build(deps): bump the go-deps group across 1 directory with 9 updates

[dependabot]

Bumps the go-deps group with 8 updates in the / directory:

Package	From	To
github.com/aws/aws-sdk-go-v2	1.41.7	1.42.0
github.com/aws/aws-sdk-go-v2/config	1.32.17	1.32.25
github.com/aws/aws-sdk-go-v2/service/s3	1.101.0	1.104.0
github.com/coreos/go-oidc/v3	3.18.0	3.19.0
github.com/go-chi/chi/v5	5.2.5	5.3.0
github.com/testcontainers/testcontainers-go	0.42.0	0.43.0
golang.org/x/crypto	0.51.0	0.53.0
golang.org/x/net	0.55.0	0.56.0

Updates github.com/aws/aws-sdk-go-v2 from 1.41.7 to 1.42.0

Commits

• 9a3190f Release 2026-06-08
• b20dd5b Regenerated Clients
• 75a45ea Update API model
• e736f55 Add preview of changes for standard retry mode behind flag (#3400)
• ba08dc9 Release 2026-06-05.2
• 9a67e21 Revert schema serde (#3442)
• 51692f8 s3/transfermanager: avoid double-closing concurrentReader channel after read ...
• f696d5b Release 2026-06-05
• 7efb8fd Regenerated Clients
• 1a420c5 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.25

Commits

• 0016334 Release 2026-06-10
• 396a182 Regenerated Clients
• 3eb8533 Update API model
• 7bbea79 Release 2026-06-09
• 1fefa6c Regenerated Clients
• a2cf49f Update endpoints model
• d87be68 Update API model
• 9a3190f Release 2026-06-08
• b20dd5b Regenerated Clients
• 75a45ea Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.16 to 1.19.24

Commits

• 0016334 Release 2026-06-10
• 396a182 Regenerated Clients
• 3eb8533 Update API model
• 7bbea79 Release 2026-06-09
• 1fefa6c Regenerated Clients
• a2cf49f Update endpoints model
• d87be68 Update API model
• 9a3190f Release 2026-06-08
• b20dd5b Regenerated Clients
• 75a45ea Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.101.0 to 1.104.0

Commits

• 99943aa Release 2026-06-16
• 8594135 Regenerated Clients
• 14151e5 Update endpoints model
• f43e77c Update API model
• 9fcc53a Release 2026-06-15
• 65154c1 Regenerated Clients
• b86c7b9 Update API model
• 750e42a Release 2026-06-12
• f64ce2c Regenerated Clients
• 04e9755 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/coreos/go-oidc/v3 from 3.18.0 to 3.19.0

Release notes

Sourced from github.com/coreos/go-oidc/v3's releases.

v3.19.0

What's Changed

• fix: Key refresh should set no-cache to get most up to date keys by @​Yanni8 in coreos/go-oidc#485
• oidc: add support for validating back-channel logout tokens by @​ericchiang in coreos/go-oidc#486

New Contributors

• @​Yanni8 made their first contribution in coreos/go-oidc#485

Full Changelog: coreos/go-oidc@v3.18.0...v3.19.0

Commits

• 4204f0b oidc: add support for validating back-channel logout tokens
• f77e01c fix: Key refresh should set no-cache to get most up to date keys
• See full diff in compare view

Updates github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.3.0

What's Changed

• Use strings.ReplaceAll where applicable by @​JRaspass in go-chi/chi#1046
• Propagate inline middlewares across mounted subrouters by @​LukasJenicek in go-chi/chi#1049
• add go 1.26 to ci by @​pkieltyka in go-chi/chi#1052
• Remove last uses of io/ioutil by @​JRaspass in go-chi/chi#1054
• Simplify chi.walk with slices.Concat by @​JRaspass in go-chi/chi#1053
• Apply the stringscutprefix modernizer by @​JRaspass in go-chi/chi#1051
• Bump minimum Go to 1.23, always use request.Pattern by @​JRaspass in go-chi/chi#1048
• middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by @​alliasgher in go-chi/chi#1085
• Fix typo in Route doc comment by @​gouwazi in go-chi/chi#1073
• fix: set Request.Pattern from RoutePattern() by @​leno23 in go-chi/chi#1097
• feat: middleware.ClientIP, a replacement for middleware.RealIP by @​VojtechVitek in go-chi/chi#967

New Contributors

• @​LukasJenicek made their first contribution in go-chi/chi#1049
• @​alliasgher made their first contribution in go-chi/chi#1085
• @​gouwazi made their first contribution in go-chi/chi#1073
• @​leno23 made their first contribution in go-chi/chi#1097

SECURITY: middleware.ClientIP, a replacement for middleware.RealIP

@​VojtechVitek submitted PR #967, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:

• GHSA-9g5q-2w5x-hmxf — IP spoofing via XFF in RemoteAddr resolution (convto)
• GHSA-rjr7-jggh-pgcp — RealIP allows IP spoofing via unvalidated XFF (rezmoss)
• GHSA-3fxj-6jh8-hvhx — IP spoofing in middleware.RealIP (Saku0512, Critical / 9.3)

It also addresses issues outlined at:

• go-chi/chi#708
• https://adam-p.ca/blog/2022/03/x-forwarded-for/
• go-chi/chi#711
• go-chi/chi#453
• go-chi/chi#908

middleware.RealIP is deprecated in this PR with pointers to the new API.

The deprecation only adds a // Deprecated: doc comment; the function keeps working for backward compatibility.

Why a new middleware (not "fix RealIP in place")

RealIP has two unfixable design choices: it mutates r.RemoteAddr, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per adam-p's "The perils of the 'real' client IP" (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.

The new API

Four middlewares, two accessors. Pick exactly one middleware based on your infrastructure, read the result with one of the two accessors:

// One of the four. There is no safe default — pick exactly one.
func ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler
func ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler
func ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler
</tr></table> 

... (truncated)

Commits

• 3b17157 feat: middleware.ClientIP, a replacement for middleware.RealIP (#967)
• 818fdcf fix: set Request.Pattern from RoutePattern() (#1097)
• f975af0 Fix typo in Route doc comment (#1073)
• 4ef87ea middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (#1085)
• a54874f Bump minimum Go to 1.23, always use request.Pattern (#1048)
• 3328d4d Apply the stringscutprefix modernizer (#1051)
• be60b2e Simplify chi.walk with slices.Concat (#1053)
• a36a925 Remove last uses of io/ioutil (#1054)
• 7d93ee3 add go 1.26 to ci (#1052)
• 903cff2 Propagate inline middlewares across mounted subrouters (#1049)
• Additional commits viewable in compare view

Updates github.com/testcontainers/testcontainers-go from 0.42.0 to 0.43.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.43.0

What's Changed

⚠️ Breaking Changes

• chore(wait)!: change url callback in wait.ForSQL to accept network.Port (#3650) @​thaJeztah

Users of wait.ForSQL need to follow the new API contract, using Moby's network.Port instead of string when building the callback function to check the URL. Please see https://golang.testcontainers.org/features/wait/sql/

• feat!: add PullImageWithPlatform to DockerProvider (#3710) @​blueprismo

Users implementing their own testcontainers.ImageProvider need to implement the new PullImageWithPlatform method introduced by this PR.

🚀 Features

• feat(k3s): pull image opts (#3716) @​blueprismo
• feat(wait): implement AnyMultiStrategy: ForAny equivalent to ForAll. (#3719) @​jeanbza
• feat(eventhubs): add WithAzuriteContainer and functional-options config builder (#3722) @​mdelapenya
• feat!: add PullImageWithPlatform to DockerProvider (#3710) @​blueprismo
• feat(modules/dex): add Dex OIDC provider module (#3659) @​guilycst

🐛 Bug Fixes

• fix(security): remove debug code that leaks Docker credentials (#3721) @​mdelapenya
• fix(ollama): align local exec test with Ollama 0.30.6 log format (#3715) @​mdelapenya
• fix: close temp file handle before removal (#3672) @​acouvreur
• fix(compose): close docker clients to prevent goroutine leaks (#3661) @​mdelapenya
• fix: wait for log production goroutine to drain on stop (#3660) @​mdelapenya

📖 Documentation

• chore: update usage metrics (2026-06) (#3714) @github-actions[bot]

🧹 Housekeeping

• chore(wait)!: change url callback in wait.ForSQL to accept network.Port (#3650) @​thaJeztah
• chore: update usage metrics (2026-05) (#3670) @github-actions[bot]
• chore: remove cgroupnsMode setting from K3s container configuration (#3653) @​lixin9311

📦 Dependency updates

• chore(deps): update dependencies to latest versions in go.mod and go.sum (#3729) @​Steven-Harris
• chore: bump sshd-docker image to 1.4.0 (#3727) @​mdelapenya
• chore(deps): bump Ryuk to v0.14.0 (#3313) @​mdelapenya
• chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.4 to 4.26.5 (#3713) @dependabot[bot]
• chore(deps): bump golang.org/x/sys from 0.44.0 to 0.45.0 (#3712) @dependabot[bot]
• chore(deps): bump mkdocs-include-markdown-plugin from 7.2.2 to 7.3.0 (#3711) @dependabot[bot]
• chore(deps): bump slackapi/slack-github-action from 2.1.1 to 3.0.3 (#3677) @dependabot[bot]
• chore(deps): bump idna from 3.11 to 3.15 (#3708) @dependabot[bot]
• chore(deps): bump github.com/containerd/containerd/v2 from 2.2.2 to 2.2.4 in /modules/compose (#3709) @dependabot[bot]
• chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (#3704) @dependabot[bot]

... (truncated)

Commits

• 0835739 chore: use new version (v0.43.0) in modules and examples
• 85b6d70 chore(deps): update dependencies to latest versions in go.mod and go.sum (#3729)
• 8360f71 feat(k3s): pull image opts (#3716)
• b5e7022 chore: bump sshd-docker image to 1.4.0 (#3727)
• 1c05dd5 chore(deps): bump Ryuk to v0.14.0 (#3313)
• 96ab095 feat(wait): implement AnyMultiStrategy: ForAny equivalent to ForAll. (#3719)
• 42ac7d2 chore(wait)!: change url callback in wait.ForSQL to accept network.Port (#3650)
• ab312e0 chore(deps): bump github.com/shirou/gopsutil/v4 from 4.26.4 to 4.26.5 (#3713)
• c5c95e5 chore(deps): bump golang.org/x/sys from 0.44.0 to 0.45.0 (#3712)
• 465d002 chore(deps): bump mkdocs-include-markdown-plugin from 7.2.2 to 7.3.0 (#3711)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.53.0

Commits

• 45460e0 go.mod: update golang.org/x dependencies
• d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
• e2ffffe ssh: reject incomplete gssapi-with-mic configurations
• 60e158a ssh/test: isolate CLI tests from user SSH config and agent
• 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
• 3872a2b ssh/knownhosts: verify declared key type matches decoded key
• 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
• 8f405a4 ssh: validate ECDSA curve matches expected algorithm
• bb41b3d ssh: improve DH GEX group selection using PreferredBits
• e04e721 ssh/agent: validate ed25519 private key length in Add
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.55.0 to 0.56.0

Commits

• 9e7fdbf internal/http3: fix wrong argument being given when validating header value
• b686e5f internal/http3: add gzip support to transport
• 8a34885 go.mod: update golang.org/x dependencies
• 72eaf98 dns/dnsmessage: correctly validate SVCB record parameter order
• 82e7868 dns/dnsmessage: avoid panic when parsing SVCB record with truncated data
• b64f1fa internal/http3: add server support for "Trailer:" magic prefix
• 2707ee2 internal/http3: implement HTTP/3 clientConn methods
• 31358cc internal/http3: snapshot response headers at WriteHeader time
• 8ecbaa9 html: don't adjust xml:base
• 8ae811a html: properly handle end script tag in fragment mode
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions