chore(deps): bump golang.org/x/term from 0.39.0 to 0.40.0

[dependabot]

Bumps golang.org/x/term from 0.39.0 to 0.40.0.

Commits

• 3aff304 go.mod: update golang.org/x dependencies
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Walkthrough

The pull request updates two indirect dependencies in the Go module file: golang.org/x/sys to version 0.41.0 and golang.org/x/term to version 0.40.0. No changes to required modules or exported entities.

Changes

Cohort / File(s)	Summary
Dependency Updates go.mod	Updated indirect dependencies: golang.org/x/sys (v0.40.0 → v0.41.0) and golang.org/x/term (v0.39.0 → v0.40.0).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is a Dependabot-generated message that lacks the required template structure, including missing Summary section, Change Type classification, and Pre-merge Checklist.	Add a proper summary section describing the dependency update, specify the Change Type (e.g., 'Docs/Test'), and complete the pre-merge checklist items.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: bumping golang.org/x/term from 0.39.0 to 0.40.0, which matches the raw summary and PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/go_modules/golang.org/x/term-0.40.0

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@go.mod`:
- Around line 84-85: The go.mod entry pins a non-existent release for module
golang.org/x/term at v0.40.0; update the version string for golang.org/x/term to
a valid tag (e.g., v0.39.0) or replace it with a specific commit pseudo-version
if you need an unreleased change, then run `go mod tidy` to ensure go.sum is
updated; leave golang.org/x/sys v0.41.0 unchanged.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

golang.org/x/term v0.40.0 release notes changelog

💡 Result:

There is no golang.org/x/term v0.40.0 release/tag published. The latest tagged release shown on pkg.go.dev is v0.39.0 (Jan 9, 2026), followed by v0.38.0, v0.37.0, etc. [1][2]

To see the “changelog” between tagged releases, use the tag diff/compare view (example):

https://github.com/golang/term/compare/v0.38.0...v0.39.0

(If you try ...v0.40.0, it won’t exist because the tag isn’t published.) [1]

---

🌐 Web query:

golang.org/x/sys v0.41.0 release notes changelog

💡 Result:

golang.org/x/sys doesn’t publish separate “release notes”; the closest changelog is the Git tag and the commit log between tags. The v0.41.0 tag (committed Feb 7, 2026) includes these changes since v0.40.0: [1][2]

• cpu (Windows/ARM64): use IsProcessorFeaturePresent to determine ARM64 CPU features; adds cpu_windows_arm64.go. [1][2]
• windows: add IsProcessorFeaturePresent wrapper and processor-feature constants. [2]
• unix: add IoctlSetString on all platforms. [2]
• unix: return early on error in Recvmsg. [2]

How to view it:

• Tag details: refs/tags/v0.41.0 [1]
• Commit list around the tag (acts as changelog): +log/refs/tags/v0.41.0 (see entries after the v0.40.0 marker). [2]

References:
[1] (go.googlesource.com)
[2] (go.googlesource.com)

Citations:

• 1: https://go.googlesource.com/sys/%2B/refs/tags/v0.41.0
• 2: https://go.googlesource.com/sys/%2Blog/refs/tags/v0.41.0

---

🌐 Web query:

golang.org/x/term security advisories CVE

💡 Result:

As of February 9, 2026, I couldn’t find any publicly indexed security advisories / CVEs (or GO-/GHSA IDs) that list golang.org/x/term as an affected module in the Go Vulnerability Database (pkg.go.dev/vuln). The module’s current tagged release shown on pkg.go.dev is v0.39.0 (published Jan 9, 2026). [1], [2]

How to verify in your own environment (recommended):

• Use Go’s official vulnerability tooling: install and run govulncheck against your module/deps. [3]

Sources:

1. golang.org/x/term module page (version info): (pkg.go.dev)
2. Go Vulnerability Database web UI (search for advisories by import path): (pkg.go.dev)
3. Go vulnerability management / govulncheck docs: (go.dev)

Citations:

• 1: https://pkg.go.dev/golang.org/x/term?utm_source=openai
• 2: https://pkg.go.dev/vuln/?utm_source=openai
• 3: https://go.dev/doc/security/vuln/?utm_source=openai

---

🌐 Web query:

golang.org/x/sys security advisories CVE 2024 2025

💡 Result:

golang.org/x/sys advisories (CVE years 2024–2025)

• No CVE-2024 or CVE-2025 entries are currently listed for golang.org/x/sys in the Go Vulnerability Database (the Go team–curated source used by govulncheck / pkg.go.dev). Check by searching the database for the import path golang.org/x/sys (or golang.org/x/sys/unix, etc.). [1], [2]

Commonly-reported x/sys CVE (not 2024/2025, but often shows up in scanners)

• CVE-2022-29526 (golang.org/x/sys/unix): Faccessat could incorrectly report file accessibility when called with non-zero flags; scanners commonly recommend upgrading to golang.org/x/sys/unix >= 0.1.0. [3]
  • There is also an upstream Go issue noting this CVE can be reported due to older golang.org/x/sys versions referenced in some Go source-tree go.mod files (scanner/packaging noise). [4]

Sources:
[1] Go Vulnerability Database (pkg.go.dev/vuln)
[2] Go Vulnerability Management docs (go.dev)
[3] Snyk: CVE-2022-29526 in golang.org/x/sys/unix
[4] golang/go issue #71936 (CVE-2022-29526 reported in x/sys)

---

golang.org/x/term v0.40.0 does not exist as a published release.

The latest tagged release of golang.org/x/term is v0.39.0 (released Jan 9, 2026). The version v0.40.0 specified in go.mod is not published. Update to v0.39.0 or verify if a newer unreleased version should be pinned from a specific commit instead.

golang.org/x/sys v0.41.0 is valid (released Feb 7, 2026) and has no known security advisories.

🤖 Prompt for AI Agents

In `@go.mod` around lines 84 - 85, The go.mod entry pins a non-existent release
for module golang.org/x/term at v0.40.0; update the version string for
golang.org/x/term to a valid tag (e.g., v0.39.0) or replace it with a specific
commit pseudo-version if you need an unreleased change, then run `go mod tidy`
to ensure go.sum is updated; leave golang.org/x/sys v0.41.0 unchanged.

[dependabot]

Superseded by #456.