{"id":16454,"name":"github.com/justinas/nosurf","ecosystem":"go","repository_url":"https://github.com/justinas/nosurf","issues_count":61,"created_at":"2025-06-07T00:24:11.465Z","updated_at":"2025-06-07T00:24:11.465Z","purl":"pkg:golang/github.com/justinas/nosurf","metadata":{"id":3494265,"name":"github.com/justinas/nosurf","ecosystem":"go","description":"Package nosurf implements an HTTP handler that\nmitigates Cross-Site Request Forgery Attacks.","homepage":"https://github.com/justinas/nosurf","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/justinas/nosurf","keywords_array":[],"namespace":"github.com/justinas","versions_count":4,"first_release_published_at":"2019-11-05T13:51:23.000Z","latest_release_published_at":"2025-05-13T12:21:47.000Z","latest_release_number":"v1.2.0","last_synced_at":"2025-06-06T04:01:21.005Z","created_at":"2022-04-10T19:23:32.736Z","updated_at":"2025-06-06T04:01:21.005Z","registry_url":"https://pkg.go.dev/github.com/justinas/nosurf","install_command":"go get github.com/justinas/nosurf","documentation_url":"https://pkg.go.dev/github.com/justinas/nosurf#section-documentation","metadata":{},"repo_metadata":{"uuid":"12303687","full_name":"justinas/nosurf","owner":"justinas","description":"CSRF protection middleware for Go.","archived":false,"fork":false,"pushed_at":"2022-11-11T14:31:19.000Z","size":98,"stargazers_count":1386,"open_issues_count":13,"forks_count":119,"subscribers_count":35,"default_branch":"master","last_synced_at":"2023-03-13T14:16:08.050Z","etag":null,"topics":["csrf","go","middleware","security"],"latest_commit_sha":null,"homepage":"http://godoc.org/github.com/justinas/nosurf","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"logo_url":null,"metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-08-22T17:47:34.000Z","updated_at":"2023-03-13T02:34:12.000Z","dependencies_parsed_at":"2023-01-13T15:48:11.395Z","dependency_job_id":null,"html_url":"https://github.com/justinas/nosurf","commit_stats":null,"repository_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/justinas%2Fnosurf","tags_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/justinas%2Fnosurf/tags","manifests_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/justinas%2Fnosurf/manifests","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/justinas","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":108921946,"host_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names"},"owner_record":{"login":"justinas","name":"Justinas Stankevičius","uuid":"662666","kind":"user","description":"","email":"","website":"http://justinas.org/","location":"Vilnius, Lithuania","twitter":null,"company":"@gravitational","avatar_url":"https://avatars.githubusercontent.com/u/662666?v=4","repositories_count":11,"last_synced_at":"2023-02-22T00:50:34.176Z","metadata":{"has_sponsors_listing":false},"owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/justinas"},"tags":[{"name":"v1.1.1","sha":"4d86df7a4affa1fa50ab39fb09aac56c3ce9c314","kind":"commit","published_at":"2020-08-30T15:00:32.000Z","download_url":"https://codeload.github.com/justinas/nosurf/tar.gz/v1.1.1","html_url":"https://github.com/justinas/nosurf/releases/tag/v1.1.1"},{"name":"v1.1.0","sha":"e51517007dc9daa543fc05e7d63f2636815757a3","kind":"commit","published_at":"2019-11-05T13:56:40.000Z","download_url":"https://codeload.github.com/justinas/nosurf/tar.gz/v1.1.0","html_url":"https://github.com/justinas/nosurf/releases/tag/v1.1.0"},{"name":"v1.0.0","sha":"57722cd9c9fefb2b3bcead395926c661307c287c","kind":"commit","published_at":"2019-11-05T13:51:23.000Z","download_url":"https://codeload.github.com/justinas/nosurf/tar.gz/v1.0.0","html_url":"https://github.com/justinas/nosurf/releases/tag/v1.0.0"}]},"repo_metadata_updated_at":"2023-03-21T18:38:21.959Z","dependent_packages_count":382,"downloads":null,"downloads_period":null,"dependent_repos_count":657,"rankings":{"downloads":null,"dependent_repos_count":0.2878917402562911,"dependent_packages_count":0.21454418697297659,"stargazers_count":1.75325254427463,"forks_count":2.407604906712702,"docker_downloads_count":0.878925702144612,"average":1.1084438160722423},"purl":"pkg:golang/github.com/justinas/nosurf","advisories":[{"uuid":"GSA_kwCzR0hTQS01eDg0LXE1MjMtdnZ3cs4AAwoU","url":"https://github.com/advisories/GHSA-5x84-q523-vvwr","title":"nosurf vulnerable to improper input validation","description":"Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-12-28T00:30:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2020-36564","https://github.com/justinas/nosurf/pull/60","https://github.com/justinas/nosurf/commit/4d86df7a4affa1fa50ab39fb09aac56c3ce9c314","https://pkg.go.dev/vuln/GO-2020-0049","https://github.com/advisories/GHSA-5x84-q523-vvwr"],"source_kind":"github","identifiers":["GHSA-5x84-q523-vvwr","CVE-2020-36564"],"repository_url":"https://github.com/justinas/nosurf","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.1.1","vulnerable_version_range":"\u003c 1.1.1"}],"ecosystem":"go","package_name":"github.com/justinas/nosurf"}],"created_at":"2022-12-30T20:03:01.439Z","updated_at":"2023-02-03T05:01:32.000Z","epss_percentage":0.00073,"epss_percentile":0.22726},{"uuid":"GSA_kwCzR0hTQS13OWhmLTM1cTQtdmNqd84ABH1o","url":"https://github.com/advisories/GHSA-w9hf-35q4-vcjw","title":"nosurf vulnerable to CSRF due to non-functional same-origin request checks","description":"### Impact\n\nThis vulnerability allows an attacker who controls content on the target site, or on a subdomain of the target site (either via XSS, or otherwise) to bypass Cross-Site Request Forgery checks and issue requests on user's behalf.\n\n### Details\n\nDue to misuse of the Go `net/http` library, nosurf categorizes all incoming requests as plain-text HTTP requests, in which case the `Referer` header is not checked to have the same origin as the target webpage.\n\nIf the attacker has control over HTML contents on either the target website (e.g. `example.com`), or on a website hosted on a subdomain of the target (e.g. `attacker.example.com`), they will also be able to manipulate cookies set for the target website. By acquiring the secret CSRF token from the cookie, or overriding the cookie with a new token known to the attacker, `attacker.example.com` is able to craft cross-site requests to `example.com`. \n\n### Patches\n\nA patch for the issue was released in nosurf 1.2.0.\n\n### Workarounds\n\nIn lieu of upgrading to a patched version of nosurf, users may additionally use another HTTP middleware to ensure that a non-safe HTTP request is coming from the same origin (e.g. by requiring a `Sec-Fetch-Site: same-origin` header in the request).\n\n### References\n\nhttps://github.com/advisories/GHSA-rq77-p4h8-4crw\nhttps://github.com/justinas/nosurf-cve-2025-46721\nhttps://www.cve.org/CVERecord?id=CVE-2025-46721\nhttps://github.com/justinas/nosurf/releases/tag/v1.2.0","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-05-14T14:56:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.0,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N","references":["https://github.com/justinas/nosurf/security/advisories/GHSA-w9hf-35q4-vcjw","https://nvd.nist.gov/vuln/detail/CVE-2025-46721","https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee","https://github.com/advisories/GHSA-rq77-p4h8-4crw","https://github.com/justinas/nosurf-cve-2025-46721","https://github.com/justinas/nosurf/releases/tag/v1.2.0","https://github.com/advisories/GHSA-w9hf-35q4-vcjw"],"source_kind":"github","identifiers":["GHSA-w9hf-35q4-vcjw","CVE-2025-46721"],"repository_url":"https://github.com/justinas/nosurf","blast_radius":16.905392217358685,"packages":[{"versions":[{"first_patched_version":"1.2.0","vulnerable_version_range":"\u003c 1.2.0"}],"ecosystem":"go","package_name":"github.com/justinas/nosurf"}],"created_at":"2025-05-14T15:08:49.233Z","updated_at":"2025-05-14T14:56:28.000Z","epss_percentage":0.0002,"epss_percentile":0.0384}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/justinas/nosurf","docker_dependents_count":21,"docker_downloads_count":87931,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/justinas/nosurf","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/justinas/nosurf/dependencies","status":null,"funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fjustinas%2Fnosurf/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fjustinas%2Fnosurf/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fjustinas%2Fnosurf/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fjustinas%2Fnosurf/related_packages","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":1886302,"maintainers_count":0,"namespaces_count":723964,"keywords_count":98339,"github":"golang","metadata":{"funded_packages_count":39348},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2025-06-07T05:37:05.003Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},"unique_repositories_count":51,"unique_repositories_count_past_30_days":2,"recent_issues":[{"uuid":"2892576704","node_id":"PR_kwDODXDpc86saTfA","number":88,"state":"closed","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0 in /contrib/gin-gonic/gin","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-10-07T04:36:32.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-10-07T04:17:34.000Z","updated_at":"2025-10-07T04:36:32.000Z","time_to_close":1138,"merged_at":"2025-10-07T04:36:32.000Z","merged_by":"CAFxX","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":"/contrib/gin-gonic/gin","ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CAFxX/httpcompression/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/CAFxX/httpcompression/pull/88","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/CAFxX%2Fhttpcompression/issues/88","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/88/packages"},{"uuid":"2866079682","node_id":"PR_kwDOP3wzdc6q1OfC","number":1,"state":"open","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-09-27T05:12:12.000Z","updated_at":"2025-09-27T05:12:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/HackersChat/yarn/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackersChat%2Fyarn/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"3364473193","node_id":"PR_kwDOK6_4Is6l3iVn","number":26,"state":"closed","title":"Bump the go_modules group across 3 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-09-07T18:01:19.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-08-28T19:42:39.000Z","updated_at":"2025-09-07T18:01:21.000Z","time_to_close":857920,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":4,"packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"},{"name":"golang.org/x/crypto","old_version":"0.21.0","new_version":"0.35.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.23.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"},{"name":"github.com/gofiber/fiber/v2","old_version":"2.52.5","new_version":"2.52.9","repository_url":"https://github.com/gofiber/fiber"},{"name":"golang.org/x/crypto","old_version":"0.21.0","new_version":"0.35.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.23.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the /contrib/gin-gonic/gin directory: [github.com/justinas/nosurf](https://github.com/justinas/nosurf), [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).\nBumps the go_modules group with 1 update in the /contrib/gofiber/fiber/v2 directory: [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber).\nBumps the go_modules group with 2 updates in the /contrib/labstack/echo directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.21.0 to 0.35.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22\"\u003e\u003ccode\u003e7292932\u003c/code\u003e\u003c/a\u003e ssh: limit the size of the internal packet queue while waiting for KEX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c\"\u003e\u003ccode\u003ef66f74b\u003c/code\u003e\u003c/a\u003e acme/autocert: check host policy before probing the cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85\"\u003e\u003ccode\u003eb0784b7\u003c/code\u003e\u003c/a\u003e x509roots/fallback: drop obsolete build constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20\"\u003e\u003ccode\u003e911360c\u003c/code\u003e\u003c/a\u003e all: bump golang.org/x/crypto dependencies of asm generators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f\"\u003e\u003ccode\u003e89ff08d\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2\"\u003e\u003ccode\u003ee47973b\u003c/code\u003e\u003c/a\u003e all: update certs for go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902\"\u003e\u003ccode\u003e9290511\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a\"\u003e\u003ccode\u003efa5273e\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196\"\u003e\u003ccode\u003ea8ea4be\u003c/code\u003e\u003c/a\u003e ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6\"\u003e\u003ccode\u003e71d3a4c\u003c/code\u003e\u003c/a\u003e acme: support challenges that require the ACME client to send a non-empty JSO...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.21.0...v0.35.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.23.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.23.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gofiber/fiber/v2` from 2.52.5 to 2.52.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gofiber/fiber/releases\"\u003egithub.com/gofiber/fiber/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.52.9\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd upper index limit for parsers by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3503\"\u003egofiber/fiber#3503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmbedded struct parsing by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3478\"\u003egofiber/fiber#3478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Content-Type comparison in \u003ccode\u003eIs()\u003c/code\u003e by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3537\"\u003egofiber/fiber#3537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix MIME type equality checks by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3603\"\u003egofiber/fiber#3603\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.8...v2.52.9\"\u003ehttps://github.com/gofiber/fiber/compare/v2.52.8...v2.52.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.52.8\u003c/h2\u003e\n\u003ch2\u003e👮 Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for BodyParser - GHSA-hg3g-gphw-5hhm\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🧹 Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport ctx.String() from v3 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3294\"\u003egofiber/fiber#3294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix routing with mount and static by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3454\"\u003egofiber/fiber#3454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📚 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate usage of ctx.Redirect() by \u003ca href=\"https://github.com/andradei\"\u003e\u003ccode\u003e@​andradei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3417\"\u003egofiber/fiber#3417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd AGENTS.md by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3461\"\u003egofiber/fiber#3461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.6...v2.52.8\"\u003ehttps://github.com/gofiber/fiber/compare/v2.52.6...v2.52.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.52.6\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse Content-Length for bytesReceived and bytesSent tags in Logger Middleware in v2 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3067\"\u003egofiber/fiber#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix handle un-matched open brackets in the query params by \u003ca href=\"https://github.com/dojutsu-user\"\u003e\u003ccode\u003e@​dojutsu-user\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3121\"\u003egofiber/fiber#3121\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMiddleware/CORS: Remove Scheme Restriction by \u003ca href=\"https://github.com/zingi\"\u003e\u003ccode\u003e@​zingi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3168\"\u003egofiber/fiber#3168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect Immutable config for Body() by \u003ca href=\"https://github.com/nickajacks1\"\u003e\u003ccode\u003e@​nickajacks1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3246\"\u003egofiber/fiber#3246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport Square Bracket Notation in Multipart Form data by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3268\"\u003egofiber/fiber#3268\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📚 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd detailed documentation for the templates guide by \u003ca href=\"https://github.com/grivera64\"\u003e\u003ccode\u003e@​grivera64\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3113\"\u003egofiber/fiber#3113\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🛠️ Maintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate benchmark-action to v1.20.3 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3084\"\u003egofiber/fiber#3084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CODEOWNERS file by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3124\"\u003egofiber/fiber#3124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3254\"\u003egofiber/fiber#3254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/1197a22735820680ccfa241914b925f3820fcfd4\"\u003e\u003ccode\u003e1197a22\u003c/code\u003e\u003c/a\u003e Update app.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/b60408c9bde7e71faac0519aa680a6fb8d64a255\"\u003e\u003ccode\u003eb60408c\u003c/code\u003e\u003c/a\u003e 🐛 bug: Fix MIME type equality checks (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3603\"\u003e#3603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/845f95f441718b1be1cf228f879f0a761118f317\"\u003e\u003ccode\u003e845f95f\u003c/code\u003e\u003c/a\u003e 🐛 bug: Fix Content-Type comparison in Is() (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3537\"\u003e#3537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/1c037c4900cf87dd110a69e4f0b542f64ecb84b3\"\u003e\u003ccode\u003e1c037c4\u003c/code\u003e\u003c/a\u003e 🧹 chore: Add upper index limit for parsers (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3503\"\u003e#3503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/40d14a9c717a3db1222ba480b9a26cddd6cd231b\"\u003e\u003ccode\u003e40d14a9\u003c/code\u003e\u003c/a\u003e 🐛 fix: Embedded struct parsing (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3478\"\u003e#3478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/b6f077275f12d25e0a4aecf59d01d77be8005ee8\"\u003e\u003ccode\u003eb6f0772\u003c/code\u003e\u003c/a\u003e Update AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/22c3c0ced919f73309018b7a7d27b029bad3e4b4\"\u003e\u003ccode\u003e22c3c0c\u003c/code\u003e\u003c/a\u003e Update app.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/e115c08b8f059a4a031b492aa9eef0712411853d\"\u003e\u003ccode\u003ee115c08\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/d15355116c37102bd9a8bcc252e3e3e399671af7\"\u003e\u003ccode\u003ed153551\u003c/code\u003e\u003c/a\u003e Update AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/7db10b6976b70f3fa780cffc9417923265bdafd2\"\u003e\u003ccode\u003e7db10b6\u003c/code\u003e\u003c/a\u003e docs: Add AGENTS.md (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3461\"\u003e#3461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.5...v2.52.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.21.0 to 0.35.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22\"\u003e\u003ccode\u003e7292932\u003c/code\u003e\u003c/a\u003e ssh: limit the size of the internal packet queue while waiting for KEX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c\"\u003e\u003ccode\u003ef66f74b\u003c/code\u003e\u003c/a\u003e acme/autocert: check host policy before probing the cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85\"\u003e\u003ccode\u003eb0784b7\u003c/code\u003e\u003c/a\u003e x509roots/fallback: drop obsolete build constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20\"\u003e\u003ccode\u003e911360c\u003c/code\u003e\u003c/a\u003e all: bump golang.org/x/crypto dependencies of asm generators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f\"\u003e\u003ccode\u003e89ff08d\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2\"\u003e\u003ccode\u003ee47973b\u003c/code\u003e\u003c/a\u003e all: update certs for go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902\"\u003e\u003ccode\u003e9290511\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a\"\u003e\u003ccode\u003efa5273e\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196\"\u003e\u003ccode\u003ea8ea4be\u003c/code\u003e\u003c/a\u003e ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6\"\u003e\u003ccode\u003e71d3a4c\u003c/code\u003e\u003c/a\u003e acme: support challenges that require the ACME client to send a non-empty JSO...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.21.0...v0.35.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.23.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.23.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/echocat/go-httpcompression/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/echocat/go-httpcompression/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/echocat%2Fgo-httpcompression/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"},{"uuid":"2759954667","node_id":"PR_kwDOOZsb7M6kgZDr","number":2,"state":"open","title":"chore(deps): bump the go_modules group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-20T14:07:25.000Z","updated_at":"2025-08-20T14:07:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go_modules","update_count":6,"packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.1.0","new_version":"5.2.2","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"},{"name":"github.com/open-policy-agent/opa","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/open-policy-agent/opa"},{"name":"github.com/cloudflare/circl","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/cloudflare/circl"},{"name":"github.com/go-viper/mapstructure/v2","old_version":"2.2.1","new_version":"2.3.0","repository_url":"https://github.com/go-viper/mapstructure"},{"name":"github.com/hashicorp/go-getter","old_version":"1.7.8","new_version":"1.7.9","repository_url":"https://github.com/hashicorp/go-getter"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.1.0` | `5.2.2` |\n| [github.com/justinas/nosurf](https://github.com/justinas/nosurf) | `1.1.1` | `1.2.0` |\n| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.3.0` | `1.4.0` |\n| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.6.0` | `1.6.1` |\n| [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) | `2.2.1` | `2.3.0` |\n| [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) | `1.7.8` | `1.7.9` |\n\n\nUpdates `github.com/go-chi/chi/v5` from 5.1.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.Cut in a few places by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/971\"\u003ego-chi/chi#971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix non-constant format strings in t.Fatalf by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/972\"\u003ego-chi/chi#972\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply fieldalignment fixes to optimize struct memory layout by \u003ca href=\"https://github.com/pixel365\"\u003e\u003ccode\u003e@​pixel365\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/974\"\u003ego-chi/chi#974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego 1.24 by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/977\"\u003ego-chi/chi#977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: delint ioutil usage by \u003ca href=\"https://github.com/costela\"\u003e\u003ccode\u003e@​costela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/962\"\u003ego-chi/chi#962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed typo in Router interface definition by \u003ca href=\"https://github.com/mithileshgupta12\"\u003e\u003ccode\u003e@​mithileshgupta12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/958\"\u003ego-chi/chi#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for TinyGo by \u003ca href=\"https://github.com/efraimbart\"\u003e\u003ccode\u003e@​efraimbart\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/978\"\u003ego-chi/chi#978\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by \u003ca href=\"https://github.com/cxjava\"\u003e\u003ccode\u003e@​cxjava\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/982\"\u003ego-chi/chi#982\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake use of strings.Cut by \u003ca href=\"https://github.com/scop\"\u003e\u003ccode\u003e@​scop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1005\"\u003ego-chi/chi#1005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange install command format to code block by \u003ca href=\"https://github.com/sglkc\"\u003e\u003ccode\u003e@​sglkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1001\"\u003ego-chi/chi#1001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect documentation by \u003ca href=\"https://github.com/mrdomino\"\u003e\u003ccode\u003e@​mrdomino\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/992\"\u003ego-chi/chi#992\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fix\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93\"\u003eGHSA-vrw8-fxc6-2r93\u003c/a\u003e - \u0026quot;Host Header Injection Leads to Open Redirect in RedirectSlashes\u0026quot; \u003ca href=\"https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65\"\u003ecommit\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003ea lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header\u003c/li\u003e\n\u003cli\u003ereported by Anuraag Baishya, \u003ca href=\"https://github.com/anuraagbaishya\"\u003e\u003ccode\u003e@​anuraagbaishya\u003c/code\u003e\u003c/a\u003e. Thank you!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixel365\"\u003e\u003ccode\u003e@​pixel365\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/974\"\u003ego-chi/chi#974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mithileshgupta12\"\u003e\u003ccode\u003e@​mithileshgupta12\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/958\"\u003ego-chi/chi#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/efraimbart\"\u003e\u003ccode\u003e@​efraimbart\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/978\"\u003ego-chi/chi#978\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cxjava\"\u003e\u003ccode\u003e@​cxjava\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/982\"\u003ego-chi/chi#982\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sglkc\"\u003e\u003ccode\u003e@​sglkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1001\"\u003ego-chi/chi#1001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mrdomino\"\u003e\u003ccode\u003e@​mrdomino\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/992\"\u003ego-chi/chi#992\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/go-chi/chi/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e⚠️  Chi supports Go 1.20+\u003c/h2\u003e\n\u003cp\u003eStarting this release, we will now support the four most recent major versions of Go. See \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/963\"\u003ego-chi/chi#963\u003c/a\u003e for related discussion.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport the four most recent major versions of Go by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/969\"\u003ego-chi/chi#969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/go-chi/chi/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eupdate credits section to link to goji license by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/944\"\u003ego-chi/chi#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego 1.23 by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/945\"\u003ego-chi/chi#945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake Context.RoutePattern() nil-safe by \u003ca href=\"https://github.com/gaiaz-iusipov\"\u003e\u003ccode\u003e@​gaiaz-iusipov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/927\"\u003ego-chi/chi#927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egovet: Fix non-constant format string by \u003ca href=\"https://github.com/marcofranssen\"\u003e\u003ccode\u003e@​marcofranssen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/952\"\u003ego-chi/chi#952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eFind\u003c/code\u003e to \u003ccode\u003eRoutes\u003c/code\u003e interface by \u003ca href=\"https://github.com/joeriddles\"\u003e\u003ccode\u003e@​joeriddles\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/872\"\u003ego-chi/chi#872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix grammar error by \u003ca href=\"https://github.com/AntonC9018\"\u003e\u003ccode\u003e@​AntonC9018\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/917\"\u003ego-chi/chi#917\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cdel\u003efeat(): add CF-Connecting-IP by \u003ca href=\"https://github.com/n33pm\"\u003e\u003ccode\u003e@​n33pm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/del\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cdel\u003eRevert \u0026quot;feat(): add CF-Connecting-IP\u0026quot; by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/966\"\u003ego-chi/chi#966\u003c/a\u003e\u003c/del\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/23c395f8524a30334126ca16fb4d37b88745b9b9\"\u003e\u003ccode\u003e23c395f\u003c/code\u003e\u003c/a\u003e Correct documentation (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/992\"\u003e#992\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/5516d147c14a2b03824be7076fc6200bed906901\"\u003e\u003ccode\u003e5516d14\u003c/code\u003e\u003c/a\u003e docs: change install code to code block (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1001\"\u003e#1001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/e235052c10146fb724439442fc9d9a23e19fe931\"\u003e\u003ccode\u003ee235052\u003c/code\u003e\u003c/a\u003e Make use of strings.Cut (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1005\"\u003e#1005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65\"\u003e\u003ccode\u003e1be7ad9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/d7034fdfdaefd10f1bc1a7b813bc979f2eda3a36\"\u003e\u003ccode\u003ed7034fd\u003c/code\u003e\u003c/a\u003e Exclude profiler when use tinygo (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/982\"\u003e#982\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/d04703412f631922c8dd1527c6500627174828c1\"\u003e\u003ccode\u003ed047034\u003c/code\u003e\u003c/a\u003e support tinygo (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/978\"\u003e#978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/fe2c065bc046056aecfa141022509a1e25bdd04b\"\u003e\u003ccode\u003efe2c065\u003c/code\u003e\u003c/a\u003e Fixed the typo (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/958\"\u003e#958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/1aae5b2d2dc8f9e8ea1f68a7462693aaaa5f368c\"\u003e\u003ccode\u003e1aae5b2\u003c/code\u003e\u003c/a\u003e chore: delint ioutil usage (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/962\"\u003e#962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/c6225e35a4880a9a884c135b5f847a74e1e3a01e\"\u003e\u003ccode\u003ec6225e3\u003c/code\u003e\u003c/a\u003e go 1.24 (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/977\"\u003e#977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/e846b8304c769c4f1a51c9de06bebfaa4576bd88\"\u003e\u003ccode\u003ee846b83\u003c/code\u003e\u003c/a\u003e Apply fieldalignment fixes to optimize struct memory layout (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/974\"\u003e#974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.1.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/open-policy-agent/opa` from 1.3.0 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/releases\"\u003egithub.com/open-policy-agent/opa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadopters: Cloudsmith adds support for OPA (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7498\"\u003e#7498\u003c/a\u003e) authored by \u003ca href=\"https://github.com/ndouglas-cloudsmith\"\u003e\u003ccode\u003e@​ndouglas-cloudsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md\"\u003egithub.com/open-policy-agent/opa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/8b0720247e65b97fe7715ca15682fee4040df4d1\"\u003e\u003ccode\u003e8b07202\u003c/code\u003e\u003c/a\u003e Prepare v1.4.0 release (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7541\"\u003e#7541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c\"\u003e\u003ccode\u003ead20632\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/24ff9cfb3ad0a6a5629f0b21458982d325ee03c5\"\u003e\u003ccode\u003e24ff9cf\u003c/code\u003e\u003c/a\u003e fix: return the raw strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7525\"\u003e#7525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/254f3bf0b9ee5faf1972ba31bbbe749bba19a000\"\u003e\u003ccode\u003e254f3bf\u003c/code\u003e\u003c/a\u003e fix(status plugin): make sure the latest status is read before manually trigg...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/9b5f6010c0503cd91eed8a56268a02d4895a42b4\"\u003e\u003ccode\u003e9b5f601\u003c/code\u003e\u003c/a\u003e docs: fix post merge badge (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7532\"\u003e#7532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/e4902774778da576da2a8f4b2fd50df6cc3da8b5\"\u003e\u003ccode\u003ee490277\u003c/code\u003e\u003c/a\u003e docs: Point path versioned requests to new sites (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7531\"\u003e#7531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/d65888c14f4cb2d67929590604415e35ba75f58c\"\u003e\u003ccode\u003ed65888c\u003c/code\u003e\u003c/a\u003e plugins/status: FIFO buffer channel for status events to prevent slow status ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/eb77d10971ec772c3ac4968d4abe3666037d0338\"\u003e\u003ccode\u003eeb77d10\u003c/code\u003e\u003c/a\u003e docs: update edge links to use /docs/edge/ path (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7529\"\u003e#7529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/f07d604b4f4b37c29324643cc75b82e3e0070aea\"\u003e\u003ccode\u003ef07d604\u003c/code\u003e\u003c/a\u003e docs: Set versioned docs links to point to archive (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7528\"\u003e#7528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/828b8cb1568bc2a3eba7d0b87101a6c0679eee06\"\u003e\u003ccode\u003e828b8cb\u003c/code\u003e\u003c/a\u003e docs: improve request headers documentation in REST APIs (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7524\"\u003e#7524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cloudflare/circl` from 1.6.0 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/circl/releases\"\u003egithub.com/cloudflare/circl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCIRCL v1.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes some point checks on the FourQ curve.\u003c/li\u003e\n\u003cli\u003eHybrid KEM fails on low-order points.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ekem/hybrid: ensure X25519 hybrids fails with low order points by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/541\"\u003ecloudflare/circl#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.github: Use native ARM64 builders instead of QEMU by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/542\"\u003ecloudflare/circl#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes several errors on twisted Edwards curves. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/545\"\u003ecloudflare/circl#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.6.1 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/546\"\u003ecloudflare/circl#546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c6d33e35234ebf5c4319d12ae7d77d7d17053e56\"\u003e\u003ccode\u003ec6d33e3\u003c/code\u003e\u003c/a\u003e Release v1.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/0c3868ef6fc8ce864bc4104863186afdd2947f14\"\u003e\u003ccode\u003e0c3868e\u003c/code\u003e\u003c/a\u003e curve4q: Shared must fail with low order points.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/9fd570dd508eef941d3f42fb94413a899b96d52e\"\u003e\u003ccode\u003e9fd570d\u003c/code\u003e\u003c/a\u003e curve4q: Test showing DH does not fails on identity point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c988ceba827fe09896e770c152646dded447903d\"\u003e\u003ccode\u003ec988ceb\u003c/code\u003e\u003c/a\u003e fourq: Correctly unmarshalling point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/ef2611dcde7f6d25e31082412bbb30f2a870d133\"\u003e\u003ccode\u003eef2611d\u003c/code\u003e\u003c/a\u003e fourq: Test showing point unmarshal fails.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/05eba44d1a35f979c5f3ac914bcc50c1122e8ced\"\u003e\u003ccode\u003e05eba44\u003c/code\u003e\u003c/a\u003e fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/eef08780cc3cb9befa20014e65f731391103be6b\"\u003e\u003ccode\u003eeef0878\u003c/code\u003e\u003c/a\u003e fourq: Test showing isEqual and IsOnCurve fail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/2298474ef688938e4a81ca14990b9a11a8677e2a\"\u003e\u003ccode\u003e2298474\u003c/code\u003e\u003c/a\u003e goldilocks; Handling points with z=0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/5a940a111507232035d0b753fbf3068c52d6b8ac\"\u003e\u003ccode\u003e5a940a1\u003c/code\u003e\u003c/a\u003e goldilocks: Test for IsEqual must fail with Z=0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/48c3b6a2746a18db4d8b675ab296980514359340\"\u003e\u003ccode\u003e48c3b6a\u003c/code\u003e\u003c/a\u003e ed25519: Fix isEqual to handle points with Z=0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-viper/mapstructure/releases\"\u003egithub.com/go-viper/mapstructure/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.1.7 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/46\"\u003ego-viper/mapstructure#46\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/47\"\u003ego-viper/mapstructure#47\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[enhancement] Add check for \u003ccode\u003ereflect.Value\u003c/code\u003e in \u003ccode\u003eComposeDecodeHookFunc\u003c/code\u003e by \u003ca href=\"https://github.com/mahadzaryab1\"\u003e\u003ccode\u003e@​mahadzaryab1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/52\"\u003ego-viper/mapstructure#52\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/51\"\u003ego-viper/mapstructure#51\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.0 to 4.2.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/50\"\u003ego-viper/mapstructure#50\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/55\"\u003ego-viper/mapstructure#55\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/58\"\u003ego-viper/mapstructure#58\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add Go 1.24 to the test matrix by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/74\"\u003ego-viper/mapstructure#74\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/72\"\u003ego-viper/mapstructure#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/76\"\u003ego-viper/mapstructure#76\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/78\"\u003ego-viper/mapstructure#78\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add decode hook for netip.Prefix by \u003ca href=\"https://github.com/tklauser\"\u003e\u003ccode\u003e@​tklauser\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/85\"\u003ego-viper/mapstructure#85\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/86\"\u003ego-viper/mapstructure#86\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/87\"\u003ego-viper/mapstructure#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/93\"\u003ego-viper/mapstructure#93\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/92\"\u003ego-viper/mapstructure#92\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/97\"\u003ego-viper/mapstructure#97\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/96\"\u003ego-viper/mapstructure#96\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/90\"\u003ego-viper/mapstructure#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd omitzero tag. by \u003ca href=\"https://github.com/Crystalix007\"\u003e\u003ccode\u003e@​Crystalix007\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/98\"\u003ego-viper/mapstructure#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse error structs instead of duplicated strings by \u003ca href=\"https://github.com/m1k1o\"\u003e\u003ccode\u003e@​m1k1o\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/102\"\u003ego-viper/mapstructure#102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/101\"\u003ego-viper/mapstructure#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add common error interface by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/105\"\u003ego-viper/mapstructure#105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate linter by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/106\"\u003ego-viper/mapstructure#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeature allow unset pointer by \u003ca href=\"https://github.com/rostislaved\"\u003e\u003ccode\u003e@​rostislaved\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/80\"\u003ego-viper/mapstructure#80\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tklauser\"\u003e\u003ccode\u003e@​tklauser\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/85\"\u003ego-viper/mapstructure#85\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/90\"\u003ego-viper/mapstructure#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Crystalix007\"\u003e\u003ccode\u003e@​Crystalix007\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/98\"\u003ego-viper/mapstructure#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rostislaved\"\u003e\u003ccode\u003e@​rostislaved\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/80\"\u003ego-viper/mapstructure#80\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0\"\u003ehttps://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/8c61ec1924fcfa522f9fc6b4618c672db61d1a38\"\u003e\u003ccode\u003e8c61ec1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/80\"\u003e#80\u003c/a\u003e from rostislaved/feature-allow-unset-pointer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/df765f469ad16a1996fd0f0ae6a32b20535b966a\"\u003e\u003ccode\u003edf765f4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/106\"\u003e#106\u003c/a\u003e from go-viper/update-linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/5f34b05aa12639380ef7c2af69eb6f8fd629dbd0\"\u003e\u003ccode\u003e5f34b05\u003c/code\u003e\u003c/a\u003e update linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/36de1e1d74f55681536097ff8467a8ce952ef183\"\u003e\u003ccode\u003e36de1e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/105\"\u003e#105\u003c/a\u003e from go-viper/error-refactor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/6a283a390ee7bc0f9331f58199db234902e0739f\"\u003e\u003ccode\u003e6a283a3\u003c/code\u003e\u003c/a\u003e chore: update error type doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/599cb73236404c044abcf278a45c3928d7480dd0\"\u003e\u003ccode\u003e599cb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/101\"\u003e#101\u003c/a\u003e from go-viper/dependabot/github_actions/github/codeql...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a\"\u003e\u003ccode\u003eed3f921\u003c/code\u003e\u003c/a\u003e feat: remove value from error messages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/a3f8b227dcdae324c070d389152837f0aa635f4b\"\u003e\u003ccode\u003ea3f8b22\u003c/code\u003e\u003c/a\u003e revert: error message change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/9661f6d07c319da00ae0508d99df5f3f0c3953bd\"\u003e\u003ccode\u003e9661f6d\u003c/code\u003e\u003c/a\u003e feat: add common error interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/f12f6c76fe743c8e4cc6465c6a9f16fcd8cede57\"\u003e\u003ccode\u003ef12f6c7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/102\"\u003e#102\u003c/a\u003e from m1k1o/prettify-errors2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/hashicorp/go-getter` from 1.7.8 to 1.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hashicorp/go-getter/releases\"\u003egithub.com/hashicorp/go-getter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up XZ decompression by 5x with bufio wrapper by \u003ca href=\"https://github.com/vsarunas\"\u003e\u003ccode\u003e@​vsarunas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/520\"\u003ehashicorp/go-getter#520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CI Workflow by \u003ca href=\"https://github.com/mohanmanikanta2299\"\u003e\u003ccode\u003e@​mohanmanikanta2299\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/522\"\u003ehashicorp/go-getter#522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Remove use of \u0026quot;mitchellh/go-testing-interface\u0026quot; for stdlib by \u003ca href=\"https://github.com/jrasell\"\u003e\u003ccode\u003e@​jrasell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/523\"\u003ehashicorp/go-getter#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: url redact of multiple sshkey by \u003ca href=\"https://github.com/dduzgun-security\"\u003e\u003ccode\u003e@​dduzgun-security\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/528\"\u003ehashicorp/go-getter#528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePublish arm binaries by \u003ca href=\"https://github.com/sethvargo\"\u003e\u003ccode\u003e@​sethvargo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/525\"\u003ehashicorp/go-getter#525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix errcheck lint errors and run it as part of pr checks by \u003ca href=\"https://github.com/abhijeetviswa\"\u003e\u003ccode\u003e@​abhijeetviswa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/530\"\u003ehashicorp/go-getter#530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix additional lint errors and increase linter scope by \u003ca href=\"https://github.com/abhijeetviswa\"\u003e\u003ccode\u003e@​abhijeetviswa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/531\"\u003ehashicorp/go-getter#531\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIND-3728 enabling dependabot by \u003ca href=\"https://github.com/KaushikiAnand\"\u003e\u003ccode\u003e@​KaushikiAnand\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/529\"\u003ehashicorp/go-getter#529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: go-getter subdir paths by \u003ca href=\"https://github.com/dduzgun-security\"\u003e\u003ccode\u003e@​dduzgun-security\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/540\"\u003ehashicorp/go-getter#540\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsarunas\"\u003e\u003ccode\u003e@​vsarunas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/520\"\u003ehashicorp/go-getter#520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jrasell\"\u003e\u003ccode\u003e@​jrasell\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/523\"\u003ehashicorp/go-getter#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sethvargo\"\u003e\u003ccode\u003e@​sethvargo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/525\"\u003ehashicorp/go-getter#525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/abhijeetviswa\"\u003e\u003ccode\u003e@​abhijeetviswa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/530\"\u003ehashicorp/go-getter#530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/KaushikiAnand\"\u003e\u003ccode\u003e@​KaushikiAnand\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/529\"\u003ehashicorp/go-getter#529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9\"\u003ehttps://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/e70221100018573cdc74411c95c19b2a372f6728\"\u003e\u003ccode\u003ee702211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/issues/532\"\u003e#532\u003c/a\u003e from hashicorp/dependabot/github_actions/actions-8948...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/df0a14fa67f2921eabff8fbdb51445ac03daeb87\"\u003e\u003ccode\u003edf0a14f\u003c/code\u003e\u003c/a\u003e [chore] : Bump the actions group with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/87541b2501c00df5eaedea6acc61a2a4a4efa5b7\"\u003e\u003ccode\u003e87541b2\u003c/code\u003e\u003c/a\u003e fix: go-getter subdir paths (\u003ca href=\"https://redirect.github.com/hashicorp/go-getter/issues/540\"\u003e#540\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/37130302313c9294df898ac96e2565a65369ec68\"\u003e\u003ccode\u003e3713030\u003c/code\u003e\u003c/a\u003e [Compliance] - PR Template Changes Required\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/af2dd3ca2764281bf6b7468e05028a8b114c63a7\"\u003e\u003ccode\u003eaf2dd3c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/issues/529\"\u003e#529\u003c/a\u003e from hashicorp/dependabot-intge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/bf526297fa4cd429fcf31da9e4a6bf6a0b512026\"\u003e\u003ccode\u003ebf52629\u003c/code\u003e\u003c/a\u003e updating dependabot.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/1f63e10d3b421544473bf52103b41eb423e2c897\"\u003e\u003ccode\u003e1f63e10\u003c/code\u003e\u003c/a\u003e changelog added, updated dependabot.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/45af45918c6958be58f87d1576ac4a0b32f7eb4b\"\u003e\u003ccode\u003e45af459\u003c/code\u003e\u003c/a\u003e fix additional lint errors and increase linter scope\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/c8c6aba0f7ad4e3937ef7cfcb50627520e498252\"\u003e\u003ccode\u003ec8c6aba\u003c/code\u003e\u003c/a\u003e fix errcheck lint errors and run it as part of pr checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/9b76f983e594375fdef9e231822c805c82ec9ed7\"\u003e\u003ccode\u003e9b76f98\u003c/code\u003e\u003c/a\u003e copywrite header added\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jadenblack/coder/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jadenblack/coder/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jadenblack%2Fcoder/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"2722472100","node_id":"PR_kwDOK6_4Is6iRaCk","number":24,"state":"open","title":"Bump the go_modules group across 3 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-05T21:30:22.000Z","updated_at":"2025-08-05T21:30:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":4,"packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"},{"name":"golang.org/x/crypto","old_version":"0.21.0","new_version":"0.35.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.23.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"},{"name":"github.com/gofiber/fiber/v2","old_version":"2.52.5","new_version":"2.52.9","repository_url":"https://github.com/gofiber/fiber"},{"name":"golang.org/x/crypto","old_version":"0.21.0","new_version":"0.35.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.23.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the /contrib/gin-gonic/gin directory: [github.com/justinas/nosurf](https://github.com/justinas/nosurf), [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).\nBumps the go_modules group with 1 update in the /contrib/gofiber/fiber/v2 directory: [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber).\nBumps the go_modules group with 2 updates in the /contrib/labstack/echo directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.21.0 to 0.35.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22\"\u003e\u003ccode\u003e7292932\u003c/code\u003e\u003c/a\u003e ssh: limit the size of the internal packet queue while waiting for KEX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c\"\u003e\u003ccode\u003ef66f74b\u003c/code\u003e\u003c/a\u003e acme/autocert: check host policy before probing the cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85\"\u003e\u003ccode\u003eb0784b7\u003c/code\u003e\u003c/a\u003e x509roots/fallback: drop obsolete build constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20\"\u003e\u003ccode\u003e911360c\u003c/code\u003e\u003c/a\u003e all: bump golang.org/x/crypto dependencies of asm generators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f\"\u003e\u003ccode\u003e89ff08d\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2\"\u003e\u003ccode\u003ee47973b\u003c/code\u003e\u003c/a\u003e all: update certs for go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902\"\u003e\u003ccode\u003e9290511\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a\"\u003e\u003ccode\u003efa5273e\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196\"\u003e\u003ccode\u003ea8ea4be\u003c/code\u003e\u003c/a\u003e ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6\"\u003e\u003ccode\u003e71d3a4c\u003c/code\u003e\u003c/a\u003e acme: support challenges that require the ACME client to send a non-empty JSO...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.21.0...v0.35.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.23.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.23.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gofiber/fiber/v2` from 2.52.5 to 2.52.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gofiber/fiber/releases\"\u003egithub.com/gofiber/fiber/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.52.9\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd upper index limit for parsers by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3503\"\u003egofiber/fiber#3503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmbedded struct parsing by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3478\"\u003egofiber/fiber#3478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Content-Type comparison in \u003ccode\u003eIs()\u003c/code\u003e by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3537\"\u003egofiber/fiber#3537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix MIME type equality checks by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3603\"\u003egofiber/fiber#3603\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.8...v2.52.9\"\u003ehttps://github.com/gofiber/fiber/compare/v2.52.8...v2.52.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.52.8\u003c/h2\u003e\n\u003ch2\u003e👮 Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for BodyParser - GHSA-hg3g-gphw-5hhm\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🧹 Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport ctx.String() from v3 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3294\"\u003egofiber/fiber#3294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix routing with mount and static by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3454\"\u003egofiber/fiber#3454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📚 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate usage of ctx.Redirect() by \u003ca href=\"https://github.com/andradei\"\u003e\u003ccode\u003e@​andradei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3417\"\u003egofiber/fiber#3417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd AGENTS.md by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3461\"\u003egofiber/fiber#3461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.6...v2.52.8\"\u003ehttps://github.com/gofiber/fiber/compare/v2.52.6...v2.52.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.52.6\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse Content-Length for bytesReceived and bytesSent tags in Logger Middleware in v2 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3067\"\u003egofiber/fiber#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix handle un-matched open brackets in the query params by \u003ca href=\"https://github.com/dojutsu-user\"\u003e\u003ccode\u003e@​dojutsu-user\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3121\"\u003egofiber/fiber#3121\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMiddleware/CORS: Remove Scheme Restriction by \u003ca href=\"https://github.com/zingi\"\u003e\u003ccode\u003e@​zingi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3168\"\u003egofiber/fiber#3168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect Immutable config for Body() by \u003ca href=\"https://github.com/nickajacks1\"\u003e\u003ccode\u003e@​nickajacks1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3246\"\u003egofiber/fiber#3246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport Square Bracket Notation in Multipart Form data by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3268\"\u003egofiber/fiber#3268\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📚 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd detailed documentation for the templates guide by \u003ca href=\"https://github.com/grivera64\"\u003e\u003ccode\u003e@​grivera64\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3113\"\u003egofiber/fiber#3113\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🛠️ Maintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate benchmark-action to v1.20.3 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3084\"\u003egofiber/fiber#3084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CODEOWNERS file by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3124\"\u003egofiber/fiber#3124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3254\"\u003egofiber/fiber#3254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/1197a22735820680ccfa241914b925f3820fcfd4\"\u003e\u003ccode\u003e1197a22\u003c/code\u003e\u003c/a\u003e Update app.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/b60408c9bde7e71faac0519aa680a6fb8d64a255\"\u003e\u003ccode\u003eb60408c\u003c/code\u003e\u003c/a\u003e 🐛 bug: Fix MIME type equality checks (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3603\"\u003e#3603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/845f95f441718b1be1cf228f879f0a761118f317\"\u003e\u003ccode\u003e845f95f\u003c/code\u003e\u003c/a\u003e 🐛 bug: Fix Content-Type comparison in Is() (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3537\"\u003e#3537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/1c037c4900cf87dd110a69e4f0b542f64ecb84b3\"\u003e\u003ccode\u003e1c037c4\u003c/code\u003e\u003c/a\u003e 🧹 chore: Add upper index limit for parsers (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3503\"\u003e#3503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/40d14a9c717a3db1222ba480b9a26cddd6cd231b\"\u003e\u003ccode\u003e40d14a9\u003c/code\u003e\u003c/a\u003e 🐛 fix: Embedded struct parsing (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3478\"\u003e#3478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/b6f077275f12d25e0a4aecf59d01d77be8005ee8\"\u003e\u003ccode\u003eb6f0772\u003c/code\u003e\u003c/a\u003e Update AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/22c3c0ced919f73309018b7a7d27b029bad3e4b4\"\u003e\u003ccode\u003e22c3c0c\u003c/code\u003e\u003c/a\u003e Update app.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/e115c08b8f059a4a031b492aa9eef0712411853d\"\u003e\u003ccode\u003ee115c08\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/d15355116c37102bd9a8bcc252e3e3e399671af7\"\u003e\u003ccode\u003ed153551\u003c/code\u003e\u003c/a\u003e Update AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/7db10b6976b70f3fa780cffc9417923265bdafd2\"\u003e\u003ccode\u003e7db10b6\u003c/code\u003e\u003c/a\u003e docs: Add AGENTS.md (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3461\"\u003e#3461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.5...v2.52.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.21.0 to 0.35.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22\"\u003e\u003ccode\u003e7292932\u003c/code\u003e\u003c/a\u003e ssh: limit the size of the internal packet queue while waiting for KEX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c\"\u003e\u003ccode\u003ef66f74b\u003c/code\u003e\u003c/a\u003e acme/autocert: check host policy before probing the cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85\"\u003e\u003ccode\u003eb0784b7\u003c/code\u003e\u003c/a\u003e x509roots/fallback: drop obsolete build constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20\"\u003e\u003ccode\u003e911360c\u003c/code\u003e\u003c/a\u003e all: bump golang.org/x/crypto dependencies of asm generators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f\"\u003e\u003ccode\u003e89ff08d\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2\"\u003e\u003ccode\u003ee47973b\u003c/code\u003e\u003c/a\u003e all: update certs for go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902\"\u003e\u003ccode\u003e9290511\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a\"\u003e\u003ccode\u003efa5273e\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196\"\u003e\u003ccode\u003ea8ea4be\u003c/code\u003e\u003c/a\u003e ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6\"\u003e\u003ccode\u003e71d3a4c\u003c/code\u003e\u003c/a\u003e acme: support challenges that require the ACME client to send a non-empty JSO...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.21.0...v0.35.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.23.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.23.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/echocat/go-httpcompression/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/echocat/go-httpcompression/pull/24","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/echocat%2Fgo-httpcompression/issues/24","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24/packages"},{"uuid":"2618466577","node_id":"PR_kwDONSh4Rs6cEqER","number":3,"state":"closed","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-06-25T14:40:19.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-25T14:39:48.000Z","updated_at":"2025-06-25T14:40:19.000Z","time_to_close":31,"merged_at":"2025-06-25T14:40:19.000Z","merged_by":"nmdra","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nmdra/snipbox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/nmdra/snipbox/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nmdra%2Fsnipbox/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"2582586872","node_id":"PR_kwDOM5w3Rc6Z7yX4","number":15,"state":"open","title":"chore: bump the go_modules group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-06-10T22:09:43.000Z","updated_at":"2025-06-10T22:09:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore: bump","group_name":"go_modules","update_count":3,"packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"},{"name":"github.com/open-policy-agent/opa","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/open-policy-agent/opa"},{"name":"github.com/cloudflare/circl","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/cloudflare/circl"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the / directory: [github.com/justinas/nosurf](https://github.com/justinas/nosurf), [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) and [github.com/cloudflare/circl](https://github.com/cloudflare/circl).\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/open-policy-agent/opa` from 1.3.0 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/releases\"\u003egithub.com/open-policy-agent/opa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadopters: Cloudsmith adds support for OPA (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7498\"\u003e#7498\u003c/a\u003e) authored by \u003ca href=\"https://github.com/ndouglas-cloudsmith\"\u003e\u003ccode\u003e@​ndouglas-cloudsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md\"\u003egithub.com/open-policy-agent/opa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/8b0720247e65b97fe7715ca15682fee4040df4d1\"\u003e\u003ccode\u003e8b07202\u003c/code\u003e\u003c/a\u003e Prepare v1.4.0 release (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7541\"\u003e#7541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c\"\u003e\u003ccode\u003ead20632\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/24ff9cfb3ad0a6a5629f0b21458982d325ee03c5\"\u003e\u003ccode\u003e24ff9cf\u003c/code\u003e\u003c/a\u003e fix: return the raw strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7525\"\u003e#7525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/254f3bf0b9ee5faf1972ba31bbbe749bba19a000\"\u003e\u003ccode\u003e254f3bf\u003c/code\u003e\u003c/a\u003e fix(status plugin): make sure the latest status is read before manually trigg...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/9b5f6010c0503cd91eed8a56268a02d4895a42b4\"\u003e\u003ccode\u003e9b5f601\u003c/code\u003e\u003c/a\u003e docs: fix post merge badge (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7532\"\u003e#7532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/e4902774778da576da2a8f4b2fd50df6cc3da8b5\"\u003e\u003ccode\u003ee490277\u003c/code\u003e\u003c/a\u003e docs: Point path versioned requests to new sites (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7531\"\u003e#7531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/d65888c14f4cb2d67929590604415e35ba75f58c\"\u003e\u003ccode\u003ed65888c\u003c/code\u003e\u003c/a\u003e plugins/status: FIFO buffer channel for status events to prevent slow status ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/eb77d10971ec772c3ac4968d4abe3666037d0338\"\u003e\u003ccode\u003eeb77d10\u003c/code\u003e\u003c/a\u003e docs: update edge links to use /docs/edge/ path (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7529\"\u003e#7529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/f07d604b4f4b37c29324643cc75b82e3e0070aea\"\u003e\u003ccode\u003ef07d604\u003c/code\u003e\u003c/a\u003e docs: Set versioned docs links to point to archive (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7528\"\u003e#7528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/828b8cb1568bc2a3eba7d0b87101a6c0679eee06\"\u003e\u003ccode\u003e828b8cb\u003c/code\u003e\u003c/a\u003e docs: improve request headers documentation in REST APIs (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7524\"\u003e#7524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cloudflare/circl` from 1.6.0 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/circl/releases\"\u003egithub.com/cloudflare/circl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCIRCL v1.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes some point checks on the FourQ curve.\u003c/li\u003e\n\u003cli\u003eHybrid KEM fails on low-order points.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ekem/hybrid: ensure X25519 hybrids fails with low order points by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/541\"\u003ecloudflare/circl#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.github: Use native ARM64 builders instead of QEMU by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/542\"\u003ecloudflare/circl#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes several errors on twisted Edwards curves. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/545\"\u003ecloudflare/circl#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.6.1 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/546\"\u003ecloudflare/circl#546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c6d33e35234ebf5c4319d12ae7d77d7d17053e56\"\u003e\u003ccode\u003ec6d33e3\u003c/code\u003e\u003c/a\u003e Release v1.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/0c3868ef6fc8ce864bc4104863186afdd2947f14\"\u003e\u003ccode\u003e0c3868e\u003c/code\u003e\u003c/a\u003e curve4q: Shared must fail with low order points.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/9fd570dd508eef941d3f42fb94413a899b96d52e\"\u003e\u003ccode\u003e9fd570d\u003c/code\u003e\u003c/a\u003e curve4q: Test showing DH does not fails on identity point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c988ceba827fe09896e770c152646dded447903d\"\u003e\u003ccode\u003ec988ceb\u003c/code\u003e\u003c/a\u003e fourq: Correctly unmarshalling point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/ef2611dcde7f6d25e31082412bbb30f2a870d133\"\u003e\u003ccode\u003eef2611d\u003c/code\u003e\u003c/a\u003e fourq: Test showing point unmarshal fails.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/05eba44d1a35f979c5f3ac914bcc50c1122e8ced\"\u003e\u003ccode\u003e05eba44\u003c/code\u003e\u003c/a\u003e fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/eef08780cc3cb9befa20014e65f731391103be6b\"\u003e\u003ccode\u003eeef0878\u003c/code\u003e\u003c/a\u003e fourq: Test showing isEqual and IsOnCurve fail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/2298474ef688938e4a81ca14990b9a11a8677e2a\"\u003e\u003ccode\u003e2298474\u003c/code\u003e\u003c/a\u003e goldilocks; Handling points with z=0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/5a940a111507232035d0b753fbf3068c52d6b8ac\"\u003e\u003ccode\u003e5a940a1\u003c/code\u003e\u003c/a\u003e goldilocks: Test for IsEqual must fail with Z=0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/48c3b6a2746a18db4d8b675ab296980514359340\"\u003e\u003ccode\u003e48c3b6a\u003c/code\u003e\u003c/a\u003e ed25519: Fix isEqual to handle points with Z=0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/offsoc/coder/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/offsoc/coder/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/offsoc%2Fcoder/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"2582536117","node_id":"PR_kwDOOfCywM6Z7l-1","number":8,"state":"open","title":"chore: bump the go_modules group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-06-10T21:34:36.000Z","updated_at":"2025-06-10T21:34:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore: bump","group_name":"go_modules","update_count":3,"packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"},{"name":"github.com/open-policy-agent/opa","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/open-policy-agent/opa"},{"name":"github.com/cloudflare/circl","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/cloudflare/circl"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the / directory: [github.com/justinas/nosurf](https://github.com/justinas/nosurf), [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) and [github.com/cloudflare/circl](https://github.com/cloudflare/circl).\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/open-policy-agent/opa` from 1.3.0 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/releases\"\u003egithub.com/open-policy-agent/opa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadopters: Cloudsmith adds support for OPA (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7498\"\u003e#7498\u003c/a\u003e) authored by \u003ca href=\"https://github.com/ndouglas-cloudsmith\"\u003e\u003ccode\u003e@​ndouglas-cloudsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md\"\u003egithub.com/open-policy-agent/opa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/8b0720247e65b97fe7715ca15682fee4040df4d1\"\u003e\u003ccode\u003e8b07202\u003c/code\u003e\u003c/a\u003e Prepare v1.4.0 release (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7541\"\u003e#7541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c\"\u003e\u003ccode\u003ead20632\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/24ff9cfb3ad0a6a5629f0b21458982d325ee03c5\"\u003e\u003ccode\u003e24ff9cf\u003c/code\u003e\u003c/a\u003e fix: return the raw strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7525\"\u003e#7525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/254f3bf0b9ee5faf1972ba31bbbe749bba19a000\"\u003e\u003ccode\u003e254f3bf\u003c/code\u003e\u003c/a\u003e fix(status plugin): make sure the latest status is read before manually trigg...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/9b5f6010c0503cd91eed8a56268a02d4895a42b4\"\u003e\u003ccode\u003e9b5f601\u003c/code\u003e\u003c/a\u003e docs: fix post merge badge (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7532\"\u003e#7532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/e4902774778da576da2a8f4b2fd50df6cc3da8b5\"\u003e\u003ccode\u003ee490277\u003c/code\u003e\u003c/a\u003e docs: Point path versioned requests to new sites (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7531\"\u003e#7531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/d65888c14f4cb2d67929590604415e35ba75f58c\"\u003e\u003ccode\u003ed65888c\u003c/code\u003e\u003c/a\u003e plugins/status: FIFO buffer channel for status events to prevent slow status ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/eb77d10971ec772c3ac4968d4abe3666037d0338\"\u003e\u003ccode\u003eeb77d10\u003c/code\u003e\u003c/a\u003e docs: update edge links to use /docs/edge/ path (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7529\"\u003e#7529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/f07d604b4f4b37c29324643cc75b82e3e0070aea\"\u003e\u003ccode\u003ef07d604\u003c/code\u003e\u003c/a\u003e docs: Set versioned docs links to point to archive (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7528\"\u003e#7528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/828b8cb1568bc2a3eba7d0b87101a6c0679eee06\"\u003e\u003ccode\u003e828b8cb\u003c/code\u003e\u003c/a\u003e docs: improve request headers documentation in REST APIs (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7524\"\u003e#7524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cloudflare/circl` from 1.6.0 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/circl/releases\"\u003egithub.com/cloudflare/circl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCIRCL v1.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes some point checks on the FourQ curve.\u003c/li\u003e\n\u003cli\u003eHybrid KEM fails on low-order points.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ekem/hybrid: ensure X25519 hybrids fails with low order points by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/541\"\u003ecloudflare/circl#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.github: Use native ARM64 builders instead of QEMU by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/542\"\u003ecloudflare/circl#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes several errors on twisted Edwards curves. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/545\"\u003ecloudflare/circl#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.6.1 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/546\"\u003ecloudflare/circl#546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c6d33e35234ebf5c4319d12ae7d77d7d17053e56\"\u003e\u003ccode\u003ec6d33e3\u003c/code\u003e\u003c/a\u003e Release v1.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/0c3868ef6fc8ce864bc4104863186afdd2947f14\"\u003e\u003ccode\u003e0c3868e\u003c/code\u003e\u003c/a\u003e curve4q: Shared must fail with low order points.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/9fd570dd508eef941d3f42fb94413a899b96d52e\"\u003e\u003ccode\u003e9fd570d\u003c/code\u003e\u003c/a\u003e curve4q: Test showing DH does not fails on identity point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c988ceba827fe09896e770c152646dded447903d\"\u003e\u003ccode\u003ec988ceb\u003c/code\u003e\u003c/a\u003e fourq: Correctly unmarshalling point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/ef2611dcde7f6d25e31082412bbb30f2a870d133\"\u003e\u003ccode\u003eef2611d\u003c/code\u003e\u003c/a\u003e fourq: Test showing point unmarshal fails.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/05eba44d1a35f979c5f3ac914bcc50c1122e8ced\"\u003e\u003ccode\u003e05eba44\u003c/code\u003e\u003c/a\u003e fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/eef08780cc3cb9befa20014e65f731391103be6b\"\u003e\u003ccode\u003eeef0878\u003c/code\u003e\u003c/a\u003e fourq: Test showing isEqual and IsOnCurve fail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/2298474ef688938e4a81ca14990b9a11a8677e2a\"\u003e\u003ccode\u003e2298474\u003c/code\u003e\u003c/a\u003e goldilocks; Handling points with z=0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/5a940a111507232035d0b753fbf3068c52d6b8ac\"\u003e\u003ccode\u003e5a940a1\u003c/code\u003e\u003c/a\u003e goldilocks: Test for IsEqual must fail with Z=0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/48c3b6a2746a18db4d8b675ab296980514359340\"\u003e\u003ccode\u003e48c3b6a\u003c/code\u003e\u003c/a\u003e ed25519: Fix isEqual to handle points with Z=0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/FlixiDoe/coder/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/FlixiDoe/coder/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FlixiDoe%2Fcoder/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"2581237270","node_id":"PR_kwDOFw9qpc6Z2o4W","number":3,"state":"closed","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-06-10T12:44:23.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-10T12:43:54.000Z","updated_at":"2025-06-10T12:44:30.000Z","time_to_close":29,"merged_at":"2025-06-10T12:44:23.000Z","merged_by":"williamnoble","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/williamnoble/Snippet/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/williamnoble/Snippet/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/williamnoble%2FSnippet/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"2547023784","node_id":"PR_kwDOLHZrt86X0H-o","number":3,"state":"open","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-27T16:32:00.000Z","updated_at":"2025-05-27T16:32:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jimmydg/snippetbox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jimmydg/snippetbox/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimmydg%2Fsnippetbox/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"2543857259","node_id":"PR_kwDOLmBl1M6XoC5r","number":561,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-06-07T01:03:28.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-26T11:56:11.000Z","updated_at":"2025-06-07T01:03:28.000Z","time_to_close":997637,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Txim0520/https-github.com-coder-coder/pull/561","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Txim0520%2Fhttps-github.com-coder-coder/issues/561","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/561/packages"},{"uuid":"2535790428","node_id":"PR_kwDOOpp8Xc6XJRdc","number":1,"state":"open","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0 in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-05-22T01:38:01.000Z","updated_at":"2025-05-22T01:38:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":"the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the / directory: [github.com/justinas/nosurf](https://github.com/justinas/nosurf).\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coutureb/coder/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/coutureb/coder/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/coutureb%2Fcoder/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"2532201415","node_id":"PR_kwDOHtwK2M6W7lPH","number":3,"state":"open","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-20T17:31:27.000Z","updated_at":"2025-05-20T17:31:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/inchworks/quizinch/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/inchworks/quizinch/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/inchworks%2Fquizinch/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"2529808815","node_id":"PR_kwDOKzhW9M6WydGv","number":315,"state":"closed","title":"Chore(deps): Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-23T09:09:17.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-19T21:20:34.000Z","updated_at":"2025-05-23T09:09:17.000Z","time_to_close":301723,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Chore(deps): Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/croessner/nauthilus/pull/315","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/croessner%2Fnauthilus/issues/315","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/315/packages"},{"uuid":"2528537977","node_id":"PR_kwDOIPpCRM6Wtm15","number":263,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-31T01:56:07.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-05-19T12:09:35.000Z","updated_at":"2025-05-31T01:56:07.000Z","time_to_close":999992,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/officialmofabs/coder/pull/263","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialmofabs%2Fcoder/issues/263","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/263/packages"},{"uuid":"2528507007","node_id":"PR_kwDONXET-c6WtfR_","number":190,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-31T01:38:06.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-05-19T11:56:43.000Z","updated_at":"2025-05-31T01:38:06.000Z","time_to_close":999683,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/onchainengineering/hmi-computer/pull/190","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onchainengineering%2Fhmi-computer/issues/190","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/190/packages"},{"uuid":"2528458868","node_id":"PR_kwDOIL6DZc6WtTh0","number":1028,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-31T01:43:34.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-19T11:37:32.000Z","updated_at":"2025-05-31T01:43:34.000Z","time_to_close":1001162,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ongood/coder/pull/1028","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ongood%2Fcoder/issues/1028","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1028/packages"},{"uuid":"2528447130","node_id":"PR_kwDONX4SK86WtQqa","number":196,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-31T01:09:32.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-19T11:32:23.000Z","updated_at":"2025-05-31T01:09:32.000Z","time_to_close":999429,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/onchainengineering/hmi-wirtual/pull/196","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onchainengineering%2Fhmi-wirtual/issues/196","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/196/packages"},{"uuid":"2528410196","node_id":"PR_kwDOMrdwEc6WtHpU","number":480,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-31T01:57:36.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-05-19T11:16:34.000Z","updated_at":"2025-05-31T01:57:36.000Z","time_to_close":1003262,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kehanzhang/athens-coder/pull/480","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kehanzhang%2Fathens-coder/issues/480","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/480/packages"},{"uuid":"2526786544","node_id":"PR_kwDOK0m4n86Wm7Pw","number":38,"state":"open","title":"deps: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-18T09:11:50.000Z","updated_at":"2025-05-18T09:11:51.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/akyrey/snippetbox/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/akyrey%2Fsnippetbox/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"}],"issue_packages":[{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":"/contrib/gin-gonic/gin","pr_created_at":"2025-10-07T04:17:34.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2892576704","node_id":"PR_kwDODXDpc86saTfA","number":88,"state":"closed","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0 in /contrib/gin-gonic/gin","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-10-07T04:36:32.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-10-07T04:17:34.000Z","updated_at":"2025-10-07T04:36:32.000Z","time_to_close":1138,"merged_at":"2025-10-07T04:36:32.000Z","merged_by":"CAFxX","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":"/contrib/gin-gonic/gin","ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CAFxX/httpcompression/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/CAFxX/httpcompression/pull/88","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/CAFxX%2Fhttpcompression/issues/88","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/88/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-09-27T05:12:12.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2866079682","node_id":"PR_kwDOP3wzdc6q1OfC","number":1,"state":"open","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-09-27T05:12:12.000Z","updated_at":"2025-09-27T05:12:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/HackersChat/yarn/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackersChat%2Fyarn/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-08-28T19:42:39.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"3364473193","node_id":"PR_kwDOK6_4Is6l3iVn","number":26,"state":"closed","title":"Bump the go_modules group across 3 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-09-07T18:01:19.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-08-28T19:42:39.000Z","updated_at":"2025-09-07T18:01:21.000Z","time_to_close":857920,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":4,"packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"},{"name":"golang.org/x/crypto","old_version":"0.21.0","new_version":"0.35.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.23.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"},{"name":"github.com/gofiber/fiber/v2","old_version":"2.52.5","new_version":"2.52.9","repository_url":"https://github.com/gofiber/fiber"},{"name":"golang.org/x/crypto","old_version":"0.21.0","new_version":"0.35.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.23.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the /contrib/gin-gonic/gin directory: [github.com/justinas/nosurf](https://github.com/justinas/nosurf), [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).\nBumps the go_modules group with 1 update in the /contrib/gofiber/fiber/v2 directory: [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber).\nBumps the go_modules group with 2 updates in the /contrib/labstack/echo directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.21.0 to 0.35.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22\"\u003e\u003ccode\u003e7292932\u003c/code\u003e\u003c/a\u003e ssh: limit the size of the internal packet queue while waiting for KEX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c\"\u003e\u003ccode\u003ef66f74b\u003c/code\u003e\u003c/a\u003e acme/autocert: check host policy before probing the cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85\"\u003e\u003ccode\u003eb0784b7\u003c/code\u003e\u003c/a\u003e x509roots/fallback: drop obsolete build constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20\"\u003e\u003ccode\u003e911360c\u003c/code\u003e\u003c/a\u003e all: bump golang.org/x/crypto dependencies of asm generators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f\"\u003e\u003ccode\u003e89ff08d\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2\"\u003e\u003ccode\u003ee47973b\u003c/code\u003e\u003c/a\u003e all: update certs for go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902\"\u003e\u003ccode\u003e9290511\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a\"\u003e\u003ccode\u003efa5273e\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196\"\u003e\u003ccode\u003ea8ea4be\u003c/code\u003e\u003c/a\u003e ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6\"\u003e\u003ccode\u003e71d3a4c\u003c/code\u003e\u003c/a\u003e acme: support challenges that require the ACME client to send a non-empty JSO...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.21.0...v0.35.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.23.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.23.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gofiber/fiber/v2` from 2.52.5 to 2.52.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gofiber/fiber/releases\"\u003egithub.com/gofiber/fiber/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.52.9\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd upper index limit for parsers by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3503\"\u003egofiber/fiber#3503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmbedded struct parsing by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3478\"\u003egofiber/fiber#3478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Content-Type comparison in \u003ccode\u003eIs()\u003c/code\u003e by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3537\"\u003egofiber/fiber#3537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix MIME type equality checks by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3603\"\u003egofiber/fiber#3603\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.8...v2.52.9\"\u003ehttps://github.com/gofiber/fiber/compare/v2.52.8...v2.52.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.52.8\u003c/h2\u003e\n\u003ch2\u003e👮 Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for BodyParser - GHSA-hg3g-gphw-5hhm\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🧹 Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport ctx.String() from v3 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3294\"\u003egofiber/fiber#3294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix routing with mount and static by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3454\"\u003egofiber/fiber#3454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📚 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate usage of ctx.Redirect() by \u003ca href=\"https://github.com/andradei\"\u003e\u003ccode\u003e@​andradei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3417\"\u003egofiber/fiber#3417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd AGENTS.md by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3461\"\u003egofiber/fiber#3461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.6...v2.52.8\"\u003ehttps://github.com/gofiber/fiber/compare/v2.52.6...v2.52.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.52.6\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse Content-Length for bytesReceived and bytesSent tags in Logger Middleware in v2 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3067\"\u003egofiber/fiber#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix handle un-matched open brackets in the query params by \u003ca href=\"https://github.com/dojutsu-user\"\u003e\u003ccode\u003e@​dojutsu-user\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3121\"\u003egofiber/fiber#3121\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMiddleware/CORS: Remove Scheme Restriction by \u003ca href=\"https://github.com/zingi\"\u003e\u003ccode\u003e@​zingi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3168\"\u003egofiber/fiber#3168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect Immutable config for Body() by \u003ca href=\"https://github.com/nickajacks1\"\u003e\u003ccode\u003e@​nickajacks1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3246\"\u003egofiber/fiber#3246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport Square Bracket Notation in Multipart Form data by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3268\"\u003egofiber/fiber#3268\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📚 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd detailed documentation for the templates guide by \u003ca href=\"https://github.com/grivera64\"\u003e\u003ccode\u003e@​grivera64\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3113\"\u003egofiber/fiber#3113\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🛠️ Maintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate benchmark-action to v1.20.3 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3084\"\u003egofiber/fiber#3084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CODEOWNERS file by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3124\"\u003egofiber/fiber#3124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3254\"\u003egofiber/fiber#3254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/1197a22735820680ccfa241914b925f3820fcfd4\"\u003e\u003ccode\u003e1197a22\u003c/code\u003e\u003c/a\u003e Update app.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/b60408c9bde7e71faac0519aa680a6fb8d64a255\"\u003e\u003ccode\u003eb60408c\u003c/code\u003e\u003c/a\u003e 🐛 bug: Fix MIME type equality checks (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3603\"\u003e#3603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/845f95f441718b1be1cf228f879f0a761118f317\"\u003e\u003ccode\u003e845f95f\u003c/code\u003e\u003c/a\u003e 🐛 bug: Fix Content-Type comparison in Is() (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3537\"\u003e#3537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/1c037c4900cf87dd110a69e4f0b542f64ecb84b3\"\u003e\u003ccode\u003e1c037c4\u003c/code\u003e\u003c/a\u003e 🧹 chore: Add upper index limit for parsers (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3503\"\u003e#3503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/40d14a9c717a3db1222ba480b9a26cddd6cd231b\"\u003e\u003ccode\u003e40d14a9\u003c/code\u003e\u003c/a\u003e 🐛 fix: Embedded struct parsing (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3478\"\u003e#3478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/b6f077275f12d25e0a4aecf59d01d77be8005ee8\"\u003e\u003ccode\u003eb6f0772\u003c/code\u003e\u003c/a\u003e Update AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/22c3c0ced919f73309018b7a7d27b029bad3e4b4\"\u003e\u003ccode\u003e22c3c0c\u003c/code\u003e\u003c/a\u003e Update app.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/e115c08b8f059a4a031b492aa9eef0712411853d\"\u003e\u003ccode\u003ee115c08\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/d15355116c37102bd9a8bcc252e3e3e399671af7\"\u003e\u003ccode\u003ed153551\u003c/code\u003e\u003c/a\u003e Update AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/7db10b6976b70f3fa780cffc9417923265bdafd2\"\u003e\u003ccode\u003e7db10b6\u003c/code\u003e\u003c/a\u003e docs: Add AGENTS.md (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3461\"\u003e#3461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.5...v2.52.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.21.0 to 0.35.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22\"\u003e\u003ccode\u003e7292932\u003c/code\u003e\u003c/a\u003e ssh: limit the size of the internal packet queue while waiting for KEX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c\"\u003e\u003ccode\u003ef66f74b\u003c/code\u003e\u003c/a\u003e acme/autocert: check host policy before probing the cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85\"\u003e\u003ccode\u003eb0784b7\u003c/code\u003e\u003c/a\u003e x509roots/fallback: drop obsolete build constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20\"\u003e\u003ccode\u003e911360c\u003c/code\u003e\u003c/a\u003e all: bump golang.org/x/crypto dependencies of asm generators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f\"\u003e\u003ccode\u003e89ff08d\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2\"\u003e\u003ccode\u003ee47973b\u003c/code\u003e\u003c/a\u003e all: update certs for go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902\"\u003e\u003ccode\u003e9290511\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a\"\u003e\u003ccode\u003efa5273e\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196\"\u003e\u003ccode\u003ea8ea4be\u003c/code\u003e\u003c/a\u003e ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6\"\u003e\u003ccode\u003e71d3a4c\u003c/code\u003e\u003c/a\u003e acme: support challenges that require the ACME client to send a non-empty JSO...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.21.0...v0.35.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.23.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.23.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/echocat/go-httpcompression/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/echocat/go-httpcompression/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/echocat%2Fgo-httpcompression/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-08-20T14:07:25.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2759954667","node_id":"PR_kwDOOZsb7M6kgZDr","number":2,"state":"open","title":"chore(deps): bump the go_modules group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-20T14:07:25.000Z","updated_at":"2025-08-20T14:07:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"go_modules","update_count":6,"packages":[{"name":"github.com/go-chi/chi/v5","old_version":"5.1.0","new_version":"5.2.2","repository_url":"https://github.com/go-chi/chi"},{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"},{"name":"github.com/open-policy-agent/opa","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/open-policy-agent/opa"},{"name":"github.com/cloudflare/circl","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/cloudflare/circl"},{"name":"github.com/go-viper/mapstructure/v2","old_version":"2.2.1","new_version":"2.3.0","repository_url":"https://github.com/go-viper/mapstructure"},{"name":"github.com/hashicorp/go-getter","old_version":"1.7.8","new_version":"1.7.9","repository_url":"https://github.com/hashicorp/go-getter"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.1.0` | `5.2.2` |\n| [github.com/justinas/nosurf](https://github.com/justinas/nosurf) | `1.1.1` | `1.2.0` |\n| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.3.0` | `1.4.0` |\n| [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.6.0` | `1.6.1` |\n| [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) | `2.2.1` | `2.3.0` |\n| [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) | `1.7.8` | `1.7.9` |\n\n\nUpdates `github.com/go-chi/chi/v5` from 5.1.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-chi/chi/releases\"\u003egithub.com/go-chi/chi/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse strings.Cut in a few places by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/971\"\u003ego-chi/chi#971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix non-constant format strings in t.Fatalf by \u003ca href=\"https://github.com/JRaspass\"\u003e\u003ccode\u003e@​JRaspass\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/972\"\u003ego-chi/chi#972\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eApply fieldalignment fixes to optimize struct memory layout by \u003ca href=\"https://github.com/pixel365\"\u003e\u003ccode\u003e@​pixel365\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/974\"\u003ego-chi/chi#974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego 1.24 by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/977\"\u003ego-chi/chi#977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: delint ioutil usage by \u003ca href=\"https://github.com/costela\"\u003e\u003ccode\u003e@​costela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/962\"\u003ego-chi/chi#962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed typo in Router interface definition by \u003ca href=\"https://github.com/mithileshgupta12\"\u003e\u003ccode\u003e@​mithileshgupta12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/958\"\u003ego-chi/chi#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for TinyGo by \u003ca href=\"https://github.com/efraimbart\"\u003e\u003ccode\u003e@​efraimbart\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/978\"\u003ego-chi/chi#978\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by \u003ca href=\"https://github.com/cxjava\"\u003e\u003ccode\u003e@​cxjava\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/982\"\u003ego-chi/chi#982\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake use of strings.Cut by \u003ca href=\"https://github.com/scop\"\u003e\u003ccode\u003e@​scop\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1005\"\u003ego-chi/chi#1005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange install command format to code block by \u003ca href=\"https://github.com/sglkc\"\u003e\u003ccode\u003e@​sglkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1001\"\u003ego-chi/chi#1001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrect documentation by \u003ca href=\"https://github.com/mrdomino\"\u003e\u003ccode\u003e@​mrdomino\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/992\"\u003ego-chi/chi#992\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity fix\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93\"\u003eGHSA-vrw8-fxc6-2r93\u003c/a\u003e - \u0026quot;Host Header Injection Leads to Open Redirect in RedirectSlashes\u0026quot; \u003ca href=\"https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65\"\u003ecommit\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003ea lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header\u003c/li\u003e\n\u003cli\u003ereported by Anuraag Baishya, \u003ca href=\"https://github.com/anuraagbaishya\"\u003e\u003ccode\u003e@​anuraagbaishya\u003c/code\u003e\u003c/a\u003e. Thank you!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixel365\"\u003e\u003ccode\u003e@​pixel365\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/974\"\u003ego-chi/chi#974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mithileshgupta12\"\u003e\u003ccode\u003e@​mithileshgupta12\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/958\"\u003ego-chi/chi#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/efraimbart\"\u003e\u003ccode\u003e@​efraimbart\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/978\"\u003ego-chi/chi#978\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cxjava\"\u003e\u003ccode\u003e@​cxjava\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/982\"\u003ego-chi/chi#982\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sglkc\"\u003e\u003ccode\u003e@​sglkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/1001\"\u003ego-chi/chi#1001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mrdomino\"\u003e\u003ccode\u003e@​mrdomino\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/992\"\u003ego-chi/chi#992\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2\"\u003ehttps://github.com/go-chi/chi/compare/v5.2.1...v5.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.1\u003c/h2\u003e\n\u003ch2\u003e⚠️  Chi supports Go 1.20+\u003c/h2\u003e\n\u003cp\u003eStarting this release, we will now support the four most recent major versions of Go. See \u003ca href=\"https://redirect.github.com/go-chi/chi/issues/963\"\u003ego-chi/chi#963\u003c/a\u003e for related discussion.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport the four most recent major versions of Go by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/969\"\u003ego-chi/chi#969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-chi/chi/compare/v5.2.0...v5.2.1\"\u003ehttps://github.com/go-chi/chi/compare/v5.2.0...v5.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eupdate credits section to link to goji license by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/944\"\u003ego-chi/chi#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego 1.23 by \u003ca href=\"https://github.com/pkieltyka\"\u003e\u003ccode\u003e@​pkieltyka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/945\"\u003ego-chi/chi#945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake Context.RoutePattern() nil-safe by \u003ca href=\"https://github.com/gaiaz-iusipov\"\u003e\u003ccode\u003e@​gaiaz-iusipov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/927\"\u003ego-chi/chi#927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egovet: Fix non-constant format string by \u003ca href=\"https://github.com/marcofranssen\"\u003e\u003ccode\u003e@​marcofranssen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/952\"\u003ego-chi/chi#952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eFind\u003c/code\u003e to \u003ccode\u003eRoutes\u003c/code\u003e interface by \u003ca href=\"https://github.com/joeriddles\"\u003e\u003ccode\u003e@​joeriddles\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/872\"\u003ego-chi/chi#872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix grammar error by \u003ca href=\"https://github.com/AntonC9018\"\u003e\u003ccode\u003e@​AntonC9018\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/917\"\u003ego-chi/chi#917\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cdel\u003efeat(): add CF-Connecting-IP by \u003ca href=\"https://github.com/n33pm\"\u003e\u003ccode\u003e@​n33pm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/908\"\u003ego-chi/chi#908\u003c/a\u003e\u003c/del\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cdel\u003eRevert \u0026quot;feat(): add CF-Connecting-IP\u0026quot; by \u003ca href=\"https://github.com/VojtechVitek\"\u003e\u003ccode\u003e@​VojtechVitek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-chi/chi/pull/966\"\u003ego-chi/chi#966\u003c/a\u003e\u003c/del\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/23c395f8524a30334126ca16fb4d37b88745b9b9\"\u003e\u003ccode\u003e23c395f\u003c/code\u003e\u003c/a\u003e Correct documentation (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/992\"\u003e#992\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/5516d147c14a2b03824be7076fc6200bed906901\"\u003e\u003ccode\u003e5516d14\u003c/code\u003e\u003c/a\u003e docs: change install code to code block (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1001\"\u003e#1001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/e235052c10146fb724439442fc9d9a23e19fe931\"\u003e\u003ccode\u003ee235052\u003c/code\u003e\u003c/a\u003e Make use of strings.Cut (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/1005\"\u003e#1005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65\"\u003e\u003ccode\u003e1be7ad9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/d7034fdfdaefd10f1bc1a7b813bc979f2eda3a36\"\u003e\u003ccode\u003ed7034fd\u003c/code\u003e\u003c/a\u003e Exclude profiler when use tinygo (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/982\"\u003e#982\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/d04703412f631922c8dd1527c6500627174828c1\"\u003e\u003ccode\u003ed047034\u003c/code\u003e\u003c/a\u003e support tinygo (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/978\"\u003e#978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/fe2c065bc046056aecfa141022509a1e25bdd04b\"\u003e\u003ccode\u003efe2c065\u003c/code\u003e\u003c/a\u003e Fixed the typo (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/958\"\u003e#958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/1aae5b2d2dc8f9e8ea1f68a7462693aaaa5f368c\"\u003e\u003ccode\u003e1aae5b2\u003c/code\u003e\u003c/a\u003e chore: delint ioutil usage (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/962\"\u003e#962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/c6225e35a4880a9a884c135b5f847a74e1e3a01e\"\u003e\u003ccode\u003ec6225e3\u003c/code\u003e\u003c/a\u003e go 1.24 (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/977\"\u003e#977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-chi/chi/commit/e846b8304c769c4f1a51c9de06bebfaa4576bd88\"\u003e\u003ccode\u003ee846b83\u003c/code\u003e\u003c/a\u003e Apply fieldalignment fixes to optimize struct memory layout (\u003ca href=\"https://redirect.github.com/go-chi/chi/issues/974\"\u003e#974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-chi/chi/compare/v5.1.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/open-policy-agent/opa` from 1.3.0 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/releases\"\u003egithub.com/open-policy-agent/opa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadopters: Cloudsmith adds support for OPA (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7498\"\u003e#7498\u003c/a\u003e) authored by \u003ca href=\"https://github.com/ndouglas-cloudsmith\"\u003e\u003ccode\u003e@​ndouglas-cloudsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md\"\u003egithub.com/open-policy-agent/opa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/8b0720247e65b97fe7715ca15682fee4040df4d1\"\u003e\u003ccode\u003e8b07202\u003c/code\u003e\u003c/a\u003e Prepare v1.4.0 release (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7541\"\u003e#7541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c\"\u003e\u003ccode\u003ead20632\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/24ff9cfb3ad0a6a5629f0b21458982d325ee03c5\"\u003e\u003ccode\u003e24ff9cf\u003c/code\u003e\u003c/a\u003e fix: return the raw strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7525\"\u003e#7525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/254f3bf0b9ee5faf1972ba31bbbe749bba19a000\"\u003e\u003ccode\u003e254f3bf\u003c/code\u003e\u003c/a\u003e fix(status plugin): make sure the latest status is read before manually trigg...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/9b5f6010c0503cd91eed8a56268a02d4895a42b4\"\u003e\u003ccode\u003e9b5f601\u003c/code\u003e\u003c/a\u003e docs: fix post merge badge (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7532\"\u003e#7532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/e4902774778da576da2a8f4b2fd50df6cc3da8b5\"\u003e\u003ccode\u003ee490277\u003c/code\u003e\u003c/a\u003e docs: Point path versioned requests to new sites (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7531\"\u003e#7531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/d65888c14f4cb2d67929590604415e35ba75f58c\"\u003e\u003ccode\u003ed65888c\u003c/code\u003e\u003c/a\u003e plugins/status: FIFO buffer channel for status events to prevent slow status ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/eb77d10971ec772c3ac4968d4abe3666037d0338\"\u003e\u003ccode\u003eeb77d10\u003c/code\u003e\u003c/a\u003e docs: update edge links to use /docs/edge/ path (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7529\"\u003e#7529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/f07d604b4f4b37c29324643cc75b82e3e0070aea\"\u003e\u003ccode\u003ef07d604\u003c/code\u003e\u003c/a\u003e docs: Set versioned docs links to point to archive (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7528\"\u003e#7528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/828b8cb1568bc2a3eba7d0b87101a6c0679eee06\"\u003e\u003ccode\u003e828b8cb\u003c/code\u003e\u003c/a\u003e docs: improve request headers documentation in REST APIs (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7524\"\u003e#7524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cloudflare/circl` from 1.6.0 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/circl/releases\"\u003egithub.com/cloudflare/circl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCIRCL v1.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes some point checks on the FourQ curve.\u003c/li\u003e\n\u003cli\u003eHybrid KEM fails on low-order points.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ekem/hybrid: ensure X25519 hybrids fails with low order points by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/541\"\u003ecloudflare/circl#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.github: Use native ARM64 builders instead of QEMU by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/542\"\u003ecloudflare/circl#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes several errors on twisted Edwards curves. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/545\"\u003ecloudflare/circl#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.6.1 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/546\"\u003ecloudflare/circl#546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c6d33e35234ebf5c4319d12ae7d77d7d17053e56\"\u003e\u003ccode\u003ec6d33e3\u003c/code\u003e\u003c/a\u003e Release v1.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/0c3868ef6fc8ce864bc4104863186afdd2947f14\"\u003e\u003ccode\u003e0c3868e\u003c/code\u003e\u003c/a\u003e curve4q: Shared must fail with low order points.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/9fd570dd508eef941d3f42fb94413a899b96d52e\"\u003e\u003ccode\u003e9fd570d\u003c/code\u003e\u003c/a\u003e curve4q: Test showing DH does not fails on identity point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c988ceba827fe09896e770c152646dded447903d\"\u003e\u003ccode\u003ec988ceb\u003c/code\u003e\u003c/a\u003e fourq: Correctly unmarshalling point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/ef2611dcde7f6d25e31082412bbb30f2a870d133\"\u003e\u003ccode\u003eef2611d\u003c/code\u003e\u003c/a\u003e fourq: Test showing point unmarshal fails.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/05eba44d1a35f979c5f3ac914bcc50c1122e8ced\"\u003e\u003ccode\u003e05eba44\u003c/code\u003e\u003c/a\u003e fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/eef08780cc3cb9befa20014e65f731391103be6b\"\u003e\u003ccode\u003eeef0878\u003c/code\u003e\u003c/a\u003e fourq: Test showing isEqual and IsOnCurve fail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/2298474ef688938e4a81ca14990b9a11a8677e2a\"\u003e\u003ccode\u003e2298474\u003c/code\u003e\u003c/a\u003e goldilocks; Handling points with z=0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/5a940a111507232035d0b753fbf3068c52d6b8ac\"\u003e\u003ccode\u003e5a940a1\u003c/code\u003e\u003c/a\u003e goldilocks: Test for IsEqual must fail with Z=0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/48c3b6a2746a18db4d8b675ab296980514359340\"\u003e\u003ccode\u003e48c3b6a\u003c/code\u003e\u003c/a\u003e ed25519: Fix isEqual to handle points with Z=0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-viper/mapstructure/releases\"\u003egithub.com/go-viper/mapstructure/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.1.7 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/46\"\u003ego-viper/mapstructure#46\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/47\"\u003ego-viper/mapstructure#47\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[enhancement] Add check for \u003ccode\u003ereflect.Value\u003c/code\u003e in \u003ccode\u003eComposeDecodeHookFunc\u003c/code\u003e by \u003ca href=\"https://github.com/mahadzaryab1\"\u003e\u003ccode\u003e@​mahadzaryab1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/52\"\u003ego-viper/mapstructure#52\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/51\"\u003ego-viper/mapstructure#51\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.0 to 4.2.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/50\"\u003ego-viper/mapstructure#50\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/55\"\u003ego-viper/mapstructure#55\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/58\"\u003ego-viper/mapstructure#58\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add Go 1.24 to the test matrix by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/74\"\u003ego-viper/mapstructure#74\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/72\"\u003ego-viper/mapstructure#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/76\"\u003ego-viper/mapstructure#76\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/78\"\u003ego-viper/mapstructure#78\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add decode hook for netip.Prefix by \u003ca href=\"https://github.com/tklauser\"\u003e\u003ccode\u003e@​tklauser\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/85\"\u003ego-viper/mapstructure#85\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/86\"\u003ego-viper/mapstructure#86\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/87\"\u003ego-viper/mapstructure#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/93\"\u003ego-viper/mapstructure#93\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/92\"\u003ego-viper/mapstructure#92\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/97\"\u003ego-viper/mapstructure#97\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/96\"\u003ego-viper/mapstructure#96\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/90\"\u003ego-viper/mapstructure#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd omitzero tag. by \u003ca href=\"https://github.com/Crystalix007\"\u003e\u003ccode\u003e@​Crystalix007\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/98\"\u003ego-viper/mapstructure#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse error structs instead of duplicated strings by \u003ca href=\"https://github.com/m1k1o\"\u003e\u003ccode\u003e@​m1k1o\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/102\"\u003ego-viper/mapstructure#102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/101\"\u003ego-viper/mapstructure#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add common error interface by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/105\"\u003ego-viper/mapstructure#105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate linter by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/106\"\u003ego-viper/mapstructure#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeature allow unset pointer by \u003ca href=\"https://github.com/rostislaved\"\u003e\u003ccode\u003e@​rostislaved\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/80\"\u003ego-viper/mapstructure#80\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tklauser\"\u003e\u003ccode\u003e@​tklauser\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/85\"\u003ego-viper/mapstructure#85\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/90\"\u003ego-viper/mapstructure#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Crystalix007\"\u003e\u003ccode\u003e@​Crystalix007\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/98\"\u003ego-viper/mapstructure#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rostislaved\"\u003e\u003ccode\u003e@​rostislaved\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/80\"\u003ego-viper/mapstructure#80\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0\"\u003ehttps://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/8c61ec1924fcfa522f9fc6b4618c672db61d1a38\"\u003e\u003ccode\u003e8c61ec1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/80\"\u003e#80\u003c/a\u003e from rostislaved/feature-allow-unset-pointer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/df765f469ad16a1996fd0f0ae6a32b20535b966a\"\u003e\u003ccode\u003edf765f4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/106\"\u003e#106\u003c/a\u003e from go-viper/update-linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/5f34b05aa12639380ef7c2af69eb6f8fd629dbd0\"\u003e\u003ccode\u003e5f34b05\u003c/code\u003e\u003c/a\u003e update linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/36de1e1d74f55681536097ff8467a8ce952ef183\"\u003e\u003ccode\u003e36de1e1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/105\"\u003e#105\u003c/a\u003e from go-viper/error-refactor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/6a283a390ee7bc0f9331f58199db234902e0739f\"\u003e\u003ccode\u003e6a283a3\u003c/code\u003e\u003c/a\u003e chore: update error type doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/599cb73236404c044abcf278a45c3928d7480dd0\"\u003e\u003ccode\u003e599cb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/101\"\u003e#101\u003c/a\u003e from go-viper/dependabot/github_actions/github/codeql...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a\"\u003e\u003ccode\u003eed3f921\u003c/code\u003e\u003c/a\u003e feat: remove value from error messages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/a3f8b227dcdae324c070d389152837f0aa635f4b\"\u003e\u003ccode\u003ea3f8b22\u003c/code\u003e\u003c/a\u003e revert: error message change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/9661f6d07c319da00ae0508d99df5f3f0c3953bd\"\u003e\u003ccode\u003e9661f6d\u003c/code\u003e\u003c/a\u003e feat: add common error interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/f12f6c76fe743c8e4cc6465c6a9f16fcd8cede57\"\u003e\u003ccode\u003ef12f6c7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/102\"\u003e#102\u003c/a\u003e from m1k1o/prettify-errors2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/hashicorp/go-getter` from 1.7.8 to 1.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hashicorp/go-getter/releases\"\u003egithub.com/hashicorp/go-getter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up XZ decompression by 5x with bufio wrapper by \u003ca href=\"https://github.com/vsarunas\"\u003e\u003ccode\u003e@​vsarunas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/520\"\u003ehashicorp/go-getter#520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CI Workflow by \u003ca href=\"https://github.com/mohanmanikanta2299\"\u003e\u003ccode\u003e@​mohanmanikanta2299\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/522\"\u003ehashicorp/go-getter#522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Remove use of \u0026quot;mitchellh/go-testing-interface\u0026quot; for stdlib by \u003ca href=\"https://github.com/jrasell\"\u003e\u003ccode\u003e@​jrasell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/523\"\u003ehashicorp/go-getter#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: url redact of multiple sshkey by \u003ca href=\"https://github.com/dduzgun-security\"\u003e\u003ccode\u003e@​dduzgun-security\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/528\"\u003ehashicorp/go-getter#528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePublish arm binaries by \u003ca href=\"https://github.com/sethvargo\"\u003e\u003ccode\u003e@​sethvargo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/525\"\u003ehashicorp/go-getter#525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix errcheck lint errors and run it as part of pr checks by \u003ca href=\"https://github.com/abhijeetviswa\"\u003e\u003ccode\u003e@​abhijeetviswa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/530\"\u003ehashicorp/go-getter#530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix additional lint errors and increase linter scope by \u003ca href=\"https://github.com/abhijeetviswa\"\u003e\u003ccode\u003e@​abhijeetviswa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/531\"\u003ehashicorp/go-getter#531\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIND-3728 enabling dependabot by \u003ca href=\"https://github.com/KaushikiAnand\"\u003e\u003ccode\u003e@​KaushikiAnand\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/529\"\u003ehashicorp/go-getter#529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: go-getter subdir paths by \u003ca href=\"https://github.com/dduzgun-security\"\u003e\u003ccode\u003e@​dduzgun-security\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/540\"\u003ehashicorp/go-getter#540\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vsarunas\"\u003e\u003ccode\u003e@​vsarunas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/520\"\u003ehashicorp/go-getter#520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jrasell\"\u003e\u003ccode\u003e@​jrasell\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/523\"\u003ehashicorp/go-getter#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sethvargo\"\u003e\u003ccode\u003e@​sethvargo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/525\"\u003ehashicorp/go-getter#525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/abhijeetviswa\"\u003e\u003ccode\u003e@​abhijeetviswa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/530\"\u003ehashicorp/go-getter#530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/KaushikiAnand\"\u003e\u003ccode\u003e@​KaushikiAnand\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/pull/529\"\u003ehashicorp/go-getter#529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9\"\u003ehttps://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/e70221100018573cdc74411c95c19b2a372f6728\"\u003e\u003ccode\u003ee702211\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/issues/532\"\u003e#532\u003c/a\u003e from hashicorp/dependabot/github_actions/actions-8948...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/df0a14fa67f2921eabff8fbdb51445ac03daeb87\"\u003e\u003ccode\u003edf0a14f\u003c/code\u003e\u003c/a\u003e [chore] : Bump the actions group with 8 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/87541b2501c00df5eaedea6acc61a2a4a4efa5b7\"\u003e\u003ccode\u003e87541b2\u003c/code\u003e\u003c/a\u003e fix: go-getter subdir paths (\u003ca href=\"https://redirect.github.com/hashicorp/go-getter/issues/540\"\u003e#540\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/37130302313c9294df898ac96e2565a65369ec68\"\u003e\u003ccode\u003e3713030\u003c/code\u003e\u003c/a\u003e [Compliance] - PR Template Changes Required\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/af2dd3ca2764281bf6b7468e05028a8b114c63a7\"\u003e\u003ccode\u003eaf2dd3c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-getter/issues/529\"\u003e#529\u003c/a\u003e from hashicorp/dependabot-intge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/bf526297fa4cd429fcf31da9e4a6bf6a0b512026\"\u003e\u003ccode\u003ebf52629\u003c/code\u003e\u003c/a\u003e updating dependabot.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/1f63e10d3b421544473bf52103b41eb423e2c897\"\u003e\u003ccode\u003e1f63e10\u003c/code\u003e\u003c/a\u003e changelog added, updated dependabot.yaml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/45af45918c6958be58f87d1576ac4a0b32f7eb4b\"\u003e\u003ccode\u003e45af459\u003c/code\u003e\u003c/a\u003e fix additional lint errors and increase linter scope\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/c8c6aba0f7ad4e3937ef7cfcb50627520e498252\"\u003e\u003ccode\u003ec8c6aba\u003c/code\u003e\u003c/a\u003e fix errcheck lint errors and run it as part of pr checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-getter/commit/9b76f983e594375fdef9e231822c805c82ec9ed7\"\u003e\u003ccode\u003e9b76f98\u003c/code\u003e\u003c/a\u003e copywrite header added\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jadenblack/coder/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jadenblack/coder/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jadenblack%2Fcoder/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-08-05T21:30:22.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2722472100","node_id":"PR_kwDOK6_4Is6iRaCk","number":24,"state":"open","title":"Bump the go_modules group across 3 directories with 4 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-05T21:30:22.000Z","updated_at":"2025-08-05T21:30:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":4,"packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"},{"name":"golang.org/x/crypto","old_version":"0.21.0","new_version":"0.35.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.23.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"},{"name":"github.com/gofiber/fiber/v2","old_version":"2.52.5","new_version":"2.52.9","repository_url":"https://github.com/gofiber/fiber"},{"name":"golang.org/x/crypto","old_version":"0.21.0","new_version":"0.35.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.23.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the /contrib/gin-gonic/gin directory: [github.com/justinas/nosurf](https://github.com/justinas/nosurf), [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).\nBumps the go_modules group with 1 update in the /contrib/gofiber/fiber/v2 directory: [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber).\nBumps the go_modules group with 2 updates in the /contrib/labstack/echo directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.21.0 to 0.35.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22\"\u003e\u003ccode\u003e7292932\u003c/code\u003e\u003c/a\u003e ssh: limit the size of the internal packet queue while waiting for KEX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c\"\u003e\u003ccode\u003ef66f74b\u003c/code\u003e\u003c/a\u003e acme/autocert: check host policy before probing the cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85\"\u003e\u003ccode\u003eb0784b7\u003c/code\u003e\u003c/a\u003e x509roots/fallback: drop obsolete build constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20\"\u003e\u003ccode\u003e911360c\u003c/code\u003e\u003c/a\u003e all: bump golang.org/x/crypto dependencies of asm generators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f\"\u003e\u003ccode\u003e89ff08d\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2\"\u003e\u003ccode\u003ee47973b\u003c/code\u003e\u003c/a\u003e all: update certs for go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902\"\u003e\u003ccode\u003e9290511\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a\"\u003e\u003ccode\u003efa5273e\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196\"\u003e\u003ccode\u003ea8ea4be\u003c/code\u003e\u003c/a\u003e ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6\"\u003e\u003ccode\u003e71d3a4c\u003c/code\u003e\u003c/a\u003e acme: support challenges that require the ACME client to send a non-empty JSO...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.21.0...v0.35.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.23.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.23.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/gofiber/fiber/v2` from 2.52.5 to 2.52.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gofiber/fiber/releases\"\u003egithub.com/gofiber/fiber/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.52.9\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd upper index limit for parsers by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3503\"\u003egofiber/fiber#3503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmbedded struct parsing by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3478\"\u003egofiber/fiber#3478\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Content-Type comparison in \u003ccode\u003eIs()\u003c/code\u003e by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3537\"\u003egofiber/fiber#3537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix MIME type equality checks by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3603\"\u003egofiber/fiber#3603\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.8...v2.52.9\"\u003ehttps://github.com/gofiber/fiber/compare/v2.52.8...v2.52.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.52.8\u003c/h2\u003e\n\u003ch2\u003e👮 Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for BodyParser - GHSA-hg3g-gphw-5hhm\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🧹 Updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport ctx.String() from v3 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3294\"\u003egofiber/fiber#3294\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix routing with mount and static by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3454\"\u003egofiber/fiber#3454\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📚 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate usage of ctx.Redirect() by \u003ca href=\"https://github.com/andradei\"\u003e\u003ccode\u003e@​andradei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3417\"\u003egofiber/fiber#3417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd AGENTS.md by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3461\"\u003egofiber/fiber#3461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.6...v2.52.8\"\u003ehttps://github.com/gofiber/fiber/compare/v2.52.6...v2.52.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.52.6\u003c/h2\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse Content-Length for bytesReceived and bytesSent tags in Logger Middleware in v2 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3067\"\u003egofiber/fiber#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix handle un-matched open brackets in the query params by \u003ca href=\"https://github.com/dojutsu-user\"\u003e\u003ccode\u003e@​dojutsu-user\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3121\"\u003egofiber/fiber#3121\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMiddleware/CORS: Remove Scheme Restriction by \u003ca href=\"https://github.com/zingi\"\u003e\u003ccode\u003e@​zingi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3168\"\u003egofiber/fiber#3168\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect Immutable config for Body() by \u003ca href=\"https://github.com/nickajacks1\"\u003e\u003ccode\u003e@​nickajacks1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3246\"\u003egofiber/fiber#3246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport Square Bracket Notation in Multipart Form data by \u003ca href=\"https://github.com/ReneWerner87\"\u003e\u003ccode\u003e@​ReneWerner87\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3268\"\u003egofiber/fiber#3268\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📚 Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd detailed documentation for the templates guide by \u003ca href=\"https://github.com/grivera64\"\u003e\u003ccode\u003e@​grivera64\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3113\"\u003egofiber/fiber#3113\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🛠️ Maintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate benchmark-action to v1.20.3 by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3084\"\u003egofiber/fiber#3084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CODEOWNERS file by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3124\"\u003egofiber/fiber#3124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/gaby\"\u003e\u003ccode\u003e@​gaby\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/gofiber/fiber/pull/3254\"\u003egofiber/fiber#3254\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/1197a22735820680ccfa241914b925f3820fcfd4\"\u003e\u003ccode\u003e1197a22\u003c/code\u003e\u003c/a\u003e Update app.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/b60408c9bde7e71faac0519aa680a6fb8d64a255\"\u003e\u003ccode\u003eb60408c\u003c/code\u003e\u003c/a\u003e 🐛 bug: Fix MIME type equality checks (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3603\"\u003e#3603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/845f95f441718b1be1cf228f879f0a761118f317\"\u003e\u003ccode\u003e845f95f\u003c/code\u003e\u003c/a\u003e 🐛 bug: Fix Content-Type comparison in Is() (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3537\"\u003e#3537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/1c037c4900cf87dd110a69e4f0b542f64ecb84b3\"\u003e\u003ccode\u003e1c037c4\u003c/code\u003e\u003c/a\u003e 🧹 chore: Add upper index limit for parsers (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3503\"\u003e#3503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/40d14a9c717a3db1222ba480b9a26cddd6cd231b\"\u003e\u003ccode\u003e40d14a9\u003c/code\u003e\u003c/a\u003e 🐛 fix: Embedded struct parsing (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3478\"\u003e#3478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/b6f077275f12d25e0a4aecf59d01d77be8005ee8\"\u003e\u003ccode\u003eb6f0772\u003c/code\u003e\u003c/a\u003e Update AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/22c3c0ced919f73309018b7a7d27b029bad3e4b4\"\u003e\u003ccode\u003e22c3c0c\u003c/code\u003e\u003c/a\u003e Update app.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/e115c08b8f059a4a031b492aa9eef0712411853d\"\u003e\u003ccode\u003ee115c08\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/d15355116c37102bd9a8bcc252e3e3e399671af7\"\u003e\u003ccode\u003ed153551\u003c/code\u003e\u003c/a\u003e Update AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gofiber/fiber/commit/7db10b6976b70f3fa780cffc9417923265bdafd2\"\u003e\u003ccode\u003e7db10b6\u003c/code\u003e\u003c/a\u003e docs: Add AGENTS.md (\u003ca href=\"https://redirect.github.com/gofiber/fiber/issues/3461\"\u003e#3461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gofiber/fiber/compare/v2.52.5...v2.52.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.21.0 to 0.35.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22\"\u003e\u003ccode\u003e7292932\u003c/code\u003e\u003c/a\u003e ssh: limit the size of the internal packet queue while waiting for KEX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c\"\u003e\u003ccode\u003ef66f74b\u003c/code\u003e\u003c/a\u003e acme/autocert: check host policy before probing the cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85\"\u003e\u003ccode\u003eb0784b7\u003c/code\u003e\u003c/a\u003e x509roots/fallback: drop obsolete build constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20\"\u003e\u003ccode\u003e911360c\u003c/code\u003e\u003c/a\u003e all: bump golang.org/x/crypto dependencies of asm generators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f\"\u003e\u003ccode\u003e89ff08d\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2\"\u003e\u003ccode\u003ee47973b\u003c/code\u003e\u003c/a\u003e all: update certs for go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902\"\u003e\u003ccode\u003e9290511\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a\"\u003e\u003ccode\u003efa5273e\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196\"\u003e\u003ccode\u003ea8ea4be\u003c/code\u003e\u003c/a\u003e ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6\"\u003e\u003ccode\u003e71d3a4c\u003c/code\u003e\u003c/a\u003e acme: support challenges that require the ACME client to send a non-empty JSO...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.21.0...v0.35.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.23.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.23.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/echocat/go-httpcompression/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/echocat/go-httpcompression/pull/24","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/echocat%2Fgo-httpcompression/issues/24","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-06-25T14:39:48.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2618466577","node_id":"PR_kwDONSh4Rs6cEqER","number":3,"state":"closed","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-06-25T14:40:19.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-25T14:39:48.000Z","updated_at":"2025-06-25T14:40:19.000Z","time_to_close":31,"merged_at":"2025-06-25T14:40:19.000Z","merged_by":"nmdra","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nmdra/snipbox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/nmdra/snipbox/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nmdra%2Fsnipbox/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-06-10T22:09:43.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2582586872","node_id":"PR_kwDOM5w3Rc6Z7yX4","number":15,"state":"open","title":"chore: bump the go_modules group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-06-10T22:09:43.000Z","updated_at":"2025-06-10T22:09:44.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore: bump","group_name":"go_modules","update_count":3,"packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"},{"name":"github.com/open-policy-agent/opa","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/open-policy-agent/opa"},{"name":"github.com/cloudflare/circl","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/cloudflare/circl"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the / directory: [github.com/justinas/nosurf](https://github.com/justinas/nosurf), [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) and [github.com/cloudflare/circl](https://github.com/cloudflare/circl).\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/open-policy-agent/opa` from 1.3.0 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/releases\"\u003egithub.com/open-policy-agent/opa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadopters: Cloudsmith adds support for OPA (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7498\"\u003e#7498\u003c/a\u003e) authored by \u003ca href=\"https://github.com/ndouglas-cloudsmith\"\u003e\u003ccode\u003e@​ndouglas-cloudsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md\"\u003egithub.com/open-policy-agent/opa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/8b0720247e65b97fe7715ca15682fee4040df4d1\"\u003e\u003ccode\u003e8b07202\u003c/code\u003e\u003c/a\u003e Prepare v1.4.0 release (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7541\"\u003e#7541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c\"\u003e\u003ccode\u003ead20632\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/24ff9cfb3ad0a6a5629f0b21458982d325ee03c5\"\u003e\u003ccode\u003e24ff9cf\u003c/code\u003e\u003c/a\u003e fix: return the raw strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7525\"\u003e#7525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/254f3bf0b9ee5faf1972ba31bbbe749bba19a000\"\u003e\u003ccode\u003e254f3bf\u003c/code\u003e\u003c/a\u003e fix(status plugin): make sure the latest status is read before manually trigg...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/9b5f6010c0503cd91eed8a56268a02d4895a42b4\"\u003e\u003ccode\u003e9b5f601\u003c/code\u003e\u003c/a\u003e docs: fix post merge badge (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7532\"\u003e#7532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/e4902774778da576da2a8f4b2fd50df6cc3da8b5\"\u003e\u003ccode\u003ee490277\u003c/code\u003e\u003c/a\u003e docs: Point path versioned requests to new sites (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7531\"\u003e#7531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/d65888c14f4cb2d67929590604415e35ba75f58c\"\u003e\u003ccode\u003ed65888c\u003c/code\u003e\u003c/a\u003e plugins/status: FIFO buffer channel for status events to prevent slow status ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/eb77d10971ec772c3ac4968d4abe3666037d0338\"\u003e\u003ccode\u003eeb77d10\u003c/code\u003e\u003c/a\u003e docs: update edge links to use /docs/edge/ path (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7529\"\u003e#7529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/f07d604b4f4b37c29324643cc75b82e3e0070aea\"\u003e\u003ccode\u003ef07d604\u003c/code\u003e\u003c/a\u003e docs: Set versioned docs links to point to archive (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7528\"\u003e#7528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/828b8cb1568bc2a3eba7d0b87101a6c0679eee06\"\u003e\u003ccode\u003e828b8cb\u003c/code\u003e\u003c/a\u003e docs: improve request headers documentation in REST APIs (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7524\"\u003e#7524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cloudflare/circl` from 1.6.0 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/circl/releases\"\u003egithub.com/cloudflare/circl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCIRCL v1.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes some point checks on the FourQ curve.\u003c/li\u003e\n\u003cli\u003eHybrid KEM fails on low-order points.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ekem/hybrid: ensure X25519 hybrids fails with low order points by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/541\"\u003ecloudflare/circl#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.github: Use native ARM64 builders instead of QEMU by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/542\"\u003ecloudflare/circl#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes several errors on twisted Edwards curves. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/545\"\u003ecloudflare/circl#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.6.1 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/546\"\u003ecloudflare/circl#546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c6d33e35234ebf5c4319d12ae7d77d7d17053e56\"\u003e\u003ccode\u003ec6d33e3\u003c/code\u003e\u003c/a\u003e Release v1.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/0c3868ef6fc8ce864bc4104863186afdd2947f14\"\u003e\u003ccode\u003e0c3868e\u003c/code\u003e\u003c/a\u003e curve4q: Shared must fail with low order points.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/9fd570dd508eef941d3f42fb94413a899b96d52e\"\u003e\u003ccode\u003e9fd570d\u003c/code\u003e\u003c/a\u003e curve4q: Test showing DH does not fails on identity point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c988ceba827fe09896e770c152646dded447903d\"\u003e\u003ccode\u003ec988ceb\u003c/code\u003e\u003c/a\u003e fourq: Correctly unmarshalling point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/ef2611dcde7f6d25e31082412bbb30f2a870d133\"\u003e\u003ccode\u003eef2611d\u003c/code\u003e\u003c/a\u003e fourq: Test showing point unmarshal fails.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/05eba44d1a35f979c5f3ac914bcc50c1122e8ced\"\u003e\u003ccode\u003e05eba44\u003c/code\u003e\u003c/a\u003e fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/eef08780cc3cb9befa20014e65f731391103be6b\"\u003e\u003ccode\u003eeef0878\u003c/code\u003e\u003c/a\u003e fourq: Test showing isEqual and IsOnCurve fail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/2298474ef688938e4a81ca14990b9a11a8677e2a\"\u003e\u003ccode\u003e2298474\u003c/code\u003e\u003c/a\u003e goldilocks; Handling points with z=0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/5a940a111507232035d0b753fbf3068c52d6b8ac\"\u003e\u003ccode\u003e5a940a1\u003c/code\u003e\u003c/a\u003e goldilocks: Test for IsEqual must fail with Z=0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/48c3b6a2746a18db4d8b675ab296980514359340\"\u003e\u003ccode\u003e48c3b6a\u003c/code\u003e\u003c/a\u003e ed25519: Fix isEqual to handle points with Z=0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/offsoc/coder/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/offsoc/coder/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/offsoc%2Fcoder/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-06-10T21:34:36.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2582536117","node_id":"PR_kwDOOfCywM6Z7l-1","number":8,"state":"open","title":"chore: bump the go_modules group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-06-10T21:34:36.000Z","updated_at":"2025-06-10T21:34:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore: bump","group_name":"go_modules","update_count":3,"packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"},{"name":"github.com/open-policy-agent/opa","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/open-policy-agent/opa"},{"name":"github.com/cloudflare/circl","old_version":"1.6.0","new_version":"1.6.1","repository_url":"https://github.com/cloudflare/circl"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the / directory: [github.com/justinas/nosurf](https://github.com/justinas/nosurf), [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) and [github.com/cloudflare/circl](https://github.com/cloudflare/circl).\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/open-policy-agent/opa` from 1.3.0 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/releases\"\u003egithub.com/open-policy-agent/opa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadopters: Cloudsmith adds support for OPA (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7498\"\u003e#7498\u003c/a\u003e) authored by \u003ca href=\"https://github.com/ndouglas-cloudsmith\"\u003e\u003ccode\u003e@​ndouglas-cloudsmith\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md\"\u003egithub.com/open-policy-agent/opa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003cp\u003eThis release contains a security fix addressing CVE-2025-46569.\nIt also includes a mix of new features, bugfixes, and dependency updates.\u003c/p\u003e\n\u003ch4\u003eSecurity Fix: CVE-2025-46569 - OPA server Data API HTTP path injection of Rego (\u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eGHSA-6m8w-jc87-6cr7\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eA vulnerability in the OPA server's \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e allows an attacker to craft the HTTP path in a way that injects Rego code into the query that is evaluated.\u003cbr /\u003e\nThe evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results.\nFurthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eUsers are only impacted if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server (rather than being used as a Go library)\u003c/li\u003e\n\u003cli\u003eThe OPA server is exposed outside of the local host in an untrusted environment.\u003c/li\u003e\n\u003cli\u003eThe configured \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eauthorization policy\u003c/a\u003e does not do exact matching of the input.path attribute when deciding if the request should be allowed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eor, if all of the following apply:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eOPA is deployed as a standalone server.\u003c/li\u003e\n\u003cli\u003eThe service connecting to OPA allows 3rd parties to insert unsanitised text into the path of the HTTP request to OPA’s Data API.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: With \u003cstrong\u003eno\u003c/strong\u003e \u003ca href=\"https://www.openpolicyagent.org/docs/latest/security/#authentication-and-authorization\"\u003eAuthorization Policy\u003c/a\u003e configured for restricting API access (the default configuration), the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#data-api\"\u003eData API\u003c/a\u003e provides access for managing Rego policies; and the RESTful \u003ca href=\"https://www.openpolicyagent.org/docs/latest/rest-api/#query-api\"\u003eQuery API\u003c/a\u003e facilitates advanced queries.\nFull access to these APIs provides both simpler, and broader access than what the security issue describes here can facilitate.\nAs such, OPA servers exposed to a network are \u003cstrong\u003enot\u003c/strong\u003e considered affected by the attack described here if they are knowingly not restricting access through an Authorization Policy.\u003c/p\u003e\n\u003cp\u003eThis issue affects all versions of OPA prior to 1.4.0.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/open-policy-agent/opa/security/advisories/GHSA-6m8w-jc87-6cr7\"\u003eSecurity Advisory\u003c/a\u003e for more details.\u003c/p\u003e\n\u003cp\u003eReported by \u003ca href=\"https://github.com/GamrayW\"\u003e\u003ccode\u003e@​GamrayW\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/HyouKash\"\u003e\u003ccode\u003e@​HyouKash\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/AdrienIT\"\u003e\u003ccode\u003e@​AdrienIT\u003c/code\u003e\u003c/a\u003e, authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eRuntime, Tooling, SDK\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003east: Adding \u003ccode\u003erego_v1\u003c/code\u003e feature to \u003ccode\u003e--v0-compatible\u003c/code\u003e capabilities (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7474\"\u003e#7474\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eexecutable: Add version and icon to OPA windows executable (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/3171\"\u003e#3171\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/christophwille\"\u003e\u003ccode\u003e@​christophwille\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Don't panic on format due to unexpected comments (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6330\"\u003e#6330\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/sirpi\"\u003e\u003ccode\u003e@​sirpi\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eformat: Avoid modifying strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/6220\"\u003e#6220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e reported by \u003ca href=\"https://github.com/zregvart\"\u003e\u003ccode\u003e@​zregvart\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplugins/status: FIFO buffer channel for status events to prevent slow status API blocking (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7522\"\u003e#7522\u003c/a\u003e) authored by \u003ca href=\"https://github.com/sspaink\"\u003e\u003ccode\u003e@​sspaink\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTopdown and Rego\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egqlparser: Add JSON annotation in \u003ccode\u003einternal/gqlparser/ast\u003c/code\u003e to Position fields (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7509\"\u003e#7509\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egraphql: Cache GraphQL schema parse results (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7457\"\u003e#7457\u003c/a\u003e) authored by \u003ca href=\"https://github.com/robmyersrobmyers\"\u003e\u003ccode\u003e@​robmyersrobmyers\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Handling default functions in Partial Eval (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7220\"\u003e#7220\u003c/a\u003e) authored by \u003ca href=\"https://github.com/johanfylling\"\u003e\u003ccode\u003e@​johanfylling\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Fix wall clock time init for \u003ccode\u003ePartialRun()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7490\"\u003e#7490\u003c/a\u003e) authored by \u003ca href=\"https://github.com/srenatus\"\u003e\u003ccode\u003e@​srenatus\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etopdown: Zero alloc lower/upper unless changed (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/pull/7472\"\u003e#7472\u003c/a\u003e) authored by \u003ca href=\"https://github.com/anderseknert\"\u003e\u003ccode\u003e@​anderseknert\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs, Website, Ecosystem\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/8b0720247e65b97fe7715ca15682fee4040df4d1\"\u003e\u003ccode\u003e8b07202\u003c/code\u003e\u003c/a\u003e Prepare v1.4.0 release (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7541\"\u003e#7541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/ad2063247a14711882f18c387a511fc8094aa79c\"\u003e\u003ccode\u003ead20632\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/24ff9cfb3ad0a6a5629f0b21458982d325ee03c5\"\u003e\u003ccode\u003e24ff9cf\u003c/code\u003e\u003c/a\u003e fix: return the raw strings when formatting (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7525\"\u003e#7525\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/254f3bf0b9ee5faf1972ba31bbbe749bba19a000\"\u003e\u003ccode\u003e254f3bf\u003c/code\u003e\u003c/a\u003e fix(status plugin): make sure the latest status is read before manually trigg...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/9b5f6010c0503cd91eed8a56268a02d4895a42b4\"\u003e\u003ccode\u003e9b5f601\u003c/code\u003e\u003c/a\u003e docs: fix post merge badge (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7532\"\u003e#7532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/e4902774778da576da2a8f4b2fd50df6cc3da8b5\"\u003e\u003ccode\u003ee490277\u003c/code\u003e\u003c/a\u003e docs: Point path versioned requests to new sites (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7531\"\u003e#7531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/d65888c14f4cb2d67929590604415e35ba75f58c\"\u003e\u003ccode\u003ed65888c\u003c/code\u003e\u003c/a\u003e plugins/status: FIFO buffer channel for status events to prevent slow status ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/eb77d10971ec772c3ac4968d4abe3666037d0338\"\u003e\u003ccode\u003eeb77d10\u003c/code\u003e\u003c/a\u003e docs: update edge links to use /docs/edge/ path (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7529\"\u003e#7529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/f07d604b4f4b37c29324643cc75b82e3e0070aea\"\u003e\u003ccode\u003ef07d604\u003c/code\u003e\u003c/a\u003e docs: Set versioned docs links to point to archive (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7528\"\u003e#7528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-policy-agent/opa/commit/828b8cb1568bc2a3eba7d0b87101a6c0679eee06\"\u003e\u003ccode\u003e828b8cb\u003c/code\u003e\u003c/a\u003e docs: improve request headers documentation in REST APIs (\u003ca href=\"https://redirect.github.com/open-policy-agent/opa/issues/7524\"\u003e#7524\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cloudflare/circl` from 1.6.0 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/circl/releases\"\u003egithub.com/cloudflare/circl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCIRCL v1.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes some point checks on the FourQ curve.\u003c/li\u003e\n\u003cli\u003eHybrid KEM fails on low-order points.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ekem/hybrid: ensure X25519 hybrids fails with low order points by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/541\"\u003ecloudflare/circl#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.github: Use native ARM64 builders instead of QEMU by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/542\"\u003ecloudflare/circl#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes several errors on twisted Edwards curves. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/545\"\u003ecloudflare/circl#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.6.1 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/546\"\u003ecloudflare/circl#546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c6d33e35234ebf5c4319d12ae7d77d7d17053e56\"\u003e\u003ccode\u003ec6d33e3\u003c/code\u003e\u003c/a\u003e Release v1.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/0c3868ef6fc8ce864bc4104863186afdd2947f14\"\u003e\u003ccode\u003e0c3868e\u003c/code\u003e\u003c/a\u003e curve4q: Shared must fail with low order points.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/9fd570dd508eef941d3f42fb94413a899b96d52e\"\u003e\u003ccode\u003e9fd570d\u003c/code\u003e\u003c/a\u003e curve4q: Test showing DH does not fails on identity point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c988ceba827fe09896e770c152646dded447903d\"\u003e\u003ccode\u003ec988ceb\u003c/code\u003e\u003c/a\u003e fourq: Correctly unmarshalling point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/ef2611dcde7f6d25e31082412bbb30f2a870d133\"\u003e\u003ccode\u003eef2611d\u003c/code\u003e\u003c/a\u003e fourq: Test showing point unmarshal fails.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/05eba44d1a35f979c5f3ac914bcc50c1122e8ced\"\u003e\u003ccode\u003e05eba44\u003c/code\u003e\u003c/a\u003e fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/eef08780cc3cb9befa20014e65f731391103be6b\"\u003e\u003ccode\u003eeef0878\u003c/code\u003e\u003c/a\u003e fourq: Test showing isEqual and IsOnCurve fail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/2298474ef688938e4a81ca14990b9a11a8677e2a\"\u003e\u003ccode\u003e2298474\u003c/code\u003e\u003c/a\u003e goldilocks; Handling points with z=0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/5a940a111507232035d0b753fbf3068c52d6b8ac\"\u003e\u003ccode\u003e5a940a1\u003c/code\u003e\u003c/a\u003e goldilocks: Test for IsEqual must fail with Z=0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/48c3b6a2746a18db4d8b675ab296980514359340\"\u003e\u003ccode\u003e48c3b6a\u003c/code\u003e\u003c/a\u003e ed25519: Fix isEqual to handle points with Z=0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/FlixiDoe/coder/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/FlixiDoe/coder/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FlixiDoe%2Fcoder/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-06-10T12:43:54.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2581237270","node_id":"PR_kwDOFw9qpc6Z2o4W","number":3,"state":"closed","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-06-10T12:44:23.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-10T12:43:54.000Z","updated_at":"2025-06-10T12:44:30.000Z","time_to_close":29,"merged_at":"2025-06-10T12:44:23.000Z","merged_by":"williamnoble","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/williamnoble/Snippet/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/williamnoble/Snippet/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/williamnoble%2FSnippet/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-05-27T16:32:00.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2547023784","node_id":"PR_kwDOLHZrt86X0H-o","number":3,"state":"open","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-27T16:32:00.000Z","updated_at":"2025-05-27T16:32:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jimmydg/snippetbox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jimmydg/snippetbox/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimmydg%2Fsnippetbox/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-05-26T11:56:11.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2543857259","node_id":"PR_kwDOLmBl1M6XoC5r","number":561,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-06-07T01:03:28.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-26T11:56:11.000Z","updated_at":"2025-06-07T01:03:28.000Z","time_to_close":997637,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Txim0520/https-github.com-coder-coder/pull/561","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Txim0520%2Fhttps-github.com-coder-coder/issues/561","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/561/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":"the go_modules group across 1 directory","pr_created_at":"2025-05-22T01:38:01.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2535790428","node_id":"PR_kwDOOpp8Xc6XJRdc","number":1,"state":"open","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0 in the go_modules group across 1 directory","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-05-22T01:38:01.000Z","updated_at":"2025-05-22T01:38:01.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":"the go_modules group across 1 directory","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update in the / directory: [github.com/justinas/nosurf](https://github.com/justinas/nosurf).\n\nUpdates `github.com/justinas/nosurf` from 1.1.1 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coutureb/coder/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/coutureb/coder/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/coutureb%2Fcoder/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-05-20T17:31:27.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2532201415","node_id":"PR_kwDOHtwK2M6W7lPH","number":3,"state":"open","title":"Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-20T17:31:27.000Z","updated_at":"2025-05-20T17:31:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/inchworks/quizinch/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/inchworks/quizinch/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/inchworks%2Fquizinch/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-05-19T21:20:34.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2529808815","node_id":"PR_kwDOKzhW9M6WydGv","number":315,"state":"closed","title":"Chore(deps): Bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-23T09:09:17.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-19T21:20:34.000Z","updated_at":"2025-05-23T09:09:17.000Z","time_to_close":301723,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Chore(deps): Bump","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/croessner/nauthilus/pull/315","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/croessner%2Fnauthilus/issues/315","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/315/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-05-19T12:09:35.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2528537977","node_id":"PR_kwDOIPpCRM6Wtm15","number":263,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-31T01:56:07.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-05-19T12:09:35.000Z","updated_at":"2025-05-31T01:56:07.000Z","time_to_close":999992,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/officialmofabs/coder/pull/263","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialmofabs%2Fcoder/issues/263","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/263/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-05-19T11:56:43.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2528507007","node_id":"PR_kwDONXET-c6WtfR_","number":190,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-31T01:38:06.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-05-19T11:56:43.000Z","updated_at":"2025-05-31T01:38:06.000Z","time_to_close":999683,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/onchainengineering/hmi-computer/pull/190","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onchainengineering%2Fhmi-computer/issues/190","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/190/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-05-19T11:37:32.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2528458868","node_id":"PR_kwDOIL6DZc6WtTh0","number":1028,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-31T01:43:34.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-19T11:37:32.000Z","updated_at":"2025-05-31T01:43:34.000Z","time_to_close":1001162,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ongood/coder/pull/1028","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ongood%2Fcoder/issues/1028","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1028/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-05-19T11:32:23.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2528447130","node_id":"PR_kwDONX4SK86WtQqa","number":196,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-31T01:09:32.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-19T11:32:23.000Z","updated_at":"2025-05-31T01:09:32.000Z","time_to_close":999429,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/onchainengineering/hmi-wirtual/pull/196","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onchainengineering%2Fhmi-wirtual/issues/196","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/196/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-05-19T11:16:34.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2528410196","node_id":"PR_kwDOMrdwEc6WtHpU","number":480,"state":"closed","title":"chore: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["stale","dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-31T01:57:36.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-05-19T11:16:34.000Z","updated_at":"2025-05-31T01:57:36.000Z","time_to_close":1003262,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/kehanzhang/athens-coder/pull/480","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kehanzhang%2Fathens-coder/issues/480","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/480/packages"}},{"old_version":"1.1.1","new_version":"1.2.0","update_type":"minor","path":null,"pr_created_at":"2025-05-18T09:11:50.000Z","version_change":"1.1.1 → 1.2.0","issue":{"uuid":"2526786544","node_id":"PR_kwDOK0m4n86Wm7Pw","number":38,"state":"open","title":"deps: bump github.com/justinas/nosurf from 1.1.1 to 1.2.0","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-18T09:11:50.000Z","updated_at":"2025-05-18T09:11:51.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps","packages":[{"name":"github.com/justinas/nosurf","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/justinas/nosurf"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/justinas/nosurf](https://github.com/justinas/nosurf) from 1.1.1 to 1.2.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/justinas/nosurf/releases\"\u003egithub.com/justinas/nosurf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cem\u003esecurity\u003c/em\u003e release for nosurf. It mainly addresses \u003ca href=\"https://github.com/justinas/nosurf-cve-2025-46721\"\u003eCVE-2025-46721\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis release technically includes breaking changes, as nosurf starts applying same-origin checks that were not previously enforced. In most cases, users will not need to make any changes to their code. However, it is recommended to read \u003ca href=\"https://github.com/justinas/nosurf/blob/master/docs/origin-checks.md\"\u003ethe documentation on nosurf's trusted origin checks\u003c/a\u003e before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/ec9bb776d8e5ba9e906b6eb70428f4e7b009feee\"\u003e\u003ccode\u003eec9bb77\u003c/code\u003e\u003c/a\u003e Rework origin checks (\u003ca href=\"https://redirect.github.com/justinas/nosurf/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/justinas/nosurf/commit/e5c9c1fe2d4f69668ff78f872abf3b396a08673a\"\u003e\u003ccode\u003ee5c9c1f\u003c/code\u003e\u003c/a\u003e Add GitHub Actions CI, fix lints and tests\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/justinas/nosurf/compare/v1.1.1...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/justinas/nosurf\u0026package-manager=go_modules\u0026previous-version=1.1.1\u0026new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/akyrey/snippetbox/pull/38","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/akyrey%2Fsnippetbox/issues/38","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/38/packages"}}]}