build(deps): bump github.com/zclconf/go-cty from 1.13.1 to 1.14.4

[dependabot]

Bumps github.com/zclconf/go-cty from 1.13.1 to 1.14.4.

Release notes

Sourced from github.com/zclconf/go-cty's releases.

v1.13.2

• cty: IndexStep.Apply will no longer panic if given a marked collection to traverse through. (#160).

Changelog

Sourced from github.com/zclconf/go-cty's changelog.

1.14.4 (March 20, 2024)

• msgpack: Now uses string encoding instead of float encoding for a whole number that is too large to fit in any of MessagePack's integer types.
• function/stdlib: Type conversion functions (constructed with MakeToFunc) can now convert null values of unknown type into null values of the target type, rather than returning an unknown value in that case.
• json: Will now correctly reject attempts to encode cty.DynamicVal, whereas before it would just produce an invalid JSON document without any error. (This is invalid because JSON encoding cannot support unknown values at all; cty.DynamicVal is a special case of unknown value where even the type isn't known.)

1.14.3 (February 29, 2024)

• msgpack: Fixed edge-case bug that could cause loss of floating point precision when round-tripping due to incorrectly using a MessagePack integer to represent a large non-integral number. #176
• cty: Fixed some false-negative numeric equality test results by comparing numbers as integers when possible. #176

1.14.2 (January 23, 2024)

• convert: Converting from an unknown map value to an object type now correctly handles the situation where the map element type disagrees with an optional attribute of the target type, since when a map value is unknown we don't yet know which keys it has and thus cannot predict what subset of the elements will get converted as attributes in the resulting object. (#175)

1.14.1 (October 5, 2023)

• cty: It's now valid to use the Refine method on cty.DynamicVal, although all refinements will be silently discarded. This replaces the original behavior of panicking when trying to refine cty.DynamicVal.

• cty: Value.Range will now return a clearer panic message if called on a marked value. The "value range" concept is only applicable to unmarked values because not all of the ValueRange functions are able to propagate marks into their return values, due to returning Go primitive types instead of new cty.Value results.

  Callers that use marks must, as usual, take care to unmark them before exporting values into "normal" Go types, and then explicitly re-apply the marks to their result as appropriate. Applications that make no use of value marks, and library callers that exclude marked values from what they support, can safely ignore this requirement.

1.14.0 (August 30, 2023)

This release updates the supported version of Unicode from Unicode 13 to Unicode 15. This is a backwards-compatible change that means that cty supports normalization and segmentation of strings containing new Unicode characters. The algorithms for normalization and segmentation themselves are unchanged.

If you use cty in an application that cares about consistent Unicode support, you should upgrade to Go 1.21 at the same time as updating to cty v1.14, because that will then also update the Unicode tables embedded in the Go standard library (used for case folding, etc).

• cty: The cty.String type will now normalize incoming string values using the Unicode 15 normalization rules.
• function/stdlib: The various string functions which split strings into individual characters as part of their work will now use the Unicode 15 version of the text segmentation algorithm to do so.

1.13.3 (August 24, 2023)

• msgpack: As a compromise to avoid unbounded memory usage for a situation that some callers won't take advantage of anyway, the MessagePack decoder has a maximum length limit on encoded unknown value refinements. For consistency, the encoder will now truncate string prefix refinements if necessary to avoid making the encoded refinements too long. (#167)

  This is consistent with the documented conventions for serializing refinements -- that we can potentially lose detail through serialization -- but in this case we are still able to preserve shorter string prefixes, whereas other serializations tend to just discard refinement information altogether.

1.13.2 (May 22, 2023)

• cty: IndexStep.Apply will no longer panic if given a marked collection to traverse through. (#160).

Commits

• 74286a8 v1.14.4 release
• 4a34c33 json: Refuse to encode cty.DynamicVal
• 4b76b75 stdlib: Conversion functions can accept unknown-typed nulls
• f41ae52 msgpack: Never marshal integers as MessagePack float
• 0e3c880 functions: lookup third argument is not optional
• a0c3e7b Prepare for possible future 1.14.4 release
• 304e4a8 v1.14.3 release
• 50ce6d3 Update CHANGELOG.md
• 1e9442d don't use compact floats in msgpack
• a0315a5 Use integer comparison for equality
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

KICS version: v2.0.0

Category Results CRITICAL 0 HIGH 1 MEDIUM 0 LOW 1 INFO 0 TRACE 0 TOTAL 2	Metric Values Files scanned 1 Files parsed 1 Files failed to scan 0 Total executed queries 48 Queries failed to execute 0 Execution time 0