Skip to content

Bump the go_modules group across 1 directory with 7 updates#261

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/shifter/go_modules-8f05219106
Open

Bump the go_modules group across 1 directory with 7 updates#261
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/shifter/go_modules-8f05219106

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 18, 2026

Bumps the go_modules group with 3 updates in the /shifter directory: github.com/emicklei/go-restful, golang.org/x/oauth2 and google.golang.org/grpc.

Updates github.com/gin-gonic/gin from 1.7.7 to 1.10.1

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.10.1

Changelog

Refactor

  • b5af7796535d97d9c7af42539af01d787fcb3b4d: refactor: strengthen HTTPS security and improve code organization (@​appleboy)

v1.10.0

Changelog

Features

  • 5f458dd1a6d631f324e4af9a4f5429ffdf199342: feat(auth): add proxy-server authentication (#3877) (@​EndlessParadox1)
  • 7a865dcf1dbe6ec52e074b1ddce830d278eb72cf: feat(bind): ShouldBindBodyWith shortcut and change doc (#3871) (@​RedCrazyGhost)
  • a18219566ca25fc51e6d2886bed849c6c3a0cd12: feat(binding): Support custom BindUnmarshaler for binding. (#3933) (@​dkkb)
  • fd1faaded01aef14a3955ec076f1cbeb9cb87775: feat(binding): support override default binding implement (#3514) (@​ssfyn)
  • ac5e84d93ce34359bfd2f346cb2971ea754d83e3: feat(engine): Added OptionFunc and With (#3572) (@​flc1125)
  • c6ae2e69666a2b36203b29650ee75d172c725c66: feat(logger): ability to skip logs based on user-defined logic (#3593) (@​palvaneh)

Bug fixes

  • d4e413648824333726ef65de5defc457e9dbf095: Revert "fix(uri): query binding bug (#3236)" (#3899) (@​appleboy)
  • 3dc1cd6572b4e3a0cd170a15debe546c2c72294f: fix(binding): binding error while not upload file (#3819) (#3820) (@​clearcodecn)
  • 82bcd6d39bfe9c22032764ff3b0b6f8ef1673e49: fix(binding): dereference pointer to struct (#3199) (@​echovl)
  • 2b1da2b0b38dfc5d5841266037c0c8b249eca1dd: fix(context): make context Value method adhere to Go standards (#3897) (@​FarmerChillax)
  • f70dd00b00bc0a46cb18b55bfe1f918d5d29b511: fix(engine): fix unit test (#3878) (@​flc1125)
  • 86ff4a64c7efe1a1c875529835eeef9e15de1e86: fix(header): Allow header according to RFC 7231 (HTTP 405) (#3759) (@​Crocmagnon)
  • 09f8224593e31edf3c58ab3f13bc31ef53473733: fix(route): Add fullPath in context copy (#3784) (@​KarthikReddyPuli)
  • 9f598a31aafb92d675f38f1c8371e4ac76f858bf: fix(router): catch-all conflicting wildcard (#3812) (@​FirePing32)
  • 4a40f8f1a49b9086b461d97e167c3b9628d8b923: fix(sec): upgrade golang.org/x/crypto to 0.17.0 (#3832) (@​chncaption)
  • 386d244068db3693f938db4ead6d1f5f85942e3f: fix(tree): correctly expand the capacity of params (#3502) (@​georgijd-form3)
  • 8790d08909fc4d193c6c787c9c72f3089168f411: fix(uri): query binding bug (#3236) (@​illiafox)
  • 44d0dd70924dd154e3b98bc340accc53484efa9c: fix: Add pointer support for url query params (#3659) (#3666) (@​omkar-foss)
  • 646312aef6a34095476ac846b0920db5fb24b2ea: fix: protect Context.Keys map when call Copy method (#3873) (@​kingcanfish)

Enhancements

  • d4a64265f21993368c90602c18e778bf04ef36db: chore(CI): update release args (#3595) (@​qloog)
  • bb3519d26f52835cf00e5e430b52651a9c378c97: chore(IP): add TrustedPlatform constant for Fly.io. (#3839) (@​ab)
  • 1b3c0859693fc85290c01ba098b1440d4776549f: chore(debug): add ability to override the debugPrint statement (#2337) (@​josegonzalez)
  • a64286a7760be2031209686ce4d36e99d42dd419: chore(deps): update dependencies to latest versions (#3835) (@​appleboy)
  • 9c61295efeea99f6c9d1722294f1bf61d8e464d6: chore(header): Add support for RFC 9512: application/yaml (#3851) (@​vincentbernat)
  • a481ee2897af1e368de5c919fbeb21b89aa26fc7: chore(http): use white color for HTTP 1XX (#3741) (@​viralparmarme)
  • c964ad370bbe007f1b18a7570f058a66f05fbe1f: chore(optimize): the ShouldBindUri method of the Context struct (#3911) (@​1911860538)
  • 739d2d9c80e0298dafb5df1c30bae35d63935d6c: chore(perf): Optimize the Copy method of the Context struct (#3859) (@​1911860538)
  • 3ea8bd99fbb4e499d70a0c8e1ce2ce4b7c6348b6: chore(refactor): modify interface check way (#3855) (@​demoManito)
  • ab8042e9e5370bbe0e93ea5adc6e74ae4c5df95e: chore(request): check reader if it's nil before reading (#3419) (@​noahyao1024)
  • 0d9dbbb44551a872d30fd89d4d55ba0515d646fd: chore(security): upgrade Protobuf for CVE-2024-24786 (#3893) (@​Fotkurz)
  • ecdbbbe9483dd12222f2085f717a2c7cb5ac55fe: chore: refactor CI and update dependencies (#3848) (@​appleboy)
  • 39089af62535b27aa63608f341c0a339aa88f64e: chore: refactor configuration files for better readability (#3951) (@​appleboy)
  • 160c1730efd30046239c802d5b9f895a708c3f4c: chore: update GitHub Actions configuration (#3792) (@​appleboy)
  • 0397e5e0c0f8f8176c29f7edd8f1bff8e45df780: chore: update changelog categories and improve documentation (#3917) (@​appleboy)
  • 62b50cfbc0de877207ff74c160a23dff6394f563: chore: update dependencies to latest versions (#3694) (@​appleboy)
  • 638aa19e7d30513f7bc777c62ff8558fd5f90ea5: chore: update external dependencies to latest versions (#3950) (@​appleboy)
  • c6f90df4e0c888c69524307cc35952ec2e7ead41: chore: update various Go dependencies to latest versions (#3901) (@​appleboy)

Build process updates

  • 78f4687875d72d10392f8a77008cbefdec4c0aa0: build(codecov): Added a codecov configuration (#3891) (@​flc1125)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.10.1

Features

  • refactor: strengthen HTTPS security and improve code organization
  • feat(binding): Support custom BindUnmarshaler for binding. (#3933)

Enhancements

  • chore(deps): bump github.com/bytedance/sonic from 1.11.3 to 1.11.6 (#3940)
  • chore(deps): bump golangci/golangci-lint-action from 4 to 5 (#3941)
  • chore: update external dependencies to latest versions (#3950)
  • chore: update various Go dependencies to latest versions (#3901)
  • chore: refactor configuration files for better readability (#3951)
  • chore: update changelog categories and improve documentation (#3917)
  • feat: update version constant to v1.10.0 (#3952)

Build process updates

  • ci(release): refactor changelog regex patterns and exclusions (#3914)
  • ci(Makefile): vet command add .PHONY (#3915)

Gin v1.10.0

Features

Bug fixes

Enhancements

... (truncated)

Commits
  • b5af779 refactor: strengthen HTTPS security and improve code organization
  • 75ccf94 feat: update version constant to v1.10.0 (#3952)
  • 39089af chore: refactor configuration files for better readability (#3951)
  • 638aa19 chore: update external dependencies to latest versions (#3950)
  • a182195 feat(binding): Support custom BindUnmarshaler for binding. (#3933)
  • b4f66e9 chore(deps): bump github.com/bytedance/sonic from 1.11.3 to 1.11.6 (#3940)
  • f80ade7 chore(deps): bump golangci/golangci-lint-action from 4 to 5 (#3941)
  • 0397e5e chore: update changelog categories and improve documentation (#3917)
  • c6f90df chore: update various Go dependencies to latest versions (#3901)
  • 8acbe65 ci(release): refactor changelog regex patterns and exclusions (#3914)
  • Additional commits viewable in compare view

Updates github.com/emicklei/go-restful from 2.9.5+incompatible to 2.16.0+incompatible

Changelog

Sourced from github.com/emicklei/go-restful's changelog.

Change history of go-restful

[v3.13.0] - 2025-08-14

  • optimize performance of path matching in CurlyRouter ( thanks @​wenhuang, Wen Huang)

[v3.12.2] - 2025-02-21

  • allow empty payloads in post,put,patch, issue #580 ( thanks @​liggitt, Jordan Liggitt)

[v3.12.1] - 2024-05-28

  • fix misroute when dealing multiple webservice with regex (#549) (thanks Haitao Chen)

[v3.12.0] - 2024-03-11

  • add Flush method #529 (#538)
  • fix: Improper handling of empty POST requests (#543)

[v3.11.3] - 2024-01-09

  • better not have 2 tags on one commit

[v3.11.1, v3.11.2] - 2024-01-09

  • fix by restoring custom JSON handler functions (Mike Beaumont #540)

[v3.11.0] - 2023-08-19

  • restored behavior as <= v3.9.0 with option to change path strategy using TrimRightSlashEnabled.

[v3.10.2] - 2023-03-09 - DO NOT USE

  • introduced MergePathStrategy to be able to revert behaviour of path concatenation to 3.9.0 see comment in Readme how to customize this behaviour.

[v3.10.1] - 2022-11-19 - DO NOT USE

  • fix broken 3.10.0 by using path package for joining paths

[v3.10.0] - 2022-10-11 - BROKEN

  • changed tokenizer to match std route match behavior; do not trimright the path (#511)
  • Add MIME_ZIP (#512)
  • Add MIME_ZIP and HEADER_ContentDisposition (#513)
  • Changed how to get query parameter issue #510

[v3.9.0] - 2022-07-21

... (truncated)

Commits

Updates golang.org/x/crypto from 0.0.0-20220214200702-86341886e292 to 0.39.0

Commits

Updates golang.org/x/net from 0.7.0 to 0.41.0

Commits
  • 6e41cae go.mod: update golang.org/x dependencies
  • 15f7d40 http2: correctly wrap ErrFrameTooLarge in Framer.ReadFrame
  • ef33bc0 internal/http3: use bubbled context in synctest tests
  • 919c6bc http2: use an array instead of a map in typeFrameParser
  • bae01a7 trace: add missing td tag
  • 7d6e62a go.mod: update golang.org/x dependencies
  • ea0c1d9 internal/timeseries: use built-in max/min to simplify the code
  • 3e7a445 quic: skip packet numbers for optimistic ack defense
  • 3f563d3 quic: use an enum for sentPacket state
  • a3b6e77 quic: don't re-lose packets when discarding keys
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.4.0 to 0.27.0

Commits
  • 681b4d8 jws: split token into fixed number of parts
  • 3f78298 all: upgrade go directive to at least 1.23.0 [generated]
  • 109dabf endpoints: add links/provider for Discord
  • ac571fa oauth2: fix docs for Config.DeviceAuth
  • 314ee5b endpoints: add patreon endpoint
  • b9c813b google: add warning about externally-provided credentials
  • 49a531d all: make method and struct comments match the names
  • 22134a4 README: don't recommend go get
  • 3e64809 x/oauth2: add Token.ExpiresIn
  • 16a9973 jwt: rename example to avoid vet error
  • Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.53.0 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

  • stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

  • mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

  • balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

  • experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
  • pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
    • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
  • xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
  • balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Bug Fixes

  • credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
  • health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Performance Improvements

  • credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
  • mem: Optimize pooling and creation of buffer objects. (#8784)
  • transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

Updates google.golang.org/protobuf from 1.28.1 to 1.36.10

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the go_modules group across 1 directory with 7 updates
8cb0bd9 
Bumps the go_modules group with 3 updates in the /shifter directory: [github.com/emicklei/go-restful](https://github.com/emicklei/go-restful), [golang.org/x/oauth2](https://github.com/golang/oauth2) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).


Updates `github.com/gin-gonic/gin` from 1.7.7 to 1.10.1
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.7.7...v1.10.1)

Updates `github.com/emicklei/go-restful` from 2.9.5+incompatible to 2.16.0+incompatible
- [Release notes](https://github.com/emicklei/go-restful/releases)
- [Changelog](https://github.com/emicklei/go-restful/blob/v3/CHANGES.md)
- [Commits](emicklei/go-restful@v2.9.5...v2.16.0)

Updates `golang.org/x/crypto` from 0.0.0-20220214200702-86341886e292 to 0.39.0
- [Commits](https://github.com/golang/crypto/commits/v0.39.0)

Updates `golang.org/x/net` from 0.7.0 to 0.41.0
- [Commits](golang/net@v0.7.0...v0.41.0)

Updates `golang.org/x/oauth2` from 0.4.0 to 0.27.0
- [Commits](golang/oauth2@v0.4.0...v0.27.0)

Updates `google.golang.org/grpc` from 1.53.0 to 1.79.3
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.53.0...v1.79.3)

Updates `google.golang.org/protobuf` from 1.28.1 to 1.36.10

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.10.1
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/emicklei/go-restful
  dependency-version: 2.16.0+incompatible
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.39.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-version: 0.41.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.27.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.10
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 18, 2026
@dependabot dependabot bot mentioned this pull request Mar 18, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants