chore(deps): bump github.com/valyala/fasthttp from 1.65.0 to 1.68.0 in the networking group by dependabot[bot] · Pull Request #72 · archmagece-backyard/proxynd

dependabot · 2025-10-27T00:44:41Z

Bumps the networking group with 1 update: github.com/valyala/fasthttp.

Updates github.com/valyala/fasthttp from 1.65.0 to 1.68.0

Release notes

Sourced from github.com/valyala/fasthttp's releases.

v1.68.0

What's Changed

Fix named return bugs by @erikdubbelboer in valyala/fasthttp@1b8c559

chore(deps): bump golang.org/x/sys from 0.36.0 to 0.37.0 by @dependabot[bot] in valyala/fasthttp#2087

chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 by @dependabot[bot] in valyala/fasthttp#2086

chore(deps): bump golang.org/x/net from 0.45.0 to 0.46.0 by @dependabot[bot] in valyala/fasthttp#2085

chore(deps): bump securego/gosec from 2.22.9 to 2.22.10 by @dependabot[bot] in valyala/fasthttp#2088

chore(deps): bump github.com/klauspost/compress from 1.18.0 to 1.18.1 by @dependabot[bot] in valyala/fasthttp#2089

Full Changelog: valyala/fasthttp@v1.67.0...v1.68.0

v1.67.0

Special thanks to the following security researchers who reported the issues fixed in this release:

@zer0yu (Enze Wang)

@P3ngu1nW (Jingcheng Yang)

@9vvert (Zehui Miao)

What's Changed

Add DNS cache management methods for TCPDialer by @aabishkaryal in valyala/fasthttp#2072

Fix username:password@ validation in urls by @erikdubbelboer in valyala/fasthttp#2080

Validate IPv6 addresses in urls by @erikdubbelboer in valyala/fasthttp#2079

Validate schemes by @erikdubbelboer in valyala/fasthttp#2078

Reject invalid hosts with multiple port delimiters by @erikdubbelboer in valyala/fasthttp#2077

Reject backslash absolute URIs and cache parse errors by @erikdubbelboer in valyala/fasthttp#2075

Reject bad ipv6 hostnames by @erikdubbelboer in valyala/fasthttp#2076

Reimplement flushing support for fasthttpadaptor by @erikdubbelboer in valyala/fasthttp#2081

chore(deps): bump securego/gosec from 2.22.8 to 2.22.9 by @dependabot[bot] in valyala/fasthttp#2073

New Contributors

@aabishkaryal made their first contribution in valyala/fasthttp#2072

Full Changelog: valyala/fasthttp@v1.66.0...v1.67.0

v1.66.0

What's Changed

chore(deps): bump securego/gosec from 2.22.7 to 2.22.8 by @dependabot[bot] in valyala/fasthttp#2056

docs: add fasthttp-auth to related projects section by @FAUST-BENCHOU in valyala/fasthttp#2057

server: refactor to use atomic type by @cuiweixie in valyala/fasthttp#2058

chore(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in valyala/fasthttp#2060

Fix extra whitespace parsing in HTTP request lines to prevent cache poisoning by @Copilot in valyala/fasthttp#2061

Drop Go 1.23 support by @erikdubbelboer in valyala/fasthttp#2065

Add flushing support to fasthttpadaptor by @grivera64 in valyala/fasthttp#2054

New Contributors

@FAUST-BENCHOU made their first contribution in valyala/fasthttp#2057

@cuiweixie made their first contribution in valyala/fasthttp#2058

@Copilot made their first contribution in valyala/fasthttp#2061 😄

@grivera64 made their first contribution in valyala/fasthttp#2054

... (truncated)

Commits

1b8c559 Fix named return bugs
9ca6293 chore(deps): bump github.com/klauspost/compress from 1.18.0 to 1.18.1 (#2089)
77468f6 chore(deps): bump securego/gosec from 2.22.9 to 2.22.10 (#2088)
3a2fdec chore(deps): bump golang.org/x/net from 0.45.0 to 0.46.0 (#2085)
59f58c0 chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 (#2086)
dbfb82a chore(deps): bump golang.org/x/sys from 0.36.0 to 0.37.0 (#2087)
b26ff48 chore(deps): bump golang.org/x/net from 0.44.0 to 0.45.0 (#2084)
1962450 Fix copyTrailer
2272d53 Reimplement flushing support for fasthttpadaptor (#2081)
a17ec74 Reject bad ipv6 hostnames (#2076)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the networking group with 1 update: [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp). Updates `github.com/valyala/fasthttp` from 1.65.0 to 1.68.0 - [Release notes](https://github.com/valyala/fasthttp/releases) - [Commits](valyala/fasthttp@v1.65.0...v1.68.0) --- updated-dependencies: - dependency-name: github.com/valyala/fasthttp dependency-version: 1.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: networking ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-10-27T00:44:42Z

Assignees

The following users could not be added as assignees: security-team. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: dependencies, go, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

dependabot · 2025-10-29T04:13:59Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

archmagece closed this Oct 29, 2025

dependabot Bot deleted the dependabot-go_modules-networking-1dcdeba17c branch October 29, 2025 04:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump github.com/valyala/fasthttp from 1.65.0 to 1.68.0 in the networking group#72

chore(deps): bump github.com/valyala/fasthttp from 1.65.0 to 1.68.0 in the networking group#72
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot-go_modules-networking-1dcdeba17c

dependabot Bot commented on behalf of github Oct 27, 2025

Uh oh!

dependabot Bot commented on behalf of github Oct 27, 2025

Uh oh!

dependabot Bot commented on behalf of github Oct 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Oct 27, 2025

v1.68.0

What's Changed

v1.67.0

What's Changed

New Contributors

v1.66.0

What's Changed

New Contributors

Uh oh!

dependabot Bot commented on behalf of github Oct 27, 2025

Assignees

Labels

Uh oh!

dependabot Bot commented on behalf of github Oct 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant