build(deps): bump the go-dependencies group with 4 updates (#1594)

Bumps the go-dependencies group with 4 updates:
[golang.org/x/sys](https://github.com/golang/sys),
[github.com/hashicorp/cap](https://github.com/hashicorp/cap),
[golang.org/x/oauth2](https://github.com/golang/oauth2) and
[golang.org/x/sync](https://github.com/golang/sync).

Updates `golang.org/x/sys` from 0.38.0 to 0.39.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/sys/commit/08e54827f6706016347e1e4f4866b84126842b20"><code>08e5482</code></a>
unix: fix out of bounds memory access in tests</li>
<li><a
href="https://github.com/golang/sys/commit/4f4f1c6feacd5e05a726e4fd415d0462cab0bebb"><code>4f4f1c6</code></a>
Revert &quot;cpu: add HPDS, LOR, PAN detection for arm64&quot;</li>
<li><a
href="https://github.com/golang/sys/commit/ca631161e47349f04ad9185885e85e88ef38ec3a"><code>ca63116</code></a>
unix: add IOCTL_MEI_* constants</li>
<li><a
href="https://github.com/golang/sys/commit/a4199c0bfe68a7d7de6e44cead3c91e7bd1e328d"><code>a4199c0</code></a>
unix: fix definition of Statvfs_t for netbsd-arm.</li>
<li>See full diff in <a
href="https://github.com/golang/sys/compare/v0.38.0...v0.39.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/hashicorp/cap` from 0.11.0 to 0.12.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/cap/releases">github.com/hashicorp/cap's
releases</a>.</em></p>
<blockquote>
<h2>v0.12.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump golang.org/x/crypto from 0.36.0 to 0.45.0 in /ldap/examples/cli
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/cap/pull/170">hashicorp/cap#170</a></li>
<li>Bump golang.org/x/crypto from 0.36.0 to 0.45.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/hashicorp/cap/pull/171">hashicorp/cap#171</a></li>
<li>fix: fprintf usage in ldap CLI example by <a
href="https://github.com/jimlambrt"><code>@​jimlambrt</code></a> in <a
href="https://redirect.github.com/hashicorp/cap/pull/173">hashicorp/cap#173</a></li>
<li>Expose OIDC provider server metadata in Provider by <a
href="https://github.com/allisonlarson"><code>@​allisonlarson</code></a>
in <a
href="https://redirect.github.com/hashicorp/cap/pull/172">hashicorp/cap#172</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/hashicorp/cap/compare/v0.11.0...v0.12.0">https://github.com/hashicorp/cap/compare/v0.11.0...v0.12.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/hashicorp/cap/blob/main/CHANGELOG.md">github.com/hashicorp/cap's
changelog</a>.</em></p>
<blockquote>
<h2>0.12.0</h2>
<ul>
<li>feat (oidc): add Claims for exposing provider server metadata ([PR
<a
href="https://redirect.github.com/hashicorp/cap/issues/172">#172</a>](<a
href="https://redirect.github.com/hashicorp/cap/pull/172">hashicorp/cap#172</a>))</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/hashicorp/cap/commit/1cba3229dcb79687f2f4dad3a5884cb0083822ab"><code>1cba322</code></a>
Expose OIDC provider server metadata in Provider (<a
href="https://redirect.github.com/hashicorp/cap/issues/172">#172</a>)</li>
<li><a
href="https://github.com/hashicorp/cap/commit/6bfe318e4dddc3f575426774cce8d0ee4c764102"><code>6bfe318</code></a>
fix: fix fprintf usage in ldap CLI example (<a
href="https://redirect.github.com/hashicorp/cap/issues/173">#173</a>)</li>
<li><a
href="https://github.com/hashicorp/cap/commit/b9af6c2f3670884667aad6b62e4d28648ebcd1a4"><code>b9af6c2</code></a>
Bump golang.org/x/crypto from 0.36.0 to 0.45.0 (<a
href="https://redirect.github.com/hashicorp/cap/issues/171">#171</a>)</li>
<li><a
href="https://github.com/hashicorp/cap/commit/f3b602f8ab1a6302f16a0b0d646b4376871afec2"><code>f3b602f</code></a>
Bump golang.org/x/crypto from 0.36.0 to 0.45.0 in /ldap/examples/cli (<a
href="https://redirect.github.com/hashicorp/cap/issues/170">#170</a>)</li>
<li>See full diff in <a
href="https://github.com/hashicorp/cap/compare/v0.11.0...v0.12.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/oauth2` from 0.33.0 to 0.34.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/oauth2/commit/acc38155b7f6f36aefcb58faff6f36d314dd915c"><code>acc3815</code></a>
endpoints: fix %q verb use with wrong type</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.33.0...v0.34.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/sync` from 0.18.0 to 0.19.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/sync/commit/2a180e22fddcc336475e72aa950be958c1b68d33"><code>2a180e2</code></a>
errgroup: use consistent read for SetLimit panic</li>
<li>See full diff in <a
href="https://github.com/golang/sync/compare/v0.18.0...v0.19.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

CHANGELOG.md

@@ -17,6 +17,10 @@
 - build(deps): `golang.org/x/mod` from 0.29.0 to 0.30.0 ([#1588](https://github.com/fastly/cli/pull/1588))
 - build(deps): `github.com/coreos/go-oidc/v3` from 3.16.0 to 3.17.0 ([#1588](https://github.com/fastly/cli/pull/1588))
 - build(deps): `github.com/klauspost/compress` from 1.18.1 to 1.18.2 ([#1593](https://github.com/fastly/cli/pull/1593))
+- build(deps): `golang.org/x/sys` from 0.38.0 to 0.39.0 ([#1594](https://github.com/fastly/cli/pull/1594))
+- build(deps): `github.com/hashicorp/cap` from 0.11.0 to 0.12.0 ([#1594](https://github.com/fastly/cli/pull/1594))
+- build(deps): `golang.org/x/oauth2` from 0.33.0 to 0.34.0 ([#1594](https://github.com/fastly/cli/pull/1594))
+- build(deps): `golang.org/x/sync` from 0.18.0 to 0.19.0 ([#1594](https://github.com/fastly/cli/pull/1594))
 
 ## [v13.1.0](https://github.com/fastly/cli/releases/tag/v13.1.0) (2025-11-12)
 

go.mod

@@ -22,12 +22,12 @@ require (
 	github.com/pelletier/go-toml v1.9.5
 	github.com/segmentio/textio v1.2.0
 	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
-	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
 	golang.org/x/term v0.37.0
 )
 
 require (
-	github.com/hashicorp/cap v0.11.0
+	github.com/hashicorp/cap v0.12.0
 	github.com/kennygrant/sanitize v1.2.4
 	github.com/otiai10/copy v1.14.1
 	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06
@@ -73,8 +73,8 @@ require (
 	github.com/ulikunitz/xz v0.5.15 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.33.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/text v0.31.0
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

go.sum

@@ -54,8 +54,8 @@ github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/jsonapi v1.0.0 h1:qIGgO5Smu3yJmSs+QlvhQnrscdZfFhiV6S8ryJAglqU=
 github.com/google/jsonapi v1.0.0/go.mod h1:YYHiRPJT8ARXGER8In9VuLv4qvLfDmA9ULQqptbLE4s=
-github.com/hashicorp/cap v0.11.0 h1:tnMNgIWEdbmyx0fulrlLPNHowsprg34xFWflOEB3t1s=
-github.com/hashicorp/cap v0.11.0/go.mod h1:HKbv27kfps+wONFNyNTHpAQmU/DCjjDuB5HF6mFsqPQ=
+github.com/hashicorp/cap v0.12.0 h1:z1PU5j8iqLpyortK8JatvPVqEGSl3eN2vxZUWtOgdZU=
+github.com/hashicorp/cap v0.12.0/go.mod h1:KmO21ZfHvXuAUZBc3Ycqu5NhwMahvfmfR4HlW4f+b3c=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
@@ -172,13 +172,13 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
 golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
-golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo=
-golang.org/x/oauth2 v0.33.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
-golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -193,8 +193,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=