chore(deps): bump the go-modules group with 6 updates

[dependabot]

Bumps the go-modules group with 6 updates:

Package	From	To
github.com/ncruces/go-sqlite3	0.34.4	0.35.0
github.com/pdfcpu/pdfcpu	0.12.1	0.13.0
golang.org/x/net	0.55.0	0.56.0
golang.org/x/sync	0.20.0	0.21.0
golang.org/x/sys	0.45.0	0.46.0
golang.org/x/text	0.37.0	0.38.0

Updates github.com/ncruces/go-sqlite3 from 0.34.4 to 0.35.0

Release notes

Sourced from github.com/ncruces/go-sqlite3's releases.

v0.35.0

What's Changed

In an effort to keep the code size small (and compile times relatively fast) while continuing to add more SQLite features, the FTS5 and R*Tree/Geopoly extensions are now compiled separately. This is a breaking change. Now, to use:

• FTS5, you need github.com/ncruces/go-sqlite3/ext/fts5
• R*Tree/Geopoly, you need github.com/ncruces/go-sqlite3/ext/rtree

In addition, support for the pre-update hook was added.

Also, Go 1.27 uses encoding/json/v2 for improved performance.

Full Changelog: ncruces/go-sqlite3@v0.34.4...v0.35.0

Artifact attestations

Commits

• f063720 Memory size.
• cc974a6 JSON 1.27.
• 2f00389 Bump golang.org/x/crypto from 0.52.0 to 0.53.0 (#396)
• 25266ab Pre-update hook.
• dc662cf Split FTS5 and R-Tree.
• See full diff in compare view

Updates github.com/pdfcpu/pdfcpu from 0.12.1 to 0.13.0

Release notes

Sourced from github.com/pdfcpu/pdfcpu's releases.

v0.13.0

A Release Featuring CLI Pipelines and Safer Defaults

Starting with this release, pdfcpu improves CLI usability with broader stdin/stdout pipeline support and stricter overwrite handling.

Check out the refreshed documentation at https://pdfcpu.io

Many commands now support - for stdin/stdout, making pdfcpu easier to use in shell pipelines. Explicit output files and non-empty output directories are no longer overwritten implicitly. Use the new global --force flag when overwriting is intentional.

Example:

pdfcpu optimize - out.pdf < in.pdf

or:

cat in.pdf | pdfcpu optimize - - > out.pdf

or a pipeline:

aws s3 cp s3://acme-contracts/master.pdf - \
      | pdfcpu optimize - - \
      | aws s3 cp - s3://acme-contracts/optimized/master.pdf

---

CLI Improvements

This release adds and refines several user-facing CLI features:

• Broader stdin/stdout support using -
• Global --force flag for explicit overwrite handling
• annotations list --json
• form list --json
• certificates list --json
• merge --bookmark-mode wrap|preserve
• Improved version command behavior
• Clarified help text around signature validation scope and trust boundaries

The new overwrite behavior is intentionally stricter. Existing scripts that relied on implicit overwrites may need to add --force.

---

Merge Bookmarks

... (truncated)

Commits

• 198b38f bump version, fix #1410, #1411
• 3480a31 cleanup
• a212fad refactor cli cmd plumbing
• 982b418 clarify signature trust boundaries
• d27afe2 fix version cmd
• 80b99fe add certificate JSON listing and reset defaults
• 911aad9 upgrade dependencies
• a3225ab refactor parameter handling
• 4f4129e Add experimental Win7 build
• 84a68af decrease binary size via default build w/o bundled certificates, provide buil...
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.55.0 to 0.56.0

Commits

• 9e7fdbf internal/http3: fix wrong argument being given when validating header value
• b686e5f internal/http3: add gzip support to transport
• 8a34885 go.mod: update golang.org/x dependencies
• 72eaf98 dns/dnsmessage: correctly validate SVCB record parameter order
• 82e7868 dns/dnsmessage: avoid panic when parsing SVCB record with truncated data
• b64f1fa internal/http3: add server support for "Trailer:" magic prefix
• 2707ee2 internal/http3: implement HTTP/3 clientConn methods
• 31358cc internal/http3: snapshot response headers at WriteHeader time
• 8ecbaa9 html: don't adjust xml:base
• 8ae811a html: properly handle end script tag in fragment mode
• Additional commits viewable in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

• 5071ed6 all: fix some comments to improve readability
• See full diff in compare view

Updates golang.org/x/sys from 0.45.0 to 0.46.0

Commits

• d58dcfa unix: add GPIO constants and structs
• See full diff in compare view

Updates golang.org/x/text from 0.37.0 to 0.38.0

Commits

• f4bb632 go.mod: update golang.org/x dependencies
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions