Skip to content

build(deps): bump the go-dev-dependencies group with 4 updates#294

Merged
llugin merged 1 commit intomainfrom
dependabot/go_modules/go-dev-dependencies-44e2c5c2bc
Mar 4, 2026
Merged

build(deps): bump the go-dev-dependencies group with 4 updates#294
llugin merged 1 commit intomainfrom
dependabot/go_modules/go-dev-dependencies-44e2c5c2bc

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 2, 2026

Bumps the go-dev-dependencies group with 4 updates: github.com/gin-gonic/gin, github.com/ebitengine/purego, github.com/shirou/gopsutil/v4 and golang.org/x/net.

Updates github.com/gin-gonic/gin from 1.11.0 to 1.12.0

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.12.0

Changelog

Features

  • 192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) (@​takanuva15)
  • 53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) (@​raju-mechatronics)
  • acc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (#4423) (@​1911860538)
  • 38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (@​Spyder01)
  • 771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (#4420) (@​ldesauw)
  • 4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (#4146) (@​wsyqn6)
  • d7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (#4145) (@​laurentcau)

Bug fixes

  • b917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (#2169) (@​guonaihong)
  • c3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (#4380) (@​1911860538)
  • 9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) (@​Nurysso)
  • 2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (#4403) (@​zeek0x)
  • c3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (#4422) (@​1911860538)
  • 5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (#4415) (@​pawannn)
  • 63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (#4336) (@​MondayCha)
  • 5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (#4206) (@​dengaleev)
  • 234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (#4373) (@​appleboy)
  • 472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535) (@​veeceey)
  • 8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (#4511) (@​mahanadh)

Enhancements

  • ba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) (@​BobDu)
  • b2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (#3359) (@​WeidiDeng)
  • ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) (@​appleboy)
  • af6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
  • db309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (#4547) (@​USA-RedDragon)
  • 26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when http.Flusher (#4479) (@​Twacqwq)
  • 5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (#4388) (@​appleboy)

Refactor

  • 39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (#4352) (@​russcoss)
  • c0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (#4395) (@​wanghaolong613)
  • 915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (#4481) (@​pauloappbr)
  • 414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (#4333) (@​cuiweixie)
  • 59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (#4314) (@​1911860538)
  • 3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (#4142) (@​zeek0x)
  • d1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (#4467) (@​zeek0x)
  • e3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (#4392) (@​wanghaolong613)
  • 488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) (@​veeceey)
  • 9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (#4389) (@​reddaisyy)
  • a85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (#4432) (@​efcking)

Build process updates

  • 61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (#4367) (@​appleboy)
  • fb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (#4436) (@​appleboy)
  • 93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (#4437) (@​appleboy)
  • e88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) (@​appleboy)
  • 5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (#4421) (@​appleboy)
  • 00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (#4531) (@​appleboy)
  • ae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (#4550) (@​appleboy)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.12.0

Features

  • feat(render): add bson protocol (#4145)
  • feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502)
  • feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203)
  • feat(gin): add option to use escaped path (#4420)
  • feat(context): add Protocol Buffers support to content negotiation (#4423)
  • feat(context): implemented Delete method (#38e7651)
  • feat(logger): color latency (#4146)

Enhancements

  • perf(tree): reduce allocations in findCaseInsensitivePath (#4417)
  • perf(recovery): optimize line reading in stack function (#4466)
  • perf(path): replace regex with custom functions in redirectTrailingSlash (#4414)
  • perf(tree): optimize path parsing using strings.Count (#4246)
  • chore(logger): allow skipping query string output (#4547)
  • chore(context): always trust xff headers from unix socket (#3359)
  • chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#4479)
  • refactor(recovery): smart error comparison (#4142)
  • refactor(context): replace hardcoded localhost IPs with constants (#4481)
  • refactor(utils): move util functions to utils.go (#4467)
  • refactor(binding): use maps.Copy for cleaner map handling (#4352)
  • refactor(context): using maps.Clone (#4333)
  • refactor(ginS): use sync.OnceValue to simplify engine function (#4314)
  • refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529)
  • refactor: for loop can be modernized using range over int (#4392)

Bug Fixes

  • fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
  • fix(render): write content length in Data.Render (#4206)
  • fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472)
  • fix(binding): empty value error (#2169)
  • fix(recover): suppress http.ErrAbortHandler in recover (#4336)
  • fix(gin): literal colon routes not working with engine.Handler() (#4415)
  • fix(gin): close os.File in RunFd to prevent resource leak (#4422)
  • fix(response): refine hijack behavior for response lifecycle (#4373)
  • fix(binding): improve empty slice/array handling in form binding (#4380)
  • fix(debug): version mismatch (#4403)
  • fix: correct typos, improve documentation clarity, and remove dead code (#4511)

Build process updates / CI

  • ci: update Go version support to 1.25+ across CI and docs (#4550)
  • chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)
Commits
  • 73726dc docs: update documentation to reflect Go version changes (#4552)
  • e292e5c docs: document and finalize Gin v1.12.0 release (#4551)
  • ae3f524 ci: update Go version support to 1.25+ across CI and docs (#4550)
  • 38534e2 chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#4548)
  • 472d086 fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
  • fb25834 test(context): use http.StatusContinue constant instead of magic number 100 (...
  • 6f1d5fe test(render): add comprehensive error handling tests (#4541)
  • 5c00df8 fix(render): write content length in Data.Render (#4206)
  • db30908 chore(logger): allow skipping query string output (#4547)
  • ba093d1 chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)
  • Additional commits viewable in compare view

Updates github.com/ebitengine/purego from 0.9.1 to 0.10.0

Release notes

Sourced from github.com/ebitengine/purego's releases.

v0.10.0

  • Add supported platforms (linux/386, linux/arm, linux/ppc64le, linux/riscv64, and linux/s390x)
  • Support structs on Linux (#236)
  • Fix some bugs
Commits
  • bb9b1f4 all: v0.10.0 released
  • 585a4c5 purego: add support for s390x (#413)
  • d685103 .github/workflows: reduce CI time for minor architectures (#417)
  • d8dcb88 return errno value on darwin amd64/arm64 (#416)
  • 587d406 .github/workflows: test against 1.26 and update patch versions (#414)
  • 1a5155f purego: extend struct argument support to Linux amd64/arm64 (#361)
  • 071d22a purego: add support for ppc64le (#408)
  • e8ef616 .github/workflows: Update Go version to 1.26.0-rc.3 (#409)
  • 2fe737a purego: add benchmarks for calling methods (#363)
  • 49bede1 purego: add support for linux/386 (#403)
  • Additional commits viewable in compare view

Updates github.com/shirou/gopsutil/v4 from 4.26.1 to 4.26.2

Release notes

Sourced from github.com/shirou/gopsutil/v4's releases.

v4.26.2

What's Changed

disk

host

process

Other Changes

New Contributors

Full Changelog: shirou/gopsutil@v4.26.1...v4.26.2

Commits
  • 33fab7d Merge pull request #2009 from shirou/dependabot/github_actions/actions/setup-...
  • 6320f9e Merge pull request #2007 from shirou/fix/fix_disk_mountinfo_parsing_bugs
  • a69a8e2 chore(deps): bump actions/setup-go from 6.2.0 to 6.3.0
  • 6a6e215 Merge pull request #2008 from shirou/dependabot/go_modules/github.com/ebiteng...
  • e140450 chore(deps): bump github.com/ebitengine/purego from 0.9.1 to 0.10.0
  • 2ef7eb7 [linux][disk]: fix disk mountinfo parsing bug
  • 962bfd8 Merge pull request #2000 from shirou/dependabot/go_modules/golang.org/x/sys-0...
  • 8de66e7 Merge pull request #2006 from shirou/fix/fix_gosec_lint
  • a927423 fix: ignore s390x golangci-lint due to becoming always fail
  • 4e9a8de [common][process]: fix gosec lint
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.50.0 to 0.51.0

Commits
  • 60b3f6f internal/http3: prevent Server handler from writing longer body than declared
  • b0ca456 internal/http3: fix Write in Server Handler returning the wrong value
  • 1558ba7 publicsuffix: update to 2026-02-06
  • 4e1c745 internal/http3: make Server response include headers that can be inferred
  • 19f580f http2: fix nil panic in typeFrameParser for unassigned frame types
  • 818aad7 internal/http3: add server to client trailer header support
  • c1bbe1a internal/http3: add client to server trailer header support
  • 29181b8 all: remove go1.25 and older build constraints
  • 8109305 all: upgrade go directive to at least 1.25.0 [generated]
  • 0b37bdf quic: don't run TestStreamsCreateConcurrency in synctest bubble
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the go-dev-dependencies group with 4 updates
9f9b1cb 
Bumps the go-dev-dependencies group with 4 updates: [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin), [github.com/ebitengine/purego](https://github.com/ebitengine/purego), [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) and [golang.org/x/net](https://github.com/golang/net).


Updates `github.com/gin-gonic/gin` from 1.11.0 to 1.12.0
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.11.0...v1.12.0)

Updates `github.com/ebitengine/purego` from 0.9.1 to 0.10.0
- [Release notes](https://github.com/ebitengine/purego/releases)
- [Commits](ebitengine/purego@v0.9.1...v0.10.0)

Updates `github.com/shirou/gopsutil/v4` from 4.26.1 to 4.26.2
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](shirou/gopsutil@v4.26.1...v4.26.2)

Updates `golang.org/x/net` from 0.50.0 to 0.51.0
- [Commits](golang/net@v0.50.0...v0.51.0)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: github.com/ebitengine/purego
  dependency-version: 0.10.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
- dependency-name: github.com/shirou/gopsutil/v4
  dependency-version: 4.26.2
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-dev-dependencies
- dependency-name: golang.org/x/net
  dependency-version: 0.51.0
  dependency-type: indirect
  update-type: version-update:semver-minor
  dependency-group: go-dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 2, 2026
@dependabot dependabot bot requested review from a team as code owners March 2, 2026 04:08
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 2, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 2, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 9f9b1cb.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

PackageVersionLicenseIssue Type
github.com/gin-gonic/gin1.12.0NullUnknown License
golang.org/x/net0.51.0NullUnknown License
github.com/shirou/gopsutil/v44.26.2NullUnknown License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, bzip2-1.0.6, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-only, GPL-3.0-or-later, GPL-3.0, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-3.0, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

PackageVersionScoreDetails
gomod/github.com/ebitengine/purego 0.10.0 🟢 5.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/gin-gonic/gin 1.12.0 UnknownUnknown
gomod/github.com/shirou/gopsutil/v4 4.26.2 🟢 7.8
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 8Found 8/10 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing🟢 10project is fuzzed
License🟢 9license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 5SAST tool is not run on all commits -- score normalized to 5
gomod/go.mongodb.org/mongo-driver/v2 2.5.0 UnknownUnknown
gomod/golang.org/x/net 0.51.0 UnknownUnknown

Scanned Files

  • go.mod

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 2, 2026

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 2, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.29%. Comparing base (76e8e70) to head (9f9b1cb).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #294   +/-   ##
=======================================
  Coverage   57.29%   57.29%           
=======================================
  Files          70       70           
  Lines        3939     3939           
=======================================
  Hits         2257     2257           
  Misses       1486     1486           
  Partials      196      196
Flag Coverage Δ
opensearch-tests 95.68% <ø> (ø)
postgres-tests 92.03% <ø> (ø)
unit-tests 51.90% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@llugin llugin merged commit a753feb into main Mar 4, 2026
13 checks passed
@llugin llugin deleted the dependabot/go_modules/go-dev-dependencies-44e2c5c2bc branch March 4, 2026 10:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@llugin llugin llugin approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@llugin