Bump github.com/valyala/fasthttp from 1.69.0 to 1.70.0

[dependabot]

Bumps github.com/valyala/fasthttp from 1.69.0 to 1.70.0.

Release notes

Sourced from github.com/valyala/fasthttp's releases.

v1.70.0

What's Changed

• Go 1.26 and golangci-lint updates by @​erikdubbelboer in valyala/fasthttp#2146
• Add WithLimit methods for uncompression by @​erikdubbelboer in valyala/fasthttp#2147
• Honor Root for fs.FS and normalize fs-style roots by @​erikdubbelboer in valyala/fasthttp#2145
• Sanitize header values in all setter paths to prevent CRLF injection by @​erikdubbelboer in valyala/fasthttp#2162
• Add ServeFileLiteral, ServeFSLiteral and SendFileLiteral by @​erikdubbelboer in valyala/fasthttp#2163
• Prevent chunk extension request smuggling by @​erikdubbelboer in valyala/fasthttp#2165
• Validate request URI format during header parsing to reject malformed requests by @​erikdubbelboer in valyala/fasthttp#2168
• HTTP1/1 requires exactly one Host header by @​erikdubbelboer in valyala/fasthttp#2164
• Strict HTTP version validation and simplified first line parsing by @​erikdubbelboer in valyala/fasthttp#2167
• Only normalize pre-colon whitespace for HTTP headers by @​erikdubbelboer in valyala/fasthttp#2172
• fs: reject '..' path segments in rewritten paths by @​erikdubbelboer in valyala/fasthttp#2173
• fasthttpproxy: reject CRLF in HTTP proxy CONNECT target by @​erikdubbelboer in valyala/fasthttp#2174
• fasthttpproxy: scope proxy auth cache to GetDialFunc by @​erikdubbelboer in valyala/fasthttp#2144
• feat: enhance performance by @​ReneWerner87 in valyala/fasthttp#2135
• export ErrConnectionClosed by @​pjebs in valyala/fasthttp#2152
• fix: detect master process death in prefork children by @​meruiden in valyala/fasthttp#2158
• return prev values by @​pjebs in valyala/fasthttp#2123
• docs: added httpgo to related projects by @​MUlt1mate in valyala/fasthttp#2169
• chore(deps): bump actions/upload-artifact from 6 to 7 by @​dependabot[bot] in valyala/fasthttp#2149
• chore(deps): bump github.com/andybalholm/brotli from 1.2.0 to 1.2.1 by @​dependabot[bot] in valyala/fasthttp#2170
• chore(deps): bump github.com/klauspost/compress from 1.18.2 to 1.18.3 by @​dependabot[bot] in valyala/fasthttp#2129
• chore(deps): bump github.com/klauspost/compress from 1.18.3 to 1.18.4 by @​dependabot[bot] in valyala/fasthttp#2140
• chore(deps): bump github.com/klauspost/compress from 1.18.4 to 1.18.5 by @​dependabot[bot] in valyala/fasthttp#2166
• chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @​dependabot[bot] in valyala/fasthttp#2139
• chore(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 by @​dependabot[bot] in valyala/fasthttp#2128
• chore(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 by @​dependabot[bot] in valyala/fasthttp#2138
• chore(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 by @​dependabot[bot] in valyala/fasthttp#2125
• chore(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 by @​dependabot[bot] in valyala/fasthttp#2137
• chore(deps): bump securego/gosec from 2.22.11 to 2.23.0 by @​dependabot[bot] in valyala/fasthttp#2142
• Update securego/gosec from 2.23.0 to 2.25.0 by @​erikdubbelboer in valyala/fasthttp#2161

New Contributors

• @​MUlt1mate made their first contribution in valyala/fasthttp#2169
• @​meruiden made their first contribution in valyala/fasthttp#2158

Full Changelog: valyala/fasthttp@v1.69.0...v1.70.0

Commits

• 534461a fasthttpproxy: reject CRLF in HTTP proxy CONNECT target (#2174)
• 267e740 fs: reject '..' path segments in rewritten paths (#2173)
• a95a1ad Only normalize pre-colon whitespace for HTTP headers (#2172)
• ab8c2ac fix: detect master process death in prefork children (#2158)
• c4569c5 feat: enhance performance (#2135)
• beab280 chore(deps): bump github.com/andybalholm/brotli from 1.2.0 to 1.2.1 (#2170)
• 82254a7 Normalize framing header names with pre-colon whitespace
• 6111327 Strict HTTP version validation and simplified first line parsing (#2167)
• eb38f5f HTTP1/1 requires exactly one Host header (#2164)
• 7d90713 Validate request URI format during header parsing to reject malformed request...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Report Summary

┌──────────────────────────────────────────────┬──────────┬─────────────────┬─────────┐
│                    Target                    │   Type   │ Vulnerabilities │ Secrets │
├──────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ ghcr.io/webp-sh/webp_server_go (debian 13.4) │  debian  │        0        │    -    │
├──────────────────────────────────────────────┼──────────┼─────────────────┼─────────┤
│ usr/bin/webp-server                          │ gobinary │        0        │    -    │
└──────────────────────────────────────────────┴──────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)