chore(deps): bump the minor-and-patch group with 10 updates

[dependabot]

Bumps the minor-and-patch group with 10 updates:

Package	From	To
github.com/a-h/templ	0.3.1001	0.3.1020
github.com/go-webauthn/webauthn	0.15.0	0.17.4
github.com/xraph/warden	1.5.2	1.5.3
go.mongodb.org/mongo-driver/v2	2.5.0	2.6.0
golang.org/x/crypto	0.48.0	0.52.0
golang.org/x/oauth2	0.35.0	0.36.0
github.com/golang-jwt/jwt/v5	5.3.0	5.3.1
github.com/xraph/dispatch	1.4.0	1.5.1
github.com/xraph/ledger	1.4.0	1.5.1
github.com/xraph/vault	1.4.0	1.5.2

Updates github.com/a-h/templ from 0.3.1001 to 0.3.1020

Release notes

Sourced from github.com/a-h/templ's releases.

v0.3.1020

Changelog

• 09d6b02 chore: bump version
• a411f13 chore: fix linter warning in test code
• 524cd39 feat: add -check flag, closes #1007 (#1373)
• f3d595c feat: add Range to ExpressionAttribute nodes (#1347)
• 82af17c feat: add Range to GoCode nodes (#1348)
• cf98cdc feat: add Range to StringExpression nodes (#1349)
• ff38cee feat: add ranges for attribute node values (#1383)
• 552ed02 feat: support concurrent rendering of templ components (#1359)
• b310a97 fix(generatecmd): check cmd.Start() error before inserting cmd in to running map (#1382)
• 410a80e fix(lsp): delete $GOROOT hack in uri.File
• 95a0854 fix: allow JSFuncCall on arbitrary HTML attributes (#1375)
• e581c01 fix: attributes containing a conditional, are always multiline (#1380)
• b2952ed fix: clear children context in Fragment.Render (#1360)
• 8fecf2d fix: prevent corrupted output in watch mode with gzip, fixes #1365 (#1366)
• 7adcb62 fix: show correct updates based on written Go files without watch (#1363)
• aa493e0 fix: track Range for non-JavaScript ScriptExpression nodes (#1350)
• d52d64e fix: use dedicated shadow host in Suspense example to ensure header is rendered (#1370)
• 83176f9 fix: vulnerabilities in x/net (only affects templ watch mode and tests), fixes #1354

Commits

• 09d6b02 chore: bump version
• ff38cee feat: add ranges for attribute node values (#1383)
• e581c01 fix: attributes containing a conditional, are always multiline (#1380)
• b310a97 fix(generatecmd): check cmd.Start() error before inserting cmd in to `run...
• 95a0854 fix: allow JSFuncCall on arbitrary HTML attributes (#1375)
• 8fecf2d fix: prevent corrupted output in watch mode with gzip, fixes #1365 (#1366)
• a411f13 chore: fix linter warning in test code
• 524cd39 feat: add -check flag, closes #1007 (#1373)
• d52d64e fix: use dedicated shadow host in Suspense example to ensure header is render...
• 552ed02 feat: support concurrent rendering of templ components (#1359)
• Additional commits viewable in compare view

Updates github.com/go-webauthn/webauthn from 0.15.0 to 0.17.4

Release notes

Sourced from github.com/go-webauthn/webauthn's releases.

v0.17.4

v0.17.4 (2026-05-22)

Dependency Updates

This release just contains updates to dependencies.

v0.17.3

v0.17.3 (2026-05-09)

Dependency Updates

This release just contains updates to dependencies.

v0.17.2

v0.17.2 (2026-05-03)

Bug Fixes

• webauthn: include verify attestation func for credential (#679) (1f354c8)

v0.17.1

0.17.1 (2026-05-03)

Bug Fixes

• protocol: remove unnecessary guard (#675) (1e07db1)
• webauthn: minimized encoding outputs (#670) (3847681)

v0.17.0

0.17.0 (2026-04-21)

• fix!: split attestation type and format (#658) (3c1e870), closes #658 #476
• feat!: tighten cross-origin defaults (#647) (80cc224), closes #647

Bug Fixes

• protocol: short-circuit apple attestation extension lookup (#664) (5296bc7)

Features

• webauthn: add authenticator registration filtering (#668) (0be632e)
• webauthn: credential message pack (#660) (c7d933c)

... (truncated)

Changelog

Sourced from github.com/go-webauthn/webauthn's changelog.

v0.17.4 (2026-05-22)

Dependency Updates

This release just contains updates to dependencies.

v0.17.3 (2026-05-09)

Dependency Updates

This release just contains updates to dependencies.

v0.17.2 (2026-05-03)

Bug Fixes

• webauthn: include verify attestation func for credential (#679) (1f354c8)

0.17.1 (2026-05-03)

Bug Fixes

• protocol: remove unnecessary guard (#675) (1e07db1)
• webauthn: minimized encoding outputs (#670) (3847681)

0.17.0 (2026-04-21)

• fix!: split attestation type and format (#658) (3c1e870), closes #658 #476
• feat!: tighten cross-origin defaults (#647) (80cc224), closes #647

Bug Fixes

• protocol: short-circuit apple attestation extension lookup (#664) (5296bc7)

Features

• webauthn: add authenticator registration filtering (#668) (0be632e)
• webauthn: credential message pack (#660) (c7d933c)

BREAKING CHANGES

• A bug with the Credential Record which was introduced early in the libraries lifecycle has resulted in a breaking change to the Credential struct. If you are manually

... (truncated)

Commits

• bc5e90d release: v0.17.4 (#695)
• eaeedc6 build(deps): update module github.com/go-webauthn/x to v0.2.6 (#694)
• d41c63d build(deps): update step-security/harden-runner action to v2.19.4 (#693)
• 5eb52ec build(deps): update codecov/codecov-action action to v6.0.1 (#692)
• b9202d1 build(deps): update step-security/harden-runner action to v2.19.3 (#690)
• 6b95913 build(deps): update github/codeql-action action to v4.35.5 (#691)
• 7aca952 build(deps): update step-security/harden-runner action to v2.19.2 (#689)
• a0459c6 ci: apply zizmor recommendations (#688)
• ff07f7c release: v0.17.3 (#687)
• 85b47be build(deps): update module github.com/go-webauthn/x to v0.2.5 (#685)
• Additional commits viewable in compare view

Updates github.com/xraph/warden from 1.5.2 to 1.5.3

Release notes

Sourced from github.com/xraph/warden's releases.

v1.5.3

Warden v1.5.3 (2026-06-02T19:28:30Z)

Composable RBAC + ABAC + ReBAC + PBAC for Go, with a declarative .warden config language and language server in the box.

Changelog

New Features

• 6c1dd017961a8828ad3c9a58bbffd1ec428502db: feat(rebac): cascade relation lookups across ancestor namespaces (@​juicycleff)

Bug Fixes

• d83a86674c1276c3068baee0d740c5fc1a130944: fix(store): make namespace-filtered Check() queries work on SQL backends (@​juicycleff)

Installation

Using go install

go install github.com/xraph/warden/cmd/warden@v1.5.3
go install github.com/xraph/warden/cmd/warden-lsp@v1.5.3

Pre-built binaries

Download the appropriate archive for your platform from the assets below. Each archive contains both warden and warden-lsp.

Verify checksums:

shasum -a 256 -c checksums.txt

VS Code extension

The companion VS Code extension is published as xraph.vscode-warden and released on its own vscode-warden/v*.*.* tag schedule. See the extension README.

What's Changed

Full changelog: xraph/warden@v1.5.2...v1.5.3

Commits

• dbd164c chore: drop unused nolint:gosec directive (CI golangci-lint v2.12.2)
• a3d0e66 chore: satisfy golangci-lint (gocritic, gosec, unparam)
• 6c1dd01 feat(rebac): cascade relation lookups across ancestor namespaces
• d83a866 fix(store): make namespace-filtered Check() queries work on SQL backends
• See full diff in compare view

Updates go.mongodb.org/mongo-driver/v2 from 2.5.0 to 2.6.0

Release notes

Sourced from go.mongodb.org/mongo-driver/v2's releases.

MongoDB Go Driver 2.6.0

The MongoDB Go Driver Team is pleased to release version 2.6.0 of the official MongoDB Go Driver.

Release Highlights

[!IMPORTANT] Go Driver v2.6 will be the last minor version to support MongoDB 4.2. Go Driver v2.7 will require MongoDB 4.4 or newer.

This release adds support for MongoDB's Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability.

Two new methods of ClientOptions are available:

• SetMaxAdaptiveRetries - specifies the maximum number of times the driver should retry operations that fail with a server side overload error. If not invoked, the default is 2. MaxAdaptiveRetries can also be set through the "maxAdaptiveRetries" URI option (e.g. "maxAdaptiveRetries=5").
• SetEnableOverloadRetargeting - specifies whether the driver should enable overload retargeting for operations that fail with a server side overload error. If not invoked, the default is false. EnableOverloadRetargeting can also be set through the "enableOverloadRetargeting" URI option (e.g. "enableOverloadRetargeting=true").

What's Changed

✨ New Features

• GODRIVER-3734 Add TransactionRunning to Session API by @​prestonvasquez in mongodb/mongo-go-driver#2309
• GODRIVER-3719: Expand server deprioritization to all topologies by @​RafaelCenzano in mongodb/mongo-go-driver#2292
• GODRIVER-3647 Add backoff for transaction retry. by @​qingyang-hu in mongodb/mongo-go-driver#2327
• GODRIVER-3646 Implement backpressure error labels for connection establishment by @​tadjik1 in mongodb/mongo-go-driver#2330
• GODRIVER-3822 Server selection deprioritization only for overload errors on replica sets. by @​qingyang-hu in mongodb/mongo-go-driver#2341
• GODRIVER-3658 Implement backpressure retry logic. by @​qingyang-hu in mongodb/mongo-go-driver#2353
• GODRIVER-3810 Update WithTransaction to raise timeout error. by @​qingyang-hu in mongodb/mongo-go-driver#2344
• GODRIVER-3844 Add maxAdaptiveRetries and enableOverloadRetargeting options for backpressure. by @​qingyang-hu in mongodb/mongo-go-driver#2363
• GODRIVER-3778 Add code examples for non-backpressure drivers handling backpressure errors. by @​qingyang-hu in mongodb/mongo-go-driver#2338

Full Changelog: mongodb/mongo-go-driver@v2.5.1...v2.6.0

For a full list of tickets included in this release, please see the list of fixed issues.

Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!

MongoDB Go Driver 2.5.1

The MongoDB Go Driver Team is pleased to release version 2.5.1 of the official MongoDB Go Driver.

Release Highlights

This release fixes two BSON unmarshaling edge cases.

What's Changed

🐛 Fixed

• GODRIVER-3768 Check unmatched type in Unmarshal(). by @​qingyang-hu in mongodb/mongo-go-driver#2318
• GODRIVER-3809 Fix *streamingByteSrc.readSlice(). by @​qingyang-hu in mongodb/mongo-go-driver#2326

... (truncated)

Commits

• fd85a83 BUMP v2.6.0
• 52b385d GODRIVER-3829 Cleanup skip list. (#2369)
• 71375d7 Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.1...
• 65f4e94 GODRIVER-3870 Use a generic type parameter for retry func in overload code ex...
• 00ab776 GODRIVER-3849 Update backpressure errors handling examples. (#2365)
• fa56c25 Bump github/codeql-action from 4.35.1 to 4.35.2 in the actions group (#2367)
• 4ee727e GODRIVER-3844 Add maxAdaptiveRetries and enableOverloadRetargeting option...
• 881269a GODRIVER-3810 Update WithTransaction to raise timeout error. (#2344)
• c1d47f7 Bump actions/upload-artifact from 7.0.0 to 7.0.1 in the actions group (#2361)
• 9a15470 GODRIVER-3658 Implement backpressure retry logic. (#2353)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.52.0

Commits

• a1c0d99 go.mod: update golang.org/x dependencies
• 3c7c869 ssh: fix deadlock on unexpected channel responses
• 533fb3f ssh: fix source-address critical option bypass
• abbc44d ssh: fix incorrect operator order
• e052873 ssh: fix infinite loop on large channel writes due to integer overflow
• b61cf85 ssh: enforce user presence verification for security keys
• 9c2cd33 ssh: enforce strict limits on DSA key parameters
• 8907318 ssh: reject RSA keys with excessively large moduli
• ffd87b4 ssh: fix panic when authority callbacks are nil
• 4e7a738 ssh: fix deadlock on unexpected global responses
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.35.0 to 0.36.0

Commits

• 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
• See full diff in compare view

Updates github.com/golang-jwt/jwt/v5 from 5.3.0 to 5.3.1

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.3.1

What's Changed

🔐 Features

• Add spellcheck Github action to catch common spelling mistakes by @​equalsgibson in golang-jwt/jwt#458
• Add WithNotBeforeRequired parser option and add test coverage by @​equalsgibson in golang-jwt/jwt#456
• Update godoc example func to properly refer to NewWithClaims() by @​equalsgibson in golang-jwt/jwt#459
• Update github workflows by @​mfridman in golang-jwt/jwt#462
• Additional test for CustomClaims that validates unmarshalling behaviour by @​equalsgibson in golang-jwt/jwt#457
• Fix early file close in jwt cli by @​mfridman in golang-jwt/jwt#472
• Add TPM signature reference by @​salrashid123 in golang-jwt/jwt#473
• Remove misleading ParserOptions documentation in golang-jwt/jwt#484
• Save signature to Token struct after successful signing by @​EgorSheff in golang-jwt/jwt#417
• Set token.Signature in ParseUnverified by @​slickwilli in golang-jwt/jwt#414

👒 Dependencies

• Bump crate-ci/typos from 1.34.0 to 1.35.3 by @​dependabot[bot] in golang-jwt/jwt#461
• Bump crate-ci/typos from 1.35.4 to 1.36.2 by @​dependabot[bot] in golang-jwt/jwt#470
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in golang-jwt/jwt#478
• Bump crate-ci/typos from 1.36.2 to 1.39.0 by @​dependabot[bot] in golang-jwt/jwt#480
• Bump golangci/golangci-lint-action from 8 to 9 by @​dependabot[bot] in golang-jwt/jwt#481
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#469
• Bump crate-ci/typos from 1.39.0 to 1.40.0 by @​dependabot[bot] in golang-jwt/jwt#488
• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in golang-jwt/jwt#487
• Bump crate-ci/typos from 1.40.0 to 1.41.0 by @​dependabot[bot] in golang-jwt/jwt#490
• Bump crate-ci/typos from 1.41.0 to 1.42.1 by @​dependabot[bot] in golang-jwt/jwt#492

New Contributors

• @​equalsgibson made their first contribution in golang-jwt/jwt#458
• @​salrashid123 made their first contribution in golang-jwt/jwt#473
• @​EgorSheff made their first contribution in golang-jwt/jwt#417
• @​slickwilli made their first contribution in golang-jwt/jwt#414

Full Changelog: golang-jwt/jwt@v5.3.0...v5.3.1

Commits

• 7ceae61 Add release.yml for changelog configuration
• dce8e4d Set token.Signature in ParseUnverified (#414)
• 8889e20 Save signature to Token struct after successful signing (#417)
• d237f82 ci: update github-actions schedule interval to monthly
• d8dce95 Bump crate-ci/typos from 1.41.0 to 1.42.1 (#492)
• e931803 Bump crate-ci/typos from 1.40.0 to 1.41.0 (#490)
• e6a0afa Bump actions/checkout from 5 to 6 (#487)
• 9f85c9e Bump crate-ci/typos from 1.39.0 to 1.40.0 (#488)
• 60a8669 Bump actions/setup-go from 5 to 6 (#469)
• 76f5828 Remove misleading ParserOptions documentation (#484)
• Additional commits viewable in compare view

Updates github.com/xraph/dispatch from 1.4.0 to 1.5.1

Release notes

Sourced from github.com/xraph/dispatch's releases.

v1.5.1

Changes

• build(deps): update Go version to 1.26 in CI configuration (1825a16)
• chore: update Go version to 1.26 in CI configuration (bf27b81)
• chore: update dependencies for xraph/forge and xraph/grove to v1.6.4 and v1.5.2 respectively (226c28f)
• feat: implement DeleteStaleWorkers method to clean up outdated worker entries (0e37c20)
• feat: add configurable timeouts for worker and cron operations (cf38109)

---

Installation

go get github.com/xraph/dispatch@v1.5.1

Full Changelog: xraph/dispatch@v1.5.0...v1.5.1

v1.5.0

Changes

• refactor: enhance scheduler and worker pool with context cancellation support (6d06398)

---

Installation

go get github.com/xraph/dispatch@v1.5.0

Full Changelog: xraph/dispatch@v1.4.2...v1.5.0

v1.4.2

Changes

• refactor: update logger initialization and dashboard base path (c91b7ee)

---

Installation

go get github.com/xraph/dispatch@v1.4.2

... (truncated)

Commits

• 1825a16 build(deps): update Go version to 1.26 in CI configuration
• bf27b81 chore: update Go version to 1.26 in CI configuration
• 226c28f chore: update dependencies for xraph/forge and xraph/grove to v1.6.4 and v1.5...
• 0e37c20 feat: implement DeleteStaleWorkers method to clean up outdated worker entries
• cf38109 feat: add configurable timeouts for worker and cron operations
• 6d06398 refactor: enhance scheduler and worker pool with context cancellation support
• c91b7ee refactor: update logger initialization and dashboard base path
• 9e6e530 chore: update grove and its drivers to v1.4.1 in go.mod and go.sum
• See full diff in compare view

Updates github.com/xraph/ledger from 1.4.0 to 1.5.1

Release notes

Sourced from github.com/xraph/ledger's releases.

v1.5.1

Changes

• chore: update dependencies for forge to version 1.6.4 and grove to version 1.5.2 (e52e7b1)

---

Installation

go get github.com/xraph/ledger@v1.5.1

Full Changelog: xraph/ledger@v1.5.0...v1.5.1

v1.5.0

Changes

• chore: update dependencies for forge to version 1.6.0 and grove to version 1.5.1 (85439cb)

---

Installation

go get github.com/xraph/ledger@v1.5.0

Full Changelog: xraph/ledger@v1.4.2...v1.5.0

v1.4.2

Changes

• chore: update dependencies for forge to version 1.4.5 and grove to version 1.4.3 (dc747a5)

---

Installation

go get github.com/xraph/ledger@v1.4.2

Full Changelog: xraph/ledger@v1.4.1...v1.4.2

v1.4.1

Changes

... (truncated)

Commits

• e52e7b1 chore: update dependencies for forge to version 1.6.4 and grove to version 1.5.2
• 85439cb chore: update dependencies for forge to version 1.6.0 and grove to version 1.5.1
• dc747a5 chore: update dependencies for forge to version 1.4.5 and grove to version 1.4.3
• a87d3e4 chore: update dependencies for forge and grove to version 1.4.1 and confy to ...
• See full diff in compare view

Updates github.com/xraph/vault from 1.4.0 to 1.5.2

Release notes

Sourced from github.com/xraph/vault's releases.

v1.5.2

Changes

• fix: update forge and grove dependencies to latest versions for improved functionality (42b0d5c)
• fix: refactor watchLoop to use a stop channel for improved control over polling (ba38a48)
• feat: add initial README with project overview, features, installation, and usage examples (ea3545f)

---

Installation

go get github.com/xraph/vault@v1.5.2

Full Changelog: xraph/vault@v1.5.0...v1.5.2

v1.4.1

Changes

• fix: update forge and grove dependencies to version 1.4.1 and confy to version 0.5.0 (d67bed7)

---

Installation

go get github.com/xraph/vault@v1.4.1

Full Changelog: xraph/vault@v1.4.0...v1.4.1

Commits

• 42b0d5c fix: update forge and grove dependencies to latest versions for improved func...
• ba38a48 fix: refactor watchLoop to use a stop channel for improved control over polling
• ea3545f feat: add initial README with project overview, features, installation, and u...
• d344f36 feat: integrate vault with confy for config and secrets management
• 7000337 Refactor import statements in multiple template files for consistency and cla...
• d67bed7 fix: update forge and grove dependencies to version 1.4.1 and confy to versio...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
authsome	Ready	Preview, Comment	Jun 3, 2026 2:05am