Skip to content

chore(deps): bump the go-minor-and-patch group in /frontend with 2 updates#89

Merged
strausmann merged 1 commit into
mainfrom
dependabot/go_modules/frontend/go-minor-and-patch-ed9b32deb0
May 18, 2026
Merged

chore(deps): bump the go-minor-and-patch group in /frontend with 2 updates#89
strausmann merged 1 commit into
mainfrom
dependabot/go_modules/frontend/go-minor-and-patch-ed9b32deb0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Bumps the go-minor-and-patch group in /frontend with 2 updates: github.com/go-chi/chi/v5 and golang.org/x/sync.

Updates github.com/go-chi/chi/v5 from 5.2.2 to 5.2.5

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.2.5

What's Changed

New Contributors

Full Changelog: go-chi/chi@v5.2.3...v5.2.5

v5.2.3

What's Changed

New Contributors

Full Changelog: go-chi/chi@v5.2.2...v5.2.3

Commits
  • 05f1ef7 fix(middleware): add missing return in RouteHeaders empty check (#1045)
  • 6eb3588 middleware: harden RedirectSlashes handler (#1044)
  • de0d16e Update comment about min Go version (#1023)
  • 9fb4a15 update reverseMethodMap in RegisterMethod (#1022)
  • 51c977c Refactor to use atomic type (#1019)
  • 563ab11 Refactor graceful shutdown example (#994)
  • a52c582 Bump minimum Go and use new features (#1017)
  • 9b9fb55 Replace methodTypString func with reverseMethodMap (#1018)
  • 0265fcd refactor: iterative wildcard collapsing and add test for consecutive wildcard...
  • cf537d4 Optimize throttle middleware by avoiding unnecessary timer creation (#1011)
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.19.0 to 0.20.0

Commits
  • ec11c4a errgroup: fix a typo in the documentation
  • 1a58307 all: modernize interface{} -> any
  • 3172ca5 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the go-minor-and-patch group
b965bab 
Bumps the go-minor-and-patch group in /frontend with 2 updates: [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) and [golang.org/x/sync](https://github.com/golang/sync).


Updates `github.com/go-chi/chi/v5` from 5.2.2 to 5.2.5
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](go-chi/chi@v5.2.2...v5.2.5)

Updates `golang.org/x/sync` from 0.19.0 to 0.20.0
- [Commits](golang/sync@v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-version: 5.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-and-patch
- dependency-name: golang.org/x/sync
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Go dependencies labels May 18, 2026
@dependabot dependabot Bot requested a review from strausmann as a code owner May 18, 2026 05:32
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Go dependencies labels May 18, 2026
@strausmann strausmann merged commit d6ba346 into main May 18, 2026
13 of 16 checks passed
@strausmann strausmann deleted the dependabot/go_modules/frontend/go-minor-and-patch-ed9b32deb0 branch May 18, 2026 07:05
strausmann added a commit that referenced this pull request May 18, 2026
@strausmann
fix(ci): bump frontend Dockerfile to golang:1.25-alpine
562f7c9 
Dependabot PR #89 bumped frontend/go.mod to `go 1.25.0`, but the
Dockerfile builder image was still `golang:1.24-alpine`, breaking
the Docker publish workflow on every PR:

  go: go.mod requires go >= 1.25.0 (running go 1.24.13; GOTOOLCHAIN=local)

Bump the builder image to `golang:1.25-alpine` so it matches the
toolchain version declared in go.mod.

Refs #22
strausmann added a commit that referenced this pull request May 18, 2026
@strausmann
fix(ui): preview-PNG data-URL must use template.URL type (#90)
0f84976 
* fix(ui): preview-PNG data-URL must use template.URL type

Go html/template escapes "data:image/png;base64,..." in src= attributes
to "#ZgotmplZ" by default as a security guard against `data:text/html`
XSS vectors. PreviewURI was typed `string` in TemplateDetailData, so
the rendered Template-Detail-Page showed the escape marker instead of
the actual preview PNG.

Wrap the URI value in `template.URL` to mark it as already-safe. The
type is preserved through assignment so both the placeholder SVG path
and the data-URL flow correctly.

Regression test asserts the rendered body contains the data-URL prefix
AND does NOT contain the ZgotmplZ marker. Stub template extended to
render <img src="{{ .PreviewURI }}"> so the test catches the bug.

Closes #87
Refs #22

* fix(ci): bump frontend Dockerfile to golang:1.25-alpine

Dependabot PR #89 bumped frontend/go.mod to `go 1.25.0`, but the
Dockerfile builder image was still `golang:1.24-alpine`, breaking
the Docker publish workflow on every PR:

  go: go.mod requires go >= 1.25.0 (running go 1.24.13; GOTOOLCHAIN=local)

Bump the builder image to `golang:1.25-alpine` so it matches the
toolchain version declared in go.mod.

Refs #22
github-actions Bot pushed a commit that referenced this pull request May 19, 2026
@semantic-release-bot
chore(release): 0.6.1
3d097a1 
## <small>0.6.1 (2026-05-19)</small>

* fix(ui): preview-PNG data-URL must use template.URL type (#90) ([0f84976](0f84976)), closes [#90](#90) [#87](#87) [#22](#22) [#89](#89) [#22](#22)
* docs(api): Phase 7c API-Auth design — 3-scope keys + rate-limit + /admin/api-keys UI (#85) ([8792e84](8792e84)), closes [#85](#85) [#22](#22) [#78](#78) [#85](#85) [#22](#22) [#79](#79) [#22](#22)
* docs(api): Phase 7e Template Layout System v2 — semantic schema + aggregation (#86) ([0bab0c0](0bab0c0)), closes [#86](#86) [#22](#22) [#81](#81) [#22](#22)
* chore(deps): bump the go-minor-and-patch group (#89) ([d6ba346](d6ba346)), closes [#89](#89)

[skip ci]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@strausmann strausmann Awaiting requested review from strausmann strausmann is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Go dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@strausmann