tools(deps): bump github.com/charmbracelet/gum from 0.13.0 to 0.16.0 in /tools

[dependabot]

Bumps github.com/charmbracelet/gum from 0.13.0 to 0.16.0.

Release notes

Sourced from github.com/charmbracelet/gum's releases.

v0.16.0

Hey, little counter

This release contains some bug fixes as well as a small feature that adds an item position counter to the help. It's right there on the bottom left!

Changelog

New Features

• 984c84fbd02e06589928bfa66304f3db1dc76605: feat(table): show indicator on help keybindings (opt-in) (#839) (@​raphamorim)

Bug fixes

• 204d21940eab977fb5ce6bd84742a17c17d404c1: fix(choose): order when using --label-delimiter (#867) (@​caarlos0)
• 2b72e8029773e474802b804b97346cdc640a7346: fix(confirm): ensure --show-output show the right answer (#853) (@​andreynering)
• 93f6857e3dc06e45f3fb2874ea3f798ae342068b: fix(spin): preserve color output when --show-output is given (#850) (@​andreynering)
• d795b8ab2ffb048f281d0af901d119ff00ebba59: fix(table): padding on item indicator (#841) (@​caarlos0)
• 9705aa338448bb7b2b797f09866b7e14247bf0ea: fix: generated completion invalid for fish shell (#837) (@​raphamorim)
• bb098b2662682141474ca8398197e8a2e94cfe6a: fix(choose): generated completion invalid for fish shell (choose/options) (#838) (@​raphamorim)
• 85a29801d8f6b031a988a3cc1eebacf27a199f9b: fix(filter): wildcard escaping issue (#862) (@​abelcha)

---

First, download the checksums.txt file, for example, with wget:

wget 'https://github.com/charmbracelet/gum/releases/download/v0.16.0/checksums.txt'

Then, verify it using cosign:

cosign verify-blob \
  --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --cert 'https://github.com/charmbracelet/gum/releases/download/v0.16.0/checksums.txt.pem' \
  --signature 'https://github.com/charmbracelet/gum/releases/download/v0.16.0/checksums.txt.sig' \
  ./checksums.txt

If the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:

sha256sum --ignore-missing -c checksums.txt

Done! You artifacts are now verified!

... (truncated)

Commits

• 0d116b8 chore(deps): bump golang.org/x/text from 0.22.0 to 0.23.0 (#868)
• 204d219 fix(choose): order when using --label-delimiter (#867)
• dbac6a8 chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.3 to 1.3.4 (#866)
• db86a90 chore(deps): bump github.com/muesli/termenv (#865)
• 85a2980 fix: wildcard escaping issue (#862)
• 9f503f5 chore(deps): bump github.com/alecthomas/kong from 1.8.0 to 1.8.1 (#861)
• 308d86b chore(nix): update version and vendor hash (#859)
• a3975b7 ci: sync dependabot config (#856)
• 25c40f5 ci: sync dependabot config (#855)
• 24fa527 chore(deps): bump github.com/charmbracelet/bubbletea from 1.3.2 to 1.3.3 (#854)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)