Skip to content

deps(go): bump github.com/gin-gonic/gin from 1.9.1 to 1.12.0 in /api-server#11

Open
dependabot[bot] wants to merge 44 commits into
mainfrom
dependabot/go_modules/api-server/github.com/gin-gonic/gin-1.12.0
Open

deps(go): bump github.com/gin-gonic/gin from 1.9.1 to 1.12.0 in /api-server#11
dependabot[bot] wants to merge 44 commits into
mainfrom
dependabot/go_modules/api-server/github.com/gin-gonic/gin-1.12.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown

Bumps github.com/gin-gonic/gin from 1.9.1 to 1.12.0.

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.12.0

Changelog

Features

  • 192ac89eefc1c30f7c97ae48a9ffb1c6f1c8c8bc: feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) (@​takanuva15)
  • 53410d2e07054369e0960fbe2eed97e1b9966f12: feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) (@​raju-mechatronics)
  • acc55e049e33b401e810dbd8c0d6dcb6b3ba2b05: feat(context): add Protocol Buffers support to content negotiation (#4423) (@​1911860538)
  • 38e765119241d990705169bedb5002a29ae0cbd1: feat(context): implemented Delete method (@​Spyder01)
  • 771dcc6476d7bc6abb9ec0235ecefa4d38fe6fb0: feat(gin): add option to use escaped path (#4420) (@​ldesauw)
  • 4dec17afdff48e8018c83618fbbe69fceeb2b41d: feat(logger): color latency (#4146) (@​wsyqn6)
  • d7776de7d444935ea4385999711bd6331a98fecb: feat(render): add bson protocol (#4145) (@​laurentcau)

Bug fixes

  • b917b14ff9d189f16a7492be79d123a47806ee19: fix(binding): empty value error (#2169) (@​guonaihong)
  • c3d1092b3b48addf6f9cd00fe274ec3bd14650eb: fix(binding): improve empty slice/array handling in form binding (#4380) (@​1911860538)
  • 9914178584e42458ff7d23891463a880f58c9d86: fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) (@​Nurysso)
  • 2a794cd0b0faa7d829291375b27a3467ea972b0d: fix(debug): version mismatch (#4403) (@​zeek0x)
  • c3d5a28ed6d3849da820195b6774d212bcc038a9: fix(gin): close os.File in RunFd to prevent resource leak (#4422) (@​1911860538)
  • 5fad976b372e381312f8de69f0969f1284d229d3: fix(gin): literal colon routes not working with engine.Handler() (#4415) (@​pawannn)
  • 63dd3e60cab89c27fb66bce1423bd268d52abad1: fix(recover): suppress http.ErrAbortHandler in recover (#4336) (@​MondayCha)
  • 5c00df8afadd06cc5be530dde00fe6d9fa4a2e4a: fix(render): write content length in Data.Render (#4206) (@​dengaleev)
  • 234a6d4c00cb77af9852aca0b8289745d5529b4b: fix(response): refine hijack behavior for response lifecycle (#4373) (@​appleboy)
  • 472d086af2acd924cb4b9d7be0525f7d790f69bc: fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535) (@​veeceey)
  • 8e07d37c63e5536eb25f4af4c91eabeee4011fba: fix: Correct typos, improve documentation clarity, and remove dead code (#4511) (@​mahanadh)

Enhancements

  • ba093d19477b896ac89a7fc3246af23d290b8e26: chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) (@​BobDu)
  • b2b489dbf4826c2c630717a77fd5e42774625410: chore(context): always trust xff headers from unix socket (#3359) (@​WeidiDeng)
  • ecb3f7b5e2f3915bf1db240ed5eee572f8dbea36: chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) (@​appleboy)
  • af6e8b70b8261bb0c99ad094fe552ab92991620a: chore(deps): upgrade quic-go to v0.57.1 (@​appleboy)
  • db309081bc5c137b2aa15701ef53f7f19788da25: chore(logger): allow skipping query string output (#4547) (@​USA-RedDragon)
  • 26c3a628655cad2388380cb8102d6ce7d4875f3b: chore(response): prevent Flush() panic when http.Flusher (#4479) (@​Twacqwq)
  • 5dd833f1f26de0eb30eae47b17e05ced2482dc41: chore: bump minimum Go version to 1.24 and update workflows (#4388) (@​appleboy)

Refactor

  • 39858a0859c914bd26948fa950477e11bd8d3823: refactor(binding): use maps.Copy for cleaner map handling (#4352) (@​russcoss)
  • c0048f645ee945c4db30593afdea10123e2c30a6: refactor(context): omit the return value names (#4395) (@​wanghaolong613)
  • 915e4c90d28ec4cffc6eb146e208ab5a65eac772: refactor(context): replace hardcoded localhost IPs with constants (#4481) (@​pauloappbr)
  • 414de60574449457f3192a7a1d5528940db2836d: refactor(context): using maps.Clone (#4333) (@​cuiweixie)
  • 59e9d4a794f12c4f9a6c7bed441b9644e5f6d99b: refactor(ginS): use sync.OnceValue to simplify engine function (#4314) (@​1911860538)
  • 3ab698dc5110af1977d57226e4995c57dd34c233: refactor(recovery): smart error comparison (#4142) (@​zeek0x)
  • d1a15347b1e45a8ee816193d3578a93bfd73b70f: refactor(utils): move util functions to utils.go (#4467) (@​zeek0x)
  • e3118cc378d263454098924ebbde7e8d1dd2e904: refactor: for loop can be modernized using range over int (#4392) (@​wanghaolong613)
  • 488f8c3ffa579a8d19beb2bae95ff8ef36b3d53f: refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) (@​veeceey)
  • 9968c4bf9d5a99edc3eee2c068a4c9160ece8915: refactor: use b.Loop() to simplify the code and improve performance (#4389) (@​reddaisyy)
  • a85ef5ce4d0cda8834c59c855068ed48b51192d1: refactor: use b.Loop() to simplify the code and improve performance (#4432) (@​efcking)

Build process updates

  • 61b67de522a189b568aced4c5c16917c558e3387: ci(bot): increase frequency and group updates for dependencies (#4367) (@​appleboy)
  • fb27ef26c2fdfe25344b4c039d8a53551f9e912c: ci(lint): refactor test assertions and linter configuration (#4436) (@​appleboy)
  • 93ff771e6dbf10e432864b30f3719ac5c84a4d4a: ci(sec): improve type safety and server organization in HTTP middleware (#4437) (@​appleboy)
  • e88fc8927a52b74f55bec0351604a56ac0aa1c51: ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) (@​appleboy)
  • 5e5ff3ace496a31b138b0820136a146bfb5de0ef: ci: replace vulnerability scanning workflow with Trivy integration (#4421) (@​appleboy)
  • 00900fb3e1ea9dde33985a0e4f6afec793d5e786: ci: update CI workflows and standardize Trivy config quotes (#4531) (@​appleboy)
  • ae3f524974fc4f55d18c9e7fae4614503c015226: ci: update Go version support to 1.25+ across CI and docs (#4550) (@​appleboy)

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.12.0

Features

  • feat(render): add bson protocol (#4145)
  • feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502)
  • feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203)
  • feat(gin): add option to use escaped path (#4420)
  • feat(context): add Protocol Buffers support to content negotiation (#4423)
  • feat(context): implemented Delete method (#38e7651)
  • feat(logger): color latency (#4146)

Enhancements

  • perf(tree): reduce allocations in findCaseInsensitivePath (#4417)
  • perf(recovery): optimize line reading in stack function (#4466)
  • perf(path): replace regex with custom functions in redirectTrailingSlash (#4414)
  • perf(tree): optimize path parsing using strings.Count (#4246)
  • chore(logger): allow skipping query string output (#4547)
  • chore(context): always trust xff headers from unix socket (#3359)
  • chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#4479)
  • refactor(recovery): smart error comparison (#4142)
  • refactor(context): replace hardcoded localhost IPs with constants (#4481)
  • refactor(utils): move util functions to utils.go (#4467)
  • refactor(binding): use maps.Copy for cleaner map handling (#4352)
  • refactor(context): using maps.Clone (#4333)
  • refactor(ginS): use sync.OnceValue to simplify engine function (#4314)
  • refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529)
  • refactor: for loop can be modernized using range over int (#4392)

Bug Fixes

  • fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
  • fix(render): write content length in Data.Render (#4206)
  • fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472)
  • fix(binding): empty value error (#2169)
  • fix(recover): suppress http.ErrAbortHandler in recover (#4336)
  • fix(gin): literal colon routes not working with engine.Handler() (#4415)
  • fix(gin): close os.File in RunFd to prevent resource leak (#4422)
  • fix(response): refine hijack behavior for response lifecycle (#4373)
  • fix(binding): improve empty slice/array handling in form binding (#4380)
  • fix(debug): version mismatch (#4403)
  • fix: correct typos, improve documentation clarity, and remove dead code (#4511)

Build process updates / CI

  • ci: update Go version support to 1.25+ across CI and docs (#4550)
  • chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)

Gin v1.11.0

... (truncated)

Commits
  • 73726dc docs: update documentation to reflect Go version changes (#4552)
  • e292e5c docs: document and finalize Gin v1.12.0 release (#4551)
  • ae3f524 ci: update Go version support to 1.25+ across CI and docs (#4550)
  • 38534e2 chore(deps): bump golang.org/x/net from 0.50.0 to 0.51.0 (#4548)
  • 472d086 fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#4535)
  • fb25834 test(context): use http.StatusContinue constant instead of magic number 100 (...
  • 6f1d5fe test(render): add comprehensive error handling tests (#4541)
  • 5c00df8 fix(render): write content length in Data.Render (#4206)
  • db30908 chore(logger): allow skipping query string output (#4547)
  • ba093d1 chore(binding): upgrade bson dependency to mongo-driver v2 (#4549)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

SuperMarioYL and others added 30 commits December 27, 2025 11:25
Auto-generated documentation version from release refs/tags/v0.0.6

- Added version 0.0.6 to versions.json
- Created versioned_docs/version-0.0.6/
- Created versioned_sidebars/version-0.0.6-sidebars.json
Auto-generated documentation version from release refs/tags/v0.0.7

- Added version 0.0.7 to versions.json
- Created versioned_docs/version-0.0.7/
- Created versioned_sidebars/version-0.0.7-sidebars.json
Auto-generated documentation version from release refs/tags/v0.0.8

- Added version 0.0.8 to versions.json
- Created versioned_docs/version-0.0.8/
- Created versioned_sidebars/version-0.0.8-sidebars.json
Auto-generated documentation version from release refs/tags/v0.0.11

- Added version 0.0.11 to versions.json
- Created versioned_docs/version-0.0.11/
- Created versioned_sidebars/version-0.0.11-sidebars.json
Auto-updated version files from release refs/tags/v0.0.11

- Updated Chart.yaml version to 0.0.11
- Updated package.json version to 0.0.11
…refresh

Backend: atomic RetryOnConflict balance read-modify-write; Deduct returns post-write balance; preserve OverdueAt across deductions; scheduler panic-recovery + jitter; apiServer.replicaCount=1 stopgap vs duplicate billing; K8s client QPS/Burst 50/100; first backend unit tests (calculateCost / Recharge / Deduct / grace / concurrent recharge).

Frontend: route-level React.lazy + Vite manualChunks (echarts split out of main bundle); top-level ErrorBoundary; shared getApiErrorMessage; drop unused @ant-design/pro-components; UI version injected from package.json; remove stray console.log.

Docs/site: emoji -> Tabler-style inline SVG icons; interactive vector ProductShowcase; corrected install docs (OCI charts/bison, /healthz, OpenCost ns/keys, replicaCount, bison-api/bison-web); 1200x630 social card + SEO meta; reduced-motion particle bg; features.md accuracy; docs/optimization-roadmap.md.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…billing)

Lease-based leader election (internal/leader) runs the singleton billing/auto-recharge/alert scheduler on exactly one replica; scheduler made re-startable with tests; replicaCount restored to 2; LEADER_ELECTION_ENABLED toggle; coordination.k8s.io/leases RBAC added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Auth Secret reuses existing JWT key and admin password on helm upgrade via lookup, instead of regenerating with randAlphaNum every render (which rotated the JWT key and admin password on every upgrade). Fresh installs still auto-generate.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…pare

Per-IP login limiter (5 fails / 5min -> 15min lockout, 429 + Retry-After) blocks admin-password brute force; crypto/subtle constant-time username+password comparison removes the timing side channel; limiter unit tests added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
CORS_ALLOWED_ORIGINS env restricts cross-origin requests to an allowlist (echoes matching origin + Vary + Allow-Credentials); unset preserves prior wildcard behavior for backward compatibility.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…illed timestamp

ProcessBilling gates on a persisted lastBilledAt so a cycle runs only after ~the configured interval elapsed, preventing the hourly tick from over-billing when interval>1h and preventing restart re-billing. First run sets a baseline. Timestamp write is conflict-retried; round-trip test added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
SuperMarioYL and others added 14 commits June 19, 2026 12:20
CalculateDailyConsumption divides by the actual deduction-activity span (capped 7d, floored 0.5d) instead of a fixed 7 days, and fetches up to 400 records so a full week of hourly deductions isn't truncated. Recharges/out-of-window excluded. Tests added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…oad prices once

GET /teams no longer runs a discarded OpenCost query per team. Billing/report cost computation resolves the price table once per operation (loadPrices + costFromPrices) instead of reading the resource-config ConfigMap per allocation row.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
OpenCost allocation queries wrapped in a 30s TTL cache that coalesces concurrent identical queries (window/aggregate/filter), cutting duplicate dashboard/billing load. Errors not cached. Self-contained, race-tested, no new dependency.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…b build

Release workflow gains a Test & Lint Gate (go vet/fmt/build/test -race + web npm ci/lint/vitest/build) that the publish chain needs, so broken code cannot be released. Declared tslib (phantom dep of echarts-for-react, previously provided by removed pro-components) and synced package-lock so npm ci is reproducible. gofmt applied across api-server.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…nal deps

macOS-generated lockfile omits @rollup/rollup-linux-x64-gnu; npm install resolves platform binaries on the Linux runner. Matches the web-ui Dockerfile.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
When AUTH_ENABLED=true the server refuses to start with an empty/default JWT_SECRET or empty/admin ADMIN_PASSWORD, preventing forgeable tokens and the default password in production. Auth-disabled/local dev unaffected; Helm injects random persisted secrets. Config validation tests added.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replaced 13 duplicated err.response.data.error extraction sites with the shared getApiErrorMessage helper across ClusterNodes/TeamDetail/TeamCreate/Login/ResourceConfig.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
AuthProvider and ThemeProvider memoize their context value with useMemo instead of allocating a new object each render, avoiding cascading consumer re-renders (incl. the antd ConfigProvider subtree).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Added values.schema.json so Helm type-checks values at install time (catches e.g. string replicaCount) and kubeVersion >=1.22 so unsupported clusters fail fast.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Added optional PodDisruptionBudget, HorizontalPodAutoscaler (deployment drops replicas when HPA on), and NetworkPolicy (api-server ingress from web-ui + release ns). All off by default; values.schema.json extended.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Added Dependabot for gomod/npm(web-ui,website)/github-actions/docker, and .dockerignore for api-server and web-ui to shrink build context and improve reproducibility.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.9.1 to 1.12.0.
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.9.1...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant