Bump github.com/cloudflare/circl from 1.4.0 to 1.5.0

[dependabot[bot]]

Bumps github.com/cloudflare/circl from 1.4.0 to 1.5.0.

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.5.0

New: ML-DSA, Module-Lattice-based Digital Signature Algorithm.

What's Changed

• kem: add X25519MLKEM768 TLS hybrid KEM by @​bwesterb in cloudflare/circl#510
• Create semgrep.yml by @​hrushikeshdeshpande in cloudflare/circl#514
• repo: Some fixes reported by CodeQL by @​armfazh in cloudflare/circl#515
• Add ML-DSA (FIPS204) by @​bwesterb in cloudflare/circl#480
• sign/mldsa: Add test for ML-DSA signature verification. by @​armfazh in cloudflare/circl#517
• Release v1.5.0 by @​armfazh in cloudflare/circl#518

New Contributors

• @​hrushikeshdeshpande made their first contribution in cloudflare/circl#514

Full Changelog: https://github.com/cloudflare/circl/compare/v1.4.0...v1.5.0

Commits

• 1310edf Release v1.5.0
• 0246d59 Add test for ML-DSA signature verification.
• e2bbd01 Add ML-DSA (FIPS204) (#480)
• 2ba992f Reverting arm64 jobs since qemu can't run go1.23 binaries yet.
• ab15f82 Updates golangci-lint to v1.61.0 and fixes code.
• 064a9ba Bump to go1.22 inner files and ci jobs.
• 7040592 Adding semgrepignore to also analyse test files.
• 51a9a33 Update semgrep.yml
• cfbc696 Create semgrep.yml
• 2d6cd98 kem: add X25519MLKEM768 TLS hybrid KEM
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[RPRX]

这个库好像也需要 Go 1.22 了

[RPRX]

大概在 v25 丢掉 win7 支持

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.