fix(deps): update all non-major dependencies in .github/workflows/tinygo.yml

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
actions/cache (changelog)	action	digest	a783357 → 6682284
actions/checkout (changelog)	action	digest	1af3b93 → de0fac2
actions/setup-go (changelog)	action	digest	4469467 → 4a36011
actions/stale (changelog)	action	digest	3a9db7e → b5d41d4
github.com/bmatcuk/doublestar/v4	require	minor	v4.9.1 → v4.10.0
github.com/corazawaf/coraza/v3	require	minor	v3.3.3 → v3.6.0
github.com/foxcpp/go-mockdns	require	minor	v1.1.0 → v1.2.0
github.com/kaptinlin/jsonschema	require	minor	v0.4.6 → v0.7.7
github.com/magefile/mage	require	patch	v1.17.0 → v1.17.1
github.com/mccutchen/go-httpbin/v2	require	minor	v2.18.3 → v2.21.0
github/codeql-action (changelog)	action	digest	e296a93 → c10b806
go	uses-with	minor	1.25.x → 1.26.x

---

Release Notes

bmatcuk/doublestar (github.com/bmatcuk/doublestar/v4)

v4.10.0: Added WithNoHidden option

Compare Source

Added support for a WithNoHidden option to ignore hidden files in patterns that might unintentionally match them. For example, a .config directory would not be matched by * or recursed into by **, but would be matched by .* or recursed by .config/**.

Thanks to @​lukasngl for the initial PR and idea!

What's Changed

• feat: add WithNoHidden option to skip hidden files by @​lukasngl in #​109

New Contributors

• @​lukasngl made their first contribution in #​109

Full Changelog: bmatcuk/doublestar@v4.9.2...v4.10.0

v4.9.2: Fixed Handling of Paths With Meta Chars Using Alts

Compare Source

@​toga4 submitted a PR that fixed a small bug with the way paths were handled when the pattern used {alts}: if some part of the on-disk path that came before the {alt} included meta characters (say, a directory name that included the character ?), these meta characters were not escaped when they were passed back through the globbing routines. This caused doublestar to interpret them as actual meta characters, rather than a fixed-string path as it should have. Nice find, @​toga4 !

What's Changed

• fix: escape meta characters in paths during brace expansion by @​toga4 in #​108

New Contributors

• @​toga4 made their first contribution in #​108

Full Changelog: bmatcuk/doublestar@v4.9.1...v4.9.2

corazawaf/coraza (github.com/corazawaf/coraza/v3)

v3.6.0

Compare Source

What's Changed

New feature (compilation flag)

• perf: optimize @​rx operator with literal pre-filtering by @​jptosso in #​1534

Fixes

• fix: SecAuditEngine RelevantOnly uses OR logic for status check by @​fzipi in #​1577
• fix: support WebSocket connections by tracking hijacked state by @​fzipi in #​1551
• docs,test: clarify OUTBOUND_DATA_ERROR behavior and fix phase numbers by @​fzipi in #​1578
• docs: updates variables by @​M4tteoP in #​1565

Others

• chore: ignore generated files in codecov coverage by @​fzipi in #​1571

Full Changelog: v3.5.0...v3.6.0

v3.5.0

Compare Source

What's Changed

Important

• feat: enable regex memoize by default by @​jptosso in #​1540

New Features

• feat: add regex support to ctl:ruleRemoveTargetById, ruleRemoveTargetByTag, and ruleRemoveTargetByMsg collection keys by @​Copilot in #​1561
• feat: implement SecUploadKeepFiles directive by @​fzipi in #​1557

Fixes

• fix(DetectionOnly): fixed RelevantOnly audit logs, improved matchedRules by @​M4tteoP in #​1549
• fix(deps): update module golang.org/x/net to v0.52.0 in go.mod by @​renovate[bot] in #​1553
• ci: increase fuzztime by @​M4tteoP in #​1554
• chore(ci): harden GHA workflows with least-privilege permissions by @​fzipi in #​1559
• docs: add structured documentation comments to variables.go by @​fzipi in #​1564
• chore(deps): update codecov/codecov-action action to v6 in .github/workflows/regression.yml by @​renovate[bot] in #​1570

Full Changelog: v3.4.0...v3.5.0

v3.4.0

Compare Source

What's Changed

Features

• feat: allow selectors on *_NAMES collections by @​blotus in #​1143
• feat: auditlog syslog writer by @​Serjick in #​1383
• feat: add json schema improvements by @​jcchavezs in #​1384
• feat: implement ctl:auditLogParts + and - for modifying audit logs by @​fzipi in #​1467
• feat(strmatch): add new operator by @​fzipi in #​1473
• feat: add optional rule observer callback to WAF config by @​heaven in #​1478
• feat: add WAFWithRules interface with RulesCount() by @​ppomes in #​1492
• feat: add SecRequestBodyJsonDepthLimit directive by @​fzipi in #​1110
• feat: ignore unexpected EOF in MIME multipart request body processor by @​hnakamur in #​1453
• feat: optimize ruleRemoveById range handling store ranges instead of expanding to int slices by @​Copilot in #​1538

Fixes

• fix(go1.24): bump linter by @​M4tteoP in #​1330
• fix(deps): update all non-major dependencies in .github/workflows/tinygo.yml by @​renovate[bot] in #​1326
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.18.0 in go.mod by @​renovate[bot] in #​1331
• audit: H should populate also with error logs. by @​M4tteoP in #​1310
• fix(deps): update module github.com/rs/zerolog to v1.34.0 in testing/coreruleset/go.mod by @​renovate[bot] in #​1332
• fix(deps): update module golang.org/x/net to v0.38.0 in go.mod by @​renovate[bot] in #​1337
• fixes misspelled build tag coraza.rule.multiphase_evaluation by @​daum3ns in #​1338
• fix(deps): update module github.com/corazawaf/coraza-coreruleset/v4 to v4.10.0 in testing/coreruleset/go.mod by @​renovate[bot] in #​1341
• fix(deps): update module golang.org/x/sync to v0.13.0 in go.mod by @​renovate[bot] in #​1344
• fix(deps): update module golang.org/x/net to v0.39.0 in go.mod by @​renovate[bot] in #​1346
• fix(deps): update go modules in go.mod by @​renovate[bot] in #​1354
• fix(deps): update all non-major dependencies in .github/workflows/tinygo.yml by @​renovate[bot] in #​1342
• fix: coraza.conf-recommended, stricter parsing actions by @​M4tteoP in #​1352
• fix(deps): update go modules in go.mod by @​renovate[bot] in #​1372
• fix: regenerate variables map to allow selection on all supported collections by @​blotus in #​1371
• fix: nil deference on err.Error() by @​ad3n in #​1367
• fix(deps): update all non-major dependencies in go.mod by @​renovate[bot] in #​1373
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.18.3 in go.mod by @​renovate[bot] in #​1374
• fix(deps): update github.com/magefile/mage digest to 78acbaf in go.mod by @​renovate[bot] in #​1375
• fix: resolve cutQuotedString issue with double backslashes (\) by @​trgalho in #​1364
• fix(deps): update module github.com/corazawaf/coraza-coreruleset/v4 to v4.15.0 in testing/coreruleset/go.mod by @​renovate[bot] in #​1376
• fix: wrong status returned when SecResponseBodyLimit is reached and Action is Reject by @​daum3ns in #​1379
• fix(deps): update module golang.org/x/sync to v0.16.0 in go.mod by @​renovate[bot] in #​1385
• fix(deps): update module golang.org/x/net to v0.42.0 in go.mod by @​renovate[bot] in #​1386
• fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.9.0 in testing/coreruleset/go.mod by @​renovate[bot] in #​1388
• fix(deps): update all non-major dependencies in testing/coreruleset/go.mod by @​renovate[bot] in #​1392
• Fixed mandatory check of rule ID. by @​brijeshjvalera in #​1325
• fix: cutQuotedString - not working for \"" by @​trgalho in #​1394
• fix(deps): update module golang.org/x/net to v0.43.0 in go.mod by @​renovate[bot] in #​1397
• fix: lowercase regex patterns for case-insensitive variable collections by @​fzipi in #​1505
• fix: ctl:ruleRemoveTargetById to support whole-collection exclusion by @​Copilot in #​1495
• fix: update constants for recursion limit by @​jcchavezs in #​1512
• Fix HTTP middleware to process all Transfer-Encoding values by @​Copilot in #​1518
• fix: set changed flag in removeComments and escapeSeqDecode by @​jptosso in #​1532
• fix(testing): Correct use of ProcessURI in Benchmarks by @​MarcWort in #​1546
• fix: typo in responseWriter name in TestWriteResponseBody by @​hnakamur in #​1451
• fix: streamed responses by @​daum3ns in #​1449
• fix: adds timeout to tinygo by @​jcchavezs in #​1463
• fix: pass through respose body after process partial by @​M4tteoP in #​1461
• fix: directive name is SecAuditLogsStorageDir by @​fzipi in #​1466
• fix: SecRuleUpdateActionById should replace disruptive actions by @​fzipi in #​1471
• fix(1482): improve quotes parsing during seclang bootstrap by @​jptosso in #​1486
• fix(deps): update module golang.org/x/net to v0.45.0 [security] by @​renovate[bot] in #​1487
• fix(deps): update module golang.org/x/sync to v0.20.0 in go.mod by @​renovate[bot] in #​1543

Tests

• updates CRS tests from v4.10.0 to v4.14.0 by @​M4tteoP in #​1355
• updates tests to CRS 4.20 by @​M4tteoP in #​1444
• fix tinygo tests for go 25 by @​jptosso in #​1485
• fix(testing): Correct use of ProcessURI in Benchmarks by @​MarcWort in #​1546
• Pre add testcase for streamed responses by @​jcchavezs in #​1459

Chores and Other

• chore(deps): update github/codeql-action digest to 1b549b9 in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1335
• chore: improves coraza.conf-recommended comments by @​M4tteoP in #​1334
• chore: update tinygo 0.34.0 by @​M4tteoP in #​1353
• Add @​pmf short alias for @​pmFromFile by @​dmefs in #​1356
• Add @​ipMatchF short alias for @​ipMatchFromFile by @​dmefs in #​1357
• chore(deps): update codecov/codecov-action digest to 18283e0 in .github/workflows/regression.yml by @​renovate[bot] in #​1359
• chore(deps): update github/codeql-action digest to ff0a06e in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1361
• docs: add RuiQi to integrations list by @​HUAHUAI23 in #​1368
• chore(deps): update all non-major dependencies in .github/workflows/tinygo.yml by @​renovate[bot] in #​1369
• chore: add tx to context by @​trgalho in #​1345
• Revert "chore: add tx to context" by @​jcchavezs in #​1378
• chore(deps): update github/codeql-action digest to 39edc49 in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1380
• chore(deps): update module github.com/go-viper/mapstructure/v2 to v2.3.0 [security] by @​renovate[bot] in #​1381
• chore(deps): update github/codeql-action digest to 181d5ee in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1382
• chore(deps): update github/codeql-action digest to d6bbdef in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1390
• chore(deps): update github/codeql-action digest to 4e828ff in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1391
• chore(deps): update github/codeql-action digest to 51f7732 in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1393
• chore(deps): update actions/cache digest to 0400d5f in .github/workflows/tinygo.yml by @​renovate[bot] in #​1396
• chore(deps): update github/codeql-action digest to 76621b6 in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1398
• chore(deps): update actions/checkout action to v5 in .github/workflows/tinygo.yml by @​renovate[bot] in #​1401
• chore(deps): update github/codeql-action digest to df55935 in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1403
• chore(deps): update dependency go to 1.25.x in .github/workflows/lint.yml by @​renovate[bot] in #​1405
• chore(deps): update github/codeql-action digest to 96f518a in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1407
• chore(deps): update codecov/codecov-action digest to fdcc847 in .github/workflows/regression.yml by @​renovate[bot] in #​1408
• chore(deps): update github/codeql-action digest to 3c3833e in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1410
• chore(deps): update module github.com/go-viper/mapstructure/v2 to v2.4.0 [security] by @​renovate[bot] in #​1411
• chore(deps): update all non-major dependencies in .github/workflows/regression.yml by @​renovate[bot] in #​1419
• chore(deps): update actions/setup-go action to v6 in .github/workflows/tinygo.yml by @​renovate[bot] in #​1420
• chore(deps): update actions/stale action to v10 in .github/workflows/close-issues.yml by @​renovate[bot] in #​1422
• chore(deps): update github/codeql-action action to v4 in .github/workflows/codeql-analysis.yml by @​renovate[bot] in #​1437
• chore(deps): update actions/checkout action to v6 in .github/workflows/tinygo.yml by @​renovate[bot] in #​1442
• Migrates golangci-lint to v2 by @​M4tteoP in #​1445
• chore: run golang modernize by @​M4tteoP in #​1446
• chore: increases the minimum go version by @​jcchavezs in #​1462
• chore(deps): update module golang.org/x/crypto to v0.45.0 [security] by @​renovate[bot] in #​1443
• chore: update libinjection-go and deps by @​fzipi in #​1496
• chore: min go version to 1.25 by @​M4tteoP in #​1497
• chore: remove panic from seclang compiler by @​Copilot in #​1514
• ci: reduce regression matrix from 128 to 15 jobs by @​jptosso in #​1522
• perf: use map for ruleRemoveByID for O(1) lookup by @​jptosso in #​1524
• perf: prefix-based transformation cache with inline values by @​fzipi in #​1544
• perf: bulk-allocate MatchData in collection Find methods by @​jptosso in #​1530
• perf: use FindStringSubmatchIndex to avoid capture allocations by @​jptosso in #​1547
• refactor: remove root package dependency on experimental by @​fzipi in #​1494
• docs: update package and strmatch operators by @​fzipi in #​1477
• docs(actions): update format and add package by @​fzipi in #​1475
• doc: fix phase in ctl action example by @​hnakamur in #​1428
• Add doc to directives by @​hnakamur in #​1434
• Mark unimplemented SecAuditLogParts in docs by @​louis-lau in #​1455
• docs: adds documentation to e2e package by @​jcchavezs in #​1460
• chore: adds copilot instructions. by @​jcchavezs in #​1464
• Replace "1GB" with "1GiB" in request/response body size limit by @​hnakamur in #​1418
• Pre add testcase for streamed responses by @​jcchavezs in #​1459

New Contributors

• @​daum3ns made their first contribution in #​1338
• @​dmefs made their first contribution in #​1356
• @​HUAHUAI23 made their first contribution in #​1368
• @​ad3n made their first contribution in #​1367
• @​trgalho made their first contribution in #​1364
• @​Serjick made their first contribution in #​1383
• @​brijeshjvalera made their first contribution in #​1325
• @​hnakamur made their first contribution in #​1418
• @​louis-lau made their first contribution in #​1455
• @​heaven made their first contribution in #​1478
• @​ppomes made their first contribution in #​1492
• @​MarcWort made their first contribution in #​1546

Full Changelog: v3.3.3...v3.4.0

foxcpp/go-mockdns (github.com/foxcpp/go-mockdns)

v1.2.0

Compare Source

What's Changed

• Fix CNAME chain handling when querying for a CNAME by @​horkhe in #​20

New Contributors

• @​horkhe made their first contribution in #​20

Full Changelog: foxcpp/go-mockdns@v1.1.0...v1.2.0

kaptinlin/jsonschema (github.com/kaptinlin/jsonschema)

v0.7.7

Compare Source

v0.7.6

Compare Source

v0.7.5

Compare Source

v0.7.4

Compare Source

v0.7.3

Compare Source

v0.7.2

Compare Source

v0.7.1

Compare Source

v0.7.0

Compare Source

v0.6.15

Compare Source

v0.6.14

Compare Source

v0.6.13

Compare Source

v0.6.12

Compare Source

v0.6.11

Compare Source

v0.6.10

Compare Source

v0.6.9

Compare Source

v0.6.8

Compare Source

v0.6.7

Compare Source

v0.6.6

Compare Source

v0.6.5

Compare Source

v0.6.4

Compare Source

v0.6.3

Compare Source

v0.6.2

Compare Source

v0.6.1

Compare Source

v0.6.0

Compare Source

v0.5.2

Compare Source

v0.5.1

Compare Source

v0.5.0

Compare Source

v0.4.15

Compare Source

v0.4.14

Compare Source

v0.4.13

Compare Source

v0.4.12

Compare Source

v0.4.11

Compare Source

v0.4.10

Compare Source

v0.4.9

Compare Source

v0.4.8

Compare Source

v0.4.7

Compare Source

magefile/mage (github.com/magefile/mage)

v1.17.1: - Fix for Asset Naming

Compare Source

Changelog

• 00dd13d chore(goreleaser): fix release asset names (#​547)
• 88c49b7 support for inline doc comments on optional flags (#​549)

What's Changed

• support for inline doc comments on optional flags by @​natefinch in #​549
• chore(goreleaser): fix release asset names by @​suzuki-shunsuke in #​547

New Contributors

• @​suzuki-shunsuke made their first contribution in #​547

Full Changelog: magefile/mage@v1.17.0...v1.17.1

mccutchen/go-httpbin (github.com/mccutchen/go-httpbin/v2)

v2.21.0

Compare Source

[!WARNING]
Potential Breaking Changes

• The authorized field was renamed to authenticated in the /basic-auth, /hidden-basic-auth, and /digest-auth endpoints to align with the original httpbin implementation. See #​231 for details.
• The shape of the /cookies response changed to align with the original httpbin implementation. See #​235 for details.

What's Changed

• compat: rename authorized to authenticated in auth responses by @​AYMENJD in #​231
• compat: fix /cookies response by @​AYMENJD in #​235
• feat: add /upload endpoint for testing large uploads by @​aarnaud in #​237
• test: refactor handler tests by @​mccutchen in #​238
• chore: update minimum go version to 1.25 by @​mccutchen in #​239
• test: use synctest for deterministic timing tests by @​mccutchen in #​240
• feat: add -log-level option by @​AYMENJD in #​234

New Contributors

• @​AYMENJD made their first contribution in #​231
• @​aarnaud made their first contribution in #​237

Full Changelog: mccutchen/go-httpbin@v2.20.0...v2.21.0

v2.20.0

Compare Source

[!WARNING]
Potential Breaking Change

The /bytes and /stream-bytes endpoints now respect the-max-body-size/MAX_BODY_SIZE configuration rather than hard-coding a 100KiB limit. See #​229 for details.

What's Changed

• docs: add link to go-httpbin GitHub action by @​ModeSevenIndustrialSolutions in #​219
• chore: drop reflection from test suite by @​mccutchen in #​227
• fix: respect MAX_BODY_SIZE in /bytes and /stream-bytes endpoints by @​derekmpage in #​229

New Contributors

• @​ModeSevenIndustrialSolutions made their first contribution in #​219
• @​derekmpage made their first contribution in #​229

Full Changelog: mccutchen/go-httpbin@v2.19.0...v2.20.0

v2.19.0

Compare Source

[!WARNING]
Potential Breaking Change

Pre-built docker images provided on Docker Hub and GitHub Container Registry now run as non-root by default, which may necessitate additional configuration for deployments that use both privileged ports and host networking. See Configuring non-root docker images in the README and #​224 for more details.

What's Changed

• chore: modernize by @​mccutchen in #​221
• chore: update autobahn docker image tag by @​mccutchen in #​225
• docker: switch base image from distroless/base to distroless/static:nonroot by @​yosida95 in #​224

New Contributors

• @​yosida95 made their first contribution in #​224

Full Changelog: mccutchen/go-httpbin@v2.18.3...v2.19.0

actions/go-versions (go)

v1.26.1: 1.26.1

Compare Source

Go 1.26.1

v1.26.0: 1.26.0

Compare Source

Go 1.26.0

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e44a66b8-2c4c-4ae0-8186-ce472f1dfb1b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/all-minor-patch

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}