Skip to content

build(deps): bump github.com/imroc/req/v3 from 3.57.0 to 3.59.0#95

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/go_modules/github.com/imroc/req/v3-3.59.0
Open

build(deps): bump github.com/imroc/req/v3 from 3.57.0 to 3.59.0#95
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/go_modules/github.com/imroc/req/v3-3.59.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/imroc/req/v3 from 3.57.0 to 3.59.0.

Release notes

Sourced from github.com/imroc/req/v3's releases.

v3.59.0 Release

Breaking Changes

  • Go 1.25+ required — quic-go v0.60.0 drops Go 1.24 support. The go directive in go.mod is now 1.25.0, and CI tests against Go 1.25.x and 1.26.x. Users on Go 1.24 should stay on v3.58.0.

Dependencies

  • Port quic-go v0.60.0 — full sync of all http3 changes from quic-go v0.59.0 → v0.60.0 into req's vendored internal/http3/:
    • Fix QuaterStreamIDQuarterStreamID field rename in qlog DatagramCreated / DatagramParsed (compile error with quic-go v0.60.0). Fixes #500.
    • Extract validateHeaderFieldNameAndValue, validateRegularHeaderField, validateTrailerHeaderField helper functions in headers.go
    • parseTrailers: add sizeLimit parameter with per-field size accounting and errHeaderTooLarge check
    • Add validExtendedConnectProtocol function (RFC 9220) and validate extended CONNECT :protocol in request_writer.go
    • Use strings.SplitSeq in extractAnnouncedTrailers

v3.58.0 Release

New Features

  • Add SetTLSFingerprintSpec for custom ClientHelloSpec support — accepts a *utls.ClientHelloSpec for fine-grained TLS fingerprint customization (JA3/JA4). Closes #477, #478.
  • Add SensitiveHeadersRedirectPolicy — strips custom auth headers (e.g. X-API-Key, X-Auth-Token) on cross-domain redirects to prevent credential leakage (CWE-200). Fixes #489.
  • Port quic-go v0.59.0 — aligns with quic-go v0.59.0 breaking changes: removes deprecated ConnectionTracingID/ConnectionTracingKey, removes stream hijacking API, replaces handleUnidirectionalStreams with per-stream callback, adds RawClientConn for fine-grained stream control, adds HandleBidirectionalStream (closes conn per RFC 9114), fixes SupportsDatagramsSupportsDatagrams.Remote. Fixes #482.

Bug Fixes

  • Unmarshal returns error on error status codes — now checks IsErrorState() before deserializing, preventing 4xx/5xx response bodies from being deserialized into target structs. Closes #465.
  • Retry on GOAWAY errors with cached HTTP/2 connectionsRoundTripOnlyCachedConn now falls through to create a new connection instead of returning errClientConnGotGoAway directly. Closes #491.
  • SetCookieJarFactory returns http.CookieJar interface — changes return type from *cookiejar.Jar to http.CookieJar, allowing custom cookie jar implementations. Closes #415.
  • Add application/json to Chrome impersonate accept header — matches Chrome's actual accept header for API requests expecting JSON. Closes #471.

Dependencies

  • Upgrade utls to v1.8.2 — security update from v1.8.1. Addresses #459.

Tests

  • Add comprehensive unit tests for HTTP/3 frames, headers, transport, and dump.
  • Add automated test gate infrastructure.
Commits
  • 57c9644 Merge pull request #501 from imroc/fix/quic-go-v0.60.0-compat
  • 6fd2554 docs: add mandatory upstream sync checklist to CODEBUDDY.md
  • 4c460fd Sync remaining http3 changes from quic-go v0.60.0
  • eb3e237 port quic-go v0.60.0: fix QuarterStreamID field rename
  • 5fec0ab feat: add project-level release skill for GitHub release workflow
  • 5ea6a44 fix: use $HOME instead of hardcoded /root in scripts
  • 1705272 update issue triage loop state: 2026-06-29 run 2 — all 10 issues already labe...
  • 1d9714a Update STATE.md: issue triage loop 2026-06-29
  • 1cb5c61 fix: cron PATH and persistent crontab for devcontainer
  • 19c0a70 feat: add SetTLSFingerprintSpec for custom ClientHelloSpec support
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 3, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/imroc/req/v3-3.59.0 branch from 2b83ece to 68ff53e Compare July 3, 2026 22:34
Bumps [github.com/imroc/req/v3](https://github.com/imroc/req) from 3.57.0 to 3.59.0.
- [Release notes](https://github.com/imroc/req/releases)
- [Commits](imroc/req@v3.57.0...v3.59.0)

---
updated-dependencies:
- dependency-name: github.com/imroc/req/v3
  dependency-version: 3.59.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/imroc/req/v3-3.59.0 branch from 68ff53e to 973ba6a Compare July 3, 2026 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants