VULN UPGRADE: patch: github.com/go-chi/chi, github.com/go-chi/chi/v5 [contrib/go-chi]

[campaigner-prod]

Summary: Security update — 2 packages upgraded (patch changes only)

Manifests changed:

• contrib/go-chi (go)

Updates

Package	From	To	Type	Vulnerabilities Fixed
github.com/go-chi/chi	v1.5.4	v1.5.5	patch	2 MODERATE
github.com/go-chi/chi/v5	v5.2.2	v5.2.5	patch	2 MODERATE

---

Security Details

ℹ️ Other Vulnerabilities (4)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
github.com/go-chi/chi	GO-2026-4316	MODERATE	Open redirect vulnerability in the RedirectSlashes middleware in github.com/go-chi/chi	v1.5.4	-
github.com/go-chi/chi	GHSA-mqqf-5wvp-8fh8	MODERATE	chi has an open redirect vulnerability in the RedirectSlashes middleware	v1.5.4	5.2.4
github.com/go-chi/chi/v5	GO-2026-4316	MODERATE	Open redirect vulnerability in the RedirectSlashes middleware in github.com/go-chi/chi	v5.2.2	5.2.4
github.com/go-chi/chi/v5	GHSA-mqqf-5wvp-8fh8	MODERATE	chi has an open redirect vulnerability in the RedirectSlashes middleware	v5.2.2	-

⚠️ Dependencies that have Reached EOL (1)

Dependency	Unsafe Version	EOL Date	New Version	Path
github.com/go-chi/chi	v1.5.4	-	v1.5.5	contrib/go-chi/chi/go.mod

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI

---

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

[pr-commenter]

Benchmarks

Benchmark execution time: 2026-02-12 21:00:04

Comparing candidate commit 3327cbd in PR branch engraver-auto-version-upgrade/minorpatch/go/go-chi/5-1770928788 with baseline commit ab547c3 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 157 metrics, 7 unstable metrics.

Explanation

This is an A/B test comparing a candidate commit's performance against that of a baseline commit. Performance changes are noted in the tables below as:

• 🟩 = significantly better candidate vs. baseline
• 🟥 = significantly worse candidate vs. baseline

We compute a confidence interval (CI) over the relative difference of means between metrics from the candidate and baseline commits, considering the baseline as the reference.

If the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD), the change is considered significant.

Feel free to reach out to #apm-benchmarking-platform on Slack if you have any questions.

More details about the CI and significant changes

You can imagine this CI as a range of values that is likely to contain the true difference of means between the candidate and baseline commits.

CIs of the difference of means are often centered around 0%, because often changes are not that big:

---------------------------------(------|---^--------)-------------------------------->
                              -0.6%    0%  0.3%     +1.2%
                                 |          |        |
         lower bound of the CI --'          |        |
sample mean (center of the CI) -------------'        |
         upper bound of the CI ----------------------'

As described above, a change is considered significant if the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD).

For instance, for an execution time metric, this confidence interval indicates a significantly worse performance:

----------------------------------------|---------|---(---------^---------)---------->
                                       0%        1%  1.3%      2.2%      3.1%
                                                  |   |         |         |
       significant impact threshold --------------'   |         |         |
                      lower bound of CI --------------'         |         |
       sample mean (center of the CI) --------------------------'         |
                      upper bound of CI ----------------------------------'