chore(deps): bump the go-minor-patch group with 3 updates

[dependabot]

Bumps the go-minor-patch group with 3 updates: github.com/gofiber/fiber/v3, golang.org/x/crypto and golang.org/x/net.

Updates github.com/gofiber/fiber/v3 from 3.2.0 to 3.3.0

Release notes

Sourced from github.com/gofiber/fiber/v3's releases.

v3.3.0

🚀 New

• Add support for configuring the Regex engine on the router (#4254) Swap the compiler used for regex() route constraints. Assign a drop-in engine such as coregex.MustCompile for faster matching;Fiber reuses the compiled matcher across requests.

  app := fiber.New(fiber.Config{
      RegexHandler: coregex.MustCompile, // default: regexp.MustCompile
  })

  https://docs.gofiber.io/api/fiber#regexhandler
• Host auth middleware (#4199) New hostauthorization middleware that validates the incoming Host header against an allowlist (exact host, .subdomain wildcard, CIDR range) to protect against DNS rebinding attacks.

  app.Use(hostauthorization.New(hostauthorization.Config{
      AllowedHosts: []string{"api.myapp.com", ".myapp.com", "10.0.0.0/8"},
  }))

  https://docs.gofiber.io/middleware/hostauthorization
• Delegate implementation to fasthttp/prefork (#4210) Prefork now delegates to fasthttp's prefork package and adds PreforkRecoverThreshold (max child restarts before the master exits) and PreforkLogger to ListenConfig. https://docs.gofiber.io/api/fiber#preforkrecoverthreshold
• Add support for contextual logs (#4241) Render request-scoped fields in log.WithContext(c) by configuring a template with log.SetContextTemplate, reusing the middleware/logger engine (including ${value:key} for arbitrary context values).

  log.MustSetContextTemplate(log.ContextConfig{Format: log.RequestIDFormat})
  app.Get("/", func(c fiber.Ctx) error {
  log.WithContext(c).Info("start") // renders the request id
  return c.SendString("ok")
  })

  
  https://docs.gofiber.io/api/log#bind-context
• Add storage backed SharedState for prefork applications (#4243) A prefork-safe, storage-backed key/value store via app.SharedState() for data shared across workers/processes, with JSON/MsgPack/CBOR/XML helpers and automatic key namespacing. app.State() stays process-local.

  app := fiber.New(fiber.Config{
      SharedStorage: redis.New(), // any fiber.Storage shared across workers
  })
  app.SharedState().SetJSON("config", cfg, 0)

  https://docs.gofiber.io/api/state#sharedstate-prefork-safe
• Add lightweight SSE middleware (#4239) A Fiber-native middleware/sse for Server-Sent Events: SSE headers, event/comment/retry frames, per-write flushing, heartbeats, Last-Event-ID access, and disconnect detection via stream.Context().

  app.Get("/events", sse.New(sse.Config{
      Handler: func(c fiber.Ctx, stream *sse.Stream) error {
          return stream.Event(sse.Event{Name: "message", Data: fiber.Map{"message": "hello"}})
      },

... (truncated)

Commits

• a39a035 Merge pull request #4308 from gofiber/fix-mounted-routes-regex-engine-issue
• 25fd939 fix: copy RegexHandler/customConstraints to wrapper app and add positive test...
• f2ce702 🐛 bug: preserve mounted sub-app regex handler
• ee0c55a Merge pull request #4254 from gofiber/claude/add-alternative-regex-support
• 80078d8 🐛 bug: simplify regex handler docs and API surface
• 6831609 🐛 bug: fix latest regex review comments
• be5f4b8 Merge branch 'main' into claude/add-alternative-regex-support
• 2c3b23c 🐛 bug: preserve constraint compatibility for regex matchers
• f3a2ddc Merge pull request #4307 from gofiber/fix-host-authorization-trailing-dot-nor...
• c29053c Potential fix for pull request finding
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.52.0

Commits

• a1c0d99 go.mod: update golang.org/x dependencies
• 3c7c869 ssh: fix deadlock on unexpected channel responses
• 533fb3f ssh: fix source-address critical option bypass
• abbc44d ssh: fix incorrect operator order
• e052873 ssh: fix infinite loop on large channel writes due to integer overflow
• b61cf85 ssh: enforce user presence verification for security keys
• 9c2cd33 ssh: enforce strict limits on DSA key parameters
• 8907318 ssh: reject RSA keys with excessively large moduli
• ffd87b4 ssh: fix panic when authority callbacks are nil
• 4e7a738 ssh: fix deadlock on unexpected global responses
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.54.0 to 0.55.0

Commits

• 7770ec4 go.mod: update golang.org/x dependencies
• 4ece7b6 html: escape greater-than symbol in doctype identifiers
• 08be507 html: improve Noah's Ark clause performance
• a8fb2fe html: properly render fostered elements in foreign content
• 0dc5b7a html: properly check namespace in "in body" any other end tag
• a452f3c html: ignore duplicate attributes during tokenization
• f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
• 210ed3c quic: establish a "happened-before" relationship between stream write and read
• ad8140e quic: fix buffer slicing when handling overlapping stream data
• 23ee2ef http2: avoid API changes when built with go1.27
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions