Bump the all group with 2 updates by dependabot[bot] · Pull Request #87 · nagare-media/engine

dependabot · 2026-04-13T06:05:15Z

Bumps the all group with 2 updates: github.com/mattn/go-isatty and github.com/valyala/fasthttp.

Updates github.com/mattn/go-isatty from 0.0.20 to 0.0.21

Commits

4237fb1 Update Go test matrix to current versions (1.24-1.26)
433c12b Update GitHub Actions to latest versions
1cf5589 Add wasip1 and wasip2 to build constraints in isatty_others.go
1237245 Update dependencies: go 1.15 -> 1.21, golang.org/x/sys v0.6.0 -> v0.28.0
ac9c88d Fix typo in comment: undocomented -> undocumented
8b7124e Add availability check for NtQueryObject in init
08d0313 Fix isCygwinPipeName to reject names with extra trailing tokens
See full diff in compare view

Updates github.com/valyala/fasthttp from 1.69.0 to 1.70.0

Release notes

Sourced from github.com/valyala/fasthttp's releases.

v1.70.0

What's Changed

Go 1.26 and golangci-lint updates by @erikdubbelboer in valyala/fasthttp#2146

Add WithLimit methods for uncompression by @erikdubbelboer in valyala/fasthttp#2147

Honor Root for fs.FS and normalize fs-style roots by @erikdubbelboer in valyala/fasthttp#2145

Sanitize header values in all setter paths to prevent CRLF injection by @erikdubbelboer in valyala/fasthttp#2162

Add ServeFileLiteral, ServeFSLiteral and SendFileLiteral by @erikdubbelboer in valyala/fasthttp#2163

Prevent chunk extension request smuggling by @erikdubbelboer in valyala/fasthttp#2165

Validate request URI format during header parsing to reject malformed requests by @erikdubbelboer in valyala/fasthttp#2168

HTTP1/1 requires exactly one Host header by @erikdubbelboer in valyala/fasthttp#2164

Strict HTTP version validation and simplified first line parsing by @erikdubbelboer in valyala/fasthttp#2167

Only normalize pre-colon whitespace for HTTP headers by @erikdubbelboer in valyala/fasthttp#2172

fs: reject '..' path segments in rewritten paths by @erikdubbelboer in valyala/fasthttp#2173

fasthttpproxy: reject CRLF in HTTP proxy CONNECT target by @erikdubbelboer in valyala/fasthttp#2174

fasthttpproxy: scope proxy auth cache to GetDialFunc by @erikdubbelboer in valyala/fasthttp#2144

feat: enhance performance by @ReneWerner87 in valyala/fasthttp#2135

export ErrConnectionClosed by @pjebs in valyala/fasthttp#2152

fix: detect master process death in prefork children by @meruiden in valyala/fasthttp#2158

return prev values by @pjebs in valyala/fasthttp#2123

docs: added httpgo to related projects by @MUlt1mate in valyala/fasthttp#2169

chore(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in valyala/fasthttp#2149

chore(deps): bump github.com/andybalholm/brotli from 1.2.0 to 1.2.1 by @dependabot[bot] in valyala/fasthttp#2170

chore(deps): bump github.com/klauspost/compress from 1.18.2 to 1.18.3 by @dependabot[bot] in valyala/fasthttp#2129

chore(deps): bump github.com/klauspost/compress from 1.18.3 to 1.18.4 by @dependabot[bot] in valyala/fasthttp#2140

chore(deps): bump github.com/klauspost/compress from 1.18.4 to 1.18.5 by @dependabot[bot] in valyala/fasthttp#2166

chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @dependabot[bot] in valyala/fasthttp#2139

chore(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 by @dependabot[bot] in valyala/fasthttp#2128

chore(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 by @dependabot[bot] in valyala/fasthttp#2138

chore(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 by @dependabot[bot] in valyala/fasthttp#2125

chore(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 by @dependabot[bot] in valyala/fasthttp#2137

chore(deps): bump securego/gosec from 2.22.11 to 2.23.0 by @dependabot[bot] in valyala/fasthttp#2142

Update securego/gosec from 2.23.0 to 2.25.0 by @erikdubbelboer in valyala/fasthttp#2161

New Contributors

@MUlt1mate made their first contribution in valyala/fasthttp#2169

@meruiden made their first contribution in valyala/fasthttp#2158

Full Changelog: valyala/fasthttp@v1.69.0...v1.70.0

Commits

534461a fasthttpproxy: reject CRLF in HTTP proxy CONNECT target (#2174)
267e740 fs: reject '..' path segments in rewritten paths (#2173)
a95a1ad Only normalize pre-colon whitespace for HTTP headers (#2172)
ab8c2ac fix: detect master process death in prefork children (#2158)
c4569c5 feat: enhance performance (#2135)
beab280 chore(deps): bump github.com/andybalholm/brotli from 1.2.0 to 1.2.1 (#2170)
82254a7 Normalize framing header names with pre-colon whitespace
6111327 Strict HTTP version validation and simplified first line parsing (#2167)
eb38f5f HTTP1/1 requires exactly one Host header (#2164)
7d90713 Validate request URI format during header parsing to reject malformed request...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 2 updates: [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) and [github.com/valyala/fasthttp](https://github.com/valyala/fasthttp). Updates `github.com/mattn/go-isatty` from 0.0.20 to 0.0.21 - [Commits](mattn/go-isatty@v0.0.20...v0.0.21) Updates `github.com/valyala/fasthttp` from 1.69.0 to 1.70.0 - [Release notes](https://github.com/valyala/fasthttp/releases) - [Commits](valyala/fasthttp@v1.69.0...v1.70.0) --- updated-dependencies: - dependency-name: github.com/mattn/go-isatty dependency-version: 0.0.21 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/valyala/fasthttp dependency-version: 1.70.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the kind/dependency Kind: Dependency label Apr 13, 2026

mtneug merged commit 558ebec into main Apr 13, 2026
16 checks passed

mtneug deleted the dependabot/go_modules/all-c005c243c7 branch April 13, 2026 08:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all group with 2 updates#87

Bump the all group with 2 updates#87
mtneug merged 1 commit intomainfrom
dependabot/go_modules/all-c005c243c7

dependabot Bot commented on behalf of github Apr 13, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 13, 2026

v1.70.0

What's Changed

New Contributors

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant