{"id":12428,"name":"github.com/go-chi/chi/v5","ecosystem":"go","repository_url":"https://github.com/go-chi/chi","issues_count":1782,"created_at":"2025-06-06T23:15:45.236Z","updated_at":"2025-06-06T23:15:45.236Z","purl":"pkg:golang/github.com/go-chi/chi/v5","metadata":{"id":3877254,"name":"github.com/go-chi/chi/v5","ecosystem":"go","description":"Package chi is a small, idiomatic and composable router for building HTTP services.\n\nchi requires Go 1.14 or newer.\n\nExample:\n\nSee github.com/go-chi/chi/_examples/ for more in-depth examples.\n\nURL patterns allow for easy matching of path components in HTTP\nrequests. The matching components can then be accessed using\nchi.URLParam(). All patterns must begin with a slash.\n\nA simple named placeholder {name} matches any sequence of characters\nup to the next / or the end of the URL. Trailing slashes on paths must\nbe handled explicitly.\n\nA placeholder with a name followed by a colon allows a regular\nexpression match, for example {number:\\\\d+}. The regular expression\nsyntax is Go's normal regexp RE2 syntax, except that regular expressions\nincluding { or } are not supported, and / will never be\nmatched. An anonymous regexp pattern is allowed, using an empty string\nbefore the colon in the placeholder, such as {:\\\\d+}\n\nThe special placeholder of asterisk matches the rest of the requested\nURL. Any trailing characters in the pattern are ignored. This is the only\nplaceholder which will match / characters.\n\nExamples:","homepage":"https://github.com/go-chi/chi","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/go-chi/chi","keywords_array":[],"namespace":"github.com/go-chi/chi","versions_count":18,"first_release_published_at":"2021-02-28T00:11:55.000Z","latest_release_published_at":"2025-01-20T20:41:44.000Z","latest_release_number":"v5.2.1","last_synced_at":"2025-06-06T12:07:53.474Z","created_at":"2022-04-11T22:48:52.928Z","updated_at":"2025-06-06T12:07:53.474Z","registry_url":"https://pkg.go.dev/github.com/go-chi/chi/v5","install_command":"go get github.com/go-chi/chi/v5","documentation_url":"https://pkg.go.dev/github.com/go-chi/chi/v5#section-documentation","metadata":{},"repo_metadata":{"uuid":"44344606","full_name":"go-chi/chi","owner":"go-chi","description":"lightweight, idiomatic and composable router for building Go HTTP services","archived":false,"fork":false,"pushed_at":"2023-03-08T19:25:02.000Z","size":3718,"stargazers_count":13683,"open_issues_count":42,"forks_count":869,"subscribers_count":195,"default_branch":"master","last_synced_at":"2023-03-21T19:04:52.447Z","etag":null,"topics":["api","context","go","golang","http","microservices","middleware","rest-api","router"],"latest_commit_sha":null,"homepage":"https://go-chi.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"logo_url":null,"metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":["pkieltyka"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2015-10-15T20:46:29.000Z","updated_at":"2023-03-21T19:04:52.448Z","dependencies_parsed_at":"2022-07-14T09:22:32.699Z","dependency_job_id":null,"html_url":"https://github.com/go-chi/chi","commit_stats":null,"repository_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-chi%2Fchi","tags_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-chi%2Fchi/tags","manifests_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-chi%2Fchi/manifests","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/go-chi","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":108921946,"host_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names"},"owner_record":{"login":"go-chi","name":"go-chi","uuid":"29575368","kind":"organization","description":"","email":null,"website":null,"location":null,"twitter":null,"company":null,"avatar_url":"https://avatars.githubusercontent.com/u/29575368?v=4","repositories_count":17,"last_synced_at":"2023-02-26T15:55:10.593Z","metadata":{"has_sponsors_listing":false},"owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/go-chi"},"tags":[{"name":"v5.0.8","sha":"da69873df486639c64f3b1f90abf69c943c17554","kind":"commit","published_at":"2022-12-07T13:23:23.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v5.0.8","html_url":"https://github.com/go-chi/chi/releases/tag/v5.0.8"},{"name":"v5.0.7","sha":"0316d5a1df8598eceb137f5f77945be56810b564","kind":"commit","published_at":"2021-11-18T21:56:43.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v5.0.7","html_url":"https://github.com/go-chi/chi/releases/tag/v5.0.7"},{"name":"v5.0.6","sha":"66d6a4d9814d8d8a3816c730e18f5219f263412b","kind":"commit","published_at":"2021-11-15T21:30:54.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v5.0.6","html_url":"https://github.com/go-chi/chi/releases/tag/v5.0.6"},{"name":"v5.0.5","sha":"b9a8b9d0a092f57ce4ca3896c40ea36e482c9b6c","kind":"commit","published_at":"2021-10-27T11:12:23.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v5.0.5","html_url":"https://github.com/go-chi/chi/releases/tag/v5.0.5"},{"name":"v5.0.4","sha":"181551d0e5acd337ac7be6f4b7f71e9151c969dc","kind":"commit","published_at":"2021-08-29T14:34:40.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v5.0.4","html_url":"https://github.com/go-chi/chi/releases/tag/v5.0.4"},{"name":"v5.0.3","sha":"f16f8704ccc32f63fbc20eb364c41050cf339860","kind":"commit","published_at":"2021-04-29T22:40:05.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v5.0.3","html_url":"https://github.com/go-chi/chi/releases/tag/v5.0.3"},{"name":"v5.0.2","sha":"2283e4951adbd82c8f6427117bd6b2a1c315e725","kind":"commit","published_at":"2021-03-25T13:04:21.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v5.0.2","html_url":"https://github.com/go-chi/chi/releases/tag/v5.0.2"},{"name":"v5.0.1","sha":"5086f887c59f4c582f871e1de651b6e62e51c377","kind":"commit","published_at":"2021-03-10T12:43:23.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v5.0.1","html_url":"https://github.com/go-chi/chi/releases/tag/v5.0.1"},{"name":"v5.0.0","sha":"fe3708ee6c7bf30623c33ca1b8005182c392ff3f","kind":"commit","published_at":"2021-02-28T00:11:55.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v5.0.0","html_url":"https://github.com/go-chi/chi/releases/tag/v5.0.0"},{"name":"v1.5.4","sha":"c9e87efe9691a63d6a89de8bbd16b04fe4d6640e","kind":"commit","published_at":"2021-02-27T20:52:54.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v1.5.4","html_url":"https://github.com/go-chi/chi/releases/tag/v1.5.4"},{"name":"v1.5.3","sha":"7ea741287f73376032e7d4fee8fd6e371313bfa7","kind":"commit","published_at":"2021-02-21T20:28:20.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v1.5.3","html_url":"https://github.com/go-chi/chi/releases/tag/v1.5.3"},{"name":"v1.5.2","sha":"e3bfca4f25703c66c9347e2a430dd88e3198b5f7","kind":"commit","published_at":"2021-02-10T19:44:42.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v1.5.2","html_url":"https://github.com/go-chi/chi/releases/tag/v1.5.2"},{"name":"v1.5.1","sha":"f61ec8cf7c33c662ca78b6b2aac0e68f4729dfd6","kind":"commit","published_at":"2020-12-06T18:50:37.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v1.5.1","html_url":"https://github.com/go-chi/chi/releases/tag/v1.5.1"},{"name":"v1.5.0","sha":"b6287654fc97544b16619d9c6284b0d90d6b2289","kind":"commit","published_at":"2020-11-12T22:54:47.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v1.5.0","html_url":"https://github.com/go-chi/chi/releases/tag/v1.5.0"},{"name":"v4.1.2","sha":"86f9a6e7ce9bf453eaa339b51f88f586edbccbc1","kind":"commit","published_at":"2020-06-02T19:02:25.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v4.1.2","html_url":"https://github.com/go-chi/chi/releases/tag/v4.1.2"},{"name":"v4.1.1","sha":"1fafc30c1d76663042337e150b02fbacdce3466c","kind":"commit","published_at":"2020-04-16T12:17:06.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v4.1.1","html_url":"https://github.com/go-chi/chi/releases/tag/v4.1.1"},{"name":"v4.1.0","sha":"183768ed5df7d0b039500727c380bfbaf9229c81","kind":"commit","published_at":"2020-04-01T19:42:39.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v4.1.0","html_url":"https://github.com/go-chi/chi/releases/tag/v4.1.0"},{"name":"v4.0.4","sha":"1f2d16707ca3418c2bd151747b5059387fa088ba","kind":"commit","published_at":"2020-03-24T15:11:21.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v4.0.4","html_url":"https://github.com/go-chi/chi/releases/tag/v4.0.4"},{"name":"v4.0.3","sha":"2db61557f36b2f4caa20ce6ef50e98bac0f7fce5","kind":"commit","published_at":"2020-01-09T22:01:35.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v4.0.3","html_url":"https://github.com/go-chi/chi/releases/tag/v4.0.3"},{"name":"v4.0.2","sha":"da24bba8dcd4021cafac38724bf10dccc97c3e36","kind":"commit","published_at":"2019-02-26T16:20:03.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v4.0.2","html_url":"https://github.com/go-chi/chi/releases/tag/v4.0.2"},{"name":"v4.0.1","sha":"1a6bb108ccf279c8dac6f9bad857d773b4f9b421","kind":"commit","published_at":"2019-01-17T22:35:40.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v4.0.1","html_url":"https://github.com/go-chi/chi/releases/tag/v4.0.1"},{"name":"v4.0.0","sha":"e95203758b2a6ec24a8e97124d5719ffe5ec1374","kind":"commit","published_at":"2019-01-10T15:56:14.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v4.0.0","html_url":"https://github.com/go-chi/chi/releases/tag/v4.0.0"},{"name":"v3.3.4","sha":"08d9051ef6546d57c5dca8eae13e6df362e2d568","kind":"commit","published_at":"2019-01-08T01:17:51.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.3.4","html_url":"https://github.com/go-chi/chi/releases/tag/v3.3.4"},{"name":"v3.3.3","sha":"b5294d10673813fac8558e7f47242bc9e61b4c25","kind":"commit","published_at":"2018-08-27T20:34:43.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.3.3","html_url":"https://github.com/go-chi/chi/releases/tag/v3.3.3"},{"name":"v3.3.2","sha":"e83ac2304db3c50cf03d96a2fcd39009d458bc35","kind":"commit","published_at":"2017-12-22T16:11:33.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.3.2","html_url":"https://github.com/go-chi/chi/releases/tag/v3.3.2"},{"name":"v3.3.1","sha":"687d2792aedd8e8ac3bbd8592cf55b91d7ea8ce9","kind":"commit","published_at":"2017-11-20T15:19:03.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.3.1","html_url":"https://github.com/go-chi/chi/releases/tag/v3.3.1"},{"name":"v3.3.0","sha":"f7c66f685bcab06bcce78ac212c5f3553c063d19","kind":"commit","published_at":"2017-10-10T22:11:38.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.3.0","html_url":"https://github.com/go-chi/chi/releases/tag/v3.3.0"},{"name":"v3.2.1","sha":"04ec7fc4179604b2390947258f9143eaae23b596","kind":"commit","published_at":"2017-09-01T02:07:29.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.2.1","html_url":"https://github.com/go-chi/chi/releases/tag/v3.2.1"},{"name":"v3.2.0","sha":"ba73ba0623af32e4e5f09880177e73bd78d98852","kind":"commit","published_at":"2017-08-22T17:58:43.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.2.0","html_url":"https://github.com/go-chi/chi/releases/tag/v3.2.0"},{"name":"v3.1.5","sha":"25354a53cca531cb2efd3f1d3c565d90ff04d802","kind":"commit","published_at":"2017-08-02T21:27:05.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.1.5","html_url":"https://github.com/go-chi/chi/releases/tag/v3.1.5"},{"name":"v3.1.4","sha":"b8567b6442e27704bfeb725095091581cbe82a00","kind":"commit","published_at":"2017-07-27T15:16:01.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.1.4","html_url":"https://github.com/go-chi/chi/releases/tag/v3.1.4"},{"name":"v3.1.3","sha":"524a020446146841512dd1639e736422e7af53a4","kind":"commit","published_at":"2017-07-25T17:24:32.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.1.3","html_url":"https://github.com/go-chi/chi/releases/tag/v3.1.3"},{"name":"v3.1.2","sha":"7e6b856011d49775bb45d829339287a416a85f66","kind":"commit","published_at":"2017-07-24T20:38:22.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.1.2","html_url":"https://github.com/go-chi/chi/releases/tag/v3.1.2"},{"name":"v3.1.1","sha":"12a98d329f12aac9e94b72c713437350c948a5e2","kind":"commit","published_at":"2017-07-21T14:22:28.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.1.1","html_url":"https://github.com/go-chi/chi/releases/tag/v3.1.1"},{"name":"v3.1.0","sha":"08660a0ad10a8fa7beab3ad43afe66373d49d06a","kind":"commit","published_at":"2017-07-10T19:19:16.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.1.0","html_url":"https://github.com/go-chi/chi/releases/tag/v3.1.0"},{"name":"v3.0.0","sha":"967844826e58cf31213a7dfb82455d242ad85101","kind":"commit","published_at":"2017-06-21T19:28:24.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v3.0.0","html_url":"https://github.com/go-chi/chi/releases/tag/v3.0.0"},{"name":"v2.1.0","sha":"e6033ea75479391a4bce3918fc119cad31e1cb30","kind":"commit","published_at":"2017-03-30T18:41:17.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v2.1.0","html_url":"https://github.com/go-chi/chi/releases/tag/v2.1.0"},{"name":"v2.0.0","sha":"54f435d539226571eab1987ed862b1c0fdfdc892","kind":"commit","published_at":"2017-01-06T20:47:52.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v2.0.0","html_url":"https://github.com/go-chi/chi/releases/tag/v2.0.0"},{"name":"v1.0.0","sha":"dcbb8f81eea01aaaa5b6f9bffc229e9e9e0256bb","kind":"commit","published_at":"2016-06-22T21:59:16.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v1.0.0","html_url":"https://github.com/go-chi/chi/releases/tag/v1.0.0"},{"name":"v0.9.0","sha":"c420d7fbf4428b27e31d83591e5e2267d84f9f20","kind":"commit","published_at":"2016-03-31T13:51:57.000Z","download_url":"https://codeload.github.com/go-chi/chi/tar.gz/v0.9.0","html_url":"https://github.com/go-chi/chi/releases/tag/v0.9.0"}]},"repo_metadata_updated_at":"2023-03-21T19:11:34.671Z","dependent_packages_count":6010,"downloads":null,"downloads_period":null,"dependent_repos_count":8374,"rankings":{"downloads":null,"dependent_repos_count":0.08548533677487893,"dependent_packages_count":0.061209161040265254,"stargazers_count":0.5140532083974819,"forks_count":0.9126389655444295,"docker_downloads_count":0.18186382932811015,"average":0.35105010021703315},"purl":"pkg:golang/github.com/go-chi/chi/v5","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/go-chi/chi/v5","docker_dependents_count":1920,"docker_downloads_count":1239120578,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/go-chi/chi/v5","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/go-chi/chi/v5/dependencies","status":null,"funding_links":["https://github.com/sponsors/pkieltyka"],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgo-chi%2Fchi%2Fv5/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgo-chi%2Fchi%2Fv5/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgo-chi%2Fchi%2Fv5/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fgo-chi%2Fchi%2Fv5/related_packages","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":1882895,"maintainers_count":0,"namespaces_count":723926,"keywords_count":97872,"github":"golang","metadata":{"funded_packages_count":39346},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2025-06-06T05:22:27.920Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},"unique_repositories_count":1272,"unique_repositories_count_past_30_days":36,"recent_issues":[{"uuid":"4601507916","node_id":"PR_kwDOSZJ_Ts7jVegq","number":36,"state":"closed","title":"build(deps): bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0 in /backend","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-06T11:05:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-06T02:28:24.000Z","updated_at":"2026-06-06T11:05:28.000Z","time_to_close":31015,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":"/backend","ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/kerti/balances-v2/pull/36","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kerti%2Fbalances-v2/issues/36","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/36/packages"},{"uuid":"4584174629","node_id":"PR_kwDOSHEj7M7icVQQ","number":38,"state":"open","title":"deps(go): bump the go-minor-patch group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T22:37:11.000Z","updated_at":"2026-06-03T22:51:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(go): bump","group_name":"go-minor-patch","update_count":7,"packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/gotd/td","old_version":"0.143.0","new_version":"0.145.1","repository_url":"https://github.com/gotd/td"},{"name":"github.com/jackc/pgx/v5","old_version":"5.9.2","new_version":"5.10.0","repository_url":"https://github.com/jackc/pgx"},{"name":"github.com/pressly/goose/v3","old_version":"3.27.0","new_version":"3.27.1","repository_url":"https://github.com/pressly/goose"},{"name":"go.uber.org/zap","old_version":"1.27.1","new_version":"1.28.0","repository_url":"https://github.com/uber-go/zap"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-minor-patch group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/gotd/td](https://github.com/gotd/td) | `0.143.0` | `0.145.1` |\n| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.2` | `5.10.0` |\n| [github.com/pressly/goose/v3](https://github.com/pressly/goose) | `3.27.0` | `3.27.1` |\n| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` |\n\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gotd/td` from 0.143.0 to 0.145.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gotd/td/releases\"\u003egithub.com/gotd/td's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.145.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump the golang group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1714\"\u003egotd/td#1714\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(updates): prevent deadlock when relaying channel difference by \u003ca href=\"https://github.com/ernado\"\u003e\u003ccode\u003e@​ernado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1716\"\u003egotd/td#1716\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(proto): validate plaintext message length before allocation by \u003ca href=\"https://github.com/expary\"\u003e\u003ccode\u003e@​expary\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1717\"\u003egotd/td#1717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/ogen-go/ogen from 1.19.0 to 1.20.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1702\"\u003egotd/td#1702\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expary\"\u003e\u003ccode\u003e@​expary\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1717\"\u003egotd/td#1717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gotd/td/compare/v0.145.0...v0.145.1\"\u003ehttps://github.com/gotd/td/compare/v0.145.0...v0.145.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.145.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump github.com/rogpeppe/go-internal from 1.14.1 to 1.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1713\"\u003egotd/td#1713\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the opentelemetry group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1712\"\u003egotd/td#1712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Telegram schema to the latest layer by \u003ca href=\"https://github.com/gotd-bot\"\u003e\u003ccode\u003e@​gotd-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1710\"\u003egotd/td#1710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/tools from 0.44.0 to 0.45.0 in /_tools in the golang group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1709\"\u003egotd/td#1709\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the golang group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1703\"\u003egotd/td#1703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add markdown parser by \u003ca href=\"https://github.com/ernado\"\u003e\u003ccode\u003e@​ernado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1715\"\u003egotd/td#1715\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gotd/td/compare/v0.144.0...v0.145.0\"\u003ehttps://github.com/gotd/td/compare/v0.144.0...v0.145.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.144.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump the opentelemetry group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1701\"\u003egotd/td#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Telegram schema to the latest layer by \u003ca href=\"https://github.com/gotd-bot\"\u003e\u003ccode\u003e@​gotd-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1708\"\u003egotd/td#1708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1707\"\u003egotd/td#1707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump go.uber.org/zap from 1.27.1 to 1.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1706\"\u003egotd/td#1706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump tibdex/github-app-token from 1 to 2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1705\"\u003egotd/td#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/tools from 0.43.0 to 0.44.0 in /_tools in the golang group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1704\"\u003egotd/td#1704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gotd/td/compare/v0.143.0...v0.144.0\"\u003ehttps://github.com/gotd/td/compare/v0.143.0...v0.144.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/c540a4d2ff90b7343abf3bed624646d4489f7d3e\"\u003e\u003ccode\u003ec540a4d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gotd/td/issues/1702\"\u003e#1702\u003c/a\u003e from gotd/dependabot/go_modules/github.com/ogen-go/o...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/8d3da9e928e8c855bd87c37411b9aeb4e93428a2\"\u003e\u003ccode\u003e8d3da9e\u003c/code\u003e\u003c/a\u003e test(updates): fix flaky e2e recovery race\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/b31d5e42f2aed12a88f08a583f6e8d50a607ff7c\"\u003e\u003ccode\u003eb31d5e4\u003c/code\u003e\u003c/a\u003e chore(gen): upd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/c1ff29c03631c657bb6b86b9dc44b01040511d8a\"\u003e\u003ccode\u003ec1ff29c\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/ogen-go/ogen from 1.19.0 to 1.20.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/9961f4ef098defcc5f67eac487f45b162b281bfe\"\u003e\u003ccode\u003e9961f4e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gotd/td/issues/1717\"\u003e#1717\u003c/a\u003e from expary/fix/unencrypted-message-length-validation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/9d5d1f31ea5022d9798d84ccce15de2e91ba6baa\"\u003e\u003ccode\u003e9d5d1f3\u003c/code\u003e\u003c/a\u003e fix(proto): validate plaintext message length before allocation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/83879426c1dce45fba83c5eacb10285155fd9a78\"\u003e\u003ccode\u003e8387942\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gotd/td/issues/1716\"\u003e#1716\u003c/a\u003e from gotd/fix/updates-channel-deadlock\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/daca24ff1684899c573a9f95ba7d091967a8afad\"\u003e\u003ccode\u003edaca24f\u003c/code\u003e\u003c/a\u003e fix(updates): prevent deadlock when relaying channel difference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/667bb7ab02416f55b302f82192940cc3367cdb20\"\u003e\u003ccode\u003e667bb7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gotd/td/issues/1714\"\u003e#1714\u003c/a\u003e from gotd/dependabot/go_modules/golang-688b8efcb6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/6540c6916254541390769d1e5ea12aabae324ce8\"\u003e\u003ccode\u003e6540c69\u003c/code\u003e\u003c/a\u003e chore(deps): bump the golang group across 1 directory with 3 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gotd/td/compare/v0.143.0...v0.145.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/master/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v5's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.10.0 (June 3, 2026)\u003c/h1\u003e\n\u003cp\u003eThis release includes a significant amount of hardening against malicious or compromised PostgreSQL servers,\ncontributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled\nmessage sizes, caps server-supplied SCRAM iteration counts, adds \u003ccode\u003erequire_auth\u003c/code\u003e to restrict which authentication\nmethods a server may use (mitigating downgrade attacks under \u003ccode\u003esslmode=prefer\u003c/code\u003e), and ensures cancellation requests are\nsent over TLS when the original connection used TLS.\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003erequire_auth\u003c/code\u003e to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eParseConfigOptions.ConnStringAllowedKeys\u003c/code\u003e to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eStructArgs\u003c/code\u003e and \u003ccode\u003eStrictStructArgs\u003c/code\u003e for \u003ccode\u003e@\u003c/code\u003e-named queries (Tubelight30)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eErrConnClosed\u003c/code\u003e sentinel error and unwrap it from \u003ccode\u003econnLockError\u003c/code\u003e (Charlie Tonneslan)\u003c/li\u003e\n\u003cli\u003epgxpool: check if connection is expired before acquire (arthurdotwork)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity Hardening\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEncrypt \u003ccode\u003eCancelRequest\u003c/code\u003e connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eCap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eDefault Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eBound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eBound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eBound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eBound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eDocument secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eFix panic on malformed geometric text; return an error instead (MaIII)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix scanning \u003ccode\u003e\u0026quot;char\u0026quot;\u003c/code\u003e (OID 18) into \u003ccode\u003e*string\u003c/code\u003e in binary format (luongs3)\u003c/li\u003e\n\u003cli\u003eFix handling of typed-nil \u003ccode\u003edriver.Valuer\u003c/code\u003e in array and composite codecs (Donncha Fahy)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eCopyData.Data\u003c/code\u003e hex decoding in \u003ccode\u003eUnmarshalJSON\u003c/code\u003e (Charlie Tonneslan)\u003c/li\u003e\n\u003cli\u003eFix data race when context is cancelled during connect\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eparseKeywordValueSettings\u003c/code\u003e rejecting trailing whitespace (alliasgher)\u003c/li\u003e\n\u003cli\u003epgconn: preserve full error chain in \u003ccode\u003enormalizeTimeoutError\u003c/code\u003e (Charlie Tonneslan)\u003c/li\u003e\n\u003cli\u003epgconn: use a fresh context for the fallback connection in \u003ccode\u003econnectPreferred\u003c/code\u003e (Charlie Tonneslan)\u003c/li\u003e\n\u003cli\u003epgxpool: fix \u003ccode\u003eMaxLifetimeDestroyCount\u003c/code\u003e and ping order for acquire-time expiry check\u003c/li\u003e\n\u003cli\u003eAdd missing error check of \u003ccode\u003erows.Err\u003c/code\u003e to load types (Jen Altavilla)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7293fb11125be0373a92f716683f2d494f6fd4b0\"\u003e\u003ccode\u003e7293fb1\u003c/code\u003e\u003c/a\u003e Update changelog for v5.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1ade2852841d4ee55677207200f4ffdbc217ce69\"\u003e\u003ccode\u003e1ade285\u003c/code\u003e\u003c/a\u003e pgconn: document secure connection configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/b4d6d4d1be7f381bb81d12ebfecae6b10f5c7562\"\u003e\u003ccode\u003eb4d6d4d\u003c/code\u003e\u003c/a\u003e pgtype: bound range, multirange, and tsvector binary decoders\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0639b37f8f4fff31dbe73297087e69b3ccc3bf2b\"\u003e\u003ccode\u003e0639b37\u003c/code\u003e\u003c/a\u003e pgconn: add ParseConfigOptions.ConnStringAllowedKeys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/b28e65b0c3e0cd45c09e7c9ce36e5e29caa6dbe9\"\u003e\u003ccode\u003eb28e65b\u003c/code\u003e\u003c/a\u003e pgtype: bound array element count against remaining message bytes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/cd1f389d37d775bc8cb11c60363946f928c02c98\"\u003e\u003ccode\u003ecd1f389\u003c/code\u003e\u003c/a\u003e pgtype: bound array binary decode element length against remaining bytes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/ff27b5bbea012020d1fd8b9bdd56284a88783ef1\"\u003e\u003ccode\u003eff27b5b\u003c/code\u003e\u003c/a\u003e pgtype: bound hstore binary decode against malicious server input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/a6002e12a8a393844b48c29d105e7542e7b3a251\"\u003e\u003ccode\u003ea6002e1\u003c/code\u003e\u003c/a\u003e pgproto3: default Frontend max message body length to ~1 GiB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/44f61732ecdfd08081a1a2ff7227f1e975f0b71e\"\u003e\u003ccode\u003e44f6173\u003c/code\u003e\u003c/a\u003e pgconn: cap server-supplied SCRAM iteration count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1a976f7bb91216ea7f8369cb7abe78ce34dc244f\"\u003e\u003ccode\u003e1a976f7\u003c/code\u003e\u003c/a\u003e pgconn: add require_auth to restrict accepted server auth methods\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v5.9.2...v5.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/pressly/goose/v3` from 3.27.0 to 3.27.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pressly/goose/releases\"\u003egithub.com/pressly/goose/v3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDependency updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pressly/goose/compare/v3.27.0...v3.27.1\"\u003ehttps://github.com/pressly/goose/compare/v3.27.0...v3.27.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pressly/goose/blob/main/CHANGELOG.md\"\u003egithub.com/pressly/goose/v3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v3.27.1] - 2026-04-24\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum Go version to 1.25.7\u003c/li\u003e\n\u003cli\u003eVarious dependency upgrades\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/e3235f7041e1e14453633daeef467165d09d9449\"\u003e\u003ccode\u003ee3235f7\u003c/code\u003e\u003c/a\u003e release: v3.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/883e2f7e0e70fe9fd5427afd4961d3752ed551c1\"\u003e\u003ccode\u003e883e2f7\u003c/code\u003e\u003c/a\u003e build(deps): bump Go and dependency versions (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/2e2fe5ce0c21ee2a4595f651f913ff6775a6ead1\"\u003e\u003ccode\u003e2e2fe5c\u003c/code\u003e\u003c/a\u003e build(deps): bump the gomod group with 3 updates (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/21176ca42730c42fce388fde57944181bf77066d\"\u003e\u003ccode\u003e21176ca\u003c/code\u003e\u003c/a\u003e build(deps): bump modernc.org/sqlite from 1.46.1 to 1.47.0 in the gomod group...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/e7bd535b62f22be7e1f3fd6f5b7430f9ea2ae87a\"\u003e\u003ccode\u003ee7bd535\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/f9c7cb4f9e7d9d036c11cde6482a1c7a844da9f6\"\u003e\u003ccode\u003ef9c7cb4\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /internal/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/b6220db4c1346bb6d1205d01266f4604a03fb5c3\"\u003e\u003ccode\u003eb6220db\u003c/code\u003e\u003c/a\u003e build(deps): bump the gomod group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1041\"\u003e#1041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/65e320f7b293f385ce42ef3509f89df9b9533e02\"\u003e\u003ccode\u003e65e320f\u003c/code\u003e\u003c/a\u003e docs: fix README escaping marker in ENVSUB example (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1037\"\u003e#1037\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/18f6ef715e7429c0ad9e67333c1131923353f6b7\"\u003e\u003ccode\u003e18f6ef7\u003c/code\u003e\u003c/a\u003e build(deps): bump goreleaser/goreleaser-action from 6 to 7 (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1036\"\u003e#1036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/de28e0480a2a75ea050c152fe9be7126d6f696a5\"\u003e\u003ccode\u003ede28e04\u003c/code\u003e\u003c/a\u003e docs: update v3.27.0 release notes with Go 1.25 minimum and dep upgrades\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pressly/goose/compare/v3.27.0...v3.27.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.uber.org/zap` from 1.27.1 to 1.28.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uber-go/zap/releases\"\u003ego.uber.org/zap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003cp\u003eEnhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1534\"\u003e#1534\u003c/a\u003e[]: Add \u003ccode\u003ezapcore.CheckPreWriteHook\u003c/code\u003e and \u003ccode\u003eCheckedEntry.Before\u003c/code\u003e method for transforming entries before they are written to any Cores.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1534\"\u003e#1534\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/uber-go/zap/pull/1534\"\u003euber-go/zap#1534\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uber-go/zap/blob/master/CHANGELOG.md\"\u003ego.uber.org/zap's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.28.0 (27 Apr 2026)\u003c/h2\u003e\n\u003cp\u003eEnhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1534\"\u003e#1534\u003c/a\u003e[]: Add \u003ccode\u003ezapcore.CheckPreWriteHook\u003c/code\u003e and \u003ccode\u003eCheckedEntry.Before\u003c/code\u003e method for transforming entries before they are written to any Cores.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uber-go/zap/commit/5b81b37b81b8e2ed447a6f57991e372ee4fa5c8f\"\u003e\u003ccode\u003e5b81b37\u003c/code\u003e\u003c/a\u003e release v1.28.0 (\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1547\"\u003e#1547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uber-go/zap/commit/0ab0d5aae5986395e2ca497385d977ccd7cdfc5e\"\u003e\u003ccode\u003e0ab0d5a\u003c/code\u003e\u003c/a\u003e zapcore: Add PreWriteHook for transforming entries before write (\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1534\"\u003e#1534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uber-go/zap/commit/d278c5962cb0f7423170c11a5da9b7a4edbf9b92\"\u003e\u003ccode\u003ed278c59\u003c/code\u003e\u003c/a\u003e [chore] CI: test on Go 1.26 (\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1535\"\u003e#1535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uber-go/zap/commit/16fb16b353f2e27bcd71eba69cbd346b3dcc471a\"\u003e\u003ccode\u003e16fb16b\u003c/code\u003e\u003c/a\u003e chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/uber-go/zap/compare/v1.27.1...v1.28.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.50.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.50.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.53.0 to 0.54.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/b138e06246cb323f2f380c2b7f7dd91f581dd56b\"\u003e\u003ccode\u003eb138e06\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/689f70a42abd350f3a1aaa70b0d13eb9543d927a\"\u003e\u003ccode\u003e689f70a\u003c/code\u003e\u003c/a\u003e quic: fix wrong final size being used for RESET_STREAM frame\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/208f306b2f0fd008b388bee2c2644be279778e94\"\u003e\u003ccode\u003e208f306\u003c/code\u003e\u003c/a\u003e http3: increase handshake timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/49810da71b9026da9e0d028a6ad8c7730c52d9c4\"\u003e\u003ccode\u003e49810da\u003c/code\u003e\u003c/a\u003e http2: enable net/http wrapping when go \u0026gt;= 1.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/5e11a5ab891c117eda83b4304d60dd13286c1c76\"\u003e\u003ccode\u003e5e11a5a\u003c/code\u003e\u003c/a\u003e quic: fix data race in streamForFrame\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/8c63081cd380ea768db5651941614b73472160ff\"\u003e\u003ccode\u003e8c63081\u003c/code\u003e\u003c/a\u003e http2: use empty Transport rather than DefaultTransport in http2wrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/fc7b466ca49cb204039630533ece4fc557eb35cd\"\u003e\u003ccode\u003efc7b466\u003c/code\u003e\u003c/a\u003e http2: add http2wrap test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/15c2cb1875fd727313dc4de909b3ee149422fbe2\"\u003e\u003ccode\u003e15c2cb1\u003c/code\u003e\u003c/a\u003e http2: avoid overflowing 32-bit int when http2wrap enabled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/64651885c2f2d745d77af2d7af2edbf568c179af\"\u003e\u003ccode\u003e6465188\u003c/code\u003e\u003c/a\u003e http2: add wrapped Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/72f419a894cb0597dd5b6bcf119086bf2af41231\"\u003e\u003ccode\u003e72f419a\u003c/code\u003e\u003c/a\u003e http2: add wrapped ClientConn\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.53.0...v0.54.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/yasen-pavlov/nexus/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yasen-pavlov%2Fnexus/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"},{"uuid":"4584096423","node_id":"PR_kwDOEOmcd87icEme","number":986,"state":"closed","title":"build(deps): bump the gomod group across 1 directory with 29 updates","user":"dependabot[bot]","labels":["release-note-none"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T05:04:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T22:22:02.000Z","updated_at":"2026-06-09T05:04:30.000Z","time_to_close":456146,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":29,"packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.31","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/containerd/api","old_version":"1.10.0","new_version":"1.11.1","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containers/conmon-rs","old_version":"0.7.3","new_version":"0.8.0","repository_url":"https://github.com/containers/conmon-rs"},{"name":"github.com/containers/kubensmnt","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/containers/kubensmnt"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/intel/goresctrl","old_version":"0.12.0","new_version":"0.13.0","repository_url":"https://github.com/intel/goresctrl"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.28.3","new_version":"2.29.0","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.4.1","new_version":"1.4.2","repository_url":"https://github.com/opencontainers/runc"},{"name":"github.com/opencontainers/selinux","old_version":"1.13.1","new_version":"1.15.1","repository_url":"https://github.com/opencontainers/selinux"},{"name":"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc","old_version":"0.68.0","new_version":"0.69.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go-contrib"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc","old_version":"1.43.0","new_version":"1.44.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"k8s.io/api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/api"},{"name":"k8s.io/client-go","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/client-go"},{"name":"k8s.io/component-base","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/component-base"},{"name":"k8s.io/cri-api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-api"},{"name":"k8s.io/cri-client","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-client"},{"name":"k8s.io/cri-streaming","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-streaming"},{"name":"k8s.io/kubelet","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/kubelet"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.31` | `1.7.32` |\n| [github.com/containerd/containerd/api](https://github.com/containerd/containerd) | `1.10.0` | `1.11.1` |\n| [github.com/containers/conmon-rs](https://github.com/containers/conmon-rs) | `0.7.3` | `0.8.0` |\n| [github.com/containers/kubensmnt](https://github.com/containers/kubensmnt) | `1.2.0` | `1.3.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/intel/goresctrl](https://github.com/intel/goresctrl) | `0.12.0` | `0.13.0` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.4.1` | `1.4.2` |\n| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.13.1` | `1.15.1` |\n| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.68.0` | `0.69.0` |\n| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |\n| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.0` | `0.36.1` |\n| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.0` | `0.36.1` |\n| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-api](https://github.com/kubernetes/cri-api) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-client](https://github.com/kubernetes/cri-client) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-streaming](https://github.com/kubernetes/cri-streaming) | `0.36.0` | `0.36.1` |\n| [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.36.0` | `0.36.1` |\n\n\nUpdates `github.com/containerd/containerd` from 1.7.31 to 1.7.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.31...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd/api` from 1.10.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd API 1.11.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.1 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe first patch release for the containerd 1.11 API includes a fix\nin the task endpoints for non-runc shims.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for api/v1.11.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13444\"\u003e#13444\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef299\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9ec\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/containerd/containerd/releases/tag/api/v1.11.0\"\u003eapi/v1.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003econtainerd API 1.11.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.0 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe 12th release for the containerd 1.x API aligns with the containerd 2.3 release.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd transfer types for container filesystem copy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13165\"\u003e#13165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate sandbox API to include spec field (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12840\"\u003e#12840\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd os.features support for EROFS native container images (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13091\"\u003e#13091\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f822a911ab2b7c73e30bc0f36ea319642c9711b1\"\u003e\u003ccode\u003ef822a91\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13444\"\u003e#13444\u003c/a\u003e from dmcgowan/prepare-api-v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef2\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a50a704094cf72710ccfa4944a642ef4e7ec9d2c\"\u003e\u003ccode\u003ea50a704\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13422\"\u003e#13422\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13360-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/5282d4e09d3bc8b0957780caa7a4644fac7c86a7\"\u003e\u003ccode\u003e5282d4e\u003c/code\u003e\u003c/a\u003e Wire task address and version fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/85f22f7afa3af5aa5083cc7ae50c3b58a35b8849\"\u003e\u003ccode\u003e85f22f7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13409\"\u003e#13409\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4d80a31bf637bc15e83e50a15941bf5bb0cb3988\"\u003e\u003ccode\u003e4d80a31\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2ed0d97b6e58def34684a1bffc2ab6931182f221\"\u003e\u003ccode\u003e2ed0d97\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2315484b7e7a5b53e73ad3b143c780ec7612420b\"\u003e\u003ccode\u003e2315484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13390\"\u003e#13390\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13363-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1ad3402b855b77eb3800f74c87ff78736edf72d2\"\u003e\u003ccode\u003e1ad3402\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13394\"\u003e#13394\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13389-t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/api/v1.10.0...api/v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/conmon-rs` from 0.7.3 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/conmon-rs/releases\"\u003egithub.com/containers/conmon-rs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOpenTelemetry dependencies are now optional. Enable with --features telemetry at build time. (\u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3044\"\u003e#3044\u003c/a\u003e, \u003ca href=\"https://github.com/saschagrunert\"\u003e\u003ccode\u003e@​saschagrunert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecyphar.com/go-pathrs: v0.2.4\u003c/li\u003e\n\u003cli\u003egithub.com/NYTimes/gziphandler: \u003ca href=\"https://github.com/NYTimes/gziphandler/tree/v1.1.1\"\u003ev1.1.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cespare/xxhash/v2: \u003ca href=\"https://github.com/cespare/xxhash/tree/v2.3.0\"\u003ev2.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/expect: v0.1.0-deprecated\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated\u003c/li\u003e\n\u003cli\u003ek8s.io/gengo/v2: 85fd79d\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egithub.com/coreos/go-systemd/v22: \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ev22.6.0 → v22.7.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cpuguy83/go-md2man/v2: \u003ca href=\"https://github.com/cpuguy83/go-md2man/compare/v2.0.5...v2.0.7\"\u003ev2.0.5 → v2.0.7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cyphar/filepath-securejoin: \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ev0.5.1 → v0.6.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/google/pprof: \u003ca href=\"https://github.com/google/pprof/compare/f64d9cf...294ebfa\"\u003ef64d9cf → 294ebfa\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/ginkgo/v2: \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.2...v2.28.1\"\u003ev2.27.2 → v2.28.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/gomega: \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.39.1\"\u003ev1.38.2 → v1.39.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/cgroups: \u003ca href=\"https://github.com/opencontainers/cgroups/compare/v0.0.5...v0.0.6\"\u003ev0.0.5 → v0.0.6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runc: \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.3...v1.4.1\"\u003ev1.3.3 → v1.4.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-spec: \u003ca href=\"https://github.com/opencontainers/runtime-spec/compare/v1.2.1...v1.3.0\"\u003ev1.2.1 → v1.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-tools: \u003ca href=\"https://github.com/opencontainers/runtime-tools/compare/0ea5ed0...5e63903\"\u003e0ea5ed0 → 5e63903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/selinux: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ev1.12.0 → v1.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/rogpeppe/go-internal: \u003ca href=\"https://github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1\"\u003ev1.13.1 → v1.14.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/sirupsen/logrus: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ev1.9.3 → v1.9.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/urfave/cli: \u003ca href=\"https://github.com/urfave/cli/compare/v1.22.16...v1.22.17\"\u003ev1.22.16 → v1.22.17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/metric: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/trace: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/common: v0.66.0 → v0.67.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/image/v5: v5.38.0 → v5.39.1\u003c/li\u003e\n\u003cli\u003ego.podman.io/storage: v1.61.0 → v1.62.0\u003c/li\u003e\n\u003cli\u003ego.yaml.in/yaml/v2: v2.4.2 → v2.4.3\u003c/li\u003e\n\u003cli\u003egolang.org/x/crypto: v0.43.0 → v0.47.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/mod: v0.28.0 → v0.32.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/net: v0.45.0 → v0.49.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/oauth2: v0.27.0 → v0.30.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sync: v0.17.0 → v0.19.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sys: v0.37.0 → v0.40.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/telemetry: aef8a43 → bd525da\u003c/li\u003e\n\u003cli\u003egolang.org/x/term: v0.36.0 → v0.39.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/text: v0.30.0 → v0.33.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools: v0.37.0 → v0.41.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/c07e5214eeef082e83661ff7b610bac38f08401c\"\u003e\u003ccode\u003ec07e521\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3142\"\u003e#3142\u003c/a\u003e from saschagrunert/bump-v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/df8a5f4c70a2a72568ba68f61e0fa0f9cdb5a7a3\"\u003e\u003ccode\u003edf8a5f4\u003c/code\u003e\u003c/a\u003e Bump version to v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4bb0a0f5f65d1a79c53951d02dfb27a298990a83\"\u003e\u003ccode\u003e4bb0a0f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3141\"\u003e#3141\u003c/a\u003e from containers/dependabot/cargo/zerocopy-0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4b81484a4c533f11da91bf415572bb3fdb609f62\"\u003e\u003ccode\u003e4b81484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3140\"\u003e#3140\u003c/a\u003e from containers/dependabot/cargo/itoa-1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/06c19681c35ec24c9567537bc8ed66c41766f876\"\u003e\u003ccode\u003e06c1968\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3137\"\u003e#3137\u003c/a\u003e from containers/dependabot/github_actions/actions/ca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/d8c08482543a40dda9d7140ab0faddfb90965450\"\u003e\u003ccode\u003ed8c0848\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3139\"\u003e#3139\u003c/a\u003e from containers/dependabot/cargo/opentelemetry-84f9a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/a9d10cc555ed4b1662fa7786bcc6538d9eaa0f78\"\u003e\u003ccode\u003ea9d10cc\u003c/code\u003e\u003c/a\u003e build(deps): bump zerocopy from 0.8.42 to 0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/295c1e2eed7ded46acc386d42356bf6095b447bb\"\u003e\u003ccode\u003e295c1e2\u003c/code\u003e\u003c/a\u003e build(deps): bump itoa from 1.0.17 to 1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/46856f7efc3d89b89f4799236acfa82c0f40055f\"\u003e\u003ccode\u003e46856f7\u003c/code\u003e\u003c/a\u003e build(deps): bump opentelemetry-otlp in the opentelemetry group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/e7caf158f2fc1576fa827e6c98862135d7696703\"\u003e\u003ccode\u003ee7caf15\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3135\"\u003e#3135\u003c/a\u003e from containers/dependabot/go_modules/k8s.io/client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/conmon-rs/compare/v0.7.3...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/kubensmnt` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/kubensmnt/releases\"\u003egithub.com/containers/kubensmnt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd stand-alone installation makefiles by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/9\"\u003econtainers/kubensmnt#9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd go embed test by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/10\"\u003econtainers/kubensmnt#10\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure shellcheck to enforce double-bracket style checks by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/12\"\u003econtainers/kubensmnt#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeck to make sure kubensmnt is mounted by \u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePre-create /run/netns bindmount so it propagates to the kubensmnt namespace by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/13\"\u003econtainers/kubensmnt#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove netns pre-mount code by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/14\"\u003econtainers/kubensmnt#14\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/d37589433623e38d0e73fa00ae7eedb70eec90d8\"\u003e\u003ccode\u003ed375894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/14\"\u003e#14\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/179235fb9bf4dea2275c637429c32b9204a6483d\"\u003e\u003ccode\u003e179235f\u003c/code\u003e\u003c/a\u003e Improve netns pre-mount code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9af9d360c629cfcf9b45e7ef1e5be0945016f6a1\"\u003e\u003ccode\u003e9af9d36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/13\"\u003e#13\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/6bbafddc37bbf8e8c05fc283997fb8e6cd735636\"\u003e\u003ccode\u003e6bbafdd\u003c/code\u003e\u003c/a\u003e Pre-create /run/netns bindmount so it propagates to the kubensmnt namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/3424a142b287da0adc4b759e37840f1204769f39\"\u003e\u003ccode\u003e3424a14\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/11\"\u003e#11\u003c/a\u003e from pixelsoccupied/check-mount\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/7a7d59131dce11a013f6eee6d588309c1cb7f403\"\u003e\u003ccode\u003e7a7d591\u003c/code\u003e\u003c/a\u003e check to make sure kubensmnt is mounted\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/4b80f7c792c8864970ca94a72f3d410691221749\"\u003e\u003ccode\u003e4b80f7c\u003c/code\u003e\u003c/a\u003e Configure shellcheck to enforce double-bracket style checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2e5472fd300ef840cbb340e9031897f3c006a99e\"\u003e\u003ccode\u003e2e5472f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/10\"\u003e#10\u003c/a\u003e from lack/go_embed_test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9264c5c70b513e5d48b987a6b55b11a3108a083c\"\u003e\u003ccode\u003e9264c5c\u003c/code\u003e\u003c/a\u003e Add go embed test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2728572f6444955f5f737bd46905214b654e74d3\"\u003e\u003ccode\u003e2728572\u003c/code\u003e\u003c/a\u003e Add stand-alone installation makefiles\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/intel/goresctrl` from 0.12.0 to 0.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/intel/goresctrl/releases\"\u003egithub.com/intel/goresctrl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the Linux kernel TPMI interface for managing Intel SST (Speed Select Technology) which enables support for the latest (and future) generations of processors. With this, goresctrl specifies a new more flexible and extensible API for SST (pkg/sst) – the old API is deprecated but still supported for backwards compatibility. The release also brings support for SST-TF (Turbo Frequency).\u003c/p\u003e\n\u003ch3\u003eList of PRs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/174\"\u003eintel/goresctrl#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub: pin versions of github actions on sha by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/175\"\u003eintel/goresctrl#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 6.3.0 to 6.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/176\"\u003eintel/goresctrl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/178\"\u003eintel/goresctrl#178\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/179\"\u003eintel/goresctrl#179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/177\"\u003eintel/goresctrl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: fix logging level by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/180\"\u003eintel/goresctrl#180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecmd/sst-ctl: refactor by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/182\"\u003eintel/goresctrl#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/183\"\u003eintel/goresctrl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecstates: fix doubly prefixed possible cpus sysfs path by \u003ca href=\"https://github.com/askervin\"\u003e\u003ccode\u003e@​askervin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/184\"\u003eintel/goresctrl#184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd gitignore by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/185\"\u003eintel/goresctrl#185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eutils/idset: present idset in packed format by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/186\"\u003eintel/goresctrl#186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/187\"\u003eintel/goresctrl#187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: add support for TPMI interface and SST-TF by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/181\"\u003eintel/goresctrl#181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: add detailed info API by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/188\"\u003eintel/goresctrl#188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: fix legacy API by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/189\"\u003eintel/goresctrl#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\"\u003ehttps://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/fe1066ae9cce40fa23930eb4ae392b562eea78c5\"\u003e\u003ccode\u003efe1066a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/189\"\u003e#189\u003c/a\u003e from marquiz/devel/legacy-api\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/293d23110352fa84b869c298538918f271e737dd\"\u003e\u003ccode\u003e293d231\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/188\"\u003e#188\u003c/a\u003e from marquiz/devel/sst-info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/511e7b54ff0fc3846ed119db94ed146d6cc09a8e\"\u003e\u003ccode\u003e511e7b5\u003c/code\u003e\u003c/a\u003e sst: fix legacy API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/88c6fdacdfdc51cdf437ca50ad55a010fa32a42e\"\u003e\u003ccode\u003e88c6fda\u003c/code\u003e\u003c/a\u003e cmd/sst: implement info subcommand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/3f62eff60456c68449f458ca46ef4ba35880736f\"\u003e\u003ccode\u003e3f62eff\u003c/code\u003e\u003c/a\u003e sst: add detailed info API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/f3eb140c6783918f0f1b9ee2ce5f6e76be2a7c8a\"\u003e\u003ccode\u003ef3eb140\u003c/code\u003e\u003c/a\u003e sst: move helper packages to internal/\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/ea84f472d307402b51524dcb90e738e032c9e768\"\u003e\u003ccode\u003eea84f47\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/181\"\u003e#181\u003c/a\u003e from marquiz/devel/sst-tpmi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/6ce26466cd74eb6208ab1ee8fe7680ece69a60b4\"\u003e\u003ccode\u003e6ce2646\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/187\"\u003e#187\u003c/a\u003e from intel/dependabot/github_actions/main/golangci/go...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/0232a79c9806dffbf976f5363c7f7f6111e46c8a\"\u003e\u003ccode\u003e0232a79\u003c/code\u003e\u003c/a\u003e cmd/sst: add tf (SST-TF) subcommand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/cdeb50b46834fd14ee57a72a2f1075735329264c\"\u003e\u003ccode\u003ecdeb50b\u003c/code\u003e\u003c/a\u003e sst: add support for SST-TF\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.29.0\u003c/h2\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/04b5bcbe4eee911a1baf506eda1e7e811c978937\"\u003e\u003ccode\u003e04b5bcb\u003c/code\u003e\u003c/a\u003e v2.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/124232a4531c77a7f31a036e0150e06fa78b2af8\"\u003e\u003ccode\u003e124232a\u003c/code\u003e\u003c/a\u003e docs: GinkgoHelperGo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/ad9cee80bdfda573e94f1b05f2bd4afa1a2fe815\"\u003e\u003ccode\u003ead9cee8\u003c/code\u003e\u003c/a\u003e feat: GinkgoHelperGo, with integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/9e56a0a2a090eb83af696381161bdb996c69bcac\"\u003e\u003ccode\u003e9e56a0a\u003c/code\u003e\u003c/a\u003e chore: refactor devcontainer for better maintenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/3d235a96ac05d9e855048c66528d2fdbfb9101f7\"\u003e\u003ccode\u003e3d235a9\u003c/code\u003e\u003c/a\u003e chore: ignore internal/tmp_*/ integration suite temporary dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/782666ae83c2bc804f28b1333bf91a21b093d946\"\u003e\u003ccode\u003e782666a\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/009dd04de2d18f00c3c812d2caab713a165a1f7c\"\u003e\u003ccode\u003e009dd04\u003c/code\u003e\u003c/a\u003e Support DescribeTableSubtree in ginkgo outline\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.28.3...v2.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.41.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eBeASlice\u003c/code\u003e and \u003ccode\u003eBeAnArray\u003c/code\u003e matchers\u003c/p\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eObject formatting now detects pointer cycles to avoid runaway formatting output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/af2bccb5831cbcc56cfc16ca3056077cdec4798b\"\u003e\u003ccode\u003eaf2bccb\u003c/code\u003e\u003c/a\u003e v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/73e81f6f054c825d1743bf4090ac0a9e1d5605af\"\u003e\u003ccode\u003e73e81f6\u003c/code\u003e\u003c/a\u003e v1.41.0 (full)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e35a84f24113255aaeea62fe7c47e09adf39109b\"\u003e\u003ccode\u003ee35a84f\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/f12e5e1bc7167fae21ef37b0d9d358d51063ff5e\"\u003e\u003ccode\u003ef12e5e1\u003c/code\u003e\u003c/a\u003e fix(format): detect pointer cycles to avoid runaway formatting output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e14831fefa86313f2b01fb803b2ac937e49d08b6\"\u003e\u003ccode\u003ee14831f\u003c/code\u003e\u003c/a\u003e Add optionalDescription docs to AsyncAssertion and Assertion interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/344b94dae7e0df0e2d087574b4c2b1b1597a6943\"\u003e\u003ccode\u003e344b94d\u003c/code\u003e\u003c/a\u003e Add BeASlice and BeAnArray matchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.40.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.4.1 to 1.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.2 -- \u0026quot;Я — Земля! Я своих провожаю питомцев\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the second patch release of the 1.4.z release series of runc.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStatic Linking Notices\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003erunc\u003c/code\u003e binary distributed with this release are \u003cem\u003estatically linked\u003c/em\u003e with\nthe following \u003ca href=\"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\"\u003eGNU LGPL-2.1\u003c/a\u003e licensed libraries, with \u003ccode\u003erunc\u003c/code\u003e acting\nas a \u0026quot;work that uses the Library\u0026quot;:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seccomp/libseccomp\"\u003elibseccomp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe versions of these libraries were not modified from their upstream versions,\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\ncomplete source code for those libraries which (when combined with the attached\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\u003c/p\u003e\n\u003cp\u003eHowever we strongly suggest that you make use of your distribution's packages\nor download them from the authoritative upstream sources, especially since\nthese libraries are related to the security of your containers.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAyato Tokubi \u003ca href=\"mailto:atokubi@redhat.com\"\u003eatokubi@redhat.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAkihiro Suda \u003ca href=\"mailto:akihiro.suda.cz@hco.ntt.co.jp\"\u003eakihiro.suda.cz@hco.ntt.co.jp\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLi Fubang \u003ca href=\"mailto:lifubang@acmcoder.com\"\u003elifubang@acmcoder.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRodrigo Campos Catelin \u003ca href=\"mailto:rodrigo@amutable.com\"\u003erodrigo@amutable.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Kir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/v1.4.2/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.2] - 2026-04-02\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eЯ — Земля! Я своих провожаю питомцев.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c241c0bb5e60a8e8c1b2e53d4eca8d0068d8d57e\"\u003e\u003ccode\u003ec241c0b\u003c/code\u003e\u003c/a\u003e VERSION: release v1.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/95f27e805324fce0899c9a2afbb819944f91315b\"\u003e\u003ccode\u003e95f27e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e from lifubang/backport-5210-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/39791aeab622c319146456c603643062d256e715\"\u003e\u003ccode\u003e39791ae\u003c/code\u003e\u003c/a\u003e Fix SIGCHLD race in signal handler setup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/226ff030b46f482c7715726a5de70957a9aec24d\"\u003e\u003ccode\u003e226ff03\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e from lifubang/backport-5177-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/9de77a986c188bd436d5a60f47066388f6b199b5\"\u003e\u003ccode\u003e9de77a9\u003c/code\u003e\u003c/a\u003e test: check mount source fds are cleaned up with idmapped mounts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e4a82fc2d8604fa48f0bfbf7cb09b7c074a9dcc9\"\u003e\u003ccode\u003ee4a82fc\u003c/code\u003e\u003c/a\u003e libct: close mount source fd as soon as possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/87db63422d1d11b2a726674ca9ff276e5fffc7dd\"\u003e\u003ccode\u003e87db634\u003c/code\u003e\u003c/a\u003e libct: add a nil check for mountError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/d4305dc5dddc9daf4a5adb9d6465d230e83f5e94\"\u003e\u003ccode\u003ed4305dc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5187\"\u003e#5187\u003c/a\u003e from kolyshkin/1.4-5159\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/63605fc49f9dc6a26b55d7f26e0473c1e626230b\"\u003e\u003ccode\u003e63605fc\u003c/code\u003e\u003c/a\u003e ci: add conmon tests run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/0daa0038d2f5151c0b503480c311f93694388ef0\"\u003e\u003ccode\u003e0daa003\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5178\"\u003e#5178\u003c/a\u003e from kolyshkin/1.4-5175\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.4.1...v1.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.13.1 to 1.15.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReserveLabelV2: ignore labels without MCS by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/272\"\u003eopencontainers/selinux#272\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.15.0...v1.15.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.15.0...v1.15.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release adds a new function, SetProcessKind, which is to be used instead of KVMProcessLabel[s] and InitProcessLabel[s] in case the user only wants to change the type of the existing label, not generate a new one. It also fixes an CI issue and optimizes label.InitLabels for a few common cases.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: set timeout for vm jobs by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/270\"\u003eopencontainers/selinux#270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elabel.InitLabels: optimize by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/269\"\u003eopencontainers/selinux#269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SetProcessKind by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/271\"\u003eopencontainers/selinux#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.1\u003c/h2\u003e\n\u003cp\u003eThis release mostly fixes label.InitLabels regression introduced in v1.14.0.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: rm travis, add gha badge by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/268\"\u003eopencontainers/selinux#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix label.InitLabels regression in v1.14.0; amend ReserveLabelV2 doc by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/267\"\u003eopencontainers/selinux#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release fixes a regression in ExecLabel, bumps the minimal Go version to 1.22, and deprecates several functions in favor of improved API.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eExecLabel\u003c/code\u003e was using an incorrect path (regression in v1.13.0). (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/253\"\u003eopencontainers/selinux#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eCategoryRange\u003c/code\u003e is deprecated; use \u003ccode\u003eSetCategoryRange\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eKVMContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eKVMContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eInitContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eInitContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eReserveLabel\u003c/code\u003e is deprecated; use \u003ccode\u003eReserveLabelV2\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eROFileLabel\u003c/code\u003e is deprecated; if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContainerLabels\u003c/code\u003e is deprecated, if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSEUserByName\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/251\"\u003eopencontainers/selinux#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCheckLabel\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/250\"\u003eopencontainers/selinux#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSetCategoryRange\u003c/code\u003e, \u003ccode\u003eKVMContainerLabel\u003c/code\u003e, \u003ccode\u003eInitContainerLabel\u003c/code\u003e, \u003ccode\u003eReserveLabelV2\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to Go 1.22 as the minimally supported version (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/256\"\u003eopencontainers/selinux#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eGetDefaultContextWithLevel\u003c/code\u003e to fall back to failsafe context (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse math/rand/v2 rather than crypto/rand for MCS label generation (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/257\"\u003eopencontainers/selinux#257\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9801d537a2fa2bdfeb6ef51de1115089d965f505\"\u003e\u003ccode\u003e9801d53\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/272\"\u003e#272\u003c/a\u003e from kolyshkin/add-mcs-nit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/cf4e440ad6674c88def52f4c3c600f1b5b1773e0\"\u003e\u003ccode\u003ecf4e440\u003c/code\u003e\u003c/a\u003e ReserveLabelV2: ignore labels without MCS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/84683a6ecf369d67892b764300da9a614e403073\"\u003e\u003ccode\u003e84683a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/271\"\u003e#271\u003c/a\u003e from kolyshkin/change-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8889f6ec5dfbc92be63ff81f67cce3f1e7f8567a\"\u003e\u003ccode\u003e8889f6e\u003c/code\u003e\u003c/a\u003e Add SetProcessKind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fb9b5b20d3dce247bd0b0a96e26ad983c4909b9a\"\u003e\u003ccode\u003efb9b5b2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/269\"\u003e#269\u003c/a\u003e from kolyshkin/init-labels-opt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/74873e291f7a5d573fec3e7f2e0e16a8595434ca\"\u003e\u003ccode\u003e74873e2\u003c/code\u003e\u003c/a\u003e label.InitLabels: optimize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8bf19e9d124ef078dd0c0dfc2a14f3b9843c987\"\u003e\u003ccode\u003ec8bf19e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/270\"\u003e#270\u003c/a\u003e from kolyshkin/timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/a55d914f19b9dad21a21f5d882452971e7db2d03\"\u003e\u003ccode\u003ea55d914\u003c/code\u003e\u003c/a\u003e ci: set timeout for vm jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/89b039b4fb2ec4056a15eefce2e6e1a85b33fa70\"\u003e\u003ccode\u003e89b039b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/267\"\u003e#267\u003c/a\u003e from kolyshkin/damage-control\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8c517ef35fd53d6a151e950bcc56f80d3fb2dec0\"\u003e\u003ccode\u003e8c517ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/268\"\u003e#268\u003c/a\u003e from kolyshkin/readme\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.1...v1.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.68.0 to 0.69.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go-contrib/releases\"\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.44.0/v2.5.1/v0.69.0/v0.37.1/v0.24.0/v0.19.0/v0.16.1/v0.16.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eerror.type\u003c/code\u003e attribute to \u003ccode\u003ehttp.client.request.duration\u003c/code\u003e for transport failures in \u003ccode\u003eotelhttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8801\"\u003e#8801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd examples for prometheus compatibility document. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8716\"\u003e#8716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecardinality_limits\u003c/code\u003e in \u003ccode\u003ePeriodicMetricReader\u003c/code\u003e in \u003ccode\u003eotelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8885\"\u003e#8885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eResource\u003c/code\u003e method to \u003ccode\u003eSDK\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf/x\u003c/code\u003e to expose the resolved SDK resource from declarative configuration. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8913\"\u003e#8913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/contrib/detectors/hetzner\u003c/code\u003e, a new resource detector for Hetzner Cloud servers, ported from \u003ccode\u003egithub.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor/internal/hetzner\u003c/code\u003e. Detects \u003ccode\u003ecloud.provider\u003c/code\u003e, \u003ccode\u003ecloud.platform\u003c/code\u003e, \u003ccode\u003ecloud.region\u003c/code\u003e, \u003ccode\u003ecloud.availability_zone\u003c/code\u003e, \u003ccode\u003ehost.id\u003c/code\u003e, and \u003ccode\u003ehost.name\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8979\"\u003e#8979\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSet error field as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of a plain attribute in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otellogrus\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8776\"\u003e#8776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet the \u0026quot;error\u0026quot; field (e.g. created via \u003ccode\u003ezap.Error\u003c/code\u003e) as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of a plain attribute in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otelzap\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8719\"\u003e#8719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet fields implementing \u003ccode\u003eerror\u003c/code\u003e interface from \u003ccode\u003eslog\u003c/code\u003e records as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of plain attributes in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otelslog\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8774\"\u003e#8774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet emitted errors in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otellogr\u003c/code\u003e as record errors (\u003ccode\u003eRecord.SetErr\u003c/code\u003e) instead of \u003ccode\u003eexception.message\u003c/code\u003e attributes. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8775\"\u003e#8775\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix header attributes lost when using sub-spans in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eencoding\u003c/code\u003e configuration for OTLP HTTP exporters in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8772\"\u003e#8772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the custom body wrapper from the request's body after the request is processed to allow body type comparisons with the original type in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\u003c/code\u003e and \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/6914\"\u003e#6914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUnknown or empty HTTP methods now report \u0026quot;_OTHER\u0026quot; instead of \u0026quot;GET\u0026quot; across all HTTP instrumentations to align with OpenTelemetry semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default span name formatter in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\u003c/code\u003e now conforms to the OpenTelemetry HTTP semantic conventions for server span names. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8871\"\u003e#8871\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThe default span name is now \u003ccode\u003e{method} {route}\u003c/code\u003e (e.g. \u003ccode\u003eGET /foo/{id}\u003c/code\u003e) when a route pattern is available, or \u003ccode\u003e{method}\u003c/code\u003e (e.g. \u003ccode\u003eGET\u003c/code\u003e) otherwise.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the deprecated \u003ccode\u003eWithSpanOptions\u003c/code\u003e option in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8991\"\u003e#8991\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eotelconf: validate encoding configuration for OTLP HTTP exporters by \u003ca href=\"https://github.com/sonalgaud12\"\u003e\u003ccode\u003e@​sonalgaud12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8772\"\u003eopen-telemetry/opentelemetry-go-contrib#8772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.99.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8780\"\u003eopen-telemetry/opentelemetry-go-contrib#8780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update prom/prometheus docker tag to v3.11.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8779\"\u003eopen-telemetry/opentelemetry-go-contrib#8779\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eotellogrus: Set error field as \u003ccode\u003erecord.SetErr\u003c/code\u003e by \u003ca href=\"https://github.com/sonalgaud12\"\u003e\u003ccode\u003e@​sonalgaud12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8778\"\u003eopen-telemetry/opentelemetry-go-contrib#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update module golang.org/x/sys to v0.43.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@...\n\n_Description has been truncated_","html_url":"https://github.com/saschagrunert/cri-o/pull/986","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/saschagrunert%2Fcri-o/issues/986","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/986/packages"},{"uuid":"4561720789","node_id":"PR_kwDORhyXcc7hSoAJ","number":86,"state":"open","title":"chore(deps): bump the go-deps group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T08:56:33.000Z","updated_at":"2026-06-01T08:56:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go-deps","update_count":17,"packages":[{"name":"cloud.google.com/go/compute","old_version":"1.63.0","new_version":"1.64.0","repository_url":"https://github.com/googleapis/google-cloud-go"},{"name":"github.com/aws/aws-sdk-go-v2","old_version":"1.41.7","new_version":"1.41.9","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/config","old_version":"1.32.17","new_version":"1.32.20","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/ec2","old_version":"1.302.0","new_version":"1.304.2","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2","old_version":"1.54.12","new_version":"1.54.14","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/iam","old_version":"1.53.10","new_version":"1.53.12","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/organizations","old_version":"1.51.3","new_version":"1.51.6","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/route53","old_version":"1.62.7","new_version":"1.62.9","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/route53resolver","old_version":"1.43.0","new_version":"1.45.0","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"golang.org/x/crypto","old_version":"0.50.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-deps group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cloud.google.com/go/compute](https://github.com/googleapis/google-cloud-go) | `1.63.0` | `1.64.0` |\n| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.7` | `1.41.9` |\n| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.20` |\n| [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) | `1.302.0` | `1.304.2` |\n| [github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2](https://github.com/aws/aws-sdk-go-v2) | `1.54.12` | `1.54.14` |\n| [github.com/aws/aws-sdk-go-v2/service/iam](https://github.com/aws/aws-sdk-go-v2) | `1.53.10` | `1.53.12` |\n| [github.com/aws/aws-sdk-go-v2/service/organizations](https://github.com/aws/aws-sdk-go-v2) | `1.51.3` | `1.51.6` |\n| [github.com/aws/aws-sdk-go-v2/service/route53](https://github.com/aws/aws-sdk-go-v2) | `1.62.7` | `1.62.9` |\n| [github.com/aws/aws-sdk-go-v2/service/route53resolver](https://github.com/aws/aws-sdk-go-v2) | `1.43.0` | `1.45.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.50.0` | `0.52.0` |\n\n\nUpdates `cloud.google.com/go/compute` from 1.63.0 to 1.64.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-go/releases\"\u003ecloud.google.com/go/compute's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ecompute: v1.64.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/compute/v1.63.0...compute/v1.64.0\"\u003ev1.64.0\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate API sources and regenerate (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14621\"\u003e#14621\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/6641db88\"\u003e6641db88\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1a476c130bbaad8d1355db63700fed22aa1cc4a2\"\u003e\u003ccode\u003e1a476c1\u003c/code\u003e\u003c/a\u003e chore: librarian release pull request: 20260521T182442Z (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14627\"\u003e#14627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/dd8448b9186401259e24a68286e41522e0a8a27c\"\u003e\u003ccode\u003edd8448b\u003c/code\u003e\u003c/a\u003e fix(pubsub/v2): manage exactly once spans properly on failure (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14559\"\u003e#14559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/b54d7a43fdd658081298f0b2ebf84e23aa26b848\"\u003e\u003ccode\u003eb54d7a4\u003c/code\u003e\u003c/a\u003e feat(firestore): support Transaction ReadTime (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14615\"\u003e#14615\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/6641db88e5a1c62a967d0505d35c3bc1dedefe9f\"\u003e\u003ccode\u003e6641db8\u003c/code\u003e\u003c/a\u003e feat: update API sources and regenerate (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14621\"\u003e#14621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e753126859522fbf76d0f15099fa63382836ac65\"\u003e\u003ccode\u003ee753126\u003c/code\u003e\u003c/a\u003e chore: librarian release pull request: 20260519T161341Z (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14617\"\u003e#14617\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/593f67d594413796147656e25feacdd1c8f4d047\"\u003e\u003ccode\u003e593f67d\u003c/code\u003e\u003c/a\u003e chore: update librarian to v0.14.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14619\"\u003e#14619\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/66c66c5038a3adde16e841396d910a1148eb4482\"\u003e\u003ccode\u003e66c66c5\u003c/code\u003e\u003c/a\u003e feat(firestore): add Data and DataTo methods to AggregationResult (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14592\"\u003e#14592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/0a8d10d18d7e2b0008e82c5e2936f95e82bfbbc5\"\u003e\u003ccode\u003e0a8d10d\u003c/code\u003e\u003c/a\u003e fix(datastore): detach rollback context from transaction cancellation (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/d52fff4c2965f38dbf6c8df7310d80b6f8a0e28e\"\u003e\u003ccode\u003ed52fff4\u003c/code\u003e\u003c/a\u003e chore(all): update module cloud.google.com/go/longrunning to v1 (main) (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14606\"\u003e#14606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/d29f68afa17d1b874c374c97642afaaf0958a929\"\u003e\u003ccode\u003ed29f68a\u003c/code\u003e\u003c/a\u003e feat(storage): read checksums in gRPC partial reads (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14586\"\u003e#14586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/compute/v1.63.0...compute/v1.64.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2` from 1.41.7 to 1.41.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5841d3ae2cfd6e6113ca61b71d69131b84932f4c\"\u003e\u003ccode\u003e5841d3a\u003c/code\u003e\u003c/a\u003e Release 2026-05-29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ac80d79c282366cae312281b3df925af4e9bf1\"\u003e\u003ccode\u003e16ac80d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/167926f8aca7228f2dd1bed73707505875aafef4\"\u003e\u003ccode\u003e167926f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a0fce13e18c6bff397ad77fac4cde4ab3f3b93e0\"\u003e\u003ccode\u003ea0fce13\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/223c0057211950899e0117dc027cc299a1dac664\"\u003e\u003ccode\u003e223c005\u003c/code\u003e\u003c/a\u003e update to smithy-go v1.26.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/74c501189a40c9b937432a1b2a4cacffc851ea76\"\u003e\u003ccode\u003e74c5011\u003c/code\u003e\u003c/a\u003e Release 2026-05-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7d82651329a86064a9026f6219cff72921fa74da\"\u003e\u003ccode\u003e7d82651\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/79c63d9289784de4914143b7bff67157aa6a2a90\"\u003e\u003ccode\u003e79c63d9\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b15b3b873ad5c294d0c010fb1cc56ecb583d1618\"\u003e\u003ccode\u003eb15b3b8\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/090e46936630944917cfd6a0990ea3fd6391475b\"\u003e\u003ccode\u003e090e469\u003c/code\u003e\u003c/a\u003e Feat tmv2 parity (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3424\"\u003e#3424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/v1.41.7...v1.41.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5841d3ae2cfd6e6113ca61b71d69131b84932f4c\"\u003e\u003ccode\u003e5841d3a\u003c/code\u003e\u003c/a\u003e Release 2026-05-29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ac80d79c282366cae312281b3df925af4e9bf1\"\u003e\u003ccode\u003e16ac80d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/167926f8aca7228f2dd1bed73707505875aafef4\"\u003e\u003ccode\u003e167926f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a0fce13e18c6bff397ad77fac4cde4ab3f3b93e0\"\u003e\u003ccode\u003ea0fce13\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/223c0057211950899e0117dc027cc299a1dac664\"\u003e\u003ccode\u003e223c005\u003c/code\u003e\u003c/a\u003e update to smithy-go v1.26.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/74c501189a40c9b937432a1b2a4cacffc851ea76\"\u003e\u003ccode\u003e74c5011\u003c/code\u003e\u003c/a\u003e Release 2026-05-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7d82651329a86064a9026f6219cff72921fa74da\"\u003e\u003ccode\u003e7d82651\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/79c63d9289784de4914143b7bff67157aa6a2a90\"\u003e\u003ccode\u003e79c63d9\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b15b3b873ad5c294d0c010fb1cc56ecb583d1618\"\u003e\u003ccode\u003eb15b3b8\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/090e46936630944917cfd6a0990ea3fd6391475b\"\u003e\u003ccode\u003e090e469\u003c/code\u003e\u003c/a\u003e Feat tmv2 parity (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3424\"\u003e#3424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.17...config/v1.32.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.16 to 1.19.19\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5841d3ae2cfd6e6113ca61b71d69131b84932f4c\"\u003e\u003ccode\u003e5841d3a\u003c/code\u003e\u003c/a\u003e Release 2026-05-29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ac80d79c282366cae312281b3df925af4e9bf1\"\u003e\u003ccode\u003e16ac80d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/167926f8aca7228f2dd1bed73707505875aafef4\"\u003e\u003ccode\u003e167926f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a0fce13e18c6bff397ad77fac4cde4ab3f3b93e0\"\u003e\u003ccode\u003ea0fce13\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/223c0057211950899e0117dc027cc299a1dac664\"\u003e\u003ccode\u003e223c005\u003c/code\u003e\u003c/a\u003e update to smithy-go v1.26.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/74c501189a40c9b937432a1b2a4cacffc851ea76\"\u003e\u003ccode\u003e74c5011\u003c/code\u003e\u003c/a\u003e Release 2026-05-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7d82651329a86064a9026f6219cff72921fa74da\"\u003e\u003ccode\u003e7d82651\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/79c63d9289784de4914143b7bff67157aa6a2a90\"\u003e\u003ccode\u003e79c63d9\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b15b3b873ad5c294d0c010fb1cc56ecb583d1618\"\u003e\u003ccode\u003eb15b3b8\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/090e46936630944917cfd6a0990ea3fd6391475b\"\u003e\u003ccode\u003e090e469\u003c/code\u003e\u003c/a\u003e Feat tmv2 parity (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3424\"\u003e#3424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.19.16...credentials/v1.19.19\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.302.0 to 1.304.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5841d3ae2cfd6e6113ca61b71d69131b84932f4c\"\u003e\u003ccode\u003e5841d3a\u003c/code\u003e\u003c/a\u003e Release 2026-05-29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ac80d79c282366cae312281b3df925af4e9bf1\"\u003e\u003ccode\u003e16ac80d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/167926f8aca7228f2dd1bed73707505875aafef4\"\u003e\u003ccode\u003e167926f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a0fce13e18c6bff397ad77fac4cde4ab3f3b93e0\"\u003e\u003ccode\u003ea0fce13\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/223c0057211950899e0117dc027cc299a1dac664\"\u003e\u003ccode\u003e223c005\u003c/code\u003e\u003c/a\u003e update to smithy-go v1.26.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/74c501189a40c9b937432a1b2a4cacffc851ea76\"\u003e\u003ccode\u003e74c5011\u003c/code\u003e\u003c/a\u003e Release 2026-05-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7d82651329a86064a9026f6219cff72921fa74da\"\u003e\u003ccode\u003e7d82651\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/79c63d9289784de4914143b7bff67157aa6a2a90\"\u003e\u003ccode\u003e79c63d9\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b15b3b873ad5c294d0c010fb1cc56ecb583d1618\"\u003e\u003ccode\u003eb15b3b8\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/090e46936630944917cfd6a0990ea3fd6391475b\"\u003e\u003ccode\u003e090e469\u003c/code\u003e\u003c/a\u003e Feat tmv2 parity (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3424\"\u003e#3424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.302.0...service/ec2/v1.304.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2` from 1.54.12 to 1.54.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5841d3ae2cfd6e6113ca61b71d69131b84932f4c\"\u003e\u003ccode\u003e5841d3a\u003c/code\u003e\u003c/a\u003e Release 2026-05-29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ac80d79c282366cae312281b3df925af4e9bf1\"\u003e\u003ccode\u003e16ac80d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/167926f8aca7228f2dd1bed73707505875aafef4\"\u003e\u003ccode\u003e167926f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a0fce13e18c6bff397ad77fac4cde4ab3f3b93e0\"\u003e\u003ccode\u003ea0fce13\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/223c0057211950899e0117dc027cc299a1dac664\"\u003e\u003ccode\u003e223c005\u003c/code\u003e\u003c/a\u003e update to smithy-go v1.26.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/74c501189a40c9b937432a1b2a4cacffc851ea76\"\u003e\u003ccode\u003e74c5011\u003c/code\u003e\u003c/a\u003e Release 2026-05-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7d82651329a86064a9026f6219cff72921fa74da\"\u003e\u003ccode\u003e7d82651\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/79c63d9289784de4914143b7bff67157aa6a2a90\"\u003e\u003ccode\u003e79c63d9\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b15b3b873ad5c294d0c010fb1cc56ecb583d1618\"\u003e\u003ccode\u003eb15b3b8\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/090e46936630944917cfd6a0990ea3fd6391475b\"\u003e\u003ccode\u003e090e469\u003c/code\u003e\u003c/a\u003e Feat tmv2 parity (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3424\"\u003e#3424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/polly/v1.54.12...service/elasticloadbalancingv2/v1.54.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/iam` from 1.53.10 to 1.53.12\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c45eaac0731f64505ae8a32703611657e31b6dea\"\u003e\u003ccode\u003ec45eaac\u003c/code\u003e\u003c/a\u003e Release 2025-02-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7aecaffb9ba5ba0638e1ab4aab51977da5af0a47\"\u003e\u003ccode\u003e7aecaff\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a11e8e137b6f7906f7f686ef3cfe0553cf493088\"\u003e\u003ccode\u003ea11e8e1\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/91f8178a6636ded0282b1d1ee1490311856ad9d5\"\u003e\u003ccode\u003e91f8178\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/d59b6584a641edf3b82778b44f7ef47aad2d5277\"\u003e\u003ccode\u003ed59b658\u003c/code\u003e\u003c/a\u003e Release 2025-02-03\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e50249fff700e87f4a779fa221efe00afab9ff66\"\u003e\u003ccode\u003ee50249f\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5d245fcb77fb71200881dab84a2b42fcefe0355a\"\u003e\u003ccode\u003e5d245fc\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/85742451645e8bed2a54286c02065be56599d977\"\u003e\u003ccode\u003e8574245\u003c/code\u003e\u003c/a\u003e delete stuck changelogs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e2e9697d8ebe330a7435716c2f31b1cea4dff3c0\"\u003e\u003ccode\u003ee2e9697\u003c/code\u003e\u003c/a\u003e Release 2025-01-31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6576a0939a79d5f31eef10164750faedd78a45d4\"\u003e\u003ccode\u003e6576a09\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.53.10...service/ecs/v1.53.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/organizations` from 1.51.3 to 1.51.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/676a8b1bf0174c8763e19d99b68b988e67e2d398\"\u003e\u003ccode\u003e676a8b1\u003c/code\u003e\u003c/a\u003e Release 2025-01-24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/1737386a85235b72e9676ed261b72cddb61355df\"\u003e\u003ccode\u003e1737386\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/3bc09da29fb3dd079526f7ed141520f69245e445\"\u003e\u003ccode\u003e3bc09da\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/cb98deef60318ce9a61cda159ebfb0166d88539b\"\u003e\u003ccode\u003ecb98dee\u003c/code\u003e\u003c/a\u003e Fix flex checksum validation cfg (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2981\"\u003e#2981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/9c764018fe28b27912a0b976614d9e806e3f8268\"\u003e\u003ccode\u003e9c76401\u003c/code\u003e\u003c/a\u003e fix bad changelog type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ed8a3caa0df9ce36a5b60aebeee201187098d205\"\u003e\u003ccode\u003eed8a3ca\u003c/code\u003e\u003c/a\u003e Reduce fmt.Sprintf allocations in query encoding (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/d5773a9a070873393eb2e7eed37bd647e12e1267\"\u003e\u003ccode\u003ed5773a9\u003c/code\u003e\u003c/a\u003e Add FixUnmarshalIndividualSetValues option to DecoderOptions of dynamodb (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2896\"\u003e#2896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/58e23dc0311cec940749e34ddfc542dbb00ff7a3\"\u003e\u003ccode\u003e58e23dc\u003c/code\u003e\u003c/a\u003e fix codegen test failing in main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/640d919419375c1bb9041ffa6dd024b60243a1ed\"\u003e\u003ccode\u003e640d919\u003c/code\u003e\u003c/a\u003e fix broken jmespath waiters in cloudwatch and autoscaling (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2984\"\u003e#2984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/613a6cfc607af8470ceec5b7391f9231fa1f98dd\"\u003e\u003ccode\u003e613a6cf\u003c/code\u003e\u003c/a\u003e Optimize/directory traversal (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2970\"\u003e#2970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.51.3...service/fsx/v1.51.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/route53` from 1.62.7 to 1.62.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/54aed732316b5162e5c4382a1f2d3891175d0254\"\u003e\u003ccode\u003e54aed73\u003c/code\u003e\u003c/a\u003e Release 2025-02-18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/082781faee876f9d612fa7c113b4304a29766b14\"\u003e\u003ccode\u003e082781f\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/3ed185b604684a86547e679154975f1914f97312\"\u003e\u003ccode\u003e3ed185b\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/03da7378d668622cd880ec741d57e93cc370efa1\"\u003e\u003ccode\u003e03da737\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c8a8ccb619ffbfe00e99a83e99729b948f20be29\"\u003e\u003ccode\u003ec8a8ccb\u003c/code\u003e\u003c/a\u003e Bump go version to 1.22 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/8b7c7bf6d9a1c63d0c5262724ae8a15a44e366a6\"\u003e\u003ccode\u003e8b7c7bf\u003c/code\u003e\u003c/a\u003e fix missing AccountIDEndpointMode binding (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3013\"\u003e#3013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/90f9d1081a37acaf792ccda5bfb07e2ee7590a9e\"\u003e\u003ccode\u003e90f9d10\u003c/code\u003e\u003c/a\u003e Release 2025-02-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/40dd351c61c016749a3f4105cca0c965e7c66d7b\"\u003e\u003ccode\u003e40dd351\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/06352dfafe9067da1956229d6925efed328d5ff6\"\u003e\u003ccode\u003e06352df\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/833566b553122ebd5bfa1237ee7c905a8db0d687\"\u003e\u003ccode\u003e833566b\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.62.7...service/iot/v1.62.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/route53resolver` from 1.43.0 to 1.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/13546abeb3c6bf9f0bfa97855fd8f52a2e26373e\"\u003e\u003ccode\u003e13546ab\u003c/code\u003e\u003c/a\u003e Release 2023-11-27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/59ce389800703c1509810f19ab77c467531ab07f\"\u003e\u003ccode\u003e59ce389\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/8257e839ab34958c84f1671ca89b92cf30360b43\"\u003e\u003ccode\u003e8257e83\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/8ef931c3c2a1f28e4bc68efe5a0582e3ec32f2ac\"\u003e\u003ccode\u003e8ef931c\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6afe5286d243f06aa040d3954b765b38366b88c2\"\u003e\u003ccode\u003e6afe528\u003c/code\u003e\u003c/a\u003e Release 2023-11-22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/769b1e08ea9acae6b2488864977a444dccb59e62\"\u003e\u003ccode\u003e769b1e0\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b6c76999b24cbe735e03123800eaf7427ab6caf2\"\u003e\u003ccode\u003eb6c7699\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/57f3065c220672b63d1a1af0f424757048805904\"\u003e\u003ccode\u003e57f3065\u003c/code\u003e\u003c/a\u003e breakfix: convert public access block config fields to nilable like s3 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2385\"\u003e#2385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/fa3ee1a83b9edac9669159650622bcfe3003b44c\"\u003e\u003ccode\u003efa3ee1a\u003c/code\u003e\u003c/a\u003e Release 2023-11-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6e0c553b49b1fd84753d3ea440be93011d36cf40\"\u003e\u003ccode\u003e6e0c553\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.43.0...service/s3/v1.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/sso` from 1.30.17 to 1.30.19\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/54aed732316b5162e5c4382a1f2d3891175d0254\"\u003e\u003ccode\u003e54aed73\u003c/code\u003e\u003c/a\u003e Release 2025-02-18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/082781faee876f9d612fa7c113b4304a29766b14\"\u003e\u003ccode\u003e082781f\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/3ed185b604684a86547e679154975f1914f97312\"\u003e\u003ccode\u003e3ed185b\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/03da7378d668622cd880ec741d57e93cc370efa1\"\u003e\u003ccode\u003e03da737\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c8a8ccb619ffbfe00e99a83e99729b948f20be29\"\u003e\u003ccode\u003ec8a8ccb\u003c/code\u003e\u003c/a\u003e Bump go version to 1.22 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/8b7c7bf6d9a1c63d0c5262724ae8a15a44e366a6\"\u003e\u003ccode\u003e8b7c7bf\u003c/code\u003e\u003c/a\u003e fix missing AccountIDEndpointMode binding (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3013\"\u003e#3013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/90f9d1081a37acaf792ccda5bfb07e2ee7590a9e\"\u003e\u003ccode\u003e90f9d10\u003c/code\u003e\u003c/a\u003e Release 2025-02-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/40dd351c61c016749a3f4105cca0c965e7c66d7b\"\u003e\u003ccode\u003e40dd351\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/06352dfafe9067da1956229d6925efed328d5ff6\"\u003e\u003ccode\u003e06352df\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/833566b553122ebd5bfa1237ee7c905a8db0d687\"\u003e\u003ccode\u003e833566b\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/acm/v1.30.17...service/acm/v1.30.19\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/ssooidc` from 1.35.21 to 1.36.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/54aed732316b5162e5c4382a1f2d3891175d0254\"\u003e\u003ccode\u003e54aed73\u003c/code\u003e\u003c/a\u003e Release 2025-02-18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/082781faee876f9d612fa7c113b4304a29766b14\"\u003e\u003ccode\u003e082781f\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/3ed185b604684a86547e679154975f1914f97312\"\u003e\u003ccode\u003e3ed185b\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/03da7378d668622cd880ec741d57e93cc370efa1\"\u003e\u003ccode\u003e03da737\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c8a8ccb619ffbfe00e99a83e99729b948f20be29\"\u003e\u003ccode\u003ec8a8ccb\u003c/code\u003e\u003c/a\u003e Bump go version to 1.22 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/8b7c7bf6d9a1c63d0c5262724ae8a15a44e366a6\"\u003e\u003ccode\u003e8b7c7bf\u003c/code\u003e\u003c/a\u003e fix missing AccountIDEndpointMode binding (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3013\"\u003e#3013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/90f9d1081a37acaf792ccda5bfb07e2ee7590a9e\"\u003e\u003ccode\u003e90f9d10\u003c/code\u003e\u003c/a\u003e Release 2025-02-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/40dd351c61c016749a3f4105cca0c965e7c66d7b\"\u003e\u003ccode\u003e40dd351\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/06352dfafe9067da1956229d6925efed328d5ff6\"\u003e\u003ccode\u003e06352df\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/833566b553122ebd5bfa1237ee7c905a8db0d687\"\u003e\u003ccode\u003e833566b\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/pi/v1.35.21...v1.36.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.42.1 to 1.42.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/09a58172d9d7ad6f73a123b02d7e84c5c4a155f7\"\u003e\u003ccode\u003e09a5817\u003c/code\u003e\u003c/a\u003e Release 2025-12-02\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/58d1759452a64b5cebc3af72b0d20e0d0f4c1206\"\u003e\u003ccode\u003e58d1759\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ba34ea62c08755b0f9e515e49d91a4ec0a228a\"\u003e\u003ccode\u003e16ba34e\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7873bf423b63068375552b96d515d4e4fe3b4b64\"\u003e\u003ccode\u003e7873bf4\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/9b55b02d1957debcdc49350d1e805ef35b6aebf0\"\u003e\u003ccode\u003e9b55b02\u003c/code\u003e\u003c/a\u003e bump smithy-go to v1.24.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3242\"\u003e#3242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/d8b017901ff4fdde54fcb11a2cc2eb96f5250fd4\"\u003e\u003ccode\u003ed8b0179\u003c/code\u003e\u003c/a\u003e Release 2025-12-01\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e4405f01c3d6d2b9ae5ba8a2a09556ae53d5f8f2\"\u003e\u003ccode\u003ee4405f0\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/65d08b0cedc6076d337c9a733e0a103446ed2e7b\"\u003e\u003ccode\u003e65d08b0\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f6cc036f3712a3bc31b7a8120d26455bd6fa15ea\"\u003e\u003ccode\u003ef6cc036\u003c/code\u003e\u003c/a\u003e Release 2025-11-26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/deb353f714c36d8c29020007df481749e45f38bb\"\u003e\u003ccode\u003edeb353f\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.42.1...service/amp/v1.42.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.50.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.50.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/api` from 0.274.0 to 0.279.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-api-go-client/releases\"\u003egoogle.golang.org/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.279.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.278.0...v0.279.0\"\u003e0.279.0\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3585\"\u003e#3585\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/09db0e346a6b567747dceee3872229a62c95124c\"\u003e09db0e3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3587\"\u003e#3587\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e87e376dbd590cffb3632c378e1ade4a9dacf3ce\"\u003ee87e376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3590\"\u003e#3590\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/d4241eaef9ab3daad4fd4aaeccc118795cfc58a7\"\u003ed4241ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.278.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.277.0...v0.278.0\"\u003e0.278.0\u003c/a\u003e (2026-05-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3582\"\u003e#3582\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/76b1187e506ac0f48caac67907dd0805b253f74c\"\u003e76b1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3584\"\u003e#3584\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e36c88361d11545583325c3ac6bdbd9cf1f1a7d0\"\u003ee36c883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.277.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.276.0...v0.277.0\"\u003e0.277.0\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3567\"\u003e#3567\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/39582952e4eac1b744499f8a8063a4a5f1ce7d6b\"\u003e3958295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3571\"\u003e#3571\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ca9851efc573231ca1ed9c6fea4bc77d6052d0bb\"\u003eca9851e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3574\"\u003e#3574\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8efb1afa0e5d9cc454f721124bba3881f3935e3c\"\u003e8efb1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3575\"\u003e#3575\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/de49bb519cab881f74e5b9ba11e263a2b9a4ad2e\"\u003ede49bb5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3577\"\u003e#3577\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ce68c87d9dc6c144b6df578df725470b30cf83d6\"\u003ece68c87\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3578\"\u003e#3578\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8be033e24e0c6ddb08a3df72c0a8997d21623a22\"\u003e8be033e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3579\"\u003e#3579\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/bc6990e20803f2ff2fd1b77995f6e9180ab2302b\"\u003ebc6990e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3580\"\u003e#3580\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/2de1a5aff3f3b6e53dff00da297c5d249ac8d791\"\u003e2de1a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3581\"\u003e#3581\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/0c219d90e90899c93215558f3ea309c9732bf7ea\"\u003e0c219d9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eidtoken:\u003c/strong\u003e Avoid double impersonation in tokenSourceFromBytes (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3576\"\u003e#3576\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/75172cf5cb7bfc260c22e481323355306f684a09\"\u003e75172cf\u003c/a\u003e), refs \u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/2301\"\u003e#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.276.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.275.0...v0.276.0\"\u003e0.276.0\u003c/a\u003e (2026-04-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3561\"\u003e#3561\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/dd3f1bb7976124341e045b9f519d059a3f636ea1\"\u003edd3f1bb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3565\"\u003e#3565\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/7c11b5a39bde8b58642e8e95f067cf6b1592d46c\"\u003e7c11b5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3566\"\u003e#3566\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/54188cf11d69c99be6b485eb6b92898c233422bd\"\u003e54188cf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md\"\u003egoogle.golang.org/api's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.278.0...v0.279.0\"\u003e0.279.0\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3585\"\u003e#3585\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/09db0e346a6b567747dceee3872229a62c95124c\"\u003e09db0e3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3587\"\u003e#3587\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e87e376dbd590cffb3632c378e1ade4a9dacf3ce\"\u003ee87e376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3590\"\u003e#3590\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/d4241eaef9ab3daad4fd4aaeccc118795cfc58a7\"\u003ed4241ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.277.0...v0.278.0\"\u003e0.278.0\u003c/a\u003e (2026-05-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3582\"\u003e#3582\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/76b1187e506ac0f48caac67907dd0805b253f74c\"\u003e76b1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3584\"\u003e#3584\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e36c88361d11545583325c3ac6bdbd9cf1f1a7d0\"\u003ee36c883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.276.0...v0.277.0\"\u003e0.277.0\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3567\"\u003e#3567\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/39582952e4eac1b744499f8a8063a4a5f1ce7d6b\"\u003e3958295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3571\"\u003e#3571\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ca9851efc573231ca1ed9c6fea4bc77d6052d0bb\"\u003eca9851e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3574\"\u003e#3574\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8efb1afa0e5d9cc454f721124bba3881f3935e3c\"\u003e8efb1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3575\"\u003e#3575\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/de49bb519cab881f74e5b9ba11e263a2b9a4ad2e\"\u003ede49bb5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3577\"\u003e#3577\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ce68c87d9dc6c144b6df578df725470b30cf83d6\"\u003ece68c87\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3578\"\u003e#3578\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8be033e24e0c6ddb08a3df72c0a8997d21623a22\"\u003e8be033e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3579\"\u003e#3579\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/bc6990e20803f2ff2fd1b77995f6e9180ab2302b\"\u003ebc6990e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3580\"\u003e#3580\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/2de1a5aff3f3b6e53dff00da297c5d249ac8d791\"\u003e2de1a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3581\"\u003e#3581\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/0c219d90e90899c93215558f3ea309c9732bf7ea\"\u003e0c219d9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eidtoken:\u003c/strong\u003e Avoid double impersonation in tokenSourceFromBytes (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3576\"\u003e#3576\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/75172cf5cb7bfc260c22e481323355306f684a09\"\u003e75172cf\u003c/a\u003e), refs \u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/2301\"\u003e#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.275.0...v0.276.0\"\u003e0.276.0\u003c/a\u003e (2026-04-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3561\"\u003e#3561\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/dd3f1bb7976124341e045b9f519d059a3f636ea1\"\u003edd3f1bb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3565\"\u003e#3565\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/7c11b5a39bde8b58642e8e95f067cf6b1592d46c\"\u003e7c11b5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3566\"\u003e#3566\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/54188cf11d69c99be6b485eb6b92898c233422bd\"\u003e54188cf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0\"\u003e0.275.0\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e446d4cdeb5e63cd6916051edd2c56588eede309\"\u003e\u003ccode\u003ee446d4c\u003c/code\u003e\u003c/a\u003e chore(main): release 0.279.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3586\"\u003e#3586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/d4241eaef9ab3daad4fd4aaeccc118795cfc58a7\"\u003e\u003ccode\u003ed4241ea\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3590\"\u003e#3590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8452ed1936bd40ed8a3e2dd8b06832a853ea45c7\"\u003e\u003ccode\u003e8452ed1\u003c/code\u003e\u003c/a\u003e chore(all): update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e87e376dbd590cffb3632c378e1ade4a9dacf3ce\"\u003e\u003ccode\u003ee87e376\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3587\"\u003e#3587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/09db0e346a6b567747dceee3872229a62c95124c\"\u003e\u003ccode\u003e09db0e3\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3585\"\u003e#3585\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/07c758daacbc24e32753c3f1b537c7f6cce626f0\"\u003e\u003ccode\u003e07c758d\u003c/code\u003e\u003c/a\u003e chore(main): release 0.278.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3583\"\u003e#3583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e36c88361d11545583325c3ac6bdbd9cf1f1a7d0\"\u003e\u003ccode\u003ee36c883\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3584\"\u003e#3584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/76b1187e506ac0f48caac67907dd0805b253f74c\"\u003e\u003ccode\u003e76b1187\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/dd598a60e19f836bb7ad709311b21d303bbab6c8\"\u003e\u003ccode\u003edd598a6\u003c/code\u003e\u003c/a\u003e chore(main): release 0.277.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3568\"\u003e#3568\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/b208a86db380e5e517451daa4e5f63fae1f723be\"\u003e\u003ccode\u003eb208a86\u003c/code\u003e\u003c/a\u003e chore(all): update all (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3573\"\u003e#3573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.279.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.80.0 to 1.81.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.81.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per \u003ca href=\"https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md\"\u003egRFC A41\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/al4an444\"\u003e\u003ccode\u003e@​al4an444\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eotel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.81.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8808\"\u003e#8808\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDependencies\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eMinimum supported Go version is now 1.25. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8969\"\u003e#8969\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8956\"\u003e#8956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Send a \u003ccode\u003eRST_STREAM\u003c/code\u003e when receiving an \u003ccode\u003eEND_STREAM\u003c/code\u003e when the stream is not already half-closed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8832\"\u003e#8832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Fix ADS resource name validation to prevent a panic. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8970\"\u003e#8970\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc/stats: Add support for custom labels in per-call metrics (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A108-otel-custom-per-call-label.md\"\u003egRFC A108\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9008\"\u003e#9008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for Server Name Indication (SNI) and SAN validation (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md\"\u003egRFC A101\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_SNI=true\u003c/code\u003e environment variable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9016\"\u003e#9016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md\"\u003egRFC A85\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9005\"\u003e#9005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add metrics to track xDS client connectivity and cached resource state (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md\"\u003egRFC A78\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8807\"\u003e#8807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Enhance \u003ccode\u003egrpc.subchannel.disconnections\u003c/code\u003e metric by adding disconnection reason to the \u003ccode\u003egrpc.disconnect_error\u003c/code\u003e label (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A94-subchannel-otel-metrics.md\"\u003egRFC A94\u003c/a\u003e). This provides granular insights into why subchannels are closing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8973\"\u003e#8973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Add \u003ccode\u003emem.Buffer.Slice()\u003c/code\u003e API to slice the buffer like a slice. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8977\"\u003e#8977\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/ash2k\"\u003e\u003ccode\u003e@​ash2k\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ealts: Pool read buffers to lower memory utilization when sockets are unreadable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8964\"\u003e#8964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set \u003ccode\u003eGRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false\u003c/code\u003e and report any issues. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9032\"\u003e#9032\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/caf0772c2bcb8bc15d43eb53448e921f34f0b7e8\"\u003e\u003ccode\u003ecaf0772\u003c/code\u003e\u003c/a\u003e Change version from 1.81.1-dev to 1.81.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9122\"\u003e#9122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6ccbeebf058ede71e43a5ac28fada2a736573215\"\u003e\u003ccode\u003e6ccbeeb\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9121\"\u003e#9121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/b33c29e41b438e371c8504de9bdf64a80098cc29\"\u003e\u003ccode\u003eb33c29e\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9102\"\u003e#9102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/c45fae6d06a5c192b7b96418a2bc26a96b856834\"\u003e\u003ccode\u003ec45fae6\u003c/code\u003e\u003c/a\u003e Change version to 1.81.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9063\"\u003e#9063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cb18228317ff523e63d931b4058b0329585b7dcd\"\u003e\u003ccode\u003ecb18228\u003c/code\u003e\u003c/a\u003e Change version to 1.81.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9062\"\u003e#9062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/96748f973e20bbfcafa19a8bdffc85ad5da138d1\"\u003e\u003ccode\u003e96748f9\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9105\"\u003e#9105\u003c/a\u003e to 1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9106\"\u003e#9106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/91832222f0144f76527b630ca55cfea6e1aa015a\"\u003e\u003ccode\u003e9183222\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9055\"\u003e#9055\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9032\"\u003e#9032\u003c/a\u003e to v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9095\"\u003e#9095\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/5cba6da4211f3b130238c792937f5921741b616a\"\u003e\u003ccode\u003e5cba6da\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;deps: update dependencies for all modules (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9065\"\u003e#9065\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9067\"\u003e#9067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/af8a9364aa7523ab24d214e9ef13e6ad64d5c5f9\"\u003e\u003ccode\u003eaf8a936\u003c/code\u003e\u003c/a\u003e deps: update dependencies for all modules (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9065\"\u003e#9065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cdc60dfaaadde45e16aa3c28237c0e655a722c1a\"\u003e\u003ccode\u003ecdc60df\u003c/code\u003e\u003c/a\u003e transport: optimize heap allocations in ready reader and update syscall conne...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.80.0...v1.81.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/stefanriegel/UDDI-Token-Calculator/pull/86","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanriegel%2FUDDI-Token-Calculator/issues/86","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/86/packages"},{"uuid":"4556239972","node_id":"PR_kwDOQ7_oS87hByZ6","number":205,"state":"closed","title":"chore(go-backend): Bump the gomod group in /go-backend with 5 updates","user":"dependabot[bot]","labels":["dependabot","dependencies","gomod"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-07T01:33:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-31T01:33:02.000Z","updated_at":"2026-06-07T01:33:01.000Z","time_to_close":604798,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(go-backend): Bump","group_name":"gomod","update_count":5,"packages":[{"name":"connectrpc.com/connect","old_version":"1.19.2","new_version":"1.20.0","repository_url":"https://github.com/connectrpc/connect-go"},{"name":"github.com/getkin/kin-openapi","old_version":"0.138.0","new_version":"0.139.0","repository_url":"https://github.com/getkin/kin-openapi"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/oapi-codegen/runtime","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/oapi-codegen/runtime"},{"name":"golang.org/x/crypto","old_version":"0.51.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"}],"path":"/go-backend","ecosystem":"go"},"body":"Bumps the gomod group in /go-backend with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [connectrpc.com/connect](https://github.com/connectrpc/connect-go) | `1.19.2` | `1.20.0` |\n| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.138.0` | `0.139.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) | `1.4.0` | `1.4.1` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.52.0` |\n\nUpdates `connectrpc.com/connect` from 1.19.2 to 1.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/connectrpc/connect-go/releases\"\u003econnectrpc.com/connect's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum supported Go version to 1.25 by \u003ca href=\"https://github.com/jonbodner-buf\"\u003e\u003ccode\u003e@​jonbodner-buf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/922\"\u003e#922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Unary-Get query parameter order to match spec recommendation by \u003ca href=\"https://github.com/oliversun9\"\u003e\u003ccode\u003e@​oliversun9\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/926\"\u003e#926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jonbodner-buf\"\u003e\u003ccode\u003e@​jonbodner-buf\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/922\"\u003e#922\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0\"\u003ehttps://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/connectrpc/connect-go/commit/1291a7dcac19b00490f935dce18f44f301fc58f6\"\u003e\u003ccode\u003e1291a7d\u003c/code\u003e\u003c/a\u003e Prepare for v1.20.0 (\u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/connectrpc/connect-go/commit/6df682f19e5b957b96b5fa44ffb28705a2d7bc8c\"\u003e\u003ccode\u003e6df682f\u003c/code\u003e\u003c/a\u003e Update Unary-Get query parameter order to match spec recommendation (\u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/connectrpc/connect-go/commit/c4aac92b87026cd709cfbccdaabe8c45abef705c\"\u003e\u003ccode\u003ec4aac92\u003c/code\u003e\u003c/a\u003e Chore update buf v1.69.0 and license year (\u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/connectrpc/connect-go/commit/a5a6c30f3776b06ae05a66ab3bdd2d60c46db6db\"\u003e\u003ccode\u003ea5a6c30\u003c/code\u003e\u003c/a\u003e Bump Go from v1.24 to v1.25 (\u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/922\"\u003e#922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/connectrpc/connect-go/commit/138e2700eb60b8004363eb344031b317bf599a1f\"\u003e\u003ccode\u003e138e270\u003c/code\u003e\u003c/a\u003e Back to development (\u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/921\"\u003e#921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/getkin/kin-openapi` from 0.138.0 to 0.139.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getkin/kin-openapi/releases\"\u003egithub.com/getkin/kin-openapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.139.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(openapi3): batch-convert long-tail RequiredFieldError sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1170\"\u003egetkin/kin-openapi#1170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(openapi3): typed validation error clusters (combined: #1171-\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1179\"\u003e#1179\u003c/a\u003e) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1180\"\u003egetkin/kin-openapi#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3gen: skip component export for anonymous types by \u003ca href=\"https://github.com/0-don\"\u003e\u003ccode\u003e@​0-don\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1163\"\u003egetkin/kin-openapi#1163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTimestamps by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1181\"\u003egetkin/kin-openapi#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: typed context errors for Validate() wrapper chain by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1183\"\u003egetkin/kin-openapi#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: track Origin on the document root (T) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1184\"\u003egetkin/kin-openapi#1184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: tests flakiness corrected by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1159\"\u003egetkin/kin-openapi#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: aggregate independent validation errors via EnableMultiError by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1185\"\u003egetkin/kin-openapi#1185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: fix validation of duplicated path templates by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1189\"\u003egetkin/kin-openapi#1189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: type the remaining bare-error validation sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1187\"\u003egetkin/kin-openapi#1187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\"\u003ehttps://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/8381bfc73ce3bb241d298bc8415b8f724b6ddfb6\"\u003e\u003ccode\u003e8381bfc\u003c/code\u003e\u003c/a\u003e openapi3: type the remaining bare-error validation sites (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1187\"\u003e#1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/d29b5c043d31c47b3631020525397b7d1a1f4b6a\"\u003e\u003ccode\u003ed29b5c0\u003c/code\u003e\u003c/a\u003e openapi3: fix validation of duplicated path templates (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1189\"\u003e#1189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/e56c2c71f4cc7a433a13ff50e44b3da50b253c07\"\u003e\u003ccode\u003ee56c2c7\u003c/code\u003e\u003c/a\u003e openapi3: aggregate independent validation errors via EnableMultiError (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1185\"\u003e#1185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7ea1ac895326a469712d81507fe00d7c8957b8b6\"\u003e\u003ccode\u003e7ea1ac8\u003c/code\u003e\u003c/a\u003e openapi3: tests flakiness corrected (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1159\"\u003e#1159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/dc70f84ce64fa2d60e1e58d96f6b5686ba3dff3e\"\u003e\u003ccode\u003edc70f84\u003c/code\u003e\u003c/a\u003e openapi3: track Origin on the document root (T) (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1184\"\u003e#1184\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/69492dff6b62dddb9b27aeb7ebc9e0ee653e0263\"\u003e\u003ccode\u003e69492df\u003c/code\u003e\u003c/a\u003e openapi3: typed context errors for Validate() wrapper chain (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1183\"\u003e#1183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/0a89925163b66876c4bc357bca068d62e3d86c20\"\u003e\u003ccode\u003e0a89925\u003c/code\u003e\u003c/a\u003e un-patch YAML serialization of dates (see issue \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/55a4c7274045743fd7e6703ee14be408ae79d22d\"\u003e\u003ccode\u003e55a4c72\u003c/code\u003e\u003c/a\u003e openapi3: re-enable tests disabled due to YAML dates in map keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/c61836c51e8f6f2efebbe95f783a41f319c53aa7\"\u003e\u003ccode\u003ec61836c\u003c/code\u003e\u003c/a\u003e ci: fixup lint after modifications to marsh.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7633481fe3cd3a7027097aed588c285f3d21d238\"\u003e\u003ccode\u003e7633481\u003c/code\u003e\u003c/a\u003e feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTim...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/oapi-codegen/runtime` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oapi-codegen/runtime/releases\"\u003egithub.com/oapi-codegen/runtime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cp\u003eThis is a bug fix release.\u003c/p\u003e\n\u003cp\u003eChanges in \u003ccode\u003ev1.4.0\u003c/code\u003e, coupled with changes in \u003ccode\u003ev2.7.0\u003c/code\u003e of oapi-codegen exposed some new problems. \u003ccode\u003edeepObject\u003c/code\u003e style marshaling behavior now supports encoding unicode. UTF-8 can't be directly included in parameters, so we need to \u003ccode\u003e%\u003c/code\u003e escape it.\u003c/p\u003e\n\u003cp\u003eForm binding now detects maps, which makes binding to a Nullable possible. We can't use generics around \u003ccode\u003eNullable[T]\u003c/code\u003e, so we handle maps generically, assuming they're a Nullable with its behavior assumptions.\u003c/p\u003e\n\u003ch2\u003e🐛 Bug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix form binding of Nullables (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/133\"\u003e#133\u003c/a\u003e) \u003ca href=\"https://github.com/mromaszewicz\"\u003e\u003ccode\u003e@​mromaszewicz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePercent-encode deepObject parameter wire output (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/132\"\u003e#132\u003c/a\u003e) \u003ca href=\"https://github.com/mromaszewicz\"\u003e\u003ccode\u003e@​mromaszewicz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Dependency updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): update oapi-codegen/actions action to v0.7.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/127\"\u003e#127\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v4 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/107\"\u003e#107\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): update module github.com/kataras/iris/v12 to v12.2.11 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/11\"\u003e#11\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update release-drafter/release-drafter action to v7.2.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/122\"\u003e#122\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSponsors\u003c/h2\u003e\n\u003cp\u003eWe would like to thank our sponsors for their support during this release.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/2755f15aee0c946a782704399ba88f9830dc0912\"\u003e\u003ccode\u003e2755f15\u003c/code\u003e\u003c/a\u003e Fix form binding of Nullables (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/133\"\u003e#133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/17de1dd042b56f9848af5314d5399a8d8cf8591f\"\u003e\u003ccode\u003e17de1dd\u003c/code\u003e\u003c/a\u003e Percent-encode deepObject parameter wire output (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/d2b7c4c58e85cdc668508abccb138dbe0d15f9d9\"\u003e\u003ccode\u003ed2b7c4c\u003c/code\u003e\u003c/a\u003e chore(deps): update oapi-codegen/actions action to v0.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/6fd6c25e4f6db33e2c9c249403527ae83f30eba6\"\u003e\u003ccode\u003e6fd6c25\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/19040cc57320598827a0a591c6fdba6f46e3a5e8\"\u003e\u003ccode\u003e19040cc\u003c/code\u003e\u003c/a\u003e fix(deps): update module github.com/kataras/iris/v12 to v12.2.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/e05282eb5f0ed6981bf48165ba3e272d5cd062f8\"\u003e\u003ccode\u003ee05282e\u003c/code\u003e\u003c/a\u003e chore(deps): update release-drafter/release-drafter action to v7.2.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/oapi-codegen/runtime/compare/v1.4.0...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.51.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.51.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/Haya372/web-app-template/pull/205","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Haya372%2Fweb-app-template/issues/205","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/205/packages"},{"uuid":"4555884446","node_id":"PR_kwDOQ0U_YM7hAvxU","number":13,"state":"open","title":"deps(deps): bump github.com/go-chi/chi/v5 from 5.2.2 to 5.3.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T22:27:49.000Z","updated_at":"2026-05-31T00:01:53.028Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps)","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.2","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":null,"ecosystem":"go"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.2 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.2...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5\u0026package-manager=go_modules\u0026previous-version=5.2.2\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/define42/rdp-tls-gateway/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/define42%2Frdp-tls-gateway/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"4554807704","node_id":"PR_kwDOSlSFWs7g9iuN","number":9,"state":"closed","title":"build(deps): bump the go-deps group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-07T22:22:32.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-30T15:18:21.000Z","updated_at":"2026-06-07T22:22:34.000Z","time_to_close":716651,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go-deps","update_count":7,"packages":[{"name":"github.com/aws/aws-sdk-go-v2","old_version":"1.41.7","new_version":"1.41.12","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/config","old_version":"1.32.17","new_version":"1.32.23","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/s3","old_version":"1.101.0","new_version":"1.103.2","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/yuin/goldmark","old_version":"1.5.4","new_version":"1.8.2","repository_url":"https://github.com/yuin/goldmark"},{"name":"golang.org/x/crypto","old_version":"0.51.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-deps group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.7` | `1.41.12` |\n| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.23` |\n| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.101.0` | `1.103.2` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/yuin/goldmark](https://github.com/yuin/goldmark) | `1.5.4` | `1.8.2` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.52.0` |\n\n\nUpdates `github.com/aws/aws-sdk-go-v2` from 1.41.7 to 1.41.12\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7146c2b4007293f0acc9b2e8b92ffa7a30841df0\"\u003e\u003ccode\u003e7146c2b\u003c/code\u003e\u003c/a\u003e Release 2026-06-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5aef2fd8a4027ecf34eb5e32a28ff4a955b353d6\"\u003e\u003ccode\u003e5aef2fd\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f94c04478d36a4ffb777221761459fb4b1d20cba\"\u003e\u003ccode\u003ef94c044\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f00b205128286d6431115dd078da3c36197999f4\"\u003e\u003ccode\u003ef00b205\u003c/code\u003e\u003c/a\u003e bump to smithy-go v1.27.1 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c4ad7dee6ebd9a3e1c7ee208f77e4ac8532b17c9\"\u003e\u003ccode\u003ec4ad7de\u003c/code\u003e\u003c/a\u003e drop service/internal/benchmark (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3433\"\u003e#3433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/91eca463daf932474778dc4a984c41ecfcd9dc3c\"\u003e\u003ccode\u003e91eca46\u003c/code\u003e\u003c/a\u003e Release 2026-06-03.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e9d9e156c352b4956ed0b3d57614467d1f79c62b\"\u003e\u003ccode\u003ee9d9e15\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/def6a3a4bb06c199a4843c501d84730d8235cab4\"\u003e\u003ccode\u003edef6a3a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/fa369bd7bb9576e85ac094a43a15e8372a3d0129\"\u003e\u003ccode\u003efa369bd\u003c/code\u003e\u003c/a\u003e Release 2026-06-03\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/960ee4dc8380a46ded94f3976e073242d42bf8ed\"\u003e\u003ccode\u003e960ee4d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/v1.41.7...v1.41.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.23\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7146c2b4007293f0acc9b2e8b92ffa7a30841df0\"\u003e\u003ccode\u003e7146c2b\u003c/code\u003e\u003c/a\u003e Release 2026-06-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5aef2fd8a4027ecf34eb5e32a28ff4a955b353d6\"\u003e\u003ccode\u003e5aef2fd\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f94c04478d36a4ffb777221761459fb4b1d20cba\"\u003e\u003ccode\u003ef94c044\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f00b205128286d6431115dd078da3c36197999f4\"\u003e\u003ccode\u003ef00b205\u003c/code\u003e\u003c/a\u003e bump to smithy-go v1.27.1 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c4ad7dee6ebd9a3e1c7ee208f77e4ac8532b17c9\"\u003e\u003ccode\u003ec4ad7de\u003c/code\u003e\u003c/a\u003e drop service/internal/benchmark (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3433\"\u003e#3433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/91eca463daf932474778dc4a984c41ecfcd9dc3c\"\u003e\u003ccode\u003e91eca46\u003c/code\u003e\u003c/a\u003e Release 2026-06-03.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e9d9e156c352b4956ed0b3d57614467d1f79c62b\"\u003e\u003ccode\u003ee9d9e15\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/def6a3a4bb06c199a4843c501d84730d8235cab4\"\u003e\u003ccode\u003edef6a3a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/fa369bd7bb9576e85ac094a43a15e8372a3d0129\"\u003e\u003ccode\u003efa369bd\u003c/code\u003e\u003c/a\u003e Release 2026-06-03\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/960ee4dc8380a46ded94f3976e073242d42bf8ed\"\u003e\u003ccode\u003e960ee4d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.17...config/v1.32.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.16 to 1.19.22\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7146c2b4007293f0acc9b2e8b92ffa7a30841df0\"\u003e\u003ccode\u003e7146c2b\u003c/code\u003e\u003c/a\u003e Release 2026-06-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5aef2fd8a4027ecf34eb5e32a28ff4a955b353d6\"\u003e\u003ccode\u003e5aef2fd\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f94c04478d36a4ffb777221761459fb4b1d20cba\"\u003e\u003ccode\u003ef94c044\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f00b205128286d6431115dd078da3c36197999f4\"\u003e\u003ccode\u003ef00b205\u003c/code\u003e\u003c/a\u003e bump to smithy-go v1.27.1 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c4ad7dee6ebd9a3e1c7ee208f77e4ac8532b17c9\"\u003e\u003ccode\u003ec4ad7de\u003c/code\u003e\u003c/a\u003e drop service/internal/benchmark (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3433\"\u003e#3433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/91eca463daf932474778dc4a984c41ecfcd9dc3c\"\u003e\u003ccode\u003e91eca46\u003c/code\u003e\u003c/a\u003e Release 2026-06-03.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e9d9e156c352b4956ed0b3d57614467d1f79c62b\"\u003e\u003ccode\u003ee9d9e15\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/def6a3a4bb06c199a4843c501d84730d8235cab4\"\u003e\u003ccode\u003edef6a3a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/fa369bd7bb9576e85ac094a43a15e8372a3d0129\"\u003e\u003ccode\u003efa369bd\u003c/code\u003e\u003c/a\u003e Release 2026-06-03\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/960ee4dc8380a46ded94f3976e073242d42bf8ed\"\u003e\u003ccode\u003e960ee4d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.19.16...credentials/v1.19.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.101.0 to 1.103.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7146c2b4007293f0acc9b2e8b92ffa7a30841df0\"\u003e\u003ccode\u003e7146c2b\u003c/code\u003e\u003c/a\u003e Release 2026-06-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5aef2fd8a4027ecf34eb5e32a28ff4a955b353d6\"\u003e\u003ccode\u003e5aef2fd\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f94c04478d36a4ffb777221761459fb4b1d20cba\"\u003e\u003ccode\u003ef94c044\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f00b205128286d6431115dd078da3c36197999f4\"\u003e\u003ccode\u003ef00b205\u003c/code\u003e\u003c/a\u003e bump to smithy-go v1.27.1 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c4ad7dee6ebd9a3e1c7ee208f77e4ac8532b17c9\"\u003e\u003ccode\u003ec4ad7de\u003c/code\u003e\u003c/a\u003e drop service/internal/benchmark (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3433\"\u003e#3433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/91eca463daf932474778dc4a984c41ecfcd9dc3c\"\u003e\u003ccode\u003e91eca46\u003c/code\u003e\u003c/a\u003e Release 2026-06-03.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e9d9e156c352b4956ed0b3d57614467d1f79c62b\"\u003e\u003ccode\u003ee9d9e15\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/def6a3a4bb06c199a4843c501d84730d8235cab4\"\u003e\u003ccode\u003edef6a3a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/fa369bd7bb9576e85ac094a43a15e8372a3d0129\"\u003e\u003ccode\u003efa369bd\u003c/code\u003e\u003c/a\u003e Release 2026-06-03\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/960ee4dc8380a46ded94f3976e073242d42bf8ed\"\u003e\u003ccode\u003e960ee4d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.101.0...service/s3/v1.103.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/yuin/goldmark` from 1.5.4 to 1.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/yuin/goldmark/releases\"\u003egithub.com/yuin/goldmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.2\u003c/h2\u003e\n\u003cp\u003efix: setext headings positions\u003c/p\u003e\n\u003ch2\u003ev1.8.1\u003c/h2\u003e\n\u003cp\u003efix: block positions\u003c/p\u003e\n\u003ch2\u003ev1.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: add position information to all nodes\n\u003cul\u003e\n\u003cli\u003eadd position information to all nodes, including inline nodes and link\nreference definition nodes.\u003c/li\u003e\n\u003cli\u003eNow link reference definition nodes are represented as a new node\ntype.\u003c/li\u003e\n\u003cli\u003eLink and image nodes have a new field Reference which is a pointer to the reference\nlink if this link is a reference link. This field is nil for non-reference\nlinks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.7.17 release\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/yuin/goldmark/compare/v1.7.16...v1.7.17\"\u003ehttps://github.com/yuin/goldmark/compare/v1.7.16...v1.7.17\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.16 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.15 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.14 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.13 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.12 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.11 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.10 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.9 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.8 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.7 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.6 release\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/379bf24a47e6ef07f34d7536aead86d8792ac300\"\u003e\u003ccode\u003e379bf24\u003c/code\u003e\u003c/a\u003e fix: setext headings positions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/e8f2337fccef96576bce4b811a9dcdaa3bf23405\"\u003e\u003ccode\u003ee8f2337\u003c/code\u003e\u003c/a\u003e fix: block positions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/dfa1ae1da52047c906b3345ad503ebc84a880734\"\u003e\u003ccode\u003edfa1ae1\u003c/code\u003e\u003c/a\u003e feat: add position information to all nodes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/cb46bbc4eca29d55aa9721e04ad207c23ccc44f9\"\u003e\u003ccode\u003ecb46bbc\u003c/code\u003e\u003c/a\u003e fix: prevent XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/d8b123c855fc895a2c8672c530ba9d9f2382d5ef\"\u003e\u003ccode\u003ed8b123c\u003c/code\u003e\u003c/a\u003e refactor: simplify codes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/db34c99a0722f927d5e414fc9533deb3474bddfb\"\u003e\u003ccode\u003edb34c99\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/yuin/goldmark/issues/535\"\u003e#535\u003c/a\u003e from Sebbito/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/5a2a2bfa203daca9b0d2ba38e4c4d607ccb1090b\"\u003e\u003ccode\u003e5a2a2bf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/yuin/goldmark/issues/545\"\u003e#545\u003c/a\u003e from maxatome/fix-table-panic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/9aca46208ebdae2e37585d93082206adbc9b012c\"\u003e\u003ccode\u003e9aca462\u003c/code\u003e\u003c/a\u003e fix(table): if table cell attribute is a string, a panic occurs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/246a6f1d91a3fa1ef76d6d0ec7085ed61e7638f6\"\u003e\u003ccode\u003e246a6f1\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/yuin/goldmark/issues/542\"\u003e#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/2589b6a801c1e604888cbd010e867a5614c3021e\"\u003e\u003ccode\u003e2589b6a\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/yuin/goldmark/issues/541\"\u003e#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/yuin/goldmark/compare/v1.5.4...v1.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.51.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.51.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/MattJackson/basement/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MattJackson%2Fbasement/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4551866990","node_id":"PR_kwDOPrYSMc7g0ZQ3","number":38,"state":"open","title":"chore(deps): bump the go_modules group across 5 directories with 28 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T21:53:39.000Z","updated_at":"2026-05-30T00:01:27.864Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go_modules","update_count":28,"packages":[{"name":"github.com/distribution/distribution/v3","old_version":"3.0.0-20220128175647-b60926597a1b","new_version":"3.1.1","repository_url":"https://github.com/distribution/distribution"},{"name":"github.com/go-git/go-git/v5","old_version":"5.11.0","new_version":"5.19.1","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/moby/buildkit","old_version":"0.12.5","new_version":"0.28.1","repository_url":"https://github.com/moby/buildkit"},{"name":"github.com/russellhaering/gosaml2","old_version":"0.9.1","new_version":"0.11.0","repository_url":"https://github.com/russellhaering/gosaml2"},{"name":"github.com/slack-go/slack","old_version":"0.10.1","new_version":"0.23.1","repository_url":"https://github.com/slack-go/slack"},{"name":"chainguard.dev/apko","old_version":"0.14.0","new_version":"1.2.7","repository_url":"https://github.com/chainguard-dev/apko"},{"name":"github.com/jackc/pgx/v5","old_version":"5.5.5","new_version":"5.9.2","repository_url":"https://github.com/jackc/pgx"},{"name":"github.com/go-chi/chi/v5","old_version":"5.0.10","new_version":"5.2.2","repository_url":"https://github.com/go-chi/chi"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) | `3.0.0-20220128175647-b60926597a1b` | `3.1.1` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.11.0` | `5.19.1` |\n| [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.12.5` | `0.28.1` |\n| [github.com/russellhaering/gosaml2](https://github.com/russellhaering/gosaml2) | `0.9.1` | `0.11.0` |\n| [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.10.1` | `0.23.1` |\n| [chainguard.dev/apko](https://github.com/chainguard-dev/apko) | `0.14.0` | `1.2.7` |\n| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.5` | `5.9.2` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.0.10` | `5.2.2` |\n\nBumps the go_modules group with 4 updates in the /internal/cmd/progress-bot directory: [github.com/slack-go/slack](https://github.com/slack-go/slack), [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/oauth2](https://github.com/golang/oauth2) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 4 updates in the /lib directory: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/oauth2](https://github.com/golang/oauth2), [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 6 updates in the /lib/managedservicesplatform directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.25.0` | `1.43.0` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.21.0` | `0.27.0` |\n| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.5` | `5.9.2` |\n| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.5.3` | `9.5.5` |\n| [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) | `1.1.0` | `1.1.1` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.65.0` | `1.79.3` |\n\nBumps the go_modules group with 3 updates in the /monitoring directory: [golang.org/x/crypto](https://github.com/golang/crypto), [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) and [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp).\n\nUpdates `github.com/distribution/distribution/v3` from 3.0.0-20220128175647-b60926597a1b to 3.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/distribution/distribution/releases\"\u003egithub.com/distribution/distribution/v3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the \u003ccode\u003ev3.1.1\u003c/code\u003e release of registry!\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis is a stable release\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/distribution/distribution/issues\"\u003ehttps://github.com/distribution/distribution/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eNotable Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-41888\"\u003eCVE-2026-41888\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBounds-check the file basename in PurgeUploads Walk callback\u003c/li\u003e\n\u003cli\u003eAdd S3 Express One Zone support to the S3 storage driver (\u003ca href=\"https://redirect.github.com/distribution/distribution/issues/4858\"\u003e#4858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix tag list endpoint in proxy mode (\u003ca href=\"https://redirect.github.com/distribution/distribution/issues/4846\"\u003e#4846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClamp oversized \u003ccode\u003en\u003c/code\u003e query parameter in proxy mode instead of returning 400 (\u003ca href=\"https://redirect.github.com/distribution/distribution/issues/4856\"\u003e#4856\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full changelog below for the full list of changes.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003einternal/client/auth/challenge: cleanups and minor refactor by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4832\"\u003edistribution/distribution#4832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.18.0 to 0.19.0 in the go_modules group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4843\"\u003edistribution/distribution#4843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in the go_modules group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4850\"\u003edistribution/distribution#4850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 4.34.1 to 4.35.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4840\"\u003edistribution/distribution#4840\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(build): Bump go version to latest by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4851\"\u003edistribution/distribution#4851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: use slices.Backward to simplify the code by \u003ca href=\"https://github.com/chuanshanjida\"\u003e\u003ccode\u003e@​chuanshanjida\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4848\"\u003edistribution/distribution#4848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(proxy): fix tag list endpoint in proxy mode by \u003ca href=\"https://github.com/njucjc\"\u003e\u003ccode\u003e@​njucjc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4846\"\u003edistribution/distribution#4846\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docker-compose structure in deploying.md by \u003ca href=\"https://github.com/jdg71nl\"\u003e\u003ccode\u003e@​jdg71nl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4855\"\u003edistribution/distribution#4855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4854\"\u003edistribution/distribution#4854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4852\"\u003edistribution/distribution#4852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/login-action from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4847\"\u003edistribution/distribution#4847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/bake-action from 7.0.0 to 7.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4853\"\u003edistribution/distribution#4853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(proxy): clamp oversized n query param instead of returning 400 by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4856\"\u003edistribution/distribution#4856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(s3): add express zone one support to S3 driver by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4858\"\u003edistribution/distribution#4858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(storage): bounds-check the file basename in PurgeUploads Walk callback by \u003ca href=\"https://github.com/SAY-5\"\u003e\u003ccode\u003e@​SAY-5\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4860\"\u003edistribution/distribution#4860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): prepare for v3.1.1 release by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4864\"\u003edistribution/distribution#4864\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chuanshanjida\"\u003e\u003ccode\u003e@​chuanshanjida\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4848\"\u003edistribution/distribution#4848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jdg71nl\"\u003e\u003ccode\u003e@​jdg71nl\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4855\"\u003edistribution/distribution#4855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SAY-5\"\u003e\u003ccode\u003e@​SAY-5\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4860\"\u003edistribution/distribution#4860\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/distribution/distribution/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the \u003ccode\u003ev3.1.0\u003c/code\u003e release of registry!\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis is a stable release\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/distribution/distribution/issues\"\u003ehttps://github.com/distribution/distribution/issues\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/distribution/distribution/commits/v3.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-git/go-git/v5` from 5.11.0 to 5.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-git/go-git/releases\"\u003egithub.com/go-git/go-git/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ev5: plumbing: transport/ssh, Shell-quote path by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2068\"\u003ego-git/go-git#2068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: git: submodule, Fix relative URL resolution by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2070\"\u003ego-git/go-git#2070\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: git: submodule, canonical remote for relative URLs by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2074\"\u003ego-git/go-git#2074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: git: submodule, error on remote without URLs by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2078\"\u003ego-git/go-git#2078\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: plumbing: format/idxfile, Validate offset64 indices by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2084\"\u003ego-git/go-git#2084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: *: Reject malformed variable-length integers by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2092\"\u003ego-git/go-git#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: plumbing: format/packfile, Tighten delta validation by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2091\"\u003ego-git/go-git#2091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: Add \u003ccode\u003eworktreeFilesystem\u003c/code\u003e wrapper for worktree and hardening by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2100\"\u003ego-git/go-git#2100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: config: validate submodule names by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2082\"\u003ego-git/go-git#2082\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2111\"\u003ego-git/go-git#2111\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: git: Allow MkdirAll on worktree-root paths by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2117\"\u003ego-git/go-git#2117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: git: Stop validating symlink target paths by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2116\"\u003ego-git/go-git#2116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: plumbing: format decoder input bounds and contracts by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2125\"\u003ego-git/go-git#2125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: format/packfile, cap delta chain depth in parser by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2137\"\u003ego-git/go-git#2137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1\"\u003ehttps://github.com/go-git/go-git/compare/v5.19.0...v5.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2010\"\u003ego-git/go-git#2010\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: Bump sha1cd and go-billy by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2060\"\u003ego-git/go-git#2060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: Align object encoding with upstream by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2065\"\u003ego-git/go-git#2065\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.18.0...v5.19.0\"\u003ehttps://github.com/go-git/go-git/compare/v5.18.0...v5.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eplumbing: transport/http, Add support for followRedirects policy by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2004\"\u003ego-git/go-git#2004\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0\"\u003ehttps://github.com/go-git/go-git/compare/v5.17.2...v5.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.17.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1941\"\u003ego-git/go-git#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edotgit: skip writing pack files that already exist on disk by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1944\"\u003ego-git/go-git#1944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e:warning: This release fixes a bug (\u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1942\"\u003ego-git/go-git#1942\u003c/a\u003e) that blocked some users from upgrading to \u003ccode\u003ev5.17.1\u003c/code\u003e. Thanks \u003ca href=\"https://github.com/pskrbasu\"\u003e\u003ccode\u003e@​pskrbasu\u003c/code\u003e\u003c/a\u003e for reporting it. :bow:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2\"\u003ehttps://github.com/go-git/go-git/compare/v5.17.1...v5.17.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.17.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild: Update module github.com/cloudflare/circl to v1.6.3 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1930\"\u003ego-git/go-git#1930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v5] plumbing: format/index, Improve v4 entry name validation by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1935\"\u003ego-git/go-git#1935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v5] plumbing: format/idxfile, Fix version and fanout checks by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1937\"\u003ego-git/go-git#1937\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/3c3be601aa6c0fd0d536c0d1e4f898b4c60e65fe\"\u003e\u003ccode\u003e3c3be60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/2137\"\u003e#2137\u003c/a\u003e from go-git/validate-v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/3fba897bd9e84b1aec170fa708b80e297b7d6cf6\"\u003e\u003ccode\u003e3fba897\u003c/code\u003e\u003c/a\u003e plumbing: format/packfile, cap delta chain depth in parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/a97d6601c85e017bb64c2b0f2e3169f6ef6a6709\"\u003e\u003ccode\u003ea97d660\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/2125\"\u003e#2125\u003c/a\u003e from hiddeco/v5/format-input-bounds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/aeaa125c8af8e4c4c95b574c22c5633e97fc436e\"\u003e\u003ccode\u003eaeaa125\u003c/code\u003e\u003c/a\u003e plumbing: format/objfile, require Header before Read\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/1f38e171218526ea254a73187a52f0648253c1b8\"\u003e\u003ccode\u003e1f38e17\u003c/code\u003e\u003c/a\u003e plumbing: format/packfile, bound inflate size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/f7545a02529e03998d6a7219140dc0e6644ad337\"\u003e\u003ccode\u003ef7545a0\u003c/code\u003e\u003c/a\u003e plumbing: format/idxfile, bound nr by file size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/170b88181f385913a457a08b68c88956fb3f8e4f\"\u003e\u003ccode\u003e170b881\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/2116\"\u003e#2116\u003c/a\u003e from pjbgf/symlink-v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/7b6d994467f06630268904aa3c441b6de7248b31\"\u003e\u003ccode\u003e7b6d994\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/2117\"\u003e#2117\u003c/a\u003e from hiddeco/v5/worktree-fs-mkdirall-root-noop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/f0709b32f8fbb87c16cd63c6762d2cd515f36541\"\u003e\u003ccode\u003ef0709b3\u003c/code\u003e\u003c/a\u003e git: Stop validating symlink target paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/776d00f11d336f26862d0f2bab987b217f3a7844\"\u003e\u003ccode\u003e776d00f\u003c/code\u003e\u003c/a\u003e git: Allow MkdirAll on worktree-root paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-git/go-git/compare/v5.11.0...v5.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/buildkit` from 0.12.5 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/buildkit/releases\"\u003egithub.com/moby/buildkit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v0.28.1 release of buildkit!\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/moby/buildkit/issues\"\u003ehttps://github.com/moby/buildkit/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTõnis Tiigi\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNotable Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix insufficient validation of Git URL \u003ccode\u003e#ref:subdir\u003c/code\u003e fragments that could allow access to restricted files outside the checked-out repository root. \u003ca href=\"https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg\"\u003eGHSA-4vrq-3vrq-g6gg\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. \u003ca href=\"https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj\"\u003eGHSA-4c29-8rgm-jvjj\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a panic when processing invalid \u003ccode\u003e.dockerignore\u003c/code\u003e patterns during \u003ccode\u003eCOPY\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/6610\"\u003e#6610\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/patternmatcher/issues/9\"\u003emoby/patternmatcher#9\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/moby/patternmatcher\u003c/strong\u003e  v0.6.0 -\u0026gt; v0.6.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/moby/buildkit/releases/tag/v0.28.0\"\u003ev0.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.28.0\u003c/h2\u003e\n\u003cp\u003ebuildkit 0.28.0\u003c/p\u003e\n\u003cp\u003eWelcome to the v0.28.0 release of buildkit!\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/moby/buildkit/issues\"\u003ehttps://github.com/moby/buildkit/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTõnis Tiigi\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003cli\u003eJonathan A. Sternberg\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAmr Mahdi\u003c/li\u003e\n\u003cli\u003eDan Duvall\u003c/li\u003e\n\u003cli\u003eDavid Karlsson\u003c/li\u003e\n\u003cli\u003eJonas Geiler\u003c/li\u003e\n\u003cli\u003eKevin L.\u003c/li\u003e\n\u003cli\u003ersteube\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/45b038cd0b2ec2d34013ce0f085522276f7ee0d8\"\u003e\u003ccode\u003e45b038c\u003c/code\u003e\u003c/a\u003e git: normalize and validate subdir paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/f5462c216098af766f97ea4cb328e65c6d8f7256\"\u003e\u003ccode\u003ef5462c2\u003c/code\u003e\u003c/a\u003e git: harden ref arg handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/71577a5da7a2b3ab75a90c2cfedfda0c27d1ef40\"\u003e\u003ccode\u003e71577a5\u003c/code\u003e\u003c/a\u003e source: extract SafeFileName into shared pathutil package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/df4378316f3b000403d097551a8139a700bd823d\"\u003e\u003ccode\u003edf43783\u003c/code\u003e\u003c/a\u003e source/http: use os.Root for saved file operations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/9ce6f62aca0653657047ee613cdef22f38b31244\"\u003e\u003ccode\u003e9ce6f62\u003c/code\u003e\u003c/a\u003e source/http: sanitize downloaded filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/099cf80f5ebc935c48d2925499bffe703a54cff4\"\u003e\u003ccode\u003e099cf80\u003c/code\u003e\u003c/a\u003e executor: validate container IDs centrally\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/2642113bbc9d969d223c37aaabca4b50613fddf9\"\u003e\u003ccode\u003e2642113\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/6610\"\u003e#6610\u003c/a\u003e from thaJeztah/0.28_backport_bump_patternmatcher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/802da78332d9f2c6c9d856c1648ab52c701076fa\"\u003e\u003ccode\u003e802da78\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/patternmatcher v0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/5245d869d85d9c98f986b600584c332a3b001986\"\u003e\u003ccode\u003e5245d86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/6551\"\u003e#6551\u003c/a\u003e from tonistiigi/v0.28-cherry-picks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/90ee5deef6c6efcb82358eb48d76235191196db1\"\u003e\u003ccode\u003e90ee5de\u003c/code\u003e\u003c/a\u003e vendor: update x/net to v0.51.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/buildkit/compare/v0.12.5...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/russellhaering/gosaml2` from 0.9.1 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/russellhaering/gosaml2/releases\"\u003egithub.com/russellhaering/gosaml2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.11.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReject unsigned SAML \u003ccode\u003eLogoutRequest\u003c/code\u003e when signature validation is enabled. Previously, \u003ccode\u003eValidateEncodedLogoutRequestPOST\u003c/code\u003e silently accepted unsigned requests even when \u003ccode\u003eSkipSignatureValidation\u003c/code\u003e was \u003ccode\u003efalse\u003c/code\u003e. (GHSA-pcgw-qcv5-h8ch)\u003c/li\u003e\n\u003cli\u003eSecurity hardening: CBC bounds check to prevent panics from crafted ciphertext, replaced \u003ccode\u003epanic()\u003c/code\u003e calls with error returns, and assertion signatures within a signed Response envelope are now verified when present (previously they were skipped entirely, which could allow XML wrapping attacks)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd oss-fuzz integration\u003c/li\u003e\n\u003cli\u003eBump minimum Go version to 1.25\u003c/li\u003e\n\u003cli\u003eUpdate dependencies: goxmldsig v1.6.0, etree v1.6.0, testify v1.11.1\u003c/li\u003e\n\u003cli\u003eBump all GitHub Actions to latest versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/russellhaering/gosaml2/compare/v0.10.0...v0.11.0\"\u003ehttps://github.com/russellhaering/gosaml2/compare/v0.10.0...v0.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport encryption and signing keys that implement crypto.Signer by \u003ca href=\"https://github.com/nicksnyder\"\u003e\u003ccode\u003e@​nicksnyder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/russellhaering/gosaml2/pull/131\"\u003erussellhaering/gosaml2#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid panic when the encrypted data has wrong size for CBC by \u003ca href=\"https://github.com/fformica\"\u003e\u003ccode\u003e@​fformica\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/russellhaering/gosaml2/pull/195\"\u003erussellhaering/gosaml2#195\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity hardening by \u003ca href=\"https://github.com/ahacker1-securesaml\"\u003e\u003ccode\u003e@​ahacker1-securesaml\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency and CI updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nicksnyder\"\u003e\u003ccode\u003e@​nicksnyder\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/russellhaering/gosaml2/pull/131\"\u003erussellhaering/gosaml2#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fformica\"\u003e\u003ccode\u003e@​fformica\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/russellhaering/gosaml2/pull/195\"\u003erussellhaering/gosaml2#195\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/russellhaering/gosaml2/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/russellhaering/gosaml2/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/636e7dda202a4d669644e72404a82616ffcbe004\"\u003e\u003ccode\u003e636e7dd\u003c/code\u003e\u003c/a\u003e Bump all GitHub Actions to latest versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/1e9cc447527b4031ffd8e7a2cb64b99289ffde29\"\u003e\u003ccode\u003e1e9cc44\u003c/code\u003e\u003c/a\u003e Bump minimum Go version to 1.25 and update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/7159bbee574ae311e3c995df506c2e61cf2c232a\"\u003e\u003ccode\u003e7159bbe\u003c/code\u003e\u003c/a\u003e Reject unsigned LogoutRequest when signature validation is enabled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/4ddcc822c3c2bb6676221cbf2259e141b2f2e315\"\u003e\u003ccode\u003e4ddcc82\u003c/code\u003e\u003c/a\u003e Security hardening: CBC bounds check, panic removal, assertion signature veri...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/d57d10562c0a9243d5a6d86fff5067d34c7f045f\"\u003e\u003ccode\u003ed57d105\u003c/code\u003e\u003c/a\u003e Add oss-fuzz integration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/e8596e7457e1657e90dd2fb18da03e03fc4ae1a4\"\u003e\u003ccode\u003ee8596e7\u003c/code\u003e\u003c/a\u003e Fix tests broken by expired IDP test certificate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/5d20d420e18a8e08e870d145be26bc8110073d90\"\u003e\u003ccode\u003e5d20d42\u003c/code\u003e\u003c/a\u003e Bump github.com/beevik/etree from 1.5.0 to 1.5.1 (\u003ca href=\"https://redirect.github.com/russellhaering/gosaml2/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/115aa21abac634a1c9b68c2a30505b60b148f8cc\"\u003e\u003ccode\u003e115aa21\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.28.12 to 3.28.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/cdd66bccd151b682fe99fec82a1c8c4ecdba8ff0\"\u003e\u003ccode\u003ecdd66bc\u003c/code\u003e\u003c/a\u003e Tidy dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/3418f9ae09063ff8df0ce1bd93f24e538e614def\"\u003e\u003ccode\u003e3418f9a\u003c/code\u003e\u003c/a\u003e Avoid panic when the encrypted data has wrong size for CBC\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/russellhaering/gosaml2/compare/v0.9.1...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/russellhaering/goxmldsig` from 1.4.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/russellhaering/goxmldsig/releases\"\u003egithub.com/russellhaering/goxmldsig's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSecurity:\u003c/strong\u003e Fix possible signature validation bypass caused by loop variable capture in \u003ccode\u003evalidateSignature\u003c/code\u003e (GHSA-479m-364c-43vc)\u003c/li\u003e\n\u003cli\u003eBump minimum Go version to 1.23\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egithub.com/beevik/etree\u003c/code\u003e to v1.6.0\u003c/li\u003e\n\u003cli\u003eAdd fuzz tests for XML signature validation and canonicalization\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/russellhaering/goxmldsig/compare/v1.5.0...v1.6.0\"\u003ehttps://github.com/russellhaering/goxmldsig/compare/v1.5.0...v1.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump dependencies\u003c/li\u003e\n\u003cli\u003eUpdate GitHub workflows\u003c/li\u003e\n\u003cli\u003eSecurity hardening by \u003ca href=\"https://github.com/ahacker1-securesaml\"\u003e\u003ccode\u003e@​ahacker1-securesaml\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/russellhaering/goxmldsig/compare/v1.4.0...v1.5.0\"\u003ehttps://github.com/russellhaering/goxmldsig/compare/v1.4.0...v1.5.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/878c8c615feb628064040115d00e105a137fcfa7\"\u003e\u003ccode\u003e878c8c6\u003c/code\u003e\u003c/a\u003e Apply go fix ./...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/db3d1e31f7535d7f5debb49851b9e9a2ff08b936\"\u003e\u003ccode\u003edb3d1e3\u003c/code\u003e\u003c/a\u003e Fix loop variable capture bug in validateSignature\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/4f576b89acf01f68983ca5cb9dcebd0b460234bc\"\u003e\u003ccode\u003e4f576b8\u003c/code\u003e\u003c/a\u003e Bump dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/79c29ee3ed2da54553a4132b372ced83185fcf12\"\u003e\u003ccode\u003e79c29ee\u003c/code\u003e\u003c/a\u003e Rename FuzzValidate to FuzzValidateXML to avoid name collision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/ac7bf745b9fd3d92460ad9be3459a97b0e3bf89f\"\u003e\u003ccode\u003eac7bf74\u003c/code\u003e\u003c/a\u003e Add fuzz tests for XML signature validation and canonicalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/a5805dfad93fc67a2106a1dc6d881df83769e3eb\"\u003e\u003ccode\u003ea5805df\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 2.13.4 to 3.28.17 (\u003ca href=\"https://redirect.github.com/russellhaering/goxmldsig/issues/155\"\u003e#155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/7dac9ec3b2a1a336d73ff091fba4131d186dfec6\"\u003e\u003ccode\u003e7dac9ec\u003c/code\u003e\u003c/a\u003e Update GitHub Workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/1bf54ca740682fac1149814344c24c722fde8238\"\u003e\u003ccode\u003e1bf54ca\u003c/code\u003e\u003c/a\u003e Bump dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/e1c8a5b89d1d03089aa1a0ec546b33aaf80ee02f\"\u003e\u003ccode\u003ee1c8a5b\u003c/code\u003e\u003c/a\u003e Refactor to help eliminate potential vulnerabilities:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/2ac5490a2441a3484e030c5cfeb02ce62886c01a\"\u003e\u003ccode\u003e2ac5490\u003c/code\u003e\u003c/a\u003e Refactor .verifyCertificate to obtain the certificate from an identifier from...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/russellhaering/goxmldsig/compare/v1.4.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/slack-go/slack` from 0.10.1 to 0.23.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slack-go/slack/releases\"\u003egithub.com/slack-go/slack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.23.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nEven though this is a [security] patch release, if you were using an empty secret, this is a breaking change due to a change in behaviour. That's on purpose, to ensure you fix your approach so that there are no footguns.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eNewSecretsVerifier\u003c/code\u003e now rejects empty signing secrets to avoid accepting forged request\nsignatures when applications are misconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/slack-go/slack/compare/v0.23.0...v0.23.1\"\u003ehttps://github.com/slack-go/slack/compare/v0.23.0...v0.23.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.23.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(socketmode): expose socketmode handler \u003ccode\u003edispatcher\u003c/code\u003e method by \u003ca href=\"https://github.com/nlopes\"\u003e\u003ccode\u003e@​nlopes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1550\"\u003eslack-go/slack#1550\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(block): add card and carousel blocks by \u003ca href=\"https://github.com/nlopes\"\u003e\u003ccode\u003e@​nlopes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1551\"\u003eslack-go/slack#1551\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(assistant): add username and icon to status update by \u003ca href=\"https://github.com/charleenwang\"\u003e\u003ccode\u003e@​charleenwang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1553\"\u003eslack-go/slack#1553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(block): add alert block by \u003ca href=\"https://github.com/nlopes\"\u003e\u003ccode\u003e@​nlopes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1552\"\u003eslack-go/slack#1552\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charleenwang\"\u003e\u003ccode\u003e@​charleenwang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1553\"\u003eslack-go/slack#1553\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/slack-go/slack/compare/v0.22.0...v0.23.0\"\u003ehttps://github.com/slack-go/slack/compare/v0.22.0...v0.23.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.22.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eOAuth PKCE support\u003c/strong\u003e - \u003ccode\u003eOAuthOptionCodeVerifier\u003c/code\u003e option for \u003ccode\u003eGetOAuthV2Response\u003c/code\u003e, plus \u003ccode\u003eGenerateCodeVerifier()\u003c/code\u003e and \u003ccode\u003eGenerateCodeChallenge()\u003c/code\u003e helpers (RFC 7636). \u003ccode\u003eclient_secret\u003c/code\u003e is now conditionally omitted when empty in both \u003ccode\u003eGetOAuthV2ResponseContext\u003c/code\u003e and \u003ccode\u003eRefreshOAuthV2TokenContext\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eManifest scope fields\u003c/strong\u003e - \u003ccode\u003eBotOptional\u003c/code\u003e and \u003ccode\u003eUserOptional\u003c/code\u003e on \u003ccode\u003eOAuthScopes\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRich text styles\u003c/strong\u003e - \u003ccode\u003eUnderline\u003c/code\u003e, \u003ccode\u003eHighlight\u003c/code\u003e, \u003ccode\u003eClientHighlight\u003c/code\u003e, and \u003ccode\u003eUnlink\u003c/code\u003e on \u003ccode\u003eRichTextSectionTextStyle\u003c/code\u003e. \u003ccode\u003eStyle\u003c/code\u003e field on \u003ccode\u003eRichTextSectionUserGroupElement\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAssistant search context\u003c/strong\u003e - \u003ccode\u003eSort\u003c/code\u003e, \u003ccode\u003eSortDir\u003c/code\u003e, \u003ccode\u003eBefore\u003c/code\u003e, \u003ccode\u003eAfter\u003c/code\u003e, \u003ccode\u003eHighlight\u003c/code\u003e, \u003ccode\u003eIncludeContextMessages\u003c/code\u003e, \u003ccode\u003eIncludeDeletedUsers\u003c/code\u003e, \u003ccode\u003eIncludeMessageBlocks\u003c/code\u003e, \u003ccode\u003eIncludeArchivedChannels\u003c/code\u003e, \u003ccode\u003eDisableSemanticSearch\u003c/code\u003e, \u003ccode\u003eModifiers\u003c/code\u003e, \u003ccode\u003eTermClauses\u003c/code\u003e parameters and new response types (\u003ccode\u003eAssistantSearchContextFile\u003c/code\u003e, \u003ccode\u003eAssistantSearchContextChannel\u003c/code\u003e, \u003ccode\u003eAssistantSearchContextMessageContext\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003esocketmode: malformed JSON no longer forces reconnect\u003c/strong\u003e - \u003ccode\u003ejson.SyntaxError\u003c/code\u003e and \u003ccode\u003ejson.UnmarshalTypeError\u003c/code\u003e now emit an \u003ccode\u003eEventTypeIncomingError\u003c/code\u003e event and continue reading instead of killing the WebSocket connection.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esocketmode: \u003ccode\u003edebug_reconnects\u003c/code\u003e query param applied correctly\u003c/strong\u003e - the parameter was silently discarded due to a missing \u003ccode\u003eurl.RawQuery\u003c/code\u003e assignment.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChannelTypes\u003c/code\u003e and \u003ccode\u003eContentTypes\u003c/code\u003e now send comma-separated values instead of repeated form keys, matching the convention used by every other method in the library.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eassistant:write\u003c/code\u003e scope marked as deprecated in favour of \u003ccode\u003echat:write\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ccode\u003ev0.21.1...v0.22.0\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003ev0.21.1\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eMessageEvent\u003c/code\u003e channel type helpers\u003c/strong\u003e — New \u003ccode\u003eChannelTypeChannel\u003c/code\u003e, \u003ccode\u003eChannelTypeGroup\u003c/code\u003e,\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slack-go/slack/blob/master/CHANGELOG.md\"\u003egithub.com/slack-go/slack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.23.1] - 2026-05-10\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eNewSecretsVerifier\u003c/code\u003e now rejects empty signing secrets to avoid accepting forged request\nsignatures when applications are misconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.23.0] - 2026-04-22\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBlock Kit: \u003ccode\u003eCardBlock\u003c/code\u003e and \u003ccode\u003eCarouselBlock\u003c/code\u003e\u003c/strong\u003e — Support for two of the new\nagent-UI blocks announced in the\n\u003ca href=\"https://docs.slack.dev/changelog/2026/04/16/block-kit-new-blocks\"\u003eApril 16 Slack changelog\u003c/a\u003e.\n\u003ccode\u003eCardBlock\u003c/code\u003e is constructed via \u003ccode\u003eNewCardBlock\u003c/code\u003e with a functional-options\npattern and fluent \u003ccode\u003eWith*\u003c/code\u003e builders (\u003ccode\u003eWithTitle\u003c/code\u003e, \u003ccode\u003eWithSubtitle\u003c/code\u003e, \u003ccode\u003eWithBody\u003c/code\u003e,\n\u003ccode\u003eWithIcon\u003c/code\u003e, \u003ccode\u003eWithHeroImage\u003c/code\u003e, \u003ccode\u003eWithActions\u003c/code\u003e). \u003ccode\u003eCarouselBlock\u003c/code\u003e is constructed\nvia \u003ccode\u003eNewCarouselBlock\u003c/code\u003e with a variadic \u003ccode\u003e*CardBlock\u003c/code\u003e list plus \u003ccode\u003eWithBlockID\u003c/code\u003e\nand \u003ccode\u003eAddCard\u003c/code\u003e helpers. Both blocks wire into \u003ccode\u003eBlocks.UnmarshalJSON\u003c/code\u003e for\nround-trip fidelity, and reuse existing \u003ccode\u003eImageBlockElement\u003c/code\u003e /\n\u003ccode\u003eButtonBlockElement\u003c/code\u003e / \u003ccode\u003eBlockElements\u003c/code\u003e types rather than introducing new\ncomposition objects.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBlock Kit: \u003ccode\u003eAlertBlock\u003c/code\u003e\u003c/strong\u003e — Support for the third of the new agent-UI\nblocks from the\n\u003ca href=\"https://docs.slack.dev/changelog/2026/04/16/block-kit-new-blocks\"\u003eApril 16 Slack changelog\u003c/a\u003e.\n\u003ccode\u003eAlertBlock\u003c/code\u003e is constructed via \u003ccode\u003eNewAlertBlock\u003c/code\u003e with a \u003ccode\u003e*TextBlockObject\u003c/code\u003e\nbody and a functional-options pattern. Severity is set via\n\u003ccode\u003eAlertBlockOptionLevel\u003c/code\u003e (\u003ccode\u003eAlertLevelDefault\u003c/code\u003e, \u003ccode\u003eAlertLevelInfo\u003c/code\u003e,\n\u003ccode\u003eAlertLevelWarning\u003c/code\u003e, \u003ccode\u003eAlertLevelError\u003c/code\u003e, \u003ccode\u003eAlertLevelSuccess\u003c/code\u003e) and the block\nID via \u003ccode\u003eAlertBlockOptionBlockID\u003c/code\u003e. Wires into \u003ccode\u003eBlocks.UnmarshalJSON\u003c/code\u003e for\nround-trip fidelity. Must be delivered via the streaming chunks API —\n\u003ccode\u003echat.postMessage\u003c/code\u003e rejects it as an unsupported block type.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreaming-message chunks API\u003c/strong\u003e — \u003ccode\u003echat.startStream\u003c/code\u003e / \u003ccode\u003echat.appendStream\u003c/code\u003e /\n\u003ccode\u003echat.stopStream\u003c/code\u003e now accept a \u003ccode\u003echunks\u003c/code\u003e parameter. Added \u003ccode\u003eMsgOptionChunks\u003c/code\u003e\nalong with a \u003ccode\u003eStreamChunk\u003c/code\u003e interface and four chunk types:\n\u003ccode\u003eMarkdownTextChunk\u003c/code\u003e, \u003ccode\u003eTaskUpdateChunk\u003c/code\u003e, \u003ccode\u003ePlanUpdateChunk\u003c/code\u003e, and \u003ccode\u003eBlocksChunk\u003c/code\u003e\n(each with a \u003ccode\u003eNew*Chunk\u003c/code\u003e constructor). This is the supported transport for\nstreaming Block Kit content and the new agent-UI blocks in particular\n(which \u003ccode\u003echat.postMessage\u003c/code\u003e rejects as \u003ccode\u003eUnsupported block type\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eMsgOptionTaskDisplayMode\u003c/code\u003e\u003c/strong\u003e — New option for \u003ccode\u003echat.startStream\u003c/code\u003e controlling\nwhether task chunks render as a sequential timeline or a grouped plan.\nAccepts \u003ccode\u003eTaskDisplayModeTimeline\u003c/code\u003e or \u003ccode\u003eTaskDisplayModePlan\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eUsername\u003c/code\u003e, \u003ccode\u003eIconURL\u003c/code\u003e, and \u003ccode\u003eIconEmoji\u003c/code\u003e fields to\n\u003ccode\u003eAssistantThreadsSetStatusParameters\u003c/code\u003e, forwarded by\n\u003ccode\u003eSetAssistantThreadsStatusContext\u003c/code\u003e, matching the new optional parameters on\n\u003ca href=\"https://docs.slack.dev/reference/methods/assistant.threads.setStatus\"\u003e\u003ccode\u003eassistant.threads.setStatus\u003c/code\u003e\u003c/a\u003e\nfor customising the status-update presentation.\u003c/li\u003e\n\u003cli\u003eExposed \u003ccode\u003eSocketmodeHandler.DispatchEvent\u003c/code\u003e (previously the unexported\n\u003ccode\u003edispatcher\u003c/code\u003e), enabling integration tests to exercise registered handlers\nwithout a live WebSocket connection. The unexported \u003ccode\u003edispatcher\u003c/code\u003e is kept as\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/34ad5c052e446f58505ae8d81a2a72821de107cc\"\u003e\u003ccode\u003e34ad5c0\u003c/code\u003e\u003c/a\u003e security: reject empty signing secret for NewSecretsVerifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/c6edc2762f59b0fcd2af7f2d8eab36e2f29bad7d\"\u003e\u003ccode\u003ec6edc27\u003c/code\u003e\u003c/a\u003e chore: bump go to 1.25.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/35d8f31a076f73db88bf08304a8418846ed7b865\"\u003e\u003ccode\u003e35d8f31\u003c/code\u003e\u003c/a\u003e chore: bump to v0.23.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/ae59061d9e69253ce76fa676a2a91db238d363cf\"\u003e\u003ccode\u003eae59061\u003c/code\u003e\u003c/a\u003e feat(block): add alert block (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1552\"\u003e#1552\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/2df5cfa0b974d57fc8077ecd030be22e42a2e4a1\"\u003e\u003ccode\u003e2df5cfa\u003c/code\u003e\u003c/a\u003e feat(assistant): add username and icon to status update (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1553\"\u003e#1553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/e3c0e8b15630749da93cd18168a26e78a74fecd0\"\u003e\u003ccode\u003ee3c0e8b\u003c/code\u003e\u003c/a\u003e feat(block): add card and carousel blocks (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1551\"\u003e#1551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/4c472cd10a45bd81ef26db9510a317a674293c78\"\u003e\u003ccode\u003e4c472cd\u003c/code\u003e\u003c/a\u003e feat(socketmode): expose socketmode handler \u003ccode\u003edispatcher\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/f482b199d4e33975c13e65e075bcf87173ad902f\"\u003e\u003ccode\u003ef482b19\u003c/code\u003e\u003c/a\u003e chore: v0.22.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/3a5db9ddb81e7c9e5379efa510ba826b1e5d935c\"\u003e\u003ccode\u003e3a5db9d\u003c/code\u003e\u003c/a\u003e chore: fix staticcheck errors (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1548\"\u003e#1548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/19e0416c15851aa3f28d41e2b92dbb2fb541ad96\"\u003e\u003ccode\u003e19e0416\u003c/code\u003e\u003c/a\u003e ci: add staticcheck\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/slack-go/slack/compare/v0.10.1...v0.23.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.27.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.27.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.24.0 to 0.50.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/122a78f140d9d3303ed3261bc374bbbca149140f\"\u003e\u003ccode\u003e122a78f\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/c0531f9c34514ad5c5551e2d6ce569ca673a8afd\"\u003e\u003ccode\u003ec0531f9\u003c/code\u003e\u003c/a\u003e all: eliminate vet diagnos...\n\n_Description has been truncated_\n\n---\n\n🔄 This PR performs a comprehensive dependency update across 5 directories, bumping 28 Go modules to their latest versions including major updates to security-critical packages like go-git, gRPC, and OpenTelemetry components.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Go Version Updates**: Upgraded Go toolchain versions across modules (1.21→1.25, 1.22→1.24.0, etc.)\n- **Security Updates**: Critical security fixes in go-git (5.11.0→5.19.1), gosaml2 (0.9.1→0.11.0), and buildkit (0.12.5→0.28.1)\n- **Core Dependencies**: Major version bumps for gRPC (1.63.2→1.79.3), OpenTelemetry SDK (1.25.0→1.43.0), and Slack SDK (0.10.1→0.23.1)\n- **Infrastructure Libraries**: Updates to crypto, oauth2, Redis client, and PostgreSQL driver packages\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[5 Directory Analysis]\n    B --\u003e C[progress-bot/]\n    B --\u003e D[lib/]\n    B --\u003e E[lib/managedservicesplatform/]\n    B --\u003e F[monitoring/]\n    B --\u003e G[Root Directory]\n    \n    C --\u003e H[4 Updates: Slack, crypto, oauth2, gRPC]\n    D --\u003e I[4 Updates: crypto, oauth2, Redis, gRPC]\n    E --\u003e J[6 Updates: OpenTelemetry, oauth2, pgx, Redis, edwards25519, gRPC]\n    F --\u003e K[3 Updates: crypto, logrus, retryablehttp]\n    G --\u003e L[8 Major Updates: distribution, go-git, buildkit, gosaml2, etc.]\n    \n    H --\u003e M[Security \u0026 Compatibility Improvements]\n    I --\u003e M\n    J --\u003e M\n    K --\u003e M\n    L --\u003e M\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs and security vulnerabilities in go-git, buildkit, and SAML libraries\n- **Performance Improvements**: Updated OpenTelemetry SDK includes performance optimizations and new features like W3C Trace Context Level 2 support\n- **Compatibility**: Maintains backward compatibility while providing access to latest features and bug fixes across the dependency tree\n- **Maintenance**: Reduces technical debt by keeping dependencies current and aligned with latest Go ecosystem standards\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/sourcegraph-public-snapshot/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fsourcegraph-public-snapshot/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"},{"uuid":"4551273326","node_id":"PR_kwDOJVo0O87gydvq","number":863,"state":"closed","title":"build(go): ⬆️ bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-06T04:29:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T20:02:04.000Z","updated_at":"2026-06-06T04:29:31.000Z","time_to_close":635246,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(go): ⬆️","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/joshuar/go-hass-agent/pull/863","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/joshuar%2Fgo-hass-agent/issues/863","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/863/packages"},{"uuid":"4528204152","node_id":"PR_kwDOR8Axzs7fnHnk","number":4,"state":"open","title":"deps: bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0","user":"dependabot[bot]","labels":["🤖 Dependencies","size: s"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T23:27:34.000Z","updated_at":"2026-05-26T23:31:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5\u0026package-manager=go_modules\u0026previous-version=5.2.5\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/selfshop-dev/ms-catalog/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/selfshop-dev%2Fms-catalog/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4521080794","node_id":"PR_kwDOMSpIk87fP9Mt","number":331,"state":"open","title":"chore(deps): bump the minor-and-patch group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T03:25:45.000Z","updated_at":"2026-05-26T03:33:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"minor-and-patch","update_count":3,"packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/tidwall/gjson","old_version":"1.18.0","new_version":"1.19.0","repository_url":"https://github.com/tidwall/gjson"},{"name":"golang.org/x/crypto","old_version":"0.50.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the minor-and-patch group with 3 updates in the / directory: [github.com/go-chi/chi/v5](https://github.com/go-chi/chi), [github.com/tidwall/gjson](https://github.com/tidwall/gjson) and [golang.org/x/crypto](https://github.com/golang/crypto).\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/tidwall/gjson` from 1.18.0 to 1.19.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tidwall/gjson/commit/0fac2c9aa6eb5d5564bfaaaad513ce0d5d2314de\"\u003e\u003ccode\u003e0fac2c9\u003c/code\u003e\u003c/a\u003e Add iterator functions All, Keys, and Values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tidwall/gjson/commit/4d230282c0e3bf42fa509147d27d7e8dcc3d3bad\"\u003e\u003ccode\u003e4d23028\u003c/code\u003e\u003c/a\u003e Add repo url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tidwall/gjson/commit/10d26621bfe1b75eac5b14df7a0ae82d16755a5d\"\u003e\u003ccode\u003e10d2662\u003c/code\u003e\u003c/a\u003e Add copyright comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tidwall/gjson/commit/4a91ee1eba17cd97f8c7db14e5fa3bbd2a5a6292\"\u003e\u003ccode\u003e4a91ee1\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tidwall/gjson/compare/v1.18.0...v1.19.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.50.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.50.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/konsulin-care/konsulin-api/pull/331","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/konsulin-care%2Fkonsulin-api/issues/331","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/331/packages"},{"uuid":"4520601434","node_id":"PR_kwDOP2u0hs7fOZRX","number":1291,"state":"open","title":"deps: Bump the all-go-deps group with 10 updates","user":"dependabot[bot]","labels":["security","dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T01:34:41.000Z","updated_at":"2026-05-26T01:42:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: Bump","group_name":"all-go-deps","update_count":10,"packages":[{"name":"github.com/anthropics/anthropic-sdk-go","old_version":"1.43.0","new_version":"1.45.0","repository_url":"https://github.com/anthropics/anthropic-sdk-go"},{"name":"github.com/aws/aws-sdk-go-v2/config","old_version":"1.32.17","new_version":"1.32.18","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/bedrockruntime","old_version":"1.50.6","new_version":"1.52.0","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/getkin/kin-openapi","old_version":"0.138.0","new_version":"0.139.0","repository_url":"https://github.com/getkin/kin-openapi"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/modelcontextprotocol/go-sdk","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/modelcontextprotocol/go-sdk"},{"name":"github.com/slack-go/slack","old_version":"0.23.1","new_version":"0.24.0","repository_url":"https://github.com/slack-go/slack"},{"name":"google.golang.org/adk","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/google/adk-go"},{"name":"google.golang.org/genai","old_version":"1.57.0","new_version":"1.58.0","repository_url":"https://github.com/googleapis/go-genai"},{"name":"k8s.io/apiextensions-apiserver","old_version":"0.35.4","new_version":"0.35.5","repository_url":"https://github.com/kubernetes/apiextensions-apiserver"}],"path":null,"ecosystem":"go"},"body":"Bumps the all-go-deps group with 10 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/anthropics/anthropic-sdk-go](https://github.com/anthropics/anthropic-sdk-go) | `1.43.0` | `1.45.0` |\n| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.18` |\n| [github.com/aws/aws-sdk-go-v2/service/bedrockruntime](https://github.com/aws/aws-sdk-go-v2) | `1.50.6` | `1.52.0` |\n| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.138.0` | `0.139.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk) | `1.6.0` | `1.6.1` |\n| [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.23.1` | `0.24.0` |\n| [google.golang.org/adk](https://github.com/google/adk-go) | `1.2.0` | `1.3.0` |\n| [google.golang.org/genai](https://github.com/googleapis/go-genai) | `1.57.0` | `1.58.0` |\n| [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.35.4` | `0.35.5` |\n\nUpdates `github.com/anthropics/anthropic-sdk-go` from 1.43.0 to 1.45.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/releases\"\u003egithub.com/anthropics/anthropic-sdk-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.45.0\u003c/h2\u003e\n\u003ch2\u003e1.45.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.44.1...v1.45.0\"\u003ev1.44.1...v1.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/dedeb6d263a651d63c95bd360befbd53dd26ec12\"\u003ededeb6d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.44.1\u003c/h2\u003e\n\u003ch2\u003e1.44.1 (2026-05-19)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.44.0...v1.44.1\"\u003ev1.44.0...v1.44.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erunner:\u003c/strong\u003e skip tool calls SessionToolRunner does not own (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/93afc65f2f1b811d760f2e5149e13dd5eb328f79\"\u003e93afc65\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.44.0\u003c/h2\u003e\n\u003ch2\u003e1.44.0 (2026-05-19)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.43.0...v1.44.0\"\u003ev1.43.0...v1.44.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e Add support for self-hosted sandboxes in CMA with sandbox helpers (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/34354c43f329852a88682bb6665a1453754d61be\"\u003e34354c4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/blob/main/CHANGELOG.md\"\u003egithub.com/anthropics/anthropic-sdk-go's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.45.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.44.1...v1.45.0\"\u003ev1.44.1...v1.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/dedeb6d263a651d63c95bd360befbd53dd26ec12\"\u003ededeb6d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.44.1 (2026-05-19)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.44.0...v1.44.1\"\u003ev1.44.0...v1.44.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erunner:\u003c/strong\u003e skip tool calls SessionToolRunner does not own (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/93afc65f2f1b811d760f2e5149e13dd5eb328f79\"\u003e93afc65\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.44.0 (2026-05-19)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.43.0...v1.44.0\"\u003ev1.43.0...v1.44.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e Add support for self-hosted sandboxes in CMA with sandbox helpers (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/34354c43f329852a88682bb6665a1453754d61be\"\u003e34354c4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/88310ccdb19419fb6c8b0fd2e99f1e3d8c74041e\"\u003e\u003ccode\u003e88310cc\u003c/code\u003e\u003c/a\u003e release: 1.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/4eb28e321282db071753c97d3223b092db9108d1\"\u003e\u003ccode\u003e4eb28e3\u003c/code\u003e\u003c/a\u003e feat(api): Add support for thinking-token-count beta for estimated tokens in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/d138190aeae5568972430f9a6204875aa04097fc\"\u003e\u003ccode\u003ed138190\u003c/code\u003e\u003c/a\u003e release: 1.44.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/d0a73a50e70544b552f202d4e6f67eb45b9fd739\"\u003e\u003ccode\u003ed0a73a5\u003c/code\u003e\u003c/a\u003e fix(runner): skip tool calls SessionToolRunner does not own\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/288857308b47e48ee7d572506efffb568d514846\"\u003e\u003ccode\u003e2888573\u003c/code\u003e\u003c/a\u003e release: 1.44.0 (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-go/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.43.0...v1.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.18\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/db9f4e546dfe2f62a6bc3bf54b9da42ebace6372\"\u003e\u003ccode\u003edb9f4e5\u003c/code\u003e\u003c/a\u003e Release 2026-05-22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/34e7ddc9400e830a9ae226a7e3c2161e5ece4f19\"\u003e\u003ccode\u003e34e7ddc\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f9db036cf7b3b8a1ea5eb67c3d296da4b48b6e2b\"\u003e\u003ccode\u003ef9db036\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ae5eae1e3ec46433bd99496bfa6936f8f09a2e72\"\u003e\u003ccode\u003eae5eae1\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/429dbdd2a35d325aabc5757edfc9ebf09c2ad12e\"\u003e\u003ccode\u003e429dbdd\u003c/code\u003e\u003c/a\u003e Feat discover endpoint partition validation (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3410\"\u003e#3410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ab4f5b60785064ec6346c922604d94b63d9c7299\"\u003e\u003ccode\u003eab4f5b6\u003c/code\u003e\u003c/a\u003e Release 2026-05-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/757a09909a97a15e5a481d9839b83f15b8fdc4bc\"\u003e\u003ccode\u003e757a099\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/02c8323ee6c99be82dae3a3923616756cb164525\"\u003e\u003ccode\u003e02c8323\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f4ac954c5b3567f7918fbaa845bd05a8b211f54e\"\u003e\u003ccode\u003ef4ac954\u003c/code\u003e\u003c/a\u003e Bump smithy-go version and update imports for evenstream protocoltests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3420\"\u003e#3420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6d937001e020def8b587dccbe5d803933ce57bfd\"\u003e\u003ccode\u003e6d93700\u003c/code\u003e\u003c/a\u003e Add replace for credentials dependency added on go.mod (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3419\"\u003e#3419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.17...config/v1.32.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/bedrockruntime` from 1.50.6 to 1.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/d7a70490838a3fba41d2d854394e74270e1c7266\"\u003e\u003ccode\u003ed7a7049\u003c/code\u003e\u003c/a\u003e Release 2024-03-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/625e1e6ceefff58181a4324818cd36d81829249e\"\u003e\u003ccode\u003e625e1e6\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/1ed868ad38658009ab780f7df8d1017e5e152247\"\u003e\u003ccode\u003e1ed868a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e715922954ab9b058a3f36be2ccee2929df6123a\"\u003e\u003ccode\u003ee715922\u003c/code\u003e\u003c/a\u003e Merge customizations for S3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b30a1cc189db41994e99d19fb6632eed5f9961b4\"\u003e\u003ccode\u003eb30a1cc\u003c/code\u003e\u003c/a\u003e Release 2024-03-12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/71783e148bc741a3ba2492af739193eae0ccb724\"\u003e\u003ccode\u003e71783e1\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f434ec245a56eee178f954ee39cf6f685906e129\"\u003e\u003ccode\u003ef434ec2\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/9bac90a45e50000be1beac9f63fc755219e7cd7e\"\u003e\u003ccode\u003e9bac90a\u003c/code\u003e\u003c/a\u003e Release 2024-03-11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c3c777b9a704c331ddcefa43bf33ac650d6c2877\"\u003e\u003ccode\u003ec3c777b\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/2e16e91ae30cbe142579c45ed54a21ffee08cc4a\"\u003e\u003ccode\u003e2e16e91\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/ecr/v1.50.6...service/s3/v1.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/getkin/kin-openapi` from 0.138.0 to 0.139.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getkin/kin-openapi/releases\"\u003egithub.com/getkin/kin-openapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.139.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(openapi3): batch-convert long-tail RequiredFieldError sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1170\"\u003egetkin/kin-openapi#1170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(openapi3): typed validation error clusters (combined: #1171-\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1179\"\u003e#1179\u003c/a\u003e) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1180\"\u003egetkin/kin-openapi#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3gen: skip component export for anonymous types by \u003ca href=\"https://github.com/0-don\"\u003e\u003ccode\u003e@​0-don\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1163\"\u003egetkin/kin-openapi#1163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTimestamps by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1181\"\u003egetkin/kin-openapi#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: typed context errors for Validate() wrapper chain by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1183\"\u003egetkin/kin-openapi#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: track Origin on the document root (T) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1184\"\u003egetkin/kin-openapi#1184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: tests flakiness corrected by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1159\"\u003egetkin/kin-openapi#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: aggregate independent validation errors via EnableMultiError by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1185\"\u003egetkin/kin-openapi#1185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: fix validation of duplicated path templates by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1189\"\u003egetkin/kin-openapi#1189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: type the remaining bare-error validation sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1187\"\u003egetkin/kin-openapi#1187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\"\u003ehttps://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/8381bfc73ce3bb241d298bc8415b8f724b6ddfb6\"\u003e\u003ccode\u003e8381bfc\u003c/code\u003e\u003c/a\u003e openapi3: type the remaining bare-error validation sites (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1187\"\u003e#1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/d29b5c043d31c47b3631020525397b7d1a1f4b6a\"\u003e\u003ccode\u003ed29b5c0\u003c/code\u003e\u003c/a\u003e openapi3: fix validation of duplicated path templates (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1189\"\u003e#1189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/e56c2c71f4cc7a433a13ff50e44b3da50b253c07\"\u003e\u003ccode\u003ee56c2c7\u003c/code\u003e\u003c/a\u003e openapi3: aggregate independent validation errors via EnableMultiError (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1185\"\u003e#1185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7ea1ac895326a469712d81507fe00d7c8957b8b6\"\u003e\u003ccode\u003e7ea1ac8\u003c/code\u003e\u003c/a\u003e openapi3: tests flakiness corrected (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1159\"\u003e#1159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/dc70f84ce64fa2d60e1e58d96f6b5686ba3dff3e\"\u003e\u003ccode\u003edc70f84\u003c/code\u003e\u003c/a\u003e openapi3: track Origin on the document root (T) (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1184\"\u003e#1184\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/69492dff6b62dddb9b27aeb7ebc9e0ee653e0263\"\u003e\u003ccode\u003e69492df\u003c/code\u003e\u003c/a\u003e openapi3: typed context errors for Validate() wrapper chain (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1183\"\u003e#1183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/0a89925163b66876c4bc357bca068d62e3d86c20\"\u003e\u003ccode\u003e0a89925\u003c/code\u003e\u003c/a\u003e un-patch YAML serialization of dates (see issue \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/55a4c7274045743fd7e6703ee14be408ae79d22d\"\u003e\u003ccode\u003e55a4c72\u003c/code\u003e\u003c/a\u003e openapi3: re-enable tests disabled due to YAML dates in map keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/c61836c51e8f6f2efebbe95f783a41f319c53aa7\"\u003e\u003ccode\u003ec61836c\u003c/code\u003e\u003c/a\u003e ci: fixup lint after modifications to marsh.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7633481fe3cd3a7027097aed588c285f3d21d238\"\u003e\u003ccode\u003e7633481\u003c/code\u003e\u003c/a\u003e feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTim...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/modelcontextprotocol/go-sdk` from 1.6.0 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/releases\"\u003egithub.com/modelcontextprotocol/go-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.1\u003c/h2\u003e\n\u003cp\u003eThis release adds an MCPGODEBUG flag to opt out of the Content-Type check on POST requests.\u003c/p\u003e\n\u003ch2\u003eBehavior Changes\u003c/h2\u003e\n\u003cp\u003ePrior to v1.6.0 (v1.4.0...v1.5.0), the Content-Type check on POST requests was gated by the same \u003ccode\u003edisablecrossoriginprotection\u003c/code\u003e MCPGODEBUG flag as the cross-origin protection. In v1.6.0, the cross-origin protection was disabled by default (replaced by the opt-in \u003ccode\u003eenableoriginverification\u003c/code\u003e flag), but the Content-Type check was kept on unconditionally, leaving no way to disable it.\nThis release restores an escape hatch for both the Streamable HTTP and SSE transports: setting \u003ccode\u003eMCPGODEBUG=disablecontenttypecheck=1\u003c/code\u003e skips the \u003ccode\u003eContent-Type: application/json\u003c/code\u003e validation on POST requests.\nSee \u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/issues/957\"\u003e#957\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003emcp: add MCPGPDEBUG for opt-in Content-Type check by \u003ca href=\"https://github.com/guglielmo-san\"\u003e\u003ccode\u003e@​guglielmo-san\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/pull/972\"\u003emodelcontextprotocol/go-sdk#972\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/commit/d454bbaf06a342aee5336df3370321d9cdec2478\"\u003e\u003ccode\u003ed454bba\u003c/code\u003e\u003c/a\u003e mcp: add MCPGPDEBUG for opt-in Content-Type check (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/issues/972\"\u003e#972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/slack-go/slack` from 0.23.1 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slack-go/slack/releases\"\u003egithub.com/slack-go/slack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.24.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: format go get command in code block by \u003ca href=\"https://github.com/akhil-ge0rge\"\u003e\u003ccode\u003e@​akhil-ge0rge\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1554\"\u003eslack-go/slack#1554\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add new block kit block Data Table by \u003ca href=\"https://github.com/nlopes\"\u003e\u003ccode\u003e@​nlopes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1555\"\u003eslack-go/slack#1555\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eNewTaskCardBlock\u003c/code\u003e and \u003ccode\u003eNewPlanBlock\u003c/code\u003e now guard against nil variadic options so if you were doing that (which you shouldn't) this is a breaking change.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/akhil-ge0rge\"\u003e\u003ccode\u003e@​akhil-ge0rge\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1554\"\u003eslack-go/slack#1554\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/slack-go/slack/compare/v0.23.1...v0.24.0\"\u003ehttps://github.com/slack-go/slack/compare/v0.23.1...v0.24.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slack-go/slack/blob/master/CHANGELOG.md\"\u003egithub.com/slack-go/slack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.24.0]\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBlock Kit: \u003ccode\u003eDataTableBlock\u003c/code\u003e for the \u003ca href=\"https://docs.slack.dev/reference/block-kit/blocks/data-table-block/\"\u003e\u003ccode\u003edata_table\u003c/code\u003e\u003c/a\u003e\nblock, with \u003ccode\u003eNewDataTableBlock\u003c/code\u003e, \u003ccode\u003eAddRow\u003c/code\u003e, raw-text/raw-number/rich-text cell\nconstructors, and \u003ccode\u003eWithPageSize\u003c/code\u003e / \u003ccode\u003eWithRowHeaderColumnIndex\u003c/code\u003e builders.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eNewTaskCardBlock\u003c/code\u003e and \u003ccode\u003eNewPlanBlock\u003c/code\u003e nil-guard their variadic options,\nmatching the other block constructors (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1236\"\u003e#1236\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/0b30f31349140ef0cf77f60448d3cb449fec1813\"\u003e\u003ccode\u003e0b30f31\u003c/code\u003e\u003c/a\u003e chore: bump to v0.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/8c5ef3c18b2999a9a7b4913560c8722249c531c5\"\u003e\u003ccode\u003e8c5ef3c\u003c/code\u003e\u003c/a\u003e feat: add new block kit block Data Table (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/ff3ada69277b00264224624c8a6e3192f2348c63\"\u003e\u003ccode\u003eff3ada6\u003c/code\u003e\u003c/a\u003e docs: format go get command in code block (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1554\"\u003e#1554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/slack-go/slack/compare/v0.23.1...v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/adk` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/adk-go/releases\"\u003egoogle.golang.org/adk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: remove manual session ID input and enable auto-creation in runner by \u003ca href=\"https://github.com/hanorik\"\u003e\u003ccode\u003e@​hanorik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/754\"\u003egoogle/adk-go#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add support for updating existing Agent Engine instances by \u003ca href=\"https://github.com/hanorik\"\u003e\u003ccode\u003e@​hanorik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/755\"\u003egoogle/adk-go#755\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for simple text instead of full genai.Content for stream_query by \u003ca href=\"https://github.com/kdroste-google\"\u003e\u003ccode\u003e@​kdroste-google\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/773\"\u003egoogle/adk-go#773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: make adk work with a2a-go/v2 by \u003ca href=\"https://github.com/yarolegovich\"\u003e\u003ccode\u003e@​yarolegovich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/701\"\u003egoogle/adk-go#701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: rename experimental reasoning tokens attribute to gen_ai.usage.reasoning.output_tokens and change semantics of gen_ai.usage.output_tokens by \u003ca href=\"https://github.com/pigorski\"\u003e\u003ccode\u003e@​pigorski\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/779\"\u003egoogle/adk-go#779\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: propagate thought signature to first function call in mixed responses by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/788\"\u003egoogle/adk-go#788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded VertexAI MemoryBank support  by \u003ca href=\"https://github.com/kdroste-google\"\u003e\u003ccode\u003e@​kdroste-google\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/801\"\u003egoogle/adk-go#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: the old adka2a public api depending on the new a2a-go/v2 by \u003ca href=\"https://github.com/yarolegovich\"\u003e\u003ccode\u003e@​yarolegovich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/813\"\u003egoogle/adk-go#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eADK GO version update for LLM Request tagging by \u003ca href=\"https://github.com/kdroste-google\"\u003e\u003ccode\u003e@​kdroste-google\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/816\"\u003egoogle/adk-go#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd parallel HITL function test by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/817\"\u003egoogle/adk-go#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump a2a-go version to have nil part fix by \u003ca href=\"https://github.com/yarolegovich\"\u003e\u003ccode\u003e@​yarolegovich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/827\"\u003egoogle/adk-go#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChanged model for gemini API to gemini-3.1-flash-lite (in examples) by \u003ca href=\"https://github.com/kdroste-google\"\u003e\u003ccode\u003e@​kdroste-google\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/839\"\u003egoogle/adk-go#839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add core bidirectional streaming support by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/833\"\u003egoogle/adk-go#833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add Dependabot config for automated dependency updates by \u003ca href=\"https://github.com/karolpiotrowicz\"\u003e\u003ccode\u003e@​karolpiotrowicz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/843\"\u003egoogle/adk-go#843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add sequential agent live run by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/835\"\u003egoogle/adk-go#835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add live example by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/834\"\u003egoogle/adk-go#834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Stop ignoring request Decode error in runtime. by \u003ca href=\"https://github.com/foxfrikses\"\u003e\u003ccode\u003e@​foxfrikses\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/851\"\u003egoogle/adk-go#851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Propagate StateDelta for non-streaming agent. by \u003ca href=\"https://github.com/foxfrikses\"\u003e\u003ccode\u003e@​foxfrikses\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/854\"\u003egoogle/adk-go#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Prevent nil deref when a tool doesn't implement tool.Tool. by \u003ca href=\"https://github.com/foxfrikses\"\u003e\u003ccode\u003e@​foxfrikses\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/855\"\u003egoogle/adk-go#855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add session resumption by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/837\"\u003egoogle/adk-go#837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add streaming tools by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/836\"\u003egoogle/adk-go#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add audio cache for save artifact by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/838\"\u003egoogle/adk-go#838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: fix folder name by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/859\"\u003egoogle/adk-go#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karolpiotrowicz\"\u003e\u003ccode\u003e@​karolpiotrowicz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/843\"\u003egoogle/adk-go#843\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/google/adk-go/compare/v1.2.0...v.1.3.0\"\u003ehttps://github.com/google/adk-go/compare/v1.2.0...v.1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/428efadbb5b5551bb58bea32bac238f6ece76dcd\"\u003e\u003ccode\u003e428efad\u003c/code\u003e\u003c/a\u003e fix: user auth propagation not working in adka2a compat (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/861\"\u003e#861\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/f2aee5301649e7f28fe00564b906fa7c02c64e60\"\u003e\u003ccode\u003ef2aee53\u003c/code\u003e\u003c/a\u003e chore: fix folder name (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/236cab75e76b5ddd7dc6b32d3bfa72ca1f8211a5\"\u003e\u003ccode\u003e236cab7\u003c/code\u003e\u003c/a\u003e feat(live): Add audio cache for save artifact (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/e5c3f51091121b8098126392b28fd6012faa076c\"\u003e\u003ccode\u003ee5c3f51\u003c/code\u003e\u003c/a\u003e feat(live): Add streaming tools (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/2b79d381812a6b9b58559b1fe4e706564d23bf6d\"\u003e\u003ccode\u003e2b79d38\u003c/code\u003e\u003c/a\u003e feat(live): Add session resumption (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/837\"\u003e#837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/9eb7630f38d1673d1005563477d80f37ad468175\"\u003e\u003ccode\u003e9eb7630\u003c/code\u003e\u003c/a\u003e fix: Prevent nil deref when a tool doesn't implement tool.Tool interface. (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/855\"\u003e#855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/ead8568e6a48ca652e0d39007ba9b4ebd509a26f\"\u003e\u003ccode\u003eead8568\u003c/code\u003e\u003c/a\u003e fix: Propagate StateDelta for non-streaming agent. (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/3954b83598249a48311821ddb66f5c3720720c05\"\u003e\u003ccode\u003e3954b83\u003c/code\u003e\u003c/a\u003e fix: Stop ignoring request Decode error in runtime. (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/851\"\u003e#851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/5fb72b9a4dd8dbf70a3da9e5d44be3569832ae47\"\u003e\u003ccode\u003e5fb72b9\u003c/code\u003e\u003c/a\u003e feat(live): Add live example (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/834\"\u003e#834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/8fb171b6af36169b40611d817233b4b0093a8e53\"\u003e\u003ccode\u003e8fb171b\u003c/code\u003e\u003c/a\u003e feat(live): Add sequential agent live run (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/google/adk-go/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/genai` from 1.57.0 to 1.58.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/go-genai/releases\"\u003egoogle.golang.org/genai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.58.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/go-genai/compare/v1.57.0...v1.58.0\"\u003e1.58.0\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eenable_prompt_injection_detection\u003c/code\u003e for Computer Use feature for the Gemini API. (\u003ca href=\"https://github.com/googleapis/go-genai/commit/19c2566dcfdbfdbc5821ab8ffb71f6155f084dab\"\u003e19c2566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd new fields (\u003ca href=\"https://github.com/googleapis/go-genai/commit/1608e807c1aa9d80dfc484db6cc37f49ee4e69a1\"\u003e1608e80\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/go-genai/blob/main/CHANGELOG.md\"\u003egoogle.golang.org/genai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/go-genai/compare/v1.57.0...v1.58.0\"\u003e1.58.0\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eenable_prompt_injection_detection\u003c/code\u003e for Computer Use feature for the Gemini API. (\u003ca href=\"https://github.com/googleapis/go-genai/commit/19c2566dcfdbfdbc5821ab8ffb71f6155f084dab\"\u003e19c2566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd new fields (\u003ca href=\"https://github.com/googleapis/go-genai/commit/1608e807c1aa9d80dfc484db6cc37f49ee4e69a1\"\u003e1608e80\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/go-genai/commit/97ea31f16473973e587f5b18659a5669dffd1f84\"\u003e\u003ccode\u003e97ea31f\u003c/code\u003e\u003c/a\u003e chore(main): release 1.58.0 (\u003ca href=\"https://redirect.github.com/googleapis/go-genai/issues/793\"\u003e#793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/go-genai/commit/19c2566dcfdbfdbc5821ab8ffb71f6155f084dab\"\u003e\u003ccode\u003e19c2566\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eenable_prompt_injection_detection\u003c/code\u003e for Computer Use feature for th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/go-genai/commit/1608e807c1aa9d80dfc484db6cc37f49ee4e69a1\"\u003e\u003ccode\u003e1608e80\u003c/code\u003e\u003c/a\u003e feat: add new fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/go-genai/commit/843a665755f75055e7c4bde1177af703384f7905\"\u003e\u003ccode\u003e843a665\u003c/code\u003e\u003c/a\u003e chore: update comment in BatchJobOutputInfo to unblock javadoc generation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/go-genai/commit/8b28bf81bd7a3cee47ed0a8b911e0d574f87a7aa\"\u003e\u003ccode\u003e8b28bf8\u003c/code\u003e\u003c/a\u003e chore: Throw fatals() instead of errors() in the replay_api_client when the i...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/googleapis/go-genai/compare/v1.57.0...v1.58.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `k8s.io/apiextensions-apiserver` from 0.35.4 to 0.35.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes/apiextensions-apiserver/commit/e5278bfcb4a507a63a8d11a2a1cf8cb620c04565\"\u003e\u003ccode\u003ee5278bf\u003c/code\u003e\u003c/a\u003e Update dependencies to v0.35.5 tag\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kubernetes/apiextensions-apiserver/compare/v0.35.4...v0.35.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/jordigilh/kubernaut/pull/1291","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jordigilh%2Fkubernaut/issues/1291","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1291/packages"},{"uuid":"4520554585","node_id":"PR_kwDORcGlh87fOPlj","number":12,"state":"closed","title":"chore(deps): bump the non-breaking group with 2 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-26T01:23:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T01:22:55.000Z","updated_at":"2026-05-26T01:23:16.000Z","time_to_close":12,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"non-breaking","update_count":2,"packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"golang.org/x/crypto","old_version":"0.51.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the non-breaking group with 2 updates: [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) and [golang.org/x/crypto](https://github.com/golang/crypto).\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.51.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.51.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/Kiefer-Networks/sshvault-api/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kiefer-Networks%2Fsshvault-api/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4520552184","node_id":"PR_kwDOQ5HbzM7fOPGB","number":86,"state":"closed","title":"deps: bump the minor-and-patch group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-08T19:44:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T01:22:15.000Z","updated_at":"2026-06-08T19:45:01.000Z","time_to_close":1189364,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: bump","group_name":"minor-and-patch","update_count":5,"packages":[{"name":"github.com/getkin/kin-openapi","old_version":"0.137.0","new_version":"0.139.0","repository_url":"https://github.com/getkin/kin-openapi"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/oapi-codegen/runtime","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/oapi-codegen/runtime"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.28.3","new_version":"2.29.0","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/onsi/gomega"}],"path":null,"ecosystem":"go"},"body":"Bumps the minor-and-patch group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.137.0` | `0.139.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) | `1.4.0` | `1.4.1` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |\n\n\nUpdates `github.com/getkin/kin-openapi` from 0.137.0 to 0.139.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getkin/kin-openapi/releases\"\u003egithub.com/getkin/kin-openapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.139.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(openapi3): batch-convert long-tail RequiredFieldError sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1170\"\u003egetkin/kin-openapi#1170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(openapi3): typed validation error clusters (combined: #1171-\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1179\"\u003e#1179\u003c/a\u003e) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1180\"\u003egetkin/kin-openapi#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3gen: skip component export for anonymous types by \u003ca href=\"https://github.com/0-don\"\u003e\u003ccode\u003e@​0-don\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1163\"\u003egetkin/kin-openapi#1163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTimestamps by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1181\"\u003egetkin/kin-openapi#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: typed context errors for Validate() wrapper chain by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1183\"\u003egetkin/kin-openapi#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: track Origin on the document root (T) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1184\"\u003egetkin/kin-openapi#1184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: tests flakiness corrected by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1159\"\u003egetkin/kin-openapi#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: aggregate independent validation errors via EnableMultiError by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1185\"\u003egetkin/kin-openapi#1185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: fix validation of duplicated path templates by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1189\"\u003egetkin/kin-openapi#1189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: type the remaining bare-error validation sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1187\"\u003egetkin/kin-openapi#1187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\"\u003ehttps://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.138.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eopenapi3gen: clear nullable on exported component bodies by \u003ca href=\"https://github.com/0-don\"\u003e\u003ccode\u003e@​0-don\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1164\"\u003egetkin/kin-openapi#1164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: add test for issue \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/927\"\u003e#927\u003c/a\u003e (nullable not respected on $ref schemas) by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1165\"\u003egetkin/kin-openapi#1165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: move public-API tests to external _test packages by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1168\"\u003egetkin/kin-openapi#1168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(openapi3): add per-type validation errors with cluster wrappers by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1166\"\u003egetkin/kin-openapi#1166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(openapi3conv): canonicalization pass for 3.0 -\u0026gt; 3.x by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1162\"\u003egetkin/kin-openapi#1162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3conv: test Upgrade on many documents by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1169\"\u003egetkin/kin-openapi#1169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.137.0...v0.138.0\"\u003ehttps://github.com/getkin/kin-openapi/compare/v0.137.0...v0.138.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/8381bfc73ce3bb241d298bc8415b8f724b6ddfb6\"\u003e\u003ccode\u003e8381bfc\u003c/code\u003e\u003c/a\u003e openapi3: type the remaining bare-error validation sites (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1187\"\u003e#1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/d29b5c043d31c47b3631020525397b7d1a1f4b6a\"\u003e\u003ccode\u003ed29b5c0\u003c/code\u003e\u003c/a\u003e openapi3: fix validation of duplicated path templates (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1189\"\u003e#1189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/e56c2c71f4cc7a433a13ff50e44b3da50b253c07\"\u003e\u003ccode\u003ee56c2c7\u003c/code\u003e\u003c/a\u003e openapi3: aggregate independent validation errors via EnableMultiError (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1185\"\u003e#1185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7ea1ac895326a469712d81507fe00d7c8957b8b6\"\u003e\u003ccode\u003e7ea1ac8\u003c/code\u003e\u003c/a\u003e openapi3: tests flakiness corrected (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1159\"\u003e#1159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/dc70f84ce64fa2d60e1e58d96f6b5686ba3dff3e\"\u003e\u003ccode\u003edc70f84\u003c/code\u003e\u003c/a\u003e openapi3: track Origin on the document root (T) (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1184\"\u003e#1184\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/69492dff6b62dddb9b27aeb7ebc9e0ee653e0263\"\u003e\u003ccode\u003e69492df\u003c/code\u003e\u003c/a\u003e openapi3: typed context errors for Validate() wrapper chain (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1183\"\u003e#1183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/0a89925163b66876c4bc357bca068d62e3d86c20\"\u003e\u003ccode\u003e0a89925\u003c/code\u003e\u003c/a\u003e un-patch YAML serialization of dates (see issue \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/55a4c7274045743fd7e6703ee14be408ae79d22d\"\u003e\u003ccode\u003e55a4c72\u003c/code\u003e\u003c/a\u003e openapi3: re-enable tests disabled due to YAML dates in map keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/c61836c51e8f6f2efebbe95f783a41f319c53aa7\"\u003e\u003ccode\u003ec61836c\u003c/code\u003e\u003c/a\u003e ci: fixup lint after modifications to marsh.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7633481fe3cd3a7027097aed588c285f3d21d238\"\u003e\u003ccode\u003e7633481\u003c/code\u003e\u003c/a\u003e feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTim...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.137.0...v0.139.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/oapi-codegen/runtime` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oapi-codegen/runtime/releases\"\u003egithub.com/oapi-codegen/runtime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cp\u003eThis is a bug fix release.\u003c/p\u003e\n\u003cp\u003eChanges in \u003ccode\u003ev1.4.0\u003c/code\u003e, coupled with changes in \u003ccode\u003ev2.7.0\u003c/code\u003e of oapi-codegen exposed some new problems. \u003ccode\u003edeepObject\u003c/code\u003e style marshaling behavior now supports encoding unicode. UTF-8 can't be directly included in parameters, so we need to \u003ccode\u003e%\u003c/code\u003e escape it.\u003c/p\u003e\n\u003cp\u003eForm binding now detects maps, which makes binding to a Nullable possible. We can't use generics around \u003ccode\u003eNullable[T]\u003c/code\u003e, so we handle maps generically, assuming they're a Nullable with its behavior assumptions.\u003c/p\u003e\n\u003ch2\u003e🐛 Bug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix form binding of Nullables (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/133\"\u003e#133\u003c/a\u003e) \u003ca href=\"https://github.com/mromaszewicz\"\u003e\u003ccode\u003e@​mromaszewicz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePercent-encode deepObject parameter wire output (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/132\"\u003e#132\u003c/a\u003e) \u003ca href=\"https://github.com/mromaszewicz\"\u003e\u003ccode\u003e@​mromaszewicz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Dependency updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): update oapi-codegen/actions action to v0.7.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/127\"\u003e#127\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v4 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/107\"\u003e#107\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): update module github.com/kataras/iris/v12 to v12.2.11 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/11\"\u003e#11\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update release-drafter/release-drafter action to v7.2.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/122\"\u003e#122\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSponsors\u003c/h2\u003e\n\u003cp\u003eWe would like to thank our sponsors for their support during this release.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/2755f15aee0c946a782704399ba88f9830dc0912\"\u003e\u003ccode\u003e2755f15\u003c/code\u003e\u003c/a\u003e Fix form binding of Nullables (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/133\"\u003e#133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/17de1dd042b56f9848af5314d5399a8d8cf8591f\"\u003e\u003ccode\u003e17de1dd\u003c/code\u003e\u003c/a\u003e Percent-encode deepObject parameter wire output (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/d2b7c4c58e85cdc668508abccb138dbe0d15f9d9\"\u003e\u003ccode\u003ed2b7c4c\u003c/code\u003e\u003c/a\u003e chore(deps): update oapi-codegen/actions action to v0.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/6fd6c25e4f6db33e2c9c249403527ae83f30eba6\"\u003e\u003ccode\u003e6fd6c25\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/19040cc57320598827a0a591c6fdba6f46e3a5e8\"\u003e\u003ccode\u003e19040cc\u003c/code\u003e\u003c/a\u003e fix(deps): update module github.com/kataras/iris/v12 to v12.2.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/e05282eb5f0ed6981bf48165ba3e272d5cd062f8\"\u003e\u003ccode\u003ee05282e\u003c/code\u003e\u003c/a\u003e chore(deps): update release-drafter/release-drafter action to v7.2.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/oapi-codegen/runtime/compare/v1.4.0...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.29.0\u003c/h2\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/04b5bcbe4eee911a1baf506eda1e7e811c978937\"\u003e\u003ccode\u003e04b5bcb\u003c/code\u003e\u003c/a\u003e v2.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/124232a4531c77a7f31a036e0150e06fa78b2af8\"\u003e\u003ccode\u003e124232a\u003c/code\u003e\u003c/a\u003e docs: GinkgoHelperGo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/ad9cee80bdfda573e94f1b05f2bd4afa1a2fe815\"\u003e\u003ccode\u003ead9cee8\u003c/code\u003e\u003c/a\u003e feat: GinkgoHelperGo, with integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/9e56a0a2a090eb83af696381161bdb996c69bcac\"\u003e\u003ccode\u003e9e56a0a\u003c/code\u003e\u003c/a\u003e chore: refactor devcontainer for better maintenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/3d235a96ac05d9e855048c66528d2fdbfb9101f7\"\u003e\u003ccode\u003e3d235a9\u003c/code\u003e\u003c/a\u003e chore: ignore internal/tmp_*/ integration suite temporary dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/782666ae83c2bc804f28b1333bf91a21b093d946\"\u003e\u003ccode\u003e782666a\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/009dd04de2d18f00c3c812d2caab713a165a1f7c\"\u003e\u003ccode\u003e009dd04\u003c/code\u003e\u003c/a\u003e Support DescribeTableSubtree in ginkgo outline\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.28.3...v2.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.41.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eBeASlice\u003c/code\u003e and \u003ccode\u003eBeAnArray\u003c/code\u003e matchers\u003c/p\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eObject formatting now detects pointer cycles to avoid runaway formatting output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/af2bccb5831cbcc56cfc16ca3056077cdec4798b\"\u003e\u003ccode\u003eaf2bccb\u003c/code\u003e\u003c/a\u003e v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/73e81f6f054c825d1743bf4090ac0a9e1d5605af\"\u003e\u003ccode\u003e73e81f6\u003c/code\u003e\u003c/a\u003e v1.41.0 (full)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e35a84f24113255aaeea62fe7c47e09adf39109b\"\u003e\u003ccode\u003ee35a84f\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/f12e5e1bc7167fae21ef37b0d9d358d51063ff5e\"\u003e\u003ccode\u003ef12e5e1\u003c/code\u003e\u003c/a\u003e fix(format): detect pointer cycles to avoid runaway formatting output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e14831fefa86313f2b01fb803b2ac937e49d08b6\"\u003e\u003ccode\u003ee14831f\u003c/code\u003e\u003c/a\u003e Add optionalDescription docs to AsyncAssertion and Assertion interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/344b94dae7e0df0e2d087574b4c2b1b1597a6943\"\u003e\u003ccode\u003e344b94d\u003c/code\u003e\u003c/a\u003e Add BeASlice and BeAnArray matchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.40.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/dcm-project/catalog-manager/pull/86","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dcm-project%2Fcatalog-manager/issues/86","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/86/packages"},{"uuid":"4520454258","node_id":"PR_kwDOBjlZF87fN60X","number":40,"state":"open","title":"fix: Bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:58:28.000Z","updated_at":"2026-06-01T01:39:32.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix: Bump","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/icco/hello/pull/40","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/icco%2Fhello/issues/40","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40/packages"},{"uuid":"4520340548","node_id":"PR_kwDOSM6-Js7fNi3g","number":148,"state":"open","title":"chore(deps): bump github.com/go-chi/chi/v5 from 5.0.12 to 5.3.0 in /tools/mock-abs in the production-deps group","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:31:13.000Z","updated_at":"2026-05-26T00:31:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.0.12","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":"/tools/mock-abs in the production-deps group","ecosystem":"go"},"body":"Bumps the production-deps group in /tools/mock-abs with 1 update: [github.com/go-chi/chi/v5](https://github.com/go-chi/chi).\n\nUpdates `github.com/go-chi/chi/v5` from 5.0.12 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/blob/master/CHANGELOG.md\"\u003egithub.com/go-chi/chi/v5's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.0.12...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5\u0026package-manager=go_modules\u0026previous-version=5.0.12\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cryptoma4o/AIbank/pull/148","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cryptoma4o%2FAIbank/issues/148","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/148/packages"},{"uuid":"4520304004","node_id":"PR_kwDORZ1QU87fNbYH","number":80,"state":"open","title":"deps(gateway): bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0 in /services/gateway","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:21:38.000Z","updated_at":"2026-05-26T00:21:39.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(gateway)","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":"/services/gateway","ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5\u0026package-manager=go_modules\u0026previous-version=5.2.5\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/DeepakR-G20/jupiter/pull/80","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepakR-G20%2Fjupiter/issues/80","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/80/packages"},{"uuid":"4519650145","node_id":"PR_kwDORa6tb87fLTZd","number":106,"state":"closed","title":"deps(go): bump the go-minor-patch group with 7 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-26T05:44:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T21:34:05.000Z","updated_at":"2026-05-26T05:44:33.000Z","time_to_close":29426,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(go): bump","group_name":"go-minor-patch","update_count":7,"packages":[{"name":"github.com/aws/aws-sdk-go-v2/config","old_version":"1.32.17","new_version":"1.32.18","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/credentials","old_version":"1.19.16","new_version":"1.19.17","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/feature/s3/manager","old_version":"1.22.18","new_version":"1.22.19","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/modelcontextprotocol/go-sdk","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/modelcontextprotocol/go-sdk"},{"name":"golang.org/x/crypto","old_version":"0.51.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.53.0","new_version":"0.54.0","repository_url":"https://github.com/golang/net"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-minor-patch group with 7 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.18` |\n| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.19.16` | `1.19.17` |\n| [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) | `1.22.18` | `1.22.19` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk) | `1.6.0` | `1.6.1` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.52.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.54.0` |\n\nUpdates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.18\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/db9f4e546dfe2f62a6bc3bf54b9da42ebace6372\"\u003e\u003ccode\u003edb9f4e5\u003c/code\u003e\u003c/a\u003e Release 2026-05-22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/34e7ddc9400e830a9ae226a7e3c2161e5ece4f19\"\u003e\u003ccode\u003e34e7ddc\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f9db036cf7b3b8a1ea5eb67c3d296da4b48b6e2b\"\u003e\u003ccode\u003ef9db036\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ae5eae1e3ec46433bd99496bfa6936f8f09a2e72\"\u003e\u003ccode\u003eae5eae1\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/429dbdd2a35d325aabc5757edfc9ebf09c2ad12e\"\u003e\u003ccode\u003e429dbdd\u003c/code\u003e\u003c/a\u003e Feat discover endpoint partition validation (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3410\"\u003e#3410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ab4f5b60785064ec6346c922604d94b63d9c7299\"\u003e\u003ccode\u003eab4f5b6\u003c/code\u003e\u003c/a\u003e Release 2026-05-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/757a09909a97a15e5a481d9839b83f15b8fdc4bc\"\u003e\u003ccode\u003e757a099\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/02c8323ee6c99be82dae3a3923616756cb164525\"\u003e\u003ccode\u003e02c8323\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f4ac954c5b3567f7918fbaa845bd05a8b211f54e\"\u003e\u003ccode\u003ef4ac954\u003c/code\u003e\u003c/a\u003e Bump smithy-go version and update imports for evenstream protocoltests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3420\"\u003e#3420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6d937001e020def8b587dccbe5d803933ce57bfd\"\u003e\u003ccode\u003e6d93700\u003c/code\u003e\u003c/a\u003e Add replace for credentials dependency added on go.mod (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3419\"\u003e#3419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.17...config/v1.32.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.16 to 1.19.17\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/db9f4e546dfe2f62a6bc3bf54b9da42ebace6372\"\u003e\u003ccode\u003edb9f4e5\u003c/code\u003e\u003c/a\u003e Release 2026-05-22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/34e7ddc9400e830a9ae226a7e3c2161e5ece4f19\"\u003e\u003ccode\u003e34e7ddc\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f9db036cf7b3b8a1ea5eb67c3d296da4b48b6e2b\"\u003e\u003ccode\u003ef9db036\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ae5eae1e3ec46433bd99496bfa6936f8f09a2e72\"\u003e\u003ccode\u003eae5eae1\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/429dbdd2a35d325aabc5757edfc9ebf09c2ad12e\"\u003e\u003ccode\u003e429dbdd\u003c/code\u003e\u003c/a\u003e Feat discover endpoint partition validation (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3410\"\u003e#3410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ab4f5b60785064ec6346c922604d94b63d9c7299\"\u003e\u003ccode\u003eab4f5b6\u003c/code\u003e\u003c/a\u003e Release 2026-05-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/757a09909a97a15e5a481d9839b83f15b8fdc4bc\"\u003e\u003ccode\u003e757a099\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/02c8323ee6c99be82dae3a3923616756cb164525\"\u003e\u003ccode\u003e02c8323\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f4ac954c5b3567f7918fbaa845bd05a8b211f54e\"\u003e\u003ccode\u003ef4ac954\u003c/code\u003e\u003c/a\u003e Bump smithy-go version and update imports for evenstream protocoltests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3420\"\u003e#3420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6d937001e020def8b587dccbe5d803933ce57bfd\"\u003e\u003ccode\u003e6d93700\u003c/code\u003e\u003c/a\u003e Add replace for credentials dependency added on go.mod (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3419\"\u003e#3419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.19.16...credentials/v1.19.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/feature/s3/manager` from 1.22.18 to 1.22.19\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/db9f4e546dfe2f62a6bc3bf54b9da42ebace6372\"\u003e\u003ccode\u003edb9f4e5\u003c/code\u003e\u003c/a\u003e Release 2026-05-22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/34e7ddc9400e830a9ae226a7e3c2161e5ece4f19\"\u003e\u003ccode\u003e34e7ddc\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f9db036cf7b3b8a1ea5eb67c3d296da4b48b6e2b\"\u003e\u003ccode\u003ef9db036\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ae5eae1e3ec46433bd99496bfa6936f8f09a2e72\"\u003e\u003ccode\u003eae5eae1\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/429dbdd2a35d325aabc5757edfc9ebf09c2ad12e\"\u003e\u003ccode\u003e429dbdd\u003c/code\u003e\u003c/a\u003e Feat discover endpoint partition validation (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3410\"\u003e#3410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ab4f5b60785064ec6346c922604d94b63d9c7299\"\u003e\u003ccode\u003eab4f5b6\u003c/code\u003e\u003c/a\u003e Release 2026-05-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/757a09909a97a15e5a481d9839b83f15b8fdc4bc\"\u003e\u003ccode\u003e757a099\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/02c8323ee6c99be82dae3a3923616756cb164525\"\u003e\u003ccode\u003e02c8323\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f4ac954c5b3567f7918fbaa845bd05a8b211f54e\"\u003e\u003ccode\u003ef4ac954\u003c/code\u003e\u003c/a\u003e Bump smithy-go version and update imports for evenstream protocoltests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3420\"\u003e#3420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6d937001e020def8b587dccbe5d803933ce57bfd\"\u003e\u003ccode\u003e6d93700\u003c/code\u003e\u003c/a\u003e Add replace for credentials dependency added on go.mod (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3419\"\u003e#3419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/feature/s3/manager/v1.22.18...feature/s3/manager/v1.22.19\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/modelcontextprotocol/go-sdk` from 1.6.0 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/releases\"\u003egithub.com/modelcontextprotocol/go-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.1\u003c/h2\u003e\n\u003cp\u003eThis release adds an MCPGODEBUG flag to opt out of the Content-Type check on POST requests.\u003c/p\u003e\n\u003ch2\u003eBehavior Changes\u003c/h2\u003e\n\u003cp\u003ePrior to v1.6.0 (v1.4.0...v1.5.0), the Content-Type check on POST requests was gated by the same \u003ccode\u003edisablecrossoriginprotection\u003c/code\u003e MCPGODEBUG flag as the cross-origin protection. In v1.6.0, the cross-origin protection was disabled by default (replaced by the opt-in \u003ccode\u003eenableoriginverification\u003c/code\u003e flag), but the Content-Type check was kept on unconditionally, leaving no way to disable it.\nThis release restores an escape hatch for both the Streamable HTTP and SSE transports: setting \u003ccode\u003eMCPGODEBUG=disablecontenttypecheck=1\u003c/code\u003e skips the \u003ccode\u003eContent-Type: application/json\u003c/code\u003e validation on POST requests.\nSee \u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/issues/957\"\u003e#957\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003emcp: add MCPGPDEBUG for opt-in Content-Type check by \u003ca href=\"https://github.com/guglielmo-san\"\u003e\u003ccode\u003e@​guglielmo-san\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/pull/972\"\u003emodelcontextprotocol/go-sdk#972\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/commit/d454bbaf06a342aee5336df3370321d9cdec2478\"\u003e\u003ccode\u003ed454bba\u003c/code\u003e\u003c/a\u003e mcp: add MCPGPDEBUG for opt-in Content-Type check (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/issues/972\"\u003e#972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.51.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.51.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.53.0 to 0.54.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/b138e06246cb323f2f380c2b7f7dd91f581dd56b\"\u003e\u003ccode\u003eb138e06\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/689f70a42abd350f3a1aaa70b0d13eb9543d927a\"\u003e\u003ccode\u003e689f70a\u003c/code\u003e\u003c/a\u003e quic: fix wrong final size being used for RESET_STREAM frame\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/208f306b2f0fd008b388bee2c2644be279778e94\"\u003e\u003ccode\u003e208f306\u003c/code\u003e\u003c/a\u003e http3: increase handshake timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/49810da71b9026da9e0d028a6ad8c7730c52d9c4\"\u003e\u003ccode\u003e49810da\u003c/code\u003e\u003c/a\u003e http2: enable net/http wrapping when go \u0026gt;= 1.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/5e11a5ab891c117eda83b4304d60dd13286c1c76\"\u003e\u003ccode\u003e5e11a5a\u003c/code\u003e\u003c/a\u003e quic: fix data race in streamForFrame\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/8c63081cd380ea768db5651941614b73472160ff\"\u003e\u003ccode\u003e8c63081\u003c/code\u003e\u003c/a\u003e http2: use empty Transport rather than DefaultTransport in http2wrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/fc7b466ca49cb204039630533ece4fc557eb35cd\"\u003e\u003ccode\u003efc7b466\u003c/code\u003e\u003c/a\u003e http2: add http2wrap test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/15c2cb1875fd727313dc4de909b3ee149422fbe2\"\u003e\u003ccode\u003e15c2cb1\u003c/code\u003e\u003c/a\u003e http2: avoid overflowing 32-bit int when http2wrap enabled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/64651885c2f2d745d77af2d7af2edbf568c179af\"\u003e\u003ccode\u003e6465188\u003c/code\u003e\u003c/a\u003e http2: add wrapped Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/72f419a894cb0597dd5b6bcf119086bf2af41231\"\u003e\u003ccode\u003e72f419a\u003c/code\u003e\u003c/a\u003e http2: add wrapped ClientConn\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.53.0...v0.54.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ruaan-deysel/vault/pull/106","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruaan-deysel%2Fvault/issues/106","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/106/packages"},{"uuid":"4519409992","node_id":"PR_kwDOBAr5ps7fKh1S","number":9975,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T20:37:12.000Z","updated_at":"2026-05-26T21:53:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":20,"packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.31","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/containerd/api","old_version":"1.10.0","new_version":"1.11.1","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containers/conmon-rs","old_version":"0.7.3","new_version":"0.8.0","repository_url":"https://github.com/containers/conmon-rs"},{"name":"github.com/containers/kubensmnt","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/containers/kubensmnt"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.28.3","new_version":"2.29.0","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.4.1","new_version":"1.4.2","repository_url":"https://github.com/opencontainers/runc"},{"name":"github.com/opencontainers/selinux","old_version":"1.13.1","new_version":"1.15.0","repository_url":"https://github.com/opencontainers/selinux"},{"name":"golang.org/x/net","old_version":"0.53.0","new_version":"0.55.0","repository_url":"https://github.com/golang/net"},{"name":"google.golang.org/grpc","old_version":"1.80.0","new_version":"1.81.1","repository_url":"https://github.com/grpc/grpc-go"},{"name":"k8s.io/api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/api"},{"name":"k8s.io/client-go","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/client-go"},{"name":"k8s.io/component-base","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/component-base"},{"name":"k8s.io/cri-streaming","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-streaming"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.31` | `1.7.32` |\n| [github.com/containerd/containerd/api](https://github.com/containerd/containerd) | `1.10.0` | `1.11.1` |\n| [github.com/containers/conmon-rs](https://github.com/containers/conmon-rs) | `0.7.3` | `0.8.0` |\n| [github.com/containers/kubensmnt](https://github.com/containers/kubensmnt) | `1.2.0` | `1.3.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.4.1` | `1.4.2` |\n| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.13.1` | `1.15.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.55.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.80.0` | `1.81.1` |\n| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.0` | `0.36.1` |\n| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.0` | `0.36.1` |\n| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-streaming](https://github.com/kubernetes/cri-streaming) | `0.36.0` | `0.36.1` |\n\n\nUpdates `github.com/containerd/containerd` from 1.7.31 to 1.7.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.31...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd/api` from 1.10.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd API 1.11.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.1 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe first patch release for the containerd 1.11 API includes a fix\nin the task endpoints for non-runc shims.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for api/v1.11.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13444\"\u003e#13444\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef299\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9ec\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/containerd/containerd/releases/tag/api/v1.11.0\"\u003eapi/v1.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003econtainerd API 1.11.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.0 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe 12th release for the containerd 1.x API aligns with the containerd 2.3 release.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd transfer types for container filesystem copy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13165\"\u003e#13165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate sandbox API to include spec field (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12840\"\u003e#12840\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd os.features support for EROFS native container images (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13091\"\u003e#13091\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f822a911ab2b7c73e30bc0f36ea319642c9711b1\"\u003e\u003ccode\u003ef822a91\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13444\"\u003e#13444\u003c/a\u003e from dmcgowan/prepare-api-v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef2\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a50a704094cf72710ccfa4944a642ef4e7ec9d2c\"\u003e\u003ccode\u003ea50a704\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13422\"\u003e#13422\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13360-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/5282d4e09d3bc8b0957780caa7a4644fac7c86a7\"\u003e\u003ccode\u003e5282d4e\u003c/code\u003e\u003c/a\u003e Wire task address and version fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/85f22f7afa3af5aa5083cc7ae50c3b58a35b8849\"\u003e\u003ccode\u003e85f22f7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13409\"\u003e#13409\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4d80a31bf637bc15e83e50a15941bf5bb0cb3988\"\u003e\u003ccode\u003e4d80a31\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2ed0d97b6e58def34684a1bffc2ab6931182f221\"\u003e\u003ccode\u003e2ed0d97\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2315484b7e7a5b53e73ad3b143c780ec7612420b\"\u003e\u003ccode\u003e2315484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13390\"\u003e#13390\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13363-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1ad3402b855b77eb3800f74c87ff78736edf72d2\"\u003e\u003ccode\u003e1ad3402\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13394\"\u003e#13394\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13389-t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/api/v1.10.0...api/v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/conmon-rs` from 0.7.3 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/conmon-rs/releases\"\u003egithub.com/containers/conmon-rs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOpenTelemetry dependencies are now optional. Enable with --features telemetry at build time. (\u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3044\"\u003e#3044\u003c/a\u003e, \u003ca href=\"https://github.com/saschagrunert\"\u003e\u003ccode\u003e@​saschagrunert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecyphar.com/go-pathrs: v0.2.4\u003c/li\u003e\n\u003cli\u003egithub.com/NYTimes/gziphandler: \u003ca href=\"https://github.com/NYTimes/gziphandler/tree/v1.1.1\"\u003ev1.1.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cespare/xxhash/v2: \u003ca href=\"https://github.com/cespare/xxhash/tree/v2.3.0\"\u003ev2.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/expect: v0.1.0-deprecated\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated\u003c/li\u003e\n\u003cli\u003ek8s.io/gengo/v2: 85fd79d\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egithub.com/coreos/go-systemd/v22: \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ev22.6.0 → v22.7.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cpuguy83/go-md2man/v2: \u003ca href=\"https://github.com/cpuguy83/go-md2man/compare/v2.0.5...v2.0.7\"\u003ev2.0.5 → v2.0.7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cyphar/filepath-securejoin: \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ev0.5.1 → v0.6.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/google/pprof: \u003ca href=\"https://github.com/google/pprof/compare/f64d9cf...294ebfa\"\u003ef64d9cf → 294ebfa\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/ginkgo/v2: \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.2...v2.28.1\"\u003ev2.27.2 → v2.28.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/gomega: \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.39.1\"\u003ev1.38.2 → v1.39.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/cgroups: \u003ca href=\"https://github.com/opencontainers/cgroups/compare/v0.0.5...v0.0.6\"\u003ev0.0.5 → v0.0.6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runc: \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.3...v1.4.1\"\u003ev1.3.3 → v1.4.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-spec: \u003ca href=\"https://github.com/opencontainers/runtime-spec/compare/v1.2.1...v1.3.0\"\u003ev1.2.1 → v1.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-tools: \u003ca href=\"https://github.com/opencontainers/runtime-tools/compare/0ea5ed0...5e63903\"\u003e0ea5ed0 → 5e63903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/selinux: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ev1.12.0 → v1.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/rogpeppe/go-internal: \u003ca href=\"https://github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1\"\u003ev1.13.1 → v1.14.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/sirupsen/logrus: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ev1.9.3 → v1.9.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/urfave/cli: \u003ca href=\"https://github.com/urfave/cli/compare/v1.22.16...v1.22.17\"\u003ev1.22.16 → v1.22.17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/metric: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/trace: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/common: v0.66.0 → v0.67.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/image/v5: v5.38.0 → v5.39.1\u003c/li\u003e\n\u003cli\u003ego.podman.io/storage: v1.61.0 → v1.62.0\u003c/li\u003e\n\u003cli\u003ego.yaml.in/yaml/v2: v2.4.2 → v2.4.3\u003c/li\u003e\n\u003cli\u003egolang.org/x/crypto: v0.43.0 → v0.47.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/mod: v0.28.0 → v0.32.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/net: v0.45.0 → v0.49.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/oauth2: v0.27.0 → v0.30.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sync: v0.17.0 → v0.19.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sys: v0.37.0 → v0.40.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/telemetry: aef8a43 → bd525da\u003c/li\u003e\n\u003cli\u003egolang.org/x/term: v0.36.0 → v0.39.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/text: v0.30.0 → v0.33.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools: v0.37.0 → v0.41.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/c07e5214eeef082e83661ff7b610bac38f08401c\"\u003e\u003ccode\u003ec07e521\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3142\"\u003e#3142\u003c/a\u003e from saschagrunert/bump-v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/df8a5f4c70a2a72568ba68f61e0fa0f9cdb5a7a3\"\u003e\u003ccode\u003edf8a5f4\u003c/code\u003e\u003c/a\u003e Bump version to v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4bb0a0f5f65d1a79c53951d02dfb27a298990a83\"\u003e\u003ccode\u003e4bb0a0f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3141\"\u003e#3141\u003c/a\u003e from containers/dependabot/cargo/zerocopy-0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4b81484a4c533f11da91bf415572bb3fdb609f62\"\u003e\u003ccode\u003e4b81484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3140\"\u003e#3140\u003c/a\u003e from containers/dependabot/cargo/itoa-1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/06c19681c35ec24c9567537bc8ed66c41766f876\"\u003e\u003ccode\u003e06c1968\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3137\"\u003e#3137\u003c/a\u003e from containers/dependabot/github_actions/actions/ca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/d8c08482543a40dda9d7140ab0faddfb90965450\"\u003e\u003ccode\u003ed8c0848\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3139\"\u003e#3139\u003c/a\u003e from containers/dependabot/cargo/opentelemetry-84f9a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/a9d10cc555ed4b1662fa7786bcc6538d9eaa0f78\"\u003e\u003ccode\u003ea9d10cc\u003c/code\u003e\u003c/a\u003e build(deps): bump zerocopy from 0.8.42 to 0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/295c1e2eed7ded46acc386d42356bf6095b447bb\"\u003e\u003ccode\u003e295c1e2\u003c/code\u003e\u003c/a\u003e build(deps): bump itoa from 1.0.17 to 1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/46856f7efc3d89b89f4799236acfa82c0f40055f\"\u003e\u003ccode\u003e46856f7\u003c/code\u003e\u003c/a\u003e build(deps): bump opentelemetry-otlp in the opentelemetry group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/e7caf158f2fc1576fa827e6c98862135d7696703\"\u003e\u003ccode\u003ee7caf15\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3135\"\u003e#3135\u003c/a\u003e from containers/dependabot/go_modules/k8s.io/client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/conmon-rs/compare/v0.7.3...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/kubensmnt` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/kubensmnt/releases\"\u003egithub.com/containers/kubensmnt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd stand-alone installation makefiles by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/9\"\u003econtainers/kubensmnt#9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd go embed test by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/10\"\u003econtainers/kubensmnt#10\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure shellcheck to enforce double-bracket style checks by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/12\"\u003econtainers/kubensmnt#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeck to make sure kubensmnt is mounted by \u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePre-create /run/netns bindmount so it propagates to the kubensmnt namespace by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/13\"\u003econtainers/kubensmnt#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove netns pre-mount code by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/14\"\u003econtainers/kubensmnt#14\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/d37589433623e38d0e73fa00ae7eedb70eec90d8\"\u003e\u003ccode\u003ed375894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/14\"\u003e#14\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/179235fb9bf4dea2275c637429c32b9204a6483d\"\u003e\u003ccode\u003e179235f\u003c/code\u003e\u003c/a\u003e Improve netns pre-mount code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9af9d360c629cfcf9b45e7ef1e5be0945016f6a1\"\u003e\u003ccode\u003e9af9d36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/13\"\u003e#13\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/6bbafddc37bbf8e8c05fc283997fb8e6cd735636\"\u003e\u003ccode\u003e6bbafdd\u003c/code\u003e\u003c/a\u003e Pre-create /run/netns bindmount so it propagates to the kubensmnt namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/3424a142b287da0adc4b759e37840f1204769f39\"\u003e\u003ccode\u003e3424a14\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/11\"\u003e#11\u003c/a\u003e from pixelsoccupied/check-mount\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/7a7d59131dce11a013f6eee6d588309c1cb7f403\"\u003e\u003ccode\u003e7a7d591\u003c/code\u003e\u003c/a\u003e check to make sure kubensmnt is mounted\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/4b80f7c792c8864970ca94a72f3d410691221749\"\u003e\u003ccode\u003e4b80f7c\u003c/code\u003e\u003c/a\u003e Configure shellcheck to enforce double-bracket style checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2e5472fd300ef840cbb340e9031897f3c006a99e\"\u003e\u003ccode\u003e2e5472f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/10\"\u003e#10\u003c/a\u003e from lack/go_embed_test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9264c5c70b513e5d48b987a6b55b11a3108a083c\"\u003e\u003ccode\u003e9264c5c\u003c/code\u003e\u003c/a\u003e Add go embed test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2728572f6444955f5f737bd46905214b654e74d3\"\u003e\u003ccode\u003e2728572\u003c/code\u003e\u003c/a\u003e Add stand-alone installation makefiles\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.29.0\u003c/h2\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/04b5bcbe4eee911a1baf506eda1e7e811c978937\"\u003e\u003ccode\u003e04b5bcb\u003c/code\u003e\u003c/a\u003e v2.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/124232a4531c77a7f31a036e0150e06fa78b2af8\"\u003e\u003ccode\u003e124232a\u003c/code\u003e\u003c/a\u003e docs: GinkgoHelperGo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/ad9cee80bdfda573e94f1b05f2bd4afa1a2fe815\"\u003e\u003ccode\u003ead9cee8\u003c/code\u003e\u003c/a\u003e feat: GinkgoHelperGo, with integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/9e56a0a2a090eb83af696381161bdb996c69bcac\"\u003e\u003ccode\u003e9e56a0a\u003c/code\u003e\u003c/a\u003e chore: refactor devcontainer for better maintenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/3d235a96ac05d9e855048c66528d2fdbfb9101f7\"\u003e\u003ccode\u003e3d235a9\u003c/code\u003e\u003c/a\u003e chore: ignore internal/tmp_*/ integration suite temporary dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/782666ae83c2bc804f28b1333bf91a21b093d946\"\u003e\u003ccode\u003e782666a\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/009dd04de2d18f00c3c812d2caab713a165a1f7c\"\u003e\u003ccode\u003e009dd04\u003c/code\u003e\u003c/a\u003e Support DescribeTableSubtree in ginkgo outline\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.28.3...v2.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.41.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eBeASlice\u003c/code\u003e and \u003ccode\u003eBeAnArray\u003c/code\u003e matchers\u003c/p\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eObject formatting now detects pointer cycles to avoid runaway formatting output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/af2bccb5831cbcc56cfc16ca3056077cdec4798b\"\u003e\u003ccode\u003eaf2bccb\u003c/code\u003e\u003c/a\u003e v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/73e81f6f054c825d1743bf4090ac0a9e1d5605af\"\u003e\u003ccode\u003e73e81f6\u003c/code\u003e\u003c/a\u003e v1.41.0 (full)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e35a84f24113255aaeea62fe7c47e09adf39109b\"\u003e\u003ccode\u003ee35a84f\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/f12e5e1bc7167fae21ef37b0d9d358d51063ff5e\"\u003e\u003ccode\u003ef12e5e1\u003c/code\u003e\u003c/a\u003e fix(format): detect pointer cycles to avoid runaway formatting output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e14831fefa86313f2b01fb803b2ac937e49d08b6\"\u003e\u003ccode\u003ee14831f\u003c/code\u003e\u003c/a\u003e Add optionalDescription docs to AsyncAssertion and Assertion interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/344b94dae7e0df0e2d087574b4c2b1b1597a6943\"\u003e\u003ccode\u003e344b94d\u003c/code\u003e\u003c/a\u003e Add BeASlice and BeAnArray matchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.40.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.4.1 to 1.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.2 -- \u0026quot;Я — Земля! Я своих провожаю питомцев\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the second patch release of the 1.4.z release series of runc.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStatic Linking Notices\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003erunc\u003c/code\u003e binary distributed with this release are \u003cem\u003estatically linked\u003c/em\u003e with\nthe following \u003ca href=\"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\"\u003eGNU LGPL-2.1\u003c/a\u003e licensed libraries, with \u003ccode\u003erunc\u003c/code\u003e acting\nas a \u0026quot;work that uses the Library\u0026quot;:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seccomp/libseccomp\"\u003elibseccomp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe versions of these libraries were not modified from their upstream versions,\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\ncomplete source code for those libraries which (when combined with the attached\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\u003c/p\u003e\n\u003cp\u003eHowever we strongly suggest that you make use of your distribution's packages\nor download them from the authoritative upstream sources, especially since\nthese libraries are related to the security of your containers.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAyato Tokubi \u003ca href=\"mailto:atokubi@redhat.com\"\u003eatokubi@redhat.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAkihiro Suda \u003ca href=\"mailto:akihiro.suda.cz@hco.ntt.co.jp\"\u003eakihiro.suda.cz@hco.ntt.co.jp\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLi Fubang \u003ca href=\"mailto:lifubang@acmcoder.com\"\u003elifubang@acmcoder.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRodrigo Campos Catelin \u003ca href=\"mailto:rodrigo@amutable.com\"\u003erodrigo@amutable.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Kir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/v1.4.2/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.2] - 2026-04-02\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eЯ — Земля! Я своих провожаю питомцев.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c241c0bb5e60a8e8c1b2e53d4eca8d0068d8d57e\"\u003e\u003ccode\u003ec241c0b\u003c/code\u003e\u003c/a\u003e VERSION: release v1.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/95f27e805324fce0899c9a2afbb819944f91315b\"\u003e\u003ccode\u003e95f27e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e from lifubang/backport-5210-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/39791aeab622c319146456c603643062d256e715\"\u003e\u003ccode\u003e39791ae\u003c/code\u003e\u003c/a\u003e Fix SIGCHLD race in signal handler setup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/226ff030b46f482c7715726a5de70957a9aec24d\"\u003e\u003ccode\u003e226ff03\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e from lifubang/backport-5177-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/9de77a986c188bd436d5a60f47066388f6b199b5\"\u003e\u003ccode\u003e9de77a9\u003c/code\u003e\u003c/a\u003e test: check mount source fds are cleaned up with idmapped mounts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e4a82fc2d8604fa48f0bfbf7cb09b7c074a9dcc9\"\u003e\u003ccode\u003ee4a82fc\u003c/code\u003e\u003c/a\u003e libct: close mount source fd as soon as possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/87db63422d1d11b2a726674ca9ff276e5fffc7dd\"\u003e\u003ccode\u003e87db634\u003c/code\u003e\u003c/a\u003e libct: add a nil check for mountError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/d4305dc5dddc9daf4a5adb9d6465d230e83f5e94\"\u003e\u003ccode\u003ed4305dc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5187\"\u003e#5187\u003c/a\u003e from kolyshkin/1.4-5159\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/63605fc49f9dc6a26b55d7f26e0473c1e626230b\"\u003e\u003ccode\u003e63605fc\u003c/code\u003e\u003c/a\u003e ci: add conmon tests run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/0daa0038d2f5151c0b503480c311f93694388ef0\"\u003e\u003ccode\u003e0daa003\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5178\"\u003e#5178\u003c/a\u003e from kolyshkin/1.4-5175\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.4.1...v1.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.13.1 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release adds a new function, SetProcessKind, which is to be used instead of KVMProcessLabel[s] and InitProcessLabel[s] in case the user only wants to change the type of the existing label, not generate a new one. It also fixes an CI issue and optimizes label.InitLabels for a few common cases.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: set timeout for vm jobs by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/270\"\u003eopencontainers/selinux#270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elabel.InitLabels: optimize by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/269\"\u003eopencontainers/selinux#269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SetProcessKind by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/271\"\u003eopencontainers/selinux#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.1\u003c/h2\u003e\n\u003cp\u003eThis release mostly fixes label.InitLabels regression introduced in v1.14.0.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: rm travis, add gha badge by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/268\"\u003eopencontainers/selinux#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix label.InitLabels regression in v1.14.0; amend ReserveLabelV2 doc by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/267\"\u003eopencontainers/selinux#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release fixes a regression in ExecLabel, bumps the minimal Go version to 1.22, and deprecates several functions in favor of improved API.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eExecLabel\u003c/code\u003e was using an incorrect path (regression in v1.13.0). (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/253\"\u003eopencontainers/selinux#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eCategoryRange\u003c/code\u003e is deprecated; use \u003ccode\u003eSetCategoryRange\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eKVMContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eKVMContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eInitContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eInitContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eReserveLabel\u003c/code\u003e is deprecated; use \u003ccode\u003eReserveLabelV2\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eROFileLabel\u003c/code\u003e is deprecated; if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContainerLabels\u003c/code\u003e is deprecated, if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSEUserByName\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/251\"\u003eopencontainers/selinux#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCheckLabel\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/250\"\u003eopencontainers/selinux#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSetCategoryRange\u003c/code\u003e, \u003ccode\u003eKVMContainerLabel\u003c/code\u003e, \u003ccode\u003eInitContainerLabel\u003c/code\u003e, \u003ccode\u003eReserveLabelV2\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to Go 1.22 as the minimally supported version (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/256\"\u003eopencontainers/selinux#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eGetDefaultContextWithLevel\u003c/code\u003e to fall back to failsafe context (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse math/rand/v2 rather than crypto/rand for MCS label generation (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/257\"\u003eopencontainers/selinux#257\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMAINTAINERS: add Aleksa as a maintainer. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/243\"\u003eopencontainers/selinux#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAssorted CI bumps and related fixes. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/255\"\u003eopencontainers/selinux#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove intToMcs. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/259\"\u003eopencontainers/selinux#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse Cut more. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/254\"\u003eopencontainers/selinux#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify getSelinuxMountPoint. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/258\"\u003eopencontainers/selinux#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify/remove some code. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/261\"\u003eopencontainers/selinux#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/84683a6ecf369d67892b764300da9a614e403073\"\u003e\u003ccode\u003e84683a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/271\"\u003e#271\u003c/a\u003e from kolyshkin/change-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8889f6ec5dfbc92be63ff81f67cce3f1e7f8567a\"\u003e\u003ccode\u003e8889f6e\u003c/code\u003e\u003c/a\u003e Add SetProcessKind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fb9b5b20d3dce247bd0b0a96e26ad983c4909b9a\"\u003e\u003ccode\u003efb9b5b2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/269\"\u003e#269\u003c/a\u003e from kolyshkin/init-labels-opt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/74873e291f7a5d573fec3e7f2e0e16a8595434ca\"\u003e\u003ccode\u003e74873e2\u003c/code\u003e\u003c/a\u003e label.InitLabels: optimize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8bf19e9d124ef078dd0c0dfc2a14f3b9843c987\"\u003e\u003ccode\u003ec8bf19e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/270\"\u003e#270\u003c/a\u003e from kolyshkin/timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/a55d914f19b9dad21a21f5d882452971e7db2d03\"\u003e\u003ccode\u003ea55d914\u003c/code\u003e\u003c/a\u003e ci: set timeout for vm jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/89b039b4fb2ec4056a15eefce2e6e1a85b33fa70\"\u003e\u003ccode\u003e89b039b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/267\"\u003e#267\u003c/a\u003e from kolyshkin/damage-control\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8c517ef35fd53d6a151e950bcc56f80d3fb2dec0\"\u003e\u003ccode\u003e8c517ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/268\"\u003e#268\u003c/a\u003e from kolyshkin/readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/e184f4698c2e22c0969fb1302da049ba805213eb\"\u003e\u003ccode\u003ee184f46\u003c/code\u003e\u003c/a\u003e selinux.ReserveLabelV2: note on ignoring ErrMCSAlreadyExists\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fa158854b7c1d6064a41282522d109d8f71e9cfa\"\u003e\u003ccode\u003efa15885\u003c/code\u003e\u003c/a\u003e label.InitLabels: dont't return ErrMCSAlreadyExists\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.1...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/common` from 0.66.2-0.20260126213724-1e46b0756b39 to 0.67.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/container-libs/releases\"\u003ego.podman.io/common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ecommon/v0.67.0\u003c/h2\u003e\n\u003cp\u003ego.podman.io/common release for podman v5.8\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/container-libs/commits/common/v0.67.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/image/v5` from 5.38.0 to 5.39.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/80fb329c24eb41f760488720a493946435196f31\"\u003e\u003ccode\u003e80fb329\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump to image 5.39.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/c41710e4e2fe11eb1716151f552f29d0f61df565\"\u003e\u003ccode\u003ec41710e\u003c/code\u003e\u003c/a\u003e [podman-5.8] Add missing image go.sum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/a1da33bdfddae9f31cf436f30dd4d8712d76d922\"\u003e\u003ccode\u003ea1da33b\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump image to v5.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/d5d959a8faa860f260c8b05e84a33ac4e8d9ed31\"\u003e\u003ccode\u003ed5d959a\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump storage to 1.62.0 in image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/b4ff26efa1f98823d53136a3944b3964e7426693\"\u003e\u003ccode\u003eb4ff26e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/626\"\u003e#626\u003c/a\u003e from TomSweeneyRedHat/dev/tsweeney/dance-5.8-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/bb290dc125b3e3ea2f18e7cf2f2ec4b8810265b6\"\u003e\u003ccode\u003ebb290dc\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump storage to v1.62.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/a79d33cb983b2308a4bb485c327b5ef026177d3b\"\u003e\u003ccode\u003ea79d33c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/616\"\u003e#616\u003c/a\u003e from l0rd/pr-612-to-5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/90383df2587fae116f31f785115b25957e5c84cb\"\u003e\u003ccode\u003e90383df\u003c/code\u003e\u003c/a\u003e common: safer use of \u003ccode\u003efilepath.EvalSymlinks()\u003c/code\u003e in \u003ccode\u003efindBindir()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/89d4270d09cdbe577335374c30ef446d1a728d1e\"\u003e\u003ccode\u003e89d4270\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/601\"\u003e#601\u003c/a\u003e from Luap99/podman-5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/d1241f8bc422070205ce55cbebcbc68945b6b245\"\u003e\u003ccode\u003ed1241f8\u003c/code\u003e\u003c/a\u003e fix debug log for \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/container-libs/compare/image/v5.38.0...image/v5.39.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/storage` from 1.61.1-0.20251212224252-b0f86df5a665 to 1.62.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/container-libs/commits/storage/v1.62.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.53.0 to 0.55.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7770ec48d03fec35e378665337b4faca93c38423\"\u003e\u003ccode\u003e7770ec4\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/4ece7b612ad44ad6c4d5e0d5d4df9c18cc211905\"\u003e\u003ccode\u003e4ece7b6\u003c/code\u003e\u003c/a\u003e html: escape greater-than symbol in doctype identifiers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/08be507abce89191d78cd49da60f4501fc910472\"\u003e\u003ccode\u003e08be507\u003c/code\u003e\u003c/a\u003e html: improve Noah's Ark clause performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/a8fb2fe4f7378f816302b9f2f7b8290ce512e5dd\"\u003e\u003ccode\u003ea8fb2fe\u003c/code\u003e\u003c/a\u003e html: properly render fostered elements in foreign content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/0dc5b7a5f81d7155ade6d5e9db35992998679932\"\u003e\u003ccode\u003e0dc5b7a\u003c/code\u003e\u003c/a\u003e html: properly check namespace in \u0026quot;in body\u0026quot; any other end tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/a452f3cc17168a60bc3f439a3ae0fcffc32eca0e\"\u003e\u003ccode\u003ea452f3c\u003c/code\u003e\u003c/a\u003e html: ignore duplicate attributes during tokenization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/f8651996b24ba47d89dd9eb97fd47758e6d1886f\"\u003e\u003ccode\u003ef865199\u003c/code\u003e\u003c/a\u003e quic: fix appendMaxDataFrame erroneously accumulating sentLimit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/210ed3cb901cb549818aefa04b71dadaf149d05d\"\u003e\u003ccode\u003e210ed3c\u003c/code\u003e\u003c/a\u003e quic: establish a \u0026quot;happened-before\u0026quot; relationship between stream write and read\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ad8140e0aa2ec41b37ea478b4525a423bcc21af9\"\u003e\u003ccode\u003ead8140e\u003c/code\u003e\u003c/a\u003e quic: fix buffer slicing when handling overlapping stream data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/23ee2efe81a3ff183b4eca46c42f749af7efca45\"\u003e\u003ccode\u003e23ee2ef\u003c/code\u003e\u003c/a\u003e http2: avoid API changes when built with go1.27\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.53.0...v0.55.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.43.0 to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/397d5f80920585bc27433d878aba498d062f81e1\"\u003e\u003ccode\u003e397d5f8\u003c/code\u003e\u003c/a\u003e unix: update to Linux kernel 7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/0a387f7a07d7a0e9811f00603c10b4e5a94ab79c\"\u003e\u003ccode\u003e0a387f7\u003c/code\u003e\u003c/a\u003e cpu: detect zbc extension on riscv64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/758f71cb839d131daf0ba4befa6a2c6ceb21a649\"\u003e\u003ccode\u003e758f71c\u003c/code\u003e\u003c/a\u003e cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/99666ae32e07f6403182a79cb5df0c417cbbf25f\"\u003e\u003ccode\u003e99666ae\u003c/code\u003e\u003c/a\u003e unix: merge Linux readv/writev implementation with Darwin/OpenBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e4444cbaaaf61cecff8e635874066fcd5c841575\"\u003e\u003ccode\u003ee4444cb\u003c/code\u003e\u003c/a\u003e windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/04396e85d470b7f990a9a1df5c1a44dc8e30c292\"\u003e\u003ccode\u003e04396e8\u003c/code\u003e\u003c/a\u003e unix: add Readv, Writev, Preadv, Pwritev for OpenBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/fb1facd76f95fa87c151018200ea5e4892ff115d\"\u003e\u003ccode\u003efb1facd\u003c/code\u003e\u003c/a\u003e windows: avoid uint16 overflow in NewNTUnicodeString\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/94ad893e1e59c1d079221324d38945d2aad8703f\"\u003e\u003ccode\u003e94ad893\u003c/code\u003e\u003c/a\u003e windows: add GetIfTable2Ex, GetIpInterface{Entry,Table}, GetUnicastIpAddressT...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/54fe89f8411576c06b345b341ca79a77d878a4ad\"\u003e\u003ccode\u003e54fe89f\u003c/code\u003e\u003c/a\u003e cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/df7d5d7b60641d17d87e2b50911124cb65f954fd\"\u003e\u003ccode\u003edf7d5d7\u003c/code\u003e\u003c/a\u003e unix: automatically remove container created by mkall.sh\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/sys/compare/v0.43.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.80.0 to 1.81.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.81.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per \u003ca href=\"https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md\"\u003egRFC A41\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/al4an444\"\u003e\u003ccode\u003e@​al4an444\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eotel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.81.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8808\"\u003e#8808\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDependencies\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eMinimum supported Go version is now 1.25. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8969\"\u003e#8969\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8956\"\u003e#8956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Send a \u003ccode\u003eRST_STREAM\u003c/code\u003e when receiving an \u003ccode\u003eEND_STREAM\u003c/code\u003e when the stream is not already half-closed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8832\"\u003e#8832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Fix ADS resource name validation to prevent a panic. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8970\"\u003e#8970\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc/stats: Add support for custom labels in per-call metrics (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A108-otel-custom-per-call-label.md\"\u003egRFC A108\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9008\"\u003e#9008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for Server Name Indication (SNI) and SAN validation (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md\"\u003egRFC A101\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_SNI=true\u003c/code\u003e environment variable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9016\"\u003e#9016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md\"\u003egRFC A85\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9005\"\u003e#9005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add metrics to track xDS client connectivity and cached resource state (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md\"\u003egRFC A78\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8807\"\u003e#8807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Enhance \u003ccode\u003egrpc.subchannel.disconnections\u003c/code\u003e metric by adding disconnection reason to the \u003ccode\u003egrpc.disconnect_error\u003c/code\u003e label (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A94-subchannel-otel-metrics.md\"\u003egRFC A94\u003c/a\u003e). This provides granular insights into why subchannels are closing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8973\"\u003e#8973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Add \u003ccode\u003emem.Buffer.Slice()\u003c/code\u003e API to slice the buffer like a slice. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8977\"\u003e#8977\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/ash2k\"\u003e\u003ccode\u003e@​ash2k\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ealts: Pool read buffers to lower memory utilization when sockets are unreadable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8964\"\u003e#8964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set \u003ccode\u003eGRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false\u003c/code\u003e and report any issues. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9032\"\u003e#9032\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/caf0772c2bcb8bc15d43eb53448e921f34f0b7e8\"\u003e\u003ccode\u003ecaf0772\u003c/code\u003e\u003c/a\u003e Change version from 1.81.1-dev to 1.81.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9122\"\u003e#9122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6ccbeebf058ede71e43a5ac28fada2a736573215\"\u003e\u003ccode\u003e6ccbeeb\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9121\"\u003e#9121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/b33c29e41b438e371c8504de9bdf64a80098cc29\"\u003e\u003ccode\u003eb33c29e\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9102\"\u003e#9102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/c45fae6d06a5c192b7b96418a2bc26a96b856834\"\u003e\u003ccode\u003ec45fae6\u003c/code\u003e\u003c/a\u003e Change version to 1.81.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9063\"\u003e#9063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cb18228317ff523e63d931b4058b0329585b7dcd\"\u003e\u003ccode\u003ecb18228\u003c/code\u003e\u003c/a\u003e Cha...\n\n_Description has been truncated_","html_url":"https://github.com/cri-o/cri-o/pull/9975","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9975","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9975/packages"},{"uuid":"4519379606","node_id":"PR_kwDOQNjm387fKbZL","number":121,"state":"open","title":"chore(deps): bump github.com/go-chi/chi/v5 from 5.2.3 to 5.3.0 in /apps/api","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T20:30:51.000Z","updated_at":"2026-05-25T20:32:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.3","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":"/apps/api","ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.3 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.3...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5\u0026package-manager=go_modules\u0026previous-version=5.2.3\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/egeuysall/ryva-archive/pull/121","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/egeuysall%2Fryva-archive/issues/121","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/121/packages"}],"issue_packages":[{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":"/backend","pr_created_at":"2026-06-06T02:28:24.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4601507916","node_id":"PR_kwDOSZJ_Ts7jVegq","number":36,"state":"closed","title":"build(deps): bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0 in /backend","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-06T11:05:19.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-06T02:28:24.000Z","updated_at":"2026-06-06T11:05:28.000Z","time_to_close":31015,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":"/backend","ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/kerti/balances-v2/pull/36","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kerti%2Fbalances-v2/issues/36","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/36/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-06-03T22:37:11.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4584174629","node_id":"PR_kwDOSHEj7M7icVQQ","number":38,"state":"open","title":"deps(go): bump the go-minor-patch group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-03T22:37:11.000Z","updated_at":"2026-06-03T22:51:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(go): bump","group_name":"go-minor-patch","update_count":7,"packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/gotd/td","old_version":"0.143.0","new_version":"0.145.1","repository_url":"https://github.com/gotd/td"},{"name":"github.com/jackc/pgx/v5","old_version":"5.9.2","new_version":"5.10.0","repository_url":"https://github.com/jackc/pgx"},{"name":"github.com/pressly/goose/v3","old_version":"3.27.0","new_version":"3.27.1","repository_url":"https://github.com/pressly/goose"},{"name":"go.uber.org/zap","old_version":"1.27.1","new_version":"1.28.0","repository_url":"https://github.com/uber-go/zap"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-minor-patch group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/gotd/td](https://github.com/gotd/td) | `0.143.0` | `0.145.1` |\n| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.9.2` | `5.10.0` |\n| [github.com/pressly/goose/v3](https://github.com/pressly/goose) | `3.27.0` | `3.27.1` |\n| [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` |\n\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gotd/td` from 0.143.0 to 0.145.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gotd/td/releases\"\u003egithub.com/gotd/td's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.145.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump the golang group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1714\"\u003egotd/td#1714\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(updates): prevent deadlock when relaying channel difference by \u003ca href=\"https://github.com/ernado\"\u003e\u003ccode\u003e@​ernado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1716\"\u003egotd/td#1716\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(proto): validate plaintext message length before allocation by \u003ca href=\"https://github.com/expary\"\u003e\u003ccode\u003e@​expary\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1717\"\u003egotd/td#1717\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/ogen-go/ogen from 1.19.0 to 1.20.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1702\"\u003egotd/td#1702\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expary\"\u003e\u003ccode\u003e@​expary\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1717\"\u003egotd/td#1717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gotd/td/compare/v0.145.0...v0.145.1\"\u003ehttps://github.com/gotd/td/compare/v0.145.0...v0.145.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.145.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump github.com/rogpeppe/go-internal from 1.14.1 to 1.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1713\"\u003egotd/td#1713\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the opentelemetry group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1712\"\u003egotd/td#1712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Telegram schema to the latest layer by \u003ca href=\"https://github.com/gotd-bot\"\u003e\u003ccode\u003e@​gotd-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1710\"\u003egotd/td#1710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/tools from 0.44.0 to 0.45.0 in /_tools in the golang group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1709\"\u003egotd/td#1709\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the golang group across 1 directory with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1703\"\u003egotd/td#1703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add markdown parser by \u003ca href=\"https://github.com/ernado\"\u003e\u003ccode\u003e@​ernado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1715\"\u003egotd/td#1715\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gotd/td/compare/v0.144.0...v0.145.0\"\u003ehttps://github.com/gotd/td/compare/v0.144.0...v0.145.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.144.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump the opentelemetry group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1701\"\u003egotd/td#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Telegram schema to the latest layer by \u003ca href=\"https://github.com/gotd-bot\"\u003e\u003ccode\u003e@​gotd-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1708\"\u003egotd/td#1708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1707\"\u003egotd/td#1707\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump go.uber.org/zap from 1.27.1 to 1.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1706\"\u003egotd/td#1706\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump tibdex/github-app-token from 1 to 2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1705\"\u003egotd/td#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump golang.org/x/tools from 0.43.0 to 0.44.0 in /_tools in the golang group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/gotd/td/pull/1704\"\u003egotd/td#1704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gotd/td/compare/v0.143.0...v0.144.0\"\u003ehttps://github.com/gotd/td/compare/v0.143.0...v0.144.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/c540a4d2ff90b7343abf3bed624646d4489f7d3e\"\u003e\u003ccode\u003ec540a4d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gotd/td/issues/1702\"\u003e#1702\u003c/a\u003e from gotd/dependabot/go_modules/github.com/ogen-go/o...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/8d3da9e928e8c855bd87c37411b9aeb4e93428a2\"\u003e\u003ccode\u003e8d3da9e\u003c/code\u003e\u003c/a\u003e test(updates): fix flaky e2e recovery race\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/b31d5e42f2aed12a88f08a583f6e8d50a607ff7c\"\u003e\u003ccode\u003eb31d5e4\u003c/code\u003e\u003c/a\u003e chore(gen): upd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/c1ff29c03631c657bb6b86b9dc44b01040511d8a\"\u003e\u003ccode\u003ec1ff29c\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/ogen-go/ogen from 1.19.0 to 1.20.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/9961f4ef098defcc5f67eac487f45b162b281bfe\"\u003e\u003ccode\u003e9961f4e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gotd/td/issues/1717\"\u003e#1717\u003c/a\u003e from expary/fix/unencrypted-message-length-validation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/9d5d1f31ea5022d9798d84ccce15de2e91ba6baa\"\u003e\u003ccode\u003e9d5d1f3\u003c/code\u003e\u003c/a\u003e fix(proto): validate plaintext message length before allocation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/83879426c1dce45fba83c5eacb10285155fd9a78\"\u003e\u003ccode\u003e8387942\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gotd/td/issues/1716\"\u003e#1716\u003c/a\u003e from gotd/fix/updates-channel-deadlock\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/daca24ff1684899c573a9f95ba7d091967a8afad\"\u003e\u003ccode\u003edaca24f\u003c/code\u003e\u003c/a\u003e fix(updates): prevent deadlock when relaying channel difference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/667bb7ab02416f55b302f82192940cc3367cdb20\"\u003e\u003ccode\u003e667bb7a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/gotd/td/issues/1714\"\u003e#1714\u003c/a\u003e from gotd/dependabot/go_modules/golang-688b8efcb6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gotd/td/commit/6540c6916254541390769d1e5ea12aabae324ce8\"\u003e\u003ccode\u003e6540c69\u003c/code\u003e\u003c/a\u003e chore(deps): bump the golang group across 1 directory with 3 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gotd/td/compare/v0.143.0...v0.145.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v5` from 5.9.2 to 5.10.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/master/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v5's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.10.0 (June 3, 2026)\u003c/h1\u003e\n\u003cp\u003eThis release includes a significant amount of hardening against malicious or compromised PostgreSQL servers,\ncontributed by Sean Chittenden at CrowdStrike, Inc. This work bounds binary decoders against attacker-controlled\nmessage sizes, caps server-supplied SCRAM iteration counts, adds \u003ccode\u003erequire_auth\u003c/code\u003e to restrict which authentication\nmethods a server may use (mitigating downgrade attacks under \u003ccode\u003esslmode=prefer\u003c/code\u003e), and ensures cancellation requests are\nsent over TLS when the original connection used TLS.\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003erequire_auth\u003c/code\u003e to restrict accepted server authentication methods (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eParseConfigOptions.ConnStringAllowedKeys\u003c/code\u003e to restrict allowed connection string keys (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eStructArgs\u003c/code\u003e and \u003ccode\u003eStrictStructArgs\u003c/code\u003e for \u003ccode\u003e@\u003c/code\u003e-named queries (Tubelight30)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eErrConnClosed\u003c/code\u003e sentinel error and unwrap it from \u003ccode\u003econnLockError\u003c/code\u003e (Charlie Tonneslan)\u003c/li\u003e\n\u003cli\u003epgxpool: check if connection is expired before acquire (arthurdotwork)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity Hardening\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEncrypt \u003ccode\u003eCancelRequest\u003c/code\u003e connection when the primary connection used TLS (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eCap server-supplied SCRAM iteration count (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eDefault Frontend max message body length to ~1 GiB (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eBound hstore binary decode against malicious server input (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eBound array binary decode element length against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eBound array element count against remaining message bytes (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eBound range, multirange, and tsvector binary decoders (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eDocument secure connection configuration (Sean Chittenden at CrowdStrike, Inc.)\u003c/li\u003e\n\u003cli\u003eFix panic on malformed geometric text; return an error instead (MaIII)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix scanning \u003ccode\u003e\u0026quot;char\u0026quot;\u003c/code\u003e (OID 18) into \u003ccode\u003e*string\u003c/code\u003e in binary format (luongs3)\u003c/li\u003e\n\u003cli\u003eFix handling of typed-nil \u003ccode\u003edriver.Valuer\u003c/code\u003e in array and composite codecs (Donncha Fahy)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eCopyData.Data\u003c/code\u003e hex decoding in \u003ccode\u003eUnmarshalJSON\u003c/code\u003e (Charlie Tonneslan)\u003c/li\u003e\n\u003cli\u003eFix data race when context is cancelled during connect\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eparseKeywordValueSettings\u003c/code\u003e rejecting trailing whitespace (alliasgher)\u003c/li\u003e\n\u003cli\u003epgconn: preserve full error chain in \u003ccode\u003enormalizeTimeoutError\u003c/code\u003e (Charlie Tonneslan)\u003c/li\u003e\n\u003cli\u003epgconn: use a fresh context for the fallback connection in \u003ccode\u003econnectPreferred\u003c/code\u003e (Charlie Tonneslan)\u003c/li\u003e\n\u003cli\u003epgxpool: fix \u003ccode\u003eMaxLifetimeDestroyCount\u003c/code\u003e and ping order for acquire-time expiry check\u003c/li\u003e\n\u003cli\u003eAdd missing error check of \u003ccode\u003erows.Err\u003c/code\u003e to load types (Jen Altavilla)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7293fb11125be0373a92f716683f2d494f6fd4b0\"\u003e\u003ccode\u003e7293fb1\u003c/code\u003e\u003c/a\u003e Update changelog for v5.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1ade2852841d4ee55677207200f4ffdbc217ce69\"\u003e\u003ccode\u003e1ade285\u003c/code\u003e\u003c/a\u003e pgconn: document secure connection configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/b4d6d4d1be7f381bb81d12ebfecae6b10f5c7562\"\u003e\u003ccode\u003eb4d6d4d\u003c/code\u003e\u003c/a\u003e pgtype: bound range, multirange, and tsvector binary decoders\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0639b37f8f4fff31dbe73297087e69b3ccc3bf2b\"\u003e\u003ccode\u003e0639b37\u003c/code\u003e\u003c/a\u003e pgconn: add ParseConfigOptions.ConnStringAllowedKeys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/b28e65b0c3e0cd45c09e7c9ce36e5e29caa6dbe9\"\u003e\u003ccode\u003eb28e65b\u003c/code\u003e\u003c/a\u003e pgtype: bound array element count against remaining message bytes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/cd1f389d37d775bc8cb11c60363946f928c02c98\"\u003e\u003ccode\u003ecd1f389\u003c/code\u003e\u003c/a\u003e pgtype: bound array binary decode element length against remaining bytes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/ff27b5bbea012020d1fd8b9bdd56284a88783ef1\"\u003e\u003ccode\u003eff27b5b\u003c/code\u003e\u003c/a\u003e pgtype: bound hstore binary decode against malicious server input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/a6002e12a8a393844b48c29d105e7542e7b3a251\"\u003e\u003ccode\u003ea6002e1\u003c/code\u003e\u003c/a\u003e pgproto3: default Frontend max message body length to ~1 GiB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/44f61732ecdfd08081a1a2ff7227f1e975f0b71e\"\u003e\u003ccode\u003e44f6173\u003c/code\u003e\u003c/a\u003e pgconn: cap server-supplied SCRAM iteration count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1a976f7bb91216ea7f8369cb7abe78ce34dc244f\"\u003e\u003ccode\u003e1a976f7\u003c/code\u003e\u003c/a\u003e pgconn: add require_auth to restrict accepted server auth methods\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v5.9.2...v5.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/pressly/goose/v3` from 3.27.0 to 3.27.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pressly/goose/releases\"\u003egithub.com/pressly/goose/v3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDependency updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pressly/goose/compare/v3.27.0...v3.27.1\"\u003ehttps://github.com/pressly/goose/compare/v3.27.0...v3.27.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pressly/goose/blob/main/CHANGELOG.md\"\u003egithub.com/pressly/goose/v3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[v3.27.1] - 2026-04-24\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum Go version to 1.25.7\u003c/li\u003e\n\u003cli\u003eVarious dependency upgrades\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/e3235f7041e1e14453633daeef467165d09d9449\"\u003e\u003ccode\u003ee3235f7\u003c/code\u003e\u003c/a\u003e release: v3.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/883e2f7e0e70fe9fd5427afd4961d3752ed551c1\"\u003e\u003ccode\u003e883e2f7\u003c/code\u003e\u003c/a\u003e build(deps): bump Go and dependency versions (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/2e2fe5ce0c21ee2a4595f651f913ff6775a6ead1\"\u003e\u003ccode\u003e2e2fe5c\u003c/code\u003e\u003c/a\u003e build(deps): bump the gomod group with 3 updates (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/21176ca42730c42fce388fde57944181bf77066d\"\u003e\u003ccode\u003e21176ca\u003c/code\u003e\u003c/a\u003e build(deps): bump modernc.org/sqlite from 1.46.1 to 1.47.0 in the gomod group...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/e7bd535b62f22be7e1f3fd6f5b7430f9ea2ae87a\"\u003e\u003ccode\u003ee7bd535\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/f9c7cb4f9e7d9d036c11cde6482a1c7a844da9f6\"\u003e\u003ccode\u003ef9c7cb4\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /internal/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/b6220db4c1346bb6d1205d01266f4604a03fb5c3\"\u003e\u003ccode\u003eb6220db\u003c/code\u003e\u003c/a\u003e build(deps): bump the gomod group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1041\"\u003e#1041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/65e320f7b293f385ce42ef3509f89df9b9533e02\"\u003e\u003ccode\u003e65e320f\u003c/code\u003e\u003c/a\u003e docs: fix README escaping marker in ENVSUB example (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1037\"\u003e#1037\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/18f6ef715e7429c0ad9e67333c1131923353f6b7\"\u003e\u003ccode\u003e18f6ef7\u003c/code\u003e\u003c/a\u003e build(deps): bump goreleaser/goreleaser-action from 6 to 7 (\u003ca href=\"https://redirect.github.com/pressly/goose/issues/1036\"\u003e#1036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pressly/goose/commit/de28e0480a2a75ea050c152fe9be7126d6f696a5\"\u003e\u003ccode\u003ede28e04\u003c/code\u003e\u003c/a\u003e docs: update v3.27.0 release notes with Go 1.25 minimum and dep upgrades\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pressly/goose/compare/v3.27.0...v3.27.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.uber.org/zap` from 1.27.1 to 1.28.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uber-go/zap/releases\"\u003ego.uber.org/zap's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003cp\u003eEnhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1534\"\u003e#1534\u003c/a\u003e[]: Add \u003ccode\u003ezapcore.CheckPreWriteHook\u003c/code\u003e and \u003ccode\u003eCheckedEntry.Before\u003c/code\u003e method for transforming entries before they are written to any Cores.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1534\"\u003e#1534\u003c/a\u003e: \u003ca href=\"https://redirect.github.com/uber-go/zap/pull/1534\"\u003euber-go/zap#1534\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uber-go/zap/blob/master/CHANGELOG.md\"\u003ego.uber.org/zap's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.28.0 (27 Apr 2026)\u003c/h2\u003e\n\u003cp\u003eEnhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1534\"\u003e#1534\u003c/a\u003e[]: Add \u003ccode\u003ezapcore.CheckPreWriteHook\u003c/code\u003e and \u003ccode\u003eCheckedEntry.Before\u003c/code\u003e method for transforming entries before they are written to any Cores.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uber-go/zap/commit/5b81b37b81b8e2ed447a6f57991e372ee4fa5c8f\"\u003e\u003ccode\u003e5b81b37\u003c/code\u003e\u003c/a\u003e release v1.28.0 (\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1547\"\u003e#1547\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uber-go/zap/commit/0ab0d5aae5986395e2ca497385d977ccd7cdfc5e\"\u003e\u003ccode\u003e0ab0d5a\u003c/code\u003e\u003c/a\u003e zapcore: Add PreWriteHook for transforming entries before write (\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1534\"\u003e#1534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uber-go/zap/commit/d278c5962cb0f7423170c11a5da9b7a4edbf9b92\"\u003e\u003ccode\u003ed278c59\u003c/code\u003e\u003c/a\u003e [chore] CI: test on Go 1.26 (\u003ca href=\"https://redirect.github.com/uber-go/zap/issues/1535\"\u003e#1535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uber-go/zap/commit/16fb16b353f2e27bcd71eba69cbd346b3dcc471a\"\u003e\u003ccode\u003e16fb16b\u003c/code\u003e\u003c/a\u003e chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/uber-go/zap/compare/v1.27.1...v1.28.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.50.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.50.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.53.0 to 0.54.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/b138e06246cb323f2f380c2b7f7dd91f581dd56b\"\u003e\u003ccode\u003eb138e06\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/689f70a42abd350f3a1aaa70b0d13eb9543d927a\"\u003e\u003ccode\u003e689f70a\u003c/code\u003e\u003c/a\u003e quic: fix wrong final size being used for RESET_STREAM frame\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/208f306b2f0fd008b388bee2c2644be279778e94\"\u003e\u003ccode\u003e208f306\u003c/code\u003e\u003c/a\u003e http3: increase handshake timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/49810da71b9026da9e0d028a6ad8c7730c52d9c4\"\u003e\u003ccode\u003e49810da\u003c/code\u003e\u003c/a\u003e http2: enable net/http wrapping when go \u0026gt;= 1.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/5e11a5ab891c117eda83b4304d60dd13286c1c76\"\u003e\u003ccode\u003e5e11a5a\u003c/code\u003e\u003c/a\u003e quic: fix data race in streamForFrame\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/8c63081cd380ea768db5651941614b73472160ff\"\u003e\u003ccode\u003e8c63081\u003c/code\u003e\u003c/a\u003e http2: use empty Transport rather than DefaultTransport in http2wrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/fc7b466ca49cb204039630533ece4fc557eb35cd\"\u003e\u003ccode\u003efc7b466\u003c/code\u003e\u003c/a\u003e http2: add http2wrap test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/15c2cb1875fd727313dc4de909b3ee149422fbe2\"\u003e\u003ccode\u003e15c2cb1\u003c/code\u003e\u003c/a\u003e http2: avoid overflowing 32-bit int when http2wrap enabled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/64651885c2f2d745d77af2d7af2edbf568c179af\"\u003e\u003ccode\u003e6465188\u003c/code\u003e\u003c/a\u003e http2: add wrapped Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/72f419a894cb0597dd5b6bcf119086bf2af41231\"\u003e\u003ccode\u003e72f419a\u003c/code\u003e\u003c/a\u003e http2: add wrapped ClientConn\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.53.0...v0.54.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/yasen-pavlov/nexus/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yasen-pavlov%2Fnexus/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-06-03T22:22:02.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4584096423","node_id":"PR_kwDOEOmcd87icEme","number":986,"state":"closed","title":"build(deps): bump the gomod group across 1 directory with 29 updates","user":"dependabot[bot]","labels":["release-note-none"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-09T05:04:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-03T22:22:02.000Z","updated_at":"2026-06-09T05:04:30.000Z","time_to_close":456146,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":29,"packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.31","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/containerd/api","old_version":"1.10.0","new_version":"1.11.1","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containers/conmon-rs","old_version":"0.7.3","new_version":"0.8.0","repository_url":"https://github.com/containers/conmon-rs"},{"name":"github.com/containers/kubensmnt","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/containers/kubensmnt"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/intel/goresctrl","old_version":"0.12.0","new_version":"0.13.0","repository_url":"https://github.com/intel/goresctrl"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.28.3","new_version":"2.29.0","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.4.1","new_version":"1.4.2","repository_url":"https://github.com/opencontainers/runc"},{"name":"github.com/opencontainers/selinux","old_version":"1.13.1","new_version":"1.15.1","repository_url":"https://github.com/opencontainers/selinux"},{"name":"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc","old_version":"0.68.0","new_version":"0.69.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go-contrib"},{"name":"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc","old_version":"1.43.0","new_version":"1.44.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"},{"name":"k8s.io/api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/api"},{"name":"k8s.io/client-go","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/client-go"},{"name":"k8s.io/component-base","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/component-base"},{"name":"k8s.io/cri-api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-api"},{"name":"k8s.io/cri-client","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-client"},{"name":"k8s.io/cri-streaming","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-streaming"},{"name":"k8s.io/kubelet","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/kubelet"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.31` | `1.7.32` |\n| [github.com/containerd/containerd/api](https://github.com/containerd/containerd) | `1.10.0` | `1.11.1` |\n| [github.com/containers/conmon-rs](https://github.com/containers/conmon-rs) | `0.7.3` | `0.8.0` |\n| [github.com/containers/kubensmnt](https://github.com/containers/kubensmnt) | `1.2.0` | `1.3.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/intel/goresctrl](https://github.com/intel/goresctrl) | `0.12.0` | `0.13.0` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.4.1` | `1.4.2` |\n| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.13.1` | `1.15.1` |\n| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.68.0` | `0.69.0` |\n| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.43.0` | `1.44.0` |\n| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.0` | `0.36.1` |\n| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.0` | `0.36.1` |\n| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-api](https://github.com/kubernetes/cri-api) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-client](https://github.com/kubernetes/cri-client) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-streaming](https://github.com/kubernetes/cri-streaming) | `0.36.0` | `0.36.1` |\n| [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.36.0` | `0.36.1` |\n\n\nUpdates `github.com/containerd/containerd` from 1.7.31 to 1.7.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.31...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd/api` from 1.10.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd API 1.11.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.1 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe first patch release for the containerd 1.11 API includes a fix\nin the task endpoints for non-runc shims.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for api/v1.11.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13444\"\u003e#13444\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef299\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9ec\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/containerd/containerd/releases/tag/api/v1.11.0\"\u003eapi/v1.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003econtainerd API 1.11.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.0 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe 12th release for the containerd 1.x API aligns with the containerd 2.3 release.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd transfer types for container filesystem copy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13165\"\u003e#13165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate sandbox API to include spec field (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12840\"\u003e#12840\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd os.features support for EROFS native container images (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13091\"\u003e#13091\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f822a911ab2b7c73e30bc0f36ea319642c9711b1\"\u003e\u003ccode\u003ef822a91\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13444\"\u003e#13444\u003c/a\u003e from dmcgowan/prepare-api-v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef2\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a50a704094cf72710ccfa4944a642ef4e7ec9d2c\"\u003e\u003ccode\u003ea50a704\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13422\"\u003e#13422\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13360-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/5282d4e09d3bc8b0957780caa7a4644fac7c86a7\"\u003e\u003ccode\u003e5282d4e\u003c/code\u003e\u003c/a\u003e Wire task address and version fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/85f22f7afa3af5aa5083cc7ae50c3b58a35b8849\"\u003e\u003ccode\u003e85f22f7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13409\"\u003e#13409\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4d80a31bf637bc15e83e50a15941bf5bb0cb3988\"\u003e\u003ccode\u003e4d80a31\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2ed0d97b6e58def34684a1bffc2ab6931182f221\"\u003e\u003ccode\u003e2ed0d97\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2315484b7e7a5b53e73ad3b143c780ec7612420b\"\u003e\u003ccode\u003e2315484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13390\"\u003e#13390\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13363-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1ad3402b855b77eb3800f74c87ff78736edf72d2\"\u003e\u003ccode\u003e1ad3402\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13394\"\u003e#13394\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13389-t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/api/v1.10.0...api/v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/conmon-rs` from 0.7.3 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/conmon-rs/releases\"\u003egithub.com/containers/conmon-rs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOpenTelemetry dependencies are now optional. Enable with --features telemetry at build time. (\u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3044\"\u003e#3044\u003c/a\u003e, \u003ca href=\"https://github.com/saschagrunert\"\u003e\u003ccode\u003e@​saschagrunert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecyphar.com/go-pathrs: v0.2.4\u003c/li\u003e\n\u003cli\u003egithub.com/NYTimes/gziphandler: \u003ca href=\"https://github.com/NYTimes/gziphandler/tree/v1.1.1\"\u003ev1.1.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cespare/xxhash/v2: \u003ca href=\"https://github.com/cespare/xxhash/tree/v2.3.0\"\u003ev2.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/expect: v0.1.0-deprecated\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated\u003c/li\u003e\n\u003cli\u003ek8s.io/gengo/v2: 85fd79d\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egithub.com/coreos/go-systemd/v22: \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ev22.6.0 → v22.7.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cpuguy83/go-md2man/v2: \u003ca href=\"https://github.com/cpuguy83/go-md2man/compare/v2.0.5...v2.0.7\"\u003ev2.0.5 → v2.0.7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cyphar/filepath-securejoin: \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ev0.5.1 → v0.6.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/google/pprof: \u003ca href=\"https://github.com/google/pprof/compare/f64d9cf...294ebfa\"\u003ef64d9cf → 294ebfa\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/ginkgo/v2: \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.2...v2.28.1\"\u003ev2.27.2 → v2.28.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/gomega: \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.39.1\"\u003ev1.38.2 → v1.39.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/cgroups: \u003ca href=\"https://github.com/opencontainers/cgroups/compare/v0.0.5...v0.0.6\"\u003ev0.0.5 → v0.0.6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runc: \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.3...v1.4.1\"\u003ev1.3.3 → v1.4.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-spec: \u003ca href=\"https://github.com/opencontainers/runtime-spec/compare/v1.2.1...v1.3.0\"\u003ev1.2.1 → v1.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-tools: \u003ca href=\"https://github.com/opencontainers/runtime-tools/compare/0ea5ed0...5e63903\"\u003e0ea5ed0 → 5e63903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/selinux: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ev1.12.0 → v1.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/rogpeppe/go-internal: \u003ca href=\"https://github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1\"\u003ev1.13.1 → v1.14.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/sirupsen/logrus: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ev1.9.3 → v1.9.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/urfave/cli: \u003ca href=\"https://github.com/urfave/cli/compare/v1.22.16...v1.22.17\"\u003ev1.22.16 → v1.22.17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/metric: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/trace: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/common: v0.66.0 → v0.67.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/image/v5: v5.38.0 → v5.39.1\u003c/li\u003e\n\u003cli\u003ego.podman.io/storage: v1.61.0 → v1.62.0\u003c/li\u003e\n\u003cli\u003ego.yaml.in/yaml/v2: v2.4.2 → v2.4.3\u003c/li\u003e\n\u003cli\u003egolang.org/x/crypto: v0.43.0 → v0.47.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/mod: v0.28.0 → v0.32.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/net: v0.45.0 → v0.49.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/oauth2: v0.27.0 → v0.30.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sync: v0.17.0 → v0.19.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sys: v0.37.0 → v0.40.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/telemetry: aef8a43 → bd525da\u003c/li\u003e\n\u003cli\u003egolang.org/x/term: v0.36.0 → v0.39.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/text: v0.30.0 → v0.33.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools: v0.37.0 → v0.41.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/c07e5214eeef082e83661ff7b610bac38f08401c\"\u003e\u003ccode\u003ec07e521\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3142\"\u003e#3142\u003c/a\u003e from saschagrunert/bump-v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/df8a5f4c70a2a72568ba68f61e0fa0f9cdb5a7a3\"\u003e\u003ccode\u003edf8a5f4\u003c/code\u003e\u003c/a\u003e Bump version to v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4bb0a0f5f65d1a79c53951d02dfb27a298990a83\"\u003e\u003ccode\u003e4bb0a0f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3141\"\u003e#3141\u003c/a\u003e from containers/dependabot/cargo/zerocopy-0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4b81484a4c533f11da91bf415572bb3fdb609f62\"\u003e\u003ccode\u003e4b81484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3140\"\u003e#3140\u003c/a\u003e from containers/dependabot/cargo/itoa-1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/06c19681c35ec24c9567537bc8ed66c41766f876\"\u003e\u003ccode\u003e06c1968\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3137\"\u003e#3137\u003c/a\u003e from containers/dependabot/github_actions/actions/ca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/d8c08482543a40dda9d7140ab0faddfb90965450\"\u003e\u003ccode\u003ed8c0848\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3139\"\u003e#3139\u003c/a\u003e from containers/dependabot/cargo/opentelemetry-84f9a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/a9d10cc555ed4b1662fa7786bcc6538d9eaa0f78\"\u003e\u003ccode\u003ea9d10cc\u003c/code\u003e\u003c/a\u003e build(deps): bump zerocopy from 0.8.42 to 0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/295c1e2eed7ded46acc386d42356bf6095b447bb\"\u003e\u003ccode\u003e295c1e2\u003c/code\u003e\u003c/a\u003e build(deps): bump itoa from 1.0.17 to 1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/46856f7efc3d89b89f4799236acfa82c0f40055f\"\u003e\u003ccode\u003e46856f7\u003c/code\u003e\u003c/a\u003e build(deps): bump opentelemetry-otlp in the opentelemetry group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/e7caf158f2fc1576fa827e6c98862135d7696703\"\u003e\u003ccode\u003ee7caf15\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3135\"\u003e#3135\u003c/a\u003e from containers/dependabot/go_modules/k8s.io/client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/conmon-rs/compare/v0.7.3...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/kubensmnt` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/kubensmnt/releases\"\u003egithub.com/containers/kubensmnt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd stand-alone installation makefiles by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/9\"\u003econtainers/kubensmnt#9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd go embed test by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/10\"\u003econtainers/kubensmnt#10\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure shellcheck to enforce double-bracket style checks by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/12\"\u003econtainers/kubensmnt#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeck to make sure kubensmnt is mounted by \u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePre-create /run/netns bindmount so it propagates to the kubensmnt namespace by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/13\"\u003econtainers/kubensmnt#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove netns pre-mount code by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/14\"\u003econtainers/kubensmnt#14\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/d37589433623e38d0e73fa00ae7eedb70eec90d8\"\u003e\u003ccode\u003ed375894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/14\"\u003e#14\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/179235fb9bf4dea2275c637429c32b9204a6483d\"\u003e\u003ccode\u003e179235f\u003c/code\u003e\u003c/a\u003e Improve netns pre-mount code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9af9d360c629cfcf9b45e7ef1e5be0945016f6a1\"\u003e\u003ccode\u003e9af9d36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/13\"\u003e#13\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/6bbafddc37bbf8e8c05fc283997fb8e6cd735636\"\u003e\u003ccode\u003e6bbafdd\u003c/code\u003e\u003c/a\u003e Pre-create /run/netns bindmount so it propagates to the kubensmnt namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/3424a142b287da0adc4b759e37840f1204769f39\"\u003e\u003ccode\u003e3424a14\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/11\"\u003e#11\u003c/a\u003e from pixelsoccupied/check-mount\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/7a7d59131dce11a013f6eee6d588309c1cb7f403\"\u003e\u003ccode\u003e7a7d591\u003c/code\u003e\u003c/a\u003e check to make sure kubensmnt is mounted\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/4b80f7c792c8864970ca94a72f3d410691221749\"\u003e\u003ccode\u003e4b80f7c\u003c/code\u003e\u003c/a\u003e Configure shellcheck to enforce double-bracket style checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2e5472fd300ef840cbb340e9031897f3c006a99e\"\u003e\u003ccode\u003e2e5472f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/10\"\u003e#10\u003c/a\u003e from lack/go_embed_test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9264c5c70b513e5d48b987a6b55b11a3108a083c\"\u003e\u003ccode\u003e9264c5c\u003c/code\u003e\u003c/a\u003e Add go embed test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2728572f6444955f5f737bd46905214b654e74d3\"\u003e\u003ccode\u003e2728572\u003c/code\u003e\u003c/a\u003e Add stand-alone installation makefiles\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/intel/goresctrl` from 0.12.0 to 0.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/intel/goresctrl/releases\"\u003egithub.com/intel/goresctrl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the Linux kernel TPMI interface for managing Intel SST (Speed Select Technology) which enables support for the latest (and future) generations of processors. With this, goresctrl specifies a new more flexible and extensible API for SST (pkg/sst) – the old API is deprecated but still supported for backwards compatibility. The release also brings support for SST-TF (Turbo Frequency).\u003c/p\u003e\n\u003ch3\u003eList of PRs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/174\"\u003eintel/goresctrl#174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub: pin versions of github actions on sha by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/175\"\u003eintel/goresctrl#175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 6.3.0 to 6.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/176\"\u003eintel/goresctrl#176\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/178\"\u003eintel/goresctrl#178\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/179\"\u003eintel/goresctrl#179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/177\"\u003eintel/goresctrl#177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: fix logging level by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/180\"\u003eintel/goresctrl#180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecmd/sst-ctl: refactor by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/182\"\u003eintel/goresctrl#182\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/183\"\u003eintel/goresctrl#183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecstates: fix doubly prefixed possible cpus sysfs path by \u003ca href=\"https://github.com/askervin\"\u003e\u003ccode\u003e@​askervin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/184\"\u003eintel/goresctrl#184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd gitignore by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/185\"\u003eintel/goresctrl#185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eutils/idset: present idset in packed format by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/186\"\u003eintel/goresctrl#186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/187\"\u003eintel/goresctrl#187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: add support for TPMI interface and SST-TF by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/181\"\u003eintel/goresctrl#181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: add detailed info API by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/188\"\u003eintel/goresctrl#188\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esst: fix legacy API by \u003ca href=\"https://github.com/marquiz\"\u003e\u003ccode\u003e@​marquiz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/intel/goresctrl/pull/189\"\u003eintel/goresctrl#189\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\"\u003ehttps://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/fe1066ae9cce40fa23930eb4ae392b562eea78c5\"\u003e\u003ccode\u003efe1066a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/189\"\u003e#189\u003c/a\u003e from marquiz/devel/legacy-api\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/293d23110352fa84b869c298538918f271e737dd\"\u003e\u003ccode\u003e293d231\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/188\"\u003e#188\u003c/a\u003e from marquiz/devel/sst-info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/511e7b54ff0fc3846ed119db94ed146d6cc09a8e\"\u003e\u003ccode\u003e511e7b5\u003c/code\u003e\u003c/a\u003e sst: fix legacy API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/88c6fdacdfdc51cdf437ca50ad55a010fa32a42e\"\u003e\u003ccode\u003e88c6fda\u003c/code\u003e\u003c/a\u003e cmd/sst: implement info subcommand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/3f62eff60456c68449f458ca46ef4ba35880736f\"\u003e\u003ccode\u003e3f62eff\u003c/code\u003e\u003c/a\u003e sst: add detailed info API\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/f3eb140c6783918f0f1b9ee2ce5f6e76be2a7c8a\"\u003e\u003ccode\u003ef3eb140\u003c/code\u003e\u003c/a\u003e sst: move helper packages to internal/\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/ea84f472d307402b51524dcb90e738e032c9e768\"\u003e\u003ccode\u003eea84f47\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/181\"\u003e#181\u003c/a\u003e from marquiz/devel/sst-tpmi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/6ce26466cd74eb6208ab1ee8fe7680ece69a60b4\"\u003e\u003ccode\u003e6ce2646\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/intel/goresctrl/issues/187\"\u003e#187\u003c/a\u003e from intel/dependabot/github_actions/main/golangci/go...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/0232a79c9806dffbf976f5363c7f7f6111e46c8a\"\u003e\u003ccode\u003e0232a79\u003c/code\u003e\u003c/a\u003e cmd/sst: add tf (SST-TF) subcommand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/intel/goresctrl/commit/cdeb50b46834fd14ee57a72a2f1075735329264c\"\u003e\u003ccode\u003ecdeb50b\u003c/code\u003e\u003c/a\u003e sst: add support for SST-TF\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/intel/goresctrl/compare/v0.12.0...v0.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.29.0\u003c/h2\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/04b5bcbe4eee911a1baf506eda1e7e811c978937\"\u003e\u003ccode\u003e04b5bcb\u003c/code\u003e\u003c/a\u003e v2.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/124232a4531c77a7f31a036e0150e06fa78b2af8\"\u003e\u003ccode\u003e124232a\u003c/code\u003e\u003c/a\u003e docs: GinkgoHelperGo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/ad9cee80bdfda573e94f1b05f2bd4afa1a2fe815\"\u003e\u003ccode\u003ead9cee8\u003c/code\u003e\u003c/a\u003e feat: GinkgoHelperGo, with integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/9e56a0a2a090eb83af696381161bdb996c69bcac\"\u003e\u003ccode\u003e9e56a0a\u003c/code\u003e\u003c/a\u003e chore: refactor devcontainer for better maintenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/3d235a96ac05d9e855048c66528d2fdbfb9101f7\"\u003e\u003ccode\u003e3d235a9\u003c/code\u003e\u003c/a\u003e chore: ignore internal/tmp_*/ integration suite temporary dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/782666ae83c2bc804f28b1333bf91a21b093d946\"\u003e\u003ccode\u003e782666a\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/009dd04de2d18f00c3c812d2caab713a165a1f7c\"\u003e\u003ccode\u003e009dd04\u003c/code\u003e\u003c/a\u003e Support DescribeTableSubtree in ginkgo outline\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.28.3...v2.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.41.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eBeASlice\u003c/code\u003e and \u003ccode\u003eBeAnArray\u003c/code\u003e matchers\u003c/p\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eObject formatting now detects pointer cycles to avoid runaway formatting output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/af2bccb5831cbcc56cfc16ca3056077cdec4798b\"\u003e\u003ccode\u003eaf2bccb\u003c/code\u003e\u003c/a\u003e v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/73e81f6f054c825d1743bf4090ac0a9e1d5605af\"\u003e\u003ccode\u003e73e81f6\u003c/code\u003e\u003c/a\u003e v1.41.0 (full)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e35a84f24113255aaeea62fe7c47e09adf39109b\"\u003e\u003ccode\u003ee35a84f\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/f12e5e1bc7167fae21ef37b0d9d358d51063ff5e\"\u003e\u003ccode\u003ef12e5e1\u003c/code\u003e\u003c/a\u003e fix(format): detect pointer cycles to avoid runaway formatting output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e14831fefa86313f2b01fb803b2ac937e49d08b6\"\u003e\u003ccode\u003ee14831f\u003c/code\u003e\u003c/a\u003e Add optionalDescription docs to AsyncAssertion and Assertion interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/344b94dae7e0df0e2d087574b4c2b1b1597a6943\"\u003e\u003ccode\u003e344b94d\u003c/code\u003e\u003c/a\u003e Add BeASlice and BeAnArray matchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.40.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.4.1 to 1.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.2 -- \u0026quot;Я — Земля! Я своих провожаю питомцев\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the second patch release of the 1.4.z release series of runc.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStatic Linking Notices\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003erunc\u003c/code\u003e binary distributed with this release are \u003cem\u003estatically linked\u003c/em\u003e with\nthe following \u003ca href=\"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\"\u003eGNU LGPL-2.1\u003c/a\u003e licensed libraries, with \u003ccode\u003erunc\u003c/code\u003e acting\nas a \u0026quot;work that uses the Library\u0026quot;:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seccomp/libseccomp\"\u003elibseccomp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe versions of these libraries were not modified from their upstream versions,\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\ncomplete source code for those libraries which (when combined with the attached\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\u003c/p\u003e\n\u003cp\u003eHowever we strongly suggest that you make use of your distribution's packages\nor download them from the authoritative upstream sources, especially since\nthese libraries are related to the security of your containers.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAyato Tokubi \u003ca href=\"mailto:atokubi@redhat.com\"\u003eatokubi@redhat.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAkihiro Suda \u003ca href=\"mailto:akihiro.suda.cz@hco.ntt.co.jp\"\u003eakihiro.suda.cz@hco.ntt.co.jp\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLi Fubang \u003ca href=\"mailto:lifubang@acmcoder.com\"\u003elifubang@acmcoder.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRodrigo Campos Catelin \u003ca href=\"mailto:rodrigo@amutable.com\"\u003erodrigo@amutable.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Kir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/v1.4.2/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.2] - 2026-04-02\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eЯ — Земля! Я своих провожаю питомцев.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c241c0bb5e60a8e8c1b2e53d4eca8d0068d8d57e\"\u003e\u003ccode\u003ec241c0b\u003c/code\u003e\u003c/a\u003e VERSION: release v1.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/95f27e805324fce0899c9a2afbb819944f91315b\"\u003e\u003ccode\u003e95f27e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e from lifubang/backport-5210-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/39791aeab622c319146456c603643062d256e715\"\u003e\u003ccode\u003e39791ae\u003c/code\u003e\u003c/a\u003e Fix SIGCHLD race in signal handler setup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/226ff030b46f482c7715726a5de70957a9aec24d\"\u003e\u003ccode\u003e226ff03\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e from lifubang/backport-5177-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/9de77a986c188bd436d5a60f47066388f6b199b5\"\u003e\u003ccode\u003e9de77a9\u003c/code\u003e\u003c/a\u003e test: check mount source fds are cleaned up with idmapped mounts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e4a82fc2d8604fa48f0bfbf7cb09b7c074a9dcc9\"\u003e\u003ccode\u003ee4a82fc\u003c/code\u003e\u003c/a\u003e libct: close mount source fd as soon as possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/87db63422d1d11b2a726674ca9ff276e5fffc7dd\"\u003e\u003ccode\u003e87db634\u003c/code\u003e\u003c/a\u003e libct: add a nil check for mountError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/d4305dc5dddc9daf4a5adb9d6465d230e83f5e94\"\u003e\u003ccode\u003ed4305dc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5187\"\u003e#5187\u003c/a\u003e from kolyshkin/1.4-5159\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/63605fc49f9dc6a26b55d7f26e0473c1e626230b\"\u003e\u003ccode\u003e63605fc\u003c/code\u003e\u003c/a\u003e ci: add conmon tests run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/0daa0038d2f5151c0b503480c311f93694388ef0\"\u003e\u003ccode\u003e0daa003\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5178\"\u003e#5178\u003c/a\u003e from kolyshkin/1.4-5175\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.4.1...v1.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.13.1 to 1.15.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReserveLabelV2: ignore labels without MCS by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/272\"\u003eopencontainers/selinux#272\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.15.0...v1.15.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.15.0...v1.15.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release adds a new function, SetProcessKind, which is to be used instead of KVMProcessLabel[s] and InitProcessLabel[s] in case the user only wants to change the type of the existing label, not generate a new one. It also fixes an CI issue and optimizes label.InitLabels for a few common cases.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: set timeout for vm jobs by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/270\"\u003eopencontainers/selinux#270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elabel.InitLabels: optimize by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/269\"\u003eopencontainers/selinux#269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SetProcessKind by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/271\"\u003eopencontainers/selinux#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.1\u003c/h2\u003e\n\u003cp\u003eThis release mostly fixes label.InitLabels regression introduced in v1.14.0.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: rm travis, add gha badge by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/268\"\u003eopencontainers/selinux#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix label.InitLabels regression in v1.14.0; amend ReserveLabelV2 doc by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/267\"\u003eopencontainers/selinux#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release fixes a regression in ExecLabel, bumps the minimal Go version to 1.22, and deprecates several functions in favor of improved API.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eExecLabel\u003c/code\u003e was using an incorrect path (regression in v1.13.0). (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/253\"\u003eopencontainers/selinux#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eCategoryRange\u003c/code\u003e is deprecated; use \u003ccode\u003eSetCategoryRange\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eKVMContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eKVMContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eInitContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eInitContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eReserveLabel\u003c/code\u003e is deprecated; use \u003ccode\u003eReserveLabelV2\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eROFileLabel\u003c/code\u003e is deprecated; if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContainerLabels\u003c/code\u003e is deprecated, if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSEUserByName\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/251\"\u003eopencontainers/selinux#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCheckLabel\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/250\"\u003eopencontainers/selinux#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSetCategoryRange\u003c/code\u003e, \u003ccode\u003eKVMContainerLabel\u003c/code\u003e, \u003ccode\u003eInitContainerLabel\u003c/code\u003e, \u003ccode\u003eReserveLabelV2\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to Go 1.22 as the minimally supported version (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/256\"\u003eopencontainers/selinux#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eGetDefaultContextWithLevel\u003c/code\u003e to fall back to failsafe context (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse math/rand/v2 rather than crypto/rand for MCS label generation (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/257\"\u003eopencontainers/selinux#257\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/9801d537a2fa2bdfeb6ef51de1115089d965f505\"\u003e\u003ccode\u003e9801d53\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/272\"\u003e#272\u003c/a\u003e from kolyshkin/add-mcs-nit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/cf4e440ad6674c88def52f4c3c600f1b5b1773e0\"\u003e\u003ccode\u003ecf4e440\u003c/code\u003e\u003c/a\u003e ReserveLabelV2: ignore labels without MCS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/84683a6ecf369d67892b764300da9a614e403073\"\u003e\u003ccode\u003e84683a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/271\"\u003e#271\u003c/a\u003e from kolyshkin/change-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8889f6ec5dfbc92be63ff81f67cce3f1e7f8567a\"\u003e\u003ccode\u003e8889f6e\u003c/code\u003e\u003c/a\u003e Add SetProcessKind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fb9b5b20d3dce247bd0b0a96e26ad983c4909b9a\"\u003e\u003ccode\u003efb9b5b2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/269\"\u003e#269\u003c/a\u003e from kolyshkin/init-labels-opt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/74873e291f7a5d573fec3e7f2e0e16a8595434ca\"\u003e\u003ccode\u003e74873e2\u003c/code\u003e\u003c/a\u003e label.InitLabels: optimize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8bf19e9d124ef078dd0c0dfc2a14f3b9843c987\"\u003e\u003ccode\u003ec8bf19e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/270\"\u003e#270\u003c/a\u003e from kolyshkin/timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/a55d914f19b9dad21a21f5d882452971e7db2d03\"\u003e\u003ccode\u003ea55d914\u003c/code\u003e\u003c/a\u003e ci: set timeout for vm jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/89b039b4fb2ec4056a15eefce2e6e1a85b33fa70\"\u003e\u003ccode\u003e89b039b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/267\"\u003e#267\u003c/a\u003e from kolyshkin/damage-control\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8c517ef35fd53d6a151e950bcc56f80d3fb2dec0\"\u003e\u003ccode\u003e8c517ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/268\"\u003e#268\u003c/a\u003e from kolyshkin/readme\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.1...v1.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.68.0 to 0.69.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go-contrib/releases\"\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.44.0/v2.5.1/v0.69.0/v0.37.1/v0.24.0/v0.19.0/v0.16.1/v0.16.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eerror.type\u003c/code\u003e attribute to \u003ccode\u003ehttp.client.request.duration\u003c/code\u003e for transport failures in \u003ccode\u003eotelhttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8801\"\u003e#8801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd examples for prometheus compatibility document. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8716\"\u003e#8716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecardinality_limits\u003c/code\u003e in \u003ccode\u003ePeriodicMetricReader\u003c/code\u003e in \u003ccode\u003eotelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8885\"\u003e#8885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eResource\u003c/code\u003e method to \u003ccode\u003eSDK\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf/x\u003c/code\u003e to expose the resolved SDK resource from declarative configuration. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8913\"\u003e#8913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/contrib/detectors/hetzner\u003c/code\u003e, a new resource detector for Hetzner Cloud servers, ported from \u003ccode\u003egithub.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor/internal/hetzner\u003c/code\u003e. Detects \u003ccode\u003ecloud.provider\u003c/code\u003e, \u003ccode\u003ecloud.platform\u003c/code\u003e, \u003ccode\u003ecloud.region\u003c/code\u003e, \u003ccode\u003ecloud.availability_zone\u003c/code\u003e, \u003ccode\u003ehost.id\u003c/code\u003e, and \u003ccode\u003ehost.name\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8979\"\u003e#8979\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSet error field as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of a plain attribute in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otellogrus\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8776\"\u003e#8776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet the \u0026quot;error\u0026quot; field (e.g. created via \u003ccode\u003ezap.Error\u003c/code\u003e) as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of a plain attribute in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otelzap\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8719\"\u003e#8719\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet fields implementing \u003ccode\u003eerror\u003c/code\u003e interface from \u003ccode\u003eslog\u003c/code\u003e records as \u003ccode\u003erecord.SetErr\u003c/code\u003e instead of plain attributes in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otelslog\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8774\"\u003e#8774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet emitted errors in \u003ccode\u003ego.opentelemetry.io/contrib/bridges/otellogr\u003c/code\u003e as record errors (\u003ccode\u003eRecord.SetErr\u003c/code\u003e) instead of \u003ccode\u003eexception.message\u003c/code\u003e attributes. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8775\"\u003e#8775\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix header attributes lost when using sub-spans in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8797\"\u003e#8797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eencoding\u003c/code\u003e configuration for OTLP HTTP exporters in \u003ccode\u003ego.opentelemetry.io/contrib/otelconf\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8772\"\u003e#8772\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the custom body wrapper from the request's body after the request is processed to allow body type comparisons with the original type in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\u003c/code\u003e and \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/6914\"\u003e#6914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUnknown or empty HTTP methods now report \u0026quot;_OTHER\u0026quot; instead of \u0026quot;GET\u0026quot; across all HTTP instrumentations to align with OpenTelemetry semantic conventions. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8868\"\u003e#8868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe default span name formatter in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/net/http/otelhttp\u003c/code\u003e now conforms to the OpenTelemetry HTTP semantic conventions for server span names. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8871\"\u003e#8871\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThe default span name is now \u003ccode\u003e{method} {route}\u003c/code\u003e (e.g. \u003ccode\u003eGET /foo/{id}\u003c/code\u003e) when a route pattern is available, or \u003ccode\u003e{method}\u003c/code\u003e (e.g. \u003ccode\u003eGET\u003c/code\u003e) otherwise.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the deprecated \u003ccode\u003eWithSpanOptions\u003c/code\u003e option in \u003ccode\u003ego.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/issues/8991\"\u003e#8991\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eotelconf: validate encoding configuration for OTLP HTTP exporters by \u003ca href=\"https://github.com/sonalgaud12\"\u003e\u003ccode\u003e@​sonalgaud12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8772\"\u003eopen-telemetry/opentelemetry-go-contrib#8772\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.99.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8780\"\u003eopen-telemetry/opentelemetry-go-contrib#8780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update prom/prometheus docker tag to v3.11.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8779\"\u003eopen-telemetry/opentelemetry-go-contrib#8779\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eotellogrus: Set error field as \u003ccode\u003erecord.SetErr\u003c/code\u003e by \u003ca href=\"https://github.com/sonalgaud12\"\u003e\u003ccode\u003e@​sonalgaud12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go-contrib/pull/8778\"\u003eopen-telemetry/opentelemetry-go-contrib#8778\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update module golang.org/x/sys to v0.43.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@...\n\n_Description has been truncated_","html_url":"https://github.com/saschagrunert/cri-o/pull/986","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/saschagrunert%2Fcri-o/issues/986","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/986/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-06-01T08:56:33.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4561720789","node_id":"PR_kwDORhyXcc7hSoAJ","number":86,"state":"open","title":"chore(deps): bump the go-deps group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T08:56:33.000Z","updated_at":"2026-06-01T08:56:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go-deps","update_count":17,"packages":[{"name":"cloud.google.com/go/compute","old_version":"1.63.0","new_version":"1.64.0","repository_url":"https://github.com/googleapis/google-cloud-go"},{"name":"github.com/aws/aws-sdk-go-v2","old_version":"1.41.7","new_version":"1.41.9","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/config","old_version":"1.32.17","new_version":"1.32.20","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/ec2","old_version":"1.302.0","new_version":"1.304.2","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2","old_version":"1.54.12","new_version":"1.54.14","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/iam","old_version":"1.53.10","new_version":"1.53.12","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/organizations","old_version":"1.51.3","new_version":"1.51.6","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/route53","old_version":"1.62.7","new_version":"1.62.9","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/route53resolver","old_version":"1.43.0","new_version":"1.45.0","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"golang.org/x/crypto","old_version":"0.50.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-deps group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cloud.google.com/go/compute](https://github.com/googleapis/google-cloud-go) | `1.63.0` | `1.64.0` |\n| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.7` | `1.41.9` |\n| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.20` |\n| [github.com/aws/aws-sdk-go-v2/service/ec2](https://github.com/aws/aws-sdk-go-v2) | `1.302.0` | `1.304.2` |\n| [github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2](https://github.com/aws/aws-sdk-go-v2) | `1.54.12` | `1.54.14` |\n| [github.com/aws/aws-sdk-go-v2/service/iam](https://github.com/aws/aws-sdk-go-v2) | `1.53.10` | `1.53.12` |\n| [github.com/aws/aws-sdk-go-v2/service/organizations](https://github.com/aws/aws-sdk-go-v2) | `1.51.3` | `1.51.6` |\n| [github.com/aws/aws-sdk-go-v2/service/route53](https://github.com/aws/aws-sdk-go-v2) | `1.62.7` | `1.62.9` |\n| [github.com/aws/aws-sdk-go-v2/service/route53resolver](https://github.com/aws/aws-sdk-go-v2) | `1.43.0` | `1.45.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.50.0` | `0.52.0` |\n\n\nUpdates `cloud.google.com/go/compute` from 1.63.0 to 1.64.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-cloud-go/releases\"\u003ecloud.google.com/go/compute's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ecompute: v1.64.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/compute/v1.63.0...compute/v1.64.0\"\u003ev1.64.0\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate API sources and regenerate (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14621\"\u003e#14621\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/6641db88\"\u003e6641db88\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/1a476c130bbaad8d1355db63700fed22aa1cc4a2\"\u003e\u003ccode\u003e1a476c1\u003c/code\u003e\u003c/a\u003e chore: librarian release pull request: 20260521T182442Z (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14627\"\u003e#14627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/dd8448b9186401259e24a68286e41522e0a8a27c\"\u003e\u003ccode\u003edd8448b\u003c/code\u003e\u003c/a\u003e fix(pubsub/v2): manage exactly once spans properly on failure (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14559\"\u003e#14559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/b54d7a43fdd658081298f0b2ebf84e23aa26b848\"\u003e\u003ccode\u003eb54d7a4\u003c/code\u003e\u003c/a\u003e feat(firestore): support Transaction ReadTime (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14615\"\u003e#14615\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/6641db88e5a1c62a967d0505d35c3bc1dedefe9f\"\u003e\u003ccode\u003e6641db8\u003c/code\u003e\u003c/a\u003e feat: update API sources and regenerate (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14621\"\u003e#14621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/e753126859522fbf76d0f15099fa63382836ac65\"\u003e\u003ccode\u003ee753126\u003c/code\u003e\u003c/a\u003e chore: librarian release pull request: 20260519T161341Z (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14617\"\u003e#14617\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/593f67d594413796147656e25feacdd1c8f4d047\"\u003e\u003ccode\u003e593f67d\u003c/code\u003e\u003c/a\u003e chore: update librarian to v0.14.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14619\"\u003e#14619\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/66c66c5038a3adde16e841396d910a1148eb4482\"\u003e\u003ccode\u003e66c66c5\u003c/code\u003e\u003c/a\u003e feat(firestore): add Data and DataTo methods to AggregationResult (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14592\"\u003e#14592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/0a8d10d18d7e2b0008e82c5e2936f95e82bfbbc5\"\u003e\u003ccode\u003e0a8d10d\u003c/code\u003e\u003c/a\u003e fix(datastore): detach rollback context from transaction cancellation (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/d52fff4c2965f38dbf6c8df7310d80b6f8a0e28e\"\u003e\u003ccode\u003ed52fff4\u003c/code\u003e\u003c/a\u003e chore(all): update module cloud.google.com/go/longrunning to v1 (main) (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14606\"\u003e#14606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-cloud-go/commit/d29f68afa17d1b874c374c97642afaaf0958a929\"\u003e\u003ccode\u003ed29f68a\u003c/code\u003e\u003c/a\u003e feat(storage): read checksums in gRPC partial reads (\u003ca href=\"https://redirect.github.com/googleapis/google-cloud-go/issues/14586\"\u003e#14586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-cloud-go/compare/compute/v1.63.0...compute/v1.64.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2` from 1.41.7 to 1.41.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5841d3ae2cfd6e6113ca61b71d69131b84932f4c\"\u003e\u003ccode\u003e5841d3a\u003c/code\u003e\u003c/a\u003e Release 2026-05-29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ac80d79c282366cae312281b3df925af4e9bf1\"\u003e\u003ccode\u003e16ac80d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/167926f8aca7228f2dd1bed73707505875aafef4\"\u003e\u003ccode\u003e167926f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a0fce13e18c6bff397ad77fac4cde4ab3f3b93e0\"\u003e\u003ccode\u003ea0fce13\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/223c0057211950899e0117dc027cc299a1dac664\"\u003e\u003ccode\u003e223c005\u003c/code\u003e\u003c/a\u003e update to smithy-go v1.26.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/74c501189a40c9b937432a1b2a4cacffc851ea76\"\u003e\u003ccode\u003e74c5011\u003c/code\u003e\u003c/a\u003e Release 2026-05-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7d82651329a86064a9026f6219cff72921fa74da\"\u003e\u003ccode\u003e7d82651\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/79c63d9289784de4914143b7bff67157aa6a2a90\"\u003e\u003ccode\u003e79c63d9\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b15b3b873ad5c294d0c010fb1cc56ecb583d1618\"\u003e\u003ccode\u003eb15b3b8\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/090e46936630944917cfd6a0990ea3fd6391475b\"\u003e\u003ccode\u003e090e469\u003c/code\u003e\u003c/a\u003e Feat tmv2 parity (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3424\"\u003e#3424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/v1.41.7...v1.41.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5841d3ae2cfd6e6113ca61b71d69131b84932f4c\"\u003e\u003ccode\u003e5841d3a\u003c/code\u003e\u003c/a\u003e Release 2026-05-29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ac80d79c282366cae312281b3df925af4e9bf1\"\u003e\u003ccode\u003e16ac80d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/167926f8aca7228f2dd1bed73707505875aafef4\"\u003e\u003ccode\u003e167926f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a0fce13e18c6bff397ad77fac4cde4ab3f3b93e0\"\u003e\u003ccode\u003ea0fce13\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/223c0057211950899e0117dc027cc299a1dac664\"\u003e\u003ccode\u003e223c005\u003c/code\u003e\u003c/a\u003e update to smithy-go v1.26.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/74c501189a40c9b937432a1b2a4cacffc851ea76\"\u003e\u003ccode\u003e74c5011\u003c/code\u003e\u003c/a\u003e Release 2026-05-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7d82651329a86064a9026f6219cff72921fa74da\"\u003e\u003ccode\u003e7d82651\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/79c63d9289784de4914143b7bff67157aa6a2a90\"\u003e\u003ccode\u003e79c63d9\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b15b3b873ad5c294d0c010fb1cc56ecb583d1618\"\u003e\u003ccode\u003eb15b3b8\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/090e46936630944917cfd6a0990ea3fd6391475b\"\u003e\u003ccode\u003e090e469\u003c/code\u003e\u003c/a\u003e Feat tmv2 parity (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3424\"\u003e#3424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.17...config/v1.32.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.16 to 1.19.19\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5841d3ae2cfd6e6113ca61b71d69131b84932f4c\"\u003e\u003ccode\u003e5841d3a\u003c/code\u003e\u003c/a\u003e Release 2026-05-29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ac80d79c282366cae312281b3df925af4e9bf1\"\u003e\u003ccode\u003e16ac80d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/167926f8aca7228f2dd1bed73707505875aafef4\"\u003e\u003ccode\u003e167926f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a0fce13e18c6bff397ad77fac4cde4ab3f3b93e0\"\u003e\u003ccode\u003ea0fce13\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/223c0057211950899e0117dc027cc299a1dac664\"\u003e\u003ccode\u003e223c005\u003c/code\u003e\u003c/a\u003e update to smithy-go v1.26.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/74c501189a40c9b937432a1b2a4cacffc851ea76\"\u003e\u003ccode\u003e74c5011\u003c/code\u003e\u003c/a\u003e Release 2026-05-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7d82651329a86064a9026f6219cff72921fa74da\"\u003e\u003ccode\u003e7d82651\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/79c63d9289784de4914143b7bff67157aa6a2a90\"\u003e\u003ccode\u003e79c63d9\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b15b3b873ad5c294d0c010fb1cc56ecb583d1618\"\u003e\u003ccode\u003eb15b3b8\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/090e46936630944917cfd6a0990ea3fd6391475b\"\u003e\u003ccode\u003e090e469\u003c/code\u003e\u003c/a\u003e Feat tmv2 parity (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3424\"\u003e#3424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.19.16...credentials/v1.19.19\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/ec2` from 1.302.0 to 1.304.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5841d3ae2cfd6e6113ca61b71d69131b84932f4c\"\u003e\u003ccode\u003e5841d3a\u003c/code\u003e\u003c/a\u003e Release 2026-05-29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ac80d79c282366cae312281b3df925af4e9bf1\"\u003e\u003ccode\u003e16ac80d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/167926f8aca7228f2dd1bed73707505875aafef4\"\u003e\u003ccode\u003e167926f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a0fce13e18c6bff397ad77fac4cde4ab3f3b93e0\"\u003e\u003ccode\u003ea0fce13\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/223c0057211950899e0117dc027cc299a1dac664\"\u003e\u003ccode\u003e223c005\u003c/code\u003e\u003c/a\u003e update to smithy-go v1.26.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/74c501189a40c9b937432a1b2a4cacffc851ea76\"\u003e\u003ccode\u003e74c5011\u003c/code\u003e\u003c/a\u003e Release 2026-05-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7d82651329a86064a9026f6219cff72921fa74da\"\u003e\u003ccode\u003e7d82651\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/79c63d9289784de4914143b7bff67157aa6a2a90\"\u003e\u003ccode\u003e79c63d9\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b15b3b873ad5c294d0c010fb1cc56ecb583d1618\"\u003e\u003ccode\u003eb15b3b8\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/090e46936630944917cfd6a0990ea3fd6391475b\"\u003e\u003ccode\u003e090e469\u003c/code\u003e\u003c/a\u003e Feat tmv2 parity (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3424\"\u003e#3424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/ec2/v1.302.0...service/ec2/v1.304.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2` from 1.54.12 to 1.54.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5841d3ae2cfd6e6113ca61b71d69131b84932f4c\"\u003e\u003ccode\u003e5841d3a\u003c/code\u003e\u003c/a\u003e Release 2026-05-29\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ac80d79c282366cae312281b3df925af4e9bf1\"\u003e\u003ccode\u003e16ac80d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/167926f8aca7228f2dd1bed73707505875aafef4\"\u003e\u003ccode\u003e167926f\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a0fce13e18c6bff397ad77fac4cde4ab3f3b93e0\"\u003e\u003ccode\u003ea0fce13\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/223c0057211950899e0117dc027cc299a1dac664\"\u003e\u003ccode\u003e223c005\u003c/code\u003e\u003c/a\u003e update to smithy-go v1.26.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3426\"\u003e#3426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/74c501189a40c9b937432a1b2a4cacffc851ea76\"\u003e\u003ccode\u003e74c5011\u003c/code\u003e\u003c/a\u003e Release 2026-05-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7d82651329a86064a9026f6219cff72921fa74da\"\u003e\u003ccode\u003e7d82651\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/79c63d9289784de4914143b7bff67157aa6a2a90\"\u003e\u003ccode\u003e79c63d9\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b15b3b873ad5c294d0c010fb1cc56ecb583d1618\"\u003e\u003ccode\u003eb15b3b8\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/090e46936630944917cfd6a0990ea3fd6391475b\"\u003e\u003ccode\u003e090e469\u003c/code\u003e\u003c/a\u003e Feat tmv2 parity (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3424\"\u003e#3424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/polly/v1.54.12...service/elasticloadbalancingv2/v1.54.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/iam` from 1.53.10 to 1.53.12\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c45eaac0731f64505ae8a32703611657e31b6dea\"\u003e\u003ccode\u003ec45eaac\u003c/code\u003e\u003c/a\u003e Release 2025-02-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7aecaffb9ba5ba0638e1ab4aab51977da5af0a47\"\u003e\u003ccode\u003e7aecaff\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/a11e8e137b6f7906f7f686ef3cfe0553cf493088\"\u003e\u003ccode\u003ea11e8e1\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/91f8178a6636ded0282b1d1ee1490311856ad9d5\"\u003e\u003ccode\u003e91f8178\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/d59b6584a641edf3b82778b44f7ef47aad2d5277\"\u003e\u003ccode\u003ed59b658\u003c/code\u003e\u003c/a\u003e Release 2025-02-03\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e50249fff700e87f4a779fa221efe00afab9ff66\"\u003e\u003ccode\u003ee50249f\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5d245fcb77fb71200881dab84a2b42fcefe0355a\"\u003e\u003ccode\u003e5d245fc\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/85742451645e8bed2a54286c02065be56599d977\"\u003e\u003ccode\u003e8574245\u003c/code\u003e\u003c/a\u003e delete stuck changelogs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e2e9697d8ebe330a7435716c2f31b1cea4dff3c0\"\u003e\u003ccode\u003ee2e9697\u003c/code\u003e\u003c/a\u003e Release 2025-01-31\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6576a0939a79d5f31eef10164750faedd78a45d4\"\u003e\u003ccode\u003e6576a09\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.53.10...service/ecs/v1.53.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/organizations` from 1.51.3 to 1.51.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/676a8b1bf0174c8763e19d99b68b988e67e2d398\"\u003e\u003ccode\u003e676a8b1\u003c/code\u003e\u003c/a\u003e Release 2025-01-24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/1737386a85235b72e9676ed261b72cddb61355df\"\u003e\u003ccode\u003e1737386\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/3bc09da29fb3dd079526f7ed141520f69245e445\"\u003e\u003ccode\u003e3bc09da\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/cb98deef60318ce9a61cda159ebfb0166d88539b\"\u003e\u003ccode\u003ecb98dee\u003c/code\u003e\u003c/a\u003e Fix flex checksum validation cfg (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2981\"\u003e#2981\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/9c764018fe28b27912a0b976614d9e806e3f8268\"\u003e\u003ccode\u003e9c76401\u003c/code\u003e\u003c/a\u003e fix bad changelog type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ed8a3caa0df9ce36a5b60aebeee201187098d205\"\u003e\u003ccode\u003eed8a3ca\u003c/code\u003e\u003c/a\u003e Reduce fmt.Sprintf allocations in query encoding (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/d5773a9a070873393eb2e7eed37bd647e12e1267\"\u003e\u003ccode\u003ed5773a9\u003c/code\u003e\u003c/a\u003e Add FixUnmarshalIndividualSetValues option to DecoderOptions of dynamodb (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2896\"\u003e#2896\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/58e23dc0311cec940749e34ddfc542dbb00ff7a3\"\u003e\u003ccode\u003e58e23dc\u003c/code\u003e\u003c/a\u003e fix codegen test failing in main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/640d919419375c1bb9041ffa6dd024b60243a1ed\"\u003e\u003ccode\u003e640d919\u003c/code\u003e\u003c/a\u003e fix broken jmespath waiters in cloudwatch and autoscaling (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2984\"\u003e#2984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/613a6cfc607af8470ceec5b7391f9231fa1f98dd\"\u003e\u003ccode\u003e613a6cf\u003c/code\u003e\u003c/a\u003e Optimize/directory traversal (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2970\"\u003e#2970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.51.3...service/fsx/v1.51.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/route53` from 1.62.7 to 1.62.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/54aed732316b5162e5c4382a1f2d3891175d0254\"\u003e\u003ccode\u003e54aed73\u003c/code\u003e\u003c/a\u003e Release 2025-02-18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/082781faee876f9d612fa7c113b4304a29766b14\"\u003e\u003ccode\u003e082781f\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/3ed185b604684a86547e679154975f1914f97312\"\u003e\u003ccode\u003e3ed185b\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/03da7378d668622cd880ec741d57e93cc370efa1\"\u003e\u003ccode\u003e03da737\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c8a8ccb619ffbfe00e99a83e99729b948f20be29\"\u003e\u003ccode\u003ec8a8ccb\u003c/code\u003e\u003c/a\u003e Bump go version to 1.22 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/8b7c7bf6d9a1c63d0c5262724ae8a15a44e366a6\"\u003e\u003ccode\u003e8b7c7bf\u003c/code\u003e\u003c/a\u003e fix missing AccountIDEndpointMode binding (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3013\"\u003e#3013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/90f9d1081a37acaf792ccda5bfb07e2ee7590a9e\"\u003e\u003ccode\u003e90f9d10\u003c/code\u003e\u003c/a\u003e Release 2025-02-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/40dd351c61c016749a3f4105cca0c965e7c66d7b\"\u003e\u003ccode\u003e40dd351\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/06352dfafe9067da1956229d6925efed328d5ff6\"\u003e\u003ccode\u003e06352df\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/833566b553122ebd5bfa1237ee7c905a8db0d687\"\u003e\u003ccode\u003e833566b\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.62.7...service/iot/v1.62.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/route53resolver` from 1.43.0 to 1.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/13546abeb3c6bf9f0bfa97855fd8f52a2e26373e\"\u003e\u003ccode\u003e13546ab\u003c/code\u003e\u003c/a\u003e Release 2023-11-27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/59ce389800703c1509810f19ab77c467531ab07f\"\u003e\u003ccode\u003e59ce389\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/8257e839ab34958c84f1671ca89b92cf30360b43\"\u003e\u003ccode\u003e8257e83\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/8ef931c3c2a1f28e4bc68efe5a0582e3ec32f2ac\"\u003e\u003ccode\u003e8ef931c\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6afe5286d243f06aa040d3954b765b38366b88c2\"\u003e\u003ccode\u003e6afe528\u003c/code\u003e\u003c/a\u003e Release 2023-11-22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/769b1e08ea9acae6b2488864977a444dccb59e62\"\u003e\u003ccode\u003e769b1e0\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b6c76999b24cbe735e03123800eaf7427ab6caf2\"\u003e\u003ccode\u003eb6c7699\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/57f3065c220672b63d1a1af0f424757048805904\"\u003e\u003ccode\u003e57f3065\u003c/code\u003e\u003c/a\u003e breakfix: convert public access block config fields to nilable like s3 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/2385\"\u003e#2385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/fa3ee1a83b9edac9669159650622bcfe3003b44c\"\u003e\u003ccode\u003efa3ee1a\u003c/code\u003e\u003c/a\u003e Release 2023-11-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6e0c553b49b1fd84753d3ea440be93011d36cf40\"\u003e\u003ccode\u003e6e0c553\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.43.0...service/s3/v1.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/sso` from 1.30.17 to 1.30.19\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/54aed732316b5162e5c4382a1f2d3891175d0254\"\u003e\u003ccode\u003e54aed73\u003c/code\u003e\u003c/a\u003e Release 2025-02-18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/082781faee876f9d612fa7c113b4304a29766b14\"\u003e\u003ccode\u003e082781f\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/3ed185b604684a86547e679154975f1914f97312\"\u003e\u003ccode\u003e3ed185b\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/03da7378d668622cd880ec741d57e93cc370efa1\"\u003e\u003ccode\u003e03da737\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c8a8ccb619ffbfe00e99a83e99729b948f20be29\"\u003e\u003ccode\u003ec8a8ccb\u003c/code\u003e\u003c/a\u003e Bump go version to 1.22 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/8b7c7bf6d9a1c63d0c5262724ae8a15a44e366a6\"\u003e\u003ccode\u003e8b7c7bf\u003c/code\u003e\u003c/a\u003e fix missing AccountIDEndpointMode binding (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3013\"\u003e#3013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/90f9d1081a37acaf792ccda5bfb07e2ee7590a9e\"\u003e\u003ccode\u003e90f9d10\u003c/code\u003e\u003c/a\u003e Release 2025-02-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/40dd351c61c016749a3f4105cca0c965e7c66d7b\"\u003e\u003ccode\u003e40dd351\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/06352dfafe9067da1956229d6925efed328d5ff6\"\u003e\u003ccode\u003e06352df\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/833566b553122ebd5bfa1237ee7c905a8db0d687\"\u003e\u003ccode\u003e833566b\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/acm/v1.30.17...service/acm/v1.30.19\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/ssooidc` from 1.35.21 to 1.36.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/54aed732316b5162e5c4382a1f2d3891175d0254\"\u003e\u003ccode\u003e54aed73\u003c/code\u003e\u003c/a\u003e Release 2025-02-18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/082781faee876f9d612fa7c113b4304a29766b14\"\u003e\u003ccode\u003e082781f\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/3ed185b604684a86547e679154975f1914f97312\"\u003e\u003ccode\u003e3ed185b\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/03da7378d668622cd880ec741d57e93cc370efa1\"\u003e\u003ccode\u003e03da737\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c8a8ccb619ffbfe00e99a83e99729b948f20be29\"\u003e\u003ccode\u003ec8a8ccb\u003c/code\u003e\u003c/a\u003e Bump go version to 1.22 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/8b7c7bf6d9a1c63d0c5262724ae8a15a44e366a6\"\u003e\u003ccode\u003e8b7c7bf\u003c/code\u003e\u003c/a\u003e fix missing AccountIDEndpointMode binding (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3013\"\u003e#3013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/90f9d1081a37acaf792ccda5bfb07e2ee7590a9e\"\u003e\u003ccode\u003e90f9d10\u003c/code\u003e\u003c/a\u003e Release 2025-02-17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/40dd351c61c016749a3f4105cca0c965e7c66d7b\"\u003e\u003ccode\u003e40dd351\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/06352dfafe9067da1956229d6925efed328d5ff6\"\u003e\u003ccode\u003e06352df\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/833566b553122ebd5bfa1237ee7c905a8db0d687\"\u003e\u003ccode\u003e833566b\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/pi/v1.35.21...v1.36.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.42.1 to 1.42.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/09a58172d9d7ad6f73a123b02d7e84c5c4a155f7\"\u003e\u003ccode\u003e09a5817\u003c/code\u003e\u003c/a\u003e Release 2025-12-02\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/58d1759452a64b5cebc3af72b0d20e0d0f4c1206\"\u003e\u003ccode\u003e58d1759\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/16ba34ea62c08755b0f9e515e49d91a4ec0a228a\"\u003e\u003ccode\u003e16ba34e\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7873bf423b63068375552b96d515d4e4fe3b4b64\"\u003e\u003ccode\u003e7873bf4\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/9b55b02d1957debcdc49350d1e805ef35b6aebf0\"\u003e\u003ccode\u003e9b55b02\u003c/code\u003e\u003c/a\u003e bump smithy-go to v1.24.0 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3242\"\u003e#3242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/d8b017901ff4fdde54fcb11a2cc2eb96f5250fd4\"\u003e\u003ccode\u003ed8b0179\u003c/code\u003e\u003c/a\u003e Release 2025-12-01\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e4405f01c3d6d2b9ae5ba8a2a09556ae53d5f8f2\"\u003e\u003ccode\u003ee4405f0\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/65d08b0cedc6076d337c9a733e0a103446ed2e7b\"\u003e\u003ccode\u003e65d08b0\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f6cc036f3712a3bc31b7a8120d26455bd6fa15ea\"\u003e\u003ccode\u003ef6cc036\u003c/code\u003e\u003c/a\u003e Release 2025-11-26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/deb353f714c36d8c29020007df481749e45f38bb\"\u003e\u003ccode\u003edeb353f\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.42.1...service/amp/v1.42.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.50.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.50.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/api` from 0.274.0 to 0.279.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-api-go-client/releases\"\u003egoogle.golang.org/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.279.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.278.0...v0.279.0\"\u003e0.279.0\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3585\"\u003e#3585\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/09db0e346a6b567747dceee3872229a62c95124c\"\u003e09db0e3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3587\"\u003e#3587\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e87e376dbd590cffb3632c378e1ade4a9dacf3ce\"\u003ee87e376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3590\"\u003e#3590\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/d4241eaef9ab3daad4fd4aaeccc118795cfc58a7\"\u003ed4241ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.278.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.277.0...v0.278.0\"\u003e0.278.0\u003c/a\u003e (2026-05-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3582\"\u003e#3582\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/76b1187e506ac0f48caac67907dd0805b253f74c\"\u003e76b1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3584\"\u003e#3584\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e36c88361d11545583325c3ac6bdbd9cf1f1a7d0\"\u003ee36c883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.277.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.276.0...v0.277.0\"\u003e0.277.0\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3567\"\u003e#3567\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/39582952e4eac1b744499f8a8063a4a5f1ce7d6b\"\u003e3958295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3571\"\u003e#3571\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ca9851efc573231ca1ed9c6fea4bc77d6052d0bb\"\u003eca9851e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3574\"\u003e#3574\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8efb1afa0e5d9cc454f721124bba3881f3935e3c\"\u003e8efb1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3575\"\u003e#3575\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/de49bb519cab881f74e5b9ba11e263a2b9a4ad2e\"\u003ede49bb5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3577\"\u003e#3577\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ce68c87d9dc6c144b6df578df725470b30cf83d6\"\u003ece68c87\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3578\"\u003e#3578\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8be033e24e0c6ddb08a3df72c0a8997d21623a22\"\u003e8be033e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3579\"\u003e#3579\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/bc6990e20803f2ff2fd1b77995f6e9180ab2302b\"\u003ebc6990e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3580\"\u003e#3580\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/2de1a5aff3f3b6e53dff00da297c5d249ac8d791\"\u003e2de1a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3581\"\u003e#3581\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/0c219d90e90899c93215558f3ea309c9732bf7ea\"\u003e0c219d9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eidtoken:\u003c/strong\u003e Avoid double impersonation in tokenSourceFromBytes (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3576\"\u003e#3576\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/75172cf5cb7bfc260c22e481323355306f684a09\"\u003e75172cf\u003c/a\u003e), refs \u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/2301\"\u003e#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.276.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.275.0...v0.276.0\"\u003e0.276.0\u003c/a\u003e (2026-04-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3561\"\u003e#3561\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/dd3f1bb7976124341e045b9f519d059a3f636ea1\"\u003edd3f1bb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3565\"\u003e#3565\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/7c11b5a39bde8b58642e8e95f067cf6b1592d46c\"\u003e7c11b5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3566\"\u003e#3566\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/54188cf11d69c99be6b485eb6b92898c233422bd\"\u003e54188cf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md\"\u003egoogle.golang.org/api's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.278.0...v0.279.0\"\u003e0.279.0\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3585\"\u003e#3585\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/09db0e346a6b567747dceee3872229a62c95124c\"\u003e09db0e3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3587\"\u003e#3587\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e87e376dbd590cffb3632c378e1ade4a9dacf3ce\"\u003ee87e376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3590\"\u003e#3590\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/d4241eaef9ab3daad4fd4aaeccc118795cfc58a7\"\u003ed4241ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.277.0...v0.278.0\"\u003e0.278.0\u003c/a\u003e (2026-05-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3582\"\u003e#3582\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/76b1187e506ac0f48caac67907dd0805b253f74c\"\u003e76b1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3584\"\u003e#3584\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e36c88361d11545583325c3ac6bdbd9cf1f1a7d0\"\u003ee36c883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.276.0...v0.277.0\"\u003e0.277.0\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3567\"\u003e#3567\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/39582952e4eac1b744499f8a8063a4a5f1ce7d6b\"\u003e3958295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3571\"\u003e#3571\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ca9851efc573231ca1ed9c6fea4bc77d6052d0bb\"\u003eca9851e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3574\"\u003e#3574\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8efb1afa0e5d9cc454f721124bba3881f3935e3c\"\u003e8efb1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3575\"\u003e#3575\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/de49bb519cab881f74e5b9ba11e263a2b9a4ad2e\"\u003ede49bb5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3577\"\u003e#3577\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/ce68c87d9dc6c144b6df578df725470b30cf83d6\"\u003ece68c87\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3578\"\u003e#3578\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8be033e24e0c6ddb08a3df72c0a8997d21623a22\"\u003e8be033e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3579\"\u003e#3579\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/bc6990e20803f2ff2fd1b77995f6e9180ab2302b\"\u003ebc6990e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3580\"\u003e#3580\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/2de1a5aff3f3b6e53dff00da297c5d249ac8d791\"\u003e2de1a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3581\"\u003e#3581\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/0c219d90e90899c93215558f3ea309c9732bf7ea\"\u003e0c219d9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eidtoken:\u003c/strong\u003e Avoid double impersonation in tokenSourceFromBytes (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3576\"\u003e#3576\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/75172cf5cb7bfc260c22e481323355306f684a09\"\u003e75172cf\u003c/a\u003e), refs \u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/2301\"\u003e#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.275.0...v0.276.0\"\u003e0.276.0\u003c/a\u003e (2026-04-14)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3561\"\u003e#3561\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/dd3f1bb7976124341e045b9f519d059a3f636ea1\"\u003edd3f1bb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3565\"\u003e#3565\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/7c11b5a39bde8b58642e8e95f067cf6b1592d46c\"\u003e7c11b5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eall:\u003c/strong\u003e Auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3566\"\u003e#3566\u003c/a\u003e) (\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/54188cf11d69c99be6b485eb6b92898c233422bd\"\u003e54188cf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.275.0\"\u003e0.275.0\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e446d4cdeb5e63cd6916051edd2c56588eede309\"\u003e\u003ccode\u003ee446d4c\u003c/code\u003e\u003c/a\u003e chore(main): release 0.279.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3586\"\u003e#3586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/d4241eaef9ab3daad4fd4aaeccc118795cfc58a7\"\u003e\u003ccode\u003ed4241ea\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3590\"\u003e#3590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/8452ed1936bd40ed8a3e2dd8b06832a853ea45c7\"\u003e\u003ccode\u003e8452ed1\u003c/code\u003e\u003c/a\u003e chore(all): update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e87e376dbd590cffb3632c378e1ade4a9dacf3ce\"\u003e\u003ccode\u003ee87e376\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3587\"\u003e#3587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/09db0e346a6b567747dceee3872229a62c95124c\"\u003e\u003ccode\u003e09db0e3\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3585\"\u003e#3585\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/07c758daacbc24e32753c3f1b537c7f6cce626f0\"\u003e\u003ccode\u003e07c758d\u003c/code\u003e\u003c/a\u003e chore(main): release 0.278.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3583\"\u003e#3583\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/e36c88361d11545583325c3ac6bdbd9cf1f1a7d0\"\u003e\u003ccode\u003ee36c883\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3584\"\u003e#3584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/76b1187e506ac0f48caac67907dd0805b253f74c\"\u003e\u003ccode\u003e76b1187\u003c/code\u003e\u003c/a\u003e feat(all): auto-regenerate discovery clients (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3582\"\u003e#3582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/dd598a60e19f836bb7ad709311b21d303bbab6c8\"\u003e\u003ccode\u003edd598a6\u003c/code\u003e\u003c/a\u003e chore(main): release 0.277.0 (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3568\"\u003e#3568\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/google-api-go-client/commit/b208a86db380e5e517451daa4e5f63fae1f723be\"\u003e\u003ccode\u003eb208a86\u003c/code\u003e\u003c/a\u003e chore(all): update all (\u003ca href=\"https://redirect.github.com/googleapis/google-api-go-client/issues/3573\"\u003e#3573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/google-api-go-client/compare/v0.274.0...v0.279.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.80.0 to 1.81.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.81.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per \u003ca href=\"https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md\"\u003egRFC A41\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/al4an444\"\u003e\u003ccode\u003e@​al4an444\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eotel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.81.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8808\"\u003e#8808\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDependencies\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eMinimum supported Go version is now 1.25. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8969\"\u003e#8969\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8956\"\u003e#8956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Send a \u003ccode\u003eRST_STREAM\u003c/code\u003e when receiving an \u003ccode\u003eEND_STREAM\u003c/code\u003e when the stream is not already half-closed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8832\"\u003e#8832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Fix ADS resource name validation to prevent a panic. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8970\"\u003e#8970\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc/stats: Add support for custom labels in per-call metrics (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A108-otel-custom-per-call-label.md\"\u003egRFC A108\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9008\"\u003e#9008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for Server Name Indication (SNI) and SAN validation (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md\"\u003egRFC A101\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_SNI=true\u003c/code\u003e environment variable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9016\"\u003e#9016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md\"\u003egRFC A85\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9005\"\u003e#9005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add metrics to track xDS client connectivity and cached resource state (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md\"\u003egRFC A78\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8807\"\u003e#8807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Enhance \u003ccode\u003egrpc.subchannel.disconnections\u003c/code\u003e metric by adding disconnection reason to the \u003ccode\u003egrpc.disconnect_error\u003c/code\u003e label (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A94-subchannel-otel-metrics.md\"\u003egRFC A94\u003c/a\u003e). This provides granular insights into why subchannels are closing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8973\"\u003e#8973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Add \u003ccode\u003emem.Buffer.Slice()\u003c/code\u003e API to slice the buffer like a slice. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8977\"\u003e#8977\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/ash2k\"\u003e\u003ccode\u003e@​ash2k\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ealts: Pool read buffers to lower memory utilization when sockets are unreadable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8964\"\u003e#8964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set \u003ccode\u003eGRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false\u003c/code\u003e and report any issues. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9032\"\u003e#9032\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/caf0772c2bcb8bc15d43eb53448e921f34f0b7e8\"\u003e\u003ccode\u003ecaf0772\u003c/code\u003e\u003c/a\u003e Change version from 1.81.1-dev to 1.81.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9122\"\u003e#9122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6ccbeebf058ede71e43a5ac28fada2a736573215\"\u003e\u003ccode\u003e6ccbeeb\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9121\"\u003e#9121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/b33c29e41b438e371c8504de9bdf64a80098cc29\"\u003e\u003ccode\u003eb33c29e\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9102\"\u003e#9102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/c45fae6d06a5c192b7b96418a2bc26a96b856834\"\u003e\u003ccode\u003ec45fae6\u003c/code\u003e\u003c/a\u003e Change version to 1.81.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9063\"\u003e#9063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cb18228317ff523e63d931b4058b0329585b7dcd\"\u003e\u003ccode\u003ecb18228\u003c/code\u003e\u003c/a\u003e Change version to 1.81.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9062\"\u003e#9062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/96748f973e20bbfcafa19a8bdffc85ad5da138d1\"\u003e\u003ccode\u003e96748f9\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9105\"\u003e#9105\u003c/a\u003e to 1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9106\"\u003e#9106\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/91832222f0144f76527b630ca55cfea6e1aa015a\"\u003e\u003ccode\u003e9183222\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9055\"\u003e#9055\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9032\"\u003e#9032\u003c/a\u003e to v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9095\"\u003e#9095\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/5cba6da4211f3b130238c792937f5921741b616a\"\u003e\u003ccode\u003e5cba6da\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;deps: update dependencies for all modules (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9065\"\u003e#9065\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9067\"\u003e#9067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/af8a9364aa7523ab24d214e9ef13e6ad64d5c5f9\"\u003e\u003ccode\u003eaf8a936\u003c/code\u003e\u003c/a\u003e deps: update dependencies for all modules (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9065\"\u003e#9065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cdc60dfaaadde45e16aa3c28237c0e655a722c1a\"\u003e\u003ccode\u003ecdc60df\u003c/code\u003e\u003c/a\u003e transport: optimize heap allocations in ready reader and update syscall conne...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.80.0...v1.81.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/stefanriegel/UDDI-Token-Calculator/pull/86","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanriegel%2FUDDI-Token-Calculator/issues/86","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/86/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":"/go-backend","pr_created_at":"2026-05-31T01:33:02.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4556239972","node_id":"PR_kwDOQ7_oS87hByZ6","number":205,"state":"closed","title":"chore(go-backend): Bump the gomod group in /go-backend with 5 updates","user":"dependabot[bot]","labels":["dependabot","dependencies","gomod"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-07T01:33:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-31T01:33:02.000Z","updated_at":"2026-06-07T01:33:01.000Z","time_to_close":604798,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(go-backend): Bump","group_name":"gomod","update_count":5,"packages":[{"name":"connectrpc.com/connect","old_version":"1.19.2","new_version":"1.20.0","repository_url":"https://github.com/connectrpc/connect-go"},{"name":"github.com/getkin/kin-openapi","old_version":"0.138.0","new_version":"0.139.0","repository_url":"https://github.com/getkin/kin-openapi"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/oapi-codegen/runtime","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/oapi-codegen/runtime"},{"name":"golang.org/x/crypto","old_version":"0.51.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"}],"path":"/go-backend","ecosystem":"go"},"body":"Bumps the gomod group in /go-backend with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [connectrpc.com/connect](https://github.com/connectrpc/connect-go) | `1.19.2` | `1.20.0` |\n| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.138.0` | `0.139.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) | `1.4.0` | `1.4.1` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.52.0` |\n\nUpdates `connectrpc.com/connect` from 1.19.2 to 1.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/connectrpc/connect-go/releases\"\u003econnectrpc.com/connect's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump minimum supported Go version to 1.25 by \u003ca href=\"https://github.com/jonbodner-buf\"\u003e\u003ccode\u003e@​jonbodner-buf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/922\"\u003e#922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Unary-Get query parameter order to match spec recommendation by \u003ca href=\"https://github.com/oliversun9\"\u003e\u003ccode\u003e@​oliversun9\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/926\"\u003e#926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jonbodner-buf\"\u003e\u003ccode\u003e@​jonbodner-buf\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/922\"\u003e#922\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0\"\u003ehttps://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/connectrpc/connect-go/commit/1291a7dcac19b00490f935dce18f44f301fc58f6\"\u003e\u003ccode\u003e1291a7d\u003c/code\u003e\u003c/a\u003e Prepare for v1.20.0 (\u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/connectrpc/connect-go/commit/6df682f19e5b957b96b5fa44ffb28705a2d7bc8c\"\u003e\u003ccode\u003e6df682f\u003c/code\u003e\u003c/a\u003e Update Unary-Get query parameter order to match spec recommendation (\u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/connectrpc/connect-go/commit/c4aac92b87026cd709cfbccdaabe8c45abef705c\"\u003e\u003ccode\u003ec4aac92\u003c/code\u003e\u003c/a\u003e Chore update buf v1.69.0 and license year (\u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/connectrpc/connect-go/commit/a5a6c30f3776b06ae05a66ab3bdd2d60c46db6db\"\u003e\u003ccode\u003ea5a6c30\u003c/code\u003e\u003c/a\u003e Bump Go from v1.24 to v1.25 (\u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/922\"\u003e#922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/connectrpc/connect-go/commit/138e2700eb60b8004363eb344031b317bf599a1f\"\u003e\u003ccode\u003e138e270\u003c/code\u003e\u003c/a\u003e Back to development (\u003ca href=\"https://redirect.github.com/connectrpc/connect-go/issues/921\"\u003e#921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/connectrpc/connect-go/compare/v1.19.2...v1.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/getkin/kin-openapi` from 0.138.0 to 0.139.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getkin/kin-openapi/releases\"\u003egithub.com/getkin/kin-openapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.139.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(openapi3): batch-convert long-tail RequiredFieldError sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1170\"\u003egetkin/kin-openapi#1170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(openapi3): typed validation error clusters (combined: #1171-\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1179\"\u003e#1179\u003c/a\u003e) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1180\"\u003egetkin/kin-openapi#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3gen: skip component export for anonymous types by \u003ca href=\"https://github.com/0-don\"\u003e\u003ccode\u003e@​0-don\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1163\"\u003egetkin/kin-openapi#1163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTimestamps by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1181\"\u003egetkin/kin-openapi#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: typed context errors for Validate() wrapper chain by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1183\"\u003egetkin/kin-openapi#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: track Origin on the document root (T) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1184\"\u003egetkin/kin-openapi#1184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: tests flakiness corrected by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1159\"\u003egetkin/kin-openapi#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: aggregate independent validation errors via EnableMultiError by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1185\"\u003egetkin/kin-openapi#1185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: fix validation of duplicated path templates by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1189\"\u003egetkin/kin-openapi#1189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: type the remaining bare-error validation sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1187\"\u003egetkin/kin-openapi#1187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\"\u003ehttps://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/8381bfc73ce3bb241d298bc8415b8f724b6ddfb6\"\u003e\u003ccode\u003e8381bfc\u003c/code\u003e\u003c/a\u003e openapi3: type the remaining bare-error validation sites (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1187\"\u003e#1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/d29b5c043d31c47b3631020525397b7d1a1f4b6a\"\u003e\u003ccode\u003ed29b5c0\u003c/code\u003e\u003c/a\u003e openapi3: fix validation of duplicated path templates (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1189\"\u003e#1189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/e56c2c71f4cc7a433a13ff50e44b3da50b253c07\"\u003e\u003ccode\u003ee56c2c7\u003c/code\u003e\u003c/a\u003e openapi3: aggregate independent validation errors via EnableMultiError (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1185\"\u003e#1185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7ea1ac895326a469712d81507fe00d7c8957b8b6\"\u003e\u003ccode\u003e7ea1ac8\u003c/code\u003e\u003c/a\u003e openapi3: tests flakiness corrected (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1159\"\u003e#1159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/dc70f84ce64fa2d60e1e58d96f6b5686ba3dff3e\"\u003e\u003ccode\u003edc70f84\u003c/code\u003e\u003c/a\u003e openapi3: track Origin on the document root (T) (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1184\"\u003e#1184\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/69492dff6b62dddb9b27aeb7ebc9e0ee653e0263\"\u003e\u003ccode\u003e69492df\u003c/code\u003e\u003c/a\u003e openapi3: typed context errors for Validate() wrapper chain (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1183\"\u003e#1183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/0a89925163b66876c4bc357bca068d62e3d86c20\"\u003e\u003ccode\u003e0a89925\u003c/code\u003e\u003c/a\u003e un-patch YAML serialization of dates (see issue \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/55a4c7274045743fd7e6703ee14be408ae79d22d\"\u003e\u003ccode\u003e55a4c72\u003c/code\u003e\u003c/a\u003e openapi3: re-enable tests disabled due to YAML dates in map keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/c61836c51e8f6f2efebbe95f783a41f319c53aa7\"\u003e\u003ccode\u003ec61836c\u003c/code\u003e\u003c/a\u003e ci: fixup lint after modifications to marsh.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7633481fe3cd3a7027097aed588c285f3d21d238\"\u003e\u003ccode\u003e7633481\u003c/code\u003e\u003c/a\u003e feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTim...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/oapi-codegen/runtime` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oapi-codegen/runtime/releases\"\u003egithub.com/oapi-codegen/runtime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cp\u003eThis is a bug fix release.\u003c/p\u003e\n\u003cp\u003eChanges in \u003ccode\u003ev1.4.0\u003c/code\u003e, coupled with changes in \u003ccode\u003ev2.7.0\u003c/code\u003e of oapi-codegen exposed some new problems. \u003ccode\u003edeepObject\u003c/code\u003e style marshaling behavior now supports encoding unicode. UTF-8 can't be directly included in parameters, so we need to \u003ccode\u003e%\u003c/code\u003e escape it.\u003c/p\u003e\n\u003cp\u003eForm binding now detects maps, which makes binding to a Nullable possible. We can't use generics around \u003ccode\u003eNullable[T]\u003c/code\u003e, so we handle maps generically, assuming they're a Nullable with its behavior assumptions.\u003c/p\u003e\n\u003ch2\u003e🐛 Bug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix form binding of Nullables (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/133\"\u003e#133\u003c/a\u003e) \u003ca href=\"https://github.com/mromaszewicz\"\u003e\u003ccode\u003e@​mromaszewicz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePercent-encode deepObject parameter wire output (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/132\"\u003e#132\u003c/a\u003e) \u003ca href=\"https://github.com/mromaszewicz\"\u003e\u003ccode\u003e@​mromaszewicz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Dependency updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): update oapi-codegen/actions action to v0.7.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/127\"\u003e#127\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v4 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/107\"\u003e#107\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): update module github.com/kataras/iris/v12 to v12.2.11 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/11\"\u003e#11\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update release-drafter/release-drafter action to v7.2.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/122\"\u003e#122\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSponsors\u003c/h2\u003e\n\u003cp\u003eWe would like to thank our sponsors for their support during this release.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/2755f15aee0c946a782704399ba88f9830dc0912\"\u003e\u003ccode\u003e2755f15\u003c/code\u003e\u003c/a\u003e Fix form binding of Nullables (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/133\"\u003e#133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/17de1dd042b56f9848af5314d5399a8d8cf8591f\"\u003e\u003ccode\u003e17de1dd\u003c/code\u003e\u003c/a\u003e Percent-encode deepObject parameter wire output (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/d2b7c4c58e85cdc668508abccb138dbe0d15f9d9\"\u003e\u003ccode\u003ed2b7c4c\u003c/code\u003e\u003c/a\u003e chore(deps): update oapi-codegen/actions action to v0.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/6fd6c25e4f6db33e2c9c249403527ae83f30eba6\"\u003e\u003ccode\u003e6fd6c25\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/19040cc57320598827a0a591c6fdba6f46e3a5e8\"\u003e\u003ccode\u003e19040cc\u003c/code\u003e\u003c/a\u003e fix(deps): update module github.com/kataras/iris/v12 to v12.2.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/e05282eb5f0ed6981bf48165ba3e272d5cd062f8\"\u003e\u003ccode\u003ee05282e\u003c/code\u003e\u003c/a\u003e chore(deps): update release-drafter/release-drafter action to v7.2.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/oapi-codegen/runtime/compare/v1.4.0...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.51.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.51.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/Haya372/web-app-template/pull/205","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Haya372%2Fweb-app-template/issues/205","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/205/packages"}},{"old_version":"5.2.2","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-30T22:27:49.000Z","version_change":"5.2.2 → 5.3.0","issue":{"uuid":"4555884446","node_id":"PR_kwDOQ0U_YM7hAvxU","number":13,"state":"open","title":"deps(deps): bump github.com/go-chi/chi/v5 from 5.2.2 to 5.3.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T22:27:49.000Z","updated_at":"2026-05-31T00:01:53.028Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(deps)","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.2","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":null,"ecosystem":"go"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.2 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.2...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5\u0026package-manager=go_modules\u0026previous-version=5.2.2\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/define42/rdp-tls-gateway/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/define42%2Frdp-tls-gateway/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-30T15:18:21.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4554807704","node_id":"PR_kwDOSlSFWs7g9iuN","number":9,"state":"closed","title":"build(deps): bump the go-deps group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-07T22:22:32.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-30T15:18:21.000Z","updated_at":"2026-06-07T22:22:34.000Z","time_to_close":716651,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go-deps","update_count":7,"packages":[{"name":"github.com/aws/aws-sdk-go-v2","old_version":"1.41.7","new_version":"1.41.12","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/config","old_version":"1.32.17","new_version":"1.32.23","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/s3","old_version":"1.101.0","new_version":"1.103.2","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/yuin/goldmark","old_version":"1.5.4","new_version":"1.8.2","repository_url":"https://github.com/yuin/goldmark"},{"name":"golang.org/x/crypto","old_version":"0.51.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-deps group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.41.7` | `1.41.12` |\n| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.23` |\n| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.101.0` | `1.103.2` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/yuin/goldmark](https://github.com/yuin/goldmark) | `1.5.4` | `1.8.2` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.52.0` |\n\n\nUpdates `github.com/aws/aws-sdk-go-v2` from 1.41.7 to 1.41.12\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7146c2b4007293f0acc9b2e8b92ffa7a30841df0\"\u003e\u003ccode\u003e7146c2b\u003c/code\u003e\u003c/a\u003e Release 2026-06-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5aef2fd8a4027ecf34eb5e32a28ff4a955b353d6\"\u003e\u003ccode\u003e5aef2fd\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f94c04478d36a4ffb777221761459fb4b1d20cba\"\u003e\u003ccode\u003ef94c044\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f00b205128286d6431115dd078da3c36197999f4\"\u003e\u003ccode\u003ef00b205\u003c/code\u003e\u003c/a\u003e bump to smithy-go v1.27.1 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c4ad7dee6ebd9a3e1c7ee208f77e4ac8532b17c9\"\u003e\u003ccode\u003ec4ad7de\u003c/code\u003e\u003c/a\u003e drop service/internal/benchmark (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3433\"\u003e#3433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/91eca463daf932474778dc4a984c41ecfcd9dc3c\"\u003e\u003ccode\u003e91eca46\u003c/code\u003e\u003c/a\u003e Release 2026-06-03.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e9d9e156c352b4956ed0b3d57614467d1f79c62b\"\u003e\u003ccode\u003ee9d9e15\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/def6a3a4bb06c199a4843c501d84730d8235cab4\"\u003e\u003ccode\u003edef6a3a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/fa369bd7bb9576e85ac094a43a15e8372a3d0129\"\u003e\u003ccode\u003efa369bd\u003c/code\u003e\u003c/a\u003e Release 2026-06-03\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/960ee4dc8380a46ded94f3976e073242d42bf8ed\"\u003e\u003ccode\u003e960ee4d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/v1.41.7...v1.41.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.23\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7146c2b4007293f0acc9b2e8b92ffa7a30841df0\"\u003e\u003ccode\u003e7146c2b\u003c/code\u003e\u003c/a\u003e Release 2026-06-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5aef2fd8a4027ecf34eb5e32a28ff4a955b353d6\"\u003e\u003ccode\u003e5aef2fd\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f94c04478d36a4ffb777221761459fb4b1d20cba\"\u003e\u003ccode\u003ef94c044\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f00b205128286d6431115dd078da3c36197999f4\"\u003e\u003ccode\u003ef00b205\u003c/code\u003e\u003c/a\u003e bump to smithy-go v1.27.1 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c4ad7dee6ebd9a3e1c7ee208f77e4ac8532b17c9\"\u003e\u003ccode\u003ec4ad7de\u003c/code\u003e\u003c/a\u003e drop service/internal/benchmark (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3433\"\u003e#3433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/91eca463daf932474778dc4a984c41ecfcd9dc3c\"\u003e\u003ccode\u003e91eca46\u003c/code\u003e\u003c/a\u003e Release 2026-06-03.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e9d9e156c352b4956ed0b3d57614467d1f79c62b\"\u003e\u003ccode\u003ee9d9e15\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/def6a3a4bb06c199a4843c501d84730d8235cab4\"\u003e\u003ccode\u003edef6a3a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/fa369bd7bb9576e85ac094a43a15e8372a3d0129\"\u003e\u003ccode\u003efa369bd\u003c/code\u003e\u003c/a\u003e Release 2026-06-03\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/960ee4dc8380a46ded94f3976e073242d42bf8ed\"\u003e\u003ccode\u003e960ee4d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.17...config/v1.32.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.16 to 1.19.22\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7146c2b4007293f0acc9b2e8b92ffa7a30841df0\"\u003e\u003ccode\u003e7146c2b\u003c/code\u003e\u003c/a\u003e Release 2026-06-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5aef2fd8a4027ecf34eb5e32a28ff4a955b353d6\"\u003e\u003ccode\u003e5aef2fd\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f94c04478d36a4ffb777221761459fb4b1d20cba\"\u003e\u003ccode\u003ef94c044\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f00b205128286d6431115dd078da3c36197999f4\"\u003e\u003ccode\u003ef00b205\u003c/code\u003e\u003c/a\u003e bump to smithy-go v1.27.1 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c4ad7dee6ebd9a3e1c7ee208f77e4ac8532b17c9\"\u003e\u003ccode\u003ec4ad7de\u003c/code\u003e\u003c/a\u003e drop service/internal/benchmark (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3433\"\u003e#3433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/91eca463daf932474778dc4a984c41ecfcd9dc3c\"\u003e\u003ccode\u003e91eca46\u003c/code\u003e\u003c/a\u003e Release 2026-06-03.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e9d9e156c352b4956ed0b3d57614467d1f79c62b\"\u003e\u003ccode\u003ee9d9e15\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/def6a3a4bb06c199a4843c501d84730d8235cab4\"\u003e\u003ccode\u003edef6a3a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/fa369bd7bb9576e85ac094a43a15e8372a3d0129\"\u003e\u003ccode\u003efa369bd\u003c/code\u003e\u003c/a\u003e Release 2026-06-03\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/960ee4dc8380a46ded94f3976e073242d42bf8ed\"\u003e\u003ccode\u003e960ee4d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.19.16...credentials/v1.19.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.101.0 to 1.103.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/7146c2b4007293f0acc9b2e8b92ffa7a30841df0\"\u003e\u003ccode\u003e7146c2b\u003c/code\u003e\u003c/a\u003e Release 2026-06-04\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/5aef2fd8a4027ecf34eb5e32a28ff4a955b353d6\"\u003e\u003ccode\u003e5aef2fd\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f94c04478d36a4ffb777221761459fb4b1d20cba\"\u003e\u003ccode\u003ef94c044\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f00b205128286d6431115dd078da3c36197999f4\"\u003e\u003ccode\u003ef00b205\u003c/code\u003e\u003c/a\u003e bump to smithy-go v1.27.1 (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c4ad7dee6ebd9a3e1c7ee208f77e4ac8532b17c9\"\u003e\u003ccode\u003ec4ad7de\u003c/code\u003e\u003c/a\u003e drop service/internal/benchmark (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3433\"\u003e#3433\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/91eca463daf932474778dc4a984c41ecfcd9dc3c\"\u003e\u003ccode\u003e91eca46\u003c/code\u003e\u003c/a\u003e Release 2026-06-03.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e9d9e156c352b4956ed0b3d57614467d1f79c62b\"\u003e\u003ccode\u003ee9d9e15\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/def6a3a4bb06c199a4843c501d84730d8235cab4\"\u003e\u003ccode\u003edef6a3a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/fa369bd7bb9576e85ac094a43a15e8372a3d0129\"\u003e\u003ccode\u003efa369bd\u003c/code\u003e\u003c/a\u003e Release 2026-06-03\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/960ee4dc8380a46ded94f3976e073242d42bf8ed\"\u003e\u003ccode\u003e960ee4d\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.101.0...service/s3/v1.103.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/yuin/goldmark` from 1.5.4 to 1.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/yuin/goldmark/releases\"\u003egithub.com/yuin/goldmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.8.2\u003c/h2\u003e\n\u003cp\u003efix: setext headings positions\u003c/p\u003e\n\u003ch2\u003ev1.8.1\u003c/h2\u003e\n\u003cp\u003efix: block positions\u003c/p\u003e\n\u003ch2\u003ev1.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: add position information to all nodes\n\u003cul\u003e\n\u003cli\u003eadd position information to all nodes, including inline nodes and link\nreference definition nodes.\u003c/li\u003e\n\u003cli\u003eNow link reference definition nodes are represented as a new node\ntype.\u003c/li\u003e\n\u003cli\u003eLink and image nodes have a new field Reference which is a pointer to the reference\nlink if this link is a reference link. This field is nil for non-reference\nlinks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.7.17 release\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/yuin/goldmark/compare/v1.7.16...v1.7.17\"\u003ehttps://github.com/yuin/goldmark/compare/v1.7.16...v1.7.17\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.16 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.15 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.14 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.13 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.12 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.11 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.10 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.9 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.8 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.7 release\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.7.6 release\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/379bf24a47e6ef07f34d7536aead86d8792ac300\"\u003e\u003ccode\u003e379bf24\u003c/code\u003e\u003c/a\u003e fix: setext headings positions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/e8f2337fccef96576bce4b811a9dcdaa3bf23405\"\u003e\u003ccode\u003ee8f2337\u003c/code\u003e\u003c/a\u003e fix: block positions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/dfa1ae1da52047c906b3345ad503ebc84a880734\"\u003e\u003ccode\u003edfa1ae1\u003c/code\u003e\u003c/a\u003e feat: add position information to all nodes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/cb46bbc4eca29d55aa9721e04ad207c23ccc44f9\"\u003e\u003ccode\u003ecb46bbc\u003c/code\u003e\u003c/a\u003e fix: prevent XSS by escaping dangerous URLs in links and images\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/d8b123c855fc895a2c8672c530ba9d9f2382d5ef\"\u003e\u003ccode\u003ed8b123c\u003c/code\u003e\u003c/a\u003e refactor: simplify codes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/db34c99a0722f927d5e414fc9533deb3474bddfb\"\u003e\u003ccode\u003edb34c99\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/yuin/goldmark/issues/535\"\u003e#535\u003c/a\u003e from Sebbito/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/5a2a2bfa203daca9b0d2ba38e4c4d607ccb1090b\"\u003e\u003ccode\u003e5a2a2bf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/yuin/goldmark/issues/545\"\u003e#545\u003c/a\u003e from maxatome/fix-table-panic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/9aca46208ebdae2e37585d93082206adbc9b012c\"\u003e\u003ccode\u003e9aca462\u003c/code\u003e\u003c/a\u003e fix(table): if table cell attribute is a string, a panic occurs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/246a6f1d91a3fa1ef76d6d0ec7085ed61e7638f6\"\u003e\u003ccode\u003e246a6f1\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/yuin/goldmark/issues/542\"\u003e#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuin/goldmark/commit/2589b6a801c1e604888cbd010e867a5614c3021e\"\u003e\u003ccode\u003e2589b6a\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/yuin/goldmark/issues/541\"\u003e#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/yuin/goldmark/compare/v1.5.4...v1.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.51.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.51.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/MattJackson/basement/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MattJackson%2Fbasement/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"5.0.10","new_version":"5.2.2","update_type":"minor","path":null,"pr_created_at":"2026-05-29T21:53:39.000Z","version_change":"5.0.10 → 5.2.2","issue":{"uuid":"4551866990","node_id":"PR_kwDOPrYSMc7g0ZQ3","number":38,"state":"open","title":"chore(deps): bump the go_modules group across 5 directories with 28 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T21:53:39.000Z","updated_at":"2026-05-30T00:01:27.864Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go_modules","update_count":28,"packages":[{"name":"github.com/distribution/distribution/v3","old_version":"3.0.0-20220128175647-b60926597a1b","new_version":"3.1.1","repository_url":"https://github.com/distribution/distribution"},{"name":"github.com/go-git/go-git/v5","old_version":"5.11.0","new_version":"5.19.1","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/moby/buildkit","old_version":"0.12.5","new_version":"0.28.1","repository_url":"https://github.com/moby/buildkit"},{"name":"github.com/russellhaering/gosaml2","old_version":"0.9.1","new_version":"0.11.0","repository_url":"https://github.com/russellhaering/gosaml2"},{"name":"github.com/slack-go/slack","old_version":"0.10.1","new_version":"0.23.1","repository_url":"https://github.com/slack-go/slack"},{"name":"chainguard.dev/apko","old_version":"0.14.0","new_version":"1.2.7","repository_url":"https://github.com/chainguard-dev/apko"},{"name":"github.com/jackc/pgx/v5","old_version":"5.5.5","new_version":"5.9.2","repository_url":"https://github.com/jackc/pgx"},{"name":"github.com/go-chi/chi/v5","old_version":"5.0.10","new_version":"5.2.2","repository_url":"https://github.com/go-chi/chi"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) | `3.0.0-20220128175647-b60926597a1b` | `3.1.1` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.11.0` | `5.19.1` |\n| [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.12.5` | `0.28.1` |\n| [github.com/russellhaering/gosaml2](https://github.com/russellhaering/gosaml2) | `0.9.1` | `0.11.0` |\n| [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.10.1` | `0.23.1` |\n| [chainguard.dev/apko](https://github.com/chainguard-dev/apko) | `0.14.0` | `1.2.7` |\n| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.5` | `5.9.2` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.0.10` | `5.2.2` |\n\nBumps the go_modules group with 4 updates in the /internal/cmd/progress-bot directory: [github.com/slack-go/slack](https://github.com/slack-go/slack), [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/oauth2](https://github.com/golang/oauth2) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 4 updates in the /lib directory: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/oauth2](https://github.com/golang/oauth2), [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\nBumps the go_modules group with 6 updates in the /lib/managedservicesplatform directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.25.0` | `1.43.0` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.21.0` | `0.27.0` |\n| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.5.5` | `5.9.2` |\n| [github.com/redis/go-redis/v9](https://github.com/redis/go-redis) | `9.5.3` | `9.5.5` |\n| [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) | `1.1.0` | `1.1.1` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.65.0` | `1.79.3` |\n\nBumps the go_modules group with 3 updates in the /monitoring directory: [golang.org/x/crypto](https://github.com/golang/crypto), [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) and [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp).\n\nUpdates `github.com/distribution/distribution/v3` from 3.0.0-20220128175647-b60926597a1b to 3.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/distribution/distribution/releases\"\u003egithub.com/distribution/distribution/v3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the \u003ccode\u003ev3.1.1\u003c/code\u003e release of registry!\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis is a stable release\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/distribution/distribution/issues\"\u003ehttps://github.com/distribution/distribution/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eNotable Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-41888\"\u003eCVE-2026-41888\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBounds-check the file basename in PurgeUploads Walk callback\u003c/li\u003e\n\u003cli\u003eAdd S3 Express One Zone support to the S3 storage driver (\u003ca href=\"https://redirect.github.com/distribution/distribution/issues/4858\"\u003e#4858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix tag list endpoint in proxy mode (\u003ca href=\"https://redirect.github.com/distribution/distribution/issues/4846\"\u003e#4846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClamp oversized \u003ccode\u003en\u003c/code\u003e query parameter in proxy mode instead of returning 400 (\u003ca href=\"https://redirect.github.com/distribution/distribution/issues/4856\"\u003e#4856\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the full changelog below for the full list of changes.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003einternal/client/auth/challenge: cleanups and minor refactor by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4832\"\u003edistribution/distribution#4832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.18.0 to 0.19.0 in the go_modules group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4843\"\u003edistribution/distribution#4843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in the go_modules group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4850\"\u003edistribution/distribution#4850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 4.34.1 to 4.35.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4840\"\u003edistribution/distribution#4840\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(build): Bump go version to latest by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4851\"\u003edistribution/distribution#4851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: use slices.Backward to simplify the code by \u003ca href=\"https://github.com/chuanshanjida\"\u003e\u003ccode\u003e@​chuanshanjida\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4848\"\u003edistribution/distribution#4848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(proxy): fix tag list endpoint in proxy mode by \u003ca href=\"https://github.com/njucjc\"\u003e\u003ccode\u003e@​njucjc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4846\"\u003edistribution/distribution#4846\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docker-compose structure in deploying.md by \u003ca href=\"https://github.com/jdg71nl\"\u003e\u003ccode\u003e@​jdg71nl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4855\"\u003edistribution/distribution#4855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4854\"\u003edistribution/distribution#4854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4852\"\u003edistribution/distribution#4852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/login-action from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4847\"\u003edistribution/distribution#4847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/bake-action from 7.0.0 to 7.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4853\"\u003edistribution/distribution#4853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(proxy): clamp oversized n query param instead of returning 400 by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4856\"\u003edistribution/distribution#4856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(s3): add express zone one support to S3 driver by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4858\"\u003edistribution/distribution#4858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(storage): bounds-check the file basename in PurgeUploads Walk callback by \u003ca href=\"https://github.com/SAY-5\"\u003e\u003ccode\u003e@​SAY-5\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4860\"\u003edistribution/distribution#4860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): prepare for v3.1.1 release by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4864\"\u003edistribution/distribution#4864\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chuanshanjida\"\u003e\u003ccode\u003e@​chuanshanjida\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4848\"\u003edistribution/distribution#4848\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jdg71nl\"\u003e\u003ccode\u003e@​jdg71nl\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4855\"\u003edistribution/distribution#4855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SAY-5\"\u003e\u003ccode\u003e@​SAY-5\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4860\"\u003edistribution/distribution#4860\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/distribution/distribution/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the \u003ccode\u003ev3.1.0\u003c/code\u003e release of registry!\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eThis is a stable release\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/distribution/distribution/issues\"\u003ehttps://github.com/distribution/distribution/issues\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/distribution/distribution/commits/v3.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-git/go-git/v5` from 5.11.0 to 5.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-git/go-git/releases\"\u003egithub.com/go-git/go-git/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ev5: plumbing: transport/ssh, Shell-quote path by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2068\"\u003ego-git/go-git#2068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: git: submodule, Fix relative URL resolution by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2070\"\u003ego-git/go-git#2070\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: git: submodule, canonical remote for relative URLs by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2074\"\u003ego-git/go-git#2074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: git: submodule, error on remote without URLs by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2078\"\u003ego-git/go-git#2078\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: plumbing: format/idxfile, Validate offset64 indices by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2084\"\u003ego-git/go-git#2084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: *: Reject malformed variable-length integers by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2092\"\u003ego-git/go-git#2092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: plumbing: format/packfile, Tighten delta validation by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2091\"\u003ego-git/go-git#2091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: Add \u003ccode\u003eworktreeFilesystem\u003c/code\u003e wrapper for worktree and hardening by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2100\"\u003ego-git/go-git#2100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: config: validate submodule names by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2082\"\u003ego-git/go-git#2082\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: Update module github.com/go-git/go-git/v5 to v5.19.0 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2111\"\u003ego-git/go-git#2111\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: git: Allow MkdirAll on worktree-root paths by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2117\"\u003ego-git/go-git#2117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: git: Stop validating symlink target paths by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2116\"\u003ego-git/go-git#2116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: plumbing: format decoder input bounds and contracts by \u003ca href=\"https://github.com/hiddeco\"\u003e\u003ccode\u003e@​hiddeco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2125\"\u003ego-git/go-git#2125\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: format/packfile, cap delta chain depth in parser by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2137\"\u003ego-git/go-git#2137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1\"\u003ehttps://github.com/go-git/go-git/compare/v5.19.0...v5.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2010\"\u003ego-git/go-git#2010\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: Bump sha1cd and go-billy by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2060\"\u003ego-git/go-git#2060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5: Align object encoding with upstream by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2065\"\u003ego-git/go-git#2065\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.18.0...v5.19.0\"\u003ehttps://github.com/go-git/go-git/compare/v5.18.0...v5.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eplumbing: transport/http, Add support for followRedirects policy by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/2004\"\u003ego-git/go-git#2004\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0\"\u003ehttps://github.com/go-git/go-git/compare/v5.17.2...v5.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.17.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1941\"\u003ego-git/go-git#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edotgit: skip writing pack files that already exist on disk by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1944\"\u003ego-git/go-git#1944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e:warning: This release fixes a bug (\u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1942\"\u003ego-git/go-git#1942\u003c/a\u003e) that blocked some users from upgrading to \u003ccode\u003ev5.17.1\u003c/code\u003e. Thanks \u003ca href=\"https://github.com/pskrbasu\"\u003e\u003ccode\u003e@​pskrbasu\u003c/code\u003e\u003c/a\u003e for reporting it. :bow:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2\"\u003ehttps://github.com/go-git/go-git/compare/v5.17.1...v5.17.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.17.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild: Update module github.com/cloudflare/circl to v1.6.3 [SECURITY] (releases/v5.x) by \u003ca href=\"https://github.com/go-git-renovate\"\u003e\u003ccode\u003e@​go-git-renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1930\"\u003ego-git/go-git#1930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v5] plumbing: format/index, Improve v4 entry name validation by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1935\"\u003ego-git/go-git#1935\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v5] plumbing: format/idxfile, Fix version and fanout checks by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1937\"\u003ego-git/go-git#1937\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/3c3be601aa6c0fd0d536c0d1e4f898b4c60e65fe\"\u003e\u003ccode\u003e3c3be60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/2137\"\u003e#2137\u003c/a\u003e from go-git/validate-v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/3fba897bd9e84b1aec170fa708b80e297b7d6cf6\"\u003e\u003ccode\u003e3fba897\u003c/code\u003e\u003c/a\u003e plumbing: format/packfile, cap delta chain depth in parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/a97d6601c85e017bb64c2b0f2e3169f6ef6a6709\"\u003e\u003ccode\u003ea97d660\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/2125\"\u003e#2125\u003c/a\u003e from hiddeco/v5/format-input-bounds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/aeaa125c8af8e4c4c95b574c22c5633e97fc436e\"\u003e\u003ccode\u003eaeaa125\u003c/code\u003e\u003c/a\u003e plumbing: format/objfile, require Header before Read\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/1f38e171218526ea254a73187a52f0648253c1b8\"\u003e\u003ccode\u003e1f38e17\u003c/code\u003e\u003c/a\u003e plumbing: format/packfile, bound inflate size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/f7545a02529e03998d6a7219140dc0e6644ad337\"\u003e\u003ccode\u003ef7545a0\u003c/code\u003e\u003c/a\u003e plumbing: format/idxfile, bound nr by file size\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/170b88181f385913a457a08b68c88956fb3f8e4f\"\u003e\u003ccode\u003e170b881\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/2116\"\u003e#2116\u003c/a\u003e from pjbgf/symlink-v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/7b6d994467f06630268904aa3c441b6de7248b31\"\u003e\u003ccode\u003e7b6d994\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/2117\"\u003e#2117\u003c/a\u003e from hiddeco/v5/worktree-fs-mkdirall-root-noop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/f0709b32f8fbb87c16cd63c6762d2cd515f36541\"\u003e\u003ccode\u003ef0709b3\u003c/code\u003e\u003c/a\u003e git: Stop validating symlink target paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/776d00f11d336f26862d0f2bab987b217f3a7844\"\u003e\u003ccode\u003e776d00f\u003c/code\u003e\u003c/a\u003e git: Allow MkdirAll on worktree-root paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-git/go-git/compare/v5.11.0...v5.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/buildkit` from 0.12.5 to 0.28.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/buildkit/releases\"\u003egithub.com/moby/buildkit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.28.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v0.28.1 release of buildkit!\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/moby/buildkit/issues\"\u003ehttps://github.com/moby/buildkit/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTõnis Tiigi\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNotable Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix insufficient validation of Git URL \u003ccode\u003e#ref:subdir\u003c/code\u003e fragments that could allow access to restricted files outside the checked-out repository root. \u003ca href=\"https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg\"\u003eGHSA-4vrq-3vrq-g6gg\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. \u003ca href=\"https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj\"\u003eGHSA-4c29-8rgm-jvjj\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a panic when processing invalid \u003ccode\u003e.dockerignore\u003c/code\u003e patterns during \u003ccode\u003eCOPY\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/6610\"\u003e#6610\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/patternmatcher/issues/9\"\u003emoby/patternmatcher#9\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/moby/patternmatcher\u003c/strong\u003e  v0.6.0 -\u0026gt; v0.6.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/moby/buildkit/releases/tag/v0.28.0\"\u003ev0.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.28.0\u003c/h2\u003e\n\u003cp\u003ebuildkit 0.28.0\u003c/p\u003e\n\u003cp\u003eWelcome to the v0.28.0 release of buildkit!\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/moby/buildkit/issues\"\u003ehttps://github.com/moby/buildkit/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTõnis Tiigi\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003cli\u003eJonathan A. Sternberg\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAmr Mahdi\u003c/li\u003e\n\u003cli\u003eDan Duvall\u003c/li\u003e\n\u003cli\u003eDavid Karlsson\u003c/li\u003e\n\u003cli\u003eJonas Geiler\u003c/li\u003e\n\u003cli\u003eKevin L.\u003c/li\u003e\n\u003cli\u003ersteube\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/45b038cd0b2ec2d34013ce0f085522276f7ee0d8\"\u003e\u003ccode\u003e45b038c\u003c/code\u003e\u003c/a\u003e git: normalize and validate subdir paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/f5462c216098af766f97ea4cb328e65c6d8f7256\"\u003e\u003ccode\u003ef5462c2\u003c/code\u003e\u003c/a\u003e git: harden ref arg handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/71577a5da7a2b3ab75a90c2cfedfda0c27d1ef40\"\u003e\u003ccode\u003e71577a5\u003c/code\u003e\u003c/a\u003e source: extract SafeFileName into shared pathutil package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/df4378316f3b000403d097551a8139a700bd823d\"\u003e\u003ccode\u003edf43783\u003c/code\u003e\u003c/a\u003e source/http: use os.Root for saved file operations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/9ce6f62aca0653657047ee613cdef22f38b31244\"\u003e\u003ccode\u003e9ce6f62\u003c/code\u003e\u003c/a\u003e source/http: sanitize downloaded filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/099cf80f5ebc935c48d2925499bffe703a54cff4\"\u003e\u003ccode\u003e099cf80\u003c/code\u003e\u003c/a\u003e executor: validate container IDs centrally\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/2642113bbc9d969d223c37aaabca4b50613fddf9\"\u003e\u003ccode\u003e2642113\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/6610\"\u003e#6610\u003c/a\u003e from thaJeztah/0.28_backport_bump_patternmatcher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/802da78332d9f2c6c9d856c1648ab52c701076fa\"\u003e\u003ccode\u003e802da78\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/patternmatcher v0.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/5245d869d85d9c98f986b600584c332a3b001986\"\u003e\u003ccode\u003e5245d86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/6551\"\u003e#6551\u003c/a\u003e from tonistiigi/v0.28-cherry-picks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/90ee5deef6c6efcb82358eb48d76235191196db1\"\u003e\u003ccode\u003e90ee5de\u003c/code\u003e\u003c/a\u003e vendor: update x/net to v0.51.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/buildkit/compare/v0.12.5...v0.28.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/russellhaering/gosaml2` from 0.9.1 to 0.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/russellhaering/gosaml2/releases\"\u003egithub.com/russellhaering/gosaml2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.11.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReject unsigned SAML \u003ccode\u003eLogoutRequest\u003c/code\u003e when signature validation is enabled. Previously, \u003ccode\u003eValidateEncodedLogoutRequestPOST\u003c/code\u003e silently accepted unsigned requests even when \u003ccode\u003eSkipSignatureValidation\u003c/code\u003e was \u003ccode\u003efalse\u003c/code\u003e. (GHSA-pcgw-qcv5-h8ch)\u003c/li\u003e\n\u003cli\u003eSecurity hardening: CBC bounds check to prevent panics from crafted ciphertext, replaced \u003ccode\u003epanic()\u003c/code\u003e calls with error returns, and assertion signatures within a signed Response envelope are now verified when present (previously they were skipped entirely, which could allow XML wrapping attacks)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd oss-fuzz integration\u003c/li\u003e\n\u003cli\u003eBump minimum Go version to 1.25\u003c/li\u003e\n\u003cli\u003eUpdate dependencies: goxmldsig v1.6.0, etree v1.6.0, testify v1.11.1\u003c/li\u003e\n\u003cli\u003eBump all GitHub Actions to latest versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/russellhaering/gosaml2/compare/v0.10.0...v0.11.0\"\u003ehttps://github.com/russellhaering/gosaml2/compare/v0.10.0...v0.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport encryption and signing keys that implement crypto.Signer by \u003ca href=\"https://github.com/nicksnyder\"\u003e\u003ccode\u003e@​nicksnyder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/russellhaering/gosaml2/pull/131\"\u003erussellhaering/gosaml2#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid panic when the encrypted data has wrong size for CBC by \u003ca href=\"https://github.com/fformica\"\u003e\u003ccode\u003e@​fformica\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/russellhaering/gosaml2/pull/195\"\u003erussellhaering/gosaml2#195\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity hardening by \u003ca href=\"https://github.com/ahacker1-securesaml\"\u003e\u003ccode\u003e@​ahacker1-securesaml\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency and CI updates\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nicksnyder\"\u003e\u003ccode\u003e@​nicksnyder\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/russellhaering/gosaml2/pull/131\"\u003erussellhaering/gosaml2#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fformica\"\u003e\u003ccode\u003e@​fformica\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/russellhaering/gosaml2/pull/195\"\u003erussellhaering/gosaml2#195\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/russellhaering/gosaml2/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/russellhaering/gosaml2/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/636e7dda202a4d669644e72404a82616ffcbe004\"\u003e\u003ccode\u003e636e7dd\u003c/code\u003e\u003c/a\u003e Bump all GitHub Actions to latest versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/1e9cc447527b4031ffd8e7a2cb64b99289ffde29\"\u003e\u003ccode\u003e1e9cc44\u003c/code\u003e\u003c/a\u003e Bump minimum Go version to 1.25 and update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/7159bbee574ae311e3c995df506c2e61cf2c232a\"\u003e\u003ccode\u003e7159bbe\u003c/code\u003e\u003c/a\u003e Reject unsigned LogoutRequest when signature validation is enabled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/4ddcc822c3c2bb6676221cbf2259e141b2f2e315\"\u003e\u003ccode\u003e4ddcc82\u003c/code\u003e\u003c/a\u003e Security hardening: CBC bounds check, panic removal, assertion signature veri...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/d57d10562c0a9243d5a6d86fff5067d34c7f045f\"\u003e\u003ccode\u003ed57d105\u003c/code\u003e\u003c/a\u003e Add oss-fuzz integration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/e8596e7457e1657e90dd2fb18da03e03fc4ae1a4\"\u003e\u003ccode\u003ee8596e7\u003c/code\u003e\u003c/a\u003e Fix tests broken by expired IDP test certificate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/5d20d420e18a8e08e870d145be26bc8110073d90\"\u003e\u003ccode\u003e5d20d42\u003c/code\u003e\u003c/a\u003e Bump github.com/beevik/etree from 1.5.0 to 1.5.1 (\u003ca href=\"https://redirect.github.com/russellhaering/gosaml2/issues/212\"\u003e#212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/115aa21abac634a1c9b68c2a30505b60b148f8cc\"\u003e\u003ccode\u003e115aa21\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.28.12 to 3.28.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/cdd66bccd151b682fe99fec82a1c8c4ecdba8ff0\"\u003e\u003ccode\u003ecdd66bc\u003c/code\u003e\u003c/a\u003e Tidy dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/gosaml2/commit/3418f9ae09063ff8df0ce1bd93f24e538e614def\"\u003e\u003ccode\u003e3418f9a\u003c/code\u003e\u003c/a\u003e Avoid panic when the encrypted data has wrong size for CBC\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/russellhaering/gosaml2/compare/v0.9.1...v0.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/russellhaering/goxmldsig` from 1.4.0 to 1.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/russellhaering/goxmldsig/releases\"\u003egithub.com/russellhaering/goxmldsig's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSecurity:\u003c/strong\u003e Fix possible signature validation bypass caused by loop variable capture in \u003ccode\u003evalidateSignature\u003c/code\u003e (GHSA-479m-364c-43vc)\u003c/li\u003e\n\u003cli\u003eBump minimum Go version to 1.23\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003egithub.com/beevik/etree\u003c/code\u003e to v1.6.0\u003c/li\u003e\n\u003cli\u003eAdd fuzz tests for XML signature validation and canonicalization\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/russellhaering/goxmldsig/compare/v1.5.0...v1.6.0\"\u003ehttps://github.com/russellhaering/goxmldsig/compare/v1.5.0...v1.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump dependencies\u003c/li\u003e\n\u003cli\u003eUpdate GitHub workflows\u003c/li\u003e\n\u003cli\u003eSecurity hardening by \u003ca href=\"https://github.com/ahacker1-securesaml\"\u003e\u003ccode\u003e@​ahacker1-securesaml\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/russellhaering/goxmldsig/compare/v1.4.0...v1.5.0\"\u003ehttps://github.com/russellhaering/goxmldsig/compare/v1.4.0...v1.5.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/878c8c615feb628064040115d00e105a137fcfa7\"\u003e\u003ccode\u003e878c8c6\u003c/code\u003e\u003c/a\u003e Apply go fix ./...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/db3d1e31f7535d7f5debb49851b9e9a2ff08b936\"\u003e\u003ccode\u003edb3d1e3\u003c/code\u003e\u003c/a\u003e Fix loop variable capture bug in validateSignature\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/4f576b89acf01f68983ca5cb9dcebd0b460234bc\"\u003e\u003ccode\u003e4f576b8\u003c/code\u003e\u003c/a\u003e Bump dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/79c29ee3ed2da54553a4132b372ced83185fcf12\"\u003e\u003ccode\u003e79c29ee\u003c/code\u003e\u003c/a\u003e Rename FuzzValidate to FuzzValidateXML to avoid name collision\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/ac7bf745b9fd3d92460ad9be3459a97b0e3bf89f\"\u003e\u003ccode\u003eac7bf74\u003c/code\u003e\u003c/a\u003e Add fuzz tests for XML signature validation and canonicalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/a5805dfad93fc67a2106a1dc6d881df83769e3eb\"\u003e\u003ccode\u003ea5805df\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 2.13.4 to 3.28.17 (\u003ca href=\"https://redirect.github.com/russellhaering/goxmldsig/issues/155\"\u003e#155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/7dac9ec3b2a1a336d73ff091fba4131d186dfec6\"\u003e\u003ccode\u003e7dac9ec\u003c/code\u003e\u003c/a\u003e Update GitHub Workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/1bf54ca740682fac1149814344c24c722fde8238\"\u003e\u003ccode\u003e1bf54ca\u003c/code\u003e\u003c/a\u003e Bump dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/e1c8a5b89d1d03089aa1a0ec546b33aaf80ee02f\"\u003e\u003ccode\u003ee1c8a5b\u003c/code\u003e\u003c/a\u003e Refactor to help eliminate potential vulnerabilities:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/russellhaering/goxmldsig/commit/2ac5490a2441a3484e030c5cfeb02ce62886c01a\"\u003e\u003ccode\u003e2ac5490\u003c/code\u003e\u003c/a\u003e Refactor .verifyCertificate to obtain the certificate from an identifier from...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/russellhaering/goxmldsig/compare/v1.4.0...v1.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/slack-go/slack` from 0.10.1 to 0.23.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slack-go/slack/releases\"\u003egithub.com/slack-go/slack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.23.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nEven though this is a [security] patch release, if you were using an empty secret, this is a breaking change due to a change in behaviour. That's on purpose, to ensure you fix your approach so that there are no footguns.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eNewSecretsVerifier\u003c/code\u003e now rejects empty signing secrets to avoid accepting forged request\nsignatures when applications are misconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/slack-go/slack/compare/v0.23.0...v0.23.1\"\u003ehttps://github.com/slack-go/slack/compare/v0.23.0...v0.23.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.23.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(socketmode): expose socketmode handler \u003ccode\u003edispatcher\u003c/code\u003e method by \u003ca href=\"https://github.com/nlopes\"\u003e\u003ccode\u003e@​nlopes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1550\"\u003eslack-go/slack#1550\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(block): add card and carousel blocks by \u003ca href=\"https://github.com/nlopes\"\u003e\u003ccode\u003e@​nlopes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1551\"\u003eslack-go/slack#1551\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(assistant): add username and icon to status update by \u003ca href=\"https://github.com/charleenwang\"\u003e\u003ccode\u003e@​charleenwang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1553\"\u003eslack-go/slack#1553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(block): add alert block by \u003ca href=\"https://github.com/nlopes\"\u003e\u003ccode\u003e@​nlopes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1552\"\u003eslack-go/slack#1552\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charleenwang\"\u003e\u003ccode\u003e@​charleenwang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1553\"\u003eslack-go/slack#1553\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/slack-go/slack/compare/v0.22.0...v0.23.0\"\u003ehttps://github.com/slack-go/slack/compare/v0.22.0...v0.23.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.22.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eOAuth PKCE support\u003c/strong\u003e - \u003ccode\u003eOAuthOptionCodeVerifier\u003c/code\u003e option for \u003ccode\u003eGetOAuthV2Response\u003c/code\u003e, plus \u003ccode\u003eGenerateCodeVerifier()\u003c/code\u003e and \u003ccode\u003eGenerateCodeChallenge()\u003c/code\u003e helpers (RFC 7636). \u003ccode\u003eclient_secret\u003c/code\u003e is now conditionally omitted when empty in both \u003ccode\u003eGetOAuthV2ResponseContext\u003c/code\u003e and \u003ccode\u003eRefreshOAuthV2TokenContext\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eManifest scope fields\u003c/strong\u003e - \u003ccode\u003eBotOptional\u003c/code\u003e and \u003ccode\u003eUserOptional\u003c/code\u003e on \u003ccode\u003eOAuthScopes\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRich text styles\u003c/strong\u003e - \u003ccode\u003eUnderline\u003c/code\u003e, \u003ccode\u003eHighlight\u003c/code\u003e, \u003ccode\u003eClientHighlight\u003c/code\u003e, and \u003ccode\u003eUnlink\u003c/code\u003e on \u003ccode\u003eRichTextSectionTextStyle\u003c/code\u003e. \u003ccode\u003eStyle\u003c/code\u003e field on \u003ccode\u003eRichTextSectionUserGroupElement\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAssistant search context\u003c/strong\u003e - \u003ccode\u003eSort\u003c/code\u003e, \u003ccode\u003eSortDir\u003c/code\u003e, \u003ccode\u003eBefore\u003c/code\u003e, \u003ccode\u003eAfter\u003c/code\u003e, \u003ccode\u003eHighlight\u003c/code\u003e, \u003ccode\u003eIncludeContextMessages\u003c/code\u003e, \u003ccode\u003eIncludeDeletedUsers\u003c/code\u003e, \u003ccode\u003eIncludeMessageBlocks\u003c/code\u003e, \u003ccode\u003eIncludeArchivedChannels\u003c/code\u003e, \u003ccode\u003eDisableSemanticSearch\u003c/code\u003e, \u003ccode\u003eModifiers\u003c/code\u003e, \u003ccode\u003eTermClauses\u003c/code\u003e parameters and new response types (\u003ccode\u003eAssistantSearchContextFile\u003c/code\u003e, \u003ccode\u003eAssistantSearchContextChannel\u003c/code\u003e, \u003ccode\u003eAssistantSearchContextMessageContext\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003esocketmode: malformed JSON no longer forces reconnect\u003c/strong\u003e - \u003ccode\u003ejson.SyntaxError\u003c/code\u003e and \u003ccode\u003ejson.UnmarshalTypeError\u003c/code\u003e now emit an \u003ccode\u003eEventTypeIncomingError\u003c/code\u003e event and continue reading instead of killing the WebSocket connection.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esocketmode: \u003ccode\u003edebug_reconnects\u003c/code\u003e query param applied correctly\u003c/strong\u003e - the parameter was silently discarded due to a missing \u003ccode\u003eurl.RawQuery\u003c/code\u003e assignment.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChannelTypes\u003c/code\u003e and \u003ccode\u003eContentTypes\u003c/code\u003e now send comma-separated values instead of repeated form keys, matching the convention used by every other method in the library.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eassistant:write\u003c/code\u003e scope marked as deprecated in favour of \u003ccode\u003echat:write\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ccode\u003ev0.21.1...v0.22.0\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003ev0.21.1\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eMessageEvent\u003c/code\u003e channel type helpers\u003c/strong\u003e — New \u003ccode\u003eChannelTypeChannel\u003c/code\u003e, \u003ccode\u003eChannelTypeGroup\u003c/code\u003e,\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slack-go/slack/blob/master/CHANGELOG.md\"\u003egithub.com/slack-go/slack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.23.1] - 2026-05-10\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eNewSecretsVerifier\u003c/code\u003e now rejects empty signing secrets to avoid accepting forged request\nsignatures when applications are misconfigured.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[0.23.0] - 2026-04-22\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBlock Kit: \u003ccode\u003eCardBlock\u003c/code\u003e and \u003ccode\u003eCarouselBlock\u003c/code\u003e\u003c/strong\u003e — Support for two of the new\nagent-UI blocks announced in the\n\u003ca href=\"https://docs.slack.dev/changelog/2026/04/16/block-kit-new-blocks\"\u003eApril 16 Slack changelog\u003c/a\u003e.\n\u003ccode\u003eCardBlock\u003c/code\u003e is constructed via \u003ccode\u003eNewCardBlock\u003c/code\u003e with a functional-options\npattern and fluent \u003ccode\u003eWith*\u003c/code\u003e builders (\u003ccode\u003eWithTitle\u003c/code\u003e, \u003ccode\u003eWithSubtitle\u003c/code\u003e, \u003ccode\u003eWithBody\u003c/code\u003e,\n\u003ccode\u003eWithIcon\u003c/code\u003e, \u003ccode\u003eWithHeroImage\u003c/code\u003e, \u003ccode\u003eWithActions\u003c/code\u003e). \u003ccode\u003eCarouselBlock\u003c/code\u003e is constructed\nvia \u003ccode\u003eNewCarouselBlock\u003c/code\u003e with a variadic \u003ccode\u003e*CardBlock\u003c/code\u003e list plus \u003ccode\u003eWithBlockID\u003c/code\u003e\nand \u003ccode\u003eAddCard\u003c/code\u003e helpers. Both blocks wire into \u003ccode\u003eBlocks.UnmarshalJSON\u003c/code\u003e for\nround-trip fidelity, and reuse existing \u003ccode\u003eImageBlockElement\u003c/code\u003e /\n\u003ccode\u003eButtonBlockElement\u003c/code\u003e / \u003ccode\u003eBlockElements\u003c/code\u003e types rather than introducing new\ncomposition objects.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBlock Kit: \u003ccode\u003eAlertBlock\u003c/code\u003e\u003c/strong\u003e — Support for the third of the new agent-UI\nblocks from the\n\u003ca href=\"https://docs.slack.dev/changelog/2026/04/16/block-kit-new-blocks\"\u003eApril 16 Slack changelog\u003c/a\u003e.\n\u003ccode\u003eAlertBlock\u003c/code\u003e is constructed via \u003ccode\u003eNewAlertBlock\u003c/code\u003e with a \u003ccode\u003e*TextBlockObject\u003c/code\u003e\nbody and a functional-options pattern. Severity is set via\n\u003ccode\u003eAlertBlockOptionLevel\u003c/code\u003e (\u003ccode\u003eAlertLevelDefault\u003c/code\u003e, \u003ccode\u003eAlertLevelInfo\u003c/code\u003e,\n\u003ccode\u003eAlertLevelWarning\u003c/code\u003e, \u003ccode\u003eAlertLevelError\u003c/code\u003e, \u003ccode\u003eAlertLevelSuccess\u003c/code\u003e) and the block\nID via \u003ccode\u003eAlertBlockOptionBlockID\u003c/code\u003e. Wires into \u003ccode\u003eBlocks.UnmarshalJSON\u003c/code\u003e for\nround-trip fidelity. Must be delivered via the streaming chunks API —\n\u003ccode\u003echat.postMessage\u003c/code\u003e rejects it as an unsupported block type.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreaming-message chunks API\u003c/strong\u003e — \u003ccode\u003echat.startStream\u003c/code\u003e / \u003ccode\u003echat.appendStream\u003c/code\u003e /\n\u003ccode\u003echat.stopStream\u003c/code\u003e now accept a \u003ccode\u003echunks\u003c/code\u003e parameter. Added \u003ccode\u003eMsgOptionChunks\u003c/code\u003e\nalong with a \u003ccode\u003eStreamChunk\u003c/code\u003e interface and four chunk types:\n\u003ccode\u003eMarkdownTextChunk\u003c/code\u003e, \u003ccode\u003eTaskUpdateChunk\u003c/code\u003e, \u003ccode\u003ePlanUpdateChunk\u003c/code\u003e, and \u003ccode\u003eBlocksChunk\u003c/code\u003e\n(each with a \u003ccode\u003eNew*Chunk\u003c/code\u003e constructor). This is the supported transport for\nstreaming Block Kit content and the new agent-UI blocks in particular\n(which \u003ccode\u003echat.postMessage\u003c/code\u003e rejects as \u003ccode\u003eUnsupported block type\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eMsgOptionTaskDisplayMode\u003c/code\u003e\u003c/strong\u003e — New option for \u003ccode\u003echat.startStream\u003c/code\u003e controlling\nwhether task chunks render as a sequential timeline or a grouped plan.\nAccepts \u003ccode\u003eTaskDisplayModeTimeline\u003c/code\u003e or \u003ccode\u003eTaskDisplayModePlan\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eUsername\u003c/code\u003e, \u003ccode\u003eIconURL\u003c/code\u003e, and \u003ccode\u003eIconEmoji\u003c/code\u003e fields to\n\u003ccode\u003eAssistantThreadsSetStatusParameters\u003c/code\u003e, forwarded by\n\u003ccode\u003eSetAssistantThreadsStatusContext\u003c/code\u003e, matching the new optional parameters on\n\u003ca href=\"https://docs.slack.dev/reference/methods/assistant.threads.setStatus\"\u003e\u003ccode\u003eassistant.threads.setStatus\u003c/code\u003e\u003c/a\u003e\nfor customising the status-update presentation.\u003c/li\u003e\n\u003cli\u003eExposed \u003ccode\u003eSocketmodeHandler.DispatchEvent\u003c/code\u003e (previously the unexported\n\u003ccode\u003edispatcher\u003c/code\u003e), enabling integration tests to exercise registered handlers\nwithout a live WebSocket connection. The unexported \u003ccode\u003edispatcher\u003c/code\u003e is kept as\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/34ad5c052e446f58505ae8d81a2a72821de107cc\"\u003e\u003ccode\u003e34ad5c0\u003c/code\u003e\u003c/a\u003e security: reject empty signing secret for NewSecretsVerifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/c6edc2762f59b0fcd2af7f2d8eab36e2f29bad7d\"\u003e\u003ccode\u003ec6edc27\u003c/code\u003e\u003c/a\u003e chore: bump go to 1.25.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/35d8f31a076f73db88bf08304a8418846ed7b865\"\u003e\u003ccode\u003e35d8f31\u003c/code\u003e\u003c/a\u003e chore: bump to v0.23.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/ae59061d9e69253ce76fa676a2a91db238d363cf\"\u003e\u003ccode\u003eae59061\u003c/code\u003e\u003c/a\u003e feat(block): add alert block (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1552\"\u003e#1552\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/2df5cfa0b974d57fc8077ecd030be22e42a2e4a1\"\u003e\u003ccode\u003e2df5cfa\u003c/code\u003e\u003c/a\u003e feat(assistant): add username and icon to status update (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1553\"\u003e#1553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/e3c0e8b15630749da93cd18168a26e78a74fecd0\"\u003e\u003ccode\u003ee3c0e8b\u003c/code\u003e\u003c/a\u003e feat(block): add card and carousel blocks (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1551\"\u003e#1551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/4c472cd10a45bd81ef26db9510a317a674293c78\"\u003e\u003ccode\u003e4c472cd\u003c/code\u003e\u003c/a\u003e feat(socketmode): expose socketmode handler \u003ccode\u003edispatcher\u003c/code\u003e method (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/f482b199d4e33975c13e65e075bcf87173ad902f\"\u003e\u003ccode\u003ef482b19\u003c/code\u003e\u003c/a\u003e chore: v0.22.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/3a5db9ddb81e7c9e5379efa510ba826b1e5d935c\"\u003e\u003ccode\u003e3a5db9d\u003c/code\u003e\u003c/a\u003e chore: fix staticcheck errors (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1548\"\u003e#1548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/19e0416c15851aa3f28d41e2b92dbb2fb541ad96\"\u003e\u003ccode\u003e19e0416\u003c/code\u003e\u003c/a\u003e ci: add staticcheck\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/slack-go/slack/compare/v0.10.1...v0.23.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.27.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.opentelemetry.io/otel/sdk` from 1.27.0 to 1.43.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md\"\u003ego.opentelemetry.io/otel/sdk's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.43.0/0.65.0/0.19.0] 2026-04-02\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eIsRandom\u003c/code\u003e and \u003ccode\u003eWithRandom\u003c/code\u003e on \u003ccode\u003eTraceFlags\u003c/code\u003e, and \u003ccode\u003eIsRandom\u003c/code\u003e on \u003ccode\u003eSpanContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/trace\u003c/code\u003e for \u003ca href=\"https://www.w3.org/TR/trace-context-2/#random-trace-id-flag\"\u003eW3C Trace Context Level 2 Random Trace ID Flag\u003c/a\u003e support. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012\"\u003e#8012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd service detection with \u003ccode\u003eWithService\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642\"\u003e#7642\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDefaultWithContext\u003c/code\u003e and \u003ccode\u003eEnvironmentWithContext\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to support plumbing \u003ccode\u003econtext.Context\u003c/code\u003e through default and environment detectors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051\"\u003e#8051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport attributes with empty value (\u003ccode\u003eattribute.EMPTY\u003c/code\u003e) in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for per-series start time tracking for cumulative metrics in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e.\nSet \u003ccode\u003eOTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true\u003c/code\u003e to enable. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060\"\u003e#8060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eWithCardinalityLimitSelector\u003c/code\u003e for metric reader for configuring cardinality limits specific to the instrument kind. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855\"\u003e#7855\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce the \u003ccode\u003eEMPTY\u003c/code\u003e Type in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to reflect that an empty value is now a valid value, with \u003ccode\u003eINVALID\u003c/code\u003e remaining as a deprecated alias of \u003ccode\u003eEMPTY\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove slice handling in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e to optimize short slice values with fixed-size fast paths. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039\"\u003e#8039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove performance of span metric recording in \u003ccode\u003ego.opentelemetry.io/otel/sdk/trace\u003c/code\u003e by returning early if self-observability is not enabled. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067\"\u003e#8067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove formatting of metric data diffs in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073\"\u003e#8073\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eINVALID\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/attribute\u003c/code\u003e. Use \u003ccode\u003eEMPTY\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038\"\u003e#8038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReturn spec-compliant \u003ccode\u003eTraceIdRatioBased\u003c/code\u003e description. This is a breaking behavioral change, but it is necessary to\nmake the implementation \u003ca href=\"https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased\"\u003espec-compliant\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027\"\u003e#8027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a race condition in \u003ccode\u003ego.opentelemetry.io/otel/sdk/metric\u003c/code\u003e where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056\"\u003e#8056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLimit HTTP response body to 4 MiB in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to mitigate excessive memory usage caused by a misconfigured or malicious server.\nResponses exceeding the limit are treated as non-retryable errors. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWithHostID\u003c/code\u003e detector in \u003ccode\u003ego.opentelemetry.io/otel/sdk/resource\u003c/code\u003e to use full path for \u003ccode\u003ekenv\u003c/code\u003e command on BSD. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix missing \u003ccode\u003erequest.GetBody\u003c/code\u003e in \u003ccode\u003ego.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp\u003c/code\u003e to correctly handle HTTP2 GOAWAY frame. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.40.0\u003c/code\u003e package.\nThe package contains semantic conventions from the \u003ccode\u003ev1.40.0\u003c/code\u003e version of the OpenTelemetry Semantic Conventions.\nSee the \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md\"\u003emigration documentation\u003c/a\u003e for information on how to upgrade from \u003ccode\u003ego.opentelemetry.io/otel/semconv/v1.39.0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985\"\u003e#7985\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0\"\u003e\u003ccode\u003e9276201\u003c/code\u003e\u003c/a\u003e Release v1.43.0 / v0.65.0 / v0.19.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128\"\u003e#8128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a\"\u003e\u003ccode\u003e61b8c94\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131\"\u003e#8131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23\"\u003e\u003ccode\u003e97a086e\u003c/code\u003e\u003c/a\u003e chore(deps): update github.com/golangci/dupl digest to c99c5cf (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122\"\u003e#8122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0\"\u003e\u003ccode\u003e5e363de\u003c/code\u003e\u003c/a\u003e limit response body size for OTLP HTTP exporters (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108\"\u003e#8108\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7\"\u003e\u003ccode\u003e35214b6\u003c/code\u003e\u003c/a\u003e Use an absolute path when calling bsd kenv (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113\"\u003e#8113\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361\"\u003e\u003ccode\u003e290024c\u003c/code\u003e\u003c/a\u003e fix(deps): update module google.golang.org/grpc to v1.80.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121\"\u003e#8121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc\"\u003e\u003ccode\u003ee70658e\u003c/code\u003e\u003c/a\u003e fix: support getBody in otelploghttp (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096\"\u003e#8096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a\"\u003e\u003ccode\u003e4afe468\u003c/code\u003e\u003c/a\u003e fix(deps): update googleapis to 9d38bb4 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117\"\u003e#8117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634\"\u003e\u003ccode\u003eb9ca729\u003c/code\u003e\u003c/a\u003e chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115\"\u003e#8115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79\"\u003e\u003ccode\u003e69472ec\u003c/code\u003e\u003c/a\u003e chore(deps): update fossas/fossa-action action to v1.9.0 (\u003ca href=\"https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118\"\u003e#8118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.24.0 to 0.50.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/122a78f140d9d3303ed3261bc374bbbca149140f\"\u003e\u003ccode\u003e122a78f\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/c0531f9c34514ad5c5551e2d6ce569ca673a8afd\"\u003e\u003ccode\u003ec0531f9\u003c/code\u003e\u003c/a\u003e all: eliminate vet diagnos...\n\n_Description has been truncated_\n\n---\n\n🔄 This PR performs a comprehensive dependency update across 5 directories, bumping 28 Go modules to their latest versions including major updates to security-critical packages like go-git, gRPC, and OpenTelemetry components.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Go Version Updates**: Upgraded Go toolchain versions across modules (1.21→1.25, 1.22→1.24.0, etc.)\n- **Security Updates**: Critical security fixes in go-git (5.11.0→5.19.1), gosaml2 (0.9.1→0.11.0), and buildkit (0.12.5→0.28.1)\n- **Core Dependencies**: Major version bumps for gRPC (1.63.2→1.79.3), OpenTelemetry SDK (1.25.0→1.43.0), and Slack SDK (0.10.1→0.23.1)\n- **Infrastructure Libraries**: Updates to crypto, oauth2, Redis client, and PostgreSQL driver packages\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[5 Directory Analysis]\n    B --\u003e C[progress-bot/]\n    B --\u003e D[lib/]\n    B --\u003e E[lib/managedservicesplatform/]\n    B --\u003e F[monitoring/]\n    B --\u003e G[Root Directory]\n    \n    C --\u003e H[4 Updates: Slack, crypto, oauth2, gRPC]\n    D --\u003e I[4 Updates: crypto, oauth2, Redis, gRPC]\n    E --\u003e J[6 Updates: OpenTelemetry, oauth2, pgx, Redis, edwards25519, gRPC]\n    F --\u003e K[3 Updates: crypto, logrus, retryablehttp]\n    G --\u003e L[8 Major Updates: distribution, go-git, buildkit, gosaml2, etc.]\n    \n    H --\u003e M[Security \u0026 Compatibility Improvements]\n    I --\u003e M\n    J --\u003e M\n    K --\u003e M\n    L --\u003e M\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs and security vulnerabilities in go-git, buildkit, and SAML libraries\n- **Performance Improvements**: Updated OpenTelemetry SDK includes performance optimizations and new features like W3C Trace Context Level 2 support\n- **Compatibility**: Maintains backward compatibility while providing access to latest features and bug fixes across the dependency tree\n- **Maintenance**: Reduces technical debt by keeping dependencies current and aligned with latest Go ecosystem standards\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/sourcegraph-public-snapshot/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fsourcegraph-public-snapshot/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-29T20:02:04.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4551273326","node_id":"PR_kwDOJVo0O87gydvq","number":863,"state":"closed","title":"build(go): ⬆️ bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-06T04:29:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T20:02:04.000Z","updated_at":"2026-06-06T04:29:31.000Z","time_to_close":635246,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(go): ⬆️","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/joshuar/go-hass-agent/pull/863","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/joshuar%2Fgo-hass-agent/issues/863","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/863/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-26T23:27:34.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4528204152","node_id":"PR_kwDOR8Axzs7fnHnk","number":4,"state":"open","title":"deps: bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0","user":"dependabot[bot]","labels":["🤖 Dependencies","size: s"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T23:27:34.000Z","updated_at":"2026-05-26T23:31:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5\u0026package-manager=go_modules\u0026previous-version=5.2.5\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/selfshop-dev/ms-catalog/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/selfshop-dev%2Fms-catalog/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-26T03:25:45.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4521080794","node_id":"PR_kwDOMSpIk87fP9Mt","number":331,"state":"open","title":"chore(deps): bump the minor-and-patch group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T03:25:45.000Z","updated_at":"2026-05-26T03:33:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"minor-and-patch","update_count":3,"packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/tidwall/gjson","old_version":"1.18.0","new_version":"1.19.0","repository_url":"https://github.com/tidwall/gjson"},{"name":"golang.org/x/crypto","old_version":"0.50.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the minor-and-patch group with 3 updates in the / directory: [github.com/go-chi/chi/v5](https://github.com/go-chi/chi), [github.com/tidwall/gjson](https://github.com/tidwall/gjson) and [golang.org/x/crypto](https://github.com/golang/crypto).\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/tidwall/gjson` from 1.18.0 to 1.19.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tidwall/gjson/commit/0fac2c9aa6eb5d5564bfaaaad513ce0d5d2314de\"\u003e\u003ccode\u003e0fac2c9\u003c/code\u003e\u003c/a\u003e Add iterator functions All, Keys, and Values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tidwall/gjson/commit/4d230282c0e3bf42fa509147d27d7e8dcc3d3bad\"\u003e\u003ccode\u003e4d23028\u003c/code\u003e\u003c/a\u003e Add repo url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tidwall/gjson/commit/10d26621bfe1b75eac5b14df7a0ae82d16755a5d\"\u003e\u003ccode\u003e10d2662\u003c/code\u003e\u003c/a\u003e Add copyright comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tidwall/gjson/commit/4a91ee1eba17cd97f8c7db14e5fa3bbd2a5a6292\"\u003e\u003ccode\u003e4a91ee1\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tidwall/gjson/compare/v1.18.0...v1.19.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.50.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.50.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/konsulin-care/konsulin-api/pull/331","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/konsulin-care%2Fkonsulin-api/issues/331","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/331/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-26T01:34:41.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4520601434","node_id":"PR_kwDOP2u0hs7fOZRX","number":1291,"state":"open","title":"deps: Bump the all-go-deps group with 10 updates","user":"dependabot[bot]","labels":["security","dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T01:34:41.000Z","updated_at":"2026-05-26T01:42:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: Bump","group_name":"all-go-deps","update_count":10,"packages":[{"name":"github.com/anthropics/anthropic-sdk-go","old_version":"1.43.0","new_version":"1.45.0","repository_url":"https://github.com/anthropics/anthropic-sdk-go"},{"name":"github.com/aws/aws-sdk-go-v2/config","old_version":"1.32.17","new_version":"1.32.18","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/service/bedrockruntime","old_version":"1.50.6","new_version":"1.52.0","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/getkin/kin-openapi","old_version":"0.138.0","new_version":"0.139.0","repository_url":"https://github.com/getkin/kin-openapi"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/modelcontextprotocol/go-sdk","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/modelcontextprotocol/go-sdk"},{"name":"github.com/slack-go/slack","old_version":"0.23.1","new_version":"0.24.0","repository_url":"https://github.com/slack-go/slack"},{"name":"google.golang.org/adk","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/google/adk-go"},{"name":"google.golang.org/genai","old_version":"1.57.0","new_version":"1.58.0","repository_url":"https://github.com/googleapis/go-genai"},{"name":"k8s.io/apiextensions-apiserver","old_version":"0.35.4","new_version":"0.35.5","repository_url":"https://github.com/kubernetes/apiextensions-apiserver"}],"path":null,"ecosystem":"go"},"body":"Bumps the all-go-deps group with 10 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/anthropics/anthropic-sdk-go](https://github.com/anthropics/anthropic-sdk-go) | `1.43.0` | `1.45.0` |\n| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.18` |\n| [github.com/aws/aws-sdk-go-v2/service/bedrockruntime](https://github.com/aws/aws-sdk-go-v2) | `1.50.6` | `1.52.0` |\n| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.138.0` | `0.139.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk) | `1.6.0` | `1.6.1` |\n| [github.com/slack-go/slack](https://github.com/slack-go/slack) | `0.23.1` | `0.24.0` |\n| [google.golang.org/adk](https://github.com/google/adk-go) | `1.2.0` | `1.3.0` |\n| [google.golang.org/genai](https://github.com/googleapis/go-genai) | `1.57.0` | `1.58.0` |\n| [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.35.4` | `0.35.5` |\n\nUpdates `github.com/anthropics/anthropic-sdk-go` from 1.43.0 to 1.45.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/releases\"\u003egithub.com/anthropics/anthropic-sdk-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.45.0\u003c/h2\u003e\n\u003ch2\u003e1.45.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.44.1...v1.45.0\"\u003ev1.44.1...v1.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/dedeb6d263a651d63c95bd360befbd53dd26ec12\"\u003ededeb6d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.44.1\u003c/h2\u003e\n\u003ch2\u003e1.44.1 (2026-05-19)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.44.0...v1.44.1\"\u003ev1.44.0...v1.44.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erunner:\u003c/strong\u003e skip tool calls SessionToolRunner does not own (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/93afc65f2f1b811d760f2e5149e13dd5eb328f79\"\u003e93afc65\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.44.0\u003c/h2\u003e\n\u003ch2\u003e1.44.0 (2026-05-19)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.43.0...v1.44.0\"\u003ev1.43.0...v1.44.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e Add support for self-hosted sandboxes in CMA with sandbox helpers (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/34354c43f329852a88682bb6665a1453754d61be\"\u003e34354c4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/blob/main/CHANGELOG.md\"\u003egithub.com/anthropics/anthropic-sdk-go's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.45.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.44.1...v1.45.0\"\u003ev1.44.1...v1.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/dedeb6d263a651d63c95bd360befbd53dd26ec12\"\u003ededeb6d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.44.1 (2026-05-19)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.44.0...v1.44.1\"\u003ev1.44.0...v1.44.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erunner:\u003c/strong\u003e skip tool calls SessionToolRunner does not own (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/93afc65f2f1b811d760f2e5149e13dd5eb328f79\"\u003e93afc65\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.44.0 (2026-05-19)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.43.0...v1.44.0\"\u003ev1.43.0...v1.44.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e Add support for self-hosted sandboxes in CMA with sandbox helpers (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/34354c43f329852a88682bb6665a1453754d61be\"\u003e34354c4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/88310ccdb19419fb6c8b0fd2e99f1e3d8c74041e\"\u003e\u003ccode\u003e88310cc\u003c/code\u003e\u003c/a\u003e release: 1.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/4eb28e321282db071753c97d3223b092db9108d1\"\u003e\u003ccode\u003e4eb28e3\u003c/code\u003e\u003c/a\u003e feat(api): Add support for thinking-token-count beta for estimated tokens in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/d138190aeae5568972430f9a6204875aa04097fc\"\u003e\u003ccode\u003ed138190\u003c/code\u003e\u003c/a\u003e release: 1.44.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/d0a73a50e70544b552f202d4e6f67eb45b9fd739\"\u003e\u003ccode\u003ed0a73a5\u003c/code\u003e\u003c/a\u003e fix(runner): skip tool calls SessionToolRunner does not own\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/commit/288857308b47e48ee7d572506efffb568d514846\"\u003e\u003ccode\u003e2888573\u003c/code\u003e\u003c/a\u003e release: 1.44.0 (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-go/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-go/compare/v1.43.0...v1.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.18\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/db9f4e546dfe2f62a6bc3bf54b9da42ebace6372\"\u003e\u003ccode\u003edb9f4e5\u003c/code\u003e\u003c/a\u003e Release 2026-05-22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/34e7ddc9400e830a9ae226a7e3c2161e5ece4f19\"\u003e\u003ccode\u003e34e7ddc\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f9db036cf7b3b8a1ea5eb67c3d296da4b48b6e2b\"\u003e\u003ccode\u003ef9db036\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ae5eae1e3ec46433bd99496bfa6936f8f09a2e72\"\u003e\u003ccode\u003eae5eae1\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/429dbdd2a35d325aabc5757edfc9ebf09c2ad12e\"\u003e\u003ccode\u003e429dbdd\u003c/code\u003e\u003c/a\u003e Feat discover endpoint partition validation (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3410\"\u003e#3410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ab4f5b60785064ec6346c922604d94b63d9c7299\"\u003e\u003ccode\u003eab4f5b6\u003c/code\u003e\u003c/a\u003e Release 2026-05-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/757a09909a97a15e5a481d9839b83f15b8fdc4bc\"\u003e\u003ccode\u003e757a099\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/02c8323ee6c99be82dae3a3923616756cb164525\"\u003e\u003ccode\u003e02c8323\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f4ac954c5b3567f7918fbaa845bd05a8b211f54e\"\u003e\u003ccode\u003ef4ac954\u003c/code\u003e\u003c/a\u003e Bump smithy-go version and update imports for evenstream protocoltests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3420\"\u003e#3420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6d937001e020def8b587dccbe5d803933ce57bfd\"\u003e\u003ccode\u003e6d93700\u003c/code\u003e\u003c/a\u003e Add replace for credentials dependency added on go.mod (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3419\"\u003e#3419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.17...config/v1.32.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/service/bedrockruntime` from 1.50.6 to 1.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/d7a70490838a3fba41d2d854394e74270e1c7266\"\u003e\u003ccode\u003ed7a7049\u003c/code\u003e\u003c/a\u003e Release 2024-03-13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/625e1e6ceefff58181a4324818cd36d81829249e\"\u003e\u003ccode\u003e625e1e6\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/1ed868ad38658009ab780f7df8d1017e5e152247\"\u003e\u003ccode\u003e1ed868a\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/e715922954ab9b058a3f36be2ccee2929df6123a\"\u003e\u003ccode\u003ee715922\u003c/code\u003e\u003c/a\u003e Merge customizations for S3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/b30a1cc189db41994e99d19fb6632eed5f9961b4\"\u003e\u003ccode\u003eb30a1cc\u003c/code\u003e\u003c/a\u003e Release 2024-03-12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/71783e148bc741a3ba2492af739193eae0ccb724\"\u003e\u003ccode\u003e71783e1\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f434ec245a56eee178f954ee39cf6f685906e129\"\u003e\u003ccode\u003ef434ec2\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/9bac90a45e50000be1beac9f63fc755219e7cd7e\"\u003e\u003ccode\u003e9bac90a\u003c/code\u003e\u003c/a\u003e Release 2024-03-11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/c3c777b9a704c331ddcefa43bf33ac650d6c2877\"\u003e\u003ccode\u003ec3c777b\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/2e16e91ae30cbe142579c45ed54a21ffee08cc4a\"\u003e\u003ccode\u003e2e16e91\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/service/ecr/v1.50.6...service/s3/v1.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/getkin/kin-openapi` from 0.138.0 to 0.139.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getkin/kin-openapi/releases\"\u003egithub.com/getkin/kin-openapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.139.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(openapi3): batch-convert long-tail RequiredFieldError sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1170\"\u003egetkin/kin-openapi#1170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(openapi3): typed validation error clusters (combined: #1171-\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1179\"\u003e#1179\u003c/a\u003e) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1180\"\u003egetkin/kin-openapi#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3gen: skip component export for anonymous types by \u003ca href=\"https://github.com/0-don\"\u003e\u003ccode\u003e@​0-don\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1163\"\u003egetkin/kin-openapi#1163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTimestamps by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1181\"\u003egetkin/kin-openapi#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: typed context errors for Validate() wrapper chain by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1183\"\u003egetkin/kin-openapi#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: track Origin on the document root (T) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1184\"\u003egetkin/kin-openapi#1184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: tests flakiness corrected by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1159\"\u003egetkin/kin-openapi#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: aggregate independent validation errors via EnableMultiError by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1185\"\u003egetkin/kin-openapi#1185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: fix validation of duplicated path templates by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1189\"\u003egetkin/kin-openapi#1189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: type the remaining bare-error validation sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1187\"\u003egetkin/kin-openapi#1187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\"\u003ehttps://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/8381bfc73ce3bb241d298bc8415b8f724b6ddfb6\"\u003e\u003ccode\u003e8381bfc\u003c/code\u003e\u003c/a\u003e openapi3: type the remaining bare-error validation sites (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1187\"\u003e#1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/d29b5c043d31c47b3631020525397b7d1a1f4b6a\"\u003e\u003ccode\u003ed29b5c0\u003c/code\u003e\u003c/a\u003e openapi3: fix validation of duplicated path templates (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1189\"\u003e#1189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/e56c2c71f4cc7a433a13ff50e44b3da50b253c07\"\u003e\u003ccode\u003ee56c2c7\u003c/code\u003e\u003c/a\u003e openapi3: aggregate independent validation errors via EnableMultiError (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1185\"\u003e#1185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7ea1ac895326a469712d81507fe00d7c8957b8b6\"\u003e\u003ccode\u003e7ea1ac8\u003c/code\u003e\u003c/a\u003e openapi3: tests flakiness corrected (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1159\"\u003e#1159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/dc70f84ce64fa2d60e1e58d96f6b5686ba3dff3e\"\u003e\u003ccode\u003edc70f84\u003c/code\u003e\u003c/a\u003e openapi3: track Origin on the document root (T) (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1184\"\u003e#1184\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/69492dff6b62dddb9b27aeb7ebc9e0ee653e0263\"\u003e\u003ccode\u003e69492df\u003c/code\u003e\u003c/a\u003e openapi3: typed context errors for Validate() wrapper chain (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1183\"\u003e#1183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/0a89925163b66876c4bc357bca068d62e3d86c20\"\u003e\u003ccode\u003e0a89925\u003c/code\u003e\u003c/a\u003e un-patch YAML serialization of dates (see issue \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/55a4c7274045743fd7e6703ee14be408ae79d22d\"\u003e\u003ccode\u003e55a4c72\u003c/code\u003e\u003c/a\u003e openapi3: re-enable tests disabled due to YAML dates in map keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/c61836c51e8f6f2efebbe95f783a41f319c53aa7\"\u003e\u003ccode\u003ec61836c\u003c/code\u003e\u003c/a\u003e ci: fixup lint after modifications to marsh.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7633481fe3cd3a7027097aed588c285f3d21d238\"\u003e\u003ccode\u003e7633481\u003c/code\u003e\u003c/a\u003e feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTim...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/modelcontextprotocol/go-sdk` from 1.6.0 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/releases\"\u003egithub.com/modelcontextprotocol/go-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.1\u003c/h2\u003e\n\u003cp\u003eThis release adds an MCPGODEBUG flag to opt out of the Content-Type check on POST requests.\u003c/p\u003e\n\u003ch2\u003eBehavior Changes\u003c/h2\u003e\n\u003cp\u003ePrior to v1.6.0 (v1.4.0...v1.5.0), the Content-Type check on POST requests was gated by the same \u003ccode\u003edisablecrossoriginprotection\u003c/code\u003e MCPGODEBUG flag as the cross-origin protection. In v1.6.0, the cross-origin protection was disabled by default (replaced by the opt-in \u003ccode\u003eenableoriginverification\u003c/code\u003e flag), but the Content-Type check was kept on unconditionally, leaving no way to disable it.\nThis release restores an escape hatch for both the Streamable HTTP and SSE transports: setting \u003ccode\u003eMCPGODEBUG=disablecontenttypecheck=1\u003c/code\u003e skips the \u003ccode\u003eContent-Type: application/json\u003c/code\u003e validation on POST requests.\nSee \u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/issues/957\"\u003e#957\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003emcp: add MCPGPDEBUG for opt-in Content-Type check by \u003ca href=\"https://github.com/guglielmo-san\"\u003e\u003ccode\u003e@​guglielmo-san\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/pull/972\"\u003emodelcontextprotocol/go-sdk#972\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/commit/d454bbaf06a342aee5336df3370321d9cdec2478\"\u003e\u003ccode\u003ed454bba\u003c/code\u003e\u003c/a\u003e mcp: add MCPGPDEBUG for opt-in Content-Type check (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/issues/972\"\u003e#972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/slack-go/slack` from 0.23.1 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slack-go/slack/releases\"\u003egithub.com/slack-go/slack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.24.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: format go get command in code block by \u003ca href=\"https://github.com/akhil-ge0rge\"\u003e\u003ccode\u003e@​akhil-ge0rge\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1554\"\u003eslack-go/slack#1554\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add new block kit block Data Table by \u003ca href=\"https://github.com/nlopes\"\u003e\u003ccode\u003e@​nlopes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1555\"\u003eslack-go/slack#1555\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eNewTaskCardBlock\u003c/code\u003e and \u003ccode\u003eNewPlanBlock\u003c/code\u003e now guard against nil variadic options so if you were doing that (which you shouldn't) this is a breaking change.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/akhil-ge0rge\"\u003e\u003ccode\u003e@​akhil-ge0rge\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/slack-go/slack/pull/1554\"\u003eslack-go/slack#1554\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/slack-go/slack/compare/v0.23.1...v0.24.0\"\u003ehttps://github.com/slack-go/slack/compare/v0.23.1...v0.24.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/slack-go/slack/blob/master/CHANGELOG.md\"\u003egithub.com/slack-go/slack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[0.24.0]\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBlock Kit: \u003ccode\u003eDataTableBlock\u003c/code\u003e for the \u003ca href=\"https://docs.slack.dev/reference/block-kit/blocks/data-table-block/\"\u003e\u003ccode\u003edata_table\u003c/code\u003e\u003c/a\u003e\nblock, with \u003ccode\u003eNewDataTableBlock\u003c/code\u003e, \u003ccode\u003eAddRow\u003c/code\u003e, raw-text/raw-number/rich-text cell\nconstructors, and \u003ccode\u003eWithPageSize\u003c/code\u003e / \u003ccode\u003eWithRowHeaderColumnIndex\u003c/code\u003e builders.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eNewTaskCardBlock\u003c/code\u003e and \u003ccode\u003eNewPlanBlock\u003c/code\u003e nil-guard their variadic options,\nmatching the other block constructors (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1236\"\u003e#1236\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/0b30f31349140ef0cf77f60448d3cb449fec1813\"\u003e\u003ccode\u003e0b30f31\u003c/code\u003e\u003c/a\u003e chore: bump to v0.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/8c5ef3c18b2999a9a7b4913560c8722249c531c5\"\u003e\u003ccode\u003e8c5ef3c\u003c/code\u003e\u003c/a\u003e feat: add new block kit block Data Table (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1555\"\u003e#1555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/slack-go/slack/commit/ff3ada69277b00264224624c8a6e3192f2348c63\"\u003e\u003ccode\u003eff3ada6\u003c/code\u003e\u003c/a\u003e docs: format go get command in code block (\u003ca href=\"https://redirect.github.com/slack-go/slack/issues/1554\"\u003e#1554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/slack-go/slack/compare/v0.23.1...v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/adk` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/adk-go/releases\"\u003egoogle.golang.org/adk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: remove manual session ID input and enable auto-creation in runner by \u003ca href=\"https://github.com/hanorik\"\u003e\u003ccode\u003e@​hanorik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/754\"\u003egoogle/adk-go#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add support for updating existing Agent Engine instances by \u003ca href=\"https://github.com/hanorik\"\u003e\u003ccode\u003e@​hanorik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/755\"\u003egoogle/adk-go#755\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for simple text instead of full genai.Content for stream_query by \u003ca href=\"https://github.com/kdroste-google\"\u003e\u003ccode\u003e@​kdroste-google\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/773\"\u003egoogle/adk-go#773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: make adk work with a2a-go/v2 by \u003ca href=\"https://github.com/yarolegovich\"\u003e\u003ccode\u003e@​yarolegovich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/701\"\u003egoogle/adk-go#701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: rename experimental reasoning tokens attribute to gen_ai.usage.reasoning.output_tokens and change semantics of gen_ai.usage.output_tokens by \u003ca href=\"https://github.com/pigorski\"\u003e\u003ccode\u003e@​pigorski\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/779\"\u003egoogle/adk-go#779\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: propagate thought signature to first function call in mixed responses by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/788\"\u003egoogle/adk-go#788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded VertexAI MemoryBank support  by \u003ca href=\"https://github.com/kdroste-google\"\u003e\u003ccode\u003e@​kdroste-google\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/801\"\u003egoogle/adk-go#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: the old adka2a public api depending on the new a2a-go/v2 by \u003ca href=\"https://github.com/yarolegovich\"\u003e\u003ccode\u003e@​yarolegovich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/813\"\u003egoogle/adk-go#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eADK GO version update for LLM Request tagging by \u003ca href=\"https://github.com/kdroste-google\"\u003e\u003ccode\u003e@​kdroste-google\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/816\"\u003egoogle/adk-go#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd parallel HITL function test by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/817\"\u003egoogle/adk-go#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump a2a-go version to have nil part fix by \u003ca href=\"https://github.com/yarolegovich\"\u003e\u003ccode\u003e@​yarolegovich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/827\"\u003egoogle/adk-go#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChanged model for gemini API to gemini-3.1-flash-lite (in examples) by \u003ca href=\"https://github.com/kdroste-google\"\u003e\u003ccode\u003e@​kdroste-google\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/839\"\u003egoogle/adk-go#839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add core bidirectional streaming support by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/833\"\u003egoogle/adk-go#833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add Dependabot config for automated dependency updates by \u003ca href=\"https://github.com/karolpiotrowicz\"\u003e\u003ccode\u003e@​karolpiotrowicz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/843\"\u003egoogle/adk-go#843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add sequential agent live run by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/835\"\u003egoogle/adk-go#835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add live example by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/834\"\u003egoogle/adk-go#834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Stop ignoring request Decode error in runtime. by \u003ca href=\"https://github.com/foxfrikses\"\u003e\u003ccode\u003e@​foxfrikses\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/851\"\u003egoogle/adk-go#851\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Propagate StateDelta for non-streaming agent. by \u003ca href=\"https://github.com/foxfrikses\"\u003e\u003ccode\u003e@​foxfrikses\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/854\"\u003egoogle/adk-go#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Prevent nil deref when a tool doesn't implement tool.Tool. by \u003ca href=\"https://github.com/foxfrikses\"\u003e\u003ccode\u003e@​foxfrikses\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/855\"\u003egoogle/adk-go#855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add session resumption by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/837\"\u003egoogle/adk-go#837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add streaming tools by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/836\"\u003egoogle/adk-go#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(live): Add audio cache for save artifact by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/838\"\u003egoogle/adk-go#838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: fix folder name by \u003ca href=\"https://github.com/baptmont\"\u003e\u003ccode\u003e@​baptmont\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/859\"\u003egoogle/adk-go#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karolpiotrowicz\"\u003e\u003ccode\u003e@​karolpiotrowicz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/google/adk-go/pull/843\"\u003egoogle/adk-go#843\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/google/adk-go/compare/v1.2.0...v.1.3.0\"\u003ehttps://github.com/google/adk-go/compare/v1.2.0...v.1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/428efadbb5b5551bb58bea32bac238f6ece76dcd\"\u003e\u003ccode\u003e428efad\u003c/code\u003e\u003c/a\u003e fix: user auth propagation not working in adka2a compat (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/861\"\u003e#861\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/f2aee5301649e7f28fe00564b906fa7c02c64e60\"\u003e\u003ccode\u003ef2aee53\u003c/code\u003e\u003c/a\u003e chore: fix folder name (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/236cab75e76b5ddd7dc6b32d3bfa72ca1f8211a5\"\u003e\u003ccode\u003e236cab7\u003c/code\u003e\u003c/a\u003e feat(live): Add audio cache for save artifact (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/e5c3f51091121b8098126392b28fd6012faa076c\"\u003e\u003ccode\u003ee5c3f51\u003c/code\u003e\u003c/a\u003e feat(live): Add streaming tools (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/2b79d381812a6b9b58559b1fe4e706564d23bf6d\"\u003e\u003ccode\u003e2b79d38\u003c/code\u003e\u003c/a\u003e feat(live): Add session resumption (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/837\"\u003e#837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/9eb7630f38d1673d1005563477d80f37ad468175\"\u003e\u003ccode\u003e9eb7630\u003c/code\u003e\u003c/a\u003e fix: Prevent nil deref when a tool doesn't implement tool.Tool interface. (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/855\"\u003e#855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/ead8568e6a48ca652e0d39007ba9b4ebd509a26f\"\u003e\u003ccode\u003eead8568\u003c/code\u003e\u003c/a\u003e fix: Propagate StateDelta for non-streaming agent. (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/3954b83598249a48311821ddb66f5c3720720c05\"\u003e\u003ccode\u003e3954b83\u003c/code\u003e\u003c/a\u003e fix: Stop ignoring request Decode error in runtime. (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/851\"\u003e#851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/5fb72b9a4dd8dbf70a3da9e5d44be3569832ae47\"\u003e\u003ccode\u003e5fb72b9\u003c/code\u003e\u003c/a\u003e feat(live): Add live example (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/834\"\u003e#834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/google/adk-go/commit/8fb171b6af36169b40611d817233b4b0093a8e53\"\u003e\u003ccode\u003e8fb171b\u003c/code\u003e\u003c/a\u003e feat(live): Add sequential agent live run (\u003ca href=\"https://redirect.github.com/google/adk-go/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/google/adk-go/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/genai` from 1.57.0 to 1.58.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/go-genai/releases\"\u003egoogle.golang.org/genai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.58.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/go-genai/compare/v1.57.0...v1.58.0\"\u003e1.58.0\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eenable_prompt_injection_detection\u003c/code\u003e for Computer Use feature for the Gemini API. (\u003ca href=\"https://github.com/googleapis/go-genai/commit/19c2566dcfdbfdbc5821ab8ffb71f6155f084dab\"\u003e19c2566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd new fields (\u003ca href=\"https://github.com/googleapis/go-genai/commit/1608e807c1aa9d80dfc484db6cc37f49ee4e69a1\"\u003e1608e80\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/go-genai/blob/main/CHANGELOG.md\"\u003egoogle.golang.org/genai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/go-genai/compare/v1.57.0...v1.58.0\"\u003e1.58.0\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eenable_prompt_injection_detection\u003c/code\u003e for Computer Use feature for the Gemini API. (\u003ca href=\"https://github.com/googleapis/go-genai/commit/19c2566dcfdbfdbc5821ab8ffb71f6155f084dab\"\u003e19c2566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd new fields (\u003ca href=\"https://github.com/googleapis/go-genai/commit/1608e807c1aa9d80dfc484db6cc37f49ee4e69a1\"\u003e1608e80\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/go-genai/commit/97ea31f16473973e587f5b18659a5669dffd1f84\"\u003e\u003ccode\u003e97ea31f\u003c/code\u003e\u003c/a\u003e chore(main): release 1.58.0 (\u003ca href=\"https://redirect.github.com/googleapis/go-genai/issues/793\"\u003e#793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/go-genai/commit/19c2566dcfdbfdbc5821ab8ffb71f6155f084dab\"\u003e\u003ccode\u003e19c2566\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eenable_prompt_injection_detection\u003c/code\u003e for Computer Use feature for th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/go-genai/commit/1608e807c1aa9d80dfc484db6cc37f49ee4e69a1\"\u003e\u003ccode\u003e1608e80\u003c/code\u003e\u003c/a\u003e feat: add new fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/go-genai/commit/843a665755f75055e7c4bde1177af703384f7905\"\u003e\u003ccode\u003e843a665\u003c/code\u003e\u003c/a\u003e chore: update comment in BatchJobOutputInfo to unblock javadoc generation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/go-genai/commit/8b28bf81bd7a3cee47ed0a8b911e0d574f87a7aa\"\u003e\u003ccode\u003e8b28bf8\u003c/code\u003e\u003c/a\u003e chore: Throw fatals() instead of errors() in the replay_api_client when the i...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/googleapis/go-genai/compare/v1.57.0...v1.58.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `k8s.io/apiextensions-apiserver` from 0.35.4 to 0.35.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kubernetes/apiextensions-apiserver/commit/e5278bfcb4a507a63a8d11a2a1cf8cb620c04565\"\u003e\u003ccode\u003ee5278bf\u003c/code\u003e\u003c/a\u003e Update dependencies to v0.35.5 tag\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kubernetes/apiextensions-apiserver/compare/v0.35.4...v0.35.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/jordigilh/kubernaut/pull/1291","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jordigilh%2Fkubernaut/issues/1291","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1291/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-26T01:22:55.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4520554585","node_id":"PR_kwDORcGlh87fOPlj","number":12,"state":"closed","title":"chore(deps): bump the non-breaking group with 2 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-26T01:23:07.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T01:22:55.000Z","updated_at":"2026-05-26T01:23:16.000Z","time_to_close":12,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"non-breaking","update_count":2,"packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"golang.org/x/crypto","old_version":"0.51.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the non-breaking group with 2 updates: [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) and [golang.org/x/crypto](https://github.com/golang/crypto).\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.51.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.51.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/Kiefer-Networks/sshvault-api/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kiefer-Networks%2Fsshvault-api/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-26T01:22:15.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4520552184","node_id":"PR_kwDOQ5HbzM7fOPGB","number":86,"state":"closed","title":"deps: bump the minor-and-patch group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-08T19:44:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T01:22:15.000Z","updated_at":"2026-06-08T19:45:01.000Z","time_to_close":1189364,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: bump","group_name":"minor-and-patch","update_count":5,"packages":[{"name":"github.com/getkin/kin-openapi","old_version":"0.137.0","new_version":"0.139.0","repository_url":"https://github.com/getkin/kin-openapi"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/oapi-codegen/runtime","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/oapi-codegen/runtime"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.28.3","new_version":"2.29.0","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/onsi/gomega"}],"path":null,"ecosystem":"go"},"body":"Bumps the minor-and-patch group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.137.0` | `0.139.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) | `1.4.0` | `1.4.1` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |\n\n\nUpdates `github.com/getkin/kin-openapi` from 0.137.0 to 0.139.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/getkin/kin-openapi/releases\"\u003egithub.com/getkin/kin-openapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.139.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(openapi3): batch-convert long-tail RequiredFieldError sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1170\"\u003egetkin/kin-openapi#1170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(openapi3): typed validation error clusters (combined: #1171-\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1179\"\u003e#1179\u003c/a\u003e) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1180\"\u003egetkin/kin-openapi#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3gen: skip component export for anonymous types by \u003ca href=\"https://github.com/0-don\"\u003e\u003ccode\u003e@​0-don\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1163\"\u003egetkin/kin-openapi#1163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTimestamps by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1181\"\u003egetkin/kin-openapi#1181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: typed context errors for Validate() wrapper chain by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1183\"\u003egetkin/kin-openapi#1183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: track Origin on the document root (T) by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1184\"\u003egetkin/kin-openapi#1184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: tests flakiness corrected by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1159\"\u003egetkin/kin-openapi#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: aggregate independent validation errors via EnableMultiError by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1185\"\u003egetkin/kin-openapi#1185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: fix validation of duplicated path templates by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1189\"\u003egetkin/kin-openapi#1189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: type the remaining bare-error validation sites by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1187\"\u003egetkin/kin-openapi#1187\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\"\u003ehttps://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.138.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eopenapi3gen: clear nullable on exported component bodies by \u003ca href=\"https://github.com/0-don\"\u003e\u003ccode\u003e@​0-don\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1164\"\u003egetkin/kin-openapi#1164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3: add test for issue \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/927\"\u003e#927\u003c/a\u003e (nullable not respected on $ref schemas) by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1165\"\u003egetkin/kin-openapi#1165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: move public-API tests to external _test packages by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1168\"\u003egetkin/kin-openapi#1168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(openapi3): add per-type validation errors with cluster wrappers by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1166\"\u003egetkin/kin-openapi#1166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(openapi3conv): canonicalization pass for 3.0 -\u0026gt; 3.x by \u003ca href=\"https://github.com/reuvenharrison\"\u003e\u003ccode\u003e@​reuvenharrison\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1162\"\u003egetkin/kin-openapi#1162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eopenapi3conv: test Upgrade on many documents by \u003ca href=\"https://github.com/fenollp\"\u003e\u003ccode\u003e@​fenollp\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/pull/1169\"\u003egetkin/kin-openapi#1169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.137.0...v0.138.0\"\u003ehttps://github.com/getkin/kin-openapi/compare/v0.137.0...v0.138.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/8381bfc73ce3bb241d298bc8415b8f724b6ddfb6\"\u003e\u003ccode\u003e8381bfc\u003c/code\u003e\u003c/a\u003e openapi3: type the remaining bare-error validation sites (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1187\"\u003e#1187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/d29b5c043d31c47b3631020525397b7d1a1f4b6a\"\u003e\u003ccode\u003ed29b5c0\u003c/code\u003e\u003c/a\u003e openapi3: fix validation of duplicated path templates (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1189\"\u003e#1189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/e56c2c71f4cc7a433a13ff50e44b3da50b253c07\"\u003e\u003ccode\u003ee56c2c7\u003c/code\u003e\u003c/a\u003e openapi3: aggregate independent validation errors via EnableMultiError (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1185\"\u003e#1185\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7ea1ac895326a469712d81507fe00d7c8957b8b6\"\u003e\u003ccode\u003e7ea1ac8\u003c/code\u003e\u003c/a\u003e openapi3: tests flakiness corrected (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1159\"\u003e#1159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/dc70f84ce64fa2d60e1e58d96f6b5686ba3dff3e\"\u003e\u003ccode\u003edc70f84\u003c/code\u003e\u003c/a\u003e openapi3: track Origin on the document root (T) (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1184\"\u003e#1184\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/69492dff6b62dddb9b27aeb7ebc9e0ee653e0263\"\u003e\u003ccode\u003e69492df\u003c/code\u003e\u003c/a\u003e openapi3: typed context errors for Validate() wrapper chain (\u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/1183\"\u003e#1183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/0a89925163b66876c4bc357bca068d62e3d86c20\"\u003e\u003ccode\u003e0a89925\u003c/code\u003e\u003c/a\u003e un-patch YAML serialization of dates (see issue \u003ca href=\"https://redirect.github.com/getkin/kin-openapi/issues/697\"\u003e#697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/55a4c7274045743fd7e6703ee14be408ae79d22d\"\u003e\u003ccode\u003e55a4c72\u003c/code\u003e\u003c/a\u003e openapi3: re-enable tests disabled due to YAML dates in map keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/c61836c51e8f6f2efebbe95f783a41f319c53aa7\"\u003e\u003ccode\u003ec61836c\u003c/code\u003e\u003c/a\u003e ci: fixup lint after modifications to marsh.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/getkin/kin-openapi/commit/7633481fe3cd3a7027097aed588c285f3d21d238\"\u003e\u003ccode\u003e7633481\u003c/code\u003e\u003c/a\u003e feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable DisableTim...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/getkin/kin-openapi/compare/v0.137.0...v0.139.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/oapi-codegen/runtime` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oapi-codegen/runtime/releases\"\u003egithub.com/oapi-codegen/runtime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cp\u003eThis is a bug fix release.\u003c/p\u003e\n\u003cp\u003eChanges in \u003ccode\u003ev1.4.0\u003c/code\u003e, coupled with changes in \u003ccode\u003ev2.7.0\u003c/code\u003e of oapi-codegen exposed some new problems. \u003ccode\u003edeepObject\u003c/code\u003e style marshaling behavior now supports encoding unicode. UTF-8 can't be directly included in parameters, so we need to \u003ccode\u003e%\u003c/code\u003e escape it.\u003c/p\u003e\n\u003cp\u003eForm binding now detects maps, which makes binding to a Nullable possible. We can't use generics around \u003ccode\u003eNullable[T]\u003c/code\u003e, so we handle maps generically, assuming they're a Nullable with its behavior assumptions.\u003c/p\u003e\n\u003ch2\u003e🐛 Bug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix form binding of Nullables (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/133\"\u003e#133\u003c/a\u003e) \u003ca href=\"https://github.com/mromaszewicz\"\u003e\u003ccode\u003e@​mromaszewicz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePercent-encode deepObject parameter wire output (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/132\"\u003e#132\u003c/a\u003e) \u003ca href=\"https://github.com/mromaszewicz\"\u003e\u003ccode\u003e@​mromaszewicz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Dependency updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): update oapi-codegen/actions action to v0.7.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/127\"\u003e#127\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v4 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/107\"\u003e#107\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): update module github.com/kataras/iris/v12 to v12.2.11 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/11\"\u003e#11\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update release-drafter/release-drafter action to v7.2.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/122\"\u003e#122\u003c/a\u003e) @\u003ca href=\"https://github.com/apps/renovate\"\u003erenovate[bot]\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSponsors\u003c/h2\u003e\n\u003cp\u003eWe would like to thank our sponsors for their support during this release.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/2755f15aee0c946a782704399ba88f9830dc0912\"\u003e\u003ccode\u003e2755f15\u003c/code\u003e\u003c/a\u003e Fix form binding of Nullables (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/133\"\u003e#133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/17de1dd042b56f9848af5314d5399a8d8cf8591f\"\u003e\u003ccode\u003e17de1dd\u003c/code\u003e\u003c/a\u003e Percent-encode deepObject parameter wire output (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/d2b7c4c58e85cdc668508abccb138dbe0d15f9d9\"\u003e\u003ccode\u003ed2b7c4c\u003c/code\u003e\u003c/a\u003e chore(deps): update oapi-codegen/actions action to v0.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/6fd6c25e4f6db33e2c9c249403527ae83f30eba6\"\u003e\u003ccode\u003e6fd6c25\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/19040cc57320598827a0a591c6fdba6f46e3a5e8\"\u003e\u003ccode\u003e19040cc\u003c/code\u003e\u003c/a\u003e fix(deps): update module github.com/kataras/iris/v12 to v12.2.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oapi-codegen/runtime/commit/e05282eb5f0ed6981bf48165ba3e272d5cd062f8\"\u003e\u003ccode\u003ee05282e\u003c/code\u003e\u003c/a\u003e chore(deps): update release-drafter/release-drafter action to v7.2.0 (\u003ca href=\"https://redirect.github.com/oapi-codegen/runtime/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/oapi-codegen/runtime/compare/v1.4.0...v1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.29.0\u003c/h2\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/04b5bcbe4eee911a1baf506eda1e7e811c978937\"\u003e\u003ccode\u003e04b5bcb\u003c/code\u003e\u003c/a\u003e v2.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/124232a4531c77a7f31a036e0150e06fa78b2af8\"\u003e\u003ccode\u003e124232a\u003c/code\u003e\u003c/a\u003e docs: GinkgoHelperGo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/ad9cee80bdfda573e94f1b05f2bd4afa1a2fe815\"\u003e\u003ccode\u003ead9cee8\u003c/code\u003e\u003c/a\u003e feat: GinkgoHelperGo, with integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/9e56a0a2a090eb83af696381161bdb996c69bcac\"\u003e\u003ccode\u003e9e56a0a\u003c/code\u003e\u003c/a\u003e chore: refactor devcontainer for better maintenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/3d235a96ac05d9e855048c66528d2fdbfb9101f7\"\u003e\u003ccode\u003e3d235a9\u003c/code\u003e\u003c/a\u003e chore: ignore internal/tmp_*/ integration suite temporary dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/782666ae83c2bc804f28b1333bf91a21b093d946\"\u003e\u003ccode\u003e782666a\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/009dd04de2d18f00c3c812d2caab713a165a1f7c\"\u003e\u003ccode\u003e009dd04\u003c/code\u003e\u003c/a\u003e Support DescribeTableSubtree in ginkgo outline\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.28.3...v2.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.41.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eBeASlice\u003c/code\u003e and \u003ccode\u003eBeAnArray\u003c/code\u003e matchers\u003c/p\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eObject formatting now detects pointer cycles to avoid runaway formatting output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/af2bccb5831cbcc56cfc16ca3056077cdec4798b\"\u003e\u003ccode\u003eaf2bccb\u003c/code\u003e\u003c/a\u003e v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/73e81f6f054c825d1743bf4090ac0a9e1d5605af\"\u003e\u003ccode\u003e73e81f6\u003c/code\u003e\u003c/a\u003e v1.41.0 (full)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e35a84f24113255aaeea62fe7c47e09adf39109b\"\u003e\u003ccode\u003ee35a84f\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/f12e5e1bc7167fae21ef37b0d9d358d51063ff5e\"\u003e\u003ccode\u003ef12e5e1\u003c/code\u003e\u003c/a\u003e fix(format): detect pointer cycles to avoid runaway formatting output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e14831fefa86313f2b01fb803b2ac937e49d08b6\"\u003e\u003ccode\u003ee14831f\u003c/code\u003e\u003c/a\u003e Add optionalDescription docs to AsyncAssertion and Assertion interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/344b94dae7e0df0e2d087574b4c2b1b1597a6943\"\u003e\u003ccode\u003e344b94d\u003c/code\u003e\u003c/a\u003e Add BeASlice and BeAnArray matchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.40.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/dcm-project/catalog-manager/pull/86","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dcm-project%2Fcatalog-manager/issues/86","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/86/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-26T00:58:28.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4520454258","node_id":"PR_kwDOBjlZF87fN60X","number":40,"state":"open","title":"fix: Bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:58:28.000Z","updated_at":"2026-06-01T01:39:32.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix: Bump","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/icco/hello/pull/40","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/icco%2Fhello/issues/40","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40/packages"}},{"old_version":"5.0.12","new_version":"5.3.0","update_type":"minor","path":"/tools/mock-abs in the production-deps group","pr_created_at":"2026-05-26T00:31:13.000Z","version_change":"5.0.12 → 5.3.0","issue":{"uuid":"4520340548","node_id":"PR_kwDOSM6-Js7fNi3g","number":148,"state":"open","title":"chore(deps): bump github.com/go-chi/chi/v5 from 5.0.12 to 5.3.0 in /tools/mock-abs in the production-deps group","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:31:13.000Z","updated_at":"2026-05-26T00:31:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.0.12","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":"/tools/mock-abs in the production-deps group","ecosystem":"go"},"body":"Bumps the production-deps group in /tools/mock-abs with 1 update: [github.com/go-chi/chi/v5](https://github.com/go-chi/chi).\n\nUpdates `github.com/go-chi/chi/v5` from 5.0.12 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/blob/master/CHANGELOG.md\"\u003egithub.com/go-chi/chi/v5's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.0.12...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5\u0026package-manager=go_modules\u0026previous-version=5.0.12\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cryptoma4o/AIbank/pull/148","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cryptoma4o%2FAIbank/issues/148","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/148/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":"/services/gateway","pr_created_at":"2026-05-26T00:21:38.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4520304004","node_id":"PR_kwDORZ1QU87fNbYH","number":80,"state":"open","title":"deps(gateway): bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0 in /services/gateway","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:21:38.000Z","updated_at":"2026-05-26T00:21:39.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(gateway)","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":"/services/gateway","ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5\u0026package-manager=go_modules\u0026previous-version=5.2.5\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/DeepakR-G20/jupiter/pull/80","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeepakR-G20%2Fjupiter/issues/80","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/80/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T21:34:05.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4519650145","node_id":"PR_kwDORa6tb87fLTZd","number":106,"state":"closed","title":"deps(go): bump the go-minor-patch group with 7 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-26T05:44:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T21:34:05.000Z","updated_at":"2026-05-26T05:44:33.000Z","time_to_close":29426,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(go): bump","group_name":"go-minor-patch","update_count":7,"packages":[{"name":"github.com/aws/aws-sdk-go-v2/config","old_version":"1.32.17","new_version":"1.32.18","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/credentials","old_version":"1.19.16","new_version":"1.19.17","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/aws/aws-sdk-go-v2/feature/s3/manager","old_version":"1.22.18","new_version":"1.22.19","repository_url":"https://github.com/aws/aws-sdk-go-v2"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/modelcontextprotocol/go-sdk","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/modelcontextprotocol/go-sdk"},{"name":"golang.org/x/crypto","old_version":"0.51.0","new_version":"0.52.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.53.0","new_version":"0.54.0","repository_url":"https://github.com/golang/net"}],"path":null,"ecosystem":"go"},"body":"Bumps the go-minor-patch group with 7 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.32.17` | `1.32.18` |\n| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.19.16` | `1.19.17` |\n| [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) | `1.22.18` | `1.22.19` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/modelcontextprotocol/go-sdk](https://github.com/modelcontextprotocol/go-sdk) | `1.6.0` | `1.6.1` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.52.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.54.0` |\n\nUpdates `github.com/aws/aws-sdk-go-v2/config` from 1.32.17 to 1.32.18\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/db9f4e546dfe2f62a6bc3bf54b9da42ebace6372\"\u003e\u003ccode\u003edb9f4e5\u003c/code\u003e\u003c/a\u003e Release 2026-05-22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/34e7ddc9400e830a9ae226a7e3c2161e5ece4f19\"\u003e\u003ccode\u003e34e7ddc\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f9db036cf7b3b8a1ea5eb67c3d296da4b48b6e2b\"\u003e\u003ccode\u003ef9db036\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ae5eae1e3ec46433bd99496bfa6936f8f09a2e72\"\u003e\u003ccode\u003eae5eae1\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/429dbdd2a35d325aabc5757edfc9ebf09c2ad12e\"\u003e\u003ccode\u003e429dbdd\u003c/code\u003e\u003c/a\u003e Feat discover endpoint partition validation (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3410\"\u003e#3410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ab4f5b60785064ec6346c922604d94b63d9c7299\"\u003e\u003ccode\u003eab4f5b6\u003c/code\u003e\u003c/a\u003e Release 2026-05-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/757a09909a97a15e5a481d9839b83f15b8fdc4bc\"\u003e\u003ccode\u003e757a099\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/02c8323ee6c99be82dae3a3923616756cb164525\"\u003e\u003ccode\u003e02c8323\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f4ac954c5b3567f7918fbaa845bd05a8b211f54e\"\u003e\u003ccode\u003ef4ac954\u003c/code\u003e\u003c/a\u003e Bump smithy-go version and update imports for evenstream protocoltests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3420\"\u003e#3420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6d937001e020def8b587dccbe5d803933ce57bfd\"\u003e\u003ccode\u003e6d93700\u003c/code\u003e\u003c/a\u003e Add replace for credentials dependency added on go.mod (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3419\"\u003e#3419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.17...config/v1.32.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/credentials` from 1.19.16 to 1.19.17\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/db9f4e546dfe2f62a6bc3bf54b9da42ebace6372\"\u003e\u003ccode\u003edb9f4e5\u003c/code\u003e\u003c/a\u003e Release 2026-05-22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/34e7ddc9400e830a9ae226a7e3c2161e5ece4f19\"\u003e\u003ccode\u003e34e7ddc\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f9db036cf7b3b8a1ea5eb67c3d296da4b48b6e2b\"\u003e\u003ccode\u003ef9db036\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ae5eae1e3ec46433bd99496bfa6936f8f09a2e72\"\u003e\u003ccode\u003eae5eae1\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/429dbdd2a35d325aabc5757edfc9ebf09c2ad12e\"\u003e\u003ccode\u003e429dbdd\u003c/code\u003e\u003c/a\u003e Feat discover endpoint partition validation (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3410\"\u003e#3410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ab4f5b60785064ec6346c922604d94b63d9c7299\"\u003e\u003ccode\u003eab4f5b6\u003c/code\u003e\u003c/a\u003e Release 2026-05-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/757a09909a97a15e5a481d9839b83f15b8fdc4bc\"\u003e\u003ccode\u003e757a099\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/02c8323ee6c99be82dae3a3923616756cb164525\"\u003e\u003ccode\u003e02c8323\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f4ac954c5b3567f7918fbaa845bd05a8b211f54e\"\u003e\u003ccode\u003ef4ac954\u003c/code\u003e\u003c/a\u003e Bump smithy-go version and update imports for evenstream protocoltests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3420\"\u003e#3420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6d937001e020def8b587dccbe5d803933ce57bfd\"\u003e\u003ccode\u003e6d93700\u003c/code\u003e\u003c/a\u003e Add replace for credentials dependency added on go.mod (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3419\"\u003e#3419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.19.16...credentials/v1.19.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/aws/aws-sdk-go-v2/feature/s3/manager` from 1.22.18 to 1.22.19\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/db9f4e546dfe2f62a6bc3bf54b9da42ebace6372\"\u003e\u003ccode\u003edb9f4e5\u003c/code\u003e\u003c/a\u003e Release 2026-05-22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/34e7ddc9400e830a9ae226a7e3c2161e5ece4f19\"\u003e\u003ccode\u003e34e7ddc\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f9db036cf7b3b8a1ea5eb67c3d296da4b48b6e2b\"\u003e\u003ccode\u003ef9db036\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ae5eae1e3ec46433bd99496bfa6936f8f09a2e72\"\u003e\u003ccode\u003eae5eae1\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/429dbdd2a35d325aabc5757edfc9ebf09c2ad12e\"\u003e\u003ccode\u003e429dbdd\u003c/code\u003e\u003c/a\u003e Feat discover endpoint partition validation (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3410\"\u003e#3410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/ab4f5b60785064ec6346c922604d94b63d9c7299\"\u003e\u003ccode\u003eab4f5b6\u003c/code\u003e\u003c/a\u003e Release 2026-05-21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/757a09909a97a15e5a481d9839b83f15b8fdc4bc\"\u003e\u003ccode\u003e757a099\u003c/code\u003e\u003c/a\u003e Regenerated Clients\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/02c8323ee6c99be82dae3a3923616756cb164525\"\u003e\u003ccode\u003e02c8323\u003c/code\u003e\u003c/a\u003e Update API model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/f4ac954c5b3567f7918fbaa845bd05a8b211f54e\"\u003e\u003ccode\u003ef4ac954\u003c/code\u003e\u003c/a\u003e Bump smithy-go version and update imports for evenstream protocoltests (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3420\"\u003e#3420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-sdk-go-v2/commit/6d937001e020def8b587dccbe5d803933ce57bfd\"\u003e\u003ccode\u003e6d93700\u003c/code\u003e\u003c/a\u003e Add replace for credentials dependency added on go.mod (\u003ca href=\"https://redirect.github.com/aws/aws-sdk-go-v2/issues/3419\"\u003e#3419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-sdk-go-v2/compare/feature/s3/manager/v1.22.18...feature/s3/manager/v1.22.19\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/modelcontextprotocol/go-sdk` from 1.6.0 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/releases\"\u003egithub.com/modelcontextprotocol/go-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.6.1\u003c/h2\u003e\n\u003cp\u003eThis release adds an MCPGODEBUG flag to opt out of the Content-Type check on POST requests.\u003c/p\u003e\n\u003ch2\u003eBehavior Changes\u003c/h2\u003e\n\u003cp\u003ePrior to v1.6.0 (v1.4.0...v1.5.0), the Content-Type check on POST requests was gated by the same \u003ccode\u003edisablecrossoriginprotection\u003c/code\u003e MCPGODEBUG flag as the cross-origin protection. In v1.6.0, the cross-origin protection was disabled by default (replaced by the opt-in \u003ccode\u003eenableoriginverification\u003c/code\u003e flag), but the Content-Type check was kept on unconditionally, leaving no way to disable it.\nThis release restores an escape hatch for both the Streamable HTTP and SSE transports: setting \u003ccode\u003eMCPGODEBUG=disablecontenttypecheck=1\u003c/code\u003e skips the \u003ccode\u003eContent-Type: application/json\u003c/code\u003e validation on POST requests.\nSee \u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/issues/957\"\u003e#957\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003emcp: add MCPGPDEBUG for opt-in Content-Type check by \u003ca href=\"https://github.com/guglielmo-san\"\u003e\u003ccode\u003e@​guglielmo-san\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/pull/972\"\u003emodelcontextprotocol/go-sdk#972\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/commit/d454bbaf06a342aee5336df3370321d9cdec2478\"\u003e\u003ccode\u003ed454bba\u003c/code\u003e\u003c/a\u003e mcp: add MCPGPDEBUG for opt-in Content-Type check (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/go-sdk/issues/972\"\u003e#972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/modelcontextprotocol/go-sdk/compare/v1.6.0...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.51.0 to 0.52.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803\"\u003e\u003ccode\u003ea1c0d99\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d\"\u003e\u003ccode\u003e3c7c869\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected channel responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce\"\u003e\u003ccode\u003e533fb3f\u003c/code\u003e\u003c/a\u003e ssh: fix source-address critical option bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3\"\u003e\u003ccode\u003eabbc44d\u003c/code\u003e\u003c/a\u003e ssh: fix incorrect operator order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f\"\u003e\u003ccode\u003ee052873\u003c/code\u003e\u003c/a\u003e ssh: fix infinite loop on large channel writes due to integer overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456\"\u003e\u003ccode\u003eb61cf85\u003c/code\u003e\u003c/a\u003e ssh: enforce user presence verification for security keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd\"\u003e\u003ccode\u003e9c2cd33\u003c/code\u003e\u003c/a\u003e ssh: enforce strict limits on DSA key parameters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4\"\u003e\u003ccode\u003e8907318\u003c/code\u003e\u003c/a\u003e ssh: reject RSA keys with excessively large moduli\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e\"\u003e\u003ccode\u003effd87b4\u003c/code\u003e\u003c/a\u003e ssh: fix panic when authority callbacks are nil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946\"\u003e\u003ccode\u003e4e7a738\u003c/code\u003e\u003c/a\u003e ssh: fix deadlock on unexpected global responses\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.51.0...v0.52.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.53.0 to 0.54.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/b138e06246cb323f2f380c2b7f7dd91f581dd56b\"\u003e\u003ccode\u003eb138e06\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/689f70a42abd350f3a1aaa70b0d13eb9543d927a\"\u003e\u003ccode\u003e689f70a\u003c/code\u003e\u003c/a\u003e quic: fix wrong final size being used for RESET_STREAM frame\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/208f306b2f0fd008b388bee2c2644be279778e94\"\u003e\u003ccode\u003e208f306\u003c/code\u003e\u003c/a\u003e http3: increase handshake timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/49810da71b9026da9e0d028a6ad8c7730c52d9c4\"\u003e\u003ccode\u003e49810da\u003c/code\u003e\u003c/a\u003e http2: enable net/http wrapping when go \u0026gt;= 1.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/5e11a5ab891c117eda83b4304d60dd13286c1c76\"\u003e\u003ccode\u003e5e11a5a\u003c/code\u003e\u003c/a\u003e quic: fix data race in streamForFrame\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/8c63081cd380ea768db5651941614b73472160ff\"\u003e\u003ccode\u003e8c63081\u003c/code\u003e\u003c/a\u003e http2: use empty Transport rather than DefaultTransport in http2wrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/fc7b466ca49cb204039630533ece4fc557eb35cd\"\u003e\u003ccode\u003efc7b466\u003c/code\u003e\u003c/a\u003e http2: add http2wrap test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/15c2cb1875fd727313dc4de909b3ee149422fbe2\"\u003e\u003ccode\u003e15c2cb1\u003c/code\u003e\u003c/a\u003e http2: avoid overflowing 32-bit int when http2wrap enabled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/64651885c2f2d745d77af2d7af2edbf568c179af\"\u003e\u003ccode\u003e6465188\u003c/code\u003e\u003c/a\u003e http2: add wrapped Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/72f419a894cb0597dd5b6bcf119086bf2af41231\"\u003e\u003ccode\u003e72f419a\u003c/code\u003e\u003c/a\u003e http2: add wrapped ClientConn\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.53.0...v0.54.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/ruaan-deysel/vault/pull/106","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ruaan-deysel%2Fvault/issues/106","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/106/packages"}},{"old_version":"5.2.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-25T20:37:12.000Z","version_change":"5.2.5 → 5.3.0","issue":{"uuid":"4519409992","node_id":"PR_kwDOBAr5ps7fKh1S","number":9975,"state":"open","title":"build(deps): bump the gomod group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["release-note-none","dco-signoff: yes"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T20:37:12.000Z","updated_at":"2026-05-26T21:53:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"gomod","update_count":20,"packages":[{"name":"github.com/containerd/containerd","old_version":"1.7.31","new_version":"1.7.32","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/containerd/api","old_version":"1.10.0","new_version":"1.11.1","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containers/conmon-rs","old_version":"0.7.3","new_version":"0.8.0","repository_url":"https://github.com/containers/conmon-rs"},{"name":"github.com/containers/kubensmnt","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/containers/kubensmnt"},{"name":"github.com/go-chi/chi/v5","old_version":"5.2.5","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/onsi/ginkgo/v2","old_version":"2.28.3","new_version":"2.29.0","repository_url":"https://github.com/onsi/ginkgo"},{"name":"github.com/onsi/gomega","old_version":"1.40.0","new_version":"1.41.0","repository_url":"https://github.com/onsi/gomega"},{"name":"github.com/opencontainers/runc","old_version":"1.4.1","new_version":"1.4.2","repository_url":"https://github.com/opencontainers/runc"},{"name":"github.com/opencontainers/selinux","old_version":"1.13.1","new_version":"1.15.0","repository_url":"https://github.com/opencontainers/selinux"},{"name":"golang.org/x/net","old_version":"0.53.0","new_version":"0.55.0","repository_url":"https://github.com/golang/net"},{"name":"google.golang.org/grpc","old_version":"1.80.0","new_version":"1.81.1","repository_url":"https://github.com/grpc/grpc-go"},{"name":"k8s.io/api","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/api"},{"name":"k8s.io/client-go","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/client-go"},{"name":"k8s.io/component-base","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/component-base"},{"name":"k8s.io/cri-streaming","old_version":"0.36.0","new_version":"0.36.1","repository_url":"https://github.com/kubernetes/cri-streaming"}],"path":null,"ecosystem":"go"},"body":"Bumps the gomod group with 15 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.31` | `1.7.32` |\n| [github.com/containerd/containerd/api](https://github.com/containerd/containerd) | `1.10.0` | `1.11.1` |\n| [github.com/containers/conmon-rs](https://github.com/containers/conmon-rs) | `0.7.3` | `0.8.0` |\n| [github.com/containers/kubensmnt](https://github.com/containers/kubensmnt) | `1.2.0` | `1.3.0` |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |\n| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.28.3` | `2.29.0` |\n| [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.40.0` | `1.41.0` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.4.1` | `1.4.2` |\n| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.13.1` | `1.15.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.55.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.80.0` | `1.81.1` |\n| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.0` | `0.36.1` |\n| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.0` | `0.36.1` |\n| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.36.0` | `0.36.1` |\n| [k8s.io/cri-streaming](https://github.com/kubernetes/cri-streaming) | `0.36.0` | `0.36.1` |\n\n\nUpdates `github.com/containerd/containerd` from 1.7.31 to 1.7.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.32\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.32 release of containerd!\u003c/p\u003e\n\u003cp\u003e\u003cbr /\u003e\nThe thirty-second patch release for containerd 1.7 contains various fixes\nand updates including a security patch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003econtainerd\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w\"\u003e\u003cstrong\u003eCVE-2026-46680\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow hosts.toml to contain only root-level fields without an explicit [host] section (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eApply hardening to block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport both \u0026quot;volatile\u0026quot; and \u0026quot;fsync=volatile\u0026quot; mount options for volatile snapshotter (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSet AppArmor abi conditionally to support versions \u0026lt; 3.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eChris Henzie\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eBrad Davidson\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003eLEI WANG\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d865c\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003eoci: return explicit error for out-of-range USER values (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13450\"\u003e#13450\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f47946\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eseccomp: Block AF_ALG in default socket policy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13406\"\u003e#13406\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747d3\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65f8\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix issue with empty host tree in hosts.toml (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/10028\"\u003e#10028\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/24007441d3bb191e0045b83fce5890a67aa98449\"\u003e\u003ccode\u003e24007441d\u003c/code\u003e\u003c/a\u003e Fix error parsing hosts.toml without any \u003ccode\u003ehost\u003c/code\u003e tree\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSupport both styles of volatile mount option (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13299\"\u003e#13299\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e940733149\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eapparmor: Set abi conditionally (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13273\"\u003e#13273\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2b732c8925a92b10300a3dc21dbfd37cafea76dd\"\u003e\u003ccode\u003e2b732c892\u003c/code\u003e\u003c/a\u003e apparmor: Set abi conditionally\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdd GitHub Action for k8s node e2e tests (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13258\"\u003e#13258\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0db1e143a11de38b8f088684ce4f26a2b487d517\"\u003e\u003ccode\u003e0db1e143a\u003c/code\u003e\u003c/a\u003e Add GitHub Action for k8s node e2e tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUpdate release process after 1.7 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13236\"\u003e#13236\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3223a75c20f06d0da7985a49ac42ed6ff67c5433\"\u003e\u003ccode\u003e3223a75c2\u003c/code\u003e\u003c/a\u003e Update for latest updates to release tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/180a7b7385ae633344ff3db0db7eea11a4164f00\"\u003e\u003ccode\u003e180a7b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13452\"\u003e#13452\u003c/a\u003e from samuelkarp/prepare-1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bc87d865cf39e0cc55a5e628d95cf8eef52787ad\"\u003e\u003ccode\u003ebc87d86\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.32\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/6a05ddd119ec81beb36d504ce844bdd11bfcb22c\"\u003e\u003ccode\u003e6a05ddd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13450\"\u003e#13450\u003c/a\u003e from samuelkarp/oci-withuser-errrange-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9c3d01b3f113fa421be5ef02dbeb31c02a7a5991\"\u003e\u003ccode\u003e9c3d01b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13406\"\u003e#13406\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e55b747d3496763d54b6c7670f4290c1e7183a36\"\u003e\u003ccode\u003ee55b747\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4627a65f8a92ce704e40b4b42df4fbfb2ceae2b9\"\u003e\u003ccode\u003e4627a65\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/33d9e242ca41d47ac749555aae0572cd71942d75\"\u003e\u003ccode\u003e33d9e24\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/10028\"\u003e#10028\u003c/a\u003e from brandond/fix-hosts-toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/503f479466b432bd16fd9f14e10b6d4b09812730\"\u003e\u003ccode\u003e503f479\u003c/code\u003e\u003c/a\u003e oci: return explicit error for out-of-range USER values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4393e22af7553a80141b7f8a73859764ede1ffcb\"\u003e\u003ccode\u003e4393e22\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13299\"\u003e#13299\u003c/a\u003e from chrishenzie/release/1.7-volatile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/940733149271449293e063148e220faf885a01b9\"\u003e\u003ccode\u003e9407331\u003c/code\u003e\u003c/a\u003e Support both styles of volatile mount option\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.31...v1.7.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd/api` from 1.10.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd/api's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd API 1.11.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.1 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe first patch release for the containerd 1.11 API includes a fix\nin the task endpoints for non-runc shims.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for api/v1.11.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13444\"\u003e#13444\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef299\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix sandbox task API endpoints for non-runc runtimes (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13422\"\u003e#13422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9ec\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/containerd/containerd/releases/tag/api/v1.11.0\"\u003eapi/v1.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003econtainerd API 1.11.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the api/v1.11.0 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe 12th release for the containerd 1.x API aligns with the containerd 2.3 release.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd transfer types for container filesystem copy (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13165\"\u003e#13165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate sandbox API to include spec field (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12840\"\u003e#12840\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eImage Distribution\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd os.features support for EROFS native container images (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/13091\"\u003e#13091\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f822a911ab2b7c73e30bc0f36ea319642c9711b1\"\u003e\u003ccode\u003ef822a91\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13444\"\u003e#13444\u003c/a\u003e from dmcgowan/prepare-api-v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/da7aef299c57cc1f290700ade8fa0a5fec69a462\"\u003e\u003ccode\u003eda7aef2\u003c/code\u003e\u003c/a\u003e Prepare release notes for api/v1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a50a704094cf72710ccfa4944a642ef4e7ec9d2c\"\u003e\u003ccode\u003ea50a704\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13422\"\u003e#13422\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13360-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/5282d4e09d3bc8b0957780caa7a4644fac7c86a7\"\u003e\u003ccode\u003e5282d4e\u003c/code\u003e\u003c/a\u003e Wire task address and version fields\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e44f5f9ec610d95a712d230e8a19ae516e0a26ac\"\u003e\u003ccode\u003ee44f5f9\u003c/code\u003e\u003c/a\u003e protos: include task API address to CreateTaskRequest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/85f22f7afa3af5aa5083cc7ae50c3b58a35b8849\"\u003e\u003ccode\u003e85f22f7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13409\"\u003e#13409\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13327-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/4d80a31bf637bc15e83e50a15941bf5bb0cb3988\"\u003e\u003ccode\u003e4d80a31\u003c/code\u003e\u003c/a\u003e seccomp: Block AF_ALG in default socket policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2ed0d97b6e58def34684a1bffc2ab6931182f221\"\u003e\u003ccode\u003e2ed0d97\u003c/code\u003e\u003c/a\u003e seccomp: Document socket rule scope and socketcall limitation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2315484b7e7a5b53e73ad3b143c780ec7612420b\"\u003e\u003ccode\u003e2315484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13390\"\u003e#13390\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13363-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/1ad3402b855b77eb3800f74c87ff78736edf72d2\"\u003e\u003ccode\u003e1ad3402\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/13394\"\u003e#13394\u003c/a\u003e from k8s-infra-cherrypick-robot/cherry-pick-13389-t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/api/v1.10.0...api/v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/conmon-rs` from 0.7.3 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/conmon-rs/releases\"\u003egithub.com/containers/conmon-rs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch2\u003eChanges by Kind\u003c/h2\u003e\n\u003ch3\u003eFeature\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOpenTelemetry dependencies are now optional. Enable with --features telemetry at build time. (\u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3044\"\u003e#3044\u003c/a\u003e, \u003ca href=\"https://github.com/saschagrunert\"\u003e\u003ccode\u003e@​saschagrunert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDependencies\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecyphar.com/go-pathrs: v0.2.4\u003c/li\u003e\n\u003cli\u003egithub.com/NYTimes/gziphandler: \u003ca href=\"https://github.com/NYTimes/gziphandler/tree/v1.1.1\"\u003ev1.1.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cespare/xxhash/v2: \u003ca href=\"https://github.com/cespare/xxhash/tree/v2.3.0\"\u003ev2.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/expect: v0.1.0-deprecated\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools/go/packages/packagestest: v0.1.1-deprecated\u003c/li\u003e\n\u003cli\u003ek8s.io/gengo/v2: 85fd79d\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egithub.com/coreos/go-systemd/v22: \u003ca href=\"https://github.com/coreos/go-systemd/compare/v22.6.0...v22.7.0\"\u003ev22.6.0 → v22.7.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cpuguy83/go-md2man/v2: \u003ca href=\"https://github.com/cpuguy83/go-md2man/compare/v2.0.5...v2.0.7\"\u003ev2.0.5 → v2.0.7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/cyphar/filepath-securejoin: \u003ca href=\"https://github.com/cyphar/filepath-securejoin/compare/v0.5.1...v0.6.1\"\u003ev0.5.1 → v0.6.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/google/pprof: \u003ca href=\"https://github.com/google/pprof/compare/f64d9cf...294ebfa\"\u003ef64d9cf → 294ebfa\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/ginkgo/v2: \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.27.2...v2.28.1\"\u003ev2.27.2 → v2.28.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/onsi/gomega: \u003ca href=\"https://github.com/onsi/gomega/compare/v1.38.2...v1.39.1\"\u003ev1.38.2 → v1.39.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/cgroups: \u003ca href=\"https://github.com/opencontainers/cgroups/compare/v0.0.5...v0.0.6\"\u003ev0.0.5 → v0.0.6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runc: \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.3.3...v1.4.1\"\u003ev1.3.3 → v1.4.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-spec: \u003ca href=\"https://github.com/opencontainers/runtime-spec/compare/v1.2.1...v1.3.0\"\u003ev1.2.1 → v1.3.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/runtime-tools: \u003ca href=\"https://github.com/opencontainers/runtime-tools/compare/0ea5ed0...5e63903\"\u003e0ea5ed0 → 5e63903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/opencontainers/selinux: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0\"\u003ev1.12.0 → v1.13.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/rogpeppe/go-internal: \u003ca href=\"https://github.com/rogpeppe/go-internal/compare/v1.13.1...v1.14.1\"\u003ev1.13.1 → v1.14.1\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/sirupsen/logrus: \u003ca href=\"https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4\"\u003ev1.9.3 → v1.9.4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egithub.com/urfave/cli: \u003ca href=\"https://github.com/urfave/cli/compare/v1.22.16...v1.22.17\"\u003ev1.22.16 → v1.22.17\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/auto/sdk: v1.1.0 → v1.2.1\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/metric: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel/trace: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.opentelemetry.io/otel: v1.38.0 → v1.42.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/common: v0.66.0 → v0.67.0\u003c/li\u003e\n\u003cli\u003ego.podman.io/image/v5: v5.38.0 → v5.39.1\u003c/li\u003e\n\u003cli\u003ego.podman.io/storage: v1.61.0 → v1.62.0\u003c/li\u003e\n\u003cli\u003ego.yaml.in/yaml/v2: v2.4.2 → v2.4.3\u003c/li\u003e\n\u003cli\u003egolang.org/x/crypto: v0.43.0 → v0.47.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/mod: v0.28.0 → v0.32.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/net: v0.45.0 → v0.49.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/oauth2: v0.27.0 → v0.30.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sync: v0.17.0 → v0.19.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/sys: v0.37.0 → v0.40.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/telemetry: aef8a43 → bd525da\u003c/li\u003e\n\u003cli\u003egolang.org/x/term: v0.36.0 → v0.39.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/text: v0.30.0 → v0.33.0\u003c/li\u003e\n\u003cli\u003egolang.org/x/tools: v0.37.0 → v0.41.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/c07e5214eeef082e83661ff7b610bac38f08401c\"\u003e\u003ccode\u003ec07e521\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3142\"\u003e#3142\u003c/a\u003e from saschagrunert/bump-v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/df8a5f4c70a2a72568ba68f61e0fa0f9cdb5a7a3\"\u003e\u003ccode\u003edf8a5f4\u003c/code\u003e\u003c/a\u003e Bump version to v0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4bb0a0f5f65d1a79c53951d02dfb27a298990a83\"\u003e\u003ccode\u003e4bb0a0f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3141\"\u003e#3141\u003c/a\u003e from containers/dependabot/cargo/zerocopy-0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/4b81484a4c533f11da91bf415572bb3fdb609f62\"\u003e\u003ccode\u003e4b81484\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3140\"\u003e#3140\u003c/a\u003e from containers/dependabot/cargo/itoa-1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/06c19681c35ec24c9567537bc8ed66c41766f876\"\u003e\u003ccode\u003e06c1968\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3137\"\u003e#3137\u003c/a\u003e from containers/dependabot/github_actions/actions/ca...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/d8c08482543a40dda9d7140ab0faddfb90965450\"\u003e\u003ccode\u003ed8c0848\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3139\"\u003e#3139\u003c/a\u003e from containers/dependabot/cargo/opentelemetry-84f9a...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/a9d10cc555ed4b1662fa7786bcc6538d9eaa0f78\"\u003e\u003ccode\u003ea9d10cc\u003c/code\u003e\u003c/a\u003e build(deps): bump zerocopy from 0.8.42 to 0.8.47\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/295c1e2eed7ded46acc386d42356bf6095b447bb\"\u003e\u003ccode\u003e295c1e2\u003c/code\u003e\u003c/a\u003e build(deps): bump itoa from 1.0.17 to 1.0.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/46856f7efc3d89b89f4799236acfa82c0f40055f\"\u003e\u003ccode\u003e46856f7\u003c/code\u003e\u003c/a\u003e build(deps): bump opentelemetry-otlp in the opentelemetry group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/conmon-rs/commit/e7caf158f2fc1576fa827e6c98862135d7696703\"\u003e\u003ccode\u003ee7caf15\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/conmon-rs/issues/3135\"\u003e#3135\u003c/a\u003e from containers/dependabot/go_modules/k8s.io/client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/conmon-rs/compare/v0.7.3...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containers/kubensmnt` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/kubensmnt/releases\"\u003egithub.com/containers/kubensmnt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd stand-alone installation makefiles by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/9\"\u003econtainers/kubensmnt#9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd go embed test by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/10\"\u003econtainers/kubensmnt#10\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigure shellcheck to enforce double-bracket style checks by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/12\"\u003econtainers/kubensmnt#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echeck to make sure kubensmnt is mounted by \u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePre-create /run/netns bindmount so it propagates to the kubensmnt namespace by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/13\"\u003econtainers/kubensmnt#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove netns pre-mount code by \u003ca href=\"https://github.com/lack\"\u003e\u003ccode\u003e@​lack\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/14\"\u003econtainers/kubensmnt#14\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixelsoccupied\"\u003e\u003ccode\u003e@​pixelsoccupied\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containers/kubensmnt/pull/11\"\u003econtainers/kubensmnt#11\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ehttps://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/d37589433623e38d0e73fa00ae7eedb70eec90d8\"\u003e\u003ccode\u003ed375894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/14\"\u003e#14\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/179235fb9bf4dea2275c637429c32b9204a6483d\"\u003e\u003ccode\u003e179235f\u003c/code\u003e\u003c/a\u003e Improve netns pre-mount code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9af9d360c629cfcf9b45e7ef1e5be0945016f6a1\"\u003e\u003ccode\u003e9af9d36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/13\"\u003e#13\u003c/a\u003e from lack/OCPBUGS-83562_precreate_netns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/6bbafddc37bbf8e8c05fc283997fb8e6cd735636\"\u003e\u003ccode\u003e6bbafdd\u003c/code\u003e\u003c/a\u003e Pre-create /run/netns bindmount so it propagates to the kubensmnt namespace\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/3424a142b287da0adc4b759e37840f1204769f39\"\u003e\u003ccode\u003e3424a14\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/11\"\u003e#11\u003c/a\u003e from pixelsoccupied/check-mount\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/7a7d59131dce11a013f6eee6d588309c1cb7f403\"\u003e\u003ccode\u003e7a7d591\u003c/code\u003e\u003c/a\u003e check to make sure kubensmnt is mounted\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/4b80f7c792c8864970ca94a72f3d410691221749\"\u003e\u003ccode\u003e4b80f7c\u003c/code\u003e\u003c/a\u003e Configure shellcheck to enforce double-bracket style checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2e5472fd300ef840cbb340e9031897f3c006a99e\"\u003e\u003ccode\u003e2e5472f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/kubensmnt/issues/10\"\u003e#10\u003c/a\u003e from lack/go_embed_test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/9264c5c70b513e5d48b987a6b55b11a3108a083c\"\u003e\u003ccode\u003e9264c5c\u003c/code\u003e\u003c/a\u003e Add go embed test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/kubensmnt/commit/2728572f6444955f5f737bd46905214b654e74d3\"\u003e\u003ccode\u003e2728572\u003c/code\u003e\u003c/a\u003e Add stand-alone installation makefiles\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/kubensmnt/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/ginkgo/v2` from 2.28.3 to 2.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/releases\"\u003egithub.com/onsi/ginkgo/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.29.0\u003c/h2\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/ginkgo/v2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.29.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003eGinkgoHelperGo\u003c/code\u003e makes it easier to write test helpers that need to run in goroutines.  Specifically, it makes managing the failure state and capturing failure panics correctly straightforward.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eginkgo outline\u003c/code\u003e now includes entries defined in \u003ccode\u003eDescribeTableSubtree\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/04b5bcbe4eee911a1baf506eda1e7e811c978937\"\u003e\u003ccode\u003e04b5bcb\u003c/code\u003e\u003c/a\u003e v2.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/124232a4531c77a7f31a036e0150e06fa78b2af8\"\u003e\u003ccode\u003e124232a\u003c/code\u003e\u003c/a\u003e docs: GinkgoHelperGo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/ad9cee80bdfda573e94f1b05f2bd4afa1a2fe815\"\u003e\u003ccode\u003ead9cee8\u003c/code\u003e\u003c/a\u003e feat: GinkgoHelperGo, with integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/9e56a0a2a090eb83af696381161bdb996c69bcac\"\u003e\u003ccode\u003e9e56a0a\u003c/code\u003e\u003c/a\u003e chore: refactor devcontainer for better maintenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/3d235a96ac05d9e855048c66528d2fdbfb9101f7\"\u003e\u003ccode\u003e3d235a9\u003c/code\u003e\u003c/a\u003e chore: ignore internal/tmp_*/ integration suite temporary dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/782666ae83c2bc804f28b1333bf91a21b093d946\"\u003e\u003ccode\u003e782666a\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/ginkgo/commit/009dd04de2d18f00c3c812d2caab713a165a1f7c\"\u003e\u003ccode\u003e009dd04\u003c/code\u003e\u003c/a\u003e Support DescribeTableSubtree in ginkgo outline\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/ginkgo/compare/v2.28.3...v2.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/onsi/gomega` from 1.40.0 to 1.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/onsi/gomega/blob/master/CHANGELOG.md\"\u003egithub.com/onsi/gomega's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.41.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cp\u003eAdd \u003ccode\u003eBeASlice\u003c/code\u003e and \u003ccode\u003eBeAnArray\u003c/code\u003e matchers\u003c/p\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cp\u003eObject formatting now detects pointer cycles to avoid runaway formatting output.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/af2bccb5831cbcc56cfc16ca3056077cdec4798b\"\u003e\u003ccode\u003eaf2bccb\u003c/code\u003e\u003c/a\u003e v1.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/73e81f6f054c825d1743bf4090ac0a9e1d5605af\"\u003e\u003ccode\u003e73e81f6\u003c/code\u003e\u003c/a\u003e v1.41.0 (full)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e35a84f24113255aaeea62fe7c47e09adf39109b\"\u003e\u003ccode\u003ee35a84f\u003c/code\u003e\u003c/a\u003e feat: devcontainer configuration with local pkgsite and GH pages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/f12e5e1bc7167fae21ef37b0d9d358d51063ff5e\"\u003e\u003ccode\u003ef12e5e1\u003c/code\u003e\u003c/a\u003e fix(format): detect pointer cycles to avoid runaway formatting output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/e14831fefa86313f2b01fb803b2ac937e49d08b6\"\u003e\u003ccode\u003ee14831f\u003c/code\u003e\u003c/a\u003e Add optionalDescription docs to AsyncAssertion and Assertion interfaces\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/onsi/gomega/commit/344b94dae7e0df0e2d087574b4c2b1b1597a6943\"\u003e\u003ccode\u003e344b94d\u003c/code\u003e\u003c/a\u003e Add BeASlice and BeAnArray matchers\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/onsi/gomega/compare/v1.40.0...v1.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.4.1 to 1.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.4.2 -- \u0026quot;Я — Земля! Я своих провожаю питомцев\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the second patch release of the 1.4.z release series of runc.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStatic Linking Notices\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003erunc\u003c/code\u003e binary distributed with this release are \u003cem\u003estatically linked\u003c/em\u003e with\nthe following \u003ca href=\"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\"\u003eGNU LGPL-2.1\u003c/a\u003e licensed libraries, with \u003ccode\u003erunc\u003c/code\u003e acting\nas a \u0026quot;work that uses the Library\u0026quot;:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seccomp/libseccomp\"\u003elibseccomp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe versions of these libraries were not modified from their upstream versions,\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\ncomplete source code for those libraries which (when combined with the attached\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\u003c/p\u003e\n\u003cp\u003eHowever we strongly suggest that you make use of your distribution's packages\nor download them from the authoritative upstream sources, especially since\nthese libraries are related to the security of your containers.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eThanks to the following contributors for making this release possible:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAyato Tokubi \u003ca href=\"mailto:atokubi@redhat.com\"\u003eatokubi@redhat.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAkihiro Suda \u003ca href=\"mailto:akihiro.suda.cz@hco.ntt.co.jp\"\u003eakihiro.suda.cz@hco.ntt.co.jp\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAleksa Sarai \u003ca href=\"mailto:cyphar@cyphar.com\"\u003ecyphar@cyphar.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLi Fubang \u003ca href=\"mailto:lifubang@acmcoder.com\"\u003elifubang@acmcoder.com\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRodrigo Campos Catelin \u003ca href=\"mailto:rodrigo@amutable.com\"\u003erodrigo@amutable.com\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSigned-off-by: Kir Kolyshkin \u003ca href=\"mailto:kolyshkin@gmail.com\"\u003ekolyshkin@gmail.com\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/v1.4.2/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.4.2] - 2026-04-02\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eЯ — Земля! Я своих провожаю питомцев.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA regression in runc v1.3.0 which can result in a stuck \u003ccode\u003erunc exec\u003c/code\u003e or\n\u003ccode\u003erunc run\u003c/code\u003e when the container process runs for a short time. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5208\"\u003e#5208\u003c/a\u003e,\n\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5210\"\u003e#5210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMount sources that need to be open on the host are now closed earlier during\ncontainer start, reducing the total amount of used file descriptors and\nhelping to avoid hitting the open files limit when handling many such mounts.\n(\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5177\"\u003e#5177\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/c241c0bb5e60a8e8c1b2e53d4eca8d0068d8d57e\"\u003e\u003ccode\u003ec241c0b\u003c/code\u003e\u003c/a\u003e VERSION: release v1.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/95f27e805324fce0899c9a2afbb819944f91315b\"\u003e\u003ccode\u003e95f27e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5216\"\u003e#5216\u003c/a\u003e from lifubang/backport-5210-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/39791aeab622c319146456c603643062d256e715\"\u003e\u003ccode\u003e39791ae\u003c/code\u003e\u003c/a\u003e Fix SIGCHLD race in signal handler setup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/226ff030b46f482c7715726a5de70957a9aec24d\"\u003e\u003ccode\u003e226ff03\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5201\"\u003e#5201\u003c/a\u003e from lifubang/backport-5177-1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/9de77a986c188bd436d5a60f47066388f6b199b5\"\u003e\u003ccode\u003e9de77a9\u003c/code\u003e\u003c/a\u003e test: check mount source fds are cleaned up with idmapped mounts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e4a82fc2d8604fa48f0bfbf7cb09b7c074a9dcc9\"\u003e\u003ccode\u003ee4a82fc\u003c/code\u003e\u003c/a\u003e libct: close mount source fd as soon as possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/87db63422d1d11b2a726674ca9ff276e5fffc7dd\"\u003e\u003ccode\u003e87db634\u003c/code\u003e\u003c/a\u003e libct: add a nil check for mountError\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/d4305dc5dddc9daf4a5adb9d6465d230e83f5e94\"\u003e\u003ccode\u003ed4305dc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5187\"\u003e#5187\u003c/a\u003e from kolyshkin/1.4-5159\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/63605fc49f9dc6a26b55d7f26e0473c1e626230b\"\u003e\u003ccode\u003e63605fc\u003c/code\u003e\u003c/a\u003e ci: add conmon tests run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/0daa0038d2f5151c0b503480c311f93694388ef0\"\u003e\u003ccode\u003e0daa003\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/5178\"\u003e#5178\u003c/a\u003e from kolyshkin/1.4-5175\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.4.1...v1.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/selinux` from 1.13.1 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/selinux/releases\"\u003egithub.com/opencontainers/selinux's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release adds a new function, SetProcessKind, which is to be used instead of KVMProcessLabel[s] and InitProcessLabel[s] in case the user only wants to change the type of the existing label, not generate a new one. It also fixes an CI issue and optimizes label.InitLabels for a few common cases.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: set timeout for vm jobs by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/270\"\u003eopencontainers/selinux#270\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003elabel.InitLabels: optimize by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/269\"\u003eopencontainers/selinux#269\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SetProcessKind by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/271\"\u003eopencontainers/selinux#271\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.1...v1.15.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.1\u003c/h2\u003e\n\u003cp\u003eThis release mostly fixes label.InitLabels regression introduced in v1.14.0.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: rm travis, add gha badge by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/268\"\u003eopencontainers/selinux#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix label.InitLabels regression in v1.14.0; amend ReserveLabelV2 doc by \u003ca href=\"https://github.com/kolyshkin\"\u003e\u003ccode\u003e@​kolyshkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/267\"\u003eopencontainers/selinux#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\"\u003ehttps://github.com/opencontainers/selinux/compare/v1.14.0...v1.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release fixes a regression in ExecLabel, bumps the minimal Go version to 1.22, and deprecates several functions in favor of improved API.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eExecLabel\u003c/code\u003e was using an incorrect path (regression in v1.13.0). (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/253\"\u003eopencontainers/selinux#253\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eCategoryRange\u003c/code\u003e is deprecated; use \u003ccode\u003eSetCategoryRange\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eKVMContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eKVMContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eInitContainerLabels\u003c/code\u003e is deprecated; use \u003ccode\u003eInitContainerLabel\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eReserveLabel\u003c/code\u003e is deprecated; use \u003ccode\u003eReserveLabelV2\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eROFileLabel\u003c/code\u003e is deprecated; if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContainerLabels\u003c/code\u003e is deprecated, if you use it, open a new issue. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSEUserByName\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/251\"\u003eopencontainers/selinux#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCheckLabel\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/250\"\u003eopencontainers/selinux#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSetCategoryRange\u003c/code\u003e, \u003ccode\u003eKVMContainerLabel\u003c/code\u003e, \u003ccode\u003eInitContainerLabel\u003c/code\u003e, \u003ccode\u003eReserveLabelV2\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/262\"\u003eopencontainers/selinux#262\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to Go 1.22 as the minimally supported version (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/256\"\u003eopencontainers/selinux#256\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eGetDefaultContextWithLevel\u003c/code\u003e to fall back to failsafe context (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/232\"\u003eopencontainers/selinux#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse math/rand/v2 rather than crypto/rand for MCS label generation (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/257\"\u003eopencontainers/selinux#257\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMAINTAINERS: add Aleksa as a maintainer. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/243\"\u003eopencontainers/selinux#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAssorted CI bumps and related fixes. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/255\"\u003eopencontainers/selinux#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove intToMcs. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/259\"\u003eopencontainers/selinux#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse Cut more. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/254\"\u003eopencontainers/selinux#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify getSelinuxMountPoint. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/258\"\u003eopencontainers/selinux#258\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify/remove some code. (\u003ca href=\"https://redirect.github.com/opencontainers/selinux/pull/261\"\u003eopencontainers/selinux#261\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/84683a6ecf369d67892b764300da9a614e403073\"\u003e\u003ccode\u003e84683a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/271\"\u003e#271\u003c/a\u003e from kolyshkin/change-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8889f6ec5dfbc92be63ff81f67cce3f1e7f8567a\"\u003e\u003ccode\u003e8889f6e\u003c/code\u003e\u003c/a\u003e Add SetProcessKind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fb9b5b20d3dce247bd0b0a96e26ad983c4909b9a\"\u003e\u003ccode\u003efb9b5b2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/269\"\u003e#269\u003c/a\u003e from kolyshkin/init-labels-opt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/74873e291f7a5d573fec3e7f2e0e16a8595434ca\"\u003e\u003ccode\u003e74873e2\u003c/code\u003e\u003c/a\u003e label.InitLabels: optimize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/c8bf19e9d124ef078dd0c0dfc2a14f3b9843c987\"\u003e\u003ccode\u003ec8bf19e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/270\"\u003e#270\u003c/a\u003e from kolyshkin/timeout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/a55d914f19b9dad21a21f5d882452971e7db2d03\"\u003e\u003ccode\u003ea55d914\u003c/code\u003e\u003c/a\u003e ci: set timeout for vm jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/89b039b4fb2ec4056a15eefce2e6e1a85b33fa70\"\u003e\u003ccode\u003e89b039b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/267\"\u003e#267\u003c/a\u003e from kolyshkin/damage-control\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/8c517ef35fd53d6a151e950bcc56f80d3fb2dec0\"\u003e\u003ccode\u003e8c517ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/selinux/issues/268\"\u003e#268\u003c/a\u003e from kolyshkin/readme\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/e184f4698c2e22c0969fb1302da049ba805213eb\"\u003e\u003ccode\u003ee184f46\u003c/code\u003e\u003c/a\u003e selinux.ReserveLabelV2: note on ignoring ErrMCSAlreadyExists\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/selinux/commit/fa158854b7c1d6064a41282522d109d8f71e9cfa\"\u003e\u003ccode\u003efa15885\u003c/code\u003e\u003c/a\u003e label.InitLabels: dont't return ErrMCSAlreadyExists\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/selinux/compare/v1.13.1...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/common` from 0.66.2-0.20260126213724-1e46b0756b39 to 0.67.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containers/container-libs/releases\"\u003ego.podman.io/common's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ecommon/v0.67.0\u003c/h2\u003e\n\u003cp\u003ego.podman.io/common release for podman v5.8\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/container-libs/commits/common/v0.67.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/image/v5` from 5.38.0 to 5.39.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/80fb329c24eb41f760488720a493946435196f31\"\u003e\u003ccode\u003e80fb329\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump to image 5.39.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/c41710e4e2fe11eb1716151f552f29d0f61df565\"\u003e\u003ccode\u003ec41710e\u003c/code\u003e\u003c/a\u003e [podman-5.8] Add missing image go.sum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/a1da33bdfddae9f31cf436f30dd4d8712d76d922\"\u003e\u003ccode\u003ea1da33b\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump image to v5.39.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/d5d959a8faa860f260c8b05e84a33ac4e8d9ed31\"\u003e\u003ccode\u003ed5d959a\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump storage to 1.62.0 in image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/b4ff26efa1f98823d53136a3944b3964e7426693\"\u003e\u003ccode\u003eb4ff26e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/626\"\u003e#626\u003c/a\u003e from TomSweeneyRedHat/dev/tsweeney/dance-5.8-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/bb290dc125b3e3ea2f18e7cf2f2ec4b8810265b6\"\u003e\u003ccode\u003ebb290dc\u003c/code\u003e\u003c/a\u003e [podman-5.8] Bump storage to v1.62.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/a79d33cb983b2308a4bb485c327b5ef026177d3b\"\u003e\u003ccode\u003ea79d33c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/616\"\u003e#616\u003c/a\u003e from l0rd/pr-612-to-5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/90383df2587fae116f31f785115b25957e5c84cb\"\u003e\u003ccode\u003e90383df\u003c/code\u003e\u003c/a\u003e common: safer use of \u003ccode\u003efilepath.EvalSymlinks()\u003c/code\u003e in \u003ccode\u003efindBindir()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/89d4270d09cdbe577335374c30ef446d1a728d1e\"\u003e\u003ccode\u003e89d4270\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/601\"\u003e#601\u003c/a\u003e from Luap99/podman-5.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containers/container-libs/commit/d1241f8bc422070205ce55cbebcbc68945b6b245\"\u003e\u003ccode\u003ed1241f8\u003c/code\u003e\u003c/a\u003e fix debug log for \u003ca href=\"https://redirect.github.com/containers/container-libs/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containers/container-libs/compare/image/v5.38.0...image/v5.39.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `go.podman.io/storage` from 1.61.1-0.20251212224252-b0f86df5a665 to 1.62.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containers/container-libs/commits/storage/v1.62.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.53.0 to 0.55.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/7770ec48d03fec35e378665337b4faca93c38423\"\u003e\u003ccode\u003e7770ec4\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/4ece7b612ad44ad6c4d5e0d5d4df9c18cc211905\"\u003e\u003ccode\u003e4ece7b6\u003c/code\u003e\u003c/a\u003e html: escape greater-than symbol in doctype identifiers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/08be507abce89191d78cd49da60f4501fc910472\"\u003e\u003ccode\u003e08be507\u003c/code\u003e\u003c/a\u003e html: improve Noah's Ark clause performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/a8fb2fe4f7378f816302b9f2f7b8290ce512e5dd\"\u003e\u003ccode\u003ea8fb2fe\u003c/code\u003e\u003c/a\u003e html: properly render fostered elements in foreign content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/0dc5b7a5f81d7155ade6d5e9db35992998679932\"\u003e\u003ccode\u003e0dc5b7a\u003c/code\u003e\u003c/a\u003e html: properly check namespace in \u0026quot;in body\u0026quot; any other end tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/a452f3cc17168a60bc3f439a3ae0fcffc32eca0e\"\u003e\u003ccode\u003ea452f3c\u003c/code\u003e\u003c/a\u003e html: ignore duplicate attributes during tokenization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/f8651996b24ba47d89dd9eb97fd47758e6d1886f\"\u003e\u003ccode\u003ef865199\u003c/code\u003e\u003c/a\u003e quic: fix appendMaxDataFrame erroneously accumulating sentLimit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/210ed3cb901cb549818aefa04b71dadaf149d05d\"\u003e\u003ccode\u003e210ed3c\u003c/code\u003e\u003c/a\u003e quic: establish a \u0026quot;happened-before\u0026quot; relationship between stream write and read\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ad8140e0aa2ec41b37ea478b4525a423bcc21af9\"\u003e\u003ccode\u003ead8140e\u003c/code\u003e\u003c/a\u003e quic: fix buffer slicing when handling overlapping stream data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/23ee2efe81a3ff183b4eca46c42f749af7efca45\"\u003e\u003ccode\u003e23ee2ef\u003c/code\u003e\u003c/a\u003e http2: avoid API changes when built with go1.27\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.53.0...v0.55.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.43.0 to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/397d5f80920585bc27433d878aba498d062f81e1\"\u003e\u003ccode\u003e397d5f8\u003c/code\u003e\u003c/a\u003e unix: update to Linux kernel 7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/0a387f7a07d7a0e9811f00603c10b4e5a94ab79c\"\u003e\u003ccode\u003e0a387f7\u003c/code\u003e\u003c/a\u003e cpu: detect zbc extension on riscv64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/758f71cb839d131daf0ba4befa6a2c6ceb21a649\"\u003e\u003ccode\u003e758f71c\u003c/code\u003e\u003c/a\u003e cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/99666ae32e07f6403182a79cb5df0c417cbbf25f\"\u003e\u003ccode\u003e99666ae\u003c/code\u003e\u003c/a\u003e unix: merge Linux readv/writev implementation with Darwin/OpenBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/e4444cbaaaf61cecff8e635874066fcd5c841575\"\u003e\u003ccode\u003ee4444cb\u003c/code\u003e\u003c/a\u003e windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/04396e85d470b7f990a9a1df5c1a44dc8e30c292\"\u003e\u003ccode\u003e04396e8\u003c/code\u003e\u003c/a\u003e unix: add Readv, Writev, Preadv, Pwritev for OpenBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/fb1facd76f95fa87c151018200ea5e4892ff115d\"\u003e\u003ccode\u003efb1facd\u003c/code\u003e\u003c/a\u003e windows: avoid uint16 overflow in NewNTUnicodeString\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/94ad893e1e59c1d079221324d38945d2aad8703f\"\u003e\u003ccode\u003e94ad893\u003c/code\u003e\u003c/a\u003e windows: add GetIfTable2Ex, GetIpInterface{Entry,Table}, GetUnicastIpAddressT...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/54fe89f8411576c06b345b341ca79a77d878a4ad\"\u003e\u003ccode\u003e54fe89f\u003c/code\u003e\u003c/a\u003e cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/sys/commit/df7d5d7b60641d17d87e2b50911124cb65f954fd\"\u003e\u003ccode\u003edf7d5d7\u003c/code\u003e\u003c/a\u003e unix: automatically remove container created by mkall.sh\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/sys/compare/v0.43.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.80.0 to 1.81.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.81.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds/rbac: Fix a potential authorization bypass caused by incorrectly falling through URI/DNS SANs to Subject Distinguished Name (DN) when matching the authenticated principal name. With this fix, only the first non-empty identity source will be used, as per \u003ca href=\"https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md\"\u003egRFC A41\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/al4an444\"\u003e\u003ccode\u003e@​al4an444\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eotel: Segregate client and server RPC information used for metrics and traces, to avoid one overwriting the other. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.81.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8808\"\u003e#8808\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDependencies\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eMinimum supported Go version is now 1.25. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8969\"\u003e#8969\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8956\"\u003e#8956\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Send a \u003ccode\u003eRST_STREAM\u003c/code\u003e when receiving an \u003ccode\u003eEND_STREAM\u003c/code\u003e when the stream is not already half-closed. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8832\"\u003e#8832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Fix ADS resource name validation to prevent a panic. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8970\"\u003e#8970\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc/stats: Add support for custom labels in per-call metrics (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A108-otel-custom-per-call-label.md\"\u003egRFC A108\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9008\"\u003e#9008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for Server Name Indication (SNI) and SAN validation (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md\"\u003egRFC A101\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_SNI=true\u003c/code\u003e environment variable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9016\"\u003e#9016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md\"\u003egRFC A85\u003c/a\u003e). Disabled by default. To enable, set \u003ccode\u003eGRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9005\"\u003e#9005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add metrics to track xDS client connectivity and cached resource state (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md\"\u003egRFC A78\u003c/a\u003e). (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8807\"\u003e#8807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estats/otel: Enhance \u003ccode\u003egrpc.subchannel.disconnections\u003c/code\u003e metric by adding disconnection reason to the \u003ccode\u003egrpc.disconnect_error\u003c/code\u003e label (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A94-subchannel-otel-metrics.md\"\u003egRFC A94\u003c/a\u003e). This provides granular insights into why subchannels are closing. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8973\"\u003e#8973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emem: Add \u003ccode\u003emem.Buffer.Slice()\u003c/code\u003e API to slice the buffer like a slice. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8977\"\u003e#8977\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/ash2k\"\u003e\u003ccode\u003e@​ash2k\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ealts: Pool read buffers to lower memory utilization when sockets are unreadable. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8964\"\u003e#8964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etransport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set \u003ccode\u003eGRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false\u003c/code\u003e and report any issues. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9032\"\u003e#9032\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/caf0772c2bcb8bc15d43eb53448e921f34f0b7e8\"\u003e\u003ccode\u003ecaf0772\u003c/code\u003e\u003c/a\u003e Change version from 1.81.1-dev to 1.81.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9122\"\u003e#9122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6ccbeebf058ede71e43a5ac28fada2a736573215\"\u003e\u003ccode\u003e6ccbeeb\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9111\"\u003e#9111\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9121\"\u003e#9121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/b33c29e41b438e371c8504de9bdf64a80098cc29\"\u003e\u003ccode\u003eb33c29e\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9081\"\u003e#9081\u003c/a\u003e into v1.81.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9102\"\u003e#9102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/c45fae6d06a5c192b7b96418a2bc26a96b856834\"\u003e\u003ccode\u003ec45fae6\u003c/code\u003e\u003c/a\u003e Change version to 1.81.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/9063\"\u003e#9063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cb18228317ff523e63d931b4058b0329585b7dcd\"\u003e\u003ccode\u003ecb18228\u003c/code\u003e\u003c/a\u003e Cha...\n\n_Description has been truncated_","html_url":"https://github.com/cri-o/cri-o/pull/9975","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cri-o%2Fcri-o/issues/9975","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9975/packages"}},{"old_version":"5.2.3","new_version":"5.3.0","update_type":"minor","path":"/apps/api","pr_created_at":"2026-05-25T20:30:51.000Z","version_change":"5.2.3 → 5.3.0","issue":{"uuid":"4519379606","node_id":"PR_kwDOQNjm387fKbZL","number":121,"state":"open","title":"chore(deps): bump github.com/go-chi/chi/v5 from 5.2.3 to 5.3.0 in /apps/api","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T20:30:51.000Z","updated_at":"2026-05-25T20:32:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.2.3","new_version":"5.3.0","repository_url":"https://github.com/go-chi/chi"}],"path":"/apps/api","ecosystem":"go"},"body":"Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.2.3 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.ReplaceAll where applicable by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1046\"\u003ego-chi/chi#1046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePropagate inline middlewares across mounted subrouters by \u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd go 1.26 to ci by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1052\"\u003ego-chi/chi#1052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove last uses of io/ioutil by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1054\"\u003ego-chi/chi#1054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSimplify chi.walk with slices.Concat by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1053\"\u003ego-chi/chi#1053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply the stringscutprefix modernizer by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1051\"\u003ego-chi/chi#1051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimum Go to 1.23, always use request.Pattern by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1048\"\u003ego-chi/chi#1048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003emiddleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by \u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in Route doc comment by \u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: set Request.Pattern from RoutePattern() by \u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: middleware.ClientIP, a replacement for middleware.RealIP by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/967\"\u003ego-chi/chi#967\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LukasJenicek\"\u003e\u003ccode\u003e@​LukasJenicek\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1049\"\u003ego-chi/chi#1049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/alliasgher\"\u003e\u003ccode\u003e@​alliasgher\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1085\"\u003ego-chi/chi#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouwazi\"\u003e\u003ccode\u003e@​gouwazi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1073\"\u003ego-chi/chi#1073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/leno23\"\u003e\u003ccode\u003e@​leno23\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1097\"\u003ego-chi/chi#1097\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSECURITY: middleware.ClientIP, a replacement for middleware.RealIP\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e submitted PR \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf\"\u003eGHSA-9g5q-2w5x-hmxf\u003c/a\u003e — IP spoofing via XFF in \u003ccode\u003eRemoteAddr\u003c/code\u003e resolution (convto)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp\"\u003eGHSA-rjr7-jggh-pgcp\u003c/a\u003e — RealIP allows IP spoofing via unvalidated XFF (rezmoss)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx\"\u003eGHSA-3fxj-6jh8-hvhx\u003c/a\u003e — IP spoofing in \u003ccode\u003emiddleware.RealIP\u003c/code\u003e (Saku0512, Critical / 9.3)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIt also addresses issues outlined at:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/708\"\u003ego-chi/chi#708\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003ehttps://adam-p.ca/blog/2022/03/x-forwarded-for/\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/711\"\u003ego-chi/chi#711\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/453\"\u003ego-chi/chi#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003emiddleware.RealIP\u003c/code\u003e is deprecated in this PR with pointers to the new API.\u003c/p\u003e\n\u003cp\u003eThe deprecation only adds a \u003ccode\u003e// Deprecated:\u003c/code\u003e doc comment; the function keeps working for backward compatibility.\u003c/p\u003e\n\u003ch3\u003eWhy a new middleware (not \u0026quot;fix RealIP in place\u0026quot;)\u003c/h3\u003e\n\u003cp\u003e\u003ccode\u003eRealIP\u003c/code\u003e has two unfixable design choices: it mutates \u003ccode\u003er.RemoteAddr\u003c/code\u003e, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per \u003ca href=\"https://adam-p.ca/blog/2022/03/x-forwarded-for/\"\u003eadam-p's \u0026quot;The perils of the 'real' client IP\u0026quot;\u003c/a\u003e (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.\u003c/p\u003e\n\u003ch3\u003eThe new API\u003c/h3\u003e\n\u003cp\u003eFour middlewares, two accessors. Pick exactly one middleware based on your\ninfrastructure, read the result with one of the two accessors:\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// One of the four. There is no safe default — pick exactly one.\r\nfunc ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler\r\nfunc ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3b171578ca44dfd75ca3c5cbddc7b44c600a7b49\"\u003e\u003ccode\u003e3b17157\u003c/code\u003e\u003c/a\u003e feat: middleware.ClientIP, a replacement for middleware.RealIP (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/967\"\u003e#967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/818fdcfc4786168651768377ba647cf9dd5b3953\"\u003e\u003ccode\u003e818fdcf\u003c/code\u003e\u003c/a\u003e fix: set Request.Pattern from RoutePattern() (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/f975af0cb10cbefaccf0422385420fe62722d648\"\u003e\u003ccode\u003ef975af0\u003c/code\u003e\u003c/a\u003e Fix typo in Route doc comment (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1073\"\u003e#1073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/4ef87eaf2cfb27d3126d48194e1a84806acc1aed\"\u003e\u003ccode\u003e4ef87ea\u003c/code\u003e\u003c/a\u003e middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a54874f0e2f12647a19e82ee70dfa8185014100c\"\u003e\u003ccode\u003ea54874f\u003c/code\u003e\u003c/a\u003e Bump minimum Go to 1.23, always use request.Pattern (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1048\"\u003e#1048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/3328d4d3ab8a08547fa419ed657017355e6d3c4d\"\u003e\u003ccode\u003e3328d4d\u003c/code\u003e\u003c/a\u003e Apply the stringscutprefix modernizer (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1051\"\u003e#1051\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/be60b2ec5755a9072cdf27af3ba3034e84781d12\"\u003e\u003ccode\u003ebe60b2e\u003c/code\u003e\u003c/a\u003e Simplify chi.walk with slices.Concat (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/a36a925a6a195943ec104100d7d18757543e745f\"\u003e\u003ccode\u003ea36a925\u003c/code\u003e\u003c/a\u003e Remove last uses of io/ioutil (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1054\"\u003e#1054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/7d93ee3e86b4d477c20d809c9b1ce9a281dfd706\"\u003e\u003ccode\u003e7d93ee3\u003c/code\u003e\u003c/a\u003e add go 1.26 to ci (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/903cff2596eac0f72538ac46d696058351f1c3fb\"\u003e\u003ccode\u003e903cff2\u003c/code\u003e\u003c/a\u003e Propagate inline middlewares across mounted subrouters (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.3...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-chi/chi/v5\u0026package-manager=go_modules\u0026previous-version=5.2.3\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/egeuysall/ryva-archive/pull/121","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/egeuysall%2Fryva-archive/issues/121","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/121/packages"}}]}