Skip to content

chore(deps): update module github.com/go-chi/chi/v5 to v5.2.4 [security]#108

Merged
flemzord merged 2 commits intomainfrom
renovate/go-github.com-go-chi-chi-v5-vulnerability
Jan 26, 2026
Merged

chore(deps): update module github.com/go-chi/chi/v5 to v5.2.4 [security]#108
flemzord merged 2 commits intomainfrom
renovate/go-github.com-go-chi-chi-v5-vulnerability

Conversation

@NumaryBot
Copy link
Contributor

@NumaryBot NumaryBot commented Jan 24, 2026

This PR contains the following updates:

Package Type Update Change
github.com/go-chi/chi/v5 indirect patch v5.2.3 -> v5.2.4

Open redirect vulnerability in the RedirectSlashes middleware in github.com/go-chi/chi

GHSA-mqqf-5wvp-8fh8 / GO-2026-4316

More information

Details

Open redirect vulnerability in the RedirectSlashes middleware in github.com/go-chi/chi

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Release Notes

go-chi/chi (github.com/go-chi/chi/v5)

v5.2.4

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@NumaryBot NumaryBot requested a review from a team as a code owner January 24, 2026 02:36
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 24, 2026
edited
Loading

Walkthrough

The Justfile is updated to add the --frozen-workflow-lockfile flag to two speakeasy run invocations in the generate-deploy-server-client and generate-membership-client targets.

Changes

Cohort / File(s) Summary
Build Configuration
Justfile		 Adds --frozen-workflow-lockfile flag to speakeasy run commands in generate-deploy-server-client and generate-membership-client targets to enforce frozen workflow lockfile usage.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A flag so frozen, a lockfile so true,
Two targets dance now with workflow anew,
The speakeasy sings in the just-runner's refrain,
Deploy and membership clients locked in the chain! ❄️

🚥 Pre-merge checks | ✅ 1 | ❌ 2
❌ Failed checks (2 warnings)
Check name Status Explanation Resolution
Title check ⚠️ Warning The title indicates a dependency update to go-chi/chi with a security fix, but the raw summary shows changes only to a Justfile with --frozen-workflow-lockfile flags, not a dependency update. Update the title to accurately reflect the Justfile changes, such as 'chore: add frozen-workflow-lockfile flag to speakeasy targets' or investigate whether the actual changes match the dependency update claims.
Description check ⚠️ Warning The description details a go-chi/chi security vulnerability update, but the raw summary shows only Justfile modifications with frozen-workflow-lockfile flags, creating a complete mismatch between described and actual changes. Update the description to match the actual Justfile changes, or verify that the correct changeset is included in this pull request.
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch renovate/go-github.com-go-chi-chi-v5-vulnerability

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)
  • GO-2026: Authentication required, not authenticated - You need to authenticate to access this operation.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gfyrag gfyrag force-pushed the renovate/go-github.com-go-chi-chi-v5-vulnerability branch from 76eb3e1 to e08c67c Compare January 26, 2026 08:53
@NumaryBot
Copy link
Contributor Author

NumaryBot commented Jan 26, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

flemzord
flemzord approved these changes Jan 26, 2026
View reviewed changes
Copy link
Member

@flemzord flemzord left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by script

@flemzord flemzord merged commit 6b2df82 into main Jan 26, 2026
3 of 4 checks passed
@flemzord flemzord deleted the renovate/go-github.com-go-chi-chi-v5-vulnerability branch January 26, 2026 10:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@flemzord flemzord flemzord approved these changes

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@NumaryBot @flemzord @gfyrag