Bump the go_modules group across 3 directories with 3 updates by dependabot[bot] · Pull Request #21364 · github/codeql

dependabot · 2026-02-25T06:06:36Z

Bumps the go_modules group with 2 updates in the /go/ql/test/experimental/CWE-321-V2 directory: github.com/golang-jwt/jwt/v5 and golang.org/x/crypto.
Bumps the go_modules group with 1 update in the /go/ql/test/experimental/CWE-525 directory: github.com/gofiber/fiber/v2.
Bumps the go_modules group with 1 update in the /go/ql/test/library-tests/semmle/go/frameworks/Fiber directory: github.com/gofiber/fiber/v2.

Updates github.com/golang-jwt/jwt/v5 from 5.0.0 to 5.2.2

Release notes

Sourced from github.com/golang-jwt/jwt/v5's releases.

v5.2.2

What's Changed

Fixed GHSA-mh63-6h87-95cp by @mfridman

Fixed some typos by @Ashikpaul in golang-jwt/jwt#382

build: add go1.22 to ci workflows by @mfridman in golang-jwt/jwt#383

Bump golangci/golangci-lint-action from 4 to 5 by @dependabot in golang-jwt/jwt#387

Bump golangci/golangci-lint-action from 5 to 6 by @dependabot in golang-jwt/jwt#389

chore: bump ci tests to include go1.23 by @mfridman in golang-jwt/jwt#405

Fix jwt -show by @AlexanderYastrebov in golang-jwt/jwt#406

docs: typo by @kvii in golang-jwt/jwt#407

Update SECURITY.md by @oxisto in golang-jwt/jwt#416

Update jwt.Parse example to use jwt.WithValidMethods by @mattt in golang-jwt/jwt#425

New Contributors

@Ashikpaul made their first contribution in golang-jwt/jwt#382

@kvii made their first contribution in golang-jwt/jwt#407

@mattt made their first contribution in golang-jwt/jwt#425

Full Changelog: golang-jwt/jwt@v5.2.1...v5.2.2

v5.2.1

What's Changed

chore: remove unnecessary conversions from tests by @estensen in golang-jwt/jwt#370

Trivial: Typo fix for ECDSA error message by @tjs-cinemo in golang-jwt/jwt#373

Fix incorrect error return by @ss49919201 in golang-jwt/jwt#371

New Contributors

@tjs-cinemo made their first contribution in golang-jwt/jwt#373

@ss49919201 made their first contribution in golang-jwt/jwt#371

Full Changelog: golang-jwt/jwt@v5.2.0...v5.2.1

v5.2.0

What's Changed

Exported NewValidator by @oxisto in golang-jwt/jwt#349

Improve ErrInvalidKeyType error messages by @Laurin-Notemann in golang-jwt/jwt#361

Update MIGRATION_GUIDE.md by @jbarham in golang-jwt/jwt#363

New Contributors

@Laurin-Notemann made their first contribution in golang-jwt/jwt#361

@jbarham made their first contribution in golang-jwt/jwt#363

Full Changelog: golang-jwt/jwt@v5.1.0...v5.2.0

v5.1.0

What's Changed

Using jwt's native ErrInvalidType instead of json.UnsupportedTypeError by @oxisto in golang-jwt/jwt#316

Fix typos in comments and test names by @alexandear in golang-jwt/jwt#317

Format: add whitespaces, remove empty lines by @alexandear in golang-jwt/jwt#319

Refactor example: use io.ReadAll instead of io.Copy by @alexandear in golang-jwt/jwt#320

... (truncated)

Commits

0951d18 Merge commit from fork
c035977 Update Parse example to use WithValidMethods (#425)
bc8bdca Update SECURITY.md (#416)
5ec246c docs: typo (#407)
0123f1a Fix jwt -show (#406)
f961c72 chore: bump ci tests to include go1.23 (#405)
62e504c Bump golangci/golangci-lint-action from 5 to 6 (#389)
1a56dcf Bump golangci/golangci-lint-action from 4 to 5 (#387)
c8043ea build: add go1.22 to ci workflows (#383)
7c3f6dc Update README.md (#382)
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.12.0 to 0.45.0

Commits

4e0068c go.mod: update golang.org/x dependencies
e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
f91f7a7 ssh/agent: prevent panic on malformed constraint
2df4153 acme/autocert: let automatic renewal work with short lifetime certs
bcf6a84 acme: pass context to request
b4f2b62 ssh: fix error message on unsupported cipher
79ec3a5 ssh: allow to bind to a hostname in remote forwarding
122a78f go.mod: update golang.org/x dependencies
c0531f9 all: eliminate vet diagnostics
0997000 all: fix some comments
Additional commits viewable in compare view

Updates github.com/gofiber/fiber/v2 from 2.51.0 to 2.52.12

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.52.12

🐛 Fixes

CVE fix GHSA-mrq8-rjmw-wpq3

Full Changelog: gofiber/fiber@v2.52.11...v2.52.12

v2.52.11

What's Changed

🧹 Updates

Improve mount functionality by @gaby in gofiber/fiber#3900

🐛 Bug Fixes

Backport defensive copying fixes from #3828 and #3829 to v2 by @sixcolors in gofiber/fiber#3888

Fixes and improvements for limiter middleware by @gaby in gofiber/fiber#3899

Full Changelog: gofiber/fiber@v2.52.10...v2.52.11

v2.52.10

🐛 Bug Fixes

Handle invalid path in filesystem by @rokostik in gofiber/fiber#3688

Fix recover middleware panic output formatting by @ReneWerner87 in gofiber/fiber#3818

Fix enforcement of Immutable config for some edge cases by @gaby in gofiber/fiber#3835

📚 Documentation

Document RoutePatternMatch by @ReneWerner87 in gofiber/fiber#3723

New Contributors

@rokostik made their first contribution in gofiber/fiber#3688

Full Changelog: gofiber/fiber@v2.52.9...v2.52.10

v2.52.9

🐛 Bug Fixes

Add upper index limit for parsers by @gaby in gofiber/fiber#3503

Embedded struct parsing by @ReneWerner87 in gofiber/fiber#3478

Fix Content-Type comparison in Is() by @gaby in gofiber/fiber#3537

Fix MIME type equality checks by @gaby in gofiber/fiber#3603

Full Changelog: gofiber/fiber@v2.52.8...v2.52.9

v2.52.8

👮 Security

Fix for BodyParser - GHSA-hg3g-gphw-5hhm

... (truncated)

Commits

6cba195 Bump fiber package version to 2.52.12
5ebbee7 docs: update image paths to v2 in README files
5028167 Merge commit from fork
42380aa fix: adapt tests for v2 - use defer/recover pattern and correct Handler signa...
7cffe29 refactor: use helper function for param route generation in tests
5494de8 🐛 bug: add panic for routes with >30 parameters (GHSA-mrq8-rjmw-wpq3)
65b0f3d Bump version to 2.52.11
1b53334 Modernize error handling in UUID functions (#3941)
eb874b6 Merge commit from fork
4ff945a 🩹 bug: Fix ErrorHandler invocation for mounted sub-apps (#3907)
Additional commits viewable in compare view

Updates github.com/gofiber/fiber/v2 from 2.51.0 to 2.52.12

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.52.12

🐛 Fixes

CVE fix GHSA-mrq8-rjmw-wpq3

Full Changelog: gofiber/fiber@v2.52.11...v2.52.12

v2.52.11

What's Changed

🧹 Updates

Improve mount functionality by @gaby in gofiber/fiber#3900

🐛 Bug Fixes

Backport defensive copying fixes from #3828 and #3829 to v2 by @sixcolors in gofiber/fiber#3888

Fixes and improvements for limiter middleware by @gaby in gofiber/fiber#3899

Full Changelog: gofiber/fiber@v2.52.10...v2.52.11

v2.52.10

🐛 Bug Fixes

Handle invalid path in filesystem by @rokostik in gofiber/fiber#3688

Fix recover middleware panic output formatting by @ReneWerner87 in gofiber/fiber#3818

Fix enforcement of Immutable config for some edge cases by @gaby in gofiber/fiber#3835

📚 Documentation

Document RoutePatternMatch by @ReneWerner87 in gofiber/fiber#3723

New Contributors

@rokostik made their first contribution in gofiber/fiber#3688

Full Changelog: gofiber/fiber@v2.52.9...v2.52.10

v2.52.9

🐛 Bug Fixes

Add upper index limit for parsers by @gaby in gofiber/fiber#3503

Embedded struct parsing by @ReneWerner87 in gofiber/fiber#3478

Fix Content-Type comparison in Is() by @gaby in gofiber/fiber#3537

Fix MIME type equality checks by @gaby in gofiber/fiber#3603

Full Changelog: gofiber/fiber@v2.52.8...v2.52.9

v2.52.8

👮 Security

Fix for BodyParser - GHSA-hg3g-gphw-5hhm

... (truncated)

Commits

6cba195 Bump fiber package version to 2.52.12
5ebbee7 docs: update image paths to v2 in README files
5028167 Merge commit from fork
42380aa fix: adapt tests for v2 - use defer/recover pattern and correct Handler signa...
7cffe29 refactor: use helper function for param route generation in tests
5494de8 🐛 bug: add panic for routes with >30 parameters (GHSA-mrq8-rjmw-wpq3)
65b0f3d Bump version to 2.52.11
1b53334 Modernize error handling in UUID functions (#3941)
eb874b6 Merge commit from fork
4ff945a 🩹 bug: Fix ErrorHandler invocation for mounted sub-apps (#3907)
Additional commits viewable in compare view

Updates github.com/gofiber/fiber/v2 from 2.48.0 to 2.52.12

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.52.12

🐛 Fixes

CVE fix GHSA-mrq8-rjmw-wpq3

Full Changelog: gofiber/fiber@v2.52.11...v2.52.12

v2.52.11

What's Changed

🧹 Updates

Improve mount functionality by @gaby in gofiber/fiber#3900

🐛 Bug Fixes

Backport defensive copying fixes from #3828 and #3829 to v2 by @sixcolors in gofiber/fiber#3888

Fixes and improvements for limiter middleware by @gaby in gofiber/fiber#3899

Full Changelog: gofiber/fiber@v2.52.10...v2.52.11

v2.52.10

🐛 Bug Fixes

Handle invalid path in filesystem by @rokostik in gofiber/fiber#3688

Fix recover middleware panic output formatting by @ReneWerner87 in gofiber/fiber#3818

Fix enforcement of Immutable config for some edge cases by @gaby in gofiber/fiber#3835

📚 Documentation

Document RoutePatternMatch by @ReneWerner87 in gofiber/fiber#3723

New Contributors

@rokostik made their first contribution in gofiber/fiber#3688

Full Changelog: gofiber/fiber@v2.52.9...v2.52.10

v2.52.9

🐛 Bug Fixes

Add upper index limit for parsers by @gaby in gofiber/fiber#3503

Embedded struct parsing by @ReneWerner87 in gofiber/fiber#3478

Fix Content-Type comparison in Is() by @gaby in gofiber/fiber#3537

Fix MIME type equality checks by @gaby in gofiber/fiber#3603

Full Changelog: gofiber/fiber@v2.52.8...v2.52.9

v2.52.8

👮 Security

Fix for BodyParser - GHSA-hg3g-gphw-5hhm

... (truncated)

Commits

6cba195 Bump fiber package version to 2.52.12
5ebbee7 docs: update image paths to v2 in README files
5028167 Merge commit from fork
42380aa fix: adapt tests for v2 - use defer/recover pattern and correct Handler signa...
7cffe29 refactor: use helper function for param route generation in tests
5494de8 🐛 bug: add panic for routes with >30 parameters (GHSA-mrq8-rjmw-wpq3)
65b0f3d Bump version to 2.52.11
1b53334 Modernize error handling in UUID functions (#3941)
eb874b6 Merge commit from fork
4ff945a 🩹 bug: Fix ErrorHandler invocation for mounted sub-apps (#3907)
Additional commits viewable in compare view

Updates github.com/gofiber/fiber/v2 from 2.48.0 to 2.52.12

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.52.12

🐛 Fixes

CVE fix GHSA-mrq8-rjmw-wpq3

Full Changelog: gofiber/fiber@v2.52.11...v2.52.12

v2.52.11

What's Changed

🧹 Updates

Improve mount functionality by @gaby in gofiber/fiber#3900

🐛 Bug Fixes

Backport defensive copying fixes from #3828 and #3829 to v2 by @sixcolors in gofiber/fiber#3888

Fixes and improvements for limiter middleware by @gaby in gofiber/fiber#3899

Full Changelog: gofiber/fiber@v2.52.10...v2.52.11

v2.52.10

🐛 Bug Fixes

Handle invalid path in filesystem by @rokostik in gofiber/fiber#3688

Fix recover middleware panic output formatting by @ReneWerner87 in gofiber/fiber#3818

Fix enforcement of Immutable config for some edge cases by @gaby in gofiber/fiber#3835

📚 Documentation

Document RoutePatternMatch by @ReneWerner87 in gofiber/fiber#3723

New Contributors

@rokostik made their first contribution in gofiber/fiber#3688

Full Changelog: gofiber/fiber@v2.52.9...v2.52.10

v2.52.9

🐛 Bug Fixes

Add upper index limit for parsers by @gaby in gofiber/fiber#3503

Embedded struct parsing by @ReneWerner87 in gofiber/fiber#3478

Fix Content-Type comparison in Is() by @gaby in gofiber/fiber#3537

Fix MIME type equality checks by @gaby in gofiber/fiber#3603

Full Changelog: gofiber/fiber@v2.52.8...v2.52.9

v2.52.8

👮 Security

Fix for BodyParser - GHSA-hg3g-gphw-5hhm

... (truncated)

Commits

6cba195 Bump fiber package version to 2.52.12
5ebbee7 docs: update image paths to v2 in README files
5028167 Merge commit from fork
42380aa fix: adapt tests for v2 - use defer/recover pattern and correct Handler signa...
7cffe29 refactor: use helper function for param route generation in tests
5494de8 🐛 bug: add panic for routes with >30 parameters (GHSA-mrq8-rjmw-wpq3)
65b0f3d Bump version to 2.52.11
1b53334 Modernize error handling in UUID functions (#3941)
eb874b6 Merge commit from fork
4ff945a 🩹 bug: Fix ErrorHandler invocation for mounted sub-apps (#3907)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 2 updates in the /go/ql/test/experimental/CWE-321-V2 directory: [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) and [golang.org/x/crypto](https://github.com/golang/crypto). Bumps the go_modules group with 1 update in the /go/ql/test/experimental/CWE-525 directory: [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber). Bumps the go_modules group with 1 update in the /go/ql/test/library-tests/semmle/go/frameworks/Fiber directory: [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber). Updates `github.com/golang-jwt/jwt/v5` from 5.0.0 to 5.2.2 - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Commits](golang-jwt/jwt@v5.0.0...v5.2.2) Updates `golang.org/x/crypto` from 0.12.0 to 0.45.0 - [Commits](golang/crypto@v0.12.0...v0.45.0) Updates `github.com/gofiber/fiber/v2` from 2.51.0 to 2.52.12 - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](gofiber/fiber@v2.51.0...v2.52.12) Updates `github.com/gofiber/fiber/v2` from 2.51.0 to 2.52.12 - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](gofiber/fiber@v2.51.0...v2.52.12) Updates `github.com/gofiber/fiber/v2` from 2.48.0 to 2.52.12 - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](gofiber/fiber@v2.51.0...v2.52.12) Updates `github.com/gofiber/fiber/v2` from 2.48.0 to 2.52.12 - [Release notes](https://github.com/gofiber/fiber/releases) - [Commits](gofiber/fiber@v2.51.0...v2.52.12) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v5 dependency-version: 5.2.2 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/gofiber/fiber/v2 dependency-version: 2.52.12 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/gofiber/fiber/v2 dependency-version: 2.52.12 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/gofiber/fiber/v2 dependency-version: 2.52.12 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/gofiber/fiber/v2 dependency-version: 2.52.12 dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

owen-mc · 2026-02-25T06:09:35Z

@dependabot ignore github.com/golang-jwt/jwt/v5

dependabot · 2026-02-25T06:09:38Z

OK, I won't notify you about github.com/golang-jwt/jwt/v5 again, unless you unignore it.

owen-mc · 2026-02-25T06:09:48Z

@dependabot ignore golang.org/x/crypto

dependabot · 2026-02-25T06:09:50Z

OK, I won't notify you about golang.org/x/crypto again, unless you unignore it.

owen-mc · 2026-02-25T06:09:57Z

@dependabot ignore github.com/gofiber/fiber/v2

dependabot · 2026-02-25T06:09:59Z

OK, I won't notify you about github.com/gofiber/fiber/v2 again, unless you unignore it.

dependabot · 2026-02-25T06:10:51Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file Go labels Feb 25, 2026

dependabot bot requested a review from a team as a code owner February 25, 2026 06:06

dependabot bot added dependencies Pull requests that update a dependency file Go labels Feb 25, 2026

github-actions bot added the documentation label Feb 25, 2026

dependabot bot closed this Feb 25, 2026

dependabot bot deleted the dependabot/go_modules/go/ql/test/experimental/CWE-321-V2/go_modules-fb56510135 branch February 25, 2026 06:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go_modules group across 3 directories with 3 updates#21364

Bump the go_modules group across 3 directories with 3 updates#21364
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/go/ql/test/experimental/CWE-321-V2/go_modules-fb56510135

dependabot bot commented on behalf of github Feb 25, 2026 •

edited

Loading

Uh oh!

owen-mc commented Feb 25, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 25, 2026

Uh oh!

owen-mc commented Feb 25, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 25, 2026

Uh oh!

owen-mc commented Feb 25, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 25, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Feb 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.2.2

What's Changed

New Contributors

v5.2.1

What's Changed

New Contributors

v5.2.0

What's Changed

New Contributors

v5.1.0

What's Changed

v2.52.12

🐛 Fixes

v2.52.11

What's Changed

🧹 Updates

🐛 Bug Fixes

v2.52.10

🐛 Bug Fixes

📚 Documentation

New Contributors

v2.52.9

🐛 Bug Fixes

v2.52.8

👮 Security

v2.52.12

🐛 Fixes

v2.52.11

What's Changed

🧹 Updates

🐛 Bug Fixes

v2.52.10

🐛 Bug Fixes

📚 Documentation

New Contributors

v2.52.9

🐛 Bug Fixes

v2.52.8

👮 Security

v2.52.12

🐛 Fixes

v2.52.11

What's Changed

🧹 Updates

🐛 Bug Fixes

v2.52.10

🐛 Bug Fixes

📚 Documentation

New Contributors

v2.52.9

🐛 Bug Fixes

v2.52.8

👮 Security

v2.52.12

🐛 Fixes

v2.52.11

What's Changed

🧹 Updates

🐛 Bug Fixes

v2.52.10

🐛 Bug Fixes

📚 Documentation

New Contributors

v2.52.9

🐛 Bug Fixes

v2.52.8

👮 Security

Uh oh!

owen-mc commented Feb 25, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 25, 2026

Uh oh!

owen-mc commented Feb 25, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 25, 2026

Uh oh!

owen-mc commented Feb 25, 2026

dependabot bot commented on behalf of github Feb 25, 2026 •

edited

Loading