chore(deps): bump github.com/twmb/franz-go from 1.20.6 to 1.20.7

[dependabot]

Bumps github.com/twmb/franz-go from 1.20.6 to 1.20.7.

Changelog

Sourced from github.com/twmb/franz-go's changelog.

v1.20.7

This patch release fixes numerous niche bugs - some user reported, some found while investigating other things - contains a few behavior improvements, extensive kfake additions, and many test additions / improvements.

There have been extensive additions to kfake over the course of the past month; kfake now supports transactions, the next generation consumer group protocol, and more Kafka APIs. franz-go integration tests now run and pass against kfake in CI.

Testing has further been extensively improved: integration tests now run against the latest patch version of Kafka for all major Kafka versions going back to 0.11.0. The existing test suite has been extended to run while opting into the next generation consumer group. An integration test against Kerberos has been added. For ~roughly the past year (maybe half year), all bugs found have had regression tests added in kfake. This release massively extends the kfake test suite -- both with behavior tests that were ported via Claude directly to franz-go (with license attribution!) and with behavior tests that Claude generated specifically for kfake.

The "next generation" (KIP-848) consumer group code in franz-go itself has some improvements. These improvements were found after adding 848 code to kfake, which allowed for much faster integration test looping. This looping was still very slow for what it's worth; towards the end, integration tests would pass ~40+ times with race mode over the course of two hours before failing once. Claude was instrumental with adding appropriate log lines and tracing logs for diagnosing extremely niche failures; things also got slower when a few specific log lines that would've helped weren't added the first time...

Anyway,

Bug fixes

• Returns from PollRecords / PollFetches that contained ONLY an error (context cancellation or something) previously did not block rebalances, even if you opted into BlockRebalanceOnPoll.

• If, while idempotently producing, the client encountered TIMED_OUT while producing (retryable), the client considered this a "we definitively did not produce" state, and allowed you to cancel the records. Well, maybe the records actually did get produced broker side eventually, and now you re-produce new records - the NEW records could be "deduplicated" due to how idempotency works. This one is a bit niche, if you're interested, you should read #1217 and the two PRs that address it.

• My original implementation of how Kerberos handled authentication was correct... for the time. I missed how it should have been touched up years ago and now 4.0 hard deprecates the old auth flow. So, that's been found,

... (truncated)

Commits

• ae75cac Merge pull request #1258 from twmb/cl
• fd4189c Merge pull request #1259 from twmb/kfake_again
• 1dc1b71 kfake: bump group epoch on topic change to ensure assignment resend
• 60adeb2 changelog: note incoming v1.20.7
• 175c77f Merge pull request #1257 from twmb/examples
• 84bc833 examples: add testing with kfake example
• 6999fb8 Merge pull request #1236 from twmb/1195
• dba723b Merge pull request #1256 from twmb/kfake
• 764eb29 kgo: unlinger partitions in ProduceSync to avoid linger delay
• 4f75931 kfake: fix KIP-848 topic change notification race
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[PaxMachinaOne]

Looks good — checks are green.