Bump the go_modules group with 2 updates
Open
Number: #8
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: None
Comments: 0
dependabot[bot]Association: None
Comments: 0
Created:
July 12, 2025 at 07:16 PM UTC
(11 months ago)
(11 months ago)
Updated:
September 01, 2025 at 08:16 AM UTC
(9 months ago)
(9 months ago)
Labels:
dependencies go
dependencies go
Description:
Bumps the go_modules group with 2 updates: github.com/go-chi/chi/v5 and golang.org/x/crypto.
Updates github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2
Release notes
Sourced from github.com/go-chi/chi/v5's releases.
v5.2.2
What's Changed
- Use strings.Cut in a few places by
@JRaspassin go-chi/chi#971- Fix non-constant format strings in t.Fatalf by
@JRaspassin go-chi/chi#972- Apply fieldalignment fixes to optimize struct memory layout by
@pixel365in go-chi/chi#974- go 1.24 by
@pkieltykain go-chi/chi#977- chore: delint ioutil usage by
@costelain go-chi/chi#962- Fixed typo in Router interface definition by
@mithileshgupta12in go-chi/chi#958- Add support for TinyGo by
@efraimbartin go-chi/chi#978- Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by
@cxjavain go-chi/chi#982- Make use of strings.Cut by
@scopin go-chi/chi#1005- Change install command format to code block by
@sglkcin go-chi/chi#1001- Correct documentation by
@mrdominoin go-chi/chi#992Security fix
- Fixes GHSA-vrw8-fxc6-2r93 - "Host Header Injection Leads to Open Redirect in RedirectSlashes" commit
- a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header
- reported by Anuraag Baishya,
@anuraagbaishya. Thank you!New Contributors
@pixel365made their first contribution in go-chi/chi#974@mithileshgupta12made their first contribution in go-chi/chi#958@efraimbartmade their first contribution in go-chi/chi#978@cxjavamade their first contribution in go-chi/chi#982@sglkcmade their first contribution in go-chi/chi#1001@mrdominomade their first contribution in go-chi/chi#992Full Changelog: https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2
Commits
23c395fCorrect documentation (#992)5516d14docs: change install code to code block (#1001)e235052Make use of strings.Cut (#1005)1be7ad9Merge commit from forkd7034fdExclude profiler when use tinygo (#982)d047034support tinygo (#978)fe2c065Fixed the typo (#958)1aae5b2chore: delint ioutil usage (#962)c6225e3go 1.24 (#977)e846b83Apply fieldalignment fixes to optimize struct memory layout (#974)- Additional commits viewable in compare view
Updates golang.org/x/crypto from 0.31.0 to 0.35.0
Commits
7292932ssh: limit the size of the internal packet queue while waiting for KEXf66f74bacme/autocert: check host policy before probing the cacheb0784b7x509roots/fallback: drop obsolete build constraint911360call: bump golang.org/x/crypto dependencies of asm generators89ff08dall: upgrade go directive to at least 1.23.0 [generated]e47973ball: update certs for go1.249290511go.mod: update golang.org/x dependenciesfa5273ex509roots/fallback: update bundlea8ea4bessh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface71d3a4cacme: support challenges that require the ACME client to send a non-empty JSO...- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.
Pull Request Statistics
Commits:
1
1
Files Changed:
2
2
Additions:
+6
+6
Deletions:
-6
-6
Package Dependencies
Technical Details
| ID: | 3156956 |
| UUID: | 2661593825 |
| Node ID: | PR_kwDOOTv_y86epLLh |
| Host: | GitHub |
| Repository: | GoCodeAlone/workflow |
| Merge State: | Unknown |