chore(deps): update go dependencies

[red-hat-konflux]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
cloud.google.com/go/auth	indirect	minor	v0.19.0 → v0.20.0
cloud.google.com/go/iam	indirect	minor	v1.6.0 → v1.11.0
cloud.google.com/go/kms	indirect	minor	v1.26.0 → v1.31.0
cloud.google.com/go/longrunning	indirect	major	v0.8.0 → v1.0.0
cloud.google.com/go/security	require	minor	v1.19.2 → v1.24.0
github.com/Azure/azure-sdk-for-go/sdk/azcore	indirect	patch	v1.21.0 → v1.21.1
github.com/Azure/azure-sdk-for-go/sdk/internal	indirect	minor	v1.11.2 → v1.12.0
github.com/AzureAD/microsoft-authentication-library-for-go	indirect	patch	v1.7.0 → v1.7.2
github.com/Masterminds/semver/v3	indirect	minor	v3.4.0 → v3.5.0
github.com/aws/aws-sdk-go	indirect	patch	v1.55.7 → v1.55.8
github.com/aws/aws-sdk-go-v2	indirect	patch	v1.41.5 → v1.41.7
github.com/aws/aws-sdk-go-v2/credentials	indirect	patch	v1.19.13 → v1.19.17
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	indirect	patch	v1.18.21 → v1.18.23
github.com/aws/aws-sdk-go-v2/internal/configsources	indirect	patch	v1.4.21 → v1.4.23
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	indirect	patch	v2.7.21 → v2.7.23
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	indirect	patch	v1.13.7 → v1.13.9
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	indirect	patch	v1.13.21 → v1.13.23
github.com/aws/aws-sdk-go-v2/service/kms	indirect	minor	v1.50.3 → v1.52.0
github.com/aws/aws-sdk-go-v2/service/signin	indirect	patch	v1.0.9 → v1.0.11
github.com/aws/aws-sdk-go-v2/service/sso	indirect	patch	v1.30.14 → v1.30.17
github.com/aws/aws-sdk-go-v2/service/ssooidc	indirect	minor	v1.35.18 → v1.36.0
github.com/aws/aws-sdk-go-v2/service/sts	indirect	minor	v1.41.10 → v1.42.1
github.com/aws/smithy-go	indirect	minor	v1.24.2 → v1.25.1
github.com/cenkalti/backoff/v4	indirect	major	v4.3.0 → v5.0.3
github.com/fsnotify/fsnotify	indirect	minor	v1.9.0 → v1.10.1
github.com/go-chi/chi	require	major	v4.1.2+incompatible → v5.3.0
github.com/go-jose/go-jose/v4	indirect	patch	v4.1.3 → v4.1.4
github.com/go-openapi/jsonpointer	indirect	minor	v0.22.5 → v0.23.1
github.com/go-openapi/runtime	indirect	minor	v0.29.3 → v0.31.0
github.com/go-openapi/runtime	require	minor	v0.29.3 → v0.31.0
github.com/go-openapi/strfmt	indirect	patch	v0.26.1 → v0.26.2
github.com/go-openapi/strfmt	require	patch	v0.26.1 → v0.26.2
github.com/go-openapi/swag	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag	require	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/cmdutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/conv	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/fileutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/jsonutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/loading	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/mangling	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/netutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/stringutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/typeutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/yamlutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-playground/validator/v10	require	patch	v10.30.1 → v10.30.2
github.com/golang-jwt/jwt/v5	indirect	patch	v5.3.0 → v5.3.1
github.com/google/go-containerregistry	indirect	patch	v0.21.3 → v0.21.6
github.com/googleapis/enterprise-certificate-proxy	indirect	patch	v0.3.14 → v0.3.16
github.com/googleapis/gax-go/v2	indirect	minor	v2.19.0 → v2.22.0
github.com/hashicorp/hcl	indirect	major	v1.0.1-vault-7 → v2.24.0
github.com/letsencrypt/boulder	indirect	minor	v0.20260324.0 → v0.20260518.0
github.com/pelletier/go-toml/v2	indirect	minor	v2.2.4 → v2.3.1
github.com/secure-systems-lab/go-securesystemslib	indirect	minor	v0.10.0 → v0.11.0
github.com/sigstore/protobuf-specs	indirect	patch	v0.5.0 → v0.5.1
github.com/sigstore/sigstore	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/aws	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/azure	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/gcp	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	require	patch	v1.10.5 → v1.10.6
github.com/tink-crypto/tink-go-awskms/v2	require	major	v2.1.0 → v3.0.0
github.com/tink-crypto/tink-go-hcvault/v2	require	minor	v2.4.0 → v2.5.0
github.com/urfave/negroni	require	major	v1.0.0 → v3.1.1
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	indirect	minor	v0.67.0 → v0.68.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	indirect	minor	v0.67.0 → v0.68.0
go.opentelemetry.io/otel	indirect	minor	v1.42.0 → v1.43.0
go.opentelemetry.io/otel/metric	indirect	minor	v1.42.0 → v1.43.0
go.opentelemetry.io/otel/trace	indirect	minor	v1.42.0 → v1.43.0
go.step.sm/crypto	require	minor	v0.77.1 → v0.81.0
go.uber.org/zap	require	minor	v1.27.1 → v1.28.0
go.yaml.in/yaml/v2	indirect	major	v2.4.3 → v3.0.4
golang.org/x/crypto	indirect	minor	v0.49.0 → v0.52.0
golang.org/x/mod	indirect	minor	v0.34.0 → v0.36.0
golang.org/x/net	indirect	minor	v0.52.0 → v0.55.0
golang.org/x/net	require	minor	v0.52.0 → v0.55.0
golang.org/x/sys	indirect	minor	v0.42.0 → v0.45.0
golang.org/x/term	indirect	minor	v0.41.0 → v0.43.0
golang.org/x/text	indirect	minor	v0.35.0 → v0.37.0
golang.org/x/tools	indirect	minor	v0.43.0 → v0.45.0
google.golang.org/api	indirect	minor	v0.273.0 → v0.280.0
google.golang.org/genproto	indirect	digest	d00831a → 0a33c5d
google.golang.org/genproto/googleapis/api	indirect	digest	d00831a → 0a33c5d
google.golang.org/genproto/googleapis/rpc	indirect	digest	d00831a → 0a33c5d
google.golang.org/grpc	indirect	minor	v1.79.3 → v1.81.1
gopkg.in/yaml.v2	indirect	major	v2.4.0 → v3.0.1
sigs.k8s.io/release-utils	require	patch	v0.12.3 → v0.12.4

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

googleapis/google-cloud-go (cloud.google.com/go/auth)

v0.20.0

Compare Source

• bigquery: Support SchemaUpdateOptions for load jobs.

• bigtable:

  • Add SampleRowKeys.
  • cbt: Support union, intersection GCPolicy.
  • Retry admin RPCS.
  • Add trace spans to retries.

• datastore: Add OpenCensus tracing.

• firestore:

  • Fix queries involving Null and NaN.
  • Allow Timestamp protobuffers for time values.

• logging: Add a WriteTimeout option.

• spanner: Support Batch API.

• storage: Add OpenCensus tracing.

AzureAD/microsoft-authentication-library-for-go (github.com/AzureAD/microsoft-authentication-library-for-go)

v1.7.2

Compare Source

What's Changed

• Adjust constants used in FMI tests by @​Avery-Dunn in #​608
• Update version to 1.7.1 by @​Avery-Dunn in #​607
• Add MSAL client metadata headers to IMDS managed identity requests by @​Copilot in #​611
• Disable gzip compression #​613 by @​4gust in #​616
• Update version.go by @​4gust in #​617

New Contributors

• @​Copilot made their first contribution in #​611

Full Changelog: AzureAD/microsoft-authentication-library-for-go@v1.7.1...v1.7.2

v1.7.1: 1.7.1

Compare Source

What's Changed

• Add FMI (Federated Managed Identity) Design Specification for MSAL Go by @​4gust in #​583
• Fix bug in refresh token partition check by @​Avery-Dunn in #​606
• Improve instance discovery resiliency and sovereign cloud support by @​Avery-Dunn in #​604

Full Changelog: AzureAD/microsoft-authentication-library-for-go@v1.7.0...v1.7.1

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.5.0

Compare Source

What's Changed

• Adding more prerelease tests by @​mattfarina in #​273
• Update constraint error messages by @​mattfarina in #​278
• Fix edge cases by @​mattfarina in #​279
• Adding some checks in by @​mattfarina in #​280
• Updating deps by @​mattfarina in #​281
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in #​282
• Bump actions/cache from 4.2.3 to 5.0.5 by @​dependabot[bot] in #​283
• Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @​dependabot[bot] in #​284
• Updating gitignore for devcontainers by @​mattfarina in #​286
• Fixing some quality issues by @​mattfarina in #​287

New Contributors

• @​dependabot[bot] made their first contribution in #​282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

aws/aws-sdk-go (github.com/aws/aws-sdk-go)

v1.55.8

Compare Source

SDK Features

• Mark the module and all packages as deprecated.
  • This SDK has entered end-of-support.

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)

v1.41.7

Compare Source

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/ecs: v1.41.7
  • Documentation: Documentation only update for Amazon ECS.
• github.com/aws/aws-sdk-go-v2/service/glue: v1.78.0
  • Feature: Adding View related fields to responses of read-only Table APIs.
• github.com/aws/aws-sdk-go-v2/service/ivschat: v1.12.5
  • Documentation: Doc-only update. Changed "Resources" to "Key Concepts" in docs and updated text.
• github.com/aws/aws-sdk-go-v2/service/rolesanywhere: v1.10.0
  • Feature: This release increases the limit on the roleArns request parameter for the *Profile APIs that support it. This parameter can now take up to 250 role ARNs.
• github.com/aws/aws-sdk-go-v2/service/securityhub: v1.47.2
  • Documentation: Documentation updates for AWS Security Hub

v1.41.6

Compare Source

aws/smithy-go (github.com/aws/smithy-go)

v1.25.1

Compare Source

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.1
  • Bug Fix: Fixed a memory leak in the LRU cache implementation used by some AWS services.

v1.25.0

Compare Source

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.0
  • Feature: Add support for endpointBdd trait

v1.24.3

Compare Source

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.3
  • Bug Fix: Add additional sigv4 configuration.
• github.com/aws/smithy-go/aws-http-auth: v1.1.3
  • Bug Fix: Add additional sigv4 configuration.

cenkalti/backoff (github.com/cenkalti/backoff/v4)

v5.0.3

Compare Source

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#​754)

• inotify, windows: don't rename sibling watches sharing a path prefix
  (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#​731)

• inotify: send Rename event if recursive watch is renamed (#​696)

• inotify: avoid copying event buffers when reading names (#​741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

• windows: fix nil pointer dereference in remWatch (#​736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

go-chi/chi (github.com/go-chi/chi)

v5.3.0

Compare Source

What's Changed

• Use strings.ReplaceAll where applicable by @​JRaspass in #​1046
• Propagate inline middlewares across mounted subrouters by @​LukasJenicek in #​1049
• add go 1.26 to ci by @​pkieltyka in #​1052
• Remove last uses of io/ioutil by @​JRaspass in #​1054
• Simplify chi.walk with slices.Concat by @​JRaspass in #​1053
• Apply the stringscutprefix modernizer by @​JRaspass in #​1051
• Bump minimum Go to 1.23, always use request.Pattern by @​JRaspass in #​1048
• middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by @​alliasgher in #​1085
• Fix typo in Route doc comment by @​gouwazi in #​1073
• fix: set Request.Pattern from RoutePattern() by @​leno23 in #​1097
• feat: middleware.ClientIP, a replacement for middleware.RealIP by @​VojtechVitek in #​967

New Contributors

• @​LukasJenicek made their first contribution in #​1049
• @​alliasgher made their first contribution in #​1085
• @​gouwazi made their first contribution in #​1073
• @​leno23 made their first contribution in #​1097

SECURITY: middleware.ClientIP, a replacement for middleware.RealIP

@​VojtechVitek submitted PR #​967, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:

• GHSA-9g5q-2w5x-hmxf — IP spoofing via XFF in RemoteAddr resolution (convto)
• GHSA-rjr7-jggh-pgcp — RealIP allows IP spoofing via unvalidated XFF (rezmoss)
• GHSA-3fxj-6jh8-hvhx — IP spoofing in middleware.RealIP (Saku0512, Critical / 9.3)

It also addresses issues outlined at:

• #​708
• https://adam-p.ca/blog/2022/03/x-forwarded-for/
• #​711
• #​453
• #​908

middleware.RealIP is deprecated in this PR with pointers to the new API.

The deprecation only adds a // Deprecated: doc comment; the function keeps working for backward compatibility.

Why a new middleware (not "fix RealIP in place")

RealIP has two unfixable design choices: it mutates r.RemoteAddr, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per adam-p's "The perils of the 'real' client IP" (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.

The new API

Four middlewares, two accessors. Pick exactly one middleware based on your
infrastructure, read the result with one of the two accessors:

// One of the four. There is no safe default — pick exactly one.
func ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler
func ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler
func ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler
func ClientIPFromRemoteAddr(h http.Handler) http.Handler

// Read the result.
func GetClientIP(ctx context.Context) string         // for logs, rate-limit keys
func GetClientIPAddr(ctx context.Context) netip.Addr // for typed work

Example usage:

// Pick a single ClientIP middleware based on your deployment
  
// Cloudflare.
r.Use(middleware.ClientIPFromHeader("CF-Connecting-IP"))

// Nginx with ngx_http_realip_module.
r.Use(middleware.ClientIPFromHeader("X-Real-IP"))

// Apache with mod_remoteip.
r.Use(middleware.ClientIPFromHeader("X-Client-IP"))

// AWS CloudFront, or any proxy fleet with known CIDRs.
r.Use(middleware.ClientIPFromXFF(
    "13.32.0.0/15",   // CloudFront IPv4
    "52.46.0.0/18",   // CloudFront IPv4
    "2600:9000::/28", // CloudFront IPv6
))

// Behind exactly 2 trusted proxies with dynamic IPs (autoscaling pools,
// ephemeral containers, dynamic CDN edges).
r.Use(middleware.ClientIPFromXFFTrustedProxies(2))

// Server directly on the public internet, no proxy in front.
r.Use(middleware.ClientIPFromRemoteAddr)

And in your handler or downstream middleware:

clientIP := middleware.GetClientIP(r.Context())
// log it, use it as a rate-limit key, etc.

---

Thanks to @​adam-p, @​c2h5oh, @​rezmoss, @​Saku0512, @​convto, @​Dirbaio, @​jawnsy, @​lrstanley, @​mfridman, @​n33pm, @​pkieltyka for the prior discussions, detailed reviews, advisory reports, and test contributions that shaped this PR.

Full Changelog: go-chi/chi@v5.2.5...v5.3.0

v5.2.5

Compare Source

What's Changed

• Bump minimum Go to 1.22 and use new features by @​JRaspass in #​1017
• Refactor graceful shutdown example by @​mikereid1 in #​994
• Refactor to use atomic type by @​cuiweixie in #​1019
• update reverseMethodMap in RegisterMethod by @​cixel in #​1022
• Update comment about min Go version by @​JRaspass in #​1023
• middleware: harden RedirectSlashes handler by @​pkieltyka in #​1044
• Fix(middleware): Prevent double handler invocation in RouteHeaders with empty router by @​mahanadh in #​1045

New Contributors

• @​mikereid1 made their first contribution in #​994
• @​cuiweixie made their first contribution in #​1019
• @​cixel made their first contribution in #​1022
• @​mahanadh made their first contribution in #​1045

Full Changelog: go-chi/chi@v5.2.3...v5.2.5

v5.2.4

Compare Source

v5.2.3

Compare Source

What's Changed

• Add pathvalue example to README and implement PathValue handler. by @​catatsuy in #​985
• Allow multiple whitespace between method & pattern by @​JRaspass in #​1013
• Avoid potential nil dereference by @​ProjectMutilation in #​1008
• feat(mux): support http.Request.Pattern in Go 1.23 by @​Gusted in #​986
• fix/608 - Fix flaky Throttle middleware test by synchronizing token usage by @​OtavioBernardes in #​1016
• Optimize throttle middleware by avoiding unnecessary timer creation by @​vasayxtx in #​1011
• Simplify wildcard replacement in route patterns by @​srpvpn in #​1012
• Replace methodTypString func with reverseMethodMap by @​JRaspass in #​1018

New Contributors

• @​ProjectMutilation made their first contribution in #​1008
• @​Gusted made their first contribution in #​986
• @​OtavioBernardes made their first contribution in #​1016
• @​srpvpn made their first contribution in #​1012

Full Changelog: go-chi/chi@v5.2.2...v5.2.3

v5.2.2

Compare Source

What's Changed

• Use strings.Cut in a few places by @​JRaspass in #​971
• Fix non-constant format strings in t.Fatalf by @​JRaspass in #​972
• Apply fieldalignment fixes to optimize struct memory layout by @​pixel365 in #​974
• go 1.24 by @​pkieltyka in #​977
• chore: delint ioutil usage by @​costela in #​962
• Fixed typo in Router interface definition by @​mithileshgupta12 in #​958
• Add support for TinyGo by @​efraimbart in #​978
• Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by @​cxjava in #​982
• Make use of strings.Cut by @​scop in #​1005
• Change install command format to code block by @​sglkc in #​1001
• Correct documentation by @​mrdomino in #​992

Security fix

• Fixes GHSA-vrw8-fxc6-2r93 - "Host Header Injection Leads to Open Redirect in RedirectSlashes" commit
  • a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header
  • reported by Anuraag Baishya, @​anuraagbaishya. Thank you!

New Contributors

• @​pixel365 made their first contribution in #​974
• @​mithileshgupta12 made their first contribution in #​958
• @​efraimbart made their first contribution in #​978
• @​cxjava made their first contribution in #​982
• @​sglkc made their first contribution in #​1001
• @​mrdomino made their first contribution in #​992

Full Changelog: go-chi/chi@v5.2.1...v5.2.2

v5.2.1

Compare Source

⚠️ Chi supports Go 1.20+

Starting this release, we will now support the four most recent major versions of Go. See #​963 for related discussion.

What's Changed

• Support the four most recent major versions of Go by @​VojtechVitek in #​969

Full Changelog: go-chi/chi@v5.2.0...v5.2.1

v5.2.0

Compare Source

What's Changed

• update credits section to link to goji license by @​pkieltyka in #​944
• go 1.23 by @​pkieltyka in #​945
• Make Context.RoutePattern() nil-safe by @​gaiaz-iusipov in #​927
• govet: Fix non-constant format string by @​marcofranssen in #​952
• Add Find to Routes interface by @​joeriddles in #​872
• Fix grammar error by @​AntonC9018 in #​917
• feat(): add CF-Connecting-IP by @​n33pm in #​908
  • Revert "feat(): add CF-Connecting-IP" by @​VojtechVitek in #​966
• Fixed incorrect comment about routing by @​jtams in #​887
• Fix condition in TestRedirectSlashes by @​tchssk in #​856
• middleware: Add strip prefix middleware by @​m1k1o in #​875
• Set up go module for _examples/versions by @​hongkuancn in #​948
• Ability to specify response HTTP status code for Throttle middleware by @​vasayxtx in #​571
• Support Content-Type headers with charset/boundary parameters by @​GocaMaric in #​880
• Fix Mux.Find not correctly handling nested routes by @​joeriddles in #​954
• fix(WrapResponseWriter): allow multiple informational statuses by @​costela in #​961

New Contributors

• @​gaiaz-iusipov made their first contribution in #​927
• @​marcofranssen made their first contribution in #​952
• @​joeriddles made their first contribution in #​872
• @​AntonC9018 made their first contribution in #​917
• @​n33pm made their first contribution in #​908
• @​jtams made their first contribution in #​887
• @​tchssk made their first contribution in #​856
• @​m1k1o made their first contribution in #​875
• @​hongkuancn made their first contribution in #​948
• @​GocaMaric made their first contribution in #​880
• @​costela made their first contribution in #​961

Full Changelog: go-chi/chi@v5.1.0...v5.2.0

v5.1.0

Compare Source

What's Changed

• middleware: add Discard method to WrapResponseWriter by @​patrislav in #​926
  • Adds Discard() method to the middleware.WrapResponseWriter interface. This is technically an API breaking change. However after some discussion at #​926 (comment), we decided to move forward, and release as minor version, as we don't expect anyone to rely on this interface / implement it externally.

New Contributors

• @​patrislav made their first contribution in #​926

Full Changelog: go-chi/chi@v5.0.14...v5.1.0

v5.0.14

Compare Source

What's Changed

• middleware: fix typo in RealIP doc by @​l2dy in #​903
• reduce size of Context struct from 216 bytes to 208 bytes by @​juburr in #​912
• Avoid possible memory leak in compress middleware by @​Neurostep in #​919
• docs: Update stale links in docs for contributing by @​Lutherwaves in #​904
• Revert "Avoid possible memory leak in compress middleware" by @​VojtechVitek in #​924

New Contributors

• @​l2dy made their first contribution in #​903
• @​juburr made their first contribution in #​912
• @​Neurostep made their first contribution in #​919
• @​Lutherwaves made their first contribution in #​904

Full Changelog: go-chi/chi@v5.0.12...v5.0.14

v5.0.13

Compare Source

What's Changed

• middleware: fix typo in RealIP doc by @​l2dy in #​903
• reduce size of Context struct from 216 bytes to 208 bytes by @​juburr in #​912
• Avoid possible memory leak in compress middleware by @​Neurostep in #​919

New Contributors

• @​l2dy made their first contribution in #​903
• @​juburr made their first contribution in #​912
• @​Neurostep made their first contribution in #​919

Full Changelog: go-chi/chi@v5.0.12...v5.0.13

v5.0.12

Compare Source

• History of changes: see go-chi/chi@v5.0.11...v5.0.12

v5.0.11

Compare Source

• History of changes: see go-chi/chi@v5.0.11...v5.0.12

v5.0.10

Compare Source

• History of changes: see go-chi/chi@v5.0.10...v5.0.11

v5.0.9

Compare Source

• Fixed small edge case in tests of v5.0.9 for older Go versions
• History of changes: see go-chi/chi@v5.0.9...v5.0.10

v5.0.8

Compare Source

• History of changes: see go-chi/chi@v5.0.8...v5.0.9

v5.0.7

Compare Source

• History of changes: see go-chi/chi@v5.0.7...v5.0.8

v5.0.6

Compare Source

• History of changes: see go-chi/chi@v5.0.6...v5.0.7

v5.0.5

Compare Source

• History of changes: see go-chi/chi@v5.0.5...v5.0.6

v5.0.4

Compare Source

• History of changes: see go-chi/chi@v5.0.4...v5.0.5

v5.0.3

Compare Source

• History of changes: see go-chi/chi@v5.0.3...v5.0.4

v5.0.2

Compare Source

• History of changes: see go-chi/chi@v5.0.2...v5.0.3

v5.0.1

Compare Source

• History of changes: see go-chi/chi@v5.0.11...v5.0.12

v5.0.0

Compare Source

• Small improvements
• History of changes: see go-chi/chi@v5.0.0...v5.0.1

v4.1.3

Compare Source

go-jose/go-jose (github.com/go-jose/go-jose/v4)

v4.1.4

Compare Source

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

go-openapi/jsonpointer (github.com/go-openapi/jsonpointer)

v0.23.1

Compare Source

0.23.1 - 2026-04-18

Full Changelog: go-openapi/jsonpointer@v0.23.0...v0.23.1

5 commits in this release.

---

Fixed bugs

• fix(offset): in Offset method, fixed index of value of array element. by @​fredbi in #​128 ...

Documentation

• doc: project status update by @​fredbi in #​127 ...
• docs: point to organization-wide documentations, added missing godocs by @​fredbi in #​126 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​125 ...

Updates

• chore(deps): bump the development-dependencies group with 7 updates by @​dependabot[bot] in #​124 ...

---

People who contributed to this release

• @​fredbi

---

jsonpointer license terms

v0.23.0

Compare Source

0.23.0 - 2026-04-15

Support for known limitations

Full Changelog: go-openapi/jsonpointer@v0.22.5...v0.23.0

16 commits in this release.

---

Implemented enhancements

• feat: added alternate json name provider by @​fredbi in #​123 ...
• feat: added optional support for non-default json name provider by @​fredbi in #​122 ...
• feat: the RFC 6901 "-" array suffix is now supported by @​fredbi in #​121 ...

Fixed bugs

• fix(errors): correct error message for invalid JSON pointer start by @​alexandear in #​118 ...

Documentation

• doc: updated contributors file by @​bot-go-openapi[bot] in [#​119](https://redirec

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/googleapis/gax-go/v2	v2.19.0 -> v2.20.0

[red-hat-konflux]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.7 -> 1.26.0
github.com/aws/aws-sdk-go-v2/config	v1.32.12 -> v1.32.17
github.com/go-openapi/swag/jsonname	v0.25.5 -> v0.26.0

File name: hack/tools/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/go-openapi/swag/jsonname	v0.25.5 -> v0.26.0