fix(deps): bump the external group across 1 directory with 7 updates

[dependabot]

Bumps the external group with 7 updates in the /otdfctl directory:

Package	From	To
github.com/charmbracelet/bubbles	0.21.1-0.20250623103423-23b8fd6302d7	1.0.0
github.com/charmbracelet/glamour	0.10.0	1.0.0
github.com/charmbracelet/huh	0.8.0	1.0.0
github.com/evertras/bubble-table	0.19.2	0.22.3
github.com/golang-jwt/jwt/v5	5.3.0	5.3.1
github.com/zitadel/oidc/v3	3.45.1	3.47.5
google.golang.org/grpc	1.81.0	1.81.1

Updates github.com/charmbracelet/bubbles from 0.21.1-0.20250623103423-23b8fd6302d7 to 1.0.0

Release notes

Sourced from github.com/charmbracelet/bubbles's releases.

v1.0.0

This is just an honorary release of Bubbles v1. Stay tuned for the next major version 🫧

Changelog

Fixed

• d0166363eb8176b331de98dba1d6e997560f216f: fix: changed 'recieve' to 'receive' for 100% quality of Go Report Card (#881) (@​Atennop1)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

v0.21.1

Changelog

New!

• dff42ddb7cf28f022da475c69dba2e74f75af34d: feat: update keybindings in list setSize method (@​Broderick-Westrope)

Fixed

• c376ce3ef18cc26bbf1f6338cc8518ae329a18d6: fix(cursor): fix data race on blinkTag (#784) (@​DryHumour)
• 11d52ca426e5c594f7c6c10766935a7f30a83225: fix(table): preventing cursor from being out-of-bounds. (@​s0ders)
• 49ff5c03b7bada572da36c79269dc15ab03d569b: fix(textinput): improve placeholder (#768) (@​caarlos0)
• 7c44f63d3185e6f1d795e9369ba85185e6efe956: v1: fix(list): ensure correct cursor positions with page/cursor methods (#831) (@​lrstanley)

Docs

• 7fcf75da535ee7db938586044a02f0f74f40339e: docs(readme): update footer image and copyright date (@​meowgorithm)
• d4feefed7d674edbfbc8f09e99c56704706038c5: docs: remove Charm Cloud reference (#785) (@​ShalokShalom)

Other stuff

• daab808a4d85e0b616ca9e30c1c5d9acd365aa02: ci: sync dependabot config (#786) (@​charmcli)
• 4b2d311076480670a00b3f24fd9ad280c35c7c57: ci: sync dependabot config (#835) (@​charmcli)
• 8562e9075fb87edf45e99c5d63a6610254d6c6e7: ci: sync golangci-lint config (#781) (@​github-actions[bot])
• f54a125f7decd8fefa0db4a0853720200d50a631: test(table): improve table unit tests (#601) (@​Broderick-Westrope)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

Commits

• See full diff in compare view

Updates github.com/charmbracelet/glamour from 0.10.0 to 1.0.0

Commits

• 69661fd chore(deps): bump actions/checkout from 5 to 6 in the all group (#491)
• 0af1a2d chore(deps): bump the all group with 2 updates (#482)
• a9ec019 chore(deps): bump github.com/charmbracelet/x/ansi in the all group (#477)
• 7a4cf0c ci: sync dependabot config (#476)
• 49c8248 chore(deps): bump the all group with 2 updates (#472)
• c1ce505 chore(deps): bump actions/setup-go from 5 to 6 in the all group (#471)
• f9c650c ci: sync dependabot config (#470)
• e3c481b chore(deps): bump actions/checkout from 4 to 5 (#469)
• 7209389 chore(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 (#468)
• f447e14 chore(deps): bump github.com/charmbracelet/x/ansi from 0.9.3 to 0.10.1 (#467)
• Additional commits viewable in compare view

