chore(deps): update go dependencies

[red-hat-konflux]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
cloud.google.com/go/longrunning	indirect	major	v0.13.0 → v1.0.0
github.com/Masterminds/semver/v3	indirect	minor	v3.4.0 → v3.5.0
github.com/aws/aws-sdk-go	indirect	patch	v1.55.7 → v1.55.8
github.com/aws/aws-sdk-go-v2/config	indirect	patch	v1.32.17 → v1.32.18
github.com/aws/aws-sdk-go-v2/credentials	indirect	patch	v1.19.16 → v1.19.17
github.com/aws/aws-sdk-go-v2/service/kms	indirect	minor	v1.51.1 → v1.52.0
github.com/aws/aws-sdk-go-v2/service/ssooidc	indirect	minor	v1.35.21 → v1.36.0
github.com/cenkalti/backoff/v4	indirect	major	v4.3.0 → v5.0.3
github.com/go-chi/chi	require	major	v4.1.2+incompatible → v5.3.0
github.com/go-openapi/runtime	indirect	minor	v0.29.5 → v0.31.0
github.com/go-openapi/runtime	require	minor	v0.29.5 → v0.31.0
github.com/go-playground/validator/v10	require	patch	v10.30.1 → v10.30.2
github.com/golang-jwt/jwt/v5	indirect	patch	v5.3.0 → v5.3.1
github.com/google/go-containerregistry	indirect	patch	v0.21.5 → v0.21.6
github.com/googleapis/enterprise-certificate-proxy	indirect	patch	v0.3.15 → v0.3.16
github.com/hashicorp/hcl	indirect	major	v1.0.1-vault-7 → v2.24.0
github.com/letsencrypt/boulder	indirect	minor	v0.20260420.0 → v0.20260518.0
github.com/pelletier/go-toml/v2	indirect	minor	v2.2.4 → v2.3.1
github.com/sigstore/sigstore	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/aws	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/azure	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/gcp	require	patch	v1.10.5 → v1.10.6
github.com/sigstore/sigstore/pkg/signature/kms/hashivault	require	patch	v1.10.5 → v1.10.6
github.com/tink-crypto/tink-go-awskms/v2	require	major	v2.1.0 → v3.0.0
github.com/tink-crypto/tink-go-hcvault/v2	require	minor	v2.4.0 → v2.5.0
github.com/urfave/negroni	require	major	v1.0.0 → v3.1.1
go.step.sm/crypto	require	minor	v0.79.0 → v0.81.0
go.uber.org/zap	require	minor	v1.27.1 → v1.28.0
go.yaml.in/yaml/v2	indirect	major	v2.4.3 → v3.0.4
golang.org/x/crypto	indirect	minor	v0.51.0 → v0.52.0
golang.org/x/net	indirect	minor	v0.54.0 → v0.55.0
golang.org/x/net	require	minor	v0.54.0 → v0.55.0
golang.org/x/sys	indirect	minor	v0.44.0 → v0.45.0
google.golang.org/api	indirect	minor	v0.278.0 → v0.280.0
google.golang.org/genproto	indirect	digest	3700d41 → 7f3bc5b
google.golang.org/genproto/googleapis/api	indirect	digest	3700d41 → 7f3bc5b
google.golang.org/genproto/googleapis/rpc	indirect	digest	3700d41 → 7f3bc5b
google.golang.org/grpc	indirect	patch	v1.81.0 → v1.81.1
gopkg.in/yaml.v2	indirect	major	v2.4.0 → v3.0.1

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.5.0

Compare Source

What's Changed

• Adding more prerelease tests by @​mattfarina in #​273
• Update constraint error messages by @​mattfarina in #​278
• Fix edge cases by @​mattfarina in #​279
• Adding some checks in by @​mattfarina in #​280
• Updating deps by @​mattfarina in #​281
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in #​282
• Bump actions/cache from 4.2.3 to 5.0.5 by @​dependabot[bot] in #​283
• Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 by @​dependabot[bot] in #​284
• Updating gitignore for devcontainers by @​mattfarina in #​286
• Fixing some quality issues by @​mattfarina in #​287

New Contributors

• @​dependabot[bot] made their first contribution in #​282

Full Changelog: Masterminds/semver@v3.4.0...v3.5.0

aws/aws-sdk-go (github.com/aws/aws-sdk-go)

v1.55.8

Compare Source

SDK Features

• Mark the module and all packages as deprecated.
  • This SDK has entered end-of-support.

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2/service/kms)

v1.52.0

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/apigateway: v1.37.0
  • Feature: API Gateway now supports response streaming and new security policies for REST APIs and custom domain names.
• github.com/aws/aws-sdk-go-v2/service/apigatewayv2: v1.33.0
  • Feature: Support for API Gateway portals and portal products.
• github.com/aws/aws-sdk-go-v2/service/backup: v1.54.0
  • Feature: Amazon GuardDuty Malware Protection now supports AWS Backup, extending malware detection capabilities to EC2, EBS, and S3 backups.
• github.com/aws/aws-sdk-go-v2/service/bcmpricingcalculator: v1.10.0
  • Feature: Add GroupSharingPreference, CostCategoryGroupSharingPreferenceArn, and CostCategoryGroupSharingPreferenceEffectiveDate to Bill Estimate. Add GroupSharingPreference and CostCategoryGroupSharingPreferenceArn to Bill Scenario.
• github.com/aws/aws-sdk-go-v2/service/bedrockruntime: v1.44.0
  • Feature: This release includes support for Search Results.
• github.com/aws/aws-sdk-go-v2/service/billing: v1.9.0
  • Feature: Added name filtering support to ListBillingViews API through the new names parameter to efficiently filter billing views by name.
• github.com/aws/aws-sdk-go-v2/service/billingconductor: v1.27.0
  • Feature: This release adds support for Billing Transfers, enabling management of billing transfers with billing groups on AWS Billing Conductor.
• github.com/aws/aws-sdk-go-v2/service/cloudtrail: v1.54.0
  • Feature: AWS CloudTrail now supports Insights for data events, expanding beyond management events to automatically detect unusual activity on data plane operations.
• github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.60.0
  • Feature: Adding support for ocsf version 1.5, add optional parameter MappingVersion
• github.com/aws/aws-sdk-go-v2/service/connectcampaignsv2: v1.9.0
  • Feature: This release added support for ring timer configuration for campaign calls.
• github.com/aws/aws-sdk-go-v2/service/costexplorer: v1.60.0
  • Feature: Add support for COST_CATEGORY, TAG, and LINKED_ACCOUNT AWS managed cost anomaly detection monitors
• github.com/aws/aws-sdk-go-v2/service/costoptimizationhub: v1.21.0
  • Feature: Release ListEfficiencyMetrics API
• github.com/aws/aws-sdk-go-v2/service/datazone: v1.48.0
  • Feature: Amazon DataZone now supports business metadata (readme and metadata forms) at the individual attribute (column) level, a new rule type for glossary terms, and the ability to update the owner of the root domain unit.
• github.com/aws/aws-sdk-go-v2/service/dynamodb: v1.53.0
  • Feature: Extended Global Secondary Index (GSI) composite keys to support up to 8 attributes.
• github.com/aws/aws-sdk-go-v2/service/ec2: v1.272.0
  • Feature: This launch adds support for two new features: Regional NAT Gateway and IPAM Policies. IPAM policies offers customers central control for public IPv4 assignments across AWS services. Regional NAT is a single NAT Gateway that automatically expands across AZs in a VPC to maintain high availability.
• github.com/aws/aws-sdk-go-v2/service/ecr: v1.53.0
  • Feature: Add support for ECR archival storage class and Inspector org policy for scanning
• github.com/aws/aws-sdk-go-v2/service/ecs: v1.68.0
  • Feature: Added support for Amazon ECS Managed Instances infrastructure optimization configuration.
• github.com/aws/aws-sdk-go-v2/service/emr: v1.56.0
  • Feature: Add CloudWatch Logs integration for Spark driver, executor and step logs
• github.com/aws/aws-sdk-go-v2/service/fsx: v1.64.0
  • Feature: Adding File Server Resource Manager configuration to FSx Windows
• github.com/aws/aws-sdk-go-v2/service/guardduty: v1.68.0
  • Feature: Add support for scanning and viewing scan results for backup resource types
• github.com/aws/aws-sdk-go-v2/service/health: v1.35.0
  • Feature: Adds actionability and personas properties to Health events exposed through DescribeEvents, DescribeEventsForOrganization, DescribeEventDetails, and DescribeEventTypes APIs. Adds filtering by actionabilities and personas in EventFilter, OrganizationEventFilter, EventTypeFilter.
• github.com/aws/aws-sdk-go-v2/service/iam: v1.52.0
  • Feature: Added the EnableOutboundWebIdentityFederation, DisableOutboundWebIdentityFederation and GetOutboundWebIdentityFederationInfo APIs for the IAM outbound federation feature.
• github.com/aws/aws-sdk-go-v2/service/inspector2: v1.45.0
  • Feature: This release introduces BLOCKED_BY_ORGANIZATION_POLICY error code and IMAGE_ARCHIVED scanStatusReason. BLOCKED_BY_ORGANIZATION_POLICY error code is returned when an operation is blocked by an AWS Organizations policy. IMAGE_ARCHIVED scanStatusReason is returned when an Image is archived in ECR.
• github.com/aws/aws-sdk-go-v2/service/invoicing: v1.8.0
  • Feature: Add support for adding Billing transfers in Invoice configuration
• github.com/aws/aws-sdk-go-v2/service/lambda: v1.82.0
  • Feature: Added support for creating and invoking Tenant Isolated functions in AWS Lambda APIs.
• github.com/aws/aws-sdk-go-v2/service/mediaconnect: v1.46.0
  • Feature: This release adds support for global routing in AWS Elemental MediaConnect. You can now use router inputs and router outputs to manage global video and audio routing workflows both within the AWS-Cloud and over the public internet.
• github.com/aws/aws-sdk-go-v2/service/medialive: v1.87.0
  • Feature: MediaLive is adding support for MediaConnect Router by supporting a new input type called MEDIACONNECT_ROUTER. This new input type will provide seamless encrypted transport between MediaConnect Router and your MediaLive channel.
• github.com/aws/aws-sdk-go-v2/service/networkfirewall: v1.58.0
  • Feature: Partner Managed Rulegroup feature support
• github.com/aws/aws-sdk-go-v2/service/networkflowmonitor: v1.11.0
  • Feature: Added new enum value (AWS::EKS::Cluster) for type field under MonitorLocalResource
• github.com/aws/aws-sdk-go-v2/service/partnercentralchannel: v1.0.0
  • Release: New AWS service client module
  • Feature: Initial GA launch of Partner Central Channel
• github.com/aws/aws-sdk-go-v2/service/route53: v1.60.0
  • Feature: Add dual-stack endpoint support for Route53
• github.com/aws/aws-sdk-go-v2/service/rum: v1.30.0
  • Feature: CloudWatch RUM now supports mobile application monitoring for Android and iOS platforms
• github.com/aws/aws-sdk-go-v2/service/s3: v1.91.0
  • Feature: Adds support for blocking SSE-C writes to general purpose buckets.
• github.com/aws/aws-sdk-go-v2/service/sagemaker: v1.224.0
  • Feature: Added support for enhanced metrics for SageMaker AI Endpoints. This features provides Utilization Metrics at instance and container granularity and also provides easy configuration of metric publish frequency from 10 sec -> 5 mins
• github.com/aws/aws-sdk-go-v2/service/secretsmanager: v1.40.0
  • Feature: Adds support to create, update, retrieve, rotate, and delete managed external secrets.
• github.com/aws/aws-sdk-go-v2/service/sfn: v1.40.0
  • Feature: Adds support to TestState for mocked results and exceptions, along with additional inspection data.
• github.com/aws/aws-sdk-go-v2/service/signin: v1.0.0
  • Release: New AWS service client module
  • Feature: AWS Sign-In manages authentication for AWS services. This service provides secure authentication flows for accessing AWS resources from the console and developer tools. This release adds the CreateOAuth2Token API, which can be used to fetch OAuth2 access tokens and refresh tokens from Sign-In.
• github.com/aws/aws-sdk-go-v2/service/sts: v1.41.0
  • Feature: IAM now supports outbound identity federation via the STS GetWebIdentityToken API, enabling AWS workloads to securely authenticate with external services using short-lived JSON Web Tokens.
• github.com/aws/aws-sdk-go-v2/service/transcribestreaming: v1.33.0
  • Feature: This release adds support for additional locales in AWS transcribe streaming.

cenkalti/backoff (github.com/cenkalti/backoff/v4)

v5.0.3

Compare Source

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

go-chi/chi (github.com/go-chi/chi)

v5.3.0

Compare Source

What's Changed

• Use strings.ReplaceAll where applicable by @​JRaspass in #​1046
• Propagate inline middlewares across mounted subrouters by @​LukasJenicek in #​1049
• add go 1.26 to ci by @​pkieltyka in #​1052
• Remove last uses of io/ioutil by @​JRaspass in #​1054
• Simplify chi.walk with slices.Concat by @​JRaspass in #​1053
• Apply the stringscutprefix modernizer by @​JRaspass in #​1051
• Bump minimum Go to 1.23, always use request.Pattern by @​JRaspass in #​1048
• middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by @​alliasgher in #​1085
• Fix typo in Route doc comment by @​gouwazi in #​1073
• fix: set Request.Pattern from RoutePattern() by @​leno23 in #​1097
• feat: middleware.ClientIP, a replacement for middleware.RealIP by @​VojtechVitek in #​967

New Contributors

• @​LukasJenicek made their first contribution in #​1049
• @​alliasgher made their first contribution in #​1085
• @​gouwazi made their first contribution in #​1073
• @​leno23 made their first contribution in #​1097

SECURITY: middleware.ClientIP, a replacement for middleware.RealIP

@​VojtechVitek submitted PR #​967, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:

• GHSA-9g5q-2w5x-hmxf — IP spoofing via XFF in RemoteAddr resolution (convto)
• GHSA-rjr7-jggh-pgcp — RealIP allows IP spoofing via unvalidated XFF (rezmoss)
• GHSA-3fxj-6jh8-hvhx — IP spoofing in middleware.RealIP (Saku0512, Critical / 9.3)

It also addresses issues outlined at:

• #​708
• https://adam-p.ca/blog/2022/03/x-forwarded-for/
• #​711
• #​453
• #​908

middleware.RealIP is deprecated in this PR with pointers to the new API.

The deprecation only adds a // Deprecated: doc comment; the function keeps working for backward compatibility.

Why a new middleware (not "fix RealIP in place")

RealIP has two unfixable design choices: it mutates r.RemoteAddr, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per adam-p's "The perils of the 'real' client IP" (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.

The new API

Four middlewares, two accessors. Pick exactly one middleware based on your
infrastructure, read the result with one of the two accessors:

// One of the four. There is no safe default — pick exactly one.
func ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler
func ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler
func ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler
func ClientIPFromRemoteAddr(h http.Handler) http.Handler

// Read the result.
func GetClientIP(ctx context.Context) string         // for logs, rate-limit keys
func GetClientIPAddr(ctx context.Context) netip.Addr // for typed work

Example usage:

// Pick a single ClientIP middleware based on your deployment
  
// Cloudflare.
r.Use(middleware.ClientIPFromHeader("CF-Connecting-IP"))

// Nginx with ngx_http_realip_module.
r.Use(middleware.ClientIPFromHeader("X-Real-IP"))

// Apache with mod_remoteip.
r.Use(middleware.ClientIPFromHeader("X-Client-IP"))

// AWS CloudFront, or any proxy fleet with known CIDRs.
r.Use(middleware.ClientIPFromXFF(
    "13.32.0.0/15",   // CloudFront IPv4
    "52.46.0.0/18",   // CloudFront IPv4
    "2600:9000::/28", // CloudFront IPv6
))

// Behind exactly 2 trusted proxies with dynamic IPs (autoscaling pools,
// ephemeral containers, dynamic CDN edges).
r.Use(middleware.ClientIPFromXFFTrustedProxies(2))

// Server directly on the public internet, no proxy in front.
r.Use(middleware.ClientIPFromRemoteAddr)

And in your handler or downstream middleware:

clientIP := middleware.GetClientIP(r.Context())
// log it, use it as a rate-limit key, etc.

---

Thanks to @​adam-p, @​c2h5oh, @​rezmoss, @​Saku0512, @​convto, @​Dirbaio, @​jawnsy, @​lrstanley, @​mfridman, @​n33pm, @​pkieltyka for the prior discussions, detailed reviews, advisory reports, and test contributions that shaped this PR.

Full Changelog: go-chi/chi@v5.2.5...v5.3.0

v5.2.5

Compare Source

What's Changed

• Bump minimum Go to 1.22 and use new features by @​JRaspass in #​1017
• Refactor graceful shutdown example by @​mikereid1 in #​994
• Refactor to use atomic type by @​cuiweixie in #​1019
• update reverseMethodMap in RegisterMethod by @​cixel in #​1022
• Update comment about min Go version by @​JRaspass in #​1023
• middleware: harden RedirectSlashes handler by @​pkieltyka in #​1044
• Fix(middleware): Prevent double handler invocation in RouteHeaders with empty router by @​mahanadh in #​1045

New Contributors

• @​mikereid1 made their first contribution in #​994
• @​cuiweixie made their first contribution in #​1019
• @​cixel made their first contribution in #​1022
• @​mahanadh made their first contribution in #​1045

Full Changelog: go-chi/chi@v5.2.3...v5.2.5

v5.2.4

Compare Source

v5.2.3

Compare Source

What's Changed

• Add pathvalue example to README and implement PathValue handler. by @​catatsuy in #​985
• Allow multiple whitespace between method & pattern by @​JRaspass in #​1013
• Avoid potential nil dereference by @​ProjectMutilation in #​1008
• feat(mux): support http.Request.Pattern in Go 1.23 by @​Gusted in #​986
• fix/608 - Fix flaky Throttle middleware test by synchronizing token usage by @​OtavioBernardes in #​1016
• Optimize throttle middleware by avoiding unnecessary timer creation by @​vasayxtx in #​1011
• Simplify wildcard replacement in route patterns by @​srpvpn in #​1012
• Replace methodTypString func with reverseMethodMap by @​JRaspass in #​1018

New Contributors

• @​ProjectMutilation made their first contribution in #​1008
• @​Gusted made their first contribution in #​986
• @​OtavioBernardes made their first contribution in #​1016
• @​srpvpn made their first contribution in #​1012

Full Changelog: go-chi/chi@v5.2.2...v5.2.3

v5.2.2

Compare Source

What's Changed

• Use strings.Cut in a few places by @​JRaspass in #​971
• Fix non-constant format strings in t.Fatalf by @​JRaspass in #​972
• Apply fieldalignment fixes to optimize struct memory layout by @​pixel365 in #​974
• go 1.24 by @​pkieltyka in #​977
• chore: delint ioutil usage by @​costela in #​962
• Fixed typo in Router interface definition by @​mithileshgupta12 in #​958
• Add support for TinyGo by @​efraimbart in #​978
• Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by @​cxjava in #​982
• Make use of strings.Cut by @​scop in #​1005
• Change install command format to code block by @​sglkc in #​1001
• Correct documentation by @​mrdomino in #​992

Security fix

• Fixes GHSA-vrw8-fxc6-2r93 - "Host Header Injection Leads to Open Redirect in RedirectSlashes" commit
  • a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header
  • reported by Anuraag Baishya, @​anuraagbaishya. Thank you!

New Contributors

• @​pixel365 made their first contribution in #​974
• @​mithileshgupta12 made their first contribution in #​958
• @​efraimbart made their first contribution in #​978
• @​cxjava made their first contribution in #​982
• @​sglkc made their first contribution in #​1001
• @​mrdomino made their first contribution in #​992

Full Changelog: go-chi/chi@v5.2.1...v5.2.2

v5.2.1

Compare Source

⚠️ Chi supports Go 1.20+

Starting this release, we will now support the four most recent major versions of Go. See #​963 for related discussion.

What's Changed

• Support the four most recent major versions of Go by @​VojtechVitek in #​969

Full Changelog: go-chi/chi@v5.2.0...v5.2.1

v5.2.0

Compare Source

What's Changed

• update credits section to link to goji license by @​pkieltyka in #​944
• go 1.23 by @​pkieltyka in #​945
• Make Context.RoutePattern() nil-safe by @​gaiaz-iusipov in #​927
• govet: Fix non-constant format string by @​marcofranssen in #​952
• Add Find to Routes interface by @​joeriddles in #​872
• Fix grammar error by @​AntonC9018 in #​917
• feat(): add CF-Connecting-IP by @​n33pm in #​908
  • Revert "feat(): add CF-Connecting-IP" by @​VojtechVitek in #​966
• Fixed incorrect comment about routing by @​jtams in #​887
• Fix condition in TestRedirectSlashes by @​tchssk in #​856
• middleware: Add strip prefix middleware by @​m1k1o in #​875
• Set up go module for _examples/versions by @​hongkuancn in #​948
• Ability to specify response HTTP status code for Throttle middleware by @​vasayxtx in #​571
• Support Content-Type headers with charset/boundary parameters by @​GocaMaric in #​880
• Fix Mux.Find not correctly handling nested routes by @​joeriddles in #​954
• fix(WrapResponseWriter): allow multiple informational statuses by @​costela in #​961

New Contributors

• @​gaiaz-iusipov made their first contribution in #​927
• @​marcofranssen made their first contribution in #​952
• @​joeriddles made their first contribution in #​872
• @​AntonC9018 made their first contribution in #​917
• @​n33pm made their first contribution in #​908
• @​jtams made their first contribution in #​887
• @​tchssk made their first contribution in #​856
• @​m1k1o made their first contribution in #​875
• @​hongkuancn made their first contribution in #​948
• @​GocaMaric made their first contribution in #​880
• @​costela made their first contribution in #​961

Full Changelog: go-chi/chi@v5.1.0...v5.2.0

v5.1.0

Compare Source

What's Changed

• middleware: add Discard method to WrapResponseWriter by @​patrislav in #​926
  • Adds Discard() method to the middleware.WrapResponseWriter interface. This is technically an API breaking change. However after some discussion at #​926 (comment), we decided to move forward, and release as minor version, as we don't expect anyone to rely on this interface / implement it externally.

New Contributors

• @​patrislav made their first contribution in #​926

Full Changelog: go-chi/chi@v5.0.14...v5.1.0

v5.0.14

Compare Source

What's Changed

• middleware: fix typo in RealIP doc by @​l2dy in #​903
• reduce size of Context struct from 216 bytes to 208 bytes by @​juburr in #​912
• Avoid possible memory leak in compress middleware by @​Neurostep in #​919
• docs: Update stale links in docs for contributing by @​Lutherwaves in #​904
• Revert "Avoid possible memory leak in compress middleware" by @​VojtechVitek in #​924

New Contributors

• @​l2dy made their first contribution in #​903
• @​juburr made their first contribution in #​912
• @​Neurostep made their first contribution in #​919
• @​Lutherwaves made their first contribution in #​904

Full Changelog: go-chi/chi@v5.0.12...v5.0.14

v5.0.13

Compare Source

What's Changed

• middleware: fix typo in RealIP doc by @​l2dy in #​903
• reduce size of Context struct from 216 bytes to 208 bytes by @​juburr in #​912
• Avoid possible memory leak in compress middleware by @​Neurostep in #​919

New Contributors

• @​l2dy made their first contribution in #​903
• @​juburr made their first contribution in #​912
• @​Neurostep made their first contribution in #​919

Full Changelog: go-chi/chi@v5.0.12...v5.0.13

v5.0.12

Compare Source

• History of changes: see go-chi/chi@v5.0.11...v5.0.12

v5.0.11

Compare Source

• History of changes: see go-chi/chi@v5.0.11...v5.0.12

v5.0.10

Compare Source

• History of changes: see go-chi/chi@v5.0.10...v5.0.11

v5.0.9

Compare Source

• Fixed small edge case in tests of v5.0.9 for older Go versions
• History of changes: see go-chi/chi@v5.0.9...v5.0.10

v5.0.8

Compare Source

• History of changes: see go-chi/chi@v5.0.8...v5.0.9

v5.0.7

Compare Source

• History of changes: see go-chi/chi@v5.0.7...v5.0.8

v5.0.6

Compare Source

• History of changes: see go-chi/chi@v5.0.6...v5.0.7

v5.0.5

Compare Source

• History of changes: see go-chi/chi@v5.0.5...v5.0.6

v5.0.4

Compare Source

• History of changes: see go-chi/chi@v5.0.4...v5.0.5

v5.0.3

Compare Source

• History of changes: see go-chi/chi@v5.0.3...v5.0.4

v5.0.2

Compare Source

• History of changes: see go-chi/chi@v5.0.2...v5.0.3

v5.0.1

Compare Source

• History of changes: see go-chi/chi@v5.0.11...v5.0.12

v5.0.0

Compare Source

• Small improvements
• History of changes: see go-chi/chi@v5.0.0...v5.0.1

v4.1.3

Compare Source

go-openapi/runtime (github.com/go-openapi/runtime)

v0.31.0

Compare Source

0.31.0 - 2026-05-17

Full Changelog: go-openapi/runtime@v0.30.0...v0.31.0

33 commits in this release.

---

Implemented enhancements

• feat(client): TLS diagnostic mode for Runtime.Trace by @​fredbi ...
• feat(client): add Runtime.Trace for connection-level diagnostics by @​fredbi ...

Fixed bugs

• fix(client): strip CR/LF from multipart filename and field name by @​fredbi ...
• fix(middleware): cap filename length on untyped formData uploads by @​fredbi ...
• fix: CA cert pool should be cloned not returned as pointer by @​fredbi in #​455 ...
• fix: correct spelling of "Organ trail" to "Oregon Trail" in request tests by @​Copilot in #​449 ...
• fix(client/tls): correct PEM label and add Ed25519 key support by @​fredbi in #​452 ...

Documentation

• doc: fixup module layout by @​fredbi ...
• doc: trimmed deprecated functions from examples by @​fredbi in #​463 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #​460 ...
• doc: advertised doc site in README.md by @​fredbi in #​454 ...
• fix: correct two comment typos in client/internal/request/request.go by @​Copilot in #​450 ...
• docs(compression): deprecate ContentEncoding, add CAFxX recipe by @​fredbi in #​447 ...
• docs(keep-alive): add a thorough keep-alive primer by @​fredbi in #​445 ...

Code quality

• doc: godoc linting by @​fredbi in #​465 ...
• chore: cleanup linter config, reformat, optimized strings replacer by @​fredbi ...
• Fix/example request by @​fredbi in #​462 ...
• chore(relint): relint code base by @​fredbi in #​461 ...
• doc: doc site on github pages by @​fredbi in #​448 ...

Testing

• test: fix flaky assertion on httptrace by @​fredbi in #​456 ...

Miscellaneous tasks

• chore: prepare release v0.31.0 by @​bot-go-openapi[bot] in #​466 ...
• chore: remove binary by @​fredbi ...
• fix(ci): fix fuzzing workflow by @​fredbi ...

Security

• test(security): fuzz targets for BindForm parse + filename cap by @​fredbi ...
• test(security): fuzz targets for header-parsing surface by @​fredbi ...
• fix(negotiate/header): reject q-values greater than 1 by @​fredbi ...
• docs(security): document constant-time-comparison contract for auth callbacks by @​fredbi in #​457 ...
• feat(runtime): BindForm helper for multipart/urlencoded body binding by @​fredbi in #​446 ...

Updates

• build(deps): bump the development-dependencies group with 4 updates by @​dependabot[bot] in #​458 ...

Other (technical)

• Sec/lens3 multipart by @​fredbi in #​464 ...
• Sec/lens4 headers by @​fredbi in #​459 ...
• middleware/parameter.go: fix comment describing ParseForm fallback by @​Copilot in #​451 ...
• Feat/client httptrace by [@​fredbi](https://redirect.github.com/fre

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.9 -> 1.26.0