fix(deps): update go non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cloud.google.com/go/datastore	v1.10.0 -> v1.20.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace	v1.11.1 -> v1.27.0
github.com/gin-contrib/cors	v1.4.0 -> v1.7.3
github.com/gin-gonic/gin	v1.8.2 -> v1.10.0
github.com/golang-jwt/jwt/v4	v4.4.3 -> v4.5.1
github.com/google/uuid	v1.3.0 -> v1.6.0
github.com/pdfcpu/pdfcpu	v0.3.14-0.20221101223428-07d97625e3fa -> v0.9.1
github.com/stretchr/testify	v1.8.1 -> v1.10.0
github.com/swaggo/files	v1.0.0 -> v1.0.1
github.com/swaggo/gin-swagger	v1.5.3 -> v1.6.0
github.com/swaggo/swag	v1.8.10 -> v1.16.4
go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin	v0.39.0 -> v0.59.0
go.opentelemetry.io/otel	v1.13.0 -> v1.34.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	v1.13.0 -> v1.34.0
go.opentelemetry.io/otel/sdk	v1.13.0 -> v1.34.0
go.opentelemetry.io/otel/trace	v1.13.0 -> v1.34.0
golang.org/x/crypto	v0.6.0 -> v0.35.0

---

Release Notes

gin-contrib/cors (github.com/gin-contrib/cors)

v1.7.3

Compare Source

Changelog

Enhancements

• 9bb7abb: chore: refactor goreleaser configuration (@​appleboy)
• 03a81e8: chore: update dependencies to latest versions (@​appleboy)
• 7ba65f5: chore: update Go version to 1.20 and above in workflows (@​appleboy)
• d4fb95a: chore: update Go version to 1.21 and dependencies (@​appleboy)
• 80b5d9b: chore: update dependencies to latest versions (@​appleboy)

Build process updates

• e0ba036: ci: refactor GitHub Actions workflow configuration (@​appleboy)
• 671e12a: ci: extend GitHub Actions CI to macOS (@​appleboy)
• 556f008: ci: refactor codebase for improved performance and maintainability (@​appleboy)

v1.7.2

Compare Source

Changelog

Enhancements

• f952c06: chore: improve changelog generation and categorization (@​appleboy)
• c4d5284: chore: update dependencies and refactor imports (@​appleboy)

Build process updates

• 064064f: ci: update Go workflow linting action to v5 (@​appleboy)

v1.7.1

Compare Source

Changelog

Enhancements

• 71a48a2 chore: update third-party dependencies to latest versions

Others

• 88cbcd0 ci: update GitHub Actions workflows for Go projects
• 84d0919 test: refactor CORS tests and expand coverage

v1.7.0

Compare Source

Changelog

Bug fixes

• 7f30a1f fix: improve error handling and test robustness

Enhancements

• 9d49f16 chore(cors): Allow a custom validation function which receives the full gin context (#​140)

Others

• 4447aeb refactor: refactor request handling and improve CORS checks

v1.6.0

Compare Source

Changelog

Features

• eac6c48 feat(schema): allow usage of custom schemas (#​139)

Bug fixes

• 27b723a fixe(domain): wildcard parse bug (#​106 and #​57) @​maxshine and @​Hvitgar

Enhancements

• f41df75 chore: update GitHub actions to latest versions
• 2451987 chore: update dependencies to latest versions
• 7d356c2 chore: update dependencies to latest versions
• 5da0aee chore: update third-party dependencies
• 8263fce chore: update version of actions/setup-go in GitHub workflows

Others

• fcbd06f ci: enhance testing matrix and tolerance limits
• f08c1bc ci: refactor CI workflows and improve tests
• 30792dc ci: refactor GitHub Actions workflows
• 0e993b7 ci: update GitHub Actions to Version 3
• 90a7c66 test(cors): enhance CORS wildcard handling tests (#​145)
• 85bf9fb test: improve CORS wildcard handling and testing (#​144)
• d5002f2 test: refactor tests and update CI configurations

v1.5.0

Compare Source

Changelog

Features

• 0eaf9a0 feat: adds support for private network header (#​128)

Enhancements

• c1983b2 chore(CI): add go1.20 version
• 1d5e083 chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#​112)
• f8b2357 chore(options): Added availability to set 200/204 for OPTIONS request status (#​129)
• f92a222 chore: Add go 1.19 and upgrade lint version to v1.49
• 95df7c6 chore: remove depguard linter and rename example file
• 7ac4445 chore: update GitHub Actions configuration files
• bbf67cd chore: update Go version and setup-go action
• b216599 chore: update goreleaser/goreleaser-action to version v4
• 765e44e chore: update dependencies to latest versions
• bf2c9df chore: update linter configuration and changelog titles
• bbb26b0 chore: update supported versions of Go

Others

• 5914b2f build: update Go version and dependencies

gin-gonic/gin (github.com/gin-gonic/gin)

v1.10.0

Compare Source

Features

• feat(auth): add proxy-server authentication (#​3877) (@​EndlessParadox1)
• feat(bind): ShouldBindBodyWith shortcut and change doc (#​3871) (@​RedCrazyGhost)
• feat(binding): Support custom BindUnmarshaler for binding. (#​3933) (@​dkkb)
• feat(binding): support override default binding implement (#​3514) (@​ssfyn)
• feat(engine): Added OptionFunc and With (#​3572) (@​flc1125)
• feat(logger): ability to skip logs based on user-defined logic (#​3593) (@​palvaneh)

Bug fixes

• Revert "fix(uri): query binding bug (#​3236)" (#​3899) (@​appleboy)
• fix(binding): binding error while not upload file (#​3819) (#​3820) (@​clearcodecn)
• fix(binding): dereference pointer to struct (#​3199) (@​echovl)
• fix(context): make context Value method adhere to Go standards (#​3897) (@​FarmerChillax)
• fix(engine): fix unit test (#​3878) (@​flc1125)
• fix(header): Allow header according to RFC 7231 (HTTP 405) (#​3759) (@​Crocmagnon)
• fix(route): Add fullPath in context copy (#​3784) (@​KarthikReddyPuli)
• fix(router): catch-all conflicting wildcard (#​3812) (@​FirePing32)
• fix(sec): upgrade golang.org/x/crypto to 0.17.0 (#​3832) (@​chncaption)
• fix(tree): correctly expand the capacity of params (#​3502) (@​georgijd-form3)
• fix(uri): query binding bug (#​3236) (@​illiafox)
• fix: Add pointer support for url query params (#​3659) (#​3666) (@​omkar-foss)
• fix: protect Context.Keys map when call Copy method (#​3873) (@​kingcanfish)

Enhancements

• chore(CI): update release args (#​3595) (@​qloog)
• chore(IP): add TrustedPlatform constant for Fly.io. (#​3839) (@​ab)
• chore(debug): add ability to override the debugPrint statement (#​2337) (@​josegonzalez)
• chore(deps): update dependencies to latest versions (#​3835) (@​appleboy)
• chore(header): Add support for RFC 9512: application/yaml (#​3851) (@​vincentbernat)
• chore(http): use white color for HTTP 1XX (#​3741) (@​viralparmarme)
• chore(optimize): the ShouldBindUri method of the Context struct (#​3911) (@​1911860538)
• chore(perf): Optimize the Copy method of the Context struct (#​3859) (@​1911860538)
• chore(refactor): modify interface check way (#​3855) (@​demoManito)
• chore(request): check reader if it's nil before reading (#​3419) (@​noahyao1024)
• chore(security): upgrade Protobuf for CVE-2024-24786 (#​3893) (@​Fotkurz)
• chore: refactor CI and update dependencies (#​3848) (@​appleboy)
• chore: refactor configuration files for better readability (#​3951) (@​appleboy)
• chore: update GitHub Actions configuration (#​3792) (@​appleboy)
• chore: update changelog categories and improve documentation (#​3917) (@​appleboy)
• chore: update dependencies to latest versions (#​3694) (@​appleboy)
• chore: update external dependencies to latest versions (#​3950) (@​appleboy)
• chore: update various Go dependencies to latest versions (#​3901) (@​appleboy)

Build process updates

• build(codecov): Added a codecov configuration (#​3891) (@​flc1125)
• ci(Makefile): vet command add .PHONY (#​3915) (@​imalasong)
• ci(lint): update tooling and workflows for consistency (#​3834) (@​appleboy)
• ci(release): refactor changelog regex patterns and exclusions (#​3914) (@​appleboy)
• ci(testing): add go1.22 version (#​3842) (@​appleboy)

Documentation updates

• docs(context): Added deprecation comments to BindWith (#​3880) (@​flc1125)
• docs(middleware): comments to function BasicAuthForProxy (#​3881) (@​EndlessParadox1)
• docs: Add document to constant AuthProxyUserKey and BasicAuthForProxy. (#​3887) (@​EndlessParadox1)
• docs: fix typo in comment (#​3868) (@​testwill)
• docs: fix typo in function documentation (#​3872) (@​TotomiEcio)
• docs: remove redundant comments (#​3765) (@​WeiTheShinobi)
• feat: update version constant to v1.10.0 (#​3952) (@​appleboy)

Others

• Upgrade golang.org/x/net -> v0.13.0 (#​3684) (@​cpcf)
• test(git): gitignore add develop tools (#​3370) (@​demoManito)
• test(http): use constant instead of numeric literal (#​3863) (@​testwill)
• test(path): Optimize unit test execution results (#​3883) (@​flc1125)
• test(render): increased unit tests coverage (#​3691) (@​araujo88)

v1.9.1

Compare Source

BUG FIXES

• fix Request.Context() checks #​3512

SECURITY

• fix lack of escaping of filename in Content-Disposition #​3556

ENHANCEMENTS

• refactor: use bytes.ReplaceAll directly #​3455
• convert strings and slices using the officially recommended way #​3344
• improve render code coverage #​3525

DOCS

• docs: changed documentation link for trusted proxies #​3575
• chore: improve linting, testing, and GitHub Actions setup #​3583

v1.9.0

Compare Source

BREAK CHANGES

• Stop useless panicking in context and render #​2150

BUG FIXES

• fix(router): tree bug where loop index is not decremented. #​3460
• fix(context): panic on NegotiateFormat - index out of range #​3397
• Add escape logic for header #​3500 and #​3503

SECURITY

• Fix the GO-2022-0969 and GO-2022-0288 vulnerabilities #​3333
• fix(security): vulnerability GO-2023-1571 #​3505

ENHANCEMENTS

• feat: add sonic json support #​3184
• chore(file): Creates a directory named path #​3316
• fix: modify interface check way #​3327
• remove deprecated of package io/ioutil #​3395
• refactor: avoid calling strings.ToLower twice #​3343
• console logger HTTP status code bug fixed #​3453
• chore(yaml): upgrade dependency to v3 version #​3456
• chore(router): match method added to routergroup for multiple HTTP methods supporting #​3464
• chore(http): add support for go1.20 http.rwUnwrapper to gin.responseWriter #​3489

DOCS

• docs: update markdown format #​3260
• docs(readme): Add the TOML rendering example #​3400
• docs(readme): move more example to docs/doc.md #​3449
• docs: update markdown format #​3446

golang-jwt/jwt (github.com/golang-jwt/jwt/v4)

v4.5.1

Compare Source

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

• Back-ported error-handling logic in ParseWithClaims from v5 branch. This fixes GHSA-29wx-vh33-7x7r.

Full Changelog: golang-jwt/jwt@v4.5.0...v4.5.1

v4.5.0

Compare Source

What's Changed

• Allow strict base64 decoding by @​AlexanderYastrebov in https://github.com/golang-jwt/jwt/pull/259

Full Changelog: golang-jwt/jwt@v4.4.3...v4.5.0

google/uuid (github.com/google/uuid)

v1.6.0

Compare Source

Features

• add Max UUID constant (#​149) (c58770e)

Bug Fixes

• fix typo in version 7 uuid documentation (#​153) (016b199)
• Monotonicity in UUIDv7 (#​150) (a2b2b32)

v1.5.0

Compare Source

Features

• Validate UUID without creating new UUID (#​141) (9ee7366)

v1.4.0

Compare Source

Features

• UUIDs slice type with Strings() convenience method (#​133) (cd5fbbd)

Fixes

• Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)

v1.3.1

Compare Source

Bug Fixes

• Use .EqualFold() to parse urn prefixed UUIDs (#​118) (574e687)

pdfcpu/pdfcpu (github.com/pdfcpu/pdfcpu)

v0.9.1

Compare Source

---

Folks!
In order to get rid of the CLI message about validating links please go get the latest commit.
This somehow sneaked into release and I am not ready to push another release yet.
Thank you!

---

Hello dear pdfcpu user!

👩🏽‍🔬 This release extends the image command so you can update individual images in a PDF.

It also extends the pdfcpu configuration with parameters for controlling outbound HTTP access and introduces the config version.

Moreover we introduce a config command that lets you reset the config.yml to the current major version whenever pdfcpu issues a corresponding warning or you just feel like it for other reasons.

And we have a nice extension for the booklet command and lots of fixes and parser improvements.

Let's dive right in.. 🤿

Update Images

pdfcpu images list    [-p(ages) selectedPages] -- inFile...
pdfcpu images extract [-p(ages) selectedPages] -- inFile outDir
pdfcpu images update inFile imageFile [outFile] [ objNr | (pageNr Id) ]

Using the new images command you can now update images in your PDF file.

Consider the following use case:

pdfcpu images list gallery.pdf
gallery.pdf:
1 images available (1.8 MB)
Page Obj# │ Id  │ Type  SoftMask ImgMask │ Width │ Height │ ColorSpace Comp bpc Interp │   Size │ Filters
━━━━━━━━━━┿━━━━━┿━━━━━━━━━━━━━━━━━━━━━━━━┿━━━━━━━┿━━━━━━━━┿━━━━━━━━━━━━━━━━━━━━━━━━━━━━┿━━━━━━━━┿━━━━━━━━━━━━
   1    3 │ Im0 │ image                  │  1268 │    720 │  DeviceRGB    3   8    *   │ 1.8 MB │ FlateDecode

Extract all images into the current dir:

pdfcpu images extract gallery.pdf .
extracting images from gallery.pdf into ./ ...
optimizing...
writing gallery_1_Im0.png

Let's update the image with Id=Im0 on page=1 with gallery_1_Im0.png:

pdfcpu images update gallery.pdf gallery_1_Im0.png

or update the image object (#​3) with logo.png:

pdfcpu images update gallery.pdf logo.png 3

or why not updating the image with Id=Im0 on page=1 with logo.jpg:

pdfcpu images update gallery.pdf logo.jpg 1 Im0

You can also dry run the command ofcourse and write to some out.pdf:

pdfcpu images update gallery.pdf gallery_1_Im0.png out.pdf
pdfcpu images update gallery.pdf logo.png out.pdf 3
pdfcpu images update gallery.pdf logo.jpg out.pdf 1 Im0

The behavior of pdfcpu images extract is the same like pdfcpu extract -mode image.

See more here and don't forget there is always pdfcpu help images.

Reset Configuration and new config command

Sometimes it is necessary to extend the pdfcpu configuration.

In such a case if you upgraded to a new release in the past you had to manually remove your config.yml
and it would get upgraded on the execution of the next command on the CLI.

This is now history.

Starting with this release pdfcpu will issue a warning if your configuration needs to be upgraded:

**************************** WARNING ****************************
* Your configuration is not based on the current major version. *
*        Please backup and then reset your configuration:       *
*                     $ pdfcpu config reset                     *
*****************************************************************

The warning will only appear if the major version of the installed pdfcpu executable
does not match the major version of the new configuration version we are also introducing with this release:

### version (Do not edit!)
version: v0.9.1 dev

If you do not reset your configuration in this situation you are risking nasty side effects and in worst case a hard landing - Ouch.. 🚑

From now on all you have to do is execute the new config reset command:

$ pdfcpu config reset
Did you make a backup of /Users/horstrutter/Library/Application Support/pdfcpu/config.yml ?
(yes/no): yes
Are you ready to reset your config.yml to v0.9.1 dev ?
(yes/no): yes
resetting..
Ready - Don't forget to update config.yml with your modifications.

Using the occasion we extended what you know as pdfcpu config into:

$ pdfcpu help config
usage: pdfcpu config list
       pdfcpu config reset

Make sure you also read the docs.

Controlling Http Traffic

Right now there are two use cases involving outbound Http traffic:

• validation check for broken links
• loading images into image boxes

We are introducing 2 new configuration parameters with this release:

### internet availability.
offline: false
### http timeout in seconds.
timeout: 5

There is also a new offline common flag for operations which is probably most useful for testing scenarios and consistent benchmarking.

Extended Booklet command

Thanks to @​adamgreenhall for once again making the booklet command even more powerful.

Please check out all the details here.

In addition feel free to consult pdfcpu help booklet.

🙏🏻 Thanks 🙏🏻

to all of you for reporting bugs and testing fixes.
Special shoutout also to @​carlwilson and everybody else for putting time into submitting a PR.
✨ All of this ensures pdfcpu gets more robust and better and better by the minute ✨

Changelog

• 1d4a5a6 Bump version
• c703429 Fix config file handling
• 853c877 Bump version
• a7c32de Add warning if config.yml is outdated, add config reset cmd.
• 22ebeff Booklet 8up orientations (#​969)
• b1b9f99 Fix #​868, add config parms offline, timeout
• 23311b7 Fix #​859, #​965
• dc38554 Fix #​897
• 9a32118 Fix #​455
• bb789c7 Fix form validation
• ac650d9 Fix #​940
• 9749d6d Fix #​953
• 8711370 Fix #​955
• e2a8e58 Fix #​951
• 84cdec0 Fix #​948
• 007356f Merge pull request #​947 from carlwilson/docker-entrypoint
• 748b3cb Merge remote-tracking branch 'upstream/master' into docker-entrypoint
• 3f7e650 FIX: Docker run command in README
• 75f26b2 Fix #​935, Clean up
• 0174d86 Fix Docker execution instructions in README.
• e2441b9 Fix #​941
• 5677395 Use Docker ENTRYPOINT rather than CMD

v0.9.0

Compare Source

v0.8.1

Compare Source

Yet Another Maintenance Release

This release has been overdue.
Lots of fixed bugs to report as well as major improvements of CJK support.
The API ships now with enhanced support for adding PDF annotations.
The corresponding tests are located in annotation_test.go and the generated artifacts here.
I recommend using Adobe Reader to view these because many other PDF Viewer lack the necessary PDF spec compliance.

Thanks

for all of you test driving pdfcpu and reporting 🐛 s along the way.
Special PR thanks 👍🏻 go to @​toshi1127 and @​xelan.

Changelog

• 66fee12 Bump version
• 1bdc717 Add support for Caret annotation.
• df5e3c7 Add support for Line annotation.
• 8e281b1 Add support for PolyLine and Polygon annotations.
• ee932c4 Fix #​931
• c6decf5 Fix #​932
• b9c28ae Fix #​930
• 3aff1b0 Add support for FreeText annotation.
• d7593cb Fix #​918
• 1abb9f6 Fix #​926
• fdaf5a4 Fix #​911
• 68d2f39 Fix #​628, #​924
• 649f511 Fix #​921
• e987369 Fix #​912
• 2059677 Fix #​910
• c0c7f90 Fix #​890, #​915
• 6a9df2e Fix #​907
• a1d0f95 Fix #​908
• d87622b Fix #​687, clean up
• 88bee8f Fix #​898, clean up
• b54a425 Fix #​903
• 699a216 Merge PR #​884
• cd40e60 Merge PR #​895
• 402000d Fix #​850
• c3d8e18 Fix #​885
• 12ffda1 Fix #​891
• a938dd5 Fix #​886
• a467f3c Improve reading corrupted files
• c342327 Merge PR #​881
• 3406273 Fix #​871
• 551f87e Fix #​767
• 1f3886c Fix #​853
• d38d51b Fix #​867
• 7cae81e Fix #​819, clean up
• d1433b9 Fix #​862

v0.8.0

Compare Source

Maintenance Release

PDF 2.0 Support

PDF 2.0 encryption is now supported and you are free to use the following commands with your PDF 2.0 input files:

• encrypt
• decrypt
• changeopw
• changeupw
• permissions

Performance

We can report another 🚀 @​fancycode parser improvement resulting in a significant performance boost and lower memory overhead especially for large files:

Before:

$ time go run test.go 
2024/03/21 09:03:55.874443 Parsing ...
2024/03/21 09:04:07.947987 Done, uses 4244 MiBytes heap memory, 6755 MiBytes system memory
2024/03/21 09:04:07.948013 Parsed 1133 pages

real	0m12,743s
user	0m21,830s
sys	0m2,589s

After:

$ time go run test.go 
2024/03/21 09:04:30.639673 Parsing ...
2024/03/21 09:04:30.899588 Done, uses 12 MiBytes heap memory, 11 MiBytes system memory
2024/03/21 09:04:30.899609 Parsed 1133 pages

real	0m0,568s
user	0m0,881s
sys	0m0,228s

Configuration Changes

We have added options to skip some optimization steps or disable internal optimization alltogether:

If you disable the following option there will be no internal optimization of the cross reference table once it is loaded into memory.
This will only affect commands that do not rely on optimization like e.g. optimize

### toggle optimization
optimize: true

The following will disable the parsing of page content streams in order to detect unused resources like images or fonts.

### optimize page resources via content stream analysis.
optimizeResourceDicts: true

The following option decides if pdfcpu will scan for and remove duplicate content streams.

### optimize duplicate content streams across pages.
optimizeDuplicateContentStreams: false

⚡ Caution is advised and you have to know what you are doing when using these options.
Tuning or turning optimization off can make sense in environments where you deal with large PDF files that usually look the same structure wise so there are no surprises.

Since the pdfcpu configuration has changed you are encouraged to recreate your config.yml:

1. Locate your config.yml using pdfcpu conf
2. Remove/backup your config.yml
3. Create a new config.yml from scratch by executing any pdfcpu cmd on the CLI eg. execute one more time pdfcpu conf
4. Edit your configuration

Thanks

for all of you test driving pdfcpu and reporting 🐛 s along the way.
Special PR thanks 👍🏻 also to @​adamgreenhall for improving the booklet command and to @​xelan as well.

Changelog

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.