github/workflows/goreleaser-check.yml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 5425485..69f701f 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v6
         with:
-          go-version: ${{ vars.GO_VERSION || '1.25.9' }}
+          go-version: ${{ vars.GO_VERSION || '1.25.10' }}
           cache: true
 
       - name: Verify dependencies
@@ -52,7 +52,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v6
         with:
-          go-version: ${{ vars.GO_VERSION || '1.25.9' }}
+          go-version: ${{ vars.GO_VERSION || '1.25.10' }}
           cache: true
 
       - name: Run golangci-lint
@@ -71,5 +71,5 @@ jobs:
       - name: Run govulncheck
         uses: golang/govulncheck-action@v1
         with:
-          go-version-input: ${{ vars.GO_VERSION || '1.25.9' }}
+          go-version-input: ${{ vars.GO_VERSION || '1.25.10' }}
           go-package: ./...
diff --git a/.github/workflows/goreleaser-check.yml b/.github/workflows/goreleaser-check.yml
index 129eafc..a0a3d9b 100644
--- a/.github/workflows/goreleaser-check.yml
+++ b/.github/workflows/goreleaser-check.yml
@@ -20,7 +20,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: ${{ vars.GO_VERSION || '1.25.9' }}
+          go-version: ${{ vars.GO_VERSION || '1.25.10' }}
           cache: true
 
       - name: Run GoReleaser Check

From 7c195cd47c4d13ab791c0bcab873a79a6f036f8d Mon Sep 17 00:00:00 2001
From: "david.woolger@civo.com" <david.woolger@civo.com>
Date: Mon, 11 May 2026 17:27:15 +0100
Subject: [PATCH 3/3] fix(deps): bump golang.org/x/image to v0.39.0
 (GO-2026-4961)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

GO-2026-4961: panic when decoding large WEBP image on 32-bit platforms
in golang.org/x/image. Reachable in this binary via
cmd/kubernetes/kubernetes_app_show.go:52 → term.Render → webp.Decode.

Fixed in golang.org/x/image v0.39.0. Pre-existing on master — the
advisory was published between 2026-04-15 (master's last CI run, all
green at the time) and 2026-05-11 (this PR's first CI run). This PR
is the first to re-trigger CI in that window, so it picks up the new
advisory; bumping the dep here unblocks the Security job and any
future PR re-running CI.

Also pulls in golang.org/x/text v0.36.0 (transitive).

Verified: go test ./... pass; govulncheck ./... reports 0 vulnerabilities.
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 1fdf705..51a4268 100644
--- a/go.mod
+++ b/go.mod
@@ -61,10 +61,10 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
-	golang.org/x/image v0.38.0 // indirect
+	golang.org/x/image v0.39.0 // indirect
 	golang.org/x/net v0.47.0 // indirect
 	golang.org/x/sys v0.38.0 // indirect
-	golang.org/x/text v0.35.0 // indirect
+	golang.org/x/text v0.36.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	k8s.io/api v0.34.2 // indirect
 	k8s.io/apimachinery v0.34.2 // indirect
diff --git a/go.sum b/go.sum
index dd6cffc..9bd63a1 100644
--- a/go.sum
+++ b/go.sum
@@ -205,8 +205,8 @@ golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
 golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20191206065243-da761ea9ff43/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.38.0 h1:5l+q+Y9JDC7mBOMjo4/aPhMDcxEptsX+Tt3GgRQRPuE=
-golang.org/x/image v0.38.0/go.mod h1:/3f6vaXC+6CEanU4KJxbcUZyEePbyKbaLoDOe4ehFYY=
+golang.org/x/image v0.39.0 h1:skVYidAEVKgn8lZ602XO75asgXBgLj9G/FE3RbuPFww=
+golang.org/x/image v0.39.0/go.mod h1:sIbmppfU+xFLPIG0FoVUTvyBMmgng1/XAMhQ2ft0hpA=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -236,8 +236,8 @@ golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
-golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
+golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
+golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=