build(deps): Bump github.com/bufbuild/buf from 1.9.0 to 1.67.0

[dependabot]

Bumps github.com/bufbuild/buf from 1.9.0 to 1.67.0.

Release notes

Sourced from github.com/bufbuild/buf's releases.

v1.67.0

• Fix LSP not skipping buf.build/docs links for lint rules from check plugins and policies.
• Fix buf dep graph --format json silently dropping dependencies when a dependency was already seen.
• Add support for --rbs_out as a protoc_builtin plugin (requires protoc v34.0+).
• Add relevant links from CEL LSP hover documentation to either <celbyexample.com> or <protovalidate.com>
• Add OpenBSD and FreeBSD release binaries for amd64 and arm64.
• Skip writing unchanged output files in buf generate to preserve modification times
• Update buf beta registry plugin delete to prompt the user for deletion, matching the UX of the other deletion commands. Use --force to restore the old behavior.

v1.66.1

• Fix exclude_types in buf generate dropping transitive dependencies of import files retained for their extension fields.

v1.66.0

• Add LSP comment ignore code action to add comment ignores for lint errors.
• Fix buf breaking module comparison when adding new modules.
• Add LSP hover support for protovalidate CEL expressions.
• Fixed offset handling in CEL semantic tokens for non-ASCII content and proto escape sequences in multi-line string literal expressions.
• Improve URI normalization for the LSP.

v1.65.0

• Add buf registry policy {commit,create,delete,info,label,settings} commands to manage BSR policies.
• Add LSP deprecate code action to add the deprecated option on types and symbols.
• Fix import LSP document link to not include import keyword.
• Update PROTOVALIDATE lint rule to support checking unenforceable required rules on repeated.items, map.keys and map.values.
• Add buf source edit deprecate command to deprecate types by setting the deprecate = true option.

v1.64.0

• Fix LSP completion for options.
• Add LSP document highlighting support.
• Add LSP completion for fully-qualified type references.
• Improve LSP semantic tokens implementation (for syntax highlighting).
• Add LSP organize imports code action to add missing imports, remove unused imports, and sort imports alphabetically.
• Add LSP document link support.
• Add LSP folding range support.
• Update PROTOVALIDATE lint rule to support checking cel_expression fields for valid CEL.

v1.63.0

• Update PROTOVALIDATE lint rule to support field mask rules.
• Add LSP completion for field numbers.

v1.62.1

• Fix default behavior for swift_prefix to remain unset when no override is provided in managed mode.

v1.62.0

• Add swift_prefix to managed mode.
• Add textDocument/rename and textDocument/prepareRename support for buf lsp serve.
• Fix panic in LSP for empty option paths.
• Fix support for multi-arch image manifests for buf beta registry plugin push.

v1.61.0

... (truncated)

Changelog

Sourced from github.com/bufbuild/buf's changelog.

[v1.67.0] - 2026-04-01

• Fix LSP not skipping buf.build/docs links for lint rules from check plugins and policies.
• Fix buf dep graph --format json silently dropping dependencies when a dependency was already seen.
• Add support for --rbs_out as a protoc_builtin plugin (requires protoc v34.0+).
• Add relevant links from CEL LSP hover documentation to either <celbyexample.com> or <protovalidate.com>
• Add OpenBSD and FreeBSD release binaries for amd64 and arm64.
• Skip writing unchanged output files in buf generate to preserve modification times
• Update buf beta registry plugin delete to prompt the user for deletion, matching the UX of the other deletion commands. Use --force to restore the old behavior.

[v1.66.1] - 2026-03-09

• Fix exclude_types in buf generate dropping transitive dependencies of import files retained for their extension fields.

[v1.66.0] - 2026-02-23

• Add LSP comment ignore code action to add comment ignores for lint errors.
• Fix buf breaking module comparison when adding new modules.
• Add LSP hover support for protovalidate CEL expressions.
• Fixed offset handling in CEL semantic tokens for non-ASCII content and proto escape sequences in multi-line string literal expressions.
• Improve URI normalization for the LSP.

[v1.65.0] - 2026-02-03

• Add buf registry policy {commit,create,delete,info,label,settings} commands to manage BSR policies.
• Add LSP deprecate code action to add the deprecated option on types and symbols.
• Fix import LSP document link to not include import keyword.
• Update PROTOVALIDATE lint rule to support checking unenforceable required rules on repeated.items, map.keys and map.values.
• Add buf source edit deprecate command to deprecate types by setting the deprecate = true option.

[v1.64.0] - 2026-01-19

• Fix LSP completion for options.
• Add LSP document highlighting support.
• Add LSP completion for fully-qualified type references.
• Improve LSP semantic tokens implementation (for syntax highlighting).
• Add LSP organize imports code action to add missing imports, remove unused imports, and sort imports alphabetically.
• Add LSP document link support.
• Add LSP folding range support.
• Update PROTOVALIDATE lint rule to support checking cel_expression fields for valid CEL.

[v1.63.0] - 2026-01-06

• Update PROTOVALIDATE lint rule to support field mask rules.
• Add LSP completion for field numbers.

[v1.62.1] - 2025-12-29

... (truncated)

Commits

• 92a0237 Release v1.67.0 (#4426)
• 1b674f6 Revert "Use overlay bucket on buf.lock updates" (#4424)
• 88cea79 Skip adding links in LSP diagnostics for check plugins / policies (#4423)
• ece705f Add a prompt to buf beta registry plugin delete (#4421)
• d64c589 Implement smart clean (#4413)
• 725a0cf Set CHANGELOG gitattributes to union merge (#4420)
• ac1e8e4 Add release binaries for FreeBSD / OpenBSD (#4401)
• 540c848 Fix buf dep graph --format json silently dropping dependencies (#4419)
• 9c513a2 Upgrade buf.build/go/standard to latest main (#4414)
• a63b4cb Bump golangci-lint to latest and fix issues (#4410)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Medium Risk
Large dependency and toolchain bump (including go version and grpc/x/* libs) may introduce build or compatibility issues across the repo despite no direct code changes.

Overview
Updates the project’s Go module configuration by bumping github.com/bufbuild/buf from v1.9.0 to v1.67.0 and refreshing go.sum accordingly.

Also raises the module go version from 1.18 to 1.25.7 and upgrades several core dependencies (notably google.golang.org/grpc, golang.org/x/*, cobra, testify, uuid), pulling in a substantial set of new indirect requirements (e.g., ConnectRPC/CEL/OpenTelemetry-related packages).

^{Reviewed by Cursor Bugbot for commit e89645a. Bugbot is set up for automated code reviews on this repo. Configure here.}

[dependabot]

Labels

The following labels could not be found: S:automerge, T:dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.