fix(deps): update all

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/cache	action	minor	v3.0.7 → v3.5.0
actions/checkout	action	minor	v3.0.2 → v3.6.0
alex (source)	dependencies	patch	9.1.0 → 9.1.1
github.com/go-chi/chi	require	patch	v1.5.4 → v1.5.5
github.com/stretchr/testify	require	minor	v1.8.0 → v1.11.1
github.com/tailscale/depaware	require	digest	720c4b4 → 9c2ad25
go.uber.org/zap	require	minor	v1.19.1 → v1.27.1
goreleaser/goreleaser-action	action	minor	v2.8.0 → v2.9.1
markdownlint-cli	dependencies	minor	0.27.1 → 0.48.0

---

Release Notes

actions/cache (actions/cache)

v3.5.0

Compare Source

• Bump actions/cache to v4.1.0

Full Changelog: actions/cache@v3...v3.5.0

v3.4.3

Compare Source

What's Changed

• Bump @​actions/cache to v4.0.2 by @​robherley

Full Changelog: actions/cache@v3.4.2...v3.4.3

v3.4.2

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v3.4.0, see those release notes and the announcement for more details.

• Bump @​actions/cache to v4.0.1 by @​robherley in #​1554

Full Changelog: actions/cache@v3.4.0...v3.4.2

v3.4.1

Compare Source

[!WARNING]
This version was incorrectly released using a SHA pointing to a newer version for immutable actions only. Please use v3.4.2 (or v3) instead.

v3.4.0

Compare Source

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

• @​actions/core: 1.11.1
• @​actions/io: 1.1.3
• @​vercel/ncc: 0.38.3

Full Changelog: actions/cache@v3.3.3...v3.4.0

v3.3.3

Compare Source

What's Changed

• Cache v3.3.3 by @​robherley in #​1302

New Contributors

• @​robherley made their first contribution in #​1302

Full Changelog: actions/cache@v3...v3.3.3

v3.3.2

Compare Source

What's Changed

• Fixed readme with new segment timeout values by @​kotewar in #​1133
• Readme fixes by @​kotewar in #​1134
• Updated description of the lookup-only input for main action by @​kotewar in #​1130
• Change two new actions mention as quoted text by @​bishal-pdMSFT in #​1131
• Update Cross-OS Caching tips by @​pdotl in #​1122
• Bazel example (Take #​2️⃣) by @​vorburger in #​1132
• Remove actions to add new PRs and issues to a project board by @​jorendorff in #​1187
• Consume latest toolkit and fix dangling promise bug by @​chkimes in #​1217
• Bump action version to 3.3.2 by @​bethanyj28 in #​1236

New Contributors

• @​vorburger made their first contribution in #​1132
• @​jorendorff made their first contribution in #​1187
• @​chkimes made their first contribution in #​1217
• @​bethanyj28 made their first contribution in #​1236

Full Changelog: actions/cache@v3...v3.3.2

v3.3.1

Compare Source

What's Changed

• Reduced download segment size to 128 MB and timeout to 10 minutes by @​kotewar in #​1129

Full Changelog: actions/cache@v3...v3.3.1

v3.3.0

Compare Source

What's Changed

• Bug: Permission is missing in cache delete example by @​kotokaze in #​1123
• Add lookup-only option by @​cdce8p in #​1041

New Contributors

• @​kotokaze made their first contribution in #​1123

Full Changelog: actions/cache@v3...v3.3.0

v3.2.6

Compare Source

What's Changed

• Updated branch in Force deletion of caches by @​t-dedah in #​1108
• Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners by @​pdotl in #​1118

Full Changelog: actions/cache@v3...v3.2.6

v3.2.5

Compare Source

What's Changed

• Rewrite readmes by @​jsoref in #​1085
• Fixed typos and formatting in docs by @​kotewar in #​1076
• Fixing paths for OSes by @​kotewar in #​1101
• Release patch version update by @​Phantsure in #​1105

New Contributors

• @​jsoref made their first contribution in #​1085

Full Changelog: actions/cache@v3...v3.2.5

v3.2.4

Compare Source

What's Changed

• Update json5 package version by @​vsvipul in #​1065
• Cache recipes for cache, restore and save actions by @​kotewar in #​1055
• Add gnu tar and zstd as pre-requisites for windows self-hosted runners by @​pdotl in #​1068
• Fix a whitespace typo by @​kurtmckee in #​1074
• 📝 #​1045 update using the set-output command is deprecated by @​siguikesse in #​1046
• Fix referenced output key in save action readme by @​ruudk in #​1061
• Update workflows to use reusable-workflows by @​jongwooo in #​1066
• Introduce add-to-project step & rename workflow files by @​pallavx in #​1077
• chore: Fix syntax error typo by @​vHeemstra in #​1081
• Update caching-strategies.md by @​kpfleming in #​1084
• Added another usage hint to foresee #​1072 by @​maybeec in #​1089
• Add fail-on-cache-miss option by @​cdce8p in #​1036

New Contributors

• @​kurtmckee made their first contribution in #​1074
• @​siguikesse made their first contribution in #​1046
• @​ruudk made their first contribution in #​1061
• @​pallavx made their first contribution in #​1077
• @​vHeemstra made their first contribution in #​1081
• @​kpfleming made their first contribution in #​1084
• @​maybeec made their first contribution in #​1089
• @​cdce8p made their first contribution in #​1036

Full Changelog: actions/cache@v3...v3.2.4

v3.2.3

Compare Source

What's Changed

• Add Mint example by @​uhooi in #​1051
• Fixed broken link by @​kotewar in #​1057
• Add support to opt-in enable cross-os caching on windows by @​Phantsure in #​1056
• Release support for cross-os caching as opt-in feature by @​Phantsure in #​1060

New Contributors

• @​uhooi made their first contribution in #​1051

Full Changelog: actions/cache@v3...v3.2.3

v3.2.2

Compare Source

What's Changed

• Fix formatting error in restore/README.md by @​me-and in #​1044
• save/README.md: Fix typo in example by @​mmuetzel in #​1040
• README.md: remove outdated Windows cache tip link by @​me-and in #​1042
• Revert compression changes related to windows but keep version logging by @​Phantsure in #​1049

New Contributors

• @​me-and made their first contribution in #​1044
• @​mmuetzel made their first contribution in #​1040

Full Changelog: actions/cache@v3.2.1...v3.2.2

v3.2.1

Compare Source

What's Changed

• Release compression related changes for windows by @​Phantsure in #​1039
• Upgrade codeql to v2 by @​Phantsure in #​1023

Full Changelog: actions/cache@v3.2.0...v3.2.1

v3.2.0

Compare Source

What's Changed

• fix wrong timeout env var key in README.md by @​walterddr in #​959
• Updated release doc with correct env variable by @​kotewar in #​960
• Create pull_request_template.md by @​pdotl in #​963
• Update README with clearer info about cache-hit and its value by @​kotewar in #​961
• Change datadog/squid to Ubuntu/squid in CI check by @​bishal-pdMSFT in #​976
• Add more details to version section in readme by @​bishal-pdMSFT in #​971
• Update hashFiles documentation reference by @​asaf400 in #​979
• Updated link for cache segment download info by @​kotewar in #​986
• Readme update for deleting caches by @​t-dedah in #​981
• Add oncall logic to assign issues and PRs by @​vsvipul in #​997
• Bump minimatch from 3.0.4 to 3.1.2 by @​dependabot in #​998
• Revert "Bump minimatch from 3.0.4 to 3.1.2" by @​vsvipul in #​1005
• Fix npm vulnerability by @​Phantsure in #​1007
• refactor: Use early return pattern to avoid nested conditions by @​jongwooo in #​1013
• Use cache in check-dist.yml by @​jongwooo in #​1004
• chore: Use built-in cache action to cache dependencies by @​jongwooo in #​1014
• Updated node example by @​t-dedah in #​1008
• Fix: Node npm doc example by @​apascualm in #​1026
• docs: fix an invalid link in workarounds.md by @​teatimeguest in #​929
• General Availability release for granular cache by @​kotewar in #​1035 More details here on beta release.

New Contributors

• @​walterddr made their first contribution in #​959
• @​asaf400 made their first contribution in #​979
• @​jongwooo made their first contribution in #​1013
• @​apascualm made their first contribution in #​1026
• @​teatimeguest made their first contribution in #​929

Full Changelog: actions/cache@v3...v3.2.0

v3.0.11

Compare Source

What's Changed

• Call out cache not saved on hit by @​Phantsure in #​946
• Update @​actions/core to 1.10.0 by @​rentziass in #​950
• Update cache to use @​actions/core@​^1.10.0 by @​pdotl in #​956

New Contributors

• @​rentziass made their first contribution in #​950

Full Changelog: actions/cache@v3...v3.0.11

v3.0.10

Compare Source

• Fix a bug with sorting inputs.
• Update definition for restore-keys in README.md

v3.0.9

Compare Source

• Enhanced the warning message for cache unavailability in case of GHES.

v3.0.8

Compare Source

What's Changed

• Fix zstd not working for windows on gnu tar in issues.
• Allow users to provide a custom timeout as input for aborting cache segment download using the environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes.

actions/checkout (actions/checkout)

v3.6.0

Compare Source

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

Compare Source

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

Compare Source

• Fix api endpoint for GHES

v3.5.1

Compare Source

• Fix slow checkout on Windows

v3.5.0

Compare Source

• Add new public key for known_hosts

v3.4.0

Compare Source

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

Compare Source

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• Fix comment typos (that got added in #​770)

v3.2.0

Compare Source

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2
• Upgrading version to 3.2.0

v3.1.0

Compare Source

• Use @​actions/core saveState and getState
• Add github-server-url input

get-alex/alex (alex)

v9.1.1

Compare Source

• 223cde1 Add lock for remark-mdx

Full Changelog: get-alex/alex@9.1.0...9.1.1

go-chi/chi (github.com/go-chi/chi)

v1.5.5

Compare Source

stretchr/testify (github.com/stretchr/testify)

v1.11.1

Compare Source

This release fixes #​1785 introduced in v1.11.0 where expected argument values implementing the stringer interface (String() string) with a method which mutates their value, when passed to mock.Mock.On (m.On("Method", <expected>).Return()) or actual argument values passed to mock.Mock.Called may no longer match one another where they previously did match. The behaviour prior to v1.11.0 where the stringer is always called is restored. Future testify releases may not call the stringer method at all in this case.

What's Changed

• Backport #​1786 to release/1.11: mock: revert to pre-v1.11.0 argument matching behavior for mutating stringers by @​brackendawson in #​1788

Full Changelog: stretchr/testify@v1.11.0...v1.11.1

v1.11.0

Compare Source

What's Changed

Functional Changes

v1.11.0 Includes a number of performance improvements.

• Call stack perf change for CallerInfo by @​mikeauclair in #​1614
• Lazily render mock diff output on successful match by @​mikeauclair in #​1615
• assert: check early in Eventually, EventuallyWithT, and Never by @​cszczepaniak in #​1427
• assert: add IsNotType by @​bartventer in #​1730
• assert.JSONEq: shortcut if same strings by @​dolmen in #​1754
• assert.YAMLEq: shortcut if same strings by @​dolmen in #​1755
• assert: faster and simpler isEmpty using reflect.Value.IsZero by @​dolmen in #​1761
• suite: faster methods filtering (internal refactor) by @​dolmen in #​1758

Fixes

• assert.ErrorAs: log target type by @​craig65535 in #​1345
• Fix failure message formatting for Positive and Negative asserts in #​1062
• Improve ErrorIs message when error is nil but an error was expected by @​tsioftas in #​1681
• fix Subset/NotSubset when calling with mixed input types by @​siliconbrain in #​1729
• Improve ErrorAs failure message when error is nil by @​ccoVeille in #​1734
• mock.AssertNumberOfCalls: improve error msg by @​3scalation in #​1743

Documentation, Build & CI

• docs: Fix typo in README by @​alexandear in #​1688
• Replace deprecated io/ioutil with io and os by @​alexandear in #​1684
• Document consequences of calling t.FailNow() by @​greg0ire in #​1710
• chore: update docs for Unset #​1621 by @​techfg in #​1709
• README: apply gofmt to examples by @​alexandear in #​1687
• refactor: use %q and %T to simplify fmt.Sprintf by @​alexandear in #​1674
• Propose Christophe Colombier (ccoVeille) as approver by @​brackendawson in #​1716
• Update documentation for the Error function in assert or require package by @​architagr in #​1675
• assert: remove deprecated build constraints by @​alexandear in #​1671
• assert: apply gofumpt to internal test suite by @​ccoVeille in #​1739
• CI: fix shebang in .ci.*.sh scripts by @​dolmen in #​1746
• assert,require: enable parallel testing on (almost) all top tests by @​dolmen in #​1747
• suite.Passed: add one more status test report by @​Ararsa-Derese in #​1706
• Add Helper() method in internal mocks and assert.CollectT by @​dolmen in #​1423
• assert.Same/NotSame: improve usage of Sprintf by @​ccoVeille in #​1742
• mock: enable parallel testing on internal testsuite by @​dolmen in #​1756
• suite: cleanup use of 'testing' internals at runtime by @​dolmen in #​1751
• assert: check test failure message for Empty and NotEmpty by @​ccoVeille in #​1745
• deps: fix dependency cycle with objx (again) by @​dolmen in #​1567
• assert.Empty: comprehensive doc of "Empty"-ness rules by @​dolmen in #​1753
• doc: improve godoc of top level 'testify' package by @​dolmen in #​1760
• assert.ErrorAs: simplify retrieving the type name by @​ccoVeille in #​1740
• assert.EqualValues: improve test coverage to 100% by @​dolmen in #​1763
• suite.Run: simplify running of Setup/TeardownSuite by @​renzoarreaza in #​1769
• assert.CallerInfo: micro optimization by using LastIndexByte by @​dolmen in #​1767
• assert.CallerInfo: micro cleanup by @​dolmen in #​1768
• assert: refactor TestFileExists and TestDirExists tests to enable parallel testing by @​dolmen in #​1766
• suite.Run: refactor handling of stats for improved readability by @​dolmen in #​1764
• tests: improve captureTestingT helper by @​ccoVeille in #​1741
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​1778

New Contributors

• @​greg0ire made their first contribution in #​1710
• @​techfg made their first contribution in #​1709
• @​mikeauclair made their first contribution in #​1614
• @​cszczepaniak made their first contribution in #​1427
• @​architagr made their first contribution in #​1675
• @​tsioftas made their first contribution in #​1681
• @​siliconbrain made their first contribution in #​1729
• @​bartventer made their first contribution in #​1730
• @​Ararsa-Derese made their first contribution in #​1706
• @​renzoarreaza made their first contribution in #​1769
• @​3scalation made their first contribution in #​1743

Full Changelog: stretchr/testify@v1.10.0...v1.11.0

v1.10.0

Compare Source

What's Changed

Functional Changes

• Add PanicAssertionFunc by @​fahimbagar in #​1337
• assert: deprecate CompareType by @​dolmen in #​1566
• assert: make YAML dependency pluggable via build tags by @​dolmen in #​1579
• assert: new assertion NotElementsMatch by @​hendrywiranto in #​1600
• mock: in order mock calls by @​ReyOrtiz in #​1637
• Add assertion for NotErrorAs by @​palsivertsen in #​1129
• Record Return Arguments of a Call by @​jayd3e in #​1636
• assert.EqualExportedValues: accepts everything by @​redachl in #​1586

Fixes

• assert: make tHelper a type alias by @​dolmen in #​1562
• Do not get argument again unnecessarily in Arguments.Error() by @​TomWright in #​820
• Fix time.Time compare by @​myxo in #​1582
• assert.Regexp: handle []byte array properly by @​kevinburkesegment in #​1587
• assert: collect.FailNow() should not panic by @​marshall-lee in #​1481
• mock: simplify implementation of FunctionalOptions by @​dolmen in #​1571
• mock: caller information for unexpected method call by @​spirin in #​1644
• suite: fix test failures by @​stevenh in #​1421
• Fix issue #​1662 (comparing infs should fail) by @​ybrustin in #​1663
• NotSame should fail if args are not pointers #​1661 by @​sikehish in #​1664
• Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI by @​sikehish in #​1667
• fix: compare functional option names for indirect calls by @​arjun-1 in #​1626

Documentation, Build & CI

• .gitignore: ignore "go test -c" binaries by @​dolmen in #​1565
• mock: improve doc by @​dolmen in #​1570
• mock: fix FunctionalOptions docs by @​snirye in #​1433
• README: link out to the excellent testifylint by @​brackendawson in #​1568
• assert: fix typo in comment by @​JohnEndson in #​1580
• Correct the EventuallyWithT and EventuallyWithTf example by @​JonCrowther in #​1588
• CI: bump softprops/action-gh-release from 1 to 2 by @​dependabot in #​1575
• mock: document more alternatives to deprecated AnythingOfTypeArgument by @​dolmen in #​1569
• assert: Correctly document EqualValues behavior by @​brackendawson in #​1593
• fix: grammar in godoc by @​miparnisari in #​1607
• .github/workflows: Run tests for Go 1.22 by @​HaraldNordgren in #​1629
• Document suite's lack of support for t.Parallel by @​brackendawson in #​1645
• assert: fix typos in comments by @​alexandear in #​1650
• mock: fix doc comment for NotBefore by @​alexandear in #​1651
• Generate better comments for require package by @​Neokil in #​1610
• README: replace Testify V2 notice with @​dolmen's V2 manifesto by @​hendrywiranto in #​1518

New Contributors

• @​fahimbagar made their first contribution in #​1337
• @​TomWright made their first contribution in #​820
• @​snirye made their first contribution in #​1433
• @​myxo made their first contribution in #​1582
• @​JohnEndson made their first contribution in #​1580
• @​JonCrowther made their first contribution in #​1588
• @​miparnisari made their first contribution in #​1607
• @​marshall-lee made their first contribution in #​1481
• @​spirin made their first contribution in #​1644
• @​ReyOrtiz made their first contribution in #​1637
• @​stevenh made their first contribution in #​1421
• @​jayd3e made their first contribution in #​1636
• @​Neokil made their first contribution in #​1610
• @​redachl made their first contribution in #​1586
• @​ybrustin made their first contribution in #​1663
• @​sikehish made their first contribution in #​1664
• @​arjun-1 made their first contribution in #​1626

Full Changelog: stretchr/testify@v1.9.0...v1.10.0

v1.9.0

Compare Source

What's Changed

• Fix Go modules version by @​SuperQ in #​1394
• Document that require is not safe to call in created goroutines by @​programmer04 in #​1392
• Remove myself from MAINTAINERS.md by @​mvdkleijn in #​1367
• Correct spelling/grammar by @​echarrod in #​1389
• docs: Update URLs in README by @​davidjb in #​1349
• Update mockery link to Github Pages in README by @​LandonTClipp in #​1346
• docs: Fix typos in tests and comments by @​alexandear in #​1410
• CI: tests from go1.17 by @​SuperQ in #​1409
• Fix adding ? when no values passed by @​lesichkovm in #​1320
• codegen: use standard header for generated files by @​dolmen in #​1406
• mock: AssertExpectations log reason only on failure by @​hikyaru-suzuki in #​1360
• assert: fix flaky TestNeverTrue by @​dolmen in #​1417
• README: fix typos "set up" vs "setup" by @​ossan-dev in #​1428
• mock: move regexp compilation outside of Called by @​aud10slave in #​631
• assert: refactor internal func getLen() by @​dolmen in #​1445
• mock: deprecate type AnythingOfTypeArgument (#​1434) by @​dolmen in #​1441
• Remove no longer needed assert.canConvert by @​alexandear in #​1470
• assert: ObjectsAreEqual: use time.Equal for time.Time types by @​tscales in #​1464
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1466
• Bump actions/setup-go from 3.2.0 to 4.1.0 by @​dependabot in #​1451
• fix: make EventuallyWithT concurrency safe by @​czeslavo in #​1395
• assert: fix httpCode and HTTPBody occur panic when http.Handler read Body by @​hidu in #​1484
• assert.EqualExportedValues: fix handling of arrays by @​zrbecker in #​1473
• .github: use latest Go versions by

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.05%. Comparing base (0ebf11a) to head (fbaa11b).

❗ Current head fbaa11b differs from pull request most recent head 1e3d4a5

Please upload reports for the commit 1e3d4a5 to get more accurate results.

Additional details and impacted files

@@           Coverage Diff           @@
##             main       #1   +/-   ##
=======================================
  Coverage   71.05%   71.05%           
=======================================
  Files           1        1           
  Lines          38       38           
=======================================
  Hits           27       27           
  Misses          7        7           
  Partials        4        4           

Flag	Coverage Δ
unittests	71.05% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/markdownlint-cli@0.48.0 → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm markdown-it is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/markdownlint-cli@0.48.0 → npm/markdown-it@14.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/markdown-it@14.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	golang/​github.com/​go-chi/​chi@​v1.5.4 ⏵ v1.5.5
	npm/​alex@​9.1.0 ⏵ 9.1.1				+3
	npm/​markdownlint-cli@​0.27.1 ⏵ 0.48.0	+1		+1	+4
	golang/​github.com/​stretchr/​testify@​v1.8.0 ⏵ v1.11.1	+3
	golang/​go.uber.org/​zap@​v1.19.1 ⏵ v1.27.1	+2
	golang/​github.com/​tailscale/​depaware@​v0.0.0-20210622194025-720c4b409502 ⏵ v0.0.0-20251001183927-9c2ad255ef3f	+1

View full report