build(deps): bump github.com/danielgtaylor/huma/v2 from 2.35.0 to 2.37.1

[dependabot]

Bumps github.com/danielgtaylor/huma/v2 from 2.35.0 to 2.37.1.

Release notes

Sourced from github.com/danielgtaylor/huma/v2's releases.

v2.37.1

Overview

This bugfix release fixes an issue regarding the Swagger UI docs renderer, as well as fixes an issue preventing Groups from using the configurable options released in v2.37.1.

This also brings interface constructors to humamux.

What's Changed

• Export Gorilla Mux interface constructors by @​RangelReale in danielgtaylor/huma#965
• fix(api): use proper CSP hash for inline script in Swagger doc renderer by @​leonklingele in danielgtaylor/huma#977
• fix(group): ensure "Group" satisfies the configProvider interface by @​leonklingele in danielgtaylor/huma#976

Full Changelog: danielgtaylor/huma@v2.37.0...v2.37.1

v2.37.0

Overview

Dropped Explicit IDN-Hostname Validation

This validation unintentionally imported an external library to the base Huma library. Since this was not a requested feature, it has been removed for now. The idn-hostname format value has become an alias for hostname in the meantime.

Operation ID Normalization

Spaces in operation IDs get automatically converted to hyphens now.

Optimizations & Fixed Memory Leak

Various internal operations have been optimized (~7% overall improvement): danielgtaylor/huma#973

A memory leak when using MultipartFormFiles has been resolved.

New Configurable Options

Allow Additional Properties By Default

A new config option has been added to allow additional properties by default. This can be set in the API config.

config.AllowAdditionalPropertiesByDefault = true

Fields Optional By Default

A new config option has been added to set fields to optional by default, rather than required by default. This can be set in the API config.

config.FieldsOptionalByDefault = true

Strict Query Parameters

A new config option has been added to forcibly reject unknown query parameters. This can be set in the API config, or per-operation.

config.RejectUnknownQueryParameters = true

Framework & Dependency Updates

• Upgraded to Go 1.25

... (truncated)

Commits

• 6d0295c fix(group): ensure "Group" satisfies the configProvider interface (#976)
• 07ca6c5 fix(api): use proper CSP hash for inline script in Swagger doc renderer (#977)
• 58edcf2 Export humamux constructors (#965)
• 6c29f67 chore(api,docs): update unpkg libraries, specify SRI hash, add strict CSP (#916)
• 3aee9bd Additional docs + normalize operation IDs (#974)
• e31a819 Resource optimizations, Go 1.25, remove IDNA library, add benchmark CI (#973)
• ddbb810 Implement Registry and Query Validation Options (#925)
• 8258b45 chore(registry): drop random suffix out of variable name (#972)
• 2e3cc8b Revert #947 (temporary) (#971)
• f0a8c5a Fix incorrect schema generation for arrays (#970)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #989.