Bump github.com/zalando/go-keyring from 0.2.6 to 0.2.7

[dependabot]

Bumps github.com/zalando/go-keyring from 0.2.6 to 0.2.7.

Release notes

Sourced from github.com/zalando/go-keyring's releases.

v0.2.7

What's Changed

• Inline shellescape dependency by @​williammartin in zalando/go-keyring#117
• docs: Fix 404-ing secret service link by @​tinder-ryantrontz in zalando/go-keyring#120
• fix(readme): remove extra trailing slash by @​tinder-ryantrontz in zalando/go-keyring#121
• docs: document how to set data via the CLI and then access it via the Go library by @​alexec in zalando/go-keyring#128
• security: GH Actions by @​szuecs in zalando/go-keyring#137
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in zalando/go-keyring#138
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in zalando/go-keyring#139
• Bump the all-go-mod-patch-and-minor group with 2 updates by @​dependabot[bot] in zalando/go-keyring#140

New Contributors

• @​tinder-ryantrontz made their first contribution in zalando/go-keyring#120
• @​alexec made their first contribution in zalando/go-keyring#128
• @​dependabot[bot] made their first contribution in zalando/go-keyring#138

Full Changelog: zalando/go-keyring@v0.2.6...v0.2.7

Commits

• e0dd98f Merge pull request #140 from zalando/dependabot/go_modules/all-go-mod-patch-a...
• 98f9091 Merge pull request #139 from zalando/dependabot/github_actions/actions/setup-...
• 40806c2 Merge pull request #138 from zalando/dependabot/github_actions/actions/checko...
• 1d4d07c Bump the all-go-mod-patch-and-minor group with 2 updates
• e6c0d8a Bump actions/setup-go from 5 to 6
• 0151d30 Bump actions/checkout from 4 to 6
• d6ac580 Merge pull request #137 from zalando/security/gh-actions
• 036041f security: GH Actions should be able read only
• 5c6f7e0 Merge pull request #128 from alexec/master
• 5ed3203 Merge pull request #2 from alexec/copilot/document-cli-secrets-management
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Summary by cubic

Upgrade github.com/zalando/go-keyring to v0.2.7 to pick up the patch release that inlines shell escaping and reduces transitive deps. This removes the indirect al.essio.dev/pkg/shellescape with no behavior changes.

• Dependencies
  • Bump github.com/zalando/go-keyring from 0.2.6 to 0.2.7.
  • Drop indirect al.essio.dev/pkg/shellescape (upstream inlined).

^{Written for commit 39606b9. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 2 files