Skip to content

fix(deps): update all non-major dependencies#916

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

fix(deps): update all non-major dependencies#916
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Feb 5, 2025
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@fortawesome/fontawesome-free (source) 6.6.06.7.2 age confidence devDependencies minor
docker/login-action v3.3.0v3.7.0 age confidence action minor
docker/metadata-action v5.5.1v5.10.0 age confidence action minor
github.com/coreos/go-oidc/v3 v3.17.0v3.18.0 age confidence require minor
github.com/getkin/kin-openapi v0.131.0v0.138.0 age confidence require minor
github.com/go-ldap/ldap/v3 v3.4.12v3.4.13 age confidence require patch
github.com/oapi-codegen/oapi-codegen/v2 v2.4.1v2.7.0 age confidence indirect minor
github.com/oapi-codegen/runtime v1.1.1v1.4.0 age confidence require minor
github.com/urfave/cli/v3 v3.6.2v3.9.0 age confidence require minor
golang.org/x/crypto v0.47.0v0.51.0 age confidence require minor
golang.org/x/net v0.49.0v0.54.0 age confidence require minor
golang.org/x/oauth2 v0.35.0v0.36.0 age confidence require minor
golang.org/x/sys v0.41.0v0.44.0 age confidence require minor

Release Notes

FortAwesome/Font-Awesome (@​fortawesome/fontawesome-free)

v6.7.2

Compare Source

Change log available at https://fontawesome.com/docs/changelog/

v6.7.1

Compare Source

Change log available at https://fontawesome.com/docs/changelog/

v6.7.0

Compare Source

Change log available at https://fontawesome.com/docs/changelog/

docker/login-action (docker/login-action)

v3.7.0

Compare Source

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Compare Source

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Compare Source

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v3.4.0

Compare Source

Full Changelog: docker/login-action@v3.3.0...v3.4.0

docker/metadata-action (docker/metadata-action)

v5.10.0

Compare Source

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

v5.9.0

Compare Source

Full Changelog: docker/metadata-action@v5.8.0...v5.9.0

v5.8.0

Compare Source

Full Changelog: docker/metadata-action@v5.7.0...v5.8.0

v5.7.0

Compare Source

Full Changelog: docker/metadata-action@v5.6.1...v5.7.0

v5.6.1

Compare Source

Full Changelog: docker/metadata-action@v5.6.0...v5.6.1

v5.6.0

Compare Source

Full Changelog: docker/metadata-action@v5.5.1...v5.6.0

coreos/go-oidc (github.com/coreos/go-oidc/v3)

v3.18.0

Compare Source

What's Changed

Full Changelog: coreos/go-oidc@v3.17.0...v3.18.0

getkin/kin-openapi (github.com/getkin/kin-openapi)

v0.138.0

Compare Source

What's Changed

Full Changelog: getkin/kin-openapi@v0.137.0...v0.138.0

v0.137.0

Compare Source

What's Changed

Full Changelog: getkin/kin-openapi@v0.136.0...v0.137.0

v0.136.0

Compare Source

What's Changed

New Contributors

Full Changelog: getkin/kin-openapi@v0.135.0...v0.136.0

v0.135.0

Compare Source

What's Changed

New Contributors

Full Changelog: getkin/kin-openapi@v0.134.0...v0.135.0

v0.134.0

Compare Source

What's Changed

New Contributors

Full Changelog: getkin/kin-openapi@v0.133.0...v0.134.0

v0.133.0

Compare Source

What's Changed

New Contributors

Full Changelog: getkin/kin-openapi@v0.132.0...v0.133.0

v0.132.0

Compare Source

What's Changed

New Contributors

Full Changelog: getkin/kin-openapi@v0.131.0...v0.132.0

go-ldap/ldap (github.com/go-ldap/ldap/v3)

v3.4.13

Compare Source

What's Changed

New Contributors

Full Changelog: go-ldap/ldap@v3.4.12...v3.4.13

oapi-codegen/oapi-codegen (github.com/oapi-codegen/oapi-codegen/v2)

v2.7.0: : Squashing bugs, many bugs (and adding some features)

Compare Source

Many improvements and even more bug fixes

This v2.7.0 release of oapi-codegen contains quite a bit of internal refactoring, focused on our most historically fragile code paths, which relate to the aggregate types (allOf/anyOf/oneOf), $ref to external specs, enums, and the spec traversal logic missing quite a few leaf nodes where models should have been generated, but were skipped.

The biggest changes are explicitly described in the sections below, and the full list of commits is at the bottom.

Thank you to all contributors, we've been going through all past PR's and updating them and merging where we can, and thanks to all our users for reporting issues that you hit.

I've (@​mromaszewicz) used a lot of LLM help here to scrub through old issues and do some deep internal refactoring to address common problem areas. I intend to continue doing this, since the conditional generation logic is getting quite complicated. When I originally released oapi-codegen, the use case was much simpler, all the models were under #/components/schemas, and all the references to them were in the requests, responses, etc. I never imagine how many things would be external references or unions, and how many complex OpenAPI specifications people would be generating code for. The initial design was never flexible enough to handle that, so ongoing bug fixes are getting increasingly complex due to edge cases. This version has a lot of internal changes you won't see as a user, but the way we handle type generation internally is unifying lots of copy/paste re-implementations into reusable code for consistency. Most of these changes can be done transparently, but some can't, so, onto the changes:

Code generation changes which might require some changes on your end

This release contains three changes, all very narrow in scope, which will require some manual adjustment of your own code. We've decided that these are small enough and uncommon enough not to require opt-in, which causes internal complexity. It's always a judgment call with these. If we got it wrong, we're happy to revisit it in a maintenance release.

Strict-server external response refs require strict-server generation in both packages (#​2357)

If your strict-server spec uses an external $ref to a components/responses/... defined in another spec, that other
spec must also be generated with strict-server: true. Add it to the source spec's config and regenerate:

# config for the spec being $ref'd
generate:
  models: true
  strict-server: true   # now required when imported by a strict-server spec

This restores the v2.0.0 behavior that lets you cast response models across package boundaries — the standard pattern
for sharing error models (e.g. a common 400) across services. PR #​1387 had silently changed the embedded type from N400JSONResponse to the bare externalRef0.N400, so the local and external response structs no longer had
matching types and casts stopped compiling.

Many more anonymous inner schemas are now hoisted into top level schemas

Inline oneOf, anyOf, and additionalProperties schemas embedded directly under an operation's request or response
body now flow through the same boilerplate-emission pipeline as components/schemas, so they get the
As* / From* / Merge* accessor methods they were previously missing. As part of that change, two older naming patterns
are replaced with one pattern, shared with all components:

GetPets_200_Data_Item             →  GetPets200JSONResponseBody_Data_Item
GetPets200JSONResponse_Data_Item  →  GetPets200JSONResponseBody_Data_Item

In practice, we think this shouldn't break anyone, because this change addresses a bug which produced pointless types
with no benefit, and you never interact with these directly, but rather you'd call an accessor on a field of a model.

Strict middleware typedefs are now inlined (#​2271)

StrictHandlerFunc and StrictMiddlewareFunc in generated strict-server code are now inline type definitions instead
of aliases to github.com/oapi-codegen/runtime/strictmiddleware/<framework>. Generated servers no longer import that package.

Before (Echo example):

import strictecho "github.com/oapi-codegen/runtime/strictmiddleware/echo"

type StrictHandlerFunc = strictecho.StrictEchoHandlerFunc
type StrictMiddlewareFunc = strictecho.StrictEchoMiddlewareFunc

After:

type StrictHandlerFunc func(ctx echo.Context, request any) (any, error)
type StrictMiddlewareFunc func(f StrictHandlerFunc, operationID string) StrictHandlerFunc

If your code referenced the per-framework names directly — strictecho.StrictEchoHandlerFunc, strictgin.StrictGinHandlerFunc, strictnethttp.StrictHTTPHandlerFunc, strictiris.StrictIrisHandlerFunc, strictecho5.StrictEcho5HandlerFunc — switch to the local StrictHandlerFunc / StrictMiddlewareFunc exposed by the generated server package, or import runtime/strictmiddleware/<framework> yourself if you really want those names. The underlying signatures are unchanged, so any value satisfying the old type still satisfies the new one.

🎉 Notable changes

Go 1.24 required (#​2264)

oapi-codegen itself now requires Go 1.24.4+ to build and run. The toolchain in your project's go.mod (the one used to invoke the codegen) must be ≥ 1.24.4. The code generated will still likely work on older versions. We had to update to Go 1.24 in order to update some dependencies to address vulnerabilities. Go 1.24 is no longer supported, so our next release will update to Go 1.25,
and the plan is to stay on supported Go versions. I'm not sure if 1.25 will come in v2.8.0 or v2.7.1 yet, but it's imminent. We
have a number of submodules in this repo which exist only to test Go 1.25 routers in a 1.24 module, and it allows us to
simplify.

Unfortunately, some of our transitive dependencies result in a broken build, by default, so you might have to pin these
packages to specific versions:

  • github.com/speakeasy-api/jsonpath v0.6.3
  • github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 (See #​2015 for some discusion)
Multi-pass type name resolution (#​2213)

Set output-options.resolve-type-name-collisions: true to make the codegen detect identifier collisions across schemas, parameters, request bodies, response components, and operation-derived types — and resolve them deterministically by suffixing the loser. Specs that previously failed to generate because two definitions wanted the same Go name now succeed.

Trivial example. With this spec:

components:
  schemas:
    Status:
      type: string
      enum: [active, archived]
  parameters:
    Status:
      name: status
      in: query
      schema:
        type: string

output-options.resolve-type-name-collisions: true produces:

type Status string                    // from components.schemas.Status
const StatusActive   Status = "active"
const StatusArchived Status = "archived"

type StatusParameter = string         // from components.parameters.Status

Collision resolution is opt-in. Generated identifier names depend on the current set of collisions in the spec;
adding a new schema or parameter later that collides with an existing one will rename the existing one to break the new collision.
That can silently break user code that imports the previously-stable name as the spec drifts. However, despite the drift,
more specs can now correctly generate boilerplate.

Parameter binding matrix (#​2307)

The OpenAPI parameter style × explode × type matrix is now fully supported and round-trips consistently across
every server backend. Path/query/header/cookie parameters across primitive, array, and object types — including
style: form / spaceDelimited / pipeDelimited / deepObject × explode: true/false, and style: simple for headers —
generate the same binding logic on every server, and the client-side encoding is symmetric. The internal parameter test suite (internal/test/parameters/) now exercises every combination through a server round-trip per backend.

If you previously hit an unsupported style error, or saw a parameter serialization work under one backend but not another,
regenerate and the issue should be gone.

You will need to use version v1.4.0 or higher of github.com/oapi-codegen/runtime.

Optional / nullable response headers (#​2301)

For strict-server responses, optional and nullable headers now generate as pointer fields (or nullable.Nullable[T]
when the nullable-types output option is set). The generated server only calls w.Header().Set(...) when the field
is non-nil, so callers can omit optional headers cleanly.

Spec:

responses:
  '200':
    headers:
      X-Required: { required: true, schema: { type: string } }
      X-Optional: { schema: { type: string } }

Before:

type GetFoo200ResponseHeaders struct {
    XRequired string
    XOptional string  // always emitted, even when empty
}

After:

type GetFoo200ResponseHeaders struct {
    XRequired string
    XOptional *string  // nil → header not sent
}

To opt out of this change, set compatibility.headers-implicitly-required: true to restore the previous always-required behavior. This change breaks enough code that we flagified it.

🚀 New features

Echo v5 server support (#​2188)

Echo v5 (the upcoming major version) is now a supported server framework. Generate with generate.echo5-server: true. Echo v4 is unchanged and remains the target of generate.echo-server.

Per-handler middleware in Fiber (#​2302)

Fiber generated servers now accept a HandlerMiddlewares []HandlerMiddlewareFunc slice in FiberServerOptions, applied around every operation handler. The middleware signature is func(c *fiber.Ctx, next fiber.Handler) error, matching Fiber's native middleware pattern. Useful for cross-cutting concerns (auth, logging, metrics) that should run after path-level routing but inside the generated-handler boundary.

Per-operation middleware in Echo (#​2353)

Echo's RegisterHandlersWithOptions now accepts an OperationMiddlewares map[string][]echo.MiddlewareFunc keyed by operationId, attaching middleware to specific operations at registration time:

api.RegisterHandlersWithOptions(e, server, api.RegisterHandlersOptions{
    OperationMiddlewares: map[string][]echo.MiddlewareFunc{
        "createPet": {authMiddleware, auditMiddleware},
        "deletePet": {authMiddleware, adminOnlyMiddleware},
    },
})

Operations with no entry in the map (or a nil map) are registered with no extra middleware. Available for both Echo v4 and Echo v5 generated servers.

Strict-gin error handlers (#​1600)

The Gin strict server now exposes RequestErrorHandlerFunc and ResponseErrorHandlerFunc on StrictServerOptions, matching the pattern already available for the Echo strict server. Bind errors and response-write errors flow through your custom handler instead of using gin's default abort behaviour. Defaults are preserved if you don't set them.

☢️ Breaking changes

🎉 Notable changes

🚀 New features and improvements

Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 9195c39 to 21d4747 Compare February 5, 2025 12:50
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Feb 5, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm warn Unknown env config "store". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm warn Unknown project config "shamefully-flatten". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: convos@8.7.0
npm error Found: @sveltejs/vite-plugin-svelte@5.0.3
npm error node_modules/@sveltejs/vite-plugin-svelte
npm error   dev @sveltejs/vite-plugin-svelte@"^3.0.0" from the root project
npm error   peer @sveltejs/vite-plugin-svelte@"^5.0.0" from @sveltejs/vite-plugin-svelte-inspector@4.0.1
npm error   node_modules/@sveltejs/vite-plugin-svelte/node_modules/@sveltejs/vite-plugin-svelte-inspector
npm error     @sveltejs/vite-plugin-svelte-inspector@"^4.0.1" from @sveltejs/vite-plugin-svelte@5.0.3
npm error
npm error Could not resolve dependency:
npm error dev @sveltejs/vite-plugin-svelte@"^3.0.0" from the root project
npm error
npm error Conflicting peer dependency: vite@5.4.21
npm error node_modules/vite
npm error   peer vite@"^5.0.0" from @sveltejs/vite-plugin-svelte@3.1.2
npm error   node_modules/@sveltejs/vite-plugin-svelte
npm error     dev @sveltejs/vite-plugin-svelte@"^3.0.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry this command with --force or --legacy-peer-deps to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-05-18T12_01_01_855Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-05-18T12_01_01_855Z-debug-0.log

@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 21d4747 to 1f7f131 Compare February 26, 2025 19:09
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 1f7f131 to b9a914f Compare March 14, 2025 11:51
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from b12766f to a2e60e5 Compare August 4, 2025 14:44
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from a2e60e5 to 480e4be Compare September 29, 2025 11:08
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 480e4be to fa0ad56 Compare November 4, 2025 20:52
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from fa0ad56 to 0b4cbc1 Compare November 27, 2025 16:08
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 0b4cbc1 to 63e6a8c Compare January 28, 2026 15:44
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 63e6a8c to 845e7d7 Compare April 2, 2026 19:50
@renovate renovate Bot changed the title chore(deps): update all non-major dependencies fix(deps): update all non-major dependencies Apr 2, 2026
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from aaed532 to b91885e Compare April 9, 2026 21:46
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from e41db60 to 6065654 Compare April 25, 2026 13:24
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 99e8973 to 0c6367a Compare May 1, 2026 19:59
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 0a7b984 to 9dfdc55 Compare May 8, 2026 12:39
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 3d608da to 764cab3 Compare May 14, 2026 17:28
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 764cab3 to e58815d Compare May 14, 2026 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants