Skip to content

chore(deps): bump the go_modules group across 1 directory with 2 updates#2490

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/backend/go_modules-4ede58009b
Open

chore(deps): bump the go_modules group across 1 directory with 2 updates#2490
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/backend/go_modules-4ede58009b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown

Bumps the go_modules group with 2 updates in the /backend directory: github.com/go-chi/chi/v5 and golang.org/x/crypto.

Updates github.com/go-chi/chi/v5 from 5.1.0 to 5.2.4

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.2.3

What's Changed

New Contributors

Full Changelog: go-chi/chi@v5.2.2...v5.2.3

v5.2.2

What's Changed

Security fix

  • Fixes GHSA-vrw8-fxc6-2r93 - "Host Header Injection Leads to Open Redirect in RedirectSlashes" commit
    • a lower-severity Open Redirect that can't be exploited in browser or email client, as it requires manipulation of a Host header
    • reported by Anuraag Baishya, @​anuraagbaishya. Thank you!

New Contributors

Full Changelog: go-chi/chi@v5.2.1...v5.2.2

v5.2.1

⚠️ Chi supports Go 1.20+

... (truncated)

Commits
  • 6eb3588 middleware: harden RedirectSlashes handler (#1044)
  • de0d16e Update comment about min Go version (#1023)
  • 9fb4a15 update reverseMethodMap in RegisterMethod (#1022)
  • 51c977c Refactor to use atomic type (#1019)
  • 563ab11 Refactor graceful shutdown example (#994)
  • a52c582 Bump minimum Go and use new features (#1017)
  • 9b9fb55 Replace methodTypString func with reverseMethodMap (#1018)
  • 0265fcd refactor: iterative wildcard collapsing and add test for consecutive wildcard...
  • cf537d4 Optimize throttle middleware by avoiding unnecessary timer creation (#1011)
  • 9040e95 fix/608 - Fix flaky Throttle middleware test by synchronizing token usage (#1...
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 7, 2026
Bumps the go_modules group with 2 updates in the /backend directory: [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) and [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `github.com/go-chi/chi/v5` from 5.1.0 to 5.2.4
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](go-chi/chi@v5.1.0...v5.2.4)

Updates `golang.org/x/crypto` from 0.51.0 to 0.52.0
- [Commits](golang/crypto@v0.51.0...v0.52.0)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.2.4
  dependency-type: direct:production
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/backend/go_modules-4ede58009b branch from 4ac4a9d to 78bf00c Compare July 8, 2026 22:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants