chore(deps)(deps): bump the go-deps group across 1 directory with 11 updates

[dependabot]

Bumps the go-deps group with 8 updates in the / directory:

Package	From	To
github.com/brianvoe/gofakeit/v7	7.0.4	7.15.0
github.com/go-sql-driver/mysql	1.8.1	1.10.0
github.com/jackc/pgx/v5	5.6.0	5.9.2
github.com/mattn/go-sqlite3	1.14.22	1.14.44
github.com/spf13/cobra	1.8.1	1.10.2
github.com/go-chi/chi/v5	5.1.0	5.3.0
github.com/labstack/echo/v4	4.12.0	4.15.2
github.com/gofiber/fiber/v2	2.52.4	2.52.13

Updates github.com/brianvoe/gofakeit/v7 from 7.0.4 to 7.15.0

Release notes

Sourced from github.com/brianvoe/gofakeit/v7's releases.

ID Generator

New: ID() — Fast, Human-Readable Random Identifier

(GoFakeIt v7.9.0)

gofakeit.ID() is a new high-performance identifier generator designed for speed, readability, and practically zero collision probability.

Unlike UUID v4 or XID, this generator is intentionally random-first, not structure-based.
Perfect for mock APIs, test data, fixtures, seed data, and temporary identifiers.

---

Highlights

• Human readable alphabet, no confusing characters
  → 23456789abcdefghjkmnpqrstuvwxyz (no 1, l, i or 0, o to alleviate confusion)
• Fast
• Memory Allocation
• Generates from your rand source
• Shorter than UUID, faster than XID, and requires no coordination

---

Example

id := gofakeit.ID()
fmt.Println(id)
// → "3t9qf4c92npxhw7bg6y0"

---

Performance Benchmarks

Measured on Go 1.25

Generator / Function	Benchmark Name	ops/sec	ns/op	B/op	allocs/op
gofakeit.ID()	BenchmarkID-10	31,383,146	37.8 ns	24	1
gofakeit.UUIDv4()	BenchmarkUUIDv4-10	22,131,577	53.8 ns	48	1
github.com/rs/xid	BenchmarkXID-10	16,190,817	74.2 ns	0	0
github.com/google/uuid (v4)	BenchmarkGoogleUUIDv4-10	3,098,770	386.1 ns	64	2

Takeaway: gofakeit.ID() is ~2× faster than XID and ~10× faster than UUID v4, while being shorter and human-readable.

---

Collision Probability (Randomness Math)

... (truncated)

Commits

• 010dc54 email - better email generation with weighted mix and testing valid email gen...
• 794efc9 password - space usage adjustment
• ee08eae Merge pull request #392 from shubhamatkal/fix/password-guarantee-character-sets
• c38fe1a github - workflow less verbose
• 22b9112 datetime - yearly fix
• 3552006 fix: guarantee at least one char per enabled set in Password()
• 2c610bc tests - updated test to reflect job and person data changes
• 86f0b76 person - update data for person info
• cd759a2 job - update jobs data
• d8d5cd4 tests - updated product tests to reflect changes
• Additional commits viewable in compare view

Updates github.com/go-sql-driver/mysql from 1.8.1 to 1.10.0

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.10.0

What's Changed

• add Go 1.24 to the test matrix by @​shogo82148 in go-sql-driver/mysql#1681
• modernize for Go 1.22 by @​methane in go-sql-driver/mysql#1695
• test stability improvement. by @​methane in go-sql-driver/mysql#1698
• simplify collation tests by @​methane in go-sql-driver/mysql#1700
• fix bigint unsigned null column scan to err type int64 by @​elonnzhang in go-sql-driver/mysql#1612
• Transaction Commit/Rollback returns conn's cached error, if present by @​brad-defined in go-sql-driver/mysql#1691
• add BenchmarkReceive10kRowsCompress by @​methane in go-sql-driver/mysql#1704
• optimize readPacket by @​methane in go-sql-driver/mysql#1705
• MariaDB Metadata skipping and DEPRECATE_EOF by @​rusher in go-sql-driver/mysql#1708
• Optimization: statements reuse previous column name by @​methane in go-sql-driver/mysql#1711
• update outdated MySQL internals documentation links by @​demouth in go-sql-driver/mysql#1714
• fix PING on compressed connections by @​methane in go-sql-driver/mysql#1721
• add DeepWiki badge by @​methane in go-sql-driver/mysql#1722
• Update edwards25519 dependency to v1.1.1 by @​williamhaw in go-sql-driver/mysql#1749
• Configure Dependabot for Go modules by @​methane in go-sql-driver/mysql#1755
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.1 by @​dependabot[bot] in go-sql-driver/mysql#1759
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in go-sql-driver/mysql#1760
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in go-sql-driver/mysql#1757
• fix staticcheck error by @​methane in go-sql-driver/mysql#1761
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in go-sql-driver/mysql#1758
• Fix getSystemVar buffer reuse by @​morgo in go-sql-driver/mysql#1754
• Consolidate Dependabot update noise by grouping weekly dependency PRs by @​Copilot in go-sql-driver/mysql#1762
• Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0 by @​dependabot[bot] in go-sql-driver/mysql#1756
• CI: Update GitHub Actions Go matrix to 1.24–1.26 by @​Copilot in go-sql-driver/mysql#1763
• Enhance interpolateParams to correctly handle placeholders by @​rusher in go-sql-driver/mysql#1732
• modernize by @​methane in go-sql-driver/mysql#1764
• release v1.10.0 by @​methane in go-sql-driver/mysql#1765

New Contributors

• @​elonnzhang made their first contribution in go-sql-driver/mysql#1612
• @​brad-defined made their first contribution in go-sql-driver/mysql#1691
• @​rusher made their first contribution in go-sql-driver/mysql#1708
• @​demouth made their first contribution in go-sql-driver/mysql#1714
• @​williamhaw made their first contribution in go-sql-driver/mysql#1749
• @​dependabot[bot] made their first contribution in go-sql-driver/mysql#1759
• @​morgo made their first contribution in go-sql-driver/mysql#1754
• @​Copilot made their first contribution in go-sql-driver/mysql#1762

Full Changelog: go-sql-driver/mysql@v1.9.2...v1.10.0

v1.9.3

What's Changed

• [1.9] test stability improvement. by @​methane in go-sql-driver/mysql#1699
• [1.9] Transaction Commit/Rollback returns conn's cached error by @​methane in go-sql-driver/mysql#1702
• backport benchmark_test by @​methane in go-sql-driver/mysql#1706
• [1.9] optimize readPacket (#1705) by @​methane in go-sql-driver/mysql#1707
• [1.9] fix PING on compressed connections by @​methane in go-sql-driver/mysql#1723
• release v1.9.3 by @​methane in go-sql-driver/mysql#1725

... (truncated)

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

v1.10.0 (2026-04-28)

• Fix getSystemVar("max_allowed_packet") potentially returned wrong value. (#1754) This affects only when maxAllowedPacket=0 is set.

• Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0. (#1756) While older versions have reported CVEs, they do not affect go-mysql.

• Update Go versions to 1.24-1.26. (#1763)

• Enhance interpolateParams to correctly handle placeholders. (#1732) The question mark (?) within strings and comments will no longer be treated as a placeholder.

v1.9.3 (2025-06-13)

• tx.Commit() and tx.Rollback() returned ErrInvalidConn always. Now they return cached real error if present. (#1690)

• Optimize reading small result sets to fix a performance regression introduced by compression protocol support. ([#1707](https://github.com/go-sql-driver/mysql/issues/1707))

• Fix db.Ping() on compressed connection. (#1723)

v1.9.2 (2025-04-07)

v1.9.2 is a re-release of v1.9.1 due to a release process issue; no changes were made to the content.

v1.9.1 (2025-03-21)

Major Changes

• Add Charset() option. (#1679)

Bugfixes

• go.mod: fix go version format (#1682)
• Fix FormatDSN missing ConnectionAttributes (#1619)

v1.9.0 (2025-02-18)

Major Changes

• Implement zlib compression. (#1487)
• Supported Go version is updated to Go 1.21+. (#1639)
• Add support for VECTOR type introduced in MySQL 9.0. (#1609)
• Config object can have custom dial function. (#1527)

Bugfixes

... (truncated)

Commits

• a065b60 release v1.10.0 (#1765)
• 09e4187 modernize (#1764)
• 6c44a9a Enhance interpolateParams to correctly handle placeholders (#1732)
• 688ce56 Update supported Go version to 1.24–1.26 (#1763)
• 118d07f Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0 (#1756)
• d6b2d3e Consolidate Dependabot update noise by grouping weekly dependency PRs (#1762)
• 037dfd8 Fix getSystemVar buffer reuse (#1754)
• 900f330 Bump actions/checkout from 4 to 6 (#1758)
• ab9e380 fix staticcheck error (#1761)
• f298c66 Bump actions/setup-go from 5 to 6 (#1757)
• Additional commits viewable in compare view

Updates github.com/jackc/pgx/v5 from 5.6.0 to 5.9.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.9.2 (April 18, 2026)

Fix SQL Injection via placeholder confusion with dollar quoted string literals (GHSA-j88v-2chj-qfwx)

SQL injection can occur when:

1. The non-default simple protocol is used.
2. A dollar quoted string literal is used in the SQL query.
3. That query contains text that would be would be interpreted outside as a placeholder outside of a string literal.
4. The value of that placeholder is controllable by the attacker.

e.g.

attackValue := `$tag$; drop table canary; --`
_, err = tx.Exec(ctx, `select $tag$ $1 $tag$, $1`, pgx.QueryExecModeSimpleProtocol, attackValue)

This is unlikely to occur outside of a contrived scenario.

5.9.1 (March 22, 2026)

• Fix: batch result format corruption when using cached prepared statements (reported by Dirkjan Bussink)

5.9.0 (March 21, 2026)

This release includes a number of new features such as SCRAM-SHA-256-PLUS support, OAuth authentication support, and PostgreSQL protocol 3.2 support.

It significantly reduces the amount of network traffic when using prepared statements (which are used automatically by default) by avoiding unnecessary Describe Portal messages. This also reduces local memory usage.

It also includes multiple fixes for potential DoS due to panic or OOM if connected to a malicious server that sends deliberately malformed messages.

• Require Go 1.25+
• Add SCRAM-SHA-256-PLUS support (Adam Brightwell)
• Add OAuth authentication support for PostgreSQL 18 (David Schneider)
• Add PostgreSQL protocol 3.2 support (Dirkjan Bussink)
• Add tsvector type support (Adam Brightwell)
• Skip Describe Portal for cached prepared statements reducing network round trips
• Make LoadTypes query easier to support on "postgres-like" servers (Jelte Fennema-Nio)
• Default empty user to current OS user matching libpq behavior (ShivangSrivastava)
• Optimize LRU statement cache with custom linked list and node pooling (Mathias Bogaert)
• Optimize date scanning by replacing regex with manual parsing (Mathias Bogaert)
• Optimize pgio append/set functions with direct byte shifts (Mathias Bogaert)
• Make RowsAffected faster (Abhishek Chanda)
• Fix: Pipeline.Close panic when server sends multiple FATAL errors (Varun Chawla)
• Fix: ContextWatcher goroutine leak (Hank Donnay)
• Fix: stdlib discard connections with open transactions in ResetSession (Jeremy Schneider)

... (truncated)

Commits

• 0aeabbc Release v5.9.2
• 60644f8 Fix SQL sanitizer bugs with dollar-quoted strings and placeholder overflow
• a5680bc Merge pull request #2531 from dolmen-go/godoc-add-links
• e34e452 doc: Add godoc links
• 08c9bb1 Fix Stringer types encoded as text instead of numeric value in composite fields
• 96b4dbd Remove unstable test
• acf88e0 Merge pull request #2526 from abrightwell/abrightwell-min-proto
• 2f81f1f Update max_protocol_version and min_protocol_version defaults
• 4e4eaed Release v5.9.1
• 6273188 Fix batch result format corruption when using cached prepared statements
• Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.22 to 1.14.44

Commits

• 20826e8 Merge pull request #1394 from mattn/sqlite-amalgamation-3053000
• 2d4d220 fix changelog URL when minor or patch version is zero
• 3761cf7 Upgrade SQLite to version 3053000
• 1aa7317 Merge pull request #1388 from mattn/stmt-cache-lru
• c719e20 Merge pull request #1392 from mattn/fix-issue-1390-query-comment-panic
• 869e516 fix panic when querying input with no SQL (only comments/whitespace)
• 6690238 extract finalizeCachedStmt helper and drop redundant tail reset
• 59e8e75 only set stmt cacheKey when cache is enabled
• 2badb4c use slice len/cap for stmt cache instead of separate counters
• 7716c20 evict LRU stmt when stmt cache is full
• Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.8.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

v1.10.1

🐛 Fix

• chore: upgrade pflags v1.0.9 by @​jpmcb in spf13/cobra#2305

v1.0.9 of pflags brought back ParseErrorsWhitelist and marked it as deprecated

Full Changelog: spf13/cobra@v1.10.0...v1.10.1

v1.10.0

What's Changed

🚨 Attention!

• Bump pflag to 1.0.8 by @​tomasaschan in spf13/cobra#2303

This version of pflag carried a breaking change: it renamed ParseErrorsWhitelist to ParseErrorsAllowlist which can break builds if both pflag and cobra are dependencies in your project.

• If you use both pflag and cobra, upgrade pflagto 1.0.8 andcobrato1.10.0`
• or use the newer, fixed version of pflag v1.0.9 which keeps the deprecated ParseErrorsWhitelist

... (truncated)

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• 7da941c chore: Bump pflag to v1.0.9 (#2305)
• 51d6751 Bump pflag to 1.0.8 (#2303)
• 3f3b818 Update README.md with new logo
• dcaf42e Add Periscope to the list of projects using Cobra (#2299)
• Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.9.0 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

• Backport #1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @​brackendawson in stretchr/testify#1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in stretchr/testify#1614
• Lazily render mock diff output on successful match by @​mikeauclair in stretchr/testify#1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in stretchr/testify#1427
• assert: add IsNotType by @​bartventer in stretchr/testify#1730
• assert.JSONEq: shortcut if same strings by @​dolmen in stretchr/testify#1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in stretchr/testify#1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in stretchr/testify#1761
• suite: faster methods filtering (internal refactor) by @​dolmen in stretchr/testify#1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in stretchr/testify#1345
• Fix failure message formatting for Positive and Negative asserts in stretchr/testify#1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in stretchr/testify#1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in stretchr/testify#1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in stretchr/testify#1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in stretchr/testify#1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in stretchr/testify#1688
• Replace deprecated io/ioutil with io and os by @​alexandear in stretchr/testify#1684
• Document consequences of calling t.FailNow() by @​greg0ire in stretchr/testify#1710
• chore: update docs for Unset #1621 by @​techfg in stretchr/testify#1709
• README: apply gofmt to examples by @​alexandear in stretchr/testify#1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in stretchr/testify#1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in stretchr/testify#1716
• Update documentation for the Error function in assert or require package by @​architagr in stretchr/testify#1675
• assert: remove deprecated build constraints by @​alexandear in stretchr/testify#1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in stretchr/testify#1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in stretchr/testify#1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in stretchr/testify#1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in stretchr/testify#1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in stretchr/testify#1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in stretchr/testify#1742
• mock: enable parallel testing on internal testsuite by @​dolmen in stretchr/testify#1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in stretchr/testify#1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in stretchr/testify#1745

... (truncated)

Commits

• 2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
• af8c912 Backport #1786 to release/1.11
• b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
• 69831f3 build(deps): bump actions/checkout from 4 to 5
• a53be35 Improve captureTestingT helper
• aafb604 mock: improve formatting of error message
• 7218e03 improve error msg
• 929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
• bc7459e suite: faster filtering of methods (-testify.m)
• 7d37b5c suite: refactor methodFilter
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.17.0 to 0.48.0

Commits

• e08b067 go.mod: update golang.org/x dependencies
• 7d0074c scrypt: fix panic on parameters <= 0
• 506e022 go.mod: update golang.org/x dependencies
• 7dacc38 chacha20poly1305: error out in fips140=only mode
• 19acf81 go.mod: update golang.org/x dependencies
• 3a1c6b4 x509roots/fallback: update bundle
• f4602e4 ssh/agent: fix flaky test by ensuring a writeable home directory
• 4e0068c go.mod: update golang.org/x dependencies
• e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
• f91f7a7 ssh/agent: prevent panic on malformed constraint
• Additional commits viewable in compare view

Updates github.com/gin-gonic/gin from 1.10.0 to 1.12.0

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.12.0

Changelog

Features

• 192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) (@​takanuva15)
• 53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) (@​raju-mechatronics)
• acc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (#4423) (@​1911860538)
• 38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (@​Spyder01)
• 771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (#4420) (@​ldesauw)
• 4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (#4146) (@​wsyqn6)
• d7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (#4145) (@​laurentcau)

Bug fixes

• b917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (#2169) (@​guonaihong)
• c3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (#4380) (@​1911860538)
• 9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) (@​Nurysso)
• 2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (#4403) (@​zeek0x)
• c3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (#4422) (@​1911860538)
• 5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (#4415) (@​pawannn)
• 63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (#4336) (@​MondayCha)
• 5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (#4206) (@​dengaleev)
• 234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (#4373) (@​appleboy)
• 472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535) (@​veeceey)
• 8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (#4511) (@​mahanadh)

Enhancements

• ba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) (@​BobDu)
• b2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (#3359) (@​WeidiDeng)
• ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) (@​appleboy)
• af6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
• db309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (#4547) (@​USA-RedDragon)
• 26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when http.Flusher (#4479) (@​Twacqwq)
• 5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (#4388) (@​appleboy)

Refactor

• 39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (#4352) (@​russcoss)
• c0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (#4395) (@​wanghaolong613)
• 915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (#4481) (@​pauloappbr)
• 414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (#4333) (@​cuiweixie)
• 59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (#4314) (@​1911860538)
• 3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (#4142) (@​zeek0x)
• d1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (#4467) (@​zeek0x)
• e3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (#4392) (@​wanghaolong613)
• 488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) (@​veeceey)
• 9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (#4389) (@​reddaisyy)
• a85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (#4432) (@​efcking)

Build process updates

• 61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (#4367) (@​appleboy)
• fb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (#4436) (@​appleboy)
• 93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (#4437) (@​appleboy)
• e88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) (@​appleboy)
• 5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (#4421) (@​appleboy)
• 00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (#4531) (@​appleboy)
• ae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (#4550) (@​appleboy)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.12.0

Features

• feat(render): add bson protocol (#4145)
• feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502)
• feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203)
• feat(gin): add option to use escaped path (#4420)
• feat(context): add Protocol Buffers support to content negotiation (#4423)
• feat(context): implemented Delete method (#38e7651)
• feat(logger): color latency (#4146)

Enhancements

• perf(tree): reduce allocations in findCaseInsensitivePath (#4417)
• perf(recovery): optimize line reading in stack function (#4466)
• perf(path): replace regex with custom functions in redirectTrailingSlash (#4414)
• perf(tree): optimize path parsing using strings.Count (#4246)
• chore(logger): allow skipping query string output (#4547)
• chore(context): always trust xff headers from unix socket (#3359)
• chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#4479)
• refactor(recovery): smart error comparison (#4142)
• refactor(context): replace hardcoded localhost IPs with constants (#4481)
• refactor(utils): move util functions to utils.go (#4467)
• refactor(binding): use maps.Copy for cleaner map handling (#4352)
• refactor(context): using maps.Clone (#4333)
• refactor(ginS): use sync.OnceValue to simplify engine function (#4314)
• refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529)
• refactor: for loop can be modernized using range over int (#4392)

Bug Fixes

• fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
• fix(render): write content length in Data.Render (#4206)
• fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472)
• fix(binding): empty value error (#2169)
• fix(recover): suppress http.ErrAbortHandler in recover (#4336)
• fix(gin): literal colon routes not working with engine.Handler() (#4415)
• fix(gin): close os.File in RunFd to prevent resource leak (#4422)
• fix(response): refine hijack behavior for response lifecycle (#4373)
• fix(binding): improve empty slice/array handling in form binding (#4380)
• fix(debug): version mismatch (#4403)
• fix: correct typos, improve documentation clarity, and remove dead code (#4511)

Build process updates / CI

• ci: update Go version support to 1.25+ across CI and docs (#4550)
• chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)

Gin v1.11.0

... (truncated)

Commits

• 73726dc docs: update documentation to reflect Go version changes (#4552)
• e292e5c docs: document and finalize Gin v1.12.0 release (#4551)
• ae3f524 ci: update Go version support to 1.25+ across CI and docs (#4550)
• 38534e2 chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#4548)
• 472d086 fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.