maint(deps): bump the minor-patch group across 1 directory with 7 updates

[dependabot]

Bumps the minor-patch group with 5 updates in the / directory:

Package	From	To
github.com/gin-gonic/gin	1.10.0	1.11.0
github.com/go-sql-driver/mysql	1.9.1	1.9.3
github.com/honeycombio/libhoney-go	1.25.0	1.26.0
github.com/labstack/echo/v4	4.13.3	4.13.4
google.golang.org/grpc	1.71.0	1.75.1

Updates github.com/gin-gonic/gin from 1.10.0 to 1.11.0

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.11.0

Changelog

Features

• 6ca8ddb1aed78d9ffaf984e5489111838242fedb: feat(binding): add BindPlain (#3904) (@​guonaihong)
• 4ccfa7c275c449990818e46759d5974a953cc1c1: feat(binding): add support for unixMilli and unixMicro (#4190) (@​takanuva15)
• 9d7c0e9e1a301f417df9dc89a8cadc3bf9063db2: feat(context): GetXxx added support for more go native types (#3633) (@​CC11001100)
• fb09c825e8e13134daaa90debfda198520e1b347: feat(context): add SetCookieData (#4240) (@​Narita-1095305)
• f05f966a0824b1d302ee556183e2579c91954266: feat(form): Support default values for collections in form binding (#4048) (@​takanuva15)
• 3cb30679b5e3021db16c776ed7e70d380586e9ce: feat(form): add array collection format in form binding (#3986) (@​slowhigh)
• 24d67647cb9b4e0bbdcdec7f0c2086e8004e1572: feat(form): add custom string slice for form tag unmarshal (#3970) (#3971) (@​bruceNu1l)
• 8791c96960e719ff2f41e24163c5898656cee474: feat(fs): Export, test and document OnlyFilesFS (#3939) (@​joeig)
• 71496abe6836462e2ed70436b7d72ea2a3585417: feat(fs): Implement loading HTML from http.FileSystem (#4053) (@​sunshineplan)
• 3ac729dc4a497d360a23b9d7e766c622b3c99f51: feat(gin): support http3 using quic-go/quic-go (#3210) (@​thinkerou)
• 4621b7ac982335d9a74432e182dd2bfc6d841431: feat(router): add literal colon support (#1432) (#2857) (@​wssccc)
• dbd8a2515093ad47cadc5c1fface89861a0b765c: feat: added AbortWithStatusPureJSON() in Context (#4290) (@​ddevsr)
• 688a429d19d8c804447bb889d3635e2c31a5564d: feat: support custom json codec at runtime (#3391) (@​timandy)

Bug fixes

• 8fb3136664254d7c592127f00d52849caba18a67: Revert "fix(time): binding time with empty value (#4103)" (#4245) (@​appleboy)
• e737e3e267beb4dc3bab16cc8be59e3902d98a94: fix(binding): prevent duplicate decoding and add validation in decodeToml (#4193) (@​revevide)
• 4f339e6a35b163d31b30916b37f4176d385f41bd: fix(context): YAML judgment logic in Negotiate (#3966) (@​RedCrazyGhost)
• 36b0dede4b8c4a67d92c4107cebc5a068364321d: fix(context): check handler is nil (#3413) (@​hktalent)
• e0d46ded6cb6974d55a255ab122d1aa6ca0cd60e: fix(context): verify URL is Non-nil in initQueryCache() (#3969) (@​adrianosela)
• dd33ff793861cee3baa77d575ff319119c366f3a: fix(docs): missing go markdown codeblock (#4266) (@​vdusart)
• b38c59de7fef67400a1c98efeae700a689c45783: fix(errors): change Unwrap method receiver to value type (#4232) (@​OrkhanAlikhanov)
• 28e57f58b184b2305ace192e02496bb89f6fd8cb: fix(form): Set default value for form fields (#4047) (@​ahmadSaeedGoda)
• 626d55b0c02937645c21774cacc021713de88604: fix(gin): Do not panic when handling method not allowed on empty tree (#4003) (@​phsym)
• 7d147928ee232fce156ea7ce8ae6329e148aeb41: fix(gin): data race warning for gin mode (#1580) (@​kplachkov)
• c677ccc40a60386565dd0d755efacb85d153feca: fix(go): invalid Go toolchain version (#3961) (@​thinkerou)
• 3319038418656a268c889393cb2dd4224c4469ec: fix(readme): fix broken link to English documentation (#4222) (@​eduardo-ax)
• 674522db91d637d179c16c372d87756ea26fa089: fix(time): binding time with empty value (#4103) (@​ksw2000)
• ea53388e6ee4a6a0a1647b390c56eeed780e7e56: fix(tree): Keep panic infos consistent when wildcard type build faild (#4077) (@​kingcanfish)
• 8763f33c65f7df8be5b9fe7504ab7fcf20abb41d: fix: prevent middleware re-entry issue in HandleContext (#3987) (@​bound2)
• 7a1b655074c313f9491c83bb8ea164cdc4a9afe9: fix: sonic on arm64 (#4234) (@​yashgorana)
• 5826722a87cf5855fcc4b794cbef11612352771d: fix: version number discrepancy (#4299) (@​suwakei)

Enhancements

• 40725d85badd647870df6f9fa7a75ac76341f804: chore(bind): return 413 status code when error is http.MaxBytesError (#4227) (@​ItalyPaleAle)
• f875d8728306c2c2c6f504900ab08cd1d8c47f12: chore(context): test context initialization and handler logic (#4087) (@​appleboy)
• e7693e67c23005743502962d3bb9839a354d6688: chore(deps): bump actions/setup-go from 5 to 6 (#4351) (@​dependabot[bot])
• afa0c31d97e1b112ccfe7652957f7d8514580c72: chore(deps): bump github.com/gin-contrib/sse from 0.1.0 to 1.1.0 (#4216) (@​dependabot[bot])
• 255af882db4baf0ed6209f1a5471f1663c5d0060: chore(deps): bump github.com/go-playground/validator/v10 (#4208) (@​dependabot[bot])
• 545fd74379a0b167a918e38626ae5f7eb83fb243: chore(deps): bump github.com/go-playground/validator/v10 (#4289) (@​dependabot[bot])
• c3c8620a7fb4e09c7845feca4e8e8a8678a2685d: chore(deps): bump github.com/go-playground/validator/v10 from 10.20.0 to 10.22.1 (#4052) (@​dependabot[bot])
• cf32d2dcf8c7534f59727c5e213e45f2412c593a: chore(deps): bump github.com/pelletier/go-toml/v2 from 2.2.2 to 2.2.4 (#4212) (@​dependabot[bot])
• bb824731032856460aa3ffc23bd90e11bf7d5199: chore(deps): bump github.com/quic-go/quic-go from 0.48.2 to 0.50.1 (#4197) (@​dependabot[bot])
• 61c2b1c28f0c5a754330545e31f02cd6d6f7944e: chore(deps): bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0 (#4250) (@​dependabot[bot])
• b7d6308bcc84066df79a047ae363a6120fe87808: chore(deps): bump github.com/quic-go/quic-go from 0.52.0 to 0.53.0 (#4281) (@​dependabot[bot])
• 077a2f39c85700ba0823f85ed29cec0c8f2cbdfc: chore(deps): bump github.com/quic-go/quic-go from 0.53.0 to 0.54.0 (#4328) (@​dependabot[bot])
• 46150257b3eec60e3e0bf1cee7c03439099aef83: chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#4347) (@​dependabot[bot])
• a6287825c95821a378a34f8a5c9139ea1f6ebd96: chore(deps): bump github.com/ugorji/go/codec from 1.2.12 to 1.3.0 (#4268) (@​dependabot[bot])
• cc4e11438cd6c0bcc632fe3492d3817dfa21c337: chore(deps): bump golang.org/x/net from 0.25.0 to 0.27.0 (#4013) (@​dependabot[bot])

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.11.0

Features

• feat(gin): Experimental support for HTTP/3 using quic-go/quic-go (#3210)
• feat(form): add array collection format in form binding (#3986), add custom string slice for form tag unmarshal (#3970)
• feat(binding): add BindPlain (#3904)
• feat(fs): Export, test and document OnlyFilesFS (#3939)
• feat(binding): add support for unixMilli and unixMicro (#4190)
• feat(form): Support default values for collections in form binding (#4048)
• feat(context): GetXxx added support for more go native types (#3633)

Enhancements

• perf(context): optimize getMapFromFormData performance (#4339)
• refactor(tree): replace string(/) with "/" in node.insertChild (#4354)
• refactor(render): remove headers parameter from writeHeader (#4353)
• refactor(context): simplify "GetType()" functions (#4080)
• refactor(slice): simplify SliceValidationError Error method (#3910)
• refactor(context):Avoid using filepath.Dir twice in SaveUploadedFile (#4181)
• refactor(context): refactor context handling and improve test robustness (#4066)
• refactor(binding): use strings.Cut to replace strings.Index (#3522)
• refactor(context): add an optional permission parameter to SaveUploadedFile (#4068)
• refactor(context): verify URL is Non-nil in initQueryCache() (#3969)
• refactor(context): YAML judgment logic in Negotiate (#3966)
• tree: replace the self-defined 'min' to official one (#3975)
• context: Remove redundant filepath.Dir usage (#4181)

Bug Fixes

• fix: prevent middleware re-entry issue in HandleContext (#3987)
• fix(binding): prevent duplicate decoding and add validation in decodeToml (#4193)
• fix(gin): Do not panic when handling method not allowed on empty tree (#4003)
• fix(gin): data race warning for gin mode (#1580)
• fix(context): verify URL is Non-nil in initQueryCache() (#3969)
• fix(context): YAML judgment logic in Negotiate (#3966)
• fix(context): check handler is nil (#3413)
• fix(readme): fix broken link to English documentation (#4222)
• fix(tree): Keep panic infos consistent when wildcard type build faild (#4077)

Build process updates / CI

• ci: integrate Trivy vulnerability scanning into CI workflow (#4359)
• ci: support Go 1.25 in CI/CD (#4341)
• build(deps): upgrade github.com/bytedance/sonic from v1.13.2 to v1.14.0 (#4342)
• ci: add Go version 1.24 to GitHub Actions (#4154)
• build: update Gin minimum Go version to 1.21 (#3960)
• ci(lint): enable new linters (testifylint, usestdlibvars, perfsprint, etc.) (#4010, #4091, #4090)
• ci(lint): update workflows and improve test request consistency (#4126)

... (truncated)

Commits

• 6ad6205 docs(changelog): upgrade Gin to v1.11.0 and add release notes (#4361)
• 7858527 docs(changelog): update release notes for Gin v1.10.1 (#4360)
• cb000f5 ci: integrate Trivy vulnerability scanning into CI workflow (#4359)
• 2119046 ci: support Go 1.25 (#4341)
• da372fc build(deps): upgrade github.com/bytedance/sonic from v1.13.2 to v1.14.0 (#4342)
• e198f6e refactor(render): remove headers parameter from writeHeader (#4353)
• cca98d2 chore(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.9 (#4356)
• 9b1e353 refactor(tree): replace string(/) with "/" in node.insertChild (#4354)
• f9bd00a perf(context): optimize getMapFromFormData performance (#4339)
• 28172fa chore(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.8 (#4346)
• Additional commits viewable in compare view

Updates github.com/go-sql-driver/mysql from 1.9.1 to 1.9.3

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.9.3

What's Changed

• [1.9] test stability improvement. by @​methane in go-sql-driver/mysql#1699
• [1.9] Transaction Commit/Rollback returns conn's cached error by @​methane in go-sql-driver/mysql#1702
• backport benchmark_test by @​methane in go-sql-driver/mysql#1706
• [1.9] optimize readPacket (#1705) by @​methane in go-sql-driver/mysql#1707
• [1.9] fix PING on compressed connections by @​methane in go-sql-driver/mysql#1723
• release v1.9.3 by @​methane in go-sql-driver/mysql#1725

Full Changelog: go-sql-driver/mysql@v1.9.2...v1.9.3

v1.9.2

What's Changed

v1.9.2 is a re-release of v1.9.1 due to a release process issue; no changes were made to the content.

Full Changelog: go-sql-driver/mysql@v1.9.1...v1.9.2

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

v1.9.3 (2025-06-13)

• tx.Commit() and tx.Rollback() returned ErrInvalidConn always. Now they return cached real error if present. (#1690)

• Optimize reading small resultsets to fix performance regression introduced by compression protocol support. (#1707)

• Fix db.Ping() on compressed connection. (#1723)

v1.9.2 (2025-04-07)

v1.9.2 is a re-release of v1.9.1 due to a release process issue; no changes were made to the content.

Commits

• 62984ad release v1.9.3 (#1725)
• 324cbb3 [1.9] fix PING on compressed connections (#1723)
• dfd973a optimize readPacket (#1707)
• 2ed589b backport benchmark_test (#1706)
• ac04e5f Transaction Commit/Rollback returns conn's cached error (#1702)
• 1bee809 test stability improvement. (#1699)
• 21ef4c6 release v1.9.2 (#1693)
• See full diff in compare view

Updates github.com/honeycombio/libhoney-go from 1.25.0 to 1.26.0

Release notes

Sourced from github.com/honeycombio/libhoney-go's releases.

v1.26.0

Enhancements

• feat: Add retry-after for 429 and 503 (#265) | @​mterhar

Changelog

Sourced from github.com/honeycombio/libhoney-go's changelog.

1.26.0 2025-08-25

Enhancements

• feat: Add retry-after for 429 and 503 (#265) | @​mterhar

Commits

• d450575 chore: prepare v1.26.0 release (#267)
• 862c32c feat: Add retry-after for 429 and 503 (#265)
• 59709d2 maint(deps): bump github.com/DataDog/zstd from 1.5.6 to 1.5.7 (#264)
• See full diff in compare view

Updates github.com/labstack/echo/v4 from 4.13.3 to 4.13.4

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.13.4

What's Changed

• chore: fix some typos in comment by @​zhuhaicity in labstack/echo#2735
• CI: test with Go 1.24 by @​aldas in labstack/echo#2748
• Add support for TLS WebSocket proxy by @​t-ibayashi-safie in labstack/echo#2762

Security

• Update dependencies for GO-2025-3487, GO-2025-3503 and GO-2025-3595 in labstack/echo#2780

New Contributors

• @​zhuhaicity made their first contribution in labstack/echo#2735
• @​t-ibayashi-safie made their first contribution in labstack/echo#2762

Full Changelog: labstack/echo@v4.13.3...v4.13.4

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.13.4 - 2025-05-22

Enhancements

• chore: fix some typos in comment by @​zhuhaicity in labstack/echo#2735
• CI: test with Go 1.24 by @​aldas in labstack/echo#2748
• Add support for TLS WebSocket proxy by @​t-ibayashi-safie in labstack/echo#2762

Security

• Update dependencies for GO-2025-3487, GO-2025-3503 and GO-2025-3595 in labstack/echo#2780

Commits

• 98ca08e Improve changelog for 4.13.4 (#2783)
• f24aaff Revert "CORS: reject requests with 401 for non-preflight request with not mat...
• 9f50a65 Changelog for 4.13.4 (#2781)
• d735cb6 Upgrade dependencies (#2780)
• de44c53 Add support for TLS WebSocket proxy (#2762)
• c44f628 CI: test with Go 1.24 (#2748)
• ce0b12a chore: fix some typos in comment (#2735)
• ee3e129 CORS: reject requests with 401 for non-preflight request with not matching or...
• See full diff in compare view

Updates github.com/stretchr/testify from 1.10.0 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

• Backport #1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @​brackendawson in stretchr/testify#1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in stretchr/testify#1614
• Lazily render mock diff output on successful match by @​mikeauclair in stretchr/testify#1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in stretchr/testify#1427
• assert: add IsNotType by @​bartventer in stretchr/testify#1730
• assert.JSONEq: shortcut if same strings by @​dolmen in stretchr/testify#1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in stretchr/testify#1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in stretchr/testify#1761
• suite: faster methods filtering (internal refactor) by @​dolmen in stretchr/testify#1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in stretchr/testify#1345
• Fix failure message formatting for Positive and Negative asserts in stretchr/testify#1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in stretchr/testify#1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in stretchr/testify#1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in stretchr/testify#1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in stretchr/testify#1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in stretchr/testify#1688
• Replace deprecated io/ioutil with io and os by @​alexandear in stretchr/testify#1684
• Document consequences of calling t.FailNow() by @​greg0ire in stretchr/testify#1710
• chore: update docs for Unset #1621 by @​techfg in stretchr/testify#1709
• README: apply gofmt to examples by @​alexandear in stretchr/testify#1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in stretchr/testify#1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in stretchr/testify#1716
• Update documentation for the Error function in assert or require package by @​architagr in stretchr/testify#1675
• assert: remove deprecated build constraints by @​alexandear in stretchr/testify#1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in stretchr/testify#1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in stretchr/testify#1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in stretchr/testify#1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in stretchr/testify#1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in stretchr/testify#1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in stretchr/testify#1742
• mock: enable parallel testing on internal testsuite by @​dolmen in stretchr/testify#1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in stretchr/testify#1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in stretchr/testify#1745

... (truncated)

Commits

• 2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
• af8c912 Backport #1786 to release/1.11
• b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
• 69831f3 build(deps): bump actions/checkout from 4 to 5
• a53be35 Improve captureTestingT helper
• aafb604 mock: improve formatting of error message
• 7218e03 improve error msg
• 929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
• bc7459e suite: faster filtering of methods (-testify.m)
• 7d37b5c suite: refactor methodFilter
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.71.0 to 1.75.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.75.1

Bug Fixes

• transport: Fix a data race while copying headers for stats handlers in the std lib http2 server transport. (#8519)
• xdsclient:
  • Fix a data race caused while reporting load to LRS. (#8483)
  • Fix regression preventing empty node IDs when creating an LRS client. (#8483)
• server: Fix a regression preventing streams from being cancelled or timed out when blocked on flow control. (#8528)

Release 1.75.0

Behavior Changes

• xds: Remove support for GRPC_EXPERIMENTAL_XDS_FALLBACK environment variable. Fallback support can no longer be disabled. (#8482)
• stats: Introduce DelayedPickComplete event, a type alias of PickerUpdated. (#8465)
  • This (combined) event will now be emitted only once per call, when a transport is successfully selected for the attempt.
  • OpenTelemetry metrics will no longer have multiple "Delayed LB pick complete" events in Go, matching other gRPC languages.
  • A future release will delete the PickerUpdated symbol.
• credentials: Properly apply grpc.WithAuthority as the highest-priority option for setting authority, above the setting in the credentials themselves. (#8488)
  • Now that this WithAuthority is available, the credentials should not be used to override the authority.
• round_robin: Randomize the order in which addresses are connected to in order to spread out initial RPC load between clients. (#8438)
• server: Return status code INTERNAL when a client sends more than one request in unary and server streaming RPC. (#8385)
  • This is a behavior change but also a bug fix to bring gRPC-Go in line with the gRPC spec.

New Features

• dns: Add an environment variable (GRPC_ENABLE_TXT_SERVICE_CONFIG) to provide a way to disable TXT lookups in the DNS resolver (by setting it to false). By default, TXT lookups are enabled, as they were previously. (#8377)

Bug Fixes

• xds: Fix regression preventing empty node IDs in xDS bootstrap configuration. (#8476)
  • Special Thanks: @​davinci26
• xds: Fix possible panic when certain invalid resources are encountered. (#8412)
  • Special Thanks: @​wooffie
• xdsclient: Fix a rare panic caused by processing a response from a closed server. (#8389)
• stats: Fix metric unit formatting by enclosing non-standard units like call and endpoint in curly braces to comply with UCUM and gRPC OpenTelemetry guidelines. (#8481)
• xds: Fix possible panic when clusters are removed from the xds configuration. (#8428)
• xdsclient: Fix a race causing "resource doesn not exist" when rapidly subscribing and unsubscribing to the same resource. (#8369)
• client: When determining the authority, properly percent-encode (if needed, which is unlikely) when the target string omits the hostname and only specifies a port (grpc.NewClient(":<port-number-or-name>")). (#8488)

Release 1.74.3

Bug Fixes

• xds: Fix a regression preventing empty node IDs in the bootstrap configuration. (#8476 , #8483)
• xdsclient: Fix a data race caused while reporting load to LRS. (#8483)
• server: Fix a regression preventing streams from being cancelled or timed out when blocked on flow control. (#8528)

Release 1.74.2

New Features

• grpc: introduce new DialOptions and ServerOptions (WithStaticStreamWindowSize, WithStaticConnWindowSize, StaticStreamWindowSize, StaticConnWindowSize) that force fixed window sizes for all HTTP/2 connections. By default, gRPC uses dynamic sizing of these windows based upon a BDP estimation algorithm. The existing options (WithInitialWindowSize, etc) also disable BDP estimation, but this behavior will be changed in a following release. (#8283)

... (truncated)

Commits

• b4dc263 Change version to 1.75.1 (#8559)
• 1fffee7 Cherry-pick #8528 to v1.75.x (#8555)
• a52e42b Cherry pick #8483 into v1.75.x (#8541)
• 369c9aa Cherry-pick #8519 to v1.75.x (#8530)
• 7269d5f Change version to 1.75.1-dev (#8494)
• b9788ef Change version to 1.75.0 (#8493)
• 2bd74b2 credentials: fix behavior of grpc.WithAuthority and credential handshake prec...
• 9fa3267 xds: remove xds client fallback environment variable (#8482)
• 62ec29f grpc: Fix cardinality violations in non-client streaming RPCs. (#8385)
• 85240a5 stats: change non-standard units to annotations (#8481)
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.4 to 1.36.9

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions