build(deps): bump the go-deps group across 1 directory with 7 updates

[dependabot]

Bumps the go-deps group with 6 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2	1.41.7	1.41.9
github.com/aws/aws-sdk-go-v2/config	1.32.17	1.32.20
github.com/aws/aws-sdk-go-v2/service/s3	1.101.0	1.102.2
github.com/go-chi/chi/v5	5.2.5	5.3.0
github.com/yuin/goldmark	1.5.4	1.8.2
golang.org/x/crypto	0.51.0	0.52.0

Updates github.com/aws/aws-sdk-go-v2 from 1.41.7 to 1.41.9

Commits

• 5841d3a Release 2026-05-29
• 16ac80d Regenerated Clients
• 167926f Update endpoints model
• a0fce13 Update API model
• 223c005 update to smithy-go v1.26.0 (#3426)
• 74c5011 Release 2026-05-28
• 7d82651 Regenerated Clients
• 79c63d9 Update endpoints model
• b15b3b8 Update API model
• 090e469 Feat tmv2 parity (#3424)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.20

Commits

• 5841d3a Release 2026-05-29
• 16ac80d Regenerated Clients
• 167926f Update endpoints model
• a0fce13 Update API model
• 223c005 update to smithy-go v1.26.0 (#3426)
• 74c5011 Release 2026-05-28
• 7d82651 Regenerated Clients
• 79c63d9 Update endpoints model
• b15b3b8 Update API model
• 090e469 Feat tmv2 parity (#3424)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.16 to 1.19.19

Commits

• 5841d3a Release 2026-05-29
• 16ac80d Regenerated Clients
• 167926f Update endpoints model
• a0fce13 Update API model
• 223c005 update to smithy-go v1.26.0 (#3426)
• 74c5011 Release 2026-05-28
• 7d82651 Regenerated Clients
• 79c63d9 Update endpoints model
• b15b3b8 Update API model
• 090e469 Feat tmv2 parity (#3424)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.101.0 to 1.102.2

Commits

• 5841d3a Release 2026-05-29
• 16ac80d Regenerated Clients
• 167926f Update endpoints model
• a0fce13 Update API model
• 223c005 update to smithy-go v1.26.0 (#3426)
• 74c5011 Release 2026-05-28
• 7d82651 Regenerated Clients
• 79c63d9 Update endpoints model
• b15b3b8 Update API model
• 090e469 Feat tmv2 parity (#3424)
• Additional commits viewable in compare view

Updates github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.3.0

What's Changed

• Use strings.ReplaceAll where applicable by @​JRaspass in go-chi/chi#1046
• Propagate inline middlewares across mounted subrouters by @​LukasJenicek in go-chi/chi#1049
• add go 1.26 to ci by @​pkieltyka in go-chi/chi#1052
• Remove last uses of io/ioutil by @​JRaspass in go-chi/chi#1054
• Simplify chi.walk with slices.Concat by @​JRaspass in go-chi/chi#1053
• Apply the stringscutprefix modernizer by @​JRaspass in go-chi/chi#1051
• Bump minimum Go to 1.23, always use request.Pattern by @​JRaspass in go-chi/chi#1048
• middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by @​alliasgher in go-chi/chi#1085
• Fix typo in Route doc comment by @​gouwazi in go-chi/chi#1073
• fix: set Request.Pattern from RoutePattern() by @​leno23 in go-chi/chi#1097
• feat: middleware.ClientIP, a replacement for middleware.RealIP by @​VojtechVitek in go-chi/chi#967

New Contributors

• @​LukasJenicek made their first contribution in go-chi/chi#1049
• @​alliasgher made their first contribution in go-chi/chi#1085
• @​gouwazi made their first contribution in go-chi/chi#1073
• @​leno23 made their first contribution in go-chi/chi#1097

SECURITY: middleware.ClientIP, a replacement for middleware.RealIP

@​VojtechVitek submitted PR #967, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:

• GHSA-9g5q-2w5x-hmxf — IP spoofing via XFF in RemoteAddr resolution (convto)
• GHSA-rjr7-jggh-pgcp — RealIP allows IP spoofing via unvalidated XFF (rezmoss)
• GHSA-3fxj-6jh8-hvhx — IP spoofing in middleware.RealIP (Saku0512, Critical / 9.3)

It also addresses issues outlined at:

• go-chi/chi#708
• https://adam-p.ca/blog/2022/03/x-forwarded-for/
• go-chi/chi#711
• go-chi/chi#453
• go-chi/chi#908

middleware.RealIP is deprecated in this PR with pointers to the new API.

The deprecation only adds a // Deprecated: doc comment; the function keeps working for backward compatibility.

Why a new middleware (not "fix RealIP in place")

RealIP has two unfixable design choices: it mutates r.RemoteAddr, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per adam-p's "The perils of the 'real' client IP" (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.

The new API

Four middlewares, two accessors. Pick exactly one middleware based on your infrastructure, read the result with one of the two accessors:

// One of the four. There is no safe default — pick exactly one.
func ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler
func ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler
func ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler
</tr></table> 

... (truncated)

Commits

• 3b17157 feat: middleware.ClientIP, a replacement for middleware.RealIP (#967)
• 818fdcf fix: set Request.Pattern from RoutePattern() (#1097)
• f975af0 Fix typo in Route doc comment (#1073)
• 4ef87ea middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (#1085)
• a54874f Bump minimum Go to 1.23, always use request.Pattern (#1048)
• 3328d4d Apply the stringscutprefix modernizer (#1051)
• be60b2e Simplify chi.walk with slices.Concat (#1053)
• a36a925 Remove last uses of io/ioutil (#1054)
• 7d93ee3 add go 1.26 to ci (#1052)
• 903cff2 Propagate inline middlewares across mounted subrouters (#1049)
• Additional commits viewable in compare view

Updates github.com/yuin/goldmark from 1.5.4 to 1.8.2

Release notes

Sourced from github.com/yuin/goldmark's releases.

v1.8.2

fix: setext headings positions

v1.8.1

fix: block positions

v1.8.0

• feat: add position information to all nodes
  • add position information to all nodes, including inline nodes and link reference definition nodes.
  • Now link reference definition nodes are represented as a new node type.
  • Link and image nodes have a new field Reference which is a pointer to the reference link if this link is a reference link. This field is nil for non-reference links.

v1.7.17 release

Full Changelog: yuin/goldmark@v1.7.16...v1.7.17

v1.7.16 release

No release notes provided.

v1.7.15 release

No release notes provided.

v1.7.14 release

No release notes provided.

v1.7.13 release

No release notes provided.

v1.7.12 release

No release notes provided.

v1.7.11 release

No release notes provided.

v1.7.10 release

No release notes provided.

v1.7.9 release

No release notes provided.

v1.7.8 release

No release notes provided.

v1.7.7 release

No release notes provided.

v1.7.6 release

... (truncated)

Commits

• 379bf24 fix: setext headings positions
• e8f2337 fix: block positions
• dfa1ae1 feat: add position information to all nodes
• cb46bbc fix: prevent XSS by escaping dangerous URLs in links and images
• d8b123c refactor: simplify codes
• db34c99 Merge pull request #535 from Sebbito/master
• 5a2a2bf Merge pull request #545 from maxatome/fix-table-panic
• 9aca462 fix(table): if table cell attribute is a string, a panic occurs
• 246a6f1 fix: #542
• 2589b6a fix: #541
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.52.0

Commits

• a1c0d99 go.mod: update golang.org/x dependencies
• 3c7c869 ssh: fix deadlock on unexpected channel responses
• 533fb3f ssh: fix source-address critical option bypass
• abbc44d ssh: fix incorrect operator order
• e052873 ssh: fix infinite loop on large channel writes due to integer overflow
• b61cf85 ssh: enforce user presence verification for security keys
• 9c2cd33 ssh: enforce strict limits on DSA key parameters
• 8907318 ssh: reject RSA keys with excessively large moduli
• ffd87b4 ssh: fix panic when authority callbacks are nil
• 4e7a738 ssh: fix deadlock on unexpected global responses
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions