chore(deps): bump the minor-and-patch group across 1 directory with 15 updates

[dependabot]

Bumps the minor-and-patch group with 12 updates in the / directory:

Package	From	To
github.com/RichardKnop/machinery/v2	2.0.10	2.0.16
github.com/gin-gonic/gin	1.9.1	1.12.0
github.com/go-sql-driver/mysql	1.7.1	1.10.0
github.com/gocraft/dbr/v2	2.7.5	2.7.7
github.com/mattn/go-sqlite3	1.14.17	1.14.45
github.com/rubenv/sql-migrate	1.5.2	1.8.1
github.com/spf13/cast	1.5.1	1.10.0
github.com/spf13/viper	1.16.0	1.21.0
github.com/tidwall/gjson	1.15.0	1.19.0
github.com/unrolled/secure	1.13.0	1.17.0
go.uber.org/zap	1.24.0	1.28.0
google.golang.org/grpc	1.57.0	1.81.1

Updates github.com/RichardKnop/machinery/v2 from 2.0.10 to 2.0.16

Release notes

Sourced from github.com/RichardKnop/machinery/v2's releases.

Release v2.0.16

Full Changelog: RichardKnop/machinery@v2.0.15...v2.0.16

Release v2.0.15

What's Changed

• Remove useless import by @​TamaraNocentini in RichardKnop/machinery#846

New Contributors

• @​TamaraNocentini made their first contribution in RichardKnop/machinery#846

Full Changelog: RichardKnop/machinery@v2.0.14...v2.0.15

Release 2.0.14

First release of 2025.

What's Changed

• Support Redis cluster with single endpoint configuration by @​vincentluan in RichardKnop/machinery#801
• fix: close config files by @​testwill in RichardKnop/machinery#807
• Add redis client name config option by @​burak-aydin in RichardKnop/machinery#805
• Update mongodb driver package to v1.17.0 by @​zerodivisi0n in RichardKnop/machinery#819
• fix ttl index for mongodb results backend by @​boguszaur in RichardKnop/machinery#817
• fix v2 (redis): redis sentinel Authentication required bug by @​ArielinIChen in RichardKnop/machinery#816
• fix redis consumer bug by @​cyxr001 in RichardKnop/machinery#814
• fix v2 go-redis tls bug by @​msakauye in RichardKnop/machinery#832
• AMQP: nack the message with requeue false when IgnoreWhenTaskNotRegistered by @​surendratiwari3 in RichardKnop/machinery#798
• fix ttl field for mongo backend by @​boguszaur in RichardKnop/machinery#829
• support redis username by @​ALEX-yinhao in RichardKnop/machinery#834
• doc:add redis sentinel example by @​jxy90 in RichardKnop/machinery#826
• Add AWS SQS Visibility Heartbeat Feature by @​jbret89 in RichardKnop/machinery#837
• Upgrade AWD SDK to v2 by @​jbret89 in RichardKnop/machinery#838

New Contributors

• @​vincentluan made their first contribution in RichardKnop/machinery#801
• @​testwill made their first contribution in RichardKnop/machinery#807
• @​burak-aydin made their first contribution in RichardKnop/machinery#805
• @​zerodivisi0n made their first contribution in RichardKnop/machinery#819
• @​boguszaur made their first contribution in RichardKnop/machinery#817
• @​ArielinIChen made their first contribution in RichardKnop/machinery#816
• @​cyxr001 made their first contribution in RichardKnop/machinery#814
• @​msakauye made their first contribution in RichardKnop/machinery#832
• @​ALEX-yinhao made their first contribution in RichardKnop/machinery#834
• @​jxy90 made their first contribution in RichardKnop/machinery#826
• @​jbret89 made their first contribution in RichardKnop/machinery#837

Full Changelog: RichardKnop/machinery@v1.10.8...v2.0.14

v2.0.13

Full Changelog: RichardKnop/machinery@v2.0.12...v2.0.13

v2.0.12

... (truncated)

Commits

• dd7a774 fix: try to fix up some dependencies
• a51ba78 Remove useless import (#846)
• 378ff34 Upgrade AWD SDK to v2 (#838)
• 5fd6b17 fix: make ci works again
• dfd7622 Add AWS SQS Visibility Heartbeat Feature (#837)
• 327b52d Update README.md
• 1f99cf1 fix redis backend unit tests
• ff17325 doc:add redis sentinel example (#826)
• f5bd50a support redis username (#834)
• ef4a2e7 fix ttl field for mongo backend (#829)
• Additional commits viewable in compare view

Updates github.com/gin-gonic/gin from 1.9.1 to 1.12.0

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.12.0

Changelog

Features

• 192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) (@​takanuva15)
• 53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) (@​raju-mechatronics)
• acc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (#4423) (@​1911860538)
• 38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (@​Spyder01)
• 771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (#4420) (@​ldesauw)
• 4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (#4146) (@​wsyqn6)
• d7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (#4145) (@​laurentcau)

Bug fixes

• b917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (#2169) (@​guonaihong)
• c3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (#4380) (@​1911860538)
• 9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) (@​Nurysso)
• 2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (#4403) (@​zeek0x)
• c3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (#4422) (@​1911860538)
• 5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (#4415) (@​pawannn)
• 63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (#4336) (@​MondayCha)
• 5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (#4206) (@​dengaleev)
• 234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (#4373) (@​appleboy)
• 472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535) (@​veeceey)
• 8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (#4511) (@​mahanadh)

Enhancements

• ba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) (@​BobDu)
• b2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (#3359) (@​WeidiDeng)
• ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) (@​appleboy)
• af6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
• db309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (#4547) (@​USA-RedDragon)
• 26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when http.Flusher (#4479) (@​Twacqwq)
• 5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (#4388) (@​appleboy)

Refactor

• 39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (#4352) (@​russcoss)
• c0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (#4395) (@​wanghaolong613)
• 915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (#4481) (@​pauloappbr)
• 414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (#4333) (@​cuiweixie)
• 59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (#4314) (@​1911860538)
• 3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (#4142) (@​zeek0x)
• d1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (#4467) (@​zeek0x)
• e3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (#4392) (@​wanghaolong613)
• 488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) (@​veeceey)
• 9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (#4389) (@​reddaisyy)
• a85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (#4432) (@​efcking)

Build process updates

• 61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (#4367) (@​appleboy)
• fb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (#4436) (@​appleboy)
• 93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (#4437) (@​appleboy)
• e88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) (@​appleboy)
• 5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (#4421) (@​appleboy)
• 00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (#4531) (@​appleboy)
• ae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (#4550) (@​appleboy)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.12.0

Features

• feat(render): add bson protocol (#4145)
• feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502)
• feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203)
• feat(gin): add option to use escaped path (#4420)
• feat(context): add Protocol Buffers support to content negotiation (#4423)
• feat(context): implemented Delete method (#38e7651)
• feat(logger): color latency (#4146)

Enhancements

• perf(tree): reduce allocations in findCaseInsensitivePath (#4417)
• perf(recovery): optimize line reading in stack function (#4466)
• perf(path): replace regex with custom functions in redirectTrailingSlash (#4414)
• perf(tree): optimize path parsing using strings.Count (#4246)
• chore(logger): allow skipping query string output (#4547)
• chore(context): always trust xff headers from unix socket (#3359)
• chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#4479)
• refactor(recovery): smart error comparison (#4142)
• refactor(context): replace hardcoded localhost IPs with constants (#4481)
• refactor(utils): move util functions to utils.go (#4467)
• refactor(binding): use maps.Copy for cleaner map handling (#4352)
• refactor(context): using maps.Clone (#4333)
• refactor(ginS): use sync.OnceValue to simplify engine function (#4314)
• refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529)
• refactor: for loop can be modernized using range over int (#4392)

Bug Fixes

• fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
• fix(render): write content length in Data.Render (#4206)
• fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472)
• fix(binding): empty value error (#2169)
• fix(recover): suppress http.ErrAbortHandler in recover (#4336)
• fix(gin): literal colon routes not working with engine.Handler() (#4415)
• fix(gin): close os.File in RunFd to prevent resource leak (#4422)
• fix(response): refine hijack behavior for response lifecycle (#4373)
• fix(binding): improve empty slice/array handling in form binding (#4380)
• fix(debug): version mismatch (#4403)
• fix: correct typos, improve documentation clarity, and remove dead code (#4511)

Build process updates / CI

• ci: update Go version support to 1.25+ across CI and docs (#4550)
• chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)

Gin v1.11.0

... (truncated)

Commits

• 73726dc docs: update documentation to reflect Go version changes (#4552)
• e292e5c docs: document and finalize Gin v1.12.0 release (#4551)
• ae3f524 ci: update Go version support to 1.25+ across CI and docs (#4550)
• 38534e2 chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#4548)
• 472d086 fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
• fb25834 test(context): use http.StatusContinue constant instead of magic number 100 (...
• 6f1d5fe test(render): add comprehensive error handling tests (#4541)
• 5c00df8 fix(render): write content length in Data.Render (#4206)
• db30908 chore(logger): allow skipping query string output (#4547)
• ba093d1 chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)
• Additional commits viewable in compare view

Updates github.com/go-sql-driver/mysql from 1.7.1 to 1.10.0

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.10.0

What's Changed

• add Go 1.24 to the test matrix by @​shogo82148 in go-sql-driver/mysql#1681
• modernize for Go 1.22 by @​methane in go-sql-driver/mysql#1695
• test stability improvement. by @​methane in go-sql-driver/mysql#1698
• simplify collation tests by @​methane in go-sql-driver/mysql#1700
• fix bigint unsigned null column scan to err type int64 by @​elonnzhang in go-sql-driver/mysql#1612
• Transaction Commit/Rollback returns conn's cached error, if present by @​brad-defined in go-sql-driver/mysql#1691
• add BenchmarkReceive10kRowsCompress by @​methane in go-sql-driver/mysql#1704
• optimize readPacket by @​methane in go-sql-driver/mysql#1705
• MariaDB Metadata skipping and DEPRECATE_EOF by @​rusher in go-sql-driver/mysql#1708
• Optimization: statements reuse previous column name by @​methane in go-sql-driver/mysql#1711
• update outdated MySQL internals documentation links by @​demouth in go-sql-driver/mysql#1714
• fix PING on compressed connections by @​methane in go-sql-driver/mysql#1721
• add DeepWiki badge by @​methane in go-sql-driver/mysql#1722
• Update edwards25519 dependency to v1.1.1 by @​williamhaw in go-sql-driver/mysql#1749
• Configure Dependabot for Go modules by @​methane in go-sql-driver/mysql#1755
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.1 by @​dependabot[bot] in go-sql-driver/mysql#1759
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in go-sql-driver/mysql#1760
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in go-sql-driver/mysql#1757
• fix staticcheck error by @​methane in go-sql-driver/mysql#1761
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in go-sql-driver/mysql#1758
• Fix getSystemVar buffer reuse by @​morgo in go-sql-driver/mysql#1754
• Consolidate Dependabot update noise by grouping weekly dependency PRs by @​Copilot in go-sql-driver/mysql#1762
• Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0 by @​dependabot[bot] in go-sql-driver/mysql#1756
• CI: Update GitHub Actions Go matrix to 1.24–1.26 by @​Copilot in go-sql-driver/mysql#1763
• Enhance interpolateParams to correctly handle placeholders by @​rusher in go-sql-driver/mysql#1732
• modernize by @​methane in go-sql-driver/mysql#1764
• release v1.10.0 by @​methane in go-sql-driver/mysql#1765

New Contributors

• @​elonnzhang made their first contribution in go-sql-driver/mysql#1612
• @​brad-defined made their first contribution in go-sql-driver/mysql#1691
• @​rusher made their first contribution in go-sql-driver/mysql#1708
• @​demouth made their first contribution in go-sql-driver/mysql#1714
• @​williamhaw made their first contribution in go-sql-driver/mysql#1749
• @​dependabot[bot] made their first contribution in go-sql-driver/mysql#1759
• @​morgo made their first contribution in go-sql-driver/mysql#1754
• @​Copilot made their first contribution in go-sql-driver/mysql#1762

Full Changelog: go-sql-driver/mysql@v1.9.2...v1.10.0

v1.9.3

What's Changed

• [1.9] test stability improvement. by @​methane in go-sql-driver/mysql#1699
• [1.9] Transaction Commit/Rollback returns conn's cached error by @​methane in go-sql-driver/mysql#1702
• backport benchmark_test by @​methane in go-sql-driver/mysql#1706
• [1.9] optimize readPacket (#1705) by @​methane in go-sql-driver/mysql#1707
• [1.9] fix PING on compressed connections by @​methane in go-sql-driver/mysql#1723
• release v1.9.3 by @​methane in go-sql-driver/mysql#1725

... (truncated)

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

v1.10.0 (2026-04-28)

• Fix getSystemVar("max_allowed_packet") potentially returned wrong value. (#1754) This affects only when maxAllowedPacket=0 is set.

• Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0. (#1756) While older versions have reported CVEs, they do not affect go-mysql.

• Update Go versions to 1.24-1.26. (#1763)

• Enhance interpolateParams to correctly handle placeholders. (#1732) The question mark (?) within strings and comments will no longer be treated as a placeholder.

v1.9.3 (2025-06-13)

• tx.Commit() and tx.Rollback() returned ErrInvalidConn always. Now they return cached real error if present. (#1690)

• Optimize reading small result sets to fix a performance regression introduced by compression protocol support. ([#1707](https://github.com/go-sql-driver/mysql/issues/1707))

• Fix db.Ping() on compressed connection. (#1723)

v1.9.2 (2025-04-07)

v1.9.2 is a re-release of v1.9.1 due to a release process issue; no changes were made to the content.

v1.9.1 (2025-03-21)

Major Changes

• Add Charset() option. (#1679)

Bugfixes

• go.mod: fix go version format (#1682)
• Fix FormatDSN missing ConnectionAttributes (#1619)

v1.9.0 (2025-02-18)

Major Changes

• Implement zlib compression. (#1487)
• Supported Go version is updated to Go 1.21+. (#1639)
• Add support for VECTOR type introduced in MySQL 9.0. (#1609)
• Config object can have custom dial function. (#1527)

Bugfixes

... (truncated)

Commits

• a065b60 release v1.10.0 (#1765)
• 09e4187 modernize (#1764)
• 6c44a9a Enhance interpolateParams to correctly handle placeholders (#1732)
• 688ce56 Update supported Go version to 1.24–1.26 (#1763)
• 118d07f Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0 (#1756)
• d6b2d3e Consolidate Dependabot update noise by grouping weekly dependency PRs (#1762)
• 037dfd8 Fix getSystemVar buffer reuse (#1754)
• 900f330 Bump actions/checkout from 4 to 6 (#1758)
• ab9e380 fix staticcheck error (#1761)
• f298c66 Bump actions/setup-go from 5 to 6 (#1757)
• Additional commits viewable in compare view

Updates github.com/gocraft/dbr/v2 from 2.7.5 to 2.7.7

Release notes

Sourced from github.com/gocraft/dbr/v2's releases.

v2.7.7

• Add support for mysql optimizer hints
• Add support for CASE/WHEN/ELSE

v2.7.6

• Add context variants of Return* methods
• Various fixes

Commits

• 9d56616 Add support for mysql optimizer hint comments (#270)
• 2d3da06 Add support for CASE, WHEN, ELSE (#266)
• c638faa Update go version and circleci build (#265)
• 3be1adc fix: Postgres DB with non-UTC timezone incorrectly parse in timestamptz field...
• d1d89a2 DOC: fix InsertStmt adds data from struct example (#250)
• 26995ef Add "sqlite" as "sqlite3" dialect alias (#244)
• 85e0c03 fix (#259)
• 7d25f69 add fossa api key (#258)
• 81abfca Add Return*Context() functions (#257)
• See full diff in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.17 to 1.14.45

Commits

• 7ca6a97 Merge pull request #1404 from mattn/sqlite-amalgamation-3053002
• e2ab931 Upgrade SQLite to version 3053002
• 75d8c60 Merge pull request #1403 from dxbjavid/bind-text64-length
• d1ab49c bind via sqlite3_bind_text64/blob64 to avoid 32-bit length truncation
• b3b5216 Merge pull request #1402 from dxbjavid/guard-resulttext-oversize
• 2af23f7 guard oversized string length in ResultText
• 1a7264c Merge pull request #1400 from calmh/unsafereflect
• 9accb92 Merge pull request #1399 from calmh/uintsize
• 9d6bf2c Merge pull request #1338 from calmh/dbstat
• fed9970 modernise reflect.SliceHeader to unsafe.Slice
• Additional commits viewable in compare view

Updates github.com/rubenv/sql-migrate from 1.5.2 to 1.8.1

Commits

• b9b1fe7 Bump golang.org/x/crypto from 0.37.0 to 0.45.0
• e2b42d1 use fixed length array (#288)
• 563a2f0 updated golanglint ci version
• 35fb337 updated golanglint ci version
• 67a517e test fixed
• db07bec test fixed
• c849b7f test fixed
• 8ad8837 test fixed
• d37ece3 fix .golangci.yaml
• af578a3 run go mod tidy
• Additional commits viewable in compare view

Updates github.com/spf13/cast from 1.5.1 to 1.10.0

Release notes

Sourced from github.com/spf13/cast's releases.

v1.10.0

What's Changed

• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in spf13/cast#275
• build(deps): bump github/codeql-action from 3.28.18 to 3.28.19 by @​dependabot[bot] in spf13/cast#277
• build(deps): bump github/codeql-action from 3.28.19 to 3.29.5 by @​dependabot[bot] in spf13/cast#289
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.10 by @​dependabot[bot] in spf13/cast#296
• build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 by @​dependabot[bot] in spf13/cast#295
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in spf13/cast#293
• build(deps): bump github/codeql-action from 3.29.10 to 3.30.1 by @​dependabot[bot] in spf13/cast#301
• build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in spf13/cast#300
• build(deps): bump actions/dependency-review-action from 4.7.2 to 4.7.3 by @​dependabot[bot] in spf13/cast#298
• Always return empty map instead of nil when conversion fails by @​andig in spf13/cast#283

New Contributors

• @​andig made their first contribution in spf13/cast#283

Full Changelog: spf13/cast@v1.9.2...v1.10.0

v1.9.2

What's Changed

• fix: float string to number parsing by @​sagikazarmark in spf13/cast#276

Full Changelog: spf13/cast@v1.9.1...v1.9.2

v1.9.1

What's Changed

• fix: indirection of typed nils by @​sagikazarmark in spf13/cast#273

Full Changelog: spf13/cast@v1.9.0...v1.9.1

v1.9.0

Notable new features 🎉

• Casting from type aliases is now supported for basic types
• Added generic functions: To/ToE, Must, ToNumber/ToNumberE
• Increased test coverage
• Converting float numbers from string is now supported

[!WARNING] Since cast now supports converting float values from strings, a related edge case behaves differently:

In previous versions, attempting to convert an empty string to a float resulted in an error.

Starting with this version, the same operation no longer raises an error.

To maintain consistency with the rest of the library, an empty string now converts to the float value 0.0.

What's Changed

... (truncated)

Commits

• fc73346 Merge pull request #283 from andig/patch-1
• 6002cff Merge pull request #298 from spf13/dependabot/github_actions/actions/dependen...
• c1c153d Merge pull request #300 from spf13/dependabot/github_actions/actions/setup-go...
• 39beeac Merge pull request #301 from spf13/dependabot/github_actions/github/codeql-ac...
• 365e80c build(deps): bump github/codeql-action from 3.29.10 to 3.30.1
• 9f0f68b build(deps): bump actions/setup-go from 5.5.0 to 6.0.0
• d45dead build(deps): bump actions/dependency-review-action from 4.7.2 to 4.7.3
• 004f51d Merge pull request #293 from spf13/dependabot/github_actions/actions/checkout...
• 6458e07 Merge pull request #295 from spf13/dependabot/github_actions/actions/dependen...
• 970d9ea Merge pull request #296 from spf13/dependabot/github_actions/github/codeql-ac...
• Additional commits viewable in compare view

Updates github.com/spf13/viper from 1.16.0 to 1.21.0

Release notes

Sourced from github.com/spf13/viper's releases.

v1.21.0

What's Changed

Enhancements 🚀

• Add support for flags pflag.BoolSlice, pflag.UintSlice and pflag.Float64Slice by @​nmvalera in spf13/viper#2015
• feat: use maintained yaml library by @​sagikazarmark in spf13/viper#2040

Bug Fixes 🐛

• fix(config): get config type from v.configType or config file ext by @​GuillaumeBAECHLER in spf13/viper#2003
• fix: config type check when loading any config by @​sagikazarmark in spf13/viper#2007

Dependency Updates ⬆️

• Update dependencies by @​sagikazarmark in spf13/viper#1993
• build(deps): bump github.com/spf13/cast from 1.7.1 to 1.8.0 by @​dependabot[bot] in spf13/viper#2017
• build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 by @​dependabot[bot] in spf13/viper#2013
• build(deps): bump github.com/sagikazarmark/locafero from 0.8.0 to 0.9.0 by @​dependabot[bot] in spf13/viper#2008
• build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in /remote by @​dependabot[bot] in spf13/viper#2016
• build(deps): bump github.com/spf13/cast from 1.8.0 to 1.9.2 by @​dependabot[bot] in spf13/viper#2020
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @​dependabot[bot] in spf13/viper#2028
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @​dependabot[bot] in spf13/viper#2035
• build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @​dependabot[bot] in spf13/viper#2036
• build(deps): bump github.com/fsnotify/fsnotify from 1.8.0 to 1.9.0 by @​dependabot[bot] in spf13/viper#2012
• build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 by @​dependabot[bot] in spf13/viper#2052
• build(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /remote by @​dependabot[bot] in spf13/viper#2048
• build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 by @​dependabot[bot] in spf13/viper#2056
• chore: update dependencies by @​sagikazarmark in spf13/viper#2057

Other Changes

• Update update guide with mapstructure package replacement. by @​aldas in spf13/viper#2004
• refactor: use the built-in max/min to simplify the code by @​yingshanghuangqiao in spf13/viper#2029

New Contributors

• @​GuillaumeBAECHLER made their first contribution in spf13/viper#2003
• @​aldas made their first contribution in spf13/viper#2004
• @​nmvalera made their first contribution in spf13/viper#2015
• @​yingshanghuangqiao made their first contribution in spf13/viper#2029

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Dependency Changes Detected

This PR modifies dependency files. Please review whether these changes are intentional.

Changed files:

• go.mod
• go.sum

Maintainer checklist:

• Confirm dependency changes are intentional
• Review package delta if lockfile changed

[lml2468]

[REQUEST_CHANGES] — reviewer account matches PR author; do not merge.

CI Failures: Build + Test + Vet all FAILED 🔴

Root cause (from Vet job logs):

go: errors parsing go.mod:
go.mod:3: invalid go version '1.25.0': must match format 1.23

The Dependabot update bumped go.mod's go directive to 1.25.0, but CI runs on GO_VERSION: 1.20 (set in ci.yml). Go 1.20's toolchain cannot parse the 3-component version format (1.25.0); it expects the 1.23-style (major.minor only).

Required Fix

Either:

1. Update CI — bump GO_VERSION in ci.yml to match the new go.mod requirement (e.g. 1.25) before merging this PR, or
2. Rebase Dependabot after the CI Go version is updated so the go.mod change becomes compatible.

The 15 dependency bumps themselves look reasonable (minor/patch only, Dependabot-generated), but this PR cannot be merged until CI is green.

[Jerry-Xin]

This dependency bump is in scope, but it currently breaks the repository build and CI.

🔴 Blocking

🔴 Critical — The new dependency set does not compile.
go.mod bumps google.golang.org/grpc to v1.81.1, while go.mod leaves google.golang.org/api at v0.122.0. With this combination, go test ./..., CGO_ENABLED=0 go build -v ./..., and go vet ./... all fail:

# google.golang.org/api/transport/grpc
.../google.golang.org/api@v0.122.0/transport/grpc/dial.go:162:149:
too few values in struct literal of type "google.golang.org/grpc/credentials/google".DefaultCredentialsOptions

go mod why -m google.golang.org/api shows this still comes through the project’s dependency graph via config -> github.com/RichardKnop/machinery/v2/config -> cloud.google.com/go/pubsub -> google.golang.org/api/option. The PR needs to update the Google Cloud/API dependency set consistently, or choose a compatible grpc version.

🔴 Critical — The PR raises the module to Go 1.25 but leaves CI pinned to Go 1.20.
go.mod changes the module directive to go 1.25.0, while CI still sets GO_VERSION: '1.20' in .github/workflows/ci.yml. Simulating that toolchain fails before package loading:

go: errors parsing go.mod:
go.mod:3: invalid go version '1.25.0': must match format 1.23

Several bumped modules now require newer Go versions, including github.com/gin-gonic/gin v1.12.0, google.golang.org/grpc v1.81.1, and multiple golang.org/x/* modules requiring Go 1.25. The CI/toolchain policy must be updated together with this dependency bump, or the selected versions must be reduced to match the existing Go 1.20 support target.

✅ Highlights

The PR is limited to dependency metadata, and the updates include meaningful security-relevant refreshes such as golang.org/x/crypto. However, it is not mergeable until the build and CI compatibility issues above are fixed.

[lml2468]

Verdict: CHANGES_REQUESTED — CI red (Build/Test/Vet all fail)

Gate check: CI red → do not deep-review.

Root Cause

The CI failure is NOT the grpc/google-api incompatibility Allen reported. The actual error is more fundamental:

go: errors parsing go.mod:
go.mod:3: invalid go version '1.25.0': must match format 1.23

What happened: one or more of the 15 bumped dependencies requires Go 1.25+. Dependabot auto-updated the go directive from go 1.20 → go 1.25.0. But CI is pinned to GO_VERSION: '1.20' — Go 1.20 can't even parse three-part version numbers (that format was introduced in Go 1.21).

Fix Options

1. Bump CI Go version to 1.25+ — but this is a policy decision (Go 1.20 → 1.25 is a major leap)
2. Constrain Dependabot — add ignore rules or version constraints in dependabot.yml to avoid deps requiring Go > 1.20
3. Split the group — bump deps individually, skip those requiring Go 1.25+

This needs a maintainer decision on Go version policy before the dep bump can proceed.