Bump the go_modules group across 3 directories with 7 updates by dependabot[bot] · Pull Request #1 · Dbaker1298/oapi-codegen

dependabot · 2025-06-20T16:42:13Z

Bumps the go_modules group with 1 update in the / directory: github.com/getkin/kin-openapi.
Bumps the go_modules group with 5 updates in the /examples directory:

Package	From	To
github.com/getkin/kin-openapi	`0.122.0`	`0.131.0`
github.com/go-chi/chi/v5	`5.0.10`	`5.2.2`
github.com/gofiber/fiber/v2	`2.49.1`	`2.52.5`
github.com/lestrrat-go/jwx	`1.2.26`	`1.2.29`
google.golang.org/protobuf	`1.31.0`	`1.33.0`

Bumps the go_modules group with 5 updates in the /internal/test directory:

Package	From	To
github.com/getkin/kin-openapi	`0.122.0`	`0.131.0`
github.com/go-chi/chi/v5	`5.0.10`	`5.2.2`
github.com/gofiber/fiber/v2	`2.49.1`	`2.52.5`
golang.org/x/crypto	`0.14.0`	`0.35.0`
google.golang.org/protobuf	`1.31.0`	`1.33.0`

Updates github.com/getkin/kin-openapi from 0.122.0 to 0.131.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.131.0

What's Changed

openapi3filter: de-register ZipFileBodyDecoder and make a few decoders public by @fenollp in getkin/kin-openapi#1059

Full Changelog: getkin/kin-openapi@v0.130.0...v0.131.0

v0.130.0

What's Changed

feat(openapi3gen): Customize json.RawMessage by @kyleconroy in getkin/kin-openapi#1050

openapi3gen: Fix issue with separate component generated for time.Time by @d1vbyz3r0 in getkin/kin-openapi#1052

openapi3filter: Remove redundant ExcludeResponseBody check by @tatsumack in getkin/kin-openapi#1056

openapi3: use origin to minimize collisions by @reuvenharrison in getkin/kin-openapi#1057

openapi3: delete origin keys only when IncludeOrigin=true by @reuvenharrison in getkin/kin-openapi#1055

openapi3filter: apply default values of an array in a query param with exploded = false by @nhochstr in getkin/kin-openapi#1054

New Contributors

@kyleconroy made their first contribution in getkin/kin-openapi#1050

@d1vbyz3r0 made their first contribution in getkin/kin-openapi#1052

@tatsumack made their first contribution in getkin/kin-openapi#1056

@nhochstr made their first contribution in getkin/kin-openapi#1054

Full Changelog: getkin/kin-openapi@v0.129.0...v0.130.0

v0.129.0

What's Changed

README: add Fuego to dependents by @EwenQuim in getkin/kin-openapi#1017

openapi3: skip a test in CI to avoid 403s from some remote server by @fenollp in getkin/kin-openapi#1019

openapi3: introduce StringMap type to enable unmarshalling of maps with Origin by @reuvenharrison in getkin/kin-openapi#1018

openapi3: reference originating locations in YAML specs - step 1 by @reuvenharrison in getkin/kin-openapi#1007

openapi3: reference originating locations in YAML specs - step 2 by @reuvenharrison in getkin/kin-openapi#1024

openapi3: process discriminator mapping values as refs by @jgresty in getkin/kin-openapi#1022

openapi3filter: register decoder for other JSON content types by @oliverli in getkin/kin-openapi#1026

Revert "openapi3: process discriminator mapping values as refs" by @fenollp in getkin/kin-openapi#1029

openapi3: fail to load spec because of schema names in mapping by @reuvenharrison in getkin/kin-openapi#1027

openapi2conv: convert schemaRef for additional props by @jayanth-tatina-groww in getkin/kin-openapi#1030

openapi3: simplify by replacing math.Min with min by @alexandear in getkin/kin-openapi#1032

openapi3: fix deprecation comments by @alexandear in getkin/kin-openapi#1034

test: fix expected-actual parameters in require.Equal by @alexandear in getkin/kin-openapi#1035

use forked yaml modules without "replace" by @reuvenharrison in getkin/kin-openapi#1038

openapi3: update date schema formats to not match months or days of '00' by @RulerOfTheQueendom in getkin/kin-openapi#1042

openapi3,openapi3filter: replace interface{} with any by @alexandear in getkin/kin-openapi#1040

openapi3filter: Simplify ValidateRequest implementation by @alexandear in getkin/kin-openapi#1041

openapi3filter: validation of x-www-form-urlencoded with arbitrary nested allOf by @mikhalytch in getkin/kin-openapi#1046

openapi2conv: convert references in nested additionalProperties schemas by @travisnewhouse in getkin/kin-openapi#1047

New Contributors

@EwenQuim made their first contribution in getkin/kin-openapi#1017

@jgresty made their first contribution in getkin/kin-openapi#1022

@oliverli made their first contribution in getkin/kin-openapi#1026

... (truncated)

Commits

67f0b23 openapi3filter: de-register ZipFileBodyDecoder and make a few decoders public...
6da871e openapi3filter: apply default values of an array in a query param with explod...
a34baf0 openapi3: delete origin keys only when IncludeOrigin=true (#1055)
2d3e67a use origin to minimize collisions (#1057)
e3d68dc Remove redundant ExcludeResponseBody check in ValidateResponse (#1056)
050a930 openapi3gen: Fix issue with separate component generated for time.Time (#1052)
72fb819 feat(openapi3gen): Customize json.RawMessage (#1050)
cea0a13 openapi2conv: convert references in nested additionalProperties schemas (#1047)
f476f7b openapi3filter: validation of x-www-form-urlencoded with arbitrary nested a...
325cecc openapi3filter: simplify ValidateRequest implementation (#1041)
Additional commits viewable in compare view

Updates github.com/getkin/kin-openapi from 0.122.0 to 0.131.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.131.0

What's Changed

openapi3filter: de-register ZipFileBodyDecoder and make a few decoders public by @fenollp in getkin/kin-openapi#1059

Full Changelog: getkin/kin-openapi@v0.130.0...v0.131.0

v0.130.0

What's Changed

feat(openapi3gen): Customize json.RawMessage by @kyleconroy in getkin/kin-openapi#1050

openapi3gen: Fix issue with separate component generated for time.Time by @d1vbyz3r0 in getkin/kin-openapi#1052

openapi3filter: Remove redundant ExcludeResponseBody check by @tatsumack in getkin/kin-openapi#1056

openapi3: use origin to minimize collisions by @reuvenharrison in getkin/kin-openapi#1057

openapi3: delete origin keys only when IncludeOrigin=true by @reuvenharrison in getkin/kin-openapi#1055

openapi3filter: apply default values of an array in a query param with exploded = false by @nhochstr in getkin/kin-openapi#1054

New Contributors

@kyleconroy made their first contribution in getkin/kin-openapi#1050

@d1vbyz3r0 made their first contribution in getkin/kin-openapi#1052

@tatsumack made their first contribution in getkin/kin-openapi#1056

@nhochstr made their first contribution in getkin/kin-openapi#1054

Full Changelog: getkin/kin-openapi@v0.129.0...v0.130.0

v0.129.0

What's Changed

README: add Fuego to dependents by @EwenQuim in getkin/kin-openapi#1017

openapi3: skip a test in CI to avoid 403s from some remote server by @fenollp in getkin/kin-openapi#1019

openapi3: introduce StringMap type to enable unmarshalling of maps with Origin by @reuvenharrison in getkin/kin-openapi#1018

openapi3: reference originating locations in YAML specs - step 1 by @reuvenharrison in getkin/kin-openapi#1007

openapi3: reference originating locations in YAML specs - step 2 by @reuvenharrison in getkin/kin-openapi#1024

openapi3: process discriminator mapping values as refs by @jgresty in getkin/kin-openapi#1022

openapi3filter: register decoder for other JSON content types by @oliverli in getkin/kin-openapi#1026

