Skip to content

chore(deps): Bump the minor-and-patch group across 1 directory with 2 updates#25

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/minor-and-patch-eb91a9078b
Open

chore(deps): Bump the minor-and-patch group across 1 directory with 2 updates#25
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/minor-and-patch-eb91a9078b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 23, 2026
edited
Loading

Copy link
Copy Markdown

Bumps the minor-and-patch group with 2 updates in the / directory: github.com/a-h/templ and github.com/go-chi/chi/v5.

Updates github.com/a-h/templ from 0.3.1001 to 0.3.1020

Release notes

Sourced from github.com/a-h/templ's releases.

v0.3.1020

Changelog

  • 09d6b02 chore: bump version
  • a411f13 chore: fix linter warning in test code
  • 524cd39 feat: add -check flag, closes #1007 (#1373)
  • f3d595c feat: add Range to ExpressionAttribute nodes (#1347)
  • 82af17c feat: add Range to GoCode nodes (#1348)
  • cf98cdc feat: add Range to StringExpression nodes (#1349)
  • ff38cee feat: add ranges for attribute node values (#1383)
  • 552ed02 feat: support concurrent rendering of templ components (#1359)
  • b310a97 fix(generatecmd): check cmd.Start() error before inserting cmd in to running map (#1382)
  • 410a80e fix(lsp): delete $GOROOT hack in uri.File
  • 95a0854 fix: allow JSFuncCall on arbitrary HTML attributes (#1375)
  • e581c01 fix: attributes containing a conditional, are always multiline (#1380)
  • b2952ed fix: clear children context in Fragment.Render (#1360)
  • 8fecf2d fix: prevent corrupted output in watch mode with gzip, fixes #1365 (#1366)
  • 7adcb62 fix: show correct updates based on written Go files without watch (#1363)
  • aa493e0 fix: track Range for non-JavaScript ScriptExpression nodes (#1350)
  • d52d64e fix: use dedicated shadow host in Suspense example to ensure header is rendered (#1370)
  • 83176f9 fix: vulnerabilities in x/net (only affects templ watch mode and tests), fixes #1354
Commits
  • 09d6b02 chore: bump version
  • ff38cee feat: add ranges for attribute node values (#1383)
  • e581c01 fix: attributes containing a conditional, are always multiline (#1380)
  • b310a97 fix(generatecmd): check cmd.Start() error before inserting cmd in to `run...
  • 95a0854 fix: allow JSFuncCall on arbitrary HTML attributes (#1375)
  • 8fecf2d fix: prevent corrupted output in watch mode with gzip, fixes #1365 (#1366)
  • a411f13 chore: fix linter warning in test code
  • 524cd39 feat: add -check flag, closes #1007 (#1373)
  • d52d64e fix: use dedicated shadow host in Suspense example to ensure header is render...
  • 552ed02 feat: support concurrent rendering of templ components (#1359)
  • Additional commits viewable in compare view

Updates github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.3.0

What's Changed

New Contributors

SECURITY: middleware.ClientIP, a replacement for middleware.RealIP

@​VojtechVitek submitted PR #967, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:

It also addresses issues outlined at:

middleware.RealIP is deprecated in this PR with pointers to the new API.

The deprecation only adds a // Deprecated: doc comment; the function keeps working for backward compatibility.

Why a new middleware (not "fix RealIP in place")

RealIP has two unfixable design choices: it mutates r.RemoteAddr, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per adam-p's "The perils of the 'real' client IP" (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.

The new API

Four middlewares, two accessors. Pick exactly one middleware based on your infrastructure, read the result with one of the two accessors:

// One of the four. There is no safe default — pick exactly one.
func ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler
func ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler
func ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler
</tr></table>

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the minor-and-patch group across 1 directory with 2…
5c6c71a 
… updates

Bumps the minor-and-patch group with 2 updates in the / directory: [github.com/a-h/templ](https://github.com/a-h/templ) and [github.com/go-chi/chi/v5](https://github.com/go-chi/chi).


Updates `github.com/a-h/templ` from 0.3.1001 to 0.3.1020
- [Release notes](https://github.com/a-h/templ/releases)
- [Commits](a-h/templ@v0.3.1001...v0.3.1020)

Updates `github.com/go-chi/chi/v5` from 5.2.5 to 5.3.0
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](go-chi/chi@v5.2.5...v5.3.0)

---
updated-dependencies:
- dependency-name: github.com/a-h/templ
  dependency-version: 0.3.1020
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants