Update Go dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/a-h/templ	v0.3.865 → v0.3.977
github.com/golang-jwt/jwt/v5	v5.2.2 → v5.3.0
github.com/golang-migrate/migrate/v4	v4.18.3 → v4.19.1
github.com/labstack/echo-jwt/v4	v4.3.1 → v4.4.0
github.com/labstack/echo/v4	v4.13.4 → v4.15.0
github.com/spf13/viper	v1.20.1 → v1.21.0
github.com/stretchr/testify	v1.10.0 → v1.11.1
golang.org/x/crypto	v0.38.0 → v0.46.0
modernc.org/sqlite	v1.37.1 → v1.42.2

---

Release Notes

a-h/templ (github.com/a-h/templ)

v0.3.977

Compare Source

Changelog

• e269629 chore: bump nix dependencies
• e16061b chore: bump npm docs (npm audit fix)
• acc6444 chore: bump versions in examples
• 54b3856 chore: fix broken unit test
• 8662cdb feat(proxy): flush streamed html (#​1271)
• dc31b64 feat: add Range to DocType nodes (#​1302)
• be9d6c9 feat: add Range to Whitespace nodes (#​1301)
• a74cfa9 feat: add prettier to templ info command
• 0d69ba4 feat: add support for "fallthrough" in case statements (#​1289)
• a7df818 fix: LSP diagnostics on Windows (#​1274)
• 40d2b42 fix: LSP proxy SourceMapCache should not store nil SourceMaps (#​1294)
• 25dc2ce fix: normalize leading whitespaces in multiline go code (#​1305)
• 7be7dd6 fix: prevent templ fmt from adding whitespace to blank lines in inline functions (#​1287)
• 554eab8 fix: wait for proxy to be ready upon restart (#​1299)

v0.3.960

Compare Source

Changelog

• 7a75104 chore: bump version
• 8b51dc9 chore: bump version
• 336ca10 chore: bump version
• b75203b chore: fix ensure generated
• c2f3317 feat: add --ignore-pattern flag to generate -watch (#​1280)
• b580171 feat: add Range to CallTemplateExpression nodes (#​1275)
• aed18e8 feat: add Range to TemplElementExpression (#​1276)
• 5094fb5 feat: add Ranges to ForExpressions (#​1264)
• f712c14 feat: add Ranges to IfExpression and ElseIfExpressionparser nodes (#​1248)
• bebee7d feat: add Ranges to SwitchExpressions (#​1265)
• 028f398 feat: format single-line go expressions to a single line (#​1267)
• abb427c fix: incorrect JS parsing when / chars encountered within strings, fixes #​1250

v0.3.943

Compare Source

Changelog

• 70af26b chore: bump dependencies
• 806d9e8 chore: bump version
• d7f4505 feat: add Range field to Element parser nodes (#​1236)
• 40be321 feat: don't insert proxy reload script on datastar initiated requests (#​1235)
• 18fb42a fix: don't attempt to apply prettier if it is not available (#​1246)
• 71d038e fix: skip parsing of JavaScript regexp literals: /test/ (#​1245)

v0.3.937

Compare Source

Changelog

• 935033d chore: bump dependencies
• c6b1acb chore: bump gofiber in example project
• 9490baa chore: bump version
• 5397d62 chore: fix linter errors in test
• 7451ee8 chore: go get ./... && go mod tidy
• e0a1051 chore: remove linter warning in test
• 63d8ad2 feat: add Range to HTMLComment nodes (#​1229)
• 71566a0 feat: add Range to raw elements (RawElement, ScriptElement) (#​1231)
• 273e0ed feat: format js and css with prettier if prettier is on the $PATH (#​1230)
• 5151891 refactor: update watcher tests to use public interface of fsnotify to prevent race condition in tests

v0.3.924

Compare Source

Changelog

• 799d461 chore: bump version
• ef5165e feat: add Ranges to GoComment parser nodes (#​1225)
• 17484e5 fix: stop rebuilding application if text-only changes have occurred in dev mode (#​1227)

v0.3.920

Compare Source

Changelog

• fedfcd4 Update 04-datastar.md (#​1214)
• 8fd80ac chore(docs): bump docs dependencies
• 23ccc90 chore: bump chi deps in example
• d6338ec chore: bump version
• 554776e chore: update copilot instructions
• 542b139 feat: add fragment rendering support (#​1216)
• 39303d6 fix(lsp): suppress gopls warning about editing generated file (#​1221, fixes #​1200)
• 732862b fix: add support for spreading non-string attribute values in RenderAttributes (#​1213)
• 79a8e2f refactor: move expressionAttributeValueURL check to separate function (#​1206)
• e2a87c1 refactor: remove map use when it isn't needed
• 73832bd refactor: rework generator command (#​1211)

v0.3.906

Compare Source

Changelog

• c086e47 chore: bump version file
• 15199ff chore: updated storybook installation command with a features flag (#​1185)
• 27dd1a4 feat: pass stdin to watched commands (#​1195)
• 838a60a feat: push Nix packaging to Flakehub
• 7df55ec feat: support string types and functions for URL attributes - no longer require templ.SafeURL - fixes #​1167 (#​1171)
• 2874448 fix(lsp): prevent LSP panic in cases where elements are nil
• c9bd939 fix: comments don't eat newlines (#​1186)
• f9f9f3a fix: handle live import declaration changes in lazy loader (#​1192)
• 9ad7ba1 fix: prevent request failure notification spam for new files in lazy loader (#​1202)
• 63238fc refactor: allow more flexible parsing of expression attributes (#​1197)
• 780cab0 refactor: don't block if timer runs out (behaviour change from Go 1.23) (#​1179)
• 9b34663 refactor: replace document open count with package reference count in lazy loader (#​1187)

v0.3.898

Compare Source

Changelog

• b3a6561 chore: bump version [no-ci]
• 7df55ec feat: support string types and functions for URL attributes - no longer require templ.SafeURL - fixes #​1167 (#​1171)
• 2874448 fix(lsp): prevent LSP panic in cases where elements are nil
• 780cab0 refactor: don't block if timer runs out (behaviour change from Go 1.23) (#​1179)

v0.3.894

Compare Source

Changelog

• 32ee560 chore: bump nix flake
• 608c516 fix(lsp): set range on invalid parse results, fixes #​1176 (#​1178)
• 9fc3954 fix: add nonce attribute to style tag (#​1164)
• 18dda56 refactor: fix linter warnings (#​1175)
• f74b870 refactor: standardise error messages, fixes #​1173 (#​1174)

v0.3.887

Compare Source

Changelog

• 78e130a Conditionalize language server preload (#​1118)
• 4048e76 chore(ci): apply write permissions to code coverage
• 92ed4a3 chore(ci): bump upload artifact version
• 3244608 chore(ci): checkout code when uploading coverage
• 04f35cd chore(ci): replace nix cache github action
• 2070e14 chore(ci): upload artifact from local directory
• f1c2a5e chore: bump deps in examples and fuzzing
• 892b042 chore: bump documentation deps
• 3201870 chore: bump version
• e47b18c chore: bump version
• 99cbb2a chore: bump version with correct pattern
• 01a7b2c chore: bump version with correct pattern
• 72844e5 chore: constrain CI/CD workflow permissions to read only (#​1143)
• 076b696 feat: add support for interpolating primitive types in addition to strings (#​1129)
• 9f9a1a3 feat: add support for starting gopls in shared daemon mode (#​1142)
• 5450d27 feat: allow partial parsing for improved LSP support (#​1155)
• def3450 feat: allow the AST to be modified using a visitor (#​1114)
• 5d4a06c feat: attribute key expressions (#​1140)
• d20d8a1 feat: gracefully shutdown on sigterm in -watch mode (#​1147)
• ea8c58b feat: support ordered attributes (#​1139)
• 79b4c2c feat: use GOPACKAGESDRIVER to load templ documents lazily (#​1124)
• 2648793 fix: add error case if attribute key type is not recognised (#​1157)
• 358110e fix: broken test
• a59b13a fix: copy attributes, because generating now adjusts a pointer due to #​1114
• ca6efc4 fix: ignore non js scripting languages in script parser (#​1136)
• 336d0d6 fix: include all watch patterns in consideration for cmd restart (#​1144)
• f1aa37d fix: support script variable interpolation for javascript and module types (#​1161)
• bf42293 fix: write constant attributes as they are in the source templ file (#​1159)
• 74ab01b refactor: only attempt to update-coverage on push to main, no PRs

golang-jwt/jwt (github.com/golang-jwt/jwt/v5)

v5.3.0

Compare Source

This release is almost identical to to v5.2.3 but now correctly indicates Go 1.21 as minimum requirement.

What's Changed

• Create CODEOWNERS by @​oxisto in #​449
• Bump Go version to indicate correct minimum requirement by @​oxisto in #​452

Full Changelog: golang-jwt/jwt@v5.2.3...v5.3.0

v5.2.3

Compare Source

What's Changed

• Bump GitHub workflows and Go versions by @​mfridman in #​438
• Implementing validation of multiple audiences by @​oxisto in #​433
• Bump golangci/golangci-lint-action from 7 to 8 by @​dependabot[bot] in #​440
• replaced interface{} to any by @​aachex in #​445
• Fix bug in validation of multiple audiences by @​sfinnman-cotn in #​441

New Contributors

• @​aachex made their first contribution in #​445
• @​sfinnman-cotn made their first contribution in #​441

Full Changelog: golang-jwt/jwt@v5.2.2...v5.2.3

golang-migrate/migrate (github.com/golang-migrate/migrate/v4)

v4.19.1

Compare Source

v4.19.0

Compare Source

What's Changed

• Fixed sqlserver not actually getting a lock if lock is already set by @​urbim in #​1186
• Bump golang.org/x/oauth2 from 0.18.0 to 0.27.0 by @​dependabot[bot] in #​1299
• Update apt-key to gpg by @​sandhilt in #​1277
• Update dktest to v0.4.6 for docker vuln fix by @​dhui in #​1309
• refactor: Remove go.uber.org/atomic in favor of std sync/atomic by @​romshark in #​1303
• Ensure bufferWriter is always closed in Migration.Buffer and propagate close errors by @​ckantcs in #​1308
• Add support for Go 1.25 and drop support for 1.23 by @​dhui in #​1310

New Contributors

• @​urbim made their first contribution in #​1186
• @​sandhilt made their first contribution in #​1277
• @​romshark made their first contribution in #​1303
• @​ckantcs made their first contribution in #​1308

Full Changelog: golang-migrate/migrate@v4.18.3...v4.19.0

labstack/echo-jwt (github.com/labstack/echo-jwt/v4)

v4.4.0

Compare Source

Enhancements

• Revert 'Return HTTP status 400 if missing JWT' PR to return 401 #​39
• Updated dependencies #​39
• Return ErrJWTMissing, ErrJWTInvalid clones so error code could be changed more easily

labstack/echo (github.com/labstack/echo/v4)

v4.15.0

Compare Source

Security

NB: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF
protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship
between the request origin and the target. The middleware uses this to make security decisions:

• same-origin or none: Requests are allowed (exact origin match or direct user navigation)
• same-site: Falls back to token validation (e.g., subdomain to main domain)
• cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to
traditional token-based CSRF protection.

New Configuration Options:

• TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)
• AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},

    // Custom validation for same-site requests
    AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
        // Your custom authorization logic here
        return validateCustomAuth(c), nil
        // return true, err  // blocks request with error
        // return true, nil  // allows CSRF request through
        // return false, nil // falls back to legacy token logic
    },
}))

PR: #​2858

Type-Safe Generic Parameter Binding

• Added generic functions for type-safe parameter extraction and context access by @​aldas in #​2856

  Echo now provides generic functions for extracting path, query, and form parameters with automatic type conversion,
  eliminating manual string parsing and type assertions.

  New Functions:

  • Path parameters: PathParam[T], PathParamOr[T]
  • Query parameters: QueryParam[T], QueryParamOr[T], QueryParams[T], QueryParamsOr[T]
  • Form values: FormParam[T], FormParamOr[T], FormParams[T], FormParamsOr[T]
  • Context store: ContextGet[T], ContextGetOr[T]

  Supported Types:
  Primitives (bool, string, int/uint variants, float32/float64), time.Duration, time.Time
  (with custom layouts and Unix timestamp support), and custom types implementing BindUnmarshaler,
  TextUnmarshaler, or JSONUnmarshaler.

  Example:

  // Before: Manual parsing
  idStr := c.Param("id")
  id, err := strconv.Atoi(idStr)
  
  // After: Type-safe with automatic parsing
  id, err := echo.PathParam[int](c, "id")
  
  // With default values
  page, err := echo.QueryParamOr[int](c, "page", 1)
  limit, err := echo.QueryParamOr[int](c, "limit", 20)
  
  // Type-safe context access (no more panics from type assertions)
  user, err := echo.ContextGet[*User](c, "user")

PR: #​2856

DEPRECATION NOTICE Timeout Middleware Deprecated - Use ContextTimeout Instead

The middleware.Timeout middleware has been deprecated due to fundamental architectural issues that cause
data races. Use middleware.ContextTimeout or middleware.ContextTimeoutWithConfig instead.

Why is this being deprecated?

The Timeout middleware manipulates response writers across goroutine boundaries, which causes data races that
cannot be reliably fixed without a complete architectural redesign. The middleware:

• Swaps the response writer using http.TimeoutHandler
• Must be the first middleware in the chain (fragile constraint)
• Can cause races with other middleware (Logger, metrics, custom middleware)
• Has been the source of multiple race condition fixes over the years

What should you use instead?

The ContextTimeout middleware (available since v4.12.0) provides timeout functionality using Go's standard
context mechanism. It is:

• Race-free by design
• Can be placed anywhere in the middleware chain
• Simpler and more maintainable
• Compatible with all other middleware

Migration Guide:

// Before (deprecated):
e.Use(middleware.Timeout())

// After (recommended):
e.Use(middleware.ContextTimeout(30 * time.Second))

Important Behavioral Differences:

1. Handler cooperation required: With ContextTimeout, your handlers must check context.Done() for cooperative
   cancellation. The old Timeout middleware would send a 503 response regardless of handler cooperation, but had
   data race issues.

2. Error handling: ContextTimeout returns errors through the standard error handling flow. Handlers that receive
   context.DeadlineExceeded should handle it appropriately:

e.GET("/long-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    // Example: database query with context
    result, err := db.QueryContext(ctx, "SELECT * FROM large_table")
    if err != nil {
        if errors.Is(err, context.DeadlineExceeded) {
            // Handle timeout
            return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
        }
        return err
    }

    return c.JSON(http.StatusOK, result)
})

3. Background tasks: For long-running background tasks, use goroutines with context:

e.GET("/async-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    resultCh := make(chan Result, 1)
    errCh := make(chan error, 1)

    go func() {
        result, err := performLongTask(ctx)
        if err != nil {
            errCh <- err
            return
        }
        resultCh <- result
    }()

    select {
    case result := <-resultCh:
        return c.JSON(http.StatusOK, result)
    case err := <-errCh:
        return err
    case <-ctx.Done():
        return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
    }
})

Enhancements

• Fixes by @​aldas in #​2852
• Generic functions by @​aldas in #​2856
• CRSF with Sec-Fetch-Site checks by @​aldas in #​2858

v4.14.0

Compare Source

middleware.Logger has been deprecated. For request logging, use middleware.RequestLogger or
middleware.RequestLoggerWithConfig.

middleware.RequestLogger replaces middleware.Logger, offering comparable configuration while relying on the
Go standard library’s new slog logger.

The previous default output format was JSON. The new default follows the standard slog logger settings.
To continue emitting request logs in JSON, configure slog accordingly:

slog.SetDefault(slog.New(slog.NewJSONHandler(os.Stdout, nil)))
e.Use(middleware.RequestLogger())

Security

• Logger middleware json string escaping and deprecation by @​aldas in #​2849

Enhancements

• Update deps by @​aldas in #​2807
• refactor to use reflect.TypeFor by @​cuiweixie in #​2812
• Use Go 1.25 in CI by @​aldas in #​2810
• Modernize context.go by replacing interface{} with any by @​vishr in #​2822
• Fix typo in SetParamValues comment by @​vishr in #​2828
• Fix typo in ContextTimeout middleware comment by @​vishr in #​2827
• Improve BasicAuth middleware: use strings.Cut and RFC compliance by @​vishr in #​2825
• Fix duplicate plus operator in router backtracking logic by @​yuya-morimoto in #​2832
• Replace custom private IP range check with built-in net.IP.IsPrivate by @​kumapower17 in #​2835
• Ensure proxy connection is closed in proxyRaw function(#​2837) by @​kumapower17 in #​2838
• Update deps by @​aldas in #​2843
• Update golang.org/x/* deps by @​aldas in #​2850

spf13/viper (github.com/spf13/viper)

v1.21.0

Compare Source

What's Changed

Enhancements 🚀

• Add support for flags pflag.BoolSlice, pflag.UintSlice and pflag.Float64Slice by @​nmvalera in #​2015
• feat: use maintained yaml library by @​sagikazarmark in #​2040

Bug Fixes 🐛

• fix(config): get config type from v.configType or config file ext by @​GuillaumeBAECHLER in #​2003
• fix: config type check when loading any config by @​sagikazarmark in #​2007

Dependency Updates ⬆️

• Update dependencies by @​sagikazarmark in #​1993
• build(deps): bump github.com/spf13/cast from 1.7.1 to 1.8.0 by @​dependabot[bot] in #​2017
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 by @​dependabot[bot] in #​2013
• build(deps): bump github.com/sagikazarmark/locafero from 0.8.0 to 0.9.0 by @​dependabot[bot] in #​2008
• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /remote by @​dependabot[bot] in #​2016
• build(deps): bump github.com/spf13/cast from 1.8.0 to 1.9.2 by @​dependabot[bot] in #​2020
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @​dependabot[bot] in #​2028
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @​dependabot[bot] in #​2035
• build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @​dependabot[bot] in #​2036
• build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 by @​dependabot[bot] in #​2012
• build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @​dependabot[bot] in #​2052
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /remote by @​dependabot[bot] in #​2048
• build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 by @​dependabot[bot] in #​2056
• chore: update dependencies by @​sagikazarmark in #​2057

Other Changes

• Update update guide with mapstructure package replacement. by @​aldas in #​2004
• refactor: use the built-in max/min to simplify the code by @​yingshanghuangqiao in #​2029

New Contributors

• @​GuillaumeBAECHLER made their first contribution in #​2003
• @​aldas made their first contribution in #​2004
• @​nmvalera made their first contribution in #​2015
• @​yingshanghuangqiao made their first contribution in #​2029
• @​ccoVeille made their first contribution in #​2046
• @​spacez320 made their first contribution in #​2050

Full Changelog: spf13/viper@v1.20.0...v1.21.0

stretchr/testify (github.com/stretchr/testify)

v1.11.1

Compare Source

This release fixes #​1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

• Backport #​1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @​brackendawson in #​1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

Compare Source

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in #​1614
• Lazily render mock diff output on successful match by @​mikeauclair in #​1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in #​1427
• assert: add IsNotType by @​bartventer in #​1730
• assert.JSONEq: shortcut if same strings by @​dolmen in #​1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in #​1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in #​1761
• suite: faster methods filtering (internal refactor) by @​dolmen in #​1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in #​1345
• Fix failure message formatting for Positive and Negative asserts in #​1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in #​1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in #​1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in #​1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in #​1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in #​1688
• Replace deprecated io/ioutil with io and os by @​alexandear in #​1684
• Document consequences of calling t.FailNow() by @​greg0ire in #​1710
• chore: update docs for Unset #​1621 by @​techfg in #​1709
• README: apply gofmt to examples by @​alexandear in #​1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in #​1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in #​1716
• Update documentation for the Error function in assert or require package by @​architagr in #​1675
• assert: remove deprecated build constraints by @​alexandear in #​1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in #​1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in #​1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in #​1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in #​1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in #​1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in #​1742
• mock: enable parallel testing on internal testsuite by @​dolmen in #​1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in #​1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in #​1745
• deps: fix dependency cycle with objx (again) by @​dolmen in #​1567
• assert.Empty: comprehensive doc of "Empty"-ness rules by @​dolmen in #​1753
• doc: improve godoc of top level 'testify' package by @​dolmen in #​1760
• assert.ErrorAs: simplify retrieving the type name by @​ccoVeille in #​1740
• assert.EqualValues: improve test coverage to 100% by @​dolmen in #​1763
• suite.Run: simplify running of Setup/TeardownSuite by @​renzoarreaza in #​1769
• assert.CallerInfo: micro optimization by using LastIndexByte by @​dolmen in #​1767
• assert.CallerInfo: micro cleanup by @​dolmen in #​1768
• assert: refactor TestFileExists and TestDirExists tests to enable parallel testing by @​dolmen in #​1766
• suite.Run: refactor handling of stats for improved readability by @​dolmen in #​1764
• tests: improve captureTestingT helper by @​ccoVeille in #​1741
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​1778

New Contributors

• @​greg0ire made their first contribution in #​1710
• @​techfg made their first contribution in #​1709
• @​mikeauclair made their first contribution in #​1614
• @​cszczepaniak made their first contribution in #​1427
• @​architagr made their first contribution in #​1675
• @​tsioftas made their first contribution in #​1681
• @​siliconbrain made their first contribution in #​1729
• @​bartventer made their first contribution in #​1730
• @​Ararsa-Derese made their first contribution in #​1706
• @​renzoarreaza made their first contribution in #​1769
• @​3scalation made their first contribution in #​1743

Full Changelog: stretchr/testify@v1.10.0...v1.11.0

cznic/sqlite (modernc.org/sqlite)

v1.42.2

Compare Source

v1.42.1

Compare Source

v1.42.0

Compare Source

v1.41.0

Compare Source

v1.40.1

Compare Source

v1.40.0

Compare Source

v1.39.1

Compare Source

v1.39.0

Compare Source

v1.38.2

Compare Source

v1.38.1

Compare Source

v1.38.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 16 additional dependencies were updated

Details:

Package	Change
github.com/davecgh/go-spew	v1.1.1 -> v1.1.2-0.20180830191138-d8f796af33cc
github.com/fsnotify/fsnotify	v1.8.0 -> v1.9.0
github.com/go-viper/mapstructure/v2	v2.2.1 -> v2.4.0
github.com/pelletier/go-toml/v2	v2.2.3 -> v2.2.4
github.com/pmezard/go-difflib	v1.0.0 -> v1.0.1-0.20181226105442-5d4384ee4fb2
github.com/sagikazarmark/locafero	v0.7.0 -> v0.11.0
github.com/sourcegraph/conc	v0.3.0 -> v0.3.1-0.20240121214520-5f936abd7ae8
github.com/spf13/afero	v1.12.0 -> v1.15.0
github.com/spf13/cast	v1.7.1 -> v1.10.0
github.com/spf13/pflag	v1.0.6 -> v1.0.10
golang.org/x/exp	v0.0.0-20250408133849-7e4ce0ab07d0 -> v0.0.0-20250620022241-b7579e27df2b
modernc.org/libc	v1.65.7 -> v1.66.10
golang.org/x/net	v0.40.0 -> v0.47.0
golang.org/x/sys	v0.33.0 -> v0.39.0
golang.org/x/text	v0.25.0 -> v0.32.0
golang.org/x/time	v0.11.0 -> v0.14.0

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 16 additional dependencies were updated

Details:

Package	Change
github.com/davecgh/go-spew	v1.1.1 -> v1.1.2-0.20180830191138-d8f796af33cc
github.com/fsnotify/fsnotify	v1.8.0 -> v1.9.0
github.com/go-viper/mapstructure/v2	v2.2.1 -> v2.4.0
github.com/pelletier/go-toml/v2	v2.2.3 -> v2.2.4
github.com/pmezard/go-difflib	v1.0.0 -> v1.0.1-0.20181226105442-5d4384ee4fb2
github.com/sagikazarmark/locafero	v0.7.0 -> v0.11.0
github.com/sourcegraph/conc	v0.3.0 -> v0.3.1-0.20240121214520-5f936abd7ae8
github.com/spf13/afero	v1.12.0 -> v1.15.0
github.com/spf13/cast	v1.7.1 -> v1.10.0
github.com/spf13/pflag	v1.0.6 -> v1.0.10
golang.org/x/exp	v0.0.0-20250408133849-7e4ce0ab07d0 -> v0.0.0-20250620022241-b7579e27df2b
modernc.org/libc	v1.65.7 -> v1.66.10
golang.org/x/net	v0.40.0 -> v0.48.0
golang.org/x/sys	v0.33.0 -> v0.39.0
golang.org/x/text	v0.25.0 -> v0.32.0
golang.org/x/time	v0.11.0 -> v0.14.0