fix(deps): update module github.com/gofiber/fiber/v3 to v3.3.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/gofiber/fiber/v3	v3.2.0 → v3.3.0

---

Release Notes

gofiber/fiber (github.com/gofiber/fiber/v3)

v3.3.0

Compare Source

🚀 New

• Add support for configuring the Regex engine on the router (#​4254)
  Swap the compiler used for regex() route constraints. Assign a drop-in engine such as coregex.MustCompile for faster matching;Fiber reuses the compiled matcher across requests.

  app := fiber.New(fiber.Config{
      RegexHandler: coregex.MustCompile, // default: regexp.MustCompile
  })

  https://docs.gofiber.io/api/fiber#regexhandler
• Host auth middleware (#​4199)
  New hostauthorization middleware that validates the incoming Host header against an allowlist (exact host, .subdomain wildcard, CIDR range) to protect against DNS rebinding attacks.

  app.Use(hostauthorization.New(hostauthorization.Config{
      AllowedHosts: []string{"api.myapp.com", ".myapp.com", "10.0.0.0/8"},
  }))

  https://docs.gofiber.io/middleware/hostauthorization
• Delegate implementation to fasthttp/prefork (#​4210)
  Prefork now delegates to fasthttp's prefork package and adds PreforkRecoverThreshold (max child restarts before the master exits) and PreforkLogger to ListenConfig.
  https://docs.gofiber.io/api/fiber#preforkrecoverthreshold
• Add support for contextual logs (#​4241)
  Render request-scoped fields in log.WithContext(c) by configuring a template with log.SetContextTemplate, reusing the middleware/logger engine (including ${value:key} for arbitrary context values).

  log.MustSetContextTemplate(log.ContextConfig{Format: log.RequestIDFormat})
  
  app.Get("/", func(c fiber.Ctx) error {
      log.WithContext(c).Info("start") // renders the request id
      return c.SendString("ok")
  })

  https://docs.gofiber.io/api/log#bind-context
• Add storage backed SharedState for prefork applications (#​4243)
  A prefork-safe, storage-backed key/value store via app.SharedState() for data shared across workers/processes, with JSON/MsgPack/CBOR/XML helpers and automatic key namespacing. app.State() stays process-local.

  app := fiber.New(fiber.Config{
      SharedStorage: redis.New(), // any fiber.Storage shared across workers
  })
  app.SharedState().SetJSON("config", cfg, 0)

  https://docs.gofiber.io/api/state#sharedstate-prefork-safe
• Add lightweight SSE middleware (#​4239)
  A Fiber-native middleware/sse for Server-Sent Events: SSE headers, event/comment/retry frames, per-write flushing, heartbeats,
  Last-Event-ID access, and disconnect detection via stream.Context().

  app.Get("/events", sse.New(sse.Config{
      Handler: func(c fiber.Ctx, stream *sse.Stream) error {
          return stream.Event(sse.Event{Name: "message", Data: fiber.Map{"message": "hello"}})
      },
  }))

  https://docs.gofiber.io/middleware/sse

🧹 Updates

• Add prefixes to unexported boolean fields (#​4300)
• Improve error messages in SaveFileToStorage (#​4173)
• Streamline request handler selection and context management for improved performance (#​4233)

🐛 Fixes

• Preserve mounted sub-app regex handler during mount prefixing (#​4308)
• Trim only one trailing dot in host normalization (#​4307)
• Reject oversized unknown-length adaptor request bodies (#​4306)
• Fix compress middleware's shouldSkip method to avoid memory growth (#​4284)
• Reject malformed host authorities in hostauthorization (#​4293)
• Synchronize view reloads with template rendering (#​4288)
• Avoid panic for non-struct listeners in TLS config discovery (#​4305)
• Clear plaintext cookie when encryption fails (#​4303)
• Fix regex route constraint parsing with literal > (#​4292)
• Reject empty normalized host before dynamic matching (#​4291)
• Preserve idempotency replay protection for oversized responses (#​4287)
• Enforce CookieJar domain acceptance and host-only cookie matching (#​4282)
• Avoid panic when reading released Fiber context values (#​4271)
• Enforce static root for fs-backed directory serving (#​4277)
• Prevent negative paginate start overflow (#​4272)
• Prevent SharedState namespace key collisions (#​4274)
• Copy FullURL string before returning pooled buffer (#​4275)
• Enforce paginate sort allowlist when AllowedSorts is unset (#​4276)
• Validate and safely apply workflow version updates (#​4273)
• Close BodyStream in adaptor FiberHandler streaming path (#​4267)
• Prevent panic when MsgPack is not configured (#​4268)
• Keep IsFromLocal loopback-only and add unix-socket helper (#​4270)
• Prevent panic when CBOR is not explicitly configured (#​4269)
• Guard session logger tag against released middleware (#​4265)
• Add X-Real-IP protection to Forward and DomainForward variants (#​4261)
• Ensure BalancerForward overwrites X-Real-IP header (#​4260)
• Add test coverage for multipart BodyLimit error handling (#​4237)
• Improve error propagation in Express-style handler (#​4250)
• Remove SSE Next and clarify SSE handler docs (#​4247)
• BasicAuth verifier for unknown users (#​4245)

🛠️ Maintenance

13 changes

• bump github.com/shamaton/msgpack/v3 from 3.1.1 to 3.1.2 (#​4296)
• bump codecov/codecov-action from 6.0.0 to 6.0.1 (#​4294)
• bump actions/add-to-project from 1.0.2 to 2.0.0 (#​4256)
• bump github.com/shamaton/msgpack/v3 from 3.1.0 to 3.1.1 (#​4281)
• bump the golang-modules group with 3 updates (#​4278)
• bump golang.org/x/sys from 0.43.0 to 0.44.0 in the golang-modules group (#​4262)
• bump DavidAnson/markdownlint-cli2-action from 23.1.0 to 23.2.0 (#​4259)
• bump benchmark-action/github-action-benchmark from 1.22.0 to 1.22.1 (#​4258)
• bump github.com/valyala/fasthttp from 1.70.0 to 1.71.0 in the fasthttp-modules group (#​4255)
• bump github.com/klauspost/compress from 1.18.5 to 1.18.6 (#​4249)
• bump DavidAnson/markdownlint-cli2-action from 23.0.0 to 23.1.0 (#​4246)
• bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22 (#​4242)

📚 Documentation

• Fix invalid RouteChain method chaining example (#​4304)
• Harden reverse proxy X-Forwarded-For example (#​4266)
• Correct fasthttpctx Done semantics in context guide (#​4264)
• Clarify ${bytesSent} behavior in logger middleware (#​4251)
• Clarify prefork security model and OS-specific socket behavior (#​4240)

📒 Documentation: https://docs.gofiber.io/next/

💬 Discord: https://gofiber.io/discord

Full Changelog: gofiber/fiber@v3.2.0...v3.3.0

Thank you @​ReneWerner87, @​elton-peixoto-lu, @​gaby, @​gtoxlili, @​lyyvalhalla, @​mutantkeyboard, @​pageton and @​pratikramteke for making this release possible.

---

Configuration

📅 Schedule: (in timezone Asia/Jakarta)

• Branch creation
  • "before 6am"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 4 additional dependencies were updated

Details:

Package	Change
github.com/klauspost/compress	v1.18.5 -> v1.18.6
github.com/mattn/go-isatty	v0.0.21 -> v0.0.22
github.com/valyala/fasthttp	v1.70.0 -> v1.71.0
golang.org/x/sys	v0.43.0 -> v0.44.0

[changeset-bot]

⚠️ No Changeset found

Latest commit: b8a1e30

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR