Build: Bump the go group with 4 updates

[dependabot]

Bumps the go group with 4 updates: github.com/IBM/sarama, github.com/aws/aws-sdk-go-v2/config, github.com/aws/aws-sdk-go-v2/credentials and github.com/content-services/zest/release/v2026.

Updates github.com/IBM/sarama from 1.48.2 to 1.49.0

Release notes

Sourced from github.com/IBM/sarama's releases.

Version 1.49.0 (2026-05-18)

What's Changed

🚨 Breaking Changes

• fix(consumer): decouple FetchRequest.MaxBytes from MaxResponseSize by @​dnwe in IBM/sarama#3538

🎉 New Features / Improvements

• feat(consumer): warn on sustained partition retries by @​dnwe in IBM/sarama#3535
• feat(producer): add Produce v8 request/response support by @​dnwe in IBM/sarama#3540
• feat(consumer): cap partition consumer retries by @​dnwe in IBM/sarama#3539
• feat: support FindCoordinator V3 protocol by @​hindessm in IBM/sarama#3544
• feat: support describe acls v2 by @​hindessm in IBM/sarama#3548
• feat: support create acls v2 by @​hindessm in IBM/sarama#3549
• feat: support delete acls v2 by @​hindessm in IBM/sarama#3550
• feat: support sasl authenticate v2 by @​hindessm in IBM/sarama#3551
• feat: support create partitions v2 by @​hindessm in IBM/sarama#3554
• feat: support join group v7 by @​hindessm in IBM/sarama#3555

🐛 Fixes

• fix: flexible decoder out-of-bounds panic by @​hindessm in IBM/sarama#3543
• fix(consumer): size partial-batch retry correctly by @​dnwe in IBM/sarama#3541
• feat(consumer): add OffsetCommit v8 request/response support by @​dnwe in IBM/sarama#3545
• fix: decode nullable ACL describe error messages by @​dnwe in IBM/sarama#3552
• fix(consumer): lease preferred read replicas by @​dnwe in IBM/sarama#3553
• fix(producer): honour Retry.Backoff in idempotent retryBatch by @​dnwe in IBM/sarama#3557

🔧 Maintenance

• chore: better bounds checking by @​hindessm in IBM/sarama#3546
• chore: bump deps in ./examples tree by @​dnwe in IBM/sarama#3558
• docs: add AlterPartitionReassignments example and functional test by @​dnwe in IBM/sarama#3556

Full Changelog: IBM/sarama@v1.48.2...v1.49.0

Commits

• 63f561a chore(ci): Update github/codeql-action action to v4.35.5 (#3559)
• 4009ac0 fix(producer): honour Retry.Backoff in idempotent retryBatch (#3557)
• 65e434d docs: add AlterPartitionReassignments example and functional test (#3556)
• 5cf9fb8 fix(consumer): lease preferred read replicas (#3553)
• 833fe3d chore: bump deps in ./examples tree (#3558)
• 4d592d0 feat: support join group v7 (#3555)
• bcee29d fix: decode nullable ACL describe error messages (#3552)
• fb8ed8d feat: support create partitions v2 (#3554)
• d23b63f feat: support sasl authenticate v2 (#3551)
• a31a726 feat: support delete acls v2 (#3550)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.18

Commits

• db9f4e5 Release 2026-05-22
• 34e7ddc Regenerated Clients
• f9db036 Update endpoints model
• ae5eae1 Update API model
• 429dbdd Feat discover endpoint partition validation (#3410)
• ab4f5b6 Release 2026-05-21
• 757a099 Regenerated Clients
• 02c8323 Update API model
• f4ac954 Bump smithy-go version and update imports for evenstream protocoltests (#3420)
• 6d93700 Add replace for credentials dependency added on go.mod (#3419)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.16 to 1.19.17

Commits

• db9f4e5 Release 2026-05-22
• 34e7ddc Regenerated Clients
• f9db036 Update endpoints model
• ae5eae1 Update API model
• 429dbdd Feat discover endpoint partition validation (#3410)
• ab4f5b6 Release 2026-05-21
• 757a099 Regenerated Clients
• 02c8323 Update API model
• f4ac954 Bump smithy-go version and update imports for evenstream protocoltests (#3420)
• 6d93700 Add replace for credentials dependency added on go.mod (#3419)
• Additional commits viewable in compare view

Updates github.com/content-services/zest/release/v2026 from 2026.5.1778263552 to 2026.5.1778785514

Commits

• bf471c3 Update pulp bindings to d6a984592e569b42a26e536b94e27a6b69d36b4fb7a8d53bd4983...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[swadeley]

ACK