Updates github.com/charmbracelet/huh from 0.8.0 to 1.0.0

Commits

• 9dc45e3 chore(deps): bump github.com/charmbracelet/bubbles (#733)
• bffc99a chore(deps): bump github.com/charmbracelet/bubbles (#739)
• 5c5971e chore(deps): bump github.com/charmbracelet/bubbles (#732)
• 04fe1e4 ci: sync golangci-lint config
• cf33835 chore(deps): bump github.com/charmbracelet/x/exp/strings (#729)
• 6f7d32f chore: minor wording change in match select (#716)
• 6575a6e chore(deps): bump actions/checkout from 5 to 6 in the all group (#715)
• 25888d1 chore(deps): bump golangci/golangci-lint-action in the all group (#712)
• See full diff in compare view

Updates github.com/evertras/bubble-table from 0.19.2 to 0.22.3

Release notes

Sourced from github.com/evertras/bubble-table's releases.

v0.22.3

What's Changed

• fix: ensure WithTargetHeight works properly when WithRowBorder is enabled by @​wheelibin in Evertras/bubble-table#230

Full Changelog: Evertras/bubble-table@v0.22.2...v0.22.3

v0.22.2

What's Changed

• fix: invalidate pageStartIndices on filter change in targetHeight mode by @​wheelibin in Evertras/bubble-table#229

Full Changelog: Evertras/bubble-table@v0.22.1...v0.22.2

v0.22.1

What's Changed

• fix: handle hyphen wrapping bug by @​wheelibin in Evertras/bubble-table#228

Full Changelog: Evertras/bubble-table@v0.22.0...v0.22.1

v0.22.0

What's Changed

• fix: add WithBorderForeground to all examples by @​wheelibin in Evertras/bubble-table#226
• feat(#188): add WithTargetHeight for fixed terminal-line pagination by @​wheelibin in Evertras/bubble-table#227

Full Changelog: Evertras/bubble-table@v0.21.0...v0.22.0

v0.21.0

What's Changed

• chore: remove runewidth dep by @​wheelibin in Evertras/bubble-table#220
• fix(#165): use ansi.StringWidth calculation rather than len by @​wheelibin in Evertras/bubble-table#221
• Pr 214 rebased by @​wheelibin in Evertras/bubble-table#222
• fix: prevent HeaderStyle border definitions from breaking table layout by @​wheelibin in Evertras/bubble-table#223
• feat(#186): add native time.Time sort support by @​wheelibin in Evertras/bubble-table#224
• fix(#130): apply column style padding to headers and cells by @​wheelibin in Evertras/bubble-table#225

Full Changelog: Evertras/bubble-table@v0.20.1...v0.21.0

v0.20.1

What's Changed

• fix(#77): replace reflow with charmbracelet/x/ansi and added working hyperlinks example by @​wheelibin in Evertras/bubble-table#218
• feat(#192): add WithRowBorder and WithOuterBorder by @​wheelibin in Evertras/bubble-table#219

Full Changelog: Evertras/bubble-table@v0.20.0...v0.20.1

v0.20.0

... (truncated)

Commits

• 6062daf fix: ensure WithTargetHeight works properly when WithRowBorder is enabled (#230)
• 38ede76 fix: invalidate pageStartIndices on filter change in targetHeight mode (#229)
• 88d0435 fix: handle hyphen wrapping bug (#228)
• 31688b5 feat(#188): add WithTargetHeight for fixed terminal-line pagination (#227)
• b4aaed1 fix: add WithBorderForeground to all examples (#226)
• 3017c55 fix(#130): apply column style padding to headers and cells (#225)
• 1d6b45c feat(#186): add native time.Time sort support (#224)
• 363b994 fix: prevent HeaderStyle border definitions from breaking table layout (#223)
• df4a5aa Pr 214 rebased (#222)
• ffbe1e1 fix(#165): use ansi.StringWidth calculation rather than len (#221)
• Additional commits viewable in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

• Add spellcheck Github action to catch common spelling mistakes by @​equalsgibson in golang-jwt/jwt#458
• Add WithNotBeforeRequired parser option and add test coverage by @​equalsgibson in golang-jwt/jwt#456
• Update godoc example func to properly refer to NewWithClaims() by @​equalsgibson in golang-jwt/jwt#459
• Update github workflows by @​mfridman in golang-jwt/jwt#462
• Additional test for CustomClaims that validates unmarshalling behaviour by @​equalsgibson in golang-jwt/jwt#457
• Fix early file close in jwt cli by @​mfridman in golang-jwt/jwt#472
• Add TPM signature reference by @​salrashid123 in golang-jwt/jwt#473
• Remove misleading ParserOptions documentation in golang-jwt/jwt#484
• Save signature to Token struct after successful signing by @​EgorSheff in golang-jwt/jwt#417
• Set token.Signature in ParseUnverified by @​slickwilli in golang-jwt/jwt#414

👒 Dependencies

• Bump crate-ci/typos from 1.34.0 to 1.35.3 by @​dependabot[bot] in golang-jwt/jwt#461
• Bump crate-ci/typos from 1.35.4 to 1.36.2 by @​dependabot[bot] in golang-jwt/jwt#470
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in golang-jwt/jwt#478
• Bump crate-ci/typos from 1.36.2 to 1.39.0 by @​dependabot[bot] in golang-jwt/jwt#480
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in golang-jwt/jwt#481
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#469
• Bump crate-ci/typos from 1.39.0 to 1.40.0 by @​dependabot[bot] in golang-jwt/jwt#488
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#487
• Bump crate-ci/typos from 1.40.0 to 1.41.0 by @​dependabot[bot] in golang-jwt/jwt#490
• Bump crate-ci/typos from 1.41.0 to 1.42.1 by @​dependabot[bot] in golang-jwt/jwt#492

New Contributors

• @​equalsgibson made their first contribution in golang-jwt/jwt#458
• @​salrashid123 made their first contribution in golang-jwt/jwt#473
• @​EgorSheff made their first contribution in golang-jwt/jwt#417
• @​slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits

• 7ceae61 Add release.yml for changelog configuration
• dce8e4d Set token.Signature in ParseUnverified (#414)
• 8889e20 Save signature to Token struct after successful signing (#417)
• d237f82 ci: update github-actions schedule interval to monthly
• d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
• e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
• e6a0afa Bump actions/checkout from 5 to 6 (#487)
• 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
• 60a8669 Bump actions/setup-go from 5 to 6 (#469)
• 76f5828 Remove misleading ParserOptions documentation (#484)
• Additional commits viewable in compare view

Updates github.com/zitadel/oidc/v3 from 3.45.1 to 3.47.5

Release notes

Sourced from github.com/zitadel/oidc/v3's releases.

v3.47.5

3.47.5 (2026-04-20)

Bug Fixes

• op: allow dynamic loopback ports in post_logout_redirect_uri per RFC 8252 §7.3 (#875) (fb9fbfe), closes /datatracker.ietf.org/doc/html/rfc8252#section-7 zitadel/zitadel#6615

v3.47.4

3.47.4 (2026-04-17)

Bug Fixes

• URL-encode client credentials in Basic Auth per RFC 6749 §2.3.1 (#873) (178e018), closes /datatracker.ietf.org/doc/html/rfc6749#section-2 #857 #858

v3.47.3

3.47.3 (2026-04-15)

Bug Fixes

• propagate signature verification errors correctly (#872) (49664bf)

v3.47.2

3.47.2 (2026-04-10)

Bug Fixes

• tolerate string amr claims from external providers (#855) (5f70eff)

v3.47.1

3.47.1 (2026-04-09)

Bug Fixes

• oidc server error to http status mapping (#865) (d118dd7)

v3.47.0

This release adds signing of opaque tokens. By secure default, all existing opaque access tokens emitted by OP implementations, will be invalid. Users will need to re-login. If you want a more gradual upgrade use the op.WithCrypto() option to pass a op.NewCompositeCrypto(). Use aop.NewAESCrypto() in the Decrypter slice with the existing master key.

This change does not affect client / RP / RS libraries.

What's Changed

• feat: use jose for bearer-token encryption by @​wim07101993 in zitadel/oidc@b4cf422
• chore: package upgrades by @​wim07101993 in zitadel/oidc#866

... (truncated)

Commits

• fb9fbfe fix(op): allow dynamic loopback ports in post_logout_redirect_uri per RFC 825...
• 178e018 fix: URL-encode client credentials in Basic Auth per RFC 6749 §2.3.1 (#873)
• 49664bf fix: propagate signature verification errors correctly (#872)
• 5f70eff fix: tolerate string amr claims from external providers (#855)
• 97b71d3 chore(deps): bump golang.org/x/text from 0.35.0 to 0.36.0 (#869)
• d118dd7 fix: oidc server error to http status mapping (#865)
• 2534f81 docs: update semantic title requirements (#863)
• d016375 example: set device cookie httpOnly (#868)
• b4cf422 Merge commit from fork
• 0bf0ade chore: package upgrades (#866)
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.81.0 to 1.81.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.1

Security

• xds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per gRFC A41. (#9111)
  • Special Thanks: @​al4an444

Bug Fixes

• otel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (#9081)

Commits

• caf0772 Change version from 1.81.1-dev to 1.81.1 (#9122)
• 6ccbeeb Cherry-pick #9111 into v1.81.x (#9121)
• b33c29e Cherry-pick #9081 into v1.81.x (#9102)
• c45fae6 Change version to 1.81.1-dev (#9063)
• See full diff in compare view

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	211.051859ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	100.702963ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	425.175746ms
Throughput	235.20 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	44.753710375s
Average Latency	446.30308ms
Throughput	111.72 requests/second

[github-actions]

X-Test Results

✅ go@main-pull-3553
✅ go@main-v0.9.0
✅ java@main-pull-3553
✅ java@main-v0.9.0
✅ js@main-pull-3553
✅ js@main-v0.9.0
cukes-report
opentdfplatformRN3B5F.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-0
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	190.126762ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	100.148207ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	435.414252ms
Throughput	229.67 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	44.620348032s
Average Latency	444.609533ms
Throughput	112.06 requests/second

[github-actions]

X-Test Results

✅ go@main-pull-3553
✅ java@main-pull-3553
✅ js@main-pull-3553
✅ java@main-v0.9.0
✅ go@main-v0.9.0
✅ js@main-v0.9.0
cukes-report
opentdfplatformUFESUV.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-0
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	206.355165ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	94.86483ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	427.948149ms
Throughput	233.67 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	44.850581257s
Average Latency	447.242266ms
Throughput	111.48 requests/second

[github-actions]

X-Test Results

✅ go@main-pull-3553
✅ go@main-v0.9.0
✅ java@main-pull-3553
✅ java@main-v0.9.0
✅ js@main-pull-3553
✅ js@main-v0.9.0
cukes-report
opentdfplatform4FT4JC.dockerbuild
govulncheck-failure-5
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-1

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• otdfctl
• sdk
• service
• lib/fixtures

See the workflow run for details.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	175.024092ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	119.32007ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	435.625259ms
Throughput	229.56 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.309674512s
Average Latency	431.312906ms
Throughput	115.45 requests/second

[github-actions]

X-Test Results

✅ go@main-pull-3553
✅ go@main-v0.9.0
✅ java@main-v0.9.0
✅ java@main-pull-3553
✅ js@main-pull-3553
✅ js@main-v0.9.0
cukes-report
opentdfplatformDU26B4.dockerbuild
govulncheck-failure-2
govulncheck-failure-3
govulncheck-failure-5
govulncheck-failure-1
govulncheck-failure-0