fix(deps): update module github.com/gin-gonic/gin to v1.12.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/gin-gonic/gin	v1.10.1 → v1.12.0

---

Release Notes

gin-gonic/gin (github.com/gin-gonic/gin)

v1.12.0

Compare Source

Features

• feat(render): add bson protocol (#​4145)
• feat(context): add GetError and GetErrorSlice methods for error retrieval (#​4502)
• feat(binding): add support for encoding.UnmarshalText in uri/query binding (#​4203)
• feat(gin): add option to use escaped path (#​4420)
• feat(context): add Protocol Buffers support to content negotiation (#​4423)
• feat(context): implemented Delete method (#​38e7651)
• feat(logger): color latency (#​4146)

Enhancements

• perf(tree): reduce allocations in findCaseInsensitivePath (#​4417)
• perf(recovery): optimize line reading in stack function (#​4466)
• perf(path): replace regex with custom functions in redirectTrailingSlash (#​4414)
• perf(tree): optimize path parsing using strings.Count (#​4246)
• chore(logger): allow skipping query string output (#​4547)
• chore(context): always trust xff headers from unix socket (#​3359)
• chore(response): prevent Flush() panic when the underlying ResponseWriter does not implement http.Flusher (#​4479)
• refactor(recovery): smart error comparison (#​4142)
• refactor(context): replace hardcoded localhost IPs with constants (#​4481)
• refactor(utils): move util functions to utils.go (#​4467)
• refactor(binding): use maps.Copy for cleaner map handling (#​4352)
• refactor(context): using maps.Clone (#​4333)
• refactor(ginS): use sync.OnceValue to simplify engine function (#​4314)
• refactor: replace magic numbers with named constants in bodyAllowedForStatus (#​4529)
• refactor: for loop can be modernized using range over int (#​4392)

Bug Fixes

• fix(tree): panic in findCaseInsensitivePathRec with RedirectFixedPath (#​4535)
• fix(render): write content length in Data.Render (#​4206)
• fix(context): ClientIP handling for multiple X-Forwarded-For header values (#​4472)
• fix(binding): empty value error (#​2169)
• fix(recover): suppress http.ErrAbortHandler in recover (#​4336)
• fix(gin): literal colon routes not working with engine.Handler() (#​4415)
• fix(gin): close os.File in RunFd to prevent resource leak (#​4422)
• fix(response): refine hijack behavior for response lifecycle (#​4373)
• fix(binding): improve empty slice/array handling in form binding (#​4380)
• fix(debug): version mismatch (#​4403)
• fix: correct typos, improve documentation clarity, and remove dead code (#​4511)

Build process updates / CI

• ci: update Go version support to 1.25+ across CI and docs (#​4550)
• chore(binding): upgrade bson dependency to mongo-driver v2 (#​4549)

v1.11.0

Compare Source

Features

• feat(gin): Experimental support for HTTP/3 using quic-go/quic-go (#​3210)
• feat(form): add array collection format in form binding (#​3986), add custom string slice for form tag unmarshal (#​3970)
• feat(binding): add BindPlain (#​3904)
• feat(fs): Export, test and document OnlyFilesFS (#​3939)
• feat(binding): add support for unixMilli and unixMicro (#​4190)
• feat(form): Support default values for collections in form binding (#​4048)
• feat(context): GetXxx added support for more go native types (#​3633)

Enhancements

• perf(context): optimize getMapFromFormData performance (#​4339)
• refactor(tree): replace string(/) with "/" in node.insertChild (#​4354)
• refactor(render): remove headers parameter from writeHeader (#​4353)
• refactor(context): simplify "GetType()" functions (#​4080)
• refactor(slice): simplify SliceValidationError Error method (#​3910)
• refactor(context):Avoid using filepath.Dir twice in SaveUploadedFile (#​4181)
• refactor(context): refactor context handling and improve test robustness (#​4066)
• refactor(binding): use strings.Cut to replace strings.Index (#​3522)
• refactor(context): add an optional permission parameter to SaveUploadedFile (#​4068)
• refactor(context): verify URL is Non-nil in initQueryCache() (#​3969)
• refactor(context): YAML judgment logic in Negotiate (#​3966)
• tree: replace the self-defined 'min' to official one (#​3975)
• context: Remove redundant filepath.Dir usage (#​4181)

Bug Fixes

• fix: prevent middleware re-entry issue in HandleContext (#​3987)
• fix(binding): prevent duplicate decoding and add validation in decodeToml (#​4193)
• fix(gin): Do not panic when handling method not allowed on empty tree (#​4003)
• fix(gin): data race warning for gin mode (#​1580)
• fix(context): verify URL is Non-nil in initQueryCache() (#​3969)
• fix(context): YAML judgment logic in Negotiate (#​3966)
• fix(context): check handler is nil (#​3413)
• fix(readme): fix broken link to English documentation (#​4222)
• fix(tree): Keep panic infos consistent when wildcard type build faild (#​4077)

Build process updates / CI

• ci: integrate Trivy vulnerability scanning into CI workflow (#​4359)
• ci: support Go 1.25 in CI/CD (#​4341)
• build(deps): upgrade github.com/bytedance/sonic from v1.13.2 to v1.14.0 (#​4342)
• ci: add Go version 1.24 to GitHub Actions (#​4154)
• build: update Gin minimum Go version to 1.21 (#​3960)
• ci(lint): enable new linters (testifylint, usestdlibvars, perfsprint, etc.) (#​4010, #​4091, #​4090)
• ci(lint): update workflows and improve test request consistency (#​4126)

Dependency updates

• chore(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#​4346, #​4356)
• chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#​4347)
• chore(deps): bump actions/setup-go from 5 to 6 (#​4351)
• chore(deps): bump github.com/quic-go/quic-go from 0.53.0 to 0.54.0 (#​4328)
• chore(deps): bump golang.org/x/net from 0.33.0 to 0.38.0 (#​4178, #​4221)
• chore(deps): bump github.com/go-playground/validator/v10 from 10.20.0 to 10.22.1 (#​4052)

Documentation updates

• docs(changelog): update release notes for Gin v1.10.1 (#​4360)
• docs: Fixing English grammar mistakes and awkward sentence structure in doc/doc.md (#​4207)
• docs: update documentation and release notes for Gin v1.10.0 (#​3953)
• docs: fix typo in Gin Quick Start (#​3997)
• docs: fix comment and link issues (#​4205, #​3938)
• docs: fix route group example code (#​4020)
• docs(readme): add Portuguese documentation (#​4078)
• docs(context): fix some function names in comment (#​4079)

---

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 18 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.20 -> 1.25.0
github.com/stretchr/testify	v1.9.0 -> v1.11.1
github.com/bytedance/sonic	v1.11.6 -> v1.15.0
github.com/bytedance/sonic/loader	v0.1.1 -> v0.5.0
github.com/cloudwego/base64x	v0.1.4 -> v0.1.6
github.com/gabriel-vasile/mimetype	v1.4.3 -> v1.4.12
github.com/gin-contrib/sse	v0.1.0 -> v1.1.0
github.com/go-playground/validator/v10	v10.20.0 -> v10.30.1
github.com/goccy/go-json	v0.10.2 -> v0.10.5
github.com/klauspost/compress	v1.16.7 -> v1.17.6
github.com/klauspost/cpuid/v2	v2.2.7 -> v2.3.0
github.com/pelletier/go-toml/v2	v2.2.2 -> v2.2.4
github.com/ugorji/go/codec	v1.2.12 -> v1.3.1
golang.org/x/arch	v0.8.0 -> v0.22.0
golang.org/x/crypto	v0.32.0 -> v0.48.0
golang.org/x/net	v0.25.0 -> v0.51.0
golang.org/x/sys	v0.29.0 -> v0.41.0
golang.org/x/text	v0.21.0 -> v0.34.0
google.golang.org/protobuf	v1.34.1 -> v1.36.10

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/​gin-gonic/​gin@​v1.10.1 ⏵ v1.12.0	+1
	github.com/​stretchr/​testify@​v1.9.0 ⏵ v1.11.1	+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: golang go.mongodb.org/mongo-driver/v2 is 98.0% likely obfuscated Confidence: 0.98 Location: Package overview From: ? → golang/github.com/gin-gonic/gin@v1.12.0 → golang/go.mongodb.org/mongo-driver/v2@v2.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/go.mongodb.org/mongo-driver/v2@v2.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report