build(deps): bump the go-mod group with 4 updates

[dependabot]

Bumps the go-mod group with 4 updates: github.com/authzed/spicedb, github.com/samber/lo, github.com/schollz/progressbar/v3 and github.com/spf13/pflag.

Updates github.com/authzed/spicedb from 1.39.1-0.20250114225336-a80f596434e3 to 1.40.0

Release notes

Sourced from github.com/authzed/spicedb's releases.

v1.40.0

[!NOTE]
All datastores have a migration to add new columns for relationship expiration support

Highlights

⌛ Expiring relationships ⚡ Experimental SQL optimization 🔧 Read replica fixes

Features

Introducing first class support for expiring relationships in SpiceDB! Developers can now define a lifespan for relationships in schema, preventing unintended access through lingering permissions. Relationship expiration terms can also be dynamically defined by application end users, providing them with even more granular control over how they choose to share data.

For more details, refer to SpiceDB documentation: https://authzed.com/docs/spicedb/concepts/expiring-relationships

End to end support for experimental first-class relationship expiration feature by @​josephschorr in #2152

Enhancements

Various improvements

• Make index creation idempotent by @​josephschorr in #2197
• Implement simpler import syntax by @​tstirrat15 in #2207
• Change feature detection for CRDB watch to not require waiting by @​josephschorr in #2205
• Delete LookupResources v1, ReachableResources and all helper code by @​josephschorr in #2203
• add schemaFile to ValidationFile by @​kartikaysaxena in #2206

Garbage collection

• GC improvements: GC only on a single node and add a missing index in PG by @​josephschorr in #2159
• Move unlock call to a background context in GC by @​josephschorr in #2198
• Change GC test to always call GC directly by @​josephschorr in #2165

Datastore tests

• Additional datastore tests by @​josephschorr in #2180
• Add some additional datastore tests to improve coverage by @​josephschorr in #2173
• Switch datastore tests to use a larger runner by @​josephschorr in #2182
• Add basic steelthread tests for bulk import and export of relationships by @​josephschorr in #2166
• Add steelthread tests to CI and to mage test:all by @​josephschorr in #2167
• Add support for bulk check in steelthread test by @​josephschorr in #2171
• Deparallelize the steelthread tests to hopefully remove the flakiness by @​josephschorr in #2169
• Increase max number of retries on flaky test by @​josephschorr in #2204
• Add additional tests to the datastore consistency test suite by @​josephschorr in #2168
• Remove parallel running on datastore consistency tests to reduce flakiness by @​josephschorr in #2186
• Disable retries on the serialization test for PG by @​josephschorr in #2200
• Remove sleep in stats test unless needed by @​josephschorr in #2201
• Improve test coverage of memdb datastore with some new rel tests by @​josephschorr in #2172
• Switch postgres tests to run in a matrix of versions by @​josephschorr in #2195
• Add caveated bulk load test to datastore tests by @​josephschorr in #2176

Observability, Debugging

• Add tracing to the LR2 implementation by @​josephschorr in #2174
• Ensure source is returned for all check debug traces by @​josephschorr in #2196
• Small changes around node IDs and trace IDs by @​josephschorr in #2202
• Add support for debug traces in Check Bulk Permission by @​josephschorr in #2193
• Add option to enable query parameters to appear in traces by @​josephschorr in #2177
• Add slightly more information to the LR2 dispatch traces by @​josephschorr in #2183

... (truncated)

Commits

• See full diff in compare view

Updates github.com/samber/lo from 1.49.0 to 1.49.1

Release notes

Sourced from github.com/samber/lo's releases.

v1.49.1

What's Changed

• fix(product + productby): fix empty slice behavior by @​samber in samber/lo#584

Full Changelog: samber/lo@v1.49.0...v1.49.1

Commits

• bc6d6e8 bump v1.49.1
• 96d5482 fix(product): fix empty slice behavior (#583) (#584)
• See full diff in compare view

Updates github.com/schollz/progressbar/v3 from 3.17.1 to 3.18.0

Release notes

Sourced from github.com/schollz/progressbar/v3's releases.

v3.18.0

What's Changed

• add AddMax by @​kevin-hanselman in schollz/progressbar#209
• feat: add an HTTP server to enable users to monitor status updates via status bars or other UI components. by @​cmsax in schollz/progressbar#210

New Contributors

• @​kevin-hanselman made their first contribution in schollz/progressbar#209
• @​cmsax made their first contribution in schollz/progressbar#210

Full Changelog: schollz/progressbar@v3.17.1...v3.18.0

Commits

• 6e18d11 chore: update dependencies
• d88592d Merge pull request #210 from cmsax/main
• d4ec079 chore
• 3342791 feat: add http server
• 77ce0b9 Merge pull request #209 from kevin-hanselman/add_max
• f5093f1 fix test
• 920dfd7 add AddMax
• See full diff in compare view

Updates github.com/spf13/pflag from 1.0.5 to 1.0.6

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.6

What's Changed

• Add exported functions to preserve pkg/flag compatibility by @​mckern in spf13/pflag#220
• remove dead code for checking error nil by @​yashbhutwala in spf13/pflag#282
• Add IPNetSlice and unit tests by @​rpothier in spf13/pflag#170
• allow for blank ip addresses by @​duhruh in spf13/pflag#316
• add github actions by @​sagikazarmark in spf13/pflag#419

New Contributors

• @​mckern made their first contribution in spf13/pflag#220
• @​yashbhutwala made their first contribution in spf13/pflag#282
• @​rpothier made their first contribution in spf13/pflag#170
• @​duhruh made their first contribution in spf13/pflag#316
• @​sagikazarmark made their first contribution in spf13/pflag#419

Full Changelog: spf13/pflag@v1.0.5...v1.0.6

Commits

• 5ca8134 Merge pull request #419 from spf13/ci
• 100ab0e disable unsupported dependency graph for now
• a0f4ddd fix govet
• f48cbd1 add github actions
• d5e0c06 allow for blank ip addresses (#316)
• 85dd5c8 Add IPNetSlice and unit tests (#170)
• 6971c29 remove dead code for checking error nil (#282)
• 81378bb Add exported functions to preserve pkg/flag compatibility (#220)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[tstirrat15]

Yep, these should be fine.