Skip to content

deps(deps): bump the gomod-minor-and-patch group with 10 updates#5

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-minor-and-patch-6f248726cd
Open

deps(deps): bump the gomod-minor-and-patch group with 10 updates#5
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/gomod-minor-and-patch-6f248726cd

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 7, 2026

Bumps the gomod-minor-and-patch group with 10 updates:

Package From To
github.com/aws/aws-lambda-go 1.47.0 1.54.0
github.com/gin-gonic/gin 1.10.0 1.12.0
github.com/labstack/echo/v4 4.12.0 4.15.2
github.com/samber/lo 1.46.0 1.53.0
github.com/stretchr/testify 1.10.0 1.11.1
github.com/swaggo/echo-swagger 1.4.1 1.5.2
github.com/swaggo/gin-swagger 1.6.0 1.6.1
github.com/vektra/mockery/v2 2.53.5 2.53.6
golang.org/x/sync 0.17.0 0.20.0
mvdan.cc/gofumpt 0.9.2 0.10.0

Updates github.com/aws/aws-lambda-go from 1.47.0 to 1.54.0

Release notes

Sourced from github.com/aws/aws-lambda-go's releases.

v1.54.0

What's Changed

New Contributors

Full Changelog: aws/aws-lambda-go@v1.54.0...v1.53.0

v1.53.0

What's Changed

New Contributors

Full Changelog: aws/aws-lambda-go@v1.53.0...v1.52.0

v1.52.0

What's Changed

New Contributors

Full Changelog: aws/aws-lambda-go@v1.51.2...v1.52.0

v1.51.2

What's Changed

New Contributors

Full Changelog: aws/aws-lambda-go@v1.51.1...v1.51.2

v1.51.1

What's Changed

Full Changelog: aws/aws-lambda-go@v1.51.0...v1.51.1

v1.51.0

What's Changed

... (truncated)

Commits
  • ca19f6f Allow ClientContext.Custom unmarshaling for non-string (JSON) values (#620)
  • 9c32960 Merge pull request #619 from maximrub/inbound-federation
  • ebe38d9 add support for Cognito Inbound federation Lambda trigger
  • 71624ac Fix spelling typos (#616)
  • 33e4dc3 Update workflows for go 1.26 (#617)
  • e1cb461 Merge pull request #612 from yhamano0312/feat/add-s3-event-fields
  • a66ce2d Merge branch 'main' into feat/add-s3-event-fields
  • 9dac8a5 Add structured logging helper (#614)
  • 6252f73 fix: always return PhysicalResourceID for CFn CustomResources (#613)
  • be52e48 feat: add lifecycle event data structure and corresponding test for S3 events
  • Additional commits viewable in compare view

Updates github.com/gin-gonic/gin from 1.10.0 to 1.12.0

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.12.0

Changelog

Features

  • 192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) (@​takanuva15)
  • 53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) (@​raju-mechatronics)
  • acc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (#4423) (@​1911860538)
  • 38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (@​Spyder01)
  • 771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (#4420) (@​ldesauw)
  • 4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (#4146) (@​wsyqn6)
  • d7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (#4145) (@​laurentcau)

Bug fixes

  • b917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (#2169) (@​guonaihong)
  • c3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (#4380) (@​1911860538)
  • 9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) (@​Nurysso)
  • 2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (#4403) (@​zeek0x)
  • c3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (#4422) (@​1911860538)
  • 5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (#4415) (@​pawannn)
  • 63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (#4336) (@​MondayCha)
  • 5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (#4206) (@​dengaleev)
  • 234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (#4373) (@​appleboy)
  • 472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535) (@​veeceey)
  • 8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (#4511) (@​mahanadh)

Enhancements

  • ba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) (@​BobDu)
  • b2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (#3359) (@​WeidiDeng)
  • ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) (@​appleboy)
  • af6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
  • db309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (#4547) (@​USA-RedDragon)
  • 26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when http.Flusher (#4479) (@​Twacqwq)
  • 5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (#4388) (@​appleboy)

Refactor

  • 39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (#4352) (@​russcoss)
  • c0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (#4395) (@​wanghaolong613)
  • 915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (#4481) (@​pauloappbr)
  • 414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (#4333) (@​cuiweixie)
  • 59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (#4314) (@​1911860538)
  • 3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (#4142) (@​zeek0x)
  • d1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (#4467) (@​zeek0x)
  • e3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (#4392) (@​wanghaolong613)
  • 488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) (@​veeceey)
  • 9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (#4389) (@​reddaisyy)
  • a85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (#4432) (@​efcking)

Build process updates

  • 61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (#4367) (@​appleboy)
  • fb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (#4436) (@​appleboy)
  • 93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (#4437) (@​appleboy)
  • e88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) (@​appleboy)
  • 5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (#4421) (@​appleboy)
  • 00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (#4531) (@​appleboy)
  • ae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (#4550) (@​appleboy)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.12.0

Features

  • feat(render): add bson protocol (#4145)
  • feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502)
  • feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203)
  • feat(gin): add option to use escaped path (#4420)
  • feat(context): add Protocol Buffers support to content negotiation (#4423)
  • feat(context): implemented Delete method (#38e7651)
  • feat(logger): color latency (#4146)

Enhancements

  • perf(tree): reduce allocations in findCaseInsensitivePath (#4417)
  • perf(recovery): optimize line reading in stack function (#4466)
  • perf(path): replace regex with custom functions in redirectTrailingSlash (#4414)
  • perf(tree): optimize path parsing using strings.Count (#4246)
  • chore(logger): allow skipping query string output (#4547)
  • chore(context): always trust xff headers from unix socket (#3359)
  • chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#4479)
  • refactor(recovery): smart error comparison (#4142)
  • refactor(context): replace hardcoded localhost IPs with constants (#4481)
  • refactor(utils): move util functions to utils.go (#4467)
  • refactor(binding): use maps.Copy for cleaner map handling (#4352)
  • refactor(context): using maps.Clone (#4333)
  • refactor(ginS): use sync.OnceValue to simplify engine function (#4314)
  • refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529)
  • refactor: for loop can be modernized using range over int (#4392)

Bug Fixes

  • fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
  • fix(render): write content length in Data.Render (#4206)
  • fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472)
  • fix(binding): empty value error (#2169)
  • fix(recover): suppress http.ErrAbortHandler in recover (#4336)
  • fix(gin): literal colon routes not working with engine.Handler() (#4415)
  • fix(gin): close os.File in RunFd to prevent resource leak (#4422)
  • fix(response): refine hijack behavior for response lifecycle (#4373)
  • fix(binding): improve empty slice/array handling in form binding (#4380)
  • fix(debug): version mismatch (#4403)
  • fix: correct typos, improve documentation clarity, and remove dead code (#4511)

Build process updates / CI

  • ci: update Go version support to 1.25+ across CI and docs (#4550)
  • chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)

Gin v1.11.0

... (truncated)

Commits
  • 73726dc docs: update documentation to reflect Go version changes (#4552)
  • e292e5c docs: document and finalize Gin v1.12.0 release (#4551)
  • ae3f524 ci: update Go version support to 1.25+ across CI and docs (#4550)
  • 38534e2 chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#4548)
  • 472d086 fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
  • fb25834 test(context): use http.StatusContinue constant instead of magic number 100 (...
  • 6f1d5fe test(render): add comprehensive error handling tests (#4541)
  • 5c00df8 fix(render): write content length in Data.Render (#4206)
  • db30908 chore(logger): allow skipping query string output (#4547)
  • ba093d1 chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)
  • Additional commits viewable in compare view

Updates github.com/labstack/echo/v4 from 4.12.0 to 4.15.2

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.15.1

What's Changed

Full Changelog: labstack/echo@v4.15.0...v4.15.1

v4.15.0

Security

WARNING: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship between the request origin and the target. The middleware uses this to make security decisions:

  • same-origin or none: Requests are allowed (exact origin match or direct user navigation)
  • same-site: Falls back to token validation (e.g., subdomain to main domain)
  • cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to traditional token-based CSRF protection.

New Configuration Options:

  • TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)
  • AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},
// Custom validation for same-site requests
AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
    // Your custom authorization logic here
    return validateCustomAuth(c), nil
    // return true, err  // blocks request with error
    // return true, nil  // allows CSRF request through
    // return false, nil // falls back to legacy token logic
},

}))

PR: labstack/echo#2858

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.15.2 - 2026-05-01

Security

Thanks to @​shblue21 for reporting this issue.

v4.15.1 - 2026-02-22

Enhancements

v4.15.0 - 2026-01-01

Security

NB: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship between the request origin and the target. The middleware uses this to make security decisions:

  • same-origin or none: Requests are allowed (exact origin match or direct user navigation)
  • same-site: Falls back to token validation (e.g., subdomain to main domain)
  • cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to traditional token-based CSRF protection.

