Skip to content

build(deps): bump the gomod-backward-compatible group across 1 directory with 10 updates#1190

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-backward-compatible-9510ff5a9c
Open

build(deps): bump the gomod-backward-compatible group across 1 directory with 10 updates#1190
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/gomod-backward-compatible-9510ff5a9c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the gomod-backward-compatible group with 10 updates in the / directory:

Package From To
github.com/brianvoe/gofakeit/v7 7.14.1 7.15.0
github.com/go-chi/chi/v5 5.2.5 5.3.0
github.com/go-co-op/gocron/v2 2.21.1 2.21.2
github.com/mattn/go-sqlite3 1.14.42 1.14.47
github.com/oapi-codegen/runtime 1.4.0 1.4.2
github.com/tidwall/gjson 1.18.0 1.19.0
github.com/tus/tusd/v2 2.9.2 2.10.0
github.com/urfave/cli/v3 3.8.0 3.10.0
github.com/wneessen/go-mail 0.7.2 0.7.3
golang.org/x/crypto 0.51.0 0.53.0

Updates github.com/brianvoe/gofakeit/v7 from 7.14.1 to 7.15.0

Commits
  • 010dc54 email - better email generation with weighted mix and testing valid email gen...
  • 794efc9 password - space usage adjustment
  • See full diff in compare view

Updates github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.3.0

What's Changed

New Contributors

SECURITY: middleware.ClientIP, a replacement for middleware.RealIP

@​VojtechVitek submitted PR #967, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:

It also addresses issues outlined at:

middleware.RealIP is deprecated in this PR with pointers to the new API.

The deprecation only adds a // Deprecated: doc comment; the function keeps working for backward compatibility.

Why a new middleware (not "fix RealIP in place")

RealIP has two unfixable design choices: it mutates r.RemoteAddr, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per adam-p's "The perils of the 'real' client IP" (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.

The new API

Four middlewares, two accessors. Pick exactly one middleware based on your infrastructure, read the result with one of the two accessors:

// One of the four. There is no safe default — pick exactly one.
func ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler
func ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler
func ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler
</tr></table> 

... (truncated)

Commits

Updates github.com/go-co-op/gocron/v2 from 2.21.1 to 2.21.2

Release notes

Sourced from github.com/go-co-op/gocron/v2's releases.

v2.21.2

What's Changed

New Contributors

Full Changelog: go-co-op/gocron@v2.21.1...v2.21.2

Commits

Updates github.com/mattn/go-sqlite3 from 1.14.42 to 1.14.47

Commits
  • 693de12 Merge pull request #1408 from dxbjavid/getfilename-cstring-leak
  • 837b4f2 Merge pull request #1413 from mattn/cache-stmt-column-metadata
  • e99486c cache column metadata for prepared and cached statements
  • eb06f26 Merge pull request #1412 from mattn/codex-5sxu1n
  • 423f960 Make callback handle lookups lock-free
  • a3cd5cd free leaked schema string in GetFilename
  • 379319c Merge pull request #1407 from mattn/blob-arg-call-order
  • c3e96cd call sqlite3_value_blob before sqlite3_value_bytes in callbackArgString
  • 518ffdb Merge pull request #1406 from dxbjavid/function-text-embedded-nul
  • b1e8d68 read text value before its byte length to match documented order
  • Additional commits viewable in compare view

Updates github.com/oapi-codegen/runtime from 1.4.0 to 1.4.2

Release notes

Sourced from github.com/oapi-codegen/runtime's releases.

Bug fix for required parameters

This is a bug fix to address a regression introduced in oapi-codegen v2.7.0

🐛 Bug fixes

Sponsors

We would like to thank our sponsors for their support during this release.

Bug fixes

This is a bug fix release.

Changes in v1.4.0, coupled with changes in v2.7.0 of oapi-codegen exposed some new problems. deepObject style marshaling behavior now supports encoding unicode. UTF-8 can't be directly included in parameters, so we need to % escape it.

Form binding now detects maps, which makes binding to a Nullable possible. We can't use generics around Nullable[T], so we handle maps generically, assuming they're a Nullable with its behavior assumptions.

🐛 Bug fixes

📦 Dependency updates

Sponsors

We would like to thank our sponsors for their support during this release.

... (truncated)

Commits
  • 7afeea8 Add missing required parameter detection (#135)
  • 2755f15 Fix form binding of Nullables (#133)
  • 17de1dd Percent-encode deepObject parameter wire output (#132)
  • d2b7c4c chore(deps): update oapi-codegen/actions action to v0.7.0
  • 6fd6c25 chore(deps): update github/codeql-action action to v4
  • 19040cc fix(deps): update module github.com/kataras/iris/v12 to v12.2.11
  • e05282e chore(deps): update release-drafter/release-drafter action to v7.2.0 (#122)
  • See full diff in compare view

Updates github.com/tidwall/gjson from 1.18.0 to 1.19.0

Commits

Updates github.com/tus/tusd/v2 from 2.9.2 to 2.10.0

Release notes

Sourced from github.com/tus/tusd/v2's releases.

v2.10.0

What's Changed

New Contributors

Full Changelog: tus/tusd@v2.9.2...v2.10.0

Commits
  • a4296d4 azurestore: Fix InvalidHeaderValue error due to empty sentinel block (#1379)
  • 8314bc2 Pin third-party GitHub Actions to SHAs (#1378)
  • 4efc5b5 build(deps): bump golang in the docker group (#1375)
  • 46fc4c9 build(deps): bump the gha group with 3 updates (#1376)
  • 401370f build(deps): bump the go group with 8 updates (#1377)
  • 347b850 hooks: Add option to disable TLS verification (#1359)
  • 27bba71 docs: Fix typos
  • 06ab853 cmd: Error out if H2C and TLS are requested together
  • b012010 docs: Update documentation covering HTTP/2 options
  • afefec0 cmd: Use net/http's H2C capabilities
  • Additional commits viewable in compare view

Updates github.com/urfave/cli/v3 from 3.8.0 to 3.10.0

Release notes

Sourced from github.com/urfave/cli/v3's releases.

v3.10.0

What's Changed

Full Changelog: urfave/cli@v3.9.1...v3.10.0

v3.9.1

What's Changed

Full Changelog: urfave/cli@v3.9.0...v3.9.1

v3.9.0

What's Changed

New Contributors

... (truncated)

Commits
  • 183b3a2 Merge pull request #2363 from dearchap/issue_2250
  • 2f7149e fix: skip After hook when help is displayed on subcommand
  • 06788cf test: add tests for --help taking precedence over parse errors; fix subcomman...
  • 2c38e7b Merge pull request #2360 from dearchap/issue_2126
  • 3a5e3e1 chore: remove blank lines around checkHelp block to reduce diff size
  • b76d804 test: cover subcommand error path for help display
  • 27d8d51 test: add tests for --help taking precedence over parse errors; fix subcomman...
  • 607da84 fix: let --help flag take precedence over parse errors
  • 213b98c Merge pull request #2361 from dearchap/fix/remaining-help-inconsistencies
  • 94009b6 Merge branch 'main' into fix/remaining-help-inconsistencies
  • Additional commits viewable in compare view

Updates github.com/wneessen/go-mail from 0.7.2 to 0.7.3

Release notes

Sourced from github.com/wneessen/go-mail's releases.

v0.7.3: Skippable UTF-8 support, improved Base64LineBreaker, binary size reducing, fixes and more

Welcome to go-mail v0.7.3! 🎉

This release brings some cool improvements, new features, and fixes to go-mail. We hope you enjoy it!

Notable changes/improvements/features/fixes

Deadline fix for connections to a TLS port without TLS

PR #521 fixes a missing deadline in the Client that could cause a deadlock for connections to a TLS port without TLS enabled. Thanks to @​james-d-elliott for finding and fixing this issue!

Preseve EHLO and HELO errors

PR #528 fixes an error for cases in which both the HELO and EHLO fail during a client connect. In this case the first error would be overwritten by the 2nd action, potentially deleting valuable information. In go-mail v0.7.3 both errors are now combined. Thanks to @​Yanhu007 for their contribution!

Improved Base64LineBreaker

In PR #512 @​srpvpn refactored the Base64LineBreaker type to be more performant and easier to read by removing the recursion. Thanks for your contribution!

Reduce binary size by making text/template and html/template support optional

In PR #518 @​sblinch introduced a new compile time flag gomailnotpl which will make the text/template and html/template optional. Background is, that using reflect.Value.Method or reflect.Value.MethodByName prevents Go from performing full dead-code elimination because any exported method of any struct in the codebase could potentially be referenced at runtime. Unfortunately text/template and html/template do exactly this to allow method invocation from within templates. So in case your code does not need template support, you can use the new compile flag to remove the support for both packages completely and same some bytes in the resulting binary. Thanks for your contribution!

Fix nil pointer panic in partWriter

PR #543 fixes a potential nil pointer panic in the partWriter in case the underlying io.Writer returns an error during a multipart message write. Thanks to @​UgurTheG for reporting and fixing the issue!

Provide access to HELO responses in the SMTP client

PR #530 adds support to access the HELO/EHLO responses via the smtp.Client. This feature is useful when using an SMTP servers pool behind a load balancer, to know which instance took the job. Thanks to @​maxatome for submitting this feature!

Multiple addresses support in ReplyTo header

PR #517 adds support for multiple Reply-To addresses within a Msg, as permitted in RFC5322. Thanks to @​christian-heusel for pointing this out and for comitting the PR!

Support to disable SMTPUTF8 in the MAIL FROM even if the server announces it

PR #548 adds support for skipping the SMTPUTF8 extension to MAIL FROM commands. By default, when a server announces SMTPUTF8 support in the EHLO, go-mail will add SMTPUTF8 to the MAIL FROM command. As pointed out in #545, some SMTP servers (e. g. specific MS Exchange versions) announce the SMTPUTF8 extension in the EHLO response but when adding the SMTPUTF8 to the MAIL FROM, they will fail with an error. The PR introduces a new WithoutSMTPUTF8() option for the Client which will make sure to skip the SMTPUTF8 extension in the MAIL FROM, even if the server announced it previously. Thanks @​mkalus for reporting this issue and for their detailed analysis in #545.

What's Changed

CI/CD maintenance changes

... (truncated)

Commits
  • 52312c1 Update doc.go
  • c34d456 Merge pull request #517 from christian-heusel/feat/multiple-reply-to
  • c8710cf Update msg_test.go
  • 709d037 Merge pull request #548 from wneessen/feature/545_add-support-for-buggy-excha...
  • dc452e5 Add tests to validate SMTPUTF8 handling in MAIL FROM scenarios
  • de64e2a Add test case for WithoutSMTPUTF8 functionality
  • 59ac026 feat: add option to skip SMTPUTF8 in "MAIL FROM" commands
  • dff98cb Merge pull request #530 from maxatome/hello-mesg
  • 9a51737 Merge pull request #543 from UgurTheG/fix/writeto-nil-panic
  • 01cc9d8 Merge pull request #544 from wneessen/dependabot/github_actions/github/codeql...
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2026
…ory with 10 updates

Bumps the gomod-backward-compatible group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/brianvoe/gofakeit/v7](https://github.com/brianvoe/gofakeit) | `7.14.1` | `7.15.0` |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.5` | `5.3.0` |
| [github.com/go-co-op/gocron/v2](https://github.com/go-co-op/gocron) | `2.21.1` | `2.21.2` |
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.42` | `1.14.47` |
| [github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) | `1.4.0` | `1.4.2` |
| [github.com/tidwall/gjson](https://github.com/tidwall/gjson) | `1.18.0` | `1.19.0` |
| [github.com/tus/tusd/v2](https://github.com/tus/tusd) | `2.9.2` | `2.10.0` |
| [github.com/urfave/cli/v3](https://github.com/urfave/cli) | `3.8.0` | `3.10.0` |
| [github.com/wneessen/go-mail](https://github.com/wneessen/go-mail) | `0.7.2` | `0.7.3` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.51.0` | `0.53.0` |



Updates `github.com/brianvoe/gofakeit/v7` from 7.14.1 to 7.15.0
- [Release notes](https://github.com/brianvoe/gofakeit/releases)
- [Commits](brianvoe/gofakeit@v7.14.1...v7.15.0)

Updates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](go-chi/chi@v5.2.5...v5.3.0)

Updates `github.com/go-co-op/gocron/v2` from 2.21.1 to 2.21.2
- [Release notes](https://github.com/go-co-op/gocron/releases)
- [Commits](go-co-op/gocron@v2.21.1...v2.21.2)

Updates `github.com/mattn/go-sqlite3` from 1.14.42 to 1.14.47
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](mattn/go-sqlite3@v1.14.42...v1.14.47)

Updates `github.com/oapi-codegen/runtime` from 1.4.0 to 1.4.2
- [Release notes](https://github.com/oapi-codegen/runtime/releases)
- [Commits](oapi-codegen/runtime@v1.4.0...v1.4.2)

Updates `github.com/tidwall/gjson` from 1.18.0 to 1.19.0
- [Commits](tidwall/gjson@v1.18.0...v1.19.0)

Updates `github.com/tus/tusd/v2` from 2.9.2 to 2.10.0
- [Release notes](https://github.com/tus/tusd/releases)
- [Commits](tus/tusd@v2.9.2...v2.10.0)

Updates `github.com/urfave/cli/v3` from 3.8.0 to 3.10.0
- [Release notes](https://github.com/urfave/cli/releases)
- [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md)
- [Commits](urfave/cli@v3.8.0...v3.10.0)

Updates `github.com/wneessen/go-mail` from 0.7.2 to 0.7.3
- [Release notes](https://github.com/wneessen/go-mail/releases)
- [Commits](wneessen/go-mail@v0.7.2...v0.7.3)

Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0
- [Commits](golang/crypto@v0.51.0...v0.53.0)

---
updated-dependencies:
- dependency-name: github.com/brianvoe/gofakeit/v7
  dependency-version: 7.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/go-co-op/gocron/v2
  dependency-version: 2.21.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.47
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/oapi-codegen/runtime
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/tidwall/gjson
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/tus/tusd/v2
  dependency-version: 2.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/urfave/cli/v3
  dependency-version: 3.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
- dependency-name: github.com/wneessen/go-mail
  dependency-version: 0.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-backward-compatible
- dependency-name: golang.org/x/crypto
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-backward-compatible
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/gomod-backward-compatible-9510ff5a9c branch from 43c3665 to cb203e0 Compare July 5, 2026 06:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Development

Successfully merging this pull request may close these issues.

0 participants