Bump the gomod group with 3 updates

[dependabot]

Bumps the gomod group with 3 updates: github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets, github.com/onsi/gomega and golang.org/x/net.

Updates github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets from 1.4.0 to 1.5.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets's releases.

sdk/storage/azdatalake/v1.5.0

1.5.0 (2026-05-15)

Features Added

• Includes all features from 1.5.0-beta.1

sdk/security/keyvault/azadmin/v1.5.0

1.5.0 (2026-05-25)

Other Changes

• Upgraded to API service version 2025-07-01

sdk/security/keyvault/azkeys/v1.5.0

1.5.0 (2026-05-25)

Other Changes

• Upgraded to API service version 2025-07-01

sdk/security/keyvault/azcertificates/v1.5.0

1.5.0 (2026-05-26)

Features Added

• Includes all changes from 1.5.0-beta.1.

sdk/security/keyvault/azsecrets/v1.5.0

1.5.0 (2026-05-26)

Features Added

• Includes all changes from 1.5.0-beta.1.

sdk/data/azcosmos/v1.5.0-beta.7

1.5.0-beta.7 (2026-06-02)

Features Added

• Added retry policy for transient 500, 502, and 504 server errors on read requests. The request is retried once in the current region and, if applicable, once against the next preferred region. Writes are not retried. This matches the behavior of the .NET, Java, and Python Cosmos SDKs. See PR 26821.

Bugs Fixed

• Fixed missing OTel tracing spans for internal queries executed by ReadManyItems. Each per-partition query page now creates a query_items span, matching the tracing behavior of NewQueryItemsPager. See PR 26813.
• 403/WriteForbidden retries refresh the global endpoint manager fire-and-forget (CAS-gated) instead of blocking on a synchronous gem.Update. See PR 26889.
• Connection-error retry policy now attempts up to 3 retries against the current region before failing over, and performs at most one cross-region failover per call. Cross-region failover for writes only occurs when the error proves the request never reached the service (DNS, dial, TLS handshake, ECONNREFUSED, etc.); writes on ambiguous transport failures (e.g. ECONNRESET, EOF, transport-level timeouts) no longer fail over to another region, avoiding potential duplicate writes. Reads still fail over for any transport error. Caller-set context deadlines or cancellations short-circuit the policy without consuming the caller's budget with retries. See PR 26858 and PR 26915.
• HTTP 408 Request Timeout responses are now handled by the Cosmos client retry policy: reads are retried exactly once against another region, and writes are returned to the caller immediately to avoid potential duplicates. See PR 26858.
• Fixed excessive GetDatabaseAccount HTTP calls when using preferred regions, and stopped data-plane retries from trailing into the customer-supplied (default) endpoint once account topology is populated. See PR 26815.
• Partition key range cache now serves concurrent callers from a single in-flight refresh per container, and the cached routing map remains readable while a refresh is in progress. The refresh runs on a detached background context.Background() so a caller's cancellation no longer aborts the shared fetch for other waiters; each caller continues to honor its own context deadline. See PR 26855.
• Partition key range cache change-feed pagination is now resilient to mid-drain throttling. 429 responses are retried indefinitely (with capped linear backoff + jitter) since the service is explicitly asking the client to slow down, and the pages already accumulated are preserved instead of restarting the drain from page 1 on the next refresh. See PR 26855.

Other Changes

• Tightened the default HTTP client: 5s dial timeout (down from azcore's 30s), 65s http.Client.Timeout wall-clock cap per HTTP attempt (was unbounded), larger idle connection pool (1000 total / 100 per host, up from azcore's 100 / 10), and faster HTTP/2 health checks. Caller-supplied Transport and shorter context deadlines are unaffected. See PR 26856.

... (truncated)

Commits

• f4ab3aa Remove arm/ClientOptions.AuxiliaryTenants (#20573)
• a554ef0 Remove azcore multitenant auth API (#20572)
• 0a42300 PutBlobFromURL/UploadBlobFromURL API (#20558)
• be3f449 Fix azcore changelog entry (#20569)
• 380d05a Fix regression - base name overrides in CI (#20563)
• 4bdfb89 Modified challenge policy test (#20554)
• 5ab558f Added support for copy source authorization to append block from url (#20557)
• d2534f7 [Azquery][Readme] Edit pass (#20382)
• e9c77a5 Bump credscan to 2.3.12.23 (#20562)
• dd74ea3 Transaction Validation - Blob Client (#20550)
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.40.0 to 1.41.0

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.41.0

Features

Add BeASlice and BeAnArray matchers

Fixes

Object formatting now detects pointer cycles to avoid runaway formatting output.

Commits

• af2bccb v1.41.0
• 73e81f6 v1.41.0 (full)
• e35a84f feat: devcontainer configuration with local pkgsite and GH pages
• f12e5e1 fix(format): detect pointer cycles to avoid runaway formatting output
• e14831f Add optionalDescription docs to AsyncAssertion and Assertion interfaces
• 344b94d Add BeASlice and BeAnArray matchers
• See full diff in compare view

Updates golang.org/x/net from 0.53.0 to 0.55.0

Commits

• 7770ec4 go.mod: update golang.org/x dependencies
• 4ece7b6 html: escape greater-than symbol in doctype identifiers
• 08be507 html: improve Noah's Ark clause performance
• a8fb2fe html: properly render fostered elements in foreign content
• 0dc5b7a html: properly check namespace in "in body" any other end tag
• a452f3c html: ignore duplicate attributes during tokenization
• f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
• 210ed3c quic: establish a "happened-before" relationship between stream write and read
• ad8140e quic: fix buffer slicing when handling overlapping stream data
• 23ee2ef http2: avoid API changes when built with go1.27
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Hello! Thank you for your contribution.

Please review our contribution guidelines to understand the project's testing and code conventions.