New Configuration Options:

  • TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)
  • AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},
// Custom validation for same-site requests

</tr></table>

... (truncated)

Commits
  • 25685e6 Merge pull request #2963 from aldas/v4_changelog_4_15_2
  • f9d7689 Changelog for v4.15.2
  • 37fff28 Merge pull request #2962 from aldas/v4_valid_proto
  • ca4f38a Context.Scheme should validate values taken from header
  • 2e527a7 Update CI, update deps
  • 6f3a84a Merge pull request #2905 from aldas/v4_crsf_token_fallback
  • 24fa4d0 CSRF: support older token-based CSRF protection handler that want to render t...
  • 482bb46 v4.15.0 changelog
  • d0f9d1e CRSF with Sec-Fetch-Site=same-site falls back to legacy token
  • f3fc618 CRSF with Sec-Fetch-Site checks
  • Additional commits viewable in compare view

Updates github.com/samber/lo from 1.46.0 to 1.53.0

Release notes

Sourced from github.com/samber/lo's releases.

v1.53.0

Announcing the latest release of lo with lots of good gifts! 🎁

🌊 First, a big thanks to @​d-enk for making lots of performance improvements in the recent weeks.

🧪 Second, this release introduces a new simd experimental package. If you run on an amd64 architecture and a recent CPU, you can perform very fast operations thanks to SIMD CPU instructions. -> Documentation: https://lo.samber.dev/docs/experimental/simd

💥 Third, this version adds *Err variants of many lo helpers (like MapErr, FlatMapErr, ReduceErr, etc.) whose callbacks can return an error and short-circuit execution when one occurs.

[!NOTE] The simd sub-package is considered not stable. We might break the initial API based on developers' feedback in the coming months.

Features & improvements

Deprecation

Performance improvements

... (truncated)

Commits

Updates github.com/stretchr/testify from 1.10.0 to 1.11.1

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.11.1

This release fixes #1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

Fixes

Documentation, Build & CI

... (truncated)

Commits
  • 2a57335 Merge pull request #1788 from brackendawson/1785-backport-1.11
  • af8c912 Backport #1786 to release/1.11
  • b7801fb Merge pull request #1778 from stretchr/dependabot/github_actions/actions/chec...
  • 69831f3 build(deps): bump actions/checkout from 4 to 5
  • a53be35 Improve captureTestingT helper
  • aafb604 mock: improve formatting of error message
  • 7218e03 improve error msg
  • 929a212 Merge pull request #1758 from stretchr/dolmen/suite-faster-method-filtering
  • bc7459e suite: faster filtering of methods (-testify.m)
  • 7d37b5c suite: refactor methodFilter
  • Additional commits viewable in compare view

Updates github.com/swaggo/echo-swagger from 1.4.1 to 1.5.2

Release notes

Sourced from github.com/swaggo/echo-swagger's releases.

v1.5.2

Changelog

  • 4610e5fe3d165f8778404332c55e6739d9def661 Fix typo in workflow name from 'vname' to 'name' (#134)
  • c9c2b320fd9517e10d1f050472e2ff0ea46fc3bd Replace unsupported package ghodss/yaml to sigs.k8s.io/yaml and upgrade version swag to 1.16.2 (#118)
  • 55e053a74260f4a6dfe70bf29a874f9f250386ca Update Go versions in CI workflow (#133)
  • 85c181284a4569234b9869a8c688d49535b4db84 add support github.com/swaggo/swag/v2 (#125)
  • 3ed44099164f7583e0afc0c1745c2b15bf41d035 chore(deps): bump golang.org/x/crypto (#131)
  • 084c884941f0d16295e82fd572b6f4994048cc54 chore(deps): bump golang.org/x/crypto in /example/v2 (#137)
  • d2c5601ca947474c939f0d347042f0f5507fa2d0 chore(deps): bump golang.org/x/crypto in /example/v3 (#136)
  • e1ef5402e4677cfc1f779d51ca694ba094f9cd3d chore(deps): bump golang.org/x/net from 0.25.0 to 0.38.0 (#135)
  • 266dde8d6f79c50b2c3da78089b83f41cdb40d87 chore(deps): bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 (#132)
  • 12f841b28c19d951ef888f42f1d91472e7460d24 chore: retractg echo-swagger version 1.5.0
  • ec1771556ddf942869fc087cc790e2b92d001fd2 fix: improve error handling and response for EchoWrapHandler (#129)

v1.5.1

Changelog

  • 4610e5fe3d165f8778404332c55e6739d9def661 Fix typo in workflow name from 'vname' to 'name' (#134)
  • c9c2b320fd9517e10d1f050472e2ff0ea46fc3bd Replace unsupported package ghodss/yaml to sigs.k8s.io/yaml and upgrade version swag to 1.16.2 (#118)
  • 55e053a74260f4a6dfe70bf29a874f9f250386ca Update Go versions in CI workflow (#133)
  • 85c181284a4569234b9869a8c688d49535b4db84 add support github.com/swaggo/swag/v2 (#125)
  • 3ed44099164f7583e0afc0c1745c2b15bf41d035 chore(deps): bump golang.org/x/crypto (#131)
  • 084c884941f0d16295e82fd572b6f4994048cc54 chore(deps): bump golang.org/x/crypto in /example/v2 (#137)
  • d2c5601ca947474c939f0d347042f0f5507fa2d0 chore(deps): bump golang.org/x/crypto in /example/v3 (#136)
  • e1ef5402e4677cfc1f779d51ca694ba094f9cd3d chore(deps): bump golang.org/x/net from 0.25.0 to 0.38.0 (#135)
  • 266dde8d6f79c50b2c3da78089b83f41cdb40d87 chore(deps): bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 (#132)
  • 12f841b28c19d951ef888f42f1d91472e7460d24 chore: retractg echo-swagger version 1.5.0
  • ec1771556ddf942869fc087cc790e2b92d001fd2 fix: improve error handling and response for EchoWrapHandler (#129)
Commits
  • 12f841b chore: retractg echo-swagger version 1.5.0
  • 084c884 chore(deps): bump golang.org/x/crypto in /example/v2 (#137)
  • d2c5601 chore(deps): bump golang.org/x/crypto in /example/v3 (#136)
  • 85c1812 add support github.com/swaggo/swag/v2 (#125)
  • e1ef540 chore(deps): bump golang.org/x/net from 0.25.0 to 0.38.0 (#135)
  • 3ed4409 chore(deps): bump golang.org/x/crypto (#131)
  • 4610e5f Fix typo in workflow name from 'vname' to 'name' (#134)
  • 55e053a Update Go versions in CI workflow (#133)
  • 266dde8 chore(deps): bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 (#132)
  • ec17715 fix: improve error handling and response for EchoWrapHandler (#129)
  • Additional commits viewable in compare view

Updates github.com/swaggo/gin-swagger from 1.6.0 to 1.6.1

Release notes

Sourced from github.com/swaggo/gin-swagger's releases.

v1.6.1

Changelog

  • 19f4300ad05a57e2a7a2f3ef0a3acbac8f30a435 Allow to enable Proof Key for Code Exachange (PKCE) (#271)
  • 76a92d5db8f3d154f87d1feac1e46f23aeec9fdf Update Go versions in CI workflow (#324)
  • aa92a0ac3f26c587e4248afcf8d8b6318353e7b0 Update ReadMe (#291)
  • 08e4a929c9132200950fed601d0472142a20e0ce chore(deps): bump github.com/gin-gonic/gin from 1.9.0 to 1.9.1 (#270)
  • 7d8970259b5a77dde1462927b1b4d589fc938cd4 chore(deps): bump golang.org/x/net from 0.8.0 to 0.23.0 (#298)
  • 2b8554dea56a983cae644a52556125b6f4216020 chore(deps): bump google.golang.org/protobuf from 1.28.1 to 1.33.0 (#293)
  • 3b4340f1a7a6b24b9dcb4238954db4482db434ae move css and js to seperate files (#280)
Commits
  • 2b8554d chore(deps): bump google.golang.org/protobuf from 1.28.1 to 1.33.0 (#293)

@dependabot
deps(deps): bump the gomod-minor-and-patch group with 10 updates
4bfae76 
Bumps the gomod-minor-and-patch group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-lambda-go](https://github.com/aws/aws-lambda-go) | `1.47.0` | `1.54.0` |
| [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) | `1.10.0` | `1.12.0` |
| [github.com/labstack/echo/v4](https://github.com/labstack/echo) | `4.12.0` | `4.15.2` |
| [github.com/samber/lo](https://github.com/samber/lo) | `1.46.0` | `1.53.0` |
| [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.10.0` | `1.11.1` |
| [github.com/swaggo/echo-swagger](https://github.com/swaggo/echo-swagger) | `1.4.1` | `1.5.2` |
| [github.com/swaggo/gin-swagger](https://github.com/swaggo/gin-swagger) | `1.6.0` | `1.6.1` |
| [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) | `2.53.5` | `2.53.6` |
| [golang.org/x/sync](https://github.com/golang/sync) | `0.17.0` | `0.20.0` |
| [mvdan.cc/gofumpt](https://github.com/mvdan/gofumpt) | `0.9.2` | `0.10.0` |


Updates `github.com/aws/aws-lambda-go` from 1.47.0 to 1.54.0
- [Release notes](https://github.com/aws/aws-lambda-go/releases)
- [Commits](aws/aws-lambda-go@v1.47.0...v1.54.0)

Updates `github.com/gin-gonic/gin` from 1.10.0 to 1.12.0
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.10.0...v1.12.0)

Updates `github.com/labstack/echo/v4` from 4.12.0 to 4.15.2
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/v4.15.2/CHANGELOG.md)
- [Commits](labstack/echo@v4.12.0...v4.15.2)

Updates `github.com/samber/lo` from 1.46.0 to 1.53.0
- [Release notes](https://github.com/samber/lo/releases)
- [Commits](samber/lo@v1.46.0...v1.53.0)

Updates `github.com/stretchr/testify` from 1.10.0 to 1.11.1
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.10.0...v1.11.1)

Updates `github.com/swaggo/echo-swagger` from 1.4.1 to 1.5.2
- [Release notes](https://github.com/swaggo/echo-swagger/releases)
- [Commits](swaggo/echo-swagger@v1.4.1...v1.5.2)

Updates `github.com/swaggo/gin-swagger` from 1.6.0 to 1.6.1
- [Release notes](https://github.com/swaggo/gin-swagger/releases)
- [Commits](swaggo/gin-swagger@v1.6.0...v1.6.1)

Updates `github.com/vektra/mockery/v2` from 2.53.5 to 2.53.6
- [Release notes](https://github.com/vektra/mockery/releases)
- [Commits](vektra/mockery@v2.53.5...v2.53.6)

Updates `golang.org/x/sync` from 0.17.0 to 0.20.0
- [Commits](golang/sync@v0.17.0...v0.20.0)

Updates `mvdan.cc/gofumpt` from 0.9.2 to 0.10.0
- [Release notes](https://github.com/mvdan/gofumpt/releases)
- [Changelog](https://github.com/mvdan/gofumpt/blob/master/CHANGELOG.md)
- [Commits](mvdan/gofumpt@v0.9.2...v0.10.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-lambda-go
  dependency-version: 1.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-minor-and-patch
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-minor-and-patch
- dependency-name: github.com/labstack/echo/v4
  dependency-version: 4.15.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-minor-and-patch
- dependency-name: github.com/samber/lo
  dependency-version: 1.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-minor-and-patch
- dependency-name: github.com/stretchr/testify
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-minor-and-patch
- dependency-name: github.com/swaggo/echo-swagger
  dependency-version: 1.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-minor-and-patch
- dependency-name: github.com/swaggo/gin-swagger
  dependency-version: 1.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-minor-and-patch
- dependency-name: github.com/vektra/mockery/v2
  dependency-version: 2.53.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomod-minor-and-patch
- dependency-name: golang.org/x/sync
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-minor-and-patch
- dependency-name: mvdan.cc/gofumpt
  dependency-version: 0.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomod-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 7, 2026

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

Semgrep Scan Results

Repository: go-aws-lambda-sdk | Commit: 42295f6

Check Status Details
✅ Semgrep Pass 0 total findings (no error/warning)

Scanned at 2026-05-07 13:31 UTC

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

Security Scan Results

Repository: go-aws-lambda-sdk | Commit: 42295f6

Check Status Details
✅ Secret Scan Pass No secrets detected
🚨 Dependencies (Trivy) Critical 1 critical, 1 high, 4 total
🚨 Dependencies (Grype) Critical 1 critical, 1 high, 4 total
📦 SBOM Generated 254 components (CycloneDX)

Scanned at 2026-05-07 13:31 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants