chore(deps): bump the minor-and-patch group with 5 updates

[dependabot]

Bumps the minor-and-patch group with 5 updates:

Package	From	To
github.com/blevesearch/bleve/v2	2.4.3	2.4.4
github.com/docker/docker	27.4.0+incompatible	27.4.1+incompatible
golang.org/x/crypto	0.30.0	0.31.0
google.golang.org/grpc	1.68.1	1.69.0
google.golang.org/protobuf	1.35.2	1.36.0

Updates github.com/blevesearch/bleve/v2 from 2.4.3 to 2.4.4

Release notes

Sourced from github.com/blevesearch/bleve/v2's releases.

v2.4.4

Bug Fixes

• Identified root cause for blevesearch/bleve#1662 to be recycling of TermFieldReaders that was causing illegal/incorrect access of several in-memory structures in certain scenarios. We've gone ahead and disabled this feature with blevesearch/bleve#2117 + blevesearch/bleve#2121 . Will work towards re-enabling in the near future once we've ironed out the several associated wrinkles.
• Introduced a guard rail with blevesearch/zapx#282 while performing vector search queries with pre-filtering to avoid hitting a panic when qualified docs do not hold valid vector fields.
• Fixed an issue while applying ivf_max_codes_pct in vector search requests involving pre-filtering which can cause reduction in recall - blevesearch/go-faiss#40

Vector search continues to require same version of faiss dynamic library (as with v2.4.3) to be built from blevesearch/faiss@b747c55a which is a modified version of v1.8.0

Milestone

• v2.4.4

Commits

• 137a216 MB-64513: Upgrade blevesearch/go-faiss, zapx/v16 for fix (#2123)
• 5c53634 MB-64604: Remove unnecessary second map lookup (#2121)
• 78cf789 MB-64604: Fix interpreting scorch config: "fieldTFRCacheThreshold" (#2117)
• 7d627b9 MB-64360 - Upgrade zapx v16 (#2107)
• See full diff in compare view

Updates github.com/docker/docker from 27.4.0+incompatible to 27.4.1+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v27.4.1

27.4.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 27.4.1 milestone
• moby/moby, 27.4.1 milestone

Bug fixes and enhancements

• Fix excessive memory allocations when OTel is not configured. moby/moby#49079
• The docker info command and the corresponding GET /info API endpoint no longer include warnings when bridge-nf-call-iptables or bridge-nf-call-ip6tables are disabled at the daemon is started. The br_netfilter kernel module is now attempted to be loaded when needed, which made those warnings inaccurate. moby/moby#49090
• Attempt to load kernel modules, including ip6_tables and br_netfilter when required, using a method that is likely to succeed inside a Docker-in-Docker container. moby/moby#49043
• Fix a bug that could result in an iptables DOCKER FILTER chain not being cleaned up on failure. moby/moby#49110

Deprecations

• pkg/system: Deprecate Lstat(), Mkdev(), Mknod(), FromStatT() and Stat() functions, and related StatT types. These were only used internally, and will be removed in the next release. moby/moby#49100
• libnetwork/iptables: Deprecate IPV, Iptables and IP6Tables types in favor of IPVersion, IPv4, and IPv6. This type and consts will be removed in the next release. moby/moby#49093
• libnetwork/iptables: Deprecate Passthrough. This function was only used internally, and will be removed in the next release. moby/moby#49119

Packaging updates

• Update Compose to v2.32.1. docker/docker-ce-packaging#1130
• Update Buildx to v0.19.3. docker/docker-ce-packaging#1132
• Update runc to v1.2.3 (static packages only). moby/moby#49085

Commits

• c710b88 Merge pull request #49119 from thaJeztah/27.x_backport_libnetwork_deprecate_P...
• eda0a20 libnetwork/iptables: deprecate Passthrough
• b51622d libnet/iptables: deprecate type IPV
• 829ac83 Merge pull request #49104 from thaJeztah/27.x_backport_update_swagger_headers
• bd7da11 Merge pull request #49110 from thaJeztah/27.x_backport_fix_setupIPChains_defer
• 135b144 Merge pull request #49105 from thaJeztah/27.x_backport_testing-suse-apparmor
• 08de719 libnetwork/drivers/bridge: setupIPChains: fix defer checking wrong err
• 2a62319 Merge pull request #49100 from thaJeztah/27.x_backport_deprecate_pkg_system
• 6855ca1 integration-cli: don't skip AppArmor tests on SLES
• 224b305 docs/api: document correct case for Api-Version header
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.30.0 to 0.31.0

Commits

• b4f1988 ssh: make the public key cache a 1-entry FIFO cache
• See full diff in compare view

Updates google.golang.org/grpc from 1.68.1 to 1.69.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.69.0

Known Issues

• The recently added grpc.NewClient function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. A fix is expected to be a part of grpc-go v1.70. (#7556)

New Features

• stats/opentelemetry: Introduce new APIs to enable OpenTelemetry instrumentation for metrics on servers and clients (#7874)
• xdsclient: add support to fallback to lower priority servers when higher priority ones are down (#7701)
• dns: Add support for link local IPv6 addresses (#7889)
• The new experimental pickfirst LB policy (disabled by default) supports Happy Eyeballs, interleaving IPv4 and IPv6 address as described in RFC-8305 section 4, to attempt connections to multiple backends concurrently. The experimental pickfirst policy can be enabled by setting the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST to true. (#7725, #7742)
• balancer/pickfirst: Emit metrics from the pick_first load balancing policy (#7839)
• grpc: export MethodHandler, which is the type of an already-exported field in MethodDesc (#7796)
  • Special Thanks: @​mohdjishin

Bug Fixes

• credentials/google: set scope for application default credentials (#7887)
  • Special Thanks: @​halvards
• xds: fix edge-case issues where some clients or servers would not initialize correctly or would not receive errors when resources are invalid or unavailable if another channel or server with the same target was already in use . (#7851, #7853)
• examples: fix the debugging example, which was broken by a recent change (#7833)

Behavior Changes

• client: update retry attempt backoff to apply jitter per updates to gRFC A6. (#7869)
  • Special Thanks: @​isgj
• balancer/weightedroundrobin: use the pick_first LB policy to manage connections (#7826)

API Changes

• balancer: An internal method is added to the balancer.SubConn interface to force implementors to embed a delegate implementation. This requirement is present in the interface documentation, but wasn't enforced earlier. (#7840)

Performance Improvements

• mem: implement a ReadAll() method for more efficient io.Reader consumption (#7653)
  • Special Thanks: @​ash2k
• mem: use slice capacity instead of length to determine whether to pool buffers or directly allocate them (#7702)
  • Special Thanks: @​PapaCharlie

Documentation

• examples/csm_observability: Add xDS Credentials and switch server to be xDS enabled (#7875)

Release 1.68.2

Dependencies

• Remove the experimental stats/opentelemetry module and instead add the experimental packages it contains directly into the main google.golang.org/grpc module (#7936)

Commits

• 317271b pickfirst: Register a health listener when used as a leaf policy (#7832)
• 5565631 balancer/pickfirst: replace grpc.Dial with grpc.NewClient in tests (#7879)
• 634497b test: Split import paths for generated message and service code (#7891)
• 78aa51b pickfirst: Stop test servers without closing listeners (#7872)
• 00272e8 dns: Support link local IPv6 addresses (#7889)
• 17d08f7 scripts/gen-deps: filter out grpc modules (#7890)
• ab189b0 examples/features/csm_observability: Add xDS Credentials (#7875)
• 3ce87dd credentials/google: Add cloud-platform scope for ADC (#7887)
• 3c0586a stats/opentelemetry: Cleanup OpenTelemetry API's before stabilization (#7874)
• 4c07bca stream: add jitter to retry backoff in accordance with gRFC A6 (#7869)
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.35.2 to 1.36.0

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions