fix(deps): update all non-major dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
alpine	final	minor	3.20 -> 3.23
alpinejs (source)	dependencies	minor	3.11.1 -> 3.15.2
github.com/crewjam/saml	require	minor	v0.4.14 -> v0.5.1
github.com/gin-gonic/gin	require	minor	v1.10.0 -> v1.11.0
github.com/golang-jwt/jwt/v4	require	patch	v4.5.0 -> v4.5.2
go (source)	toolchain	minor	1.22.0 -> 1.25.5
golang	stage	minor	1.23-alpine3.20 -> 1.24-alpine3.20
gorm.io/gorm	require	minor	v1.25.11 -> v1.31.1
tailwindcss (source)	devDependencies	minor	3.2.4 -> 3.4.18
typescript (source)	devDependencies	patch	4.9.4 -> 4.9.5

---

Release Notes

alpinejs/alpine (alpinejs)

v3.15.2

Compare Source

Changes

• Imrove CSP bundle #​4704
• Add setErrorHandler #​4673

v3.15.1

Compare Source

Changed

• x-sort improvements
• CSP build allowGlobals now defaults to false instead of true

v3.15.0

Compare Source

Changed

• Improve CSP build #​4671
• Add Alpine.morphBetween() #​4629
• style: use let instead of var in x-model.js #​4645
• style: use let/const instead of var in debounce.js #​4644
• style: remove useless param #​4650
• feat(persist): add 'exports' field for proper ESM/CJS resolution #​4611
• Fix Chrome warning when using x-trap.inert #​4640
• Fixes license #​4647

v3.14.9

Compare Source

What's Changed

• Fix focus documentation example code by @​iamshcc in #​4496
• Add skip children to morph by @​joshhanley in #​4568

New Contributors

• @​iamshcc made their first contribution in #​4496

Full Changelog: alpinejs/alpine@v3.14.8...v3.14.9

v3.14.8

Compare Source

Fixed

• Fix x-mask triggering update requests on load #​4481

v3.14.7

Compare Source

Fixed

• Fix x-teleport by removing clone x-ignore #​4469

v3.14.6

Compare Source

Fixed

• Fix regression on x-ignore when removed #​4458

v3.14.5

Compare Source

Changed

• Optimize mutation observer to better handle move operations - ref #​4450 #​4451
• 🐛 Fixes Regression in Mutation handling #​4450

v3.14.4

Compare Source

What's Changed

• Fix deep morphdom key bug by @​calebporzio in #​4423
• Don't init trees within ignore elements (x-ignore) by @​calebporzio in #​4428
• Adjust mutation observer to be faster and still account for moving and wrapping nodes by @​calebporzio in #​4447

Full Changelog: alpinejs/alpine@v3.14.3...v3.14.4

v3.14.3

Compare Source

Changes

• Allow Flux checkbox/radio/switch custom elements to use x-model like native inputs - ref

Full Changelog: alpinejs/alpine@v3.14.2...v3.14.3

v3.14.2

Compare Source

What's Changed

• fix: memoization when injecting magic by @​AbhiShake1 in #​4276
• 🐛 Initializes Interceptors before store by @​ekwoka in #​4278
• Add resize plugin: x-resize by @​calebporzio in #​4304
• Fix typo in sort.md by @​jfr3000 in #​4296
• 🐛 Cleans up template directives memory by @​ekwoka in #​4300
• 🚧 Updates List of boolean attributes to follow spec by @​ekwoka in #​4325
• Fixed a couple of typos. by @​armandohg in #​4332
• 🐛 Cleans teleported clone by @​ekwoka in #​4328
• Remove unnecessary parentheses from bind.md example by @​danielsbird in #​4363
• 📝 Updates docs with notes for x-data usage by @​ekwoka in #​4307

New Contributors

• @​AbhiShake1 made their first contribution in #​4276
• @​jfr3000 made their first contribution in #​4296
• @​armandohg made their first contribution in #​4332
• @​danielsbird made their first contribution in #​4363

Full Changelog: alpinejs/alpine@v3.14.1...v3.14.2

v3.14.1

Compare Source

Changed

• Minor grammar correction in the for directive docs #​4266
• 🐛 Fixes issue with setters accessing deeply nested data #​4265
• [UI][Tabs] Prevent tab focus on mousedown #​4239
• [CSP] Add support for nested properties to CSP build #​4238

v3.14.0

Compare Source

Changed

• ✨ Enhances clicks with key modifiers #​4209
• Update transition.md - changed span to div #​4215
• collapse: remove overflow hidden even if height does not match perfect #​4203
• Fix error: TypeError: i is not a function #​4204
• Adjust code block according to example #​4197
• Higher visibility in docs about needing x-data for things to work #​4194

v3.13.10

Compare Source

Changed

• Comma modifier to keyup and keydown events #​4170
• Fix morphing root level state #​4169
• Fix morph when x-for is used inside x-teleport #​4168
• Fix form reset for x-model radio, checkbox arrays, select multiple and various modifiers #​4159
• Wrong plugin name in Sort docs #​4165

v3.13.9

Compare Source

Changed

• Add "sort" plugin #​4137
• Add missing plugin warnings #​4158
• Change to x-sort:item, add sorting class to body, and use x-sort:group #​4161
• Remove extra destroyTree call #​4151
• Fix x-on with both self and once #​4152
• Documentation issue: Event name in code snippet and description doesn't match in dispatch.md #​4141
• Fix some typos #​4134
• Chore: remove repetitive words #​4132

v3.13.8

Compare Source

Changed

• Cleanup after x-bind:class and other attribute modifications #​4111
• Bug: Fixes x-model.fill when used with debounce #​4103
• Remove hidden from booleanAttributes #​4099
• Fix fill modifier for radio buttons #​4101
• Add missing border to fill example #​4104
• Fixed persist crash when the stored value is undefined #​4091

v3.13.7

Compare Source

Changed

• Revert breaking mutation fix #​4084
• 🐛 Prevents Setting from registering a dependency #​4081

v3.13.6

Compare Source

Changes

• Fix __noscroll param #​4063
• Allow access to methods when class instance used for x-data #​4038
• Fix $refs being used with x-teleport #​4031
• Fix x-if and x-for double init on clone phase #​4015
• Only ever initialize an Alpine element once #​4000
• Fix context of listbox to prevent error when using wire:navigate #​4008
• Ensure $listboxOption.isSelected / $comboboxOption.isSelected works if item value is false or 0 #​4005
• Remove unused imports #​4006
• Ignore Vue markRaw() objects when evaluating interceptors 815fae3
• Remove x-intersect from clone phase e8c5992
• Support destroyTree custom walker bf36275
• Add warning for duplicate x-for keys f6e87ce

v3.13.5

Compare Source

Fixed

• 🐛 Fixes reinitializing moved elements #​3995
• Add better entangle infinite-loop protection 8001383

v3.13.4

Compare Source

What's Changed

• Improve combobox performance by @​calebporzio in #​3898
• [Docs] Add range type to x-model inputs by @​peterfox in #​3911
• Fix x-id when used with morph by @​calebporzio in #​3919
• Rework mutation observer by @​calebporzio in #​3929
• add explanation of passing an object to x-for by @​browner12 in #​3928
• x-mask: Cleanup of event listeners by @​beholdr in #​3908
• Update refs.md by @​Simsz in #​3851
• Add CSP-friendly Alpine build by @​calebporzio in #​3959
• docs: typo by @​mhanberg in #​3960
• Bug in code example of documentation for x-anchor to an ID by @​MaximVanhove in #​3942
• Fix typo by @​aerni in #​3932
• 🐛 Gracefully handles bad throws by @​ekwoka in #​3570
• Fix x-mask when used with wire:model by @​calebporzio in #​3988
• Fix issue where error message would not print directive name properly by @​mattvague in #​3572
• Add named exports to build files by @​ypconstante in #​3644
• fix: reset input on init so default value is displayed by @​coder2000 in #​3881
• Clear combobox bugfix by @​gdebrauwer in #​3934
• fix/x-model with fill modifier takes input value on undefined by @​rgbc-alex in #​3941
• fix: already init component by @​Matsa59 in #​3951
• Listbox compare null value bugfix by @​gdebrauwer in #​3962
• Fix error message in listbox.js by @​gdebrauwer in #​3965
• Add x-trap noinitialfocus modifier by @​richcarni in #​3977
• Combobox and listbox: Save optionKey in x-data to fix usage in Livewire by @​gdebrauwer in #​3990

New Contributors

• @​peterfox made their first contribution in #​3911
• @​beholdr made their first contribution in #​3908
• @​Simsz made their first contribution in #​3851
• @​MaximVanhove made their first contribution in #​3942
• @​aerni made their first contribution in #​3932
• @​mattvague made their first contribution in #​3572
• @​ypconstante made their first contribution in #​3644
• @​coder2000 made their first contribution in #​3881
• @​rgbc-alex made their first contribution in #​3941
• @​Matsa59 made their first contribution in #​3951
• @​richcarni made their first contribution in #​3977

Full Changelog: alpinejs/alpine@v3.13.3...v3.13.4

v3.13.3

Compare Source

What's Changed

• Fix teleport morphing by @​calebporzio in #​3841
• Add anchor plugin by @​calebporzio in #​3843
• Jlb/fix combobox bugs by @​calebporzio in #​3854
• Fix typo: Rename x-alpine to x-anchor by @​CodeWithKyrian in #​3848
• Update anchor.md by @​allenjd3 in #​3847
• x-model.boolean modifier by @​gdebrauwer in #​3532
• 🐛 Joins selectors to meet spec by @​ekwoka in #​3844

New Contributors

• @​CodeWithKyrian made their first contribution in #​3848
• @​allenjd3 made their first contribution in #​3847
• @​gdebrauwer made their first contribution in #​3532

Full Changelog: alpinejs/alpine@v3.13.2...v3.13.3

v3.13.2

Compare Source

Changed

• ✅ Allows underscore in event names #​3756
• update CSP build/installation docs #​3762
• use normal single quotes #​3764
• Gracefully handle SecurityError exception if localStorage is unavailable #​3775
• ♻️ Cleans Up Entangle #​3792
• 🐛 Fixes proxy stack setters bug #​3807
• 🐛 Fixes reference to incorrect attribute #​3814
• Use Internet Explorer conditional comment syntax to preserve morph markers on Cloudflare-proxied sites #​3794

v3.13.1

Compare Source

Changed

• ✨ Names expression evaluators #​3765
• Fix typos #​3771
• Update installation.md #​3779
• Fixed webpack 4 builds breaking due to nullish coalescing operator #​3679
• ♻️ improves merge proxies #​3722
• x-if warning if used on non-template #​3737
• clarify execution order of init #​3702
• Document destroy method in Alpine.data #​3716
• Fixed a variable typo #​3727
• fix(morph): currentNode can also be null, not just undefined, fixes #​3728 #​3729

v3.13.0

Compare Source

What's Changed

• Fix tests broken by e579cc8. by @​andrewbelcher in #​3631
• Morph key lookup issue by @​joshhanley in #​3658
• bug: Allows model.fill to work with checkbox arrays by @​ekwoka in #​3676
• bump focus-trap version by @​bty888 in #​3667
• Update watch.md by @​diomed in #​3621
• fix: highlighting in docs by @​ChrystianDeMatos in #​3599
• 🐛 Prevents double bundling of Alpine in UI Package by @​ekwoka in #​3597
• Livewire3 by @​calebporzio in #​3678
• fix: Entangle inner state undefined by @​danharrin in #​3681
• Make morphdom faster and more powerful by @​calebporzio in #​3692
• [livewire] Update navigate page.js by @​PhiloNL in #​3685
• Move history and navigate plugins into livewire/livewire until they are stable by @​calebporzio in #​3720

New Contributors

• @​andrewbelcher made their first contribution in #​3631
• @​bty888 made their first contribution in #​3667
• @​diomed made their first contribution in #​3621
• @​ChrystianDeMatos made their first contribution in #​3599
• @​danharrin made their first contribution in #​3681
• @​PhiloNL made their first contribution in #​3685

Full Changelog: alpinejs/alpine@v3.12.3...v3.13.0

v3.12.3

Compare Source

Internal changes release...

v3.12.2

Compare Source

Fixed

• Reverted PR #​3459

v3.12.1

Compare Source

Added

• Support for registering multiple plugins at once: Alpine.plugin([...]) #​3497
• Add warning to prevent Alpine from being loaded twice on the same page #​3565
• Add descriptive warning for undefined x-for key and updates tests. #​3498

Fixed

• Fix x-for scope updates when looping through x-data elements #​3504
• Exclude dependencies from non-CDN builds #​3459
• Make x-transition delay syntax consistent with duration syntax #​3476
• Fix throttle/debounce user callback after preventDefault/stopPropagation is executed #​3481
• Make .fill work with selects and other modifiers #​3495
• Fix morphing @​event handlers #​3494
• Allow Booleans in bound x-transitions #​3519
• Handle special binding case for 'checked' and 'selected' #​3535
• Fix Safari AutoFill #​3483
• Fix duplicate/inaccurate test #​3520
• Fix typo on alt "component" #​3541
• Attempt memory leak fix from using magics #​2832

v3.12.0

Compare Source

Added

• x-model.fill by input value on null or empty string #​3423
• x-mask custom decimal precision #​3415
• x-mask $money allow for negative values #​3416
• Accept x-data="true" as a synonym for x-data="{}" #​3339

Fixed

• 🐛 fixes improper use of nullish coalescing #​3408
• Fixes @keyup and @keydown listeners with .capture modifier never executed #​3398
• Remove Alpine UI references from Alpine core #​3336
• Update CSP documentation to clarify availability of the CSP build #​2619
• Fix x-model event listener doubling when cloned #​3393
• docs: Fix a few typos #​3363
• Fix Alpine.js becoming unresponsive after uncaught exception in reactive effect callback #​3279
• Fix inconsistent update for template x-if (issue #​2803) #​3278

crewjam/saml (github.com/crewjam/saml)

v0.5.1

Compare Source

v0.5.0

Compare Source

gin-gonic/gin (github.com/gin-gonic/gin)

v1.11.0

Compare Source

Features

• feat(gin): Experimental support for HTTP/3 using quic-go/quic-go (#​3210)
• feat(form): add array collection format in form binding (#​3986), add custom string slice for form tag unmarshal (#​3970)
• feat(binding): add BindPlain (#​3904)
• feat(fs): Export, test and document OnlyFilesFS (#​3939)
• feat(binding): add support for unixMilli and unixMicro (#​4190)
• feat(form): Support default values for collections in form binding (#​4048)
• feat(context): GetXxx added support for more go native types (#​3633)

Enhancements

• perf(context): optimize getMapFromFormData performance (#​4339)
• refactor(tree): replace string(/) with "/" in node.insertChild (#​4354)
• refactor(render): remove headers parameter from writeHeader (#​4353)
• refactor(context): simplify "GetType()" functions (#​4080)
• refactor(slice): simplify SliceValidationError Error method (#​3910)
• refactor(context):Avoid using filepath.Dir twice in SaveUploadedFile (#​4181)
• refactor(context): refactor context handling and improve test robustness (#​4066)
• refactor(binding): use strings.Cut to replace strings.Index (#​3522)
• refactor(context): add an optional permission parameter to SaveUploadedFile (#​4068)
• refactor(context): verify URL is Non-nil in initQueryCache() (#​3969)
• refactor(context): YAML judgment logic in Negotiate (#​3966)
• tree: replace the self-defined 'min' to official one (#​3975)
• context: Remove redundant filepath.Dir usage (#​4181)

Bug Fixes

• fix: prevent middleware re-entry issue in HandleContext (#​3987)
• fix(binding): prevent duplicate decoding and add validation in decodeToml (#​4193)
• fix(gin): Do not panic when handling method not allowed on empty tree (#​4003)
• fix(gin): data race warning for gin mode (#​1580)
• fix(context): verify URL is Non-nil in initQueryCache() (#​3969)
• fix(context): YAML judgment logic in Negotiate (#​3966)
• fix(context): check handler is nil (#​3413)
• fix(readme): fix broken link to English documentation (#​4222)
• fix(tree): Keep panic infos consistent when wildcard type build faild (#​4077)

Build process updates / CI

• ci: integrate Trivy vulnerability scanning into CI workflow (#​4359)
• ci: support Go 1.25 in CI/CD (#​4341)
• build(deps): upgrade github.com/bytedance/sonic from v1.13.2 to v1.14.0 (#​4342)
• ci: add Go version 1.24 to GitHub Actions (#​4154)
• build: update Gin minimum Go version to 1.21 (#​3960)
• ci(lint): enable new linters (testifylint, usestdlibvars, perfsprint, etc.) (#​4010, #​4091, #​4090)
• ci(lint): update workflows and improve test request consistency (#​4126)

Dependency updates

• chore(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#​4346, #​4356)
• chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#​4347)
• chore(deps): bump actions/setup-go from 5 to 6 (#​4351)
• chore(deps): bump github.com/quic-go/quic-go from 0.53.0 to 0.54.0 (#​4328)
• chore(deps): bump golang.org/x/net from 0.33.0 to 0.38.0 (#​4178, #​4221)
• chore(deps): bump github.com/go-playground/validator/v10 from 10.20.0 to 10.22.1 (#​4052)

Documentation updates

• docs(changelog): update release notes for Gin v1.10.1 (#​4360)
• docs: Fixing English grammar mistakes and awkward sentence structure in doc/doc.md (#​4207)
• docs: update documentation and release notes for Gin v1.10.0 (#​3953)
• docs: fix typo in Gin Quick Start (#​3997)
• docs: fix comment and link issues (#​4205, #​3938)
• docs: fix route group example code (#​4020)
• docs(readme): add Portuguese documentation (#​4078)
• docs(context): fix some function names in comment (#​4079)

---

v1.10.1

Compare Source

Features

• refactor: strengthen HTTPS security and improve code organization
• feat(binding): Support custom BindUnmarshaler for binding. (#​3933)

Enhancements

• chore(deps): bump github.com/bytedance/sonic from 1.11.3 to 1.11.6 (#​3940)
• chore(deps): bump golangci/golangci-lint-action from 4 to 5 (#​3941)
• chore: update external dependencies to latest versions (#​3950)
• chore: update various Go dependencies to latest versions (#​3901)
• chore: refactor configuration files for better readability (#​3951)
• chore: update changelog categories and improve documentation (#​3917)
• feat: update version constant to v1.10.0 (#​3952)

Build process updates

• ci(release): refactor changelog regex patterns and exclusions (#​3914)
• ci(Makefile): vet command add .PHONY (#​3915)

golang-jwt/jwt (github.com/golang-jwt/jwt/v4)

v4.5.2

Compare Source

See GHSA-mh63-6h87-95cp

Full Changelog: golang-jwt/jwt@v4.5.1...v4.5.2

v4.5.1

Compare Source

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

• Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes GHSA-29wx-vh33-7x7r.

Full Changelog: golang-jwt/jwt@v4.5.0...v4.5.1

golang/go (go)

v1.25.5

v1.25.4

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.11

v1.24.10

v1.24.9

v1.24.8

v1.24.7

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.12

v1.23.11

v1.23.10

v1.23.9

v1.23.8

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.22.12

v1.22.11

v1.22.10

v1.22.9

v1.22.8

v1.22.7

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

go-gorm/gorm (gorm.io/gorm)

v1.31.1

Compare Source

Changes

• Add Namer-based column lookup to Schema.LookUpField @​cmmoran (#​7619)
• fix: Allow escaped double quotes in struct tag parser @​kankankanp (#​7631)
• Fix slog logger caller frame detection to output correct source file @​ifooth (#​7610)
• chore(docs): edited the badge test @​Olexandr88 (#​7635)
• Fix AutoMigrate default value comparison for string fields (issue #​7590) @​nowindexman (#​7591)
• fix(UnixSecondSerializer.Value): Avoid panic when handling unsigned integer values @​dushaoshuai (#​7608)
• chore: fix some comments @​wyrapeseed (#​7615)
• Rename IsValidDBNameChar to IsInvalidDBNameChar @​mengxunQAQ (#​7582)

v1.31.0

Compare Source

Changes

• Add association operation support to generics Set API and enable conditional bulk association updates @​jinzhu (#​7581)

v1.30.5

Compare Source

Changes

• No changes

v1.30.4

Compare Source

Changes

• Add Set-based Create and Update support to Generics API @​jinzhu (#​7578)
• fix: build failure on Go versions below 1.21 @​iTanken (#​7572)
• fix slogLogger to support ParameterizedQueries Config @​EricWvi (#​7574)

v1.30.3

Compare Source

Changes

• No changes

v1.30.2

Compare Source

Changes

• avoid copying structures with embedded mutexs @​drakkan (#​7571)
• Add DefaultContextTimeout option @​jinzhu (#​7567)
• Update the docker compose file @​moseszane168 (#​7524)
• fix: returning all columns with "on conflict do update" @​phongphan (#​7534)
• feat(slog-integration) @​rezamokaram (#​7537)
• fix data race in some case 725aa5b
• performance improvement

v1.30.1

Compare Source

Changes

• optimize: field.ReflectValueOf @​liov (#​7530)
• optimize: performance optimization @​liov (#​7526)
• fix(schema): check the hook function parameter type @​demoManito (#​7468)
• Fix: Unexpected OR Conditions force converted to AND @​Riseif (#​7512)
• Add GaussDB Database Support [@​moseszane168](https://

---

Configuration

📅 Schedule: Branch creation - "before 5am every weekday,every weekend" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 13 additional dependencies were updated

Details:

Package	Change
github.com/beevik/etree	v1.4.1 -> v1.5.0
github.com/bytedance/sonic	v1.12.1 -> v1.14.0
github.com/bytedance/sonic/loader	v0.2.0 -> v0.3.0
github.com/cloudwego/base64x	v0.1.4 -> v0.1.6
github.com/gabriel-vasile/mimetype	v1.4.5 -> v1.4.8
github.com/gin-contrib/sse	v0.1.0 -> v1.1.0
github.com/go-playground/validator/v10	v10.22.0 -> v10.27.0
github.com/klauspost/cpuid/v2	v2.2.8 -> v2.3.0
github.com/pelletier/go-toml/v2	v2.2.2 -> v2.2.4
github.com/ugorji/go/codec	v1.2.12 -> v1.3.0
golang.org/x/arch	v0.9.0 -> v0.20.0
golang.org/x/crypto	v0.26.0 -> v0.40.0
golang.org/x/net	v0.28.0 -> v0.42.0