chore(deps): bump the go-minor-patch group across 1 directory with 2 updates

[dependabot]

Bumps the go-minor-patch group with 2 updates in the / directory: github.com/sirupsen/logrus and gitlab.com/gitlab-org/api/client-go.

Updates github.com/sirupsen/logrus from 1.9.3 to 1.9.4

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.4

Notable changes

• go.mod: update minimum supported go version to v1.17 sirupsen/logrus#1460
• go.mod: bump up dependencies sirupsen/logrus#1460
• Touch-up godoc and add "doc" links.
• README: fix links, grammar, and update examples.
• Add GNU/Hurd support sirupsen/logrus#1364
• Add WASI wasip1 support sirupsen/logrus#1388
• Remove uses of deprecated ioutil package sirupsen/logrus#1472
• CI: update actions and golangci-lint sirupsen/logrus#1459
• CI: remove appveyor, add macOS sirupsen/logrus#1460

Full Changelog: sirupsen/logrus@v1.9.3...v1.9.4

Commits

• b61f268 Merge pull request #1472 from goldlinker/master
• 15c29db refactor: replace the deprecated function in the ioutil package
• cb253f3 Merge pull request #1464 from thaJeztah/touchup_godoc
• 29b2337 Merge pull request #1468 from thaJeztah/touchup_readme
• d916819 Merge pull request #1427 from dolmen/fix-testify-usage
• 135e482 README: small touch-ups
• 2c5fa36 Merge pull request #1467 from thaJeztah/rm_old_badge
• 877ecec README: remove travis badge
• 55cf256 Merge pull request #1393 from jsoref/grammar
• 21bae50 Merge pull request #1426 from dolmen/testing-fix-use-of-math-rand
• Additional commits viewable in compare view

Updates gitlab.com/gitlab-org/api/client-go from 1.10.0 to 1.14.0

Release notes

Sourced from gitlab.com/gitlab-org/api/client-go's releases.

v1.14.0

1.14.0

🚀 Features

• feat(hooks): Add project hook support for vulnerability events and branch filter strategy (!2658) by Heidi Berry
• Add max_artifacts_size parameter to groups and projects (!2652) by Betty Godier

1.14.0 (2026-01-13)

Features

• hooks: Add project hook support for vulnerability events and branch filter strategy (4f6d252)

v1.13.0

1.13.0

🚀 Features

• feat(groups): add Active parameter to ListGroupProjects (!2657) by Kai Armstrong

🔄 Other Changes

• chore(deps): update docker docker tag to v29.1.4 (!2651) by GitLab Dependency Bot

1.13.0 (2026-01-12)

Features

• groups: add Active parameter to ListGroupProjects (dec511a)

v1.12.0

1.12.0

🚀 Features

• feat: add EmojiEvents field support to Project Webhooks (!2653) by Yugan

🔄 Other Changes

• chore(deps): update dependency golangci-lint to v2.8.0 (!2650) by GitLab Dependency Bot
• refactor(no-release): use errors.New instead of fmt.Errorf (!2644) by Oleksandr Redko

... (truncated)

Changelog

Sourced from gitlab.com/gitlab-org/api/client-go's changelog.

1.14.0

🚀 Features

• feat(hooks): Add project hook support for vulnerability events and branch filter strategy (!2658) by Heidi Berry
• Add max_artifacts_size parameter to groups and projects (!2652) by Betty Godier

1.14.0 (2026-01-13)

Features

• hooks: Add project hook support for vulnerability events and branch filter strategy (4f6d252)

1.13.0

🚀 Features

• feat(groups): add Active parameter to ListGroupProjects (!2657) by Kai Armstrong

🔄 Other Changes

• chore(deps): update docker docker tag to v29.1.4 (!2651) by GitLab Dependency Bot

1.13.0 (2026-01-12)

Features

• groups: add Active parameter to ListGroupProjects (dec511a)

1.12.0

🚀 Features

• feat: add EmojiEvents field support to Project Webhooks (!2653) by Yugan

🔄 Other Changes

• chore(deps): update dependency golangci-lint to v2.8.0 (!2650) by GitLab Dependency Bot
• refactor(no-release): use errors.New instead of fmt.Errorf (!2644) by Oleksandr Redko

1.12.0 (2026-01-11)

... (truncated)

Commits

• 2125208 chore(release): 1.14.0 [skip ci]
• eee4c83 Merge branch 'enhance-project-hooks' into 'main'
• 4f6d252 feat(hooks): Add project hook support for vulnerability events and branch fil...
• c9808f8 Merge branch 'betty-godier/add-max-artifacts-size' into 'main'
• 58b293a Add max_artifacts_size parameter to groups and projects
• 5845f24 chore(release): 1.13.0 [skip ci]
• 54cdb83 Merge branch 'feat/add-active-parameter-groups-projects' into 'main'
• dec511a feat(groups): add Active parameter to ListGroupProjects
• 92e52c0 Merge branch 'renovate/docker-29.x' into 'main'
• 99138da chore(deps): update docker docker tag to v29.1.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
gitlab.com/gitlab-org/api/client-go	1.14.0	Null	Unknown License

Denied Licenses:

GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, AGPL-3.0

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/google/go-querystring	1.2.0	🟢 5	Details Check Score Reason Maintained ⚠️ 1 1 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review ⚠️ 2 Found 5/19 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 10 security policy file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1
gomod/github.com/sirupsen/logrus	1.9.4	🟢 4	Details Check Score Reason Maintained ⚠️ 1 1 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1 Code-Review 🟢 5 Found 9/16 approved changesets -- score normalized to 5 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
gomod/gitlab.com/gitlab-org/api/client-go	1.14.0	Unknown	Unknown

Scanned Files

• go.mod

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.