Revert "openapi3: process discriminator mapping values as refs" by @fenollp in getkin/kin-openapi#1029

openapi3: fail to load spec because of schema names in mapping by @reuvenharrison in getkin/kin-openapi#1027

openapi2conv: convert schemaRef for additional props by @jayanth-tatina-groww in getkin/kin-openapi#1030

openapi3: simplify by replacing math.Min with min by @alexandear in getkin/kin-openapi#1032

openapi3: fix deprecation comments by @alexandear in getkin/kin-openapi#1034

test: fix expected-actual parameters in require.Equal by @alexandear in getkin/kin-openapi#1035

use forked yaml modules without "replace" by @reuvenharrison in getkin/kin-openapi#1038

openapi3: update date schema formats to not match months or days of '00' by @RulerOfTheQueendom in getkin/kin-openapi#1042

openapi3,openapi3filter: replace interface{} with any by @alexandear in getkin/kin-openapi#1040

openapi3filter: Simplify ValidateRequest implementation by @alexandear in getkin/kin-openapi#1041

openapi3filter: validation of x-www-form-urlencoded with arbitrary nested allOf by @mikhalytch in getkin/kin-openapi#1046

openapi2conv: convert references in nested additionalProperties schemas by @travisnewhouse in getkin/kin-openapi#1047

New Contributors

@EwenQuim made their first contribution in getkin/kin-openapi#1017

@jgresty made their first contribution in getkin/kin-openapi#1022

@oliverli made their first contribution in getkin/kin-openapi#1026

... (truncated)

Commits

67f0b23 openapi3filter: de-register ZipFileBodyDecoder and make a few decoders public...
6da871e openapi3filter: apply default values of an array in a query param with explod...
a34baf0 openapi3: delete origin keys only when IncludeOrigin=true (#1055)
2d3e67a use origin to minimize collisions (#1057)
e3d68dc Remove redundant ExcludeResponseBody check in ValidateResponse (#1056)
050a930 openapi3gen: Fix issue with separate component generated for time.Time (#1052)
72fb819 feat(openapi3gen): Customize json.RawMessage (#1050)
cea0a13 openapi2conv: convert references in nested additionalProperties schemas (#1047)
f476f7b openapi3filter: validation of x-www-form-urlencoded with arbitrary nested a...
325cecc openapi3filter: simplify ValidateRequest implementation (#1041)
Additional commits viewable in compare view

Updates github.com/go-chi/chi/v5 from 5.0.10 to 5.2.2

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.2.2

What's Changed

Use strings.Cut in a few places by @JRaspass in go-chi/chi#971

Fix non-constant format strings in t.Fatalf by @JRaspass in go-chi/chi#972

Apply fieldalignment fixes to optimize struct memory layout by @pixel365 in go-chi/chi#974

go 1.24 by @pkieltyka in go-chi/chi#977

chore: delint ioutil usage by @costela in go-chi/chi#962

Fixed typo in Router interface definition by @mithileshgupta12 in go-chi/chi#958

Add support for TinyGo by @efraimbart in go-chi/chi#978

Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by @cxjava in go-chi/chi#982

Make use of strings.Cut by @scop in go-chi/chi#1005

Change install command format to code block by @sglkc in go-chi/chi#1001

Correct documentation by @mrdomino in go-chi/chi#992

Security fix

Fixes GHSA-vrw8-fxc6-2r93 - "Host Header Injection Leads to Open Redirect in RedirectSlashes" commit

a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header

reported by Anuraag Baishya, @anuraagbaishya. Thank you!

New Contributors

@pixel365 made their first contribution in go-chi/chi#974

@mithileshgupta12 made their first contribution in go-chi/chi#958

@efraimbart made their first contribution in go-chi/chi#978

@cxjava made their first contribution in go-chi/chi#982

@sglkc made their first contribution in go-chi/chi#1001

@mrdomino made their first contribution in go-chi/chi#992

Full Changelog: go-chi/chi@v5.2.1...v5.2.2

v5.2.1

⚠️ Chi supports Go 1.20+

Starting this release, we will now support the four most recent major versions of Go. See go-chi/chi#963 for related discussion.

What's Changed

Support the four most recent major versions of Go by @VojtechVitek in go-chi/chi#969

Full Changelog: go-chi/chi@v5.2.0...v5.2.1

v5.2.0

What's Changed

update credits section to link to goji license by @pkieltyka in go-chi/chi#944

go 1.23 by @pkieltyka in go-chi/chi#945

Make Context.RoutePattern() nil-safe by @gaiaz-iusipov in go-chi/chi#927

govet: Fix non-constant format string by @marcofranssen in go-chi/chi#952

Add Find to Routes interface by @joeriddles in go-chi/chi#872

Fix grammar error by @AntonC9018 in go-chi/chi#917

~~feat(): add CF-Connecting-IP by @n33pm in go-chi/chi#908~~

~~Revert "feat(): add CF-Connecting-IP" by @VojtechVitek in go-chi/chi#966~~

... (truncated)

Changelog

Sourced from github.com/go-chi/chi/v5's changelog.

Changelog

v5.0.12 (2024-02-16)

History of changes: see go-chi/chi@v5.0.11...v5.0.12

v5.0.11 (2023-12-19)

History of changes: see go-chi/chi@v5.0.10...v5.0.11

Commits

23c395f Correct documentation (#992)
5516d14 docs: change install code to code block (#1001)
e235052 Make use of strings.Cut (#1005)
1be7ad9 Merge commit from fork
d7034fd Exclude profiler when use tinygo (#982)
d047034 support tinygo (#978)
fe2c065 Fixed the typo (#958)
1aae5b2 chore: delint ioutil usage (#962)
c6225e3 go 1.24 (#977)
e846b83 Apply fieldalignment fixes to optimize struct memory layout (#974)
Additional commits viewable in compare view

Updates github.com/gofiber/fiber/v2 from 2.49.1 to 2.52.5

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.52.5

👮 Security

https://docs.gofiber.io/api/middleware/session

🧹 Updates

Middleware/session: Remove extra release and aquire ctx calls in session_test.go (#3043)

🐛 Bug Fixes

Middleware/monitor: middleware reporting of CPU usage (#2984)

Middleware/session: mutex for thread safety (#3050)

📚 Documentation

Improve ctx.Locals method description and example (#3030)

Improve ctx.Locals method documentation (#3033)

Update README_id.md (#3045)

Full Changelog: gofiber/fiber@v2.52.4...v2.52.5

Thank you @nyufeng, @PaulTitto and @sixcolors for making this update possible.

v2.52.4

🐛 Fixes

Middleware/cors: CORS handling by @sixcolors in gofiber/fiber#2937

Middleware/cors: Vary header handling non-cors OPTIONS requests by @sixcolors in gofiber/fiber#2939

Full Changelog: gofiber/fiber@v2.52.3...v2.52.4

v2.52.3

🐛 Fixes

Middleware/cors: Handling and wildcard subdomain matching by @sixcolors in gofiber/fiber#2915

Middleware/cors: Categorize requests correctly by @sixcolors in gofiber/fiber#2921

Middleware/csrf: Fix Benchmark Tests by @sixcolors in gofiber/fiber#2932

Full Changelog: gofiber/fiber@v2.52.2...v2.52.3

v2.52.2

🐛 Fixes

Middleware/cors: Validation of multiple Origins (gofiber/fiber#2883)

... (truncated)

Commits

6968d51 add release.yml config
66a8814 fix(middleware/session): mutex for thread safety (#3050)
6fa0e7c Update README_id.md (#3045)
c7bfb31 test(middleware/session): Remove extra release and aquire ctx calls in sessio...
abf8f32 prepare version v2.52.5
7926e5b Merge pull request from GHSA-98j2-3j3p-fw2v
4262f5b fix: monitor middleware reporting of CPU usage (#2984)
232c0fa docs: Improve ctx.Locals method documentation (#3033)
6c9510d docs: Improve ctx.Locals method description and example (#3030)
6c3eb80 Update csrf.md
Additional commits viewable in compare view

Updates github.com/lestrrat-go/jwx from 1.2.26 to 1.2.29

Release notes

Sourced from github.com/lestrrat-go/jwx's releases.

v1.2.29 07 Mar 2024

[Security]

[jwe] Added jwe.Settings(jwe.WithMaxDecompressBufferSize(int64)) to specify the maximum size of a decompressed JWE payload. The default value is 10MB. If you are compressing payloads greater than this, you need to explicitly set it.

Unlike in v2, there is no way to set this globally. Please use v2 if this is required.

v1.2.28

v1.2.28 09 Jan 2024
[Security Fixes]
  * [jws] JWS messages formated in full JSON format (i.e. not the compact format, which
    consists of three base64 strings concatenated with a '.') with missing "protected"
    headers could cause a panic, thereby introducing a possiblity of a DoS.
This has been fixed so that the `jws.Parse` function succeeds in parsing a JWS message
lacking a protected header. Calling `jws.Verify` on this same JWS message will result
in a failed verification attempt. Note that this behavior will differ slightly when
parsing JWS messages in compact form, which result in an error.

v1.2.27

v1.2.27 - 03 Dec 2023
[Security]
  * [jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack,
    similar to https://nvd.nist.gov/vuln/detail/CVE-2022-36083.  All users should upgrade, as
    unlike v2, v1 attempts to decrypt JWEs on JWTs by default.
    [GHSA-7f9x-gw85-8grf]
[Bug Fixes]

[jwk] jwk.Set(jwk.KeyOpsKey, <jwk.KeyOperation>) now works (previously, either
Set(.., <string>) or Set(..., []jwk.KeyOperation{...}) worked, but not a single
jwk.KeyOperation

Changelog

Sourced from github.com/lestrrat-go/jwx's changelog.

v1.2.29 07 Mar 2024

[jwe] Added jwe.Settings(jwe.WithMaxDecompressBufferSize(int64)) to specify the maximum size of a decompressed JWE payload. The default value is 10MB. If you are compressing payloads greater than this, you need to explicitly set it.

Unlike in v2, there is no way to set this globally. Please use v2 if this is required.

v1.2.28 09 Jan 2024 [Security Fixes]

[jws] JWS messages formated in full JSON format (i.e. not the compact format, which consists of three base64 strings concatenated with a '.') with missing "protected" headers could cause a panic, thereby introducing a possiblity of a DoS.

This has been fixed so that the jws.Parse function succeeds in parsing a JWS message lacking a protected header. Calling jws.Verify on this same JWS message will result in a failed verification attempt. Note that this behavior will differ slightly when parsing JWS messages in compact form, which result in an error.

v1.2.27 - 03 Dec 2023 [Security]

[jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack, similar to https://nvd.nist.gov/vuln/detail/CVE-2022-36083. All users should upgrade, as unlike v2, v1 attempts to decrypt JWEs on JWTs by default. [GHSA-7f9x-gw85-8grf]

[Bug Fixes]

[jwk] jwk.Set(jwk.KeyOpsKey, ) now works (previously, either Set(.., ) or Set(..., []jwk.KeyOperation{...}) worked, but not a single jwk.KeyOperation

Commits

1025f8e Merge pull request #1092 from lestrrat-go/develop/v1
4399ace Merge branch 'v1' into develop/v1
dc80fed Update Changes
e4c1511 silence linter
d01027d Merge pull request from GHSA-hj3v-m684-v259
3d6e0e0 Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#1085)
3af5916 Bump golang.org/x/crypto from 0.19.0 to 0.21.0 (#1087)
7a05818 Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (#1074)
8e2aacd Bump golangci/golangci-lint-action from 3 to 4 (#1076)
4b1fd05 Bump kentaro-m/auto-assign-action from 1.2.6 to 2.0.0 (#1068)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.14.0 to 0.21.0

Commits

7292932 ssh: limit the size of the internal packet queue while waiting for KEX
f66f74b acme/autocert: check host policy before probing the cache
b0784b7 x509roots/fallback: drop obsolete build constraint
911360c all: bump golang.org/x/crypto dependencies of asm generators
89ff08d all: upgrade go directive to at least 1.23.0 [generated]
e47973b all: update certs for go1.24
9290511 go.mod: update golang.org/x dependencies
fa5273e x509roots/fallback: update bundle
a8ea4be ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface
71d3a4c acme: support challenges that require the ACME client to send a non-empty JSO...
Additional commits viewable in compare view

Updates golang.org/x/net from 0.17.0 to 0.21.0

Commits

73d21fd go.mod: update golang.org/x dependencies
643fd16 html: fix SOLIDUS '/' handling in attribute parsing
73e4b50 dns/dnsmessage: allow name compression for SRV resource parsing
b2208d0 internal/quic/qlog: fix typo
0d0b98c http2: avoid goroutine starvation in TestServer_Push_RejectAfterGoAway
07e05fd http2: remove suspicious uint32->v conversion in frame code
26b646e quic: avoid deadlock in Endpoint.Close
cb5b10f go.mod: update golang.org/x dependencies
689bbc7 quic: deflake TestStreamsCreateConcurrency
f12db26 internal/quic/cmd/interop: use wget --no-verbose in Dockerfile
Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Updates github.com/getkin/kin-openapi from 0.122.0 to 0.131.0

Release notes

Sourced from github.com/getkin/kin-openapi's releases.

v0.131.0

What's Changed

openapi3filter: de-register ZipFileBodyDecoder and make a few decoders public by @fenollp in getkin/kin-openapi#1059

Full Changelog: getkin/kin-openapi@v0.130.0...v0.131.0

v0.130.0

What's Changed

feat(openapi3gen): Customize json.RawMessage by @kyleconroy in getkin/kin-openapi#1050

openapi3gen: Fix issue with separate component generated for time.Time by @d1vbyz3r0 in getkin/kin-openapi#1052

openapi3filter: Remove redundant ExcludeResponseBody check by @tatsumack in getkin/kin-openapi#1056

openapi3: use origin to minimize collisions by @reuvenharrison in getkin/kin-openapi#1057

openapi3: delete origin keys only when IncludeOrigin=true by @reuvenharrison in getkin/kin-openapi#1055

openapi3filter: apply default values of an array in a query param with exploded = false by @nhochstr in getkin/kin-openapi#1054

New Contributors

@kyleconroy made their first contribution in getkin/kin-openapi#1050

@d1vbyz3r0 made their first contribution in getkin/kin-openapi#1052

@tatsumack made their first contribution in getkin/kin-openapi#1056

@nhochstr made their first contribution in getkin/kin-openapi#1054

Full Changelog: getkin/kin-openapi@v0.129.0...v0.130.0

v0.129.0

What's Changed

README: add Fuego to dependents by @EwenQuim in getkin/kin-openapi#1017

openapi3: skip a test in CI to avoid 403s from some remote server by @fenollp in getkin/kin-openapi#1019

openapi3: introduce StringMap type to enable unmarshalling of maps with Origin by @reuvenharrison in getkin/kin-openapi#1018

openapi3: reference originating locations in YAML specs - step 1 by @reuvenharrison in getkin/kin-openapi#1007

openapi3: reference originating locations in YAML specs - step 2 by @reuvenharrison in getkin/kin-openapi#1024

openapi3: process discriminator mapping values as refs by @jgresty in getkin/kin-openapi#1022

openapi3filter: register decoder for other JSON content types by @oliverli in getkin/kin-openapi#1026

Revert "openapi3: process discriminator mapping values as refs" by @fenollp in getkin/kin-openapi#1029

openapi3: fail to load spec because of schema names in mapping by @reuvenharrison in getkin/kin-openapi#1027

openapi2conv: convert schemaRef for additional props by @jayanth-tatina-groww in getkin/kin-openapi#1030

openapi3: simplify by replacing math.Min with min by @alexandear in getkin/kin-openapi#1032

openapi3: fix deprecation comments by @alexandear in getkin/kin-openapi#1034

test: fix expected-actual parameters in require.Equal by @alexandear in getkin/kin-openapi#1035

use forked yaml modules without "replace" by @reuvenharrison in getkin/kin-openapi#1038

openapi3: update date schema formats to not match months or days of '00' by @RulerOfTheQueendom in getkin/kin-openapi#1042

openapi3,openapi3filter: replace interface{} with any by @alexandear in getkin/kin-openapi#1040

openapi3filter: Simplify ValidateRequest implementation by @alexandear in getkin/kin-openapi#1041

openapi3filter: validation of x-www-form-urlencoded with arbitrary nested allOf by @mikhalytch in getkin/kin-openapi#1046

openapi2conv: convert references in nested additionalProperties schemas by @travisnewhouse in getkin/kin-openapi#1047

New Contributors

@EwenQuim made their first contribution in getkin/kin-openapi#1017

@jgresty made their first contribution in getkin/kin-openapi#1022

@oliverli made their first contribution in getkin/kin-openapi#1026

... (truncated)

Commits

67f0b23 openapi3filter: de-register ZipFileBodyDecoder and make a few decoders public...
6da871e openapi3filter: apply default values of an array in a query param with explod...
a34baf0 openapi3: delete origin keys only when IncludeOrigin=true (#1055)
2d3e67a use origin to minimize collisions (#1057)
e3d68dc Remove redundant ExcludeResponseBody check in ValidateResponse (#1056)
050a930 openapi3gen: Fix issue with separate component generated for time.Time (#1052)
72fb819 feat(openapi3gen): Customize json.RawMessage (#1050)
cea0a13 openapi2conv: convert references in nested additionalProperties schemas (#1047)
f476f7b openapi3filter: validation of x-www-form-urlencoded with arbitrary nested a...
325cecc openapi3filter: simplify ValidateRequest implementation (#1041)
Additional commits viewable in compare view

Updates github.com/go-chi/chi/v5 from 5.0.10 to 5.2.2

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.2.2

What's Changed

Use strings.Cut in a few places by @JRaspass in go-chi/chi#971

Fix non-constant format strings in t.Fatalf by @JRaspass in go-chi/chi#972

Apply fieldalignment fixes to optimize struct memory layout by @pixel365 in go-chi/chi#974

go 1.24 by @pkieltyka in go-chi/chi#977

chore: delint ioutil usage by @costela in go-chi/chi#962

Fixed typo in Router interface definition by @mithileshgupta12 in go-chi/chi#958

Add support for TinyGo by @efraimbart in go-chi/chi#978

Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by @cxjava in go-chi/chi#982

Make use of strings.Cut by @scop in go-chi/chi#1005

Change install command format to code block by @sglkc in go-chi/chi#1001

Correct documentation by @mrdomino in go-chi/chi#992

Security fix

Fixes GHSA-vrw8-fxc6-2r93 - "Host Header Injection Leads to Open Redirect in RedirectSlashes" commit

a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header

reported by Anuraag Baishya, @anuraagbaishya. Thank you!

New Contributors

@pixel365 made their first contribution in go-chi/chi#974

@mithileshgupta12 made their first contribution in go-chi/chi#958

@efraimbart made their first contribution in go-chi/chi#978

@cxjava made their first contribution in go-chi/chi#982

@sglkc made their first contribution in go-chi/chi#1001

@mrdomino made their first contribution in go-chi/chi#992

...
Description has been truncated

Bumps the go_modules group with 1 update in the / directory: [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi). Bumps the go_modules group with 5 updates in the /examples directory: | Package | From | To | | --- | --- | --- | | [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.122.0` | `0.131.0` | | [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.0.10` | `5.2.2` | | [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) | `2.49.1` | `2.52.5` | | [github.com/lestrrat-go/jwx](https://github.com/lestrrat-go/jwx) | `1.2.26` | `1.2.29` | | google.golang.org/protobuf | `1.31.0` | `1.33.0` | Bumps the go_modules group with 5 updates in the /internal/test directory: | Package | From | To | | --- | --- | --- | | [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.122.0` | `0.131.0` | | [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.0.10` | `5.2.2` | | [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber) | `2.49.1` | `2.52.5` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.14.0` | `0.35.0` | | google.golang.org/protobuf | `1.31.0` | `1.33.0` | Updates `github.com/getkin/kin-openapi` from 0.122.0 to 0.131.0 - [Release notes](https://github.com/getkin/kin-openapi/releases) - [Commits](getkin/kin-openapi@v0.122.0...v0.131.0) Updates `github.com/getkin/kin-openapi` from 0.122.0 to 0.131.0 - [Release notes](https://github.com/getkin/kin-openapi/releases) - [Commits](getkin/kin-openapi@v0.122.0...v0.131.0) Updates `github.com/go-chi/chi/v5` from 5.0.10 to 5.2.2 - [Release notes](https://github.com/go-chi/chi/releases) - [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md) - [Commits](go-chi/chi@v5.0.10...v5.2.2) Updates `github.com/gofiber/fiber/v2` from 2.49.1 to 2.52.5 - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](gofiber/fiber@v2.49.1...v2.52.5) Updates `github.com/lestrrat-go/jwx` from 1.2.26 to 1.2.29 - [Release notes](https://github.com/lestrrat-go/jwx/releases) - [Changelog](https://github.com/lestrrat-go/jwx/blob/v1.2.29/Changes) - [Commits](lestrrat-go/jwx@v1.2.26...v1.2.29) Updates `golang.org/x/crypto` from 0.14.0 to 0.21.0 - [Commits](golang/crypto@v0.14.0...v0.35.0) Updates `golang.org/x/net` from 0.17.0 to 0.21.0 - [Commits](golang/net@v0.17.0...v0.21.0) Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0 Updates `github.com/getkin/kin-openapi` from 0.122.0 to 0.131.0 - [Release notes](https://github.com/getkin/kin-openapi/releases) - [Commits](getkin/kin-openapi@v0.122.0...v0.131.0) Updates `github.com/go-chi/chi/v5` from 5.0.10 to 5.2.2 - [Release notes](https://github.com/go-chi/chi/releases) - [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md) - [Commits](go-chi/chi@v5.0.10...v5.2.2) Updates `github.com/gofiber/fiber/v2` from 2.49.1 to 2.52.5 - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](gofiber/fiber@v2.49.1...v2.52.5) Updates `golang.org/x/crypto` from 0.14.0 to 0.35.0 - [Commits](golang/crypto@v0.14.0...v0.35.0) Updates `golang.org/x/net` from 0.17.0 to 0.25.0 - [Commits](golang/net@v0.17.0...v0.21.0) Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0 --- updated-dependencies: - dependency-name: github.com/getkin/kin-openapi dependency-version: 0.131.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/getkin/kin-openapi dependency-version: 0.131.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/go-chi/chi/v5 dependency-version: 5.2.2 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/gofiber/fiber/v2 dependency-version: 2.52.5 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/lestrrat-go/jwx dependency-version: 1.2.29 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.21.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.21.0 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-version: 1.33.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/getkin/kin-openapi dependency-version: 0.131.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/go-chi/chi/v5 dependency-version: 5.2.2 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/gofiber/fiber/v2 dependency-version: 2.52.5 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.35.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.25.0 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-version: 1.33.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 20, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go_modules group across 3 directories with 7 updates#1

Bump the go_modules group across 3 directories with 7 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/go_modules-f204a634c4

dependabot bot commented on behalf of github Jun 20, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Jun 20, 2025

v0.131.0

What's Changed

v0.130.0

What's Changed

New Contributors

v0.129.0

What's Changed

New Contributors

v0.131.0

What's Changed

v0.130.0

What's Changed

New Contributors

v0.129.0

What's Changed

New Contributors

v5.2.2

What's Changed

Security fix

New Contributors

v5.2.1

⚠️ Chi supports Go 1.20+

What's Changed

v5.2.0

What's Changed

Changelog

v5.0.12 (2024-02-16)

v5.0.11 (2023-12-19)

v2.52.5

👮 Security

🧹 Updates

🐛 Bug Fixes

📚 Documentation

v2.52.4

🐛 Fixes

v2.52.3

🐛 Fixes

v2.52.2

🐛 Fixes

v1.2.29 07 Mar 2024

[Security]

v1.2.28

v1.2.27

v0.131.0

What's Changed

v0.130.0

What's Changed

New Contributors

v0.129.0

What's Changed

New Contributors

v5.2.2

What's Changed

Security fix

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants