build(deps): bump github.com/ryancurrah/gomodguard from 1.3.5 to 1.4.1

[dependabot]

Bumps github.com/ryancurrah/gomodguard from 1.3.5 to 1.4.1.

Release notes

Sourced from github.com/ryancurrah/gomodguard's releases.

v1.4.1

Changelog

• eb83cbc4b7d00988e8256e32523832a392d6962f fix: downgrade syntax
• 2cb6ff4c8c11019110b96d268414167c0aeb5099 fix: downgrade min Go version

v1.4.0

Changelog

• 00fcc58c713c12fdea18ff508ee819476df99581 fix lint issues
• 858a7278389eeda6743a10bb17f0eb1dc0a27d53 fix: block indirect dependencies when directly imported
• 7cf3bf4487dd61e9102a5a835a273c3409a17567 Bump golang.org/x/net
• 89be3bb90e028801255dddf23cab152a0c639e39 Bump golang.org/x/mod from 0.22.0 to 0.23.0
• 7ed78f336b17164b0967c91041150654feb5cefd Bump golang.org/x/crypto
• c25beedbdc8f9577e134ac28c4f466c5bf050aa4 refactor: use encoding/xml instead of go-xmlfmt/xmlfmt
• e3472c5190ab70e14e07527528e97648a75fd2a1 ci: update to code cov v5 action
• eb5620ba62d728d45c2cc21a10653fafe227a980 chore(go.mod): update gopkg.in/yaml.v2 to v3
• bbae9bd569cd42e44da17689070d8f060d65669b Bump golang.org/x/mod from 0.21.0 to 0.22.0
• 1e63eca7f41de376f400e69f0721eb3e3aaa5503 Bump github.com/stretchr/testify from 1.9.0 to 1.10.0
• fa774a12dffa507e0872ae011cebf2f5b26661e0 Bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1

Commits

• eb83cbc fix: downgrade syntax
• 2cb6ff4 fix: downgrade min Go version
• 00fcc58 fix lint issues
• 858a727 fix: block indirect dependencies when directly imported
• 7cf3bf4 Bump golang.org/x/net
• 89be3bb Bump golang.org/x/mod from 0.22.0 to 0.23.0
• 7ed78f3 Bump golang.org/x/crypto
• c25beed refactor: use encoding/xml instead of go-xmlfmt/xmlfmt
• e3472c5 ci: update to code cov v5 action
• eb5620b chore(go.mod): update gopkg.in/yaml.v2 to v3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.