chore: bump the go-modules group across 1 directory with 3 updates

[dependabot]

Bumps the go-modules group with 1 update in the / directory: github.com/dunglas/mercure.

Updates github.com/dunglas/mercure from 0.22.1 to 0.23.2

Release notes

Sourced from github.com/dunglas/mercure's releases.

v0.23.2

This patch release makes rolling updates non-disruptive for production Mercure deployments: SSE subscribers now drain naturally on hub shutdown, the bundled Helm chart ships SSE-friendly rolling-update defaults out of the box, and a subtle BoltDB race that could leak post-subscribe events into the Last-Event-ID header is fixed.

🐛 Bug Fixes

• Shutdown: Drain SSE subscribers naturally on hub shutdown — the subscriber loop no longer reacts to the hub's context cancellation, so rolling replicas, graceful reloads, or SIGTERMs no longer close all active SSE connections at once. Existing connections keep running until the client disconnects or the per-connection write_timeout fires, letting k8s terminationGracePeriodSeconds bound the drain instead of producing a synchronized reconnect storm by @​dunglas in #1212
• Helm: Ship SSE-friendly rolling-update defaults on the Deployment — maxSurge=1 / maxUnavailable=0 (one pod at a time, no capacity drop), minReadySeconds=30 (quiet window for new pods to warm up), and terminationGracePeriodSeconds=660 (aligned with the default write_timeout plus margin, so #1212's graceful drain has time to complete before SIGKILL) by @​dunglas in #1213
• BoltDB: Stop leaking post-subscribe events into the Last-Event-ID response header — dispatchHistory now checks pastSeqBound before updating the response ID, and the bound uses a strict > comparison so empty-bucket subscribes no longer treat every subsequent write as history. Also fixes the flaky TestUnknownLastEventIDEmptyHistory on main by @​dunglas in #1215

---

These rolling-update improvements are also available to Mercure Cloud and Mercure Enterprise customers out of the box — with scale-tested Redis, Kafka, Pulsar, and Postgres transports, a managed SLA, and priority support. Contact contact@mercure.rocks for the managed cloud offering, on-premise licenses, custom development, consulting, and training.

Full Changelog: v0.23.1...v0.23.2

v0.23.1

Community

This patch release polishes the Helm chart and unifies release distribution. The ServiceMonitor template is now strict about label merging and relabelings, the Ingress default pathType no longer produces invalid manifests, Kubernetes probes hit 127.0.0.1 to avoid BusyBox IPv6 resolution issues, and the chart now declares a minimum supported cluster version. On the CI side, the Helm chart is now published as an asset of the hub's GitHub release so there's a single release artifact per version.

🐛 Bug Fixes

• Helm: Render the metrics.serviceMonitor.selector value as actual labels on the ServiceMonitor (previously documented but never emitted), fix relabelings indentation so user-provided list items render as valid YAML, split metricRelabelings from relabelings so each renders from its own value, and build metadata.labels as a merged dict so selector labels can't duplicate YAML keys or override chart identity labels by @​dunglas in #1206
• Helm: Default Ingress pathType to ImplementationSpecific when unset — networking.k8s.io/v1 requires the field on every path, so omitting it used to produce invalid manifests by @​dunglas in #1206
• Helm: Use 127.0.0.1 explicitly in readiness/liveness probes and the /stop preStop hook — Caddy's admin API binds IPv4-only, but BusyBox wget in caddy:2-alpine resolves localhost to ::1 first and fails the probes in a loop by @​dunglas in #1206
• Helm: Guard the HTTPRoute NOTES.txt branch so it no longer panics at render time when neither hostnames nor parentRefs are set by @​dunglas in #1206
• Helm: Pin kubeVersion: ">=1.23.0-0" to match the highest API used by optional templates (autoscaling/v2 HPA, policy/v1 PDB), so Helm blocks installs on older clusters upfront instead of failing at apply time by @​dunglas in #1206

⚙️ CI & Packaging

• Publish the Helm chart as an asset of the hub's GitHub release instead of a separate helm-chart-* release — one unified release artifact per version, with index.yaml entries pointing at releases/download/v<version>/mercure-<version>.tgz by @​dunglas in #1209
• Bump Caddy module dependencies (pgx/v5 5.9.2, timberjack 1.4.2, regexp2 1.12.0, genproto) by @​dunglas in #1210

Full Changelog: v0.23.0...v0.23.1

helm-chart-0.23.0

A Helm chart to install a Mercure Hub in a Kubernetes cluster. Mercure is a protocol to push data updates to web browsers and other HTTP clients in a convenient, fast, reliable and battery-efficient way.

v0.23.0

Community

Transport-aware health checks come to Mercure. Kubernetes (and any other orchestrator) can now detect when a hub's transport connection is actually broken, not just that the Caddy process is alive. This is especially valuable for Enterprise deployments backed by Redis, Postgres, Kafka, or Pulsar — but it also brings a small improvement for users of Bolt or the local transport. This release also adds HTTProute support and configurable deployment annotations in the Helm chart.

✨ New Features

• Transport-aware health check endpoints — a new TransportHealthChecker interface that transports can implement, and a new admin.api.mercure_health Caddy admin API module exposing /mercure/health/{ready,live} (aggregate) and /mercure/health/{hub}/{ready,live} (per-hub) endpoints. Hubs can be named via the new name Caddyfile directive. The Helm chart now enables transport-aware probes by default, with fallback to the legacy /healthz when healthCheck.enabled=false. The /healthz endpoint on the HTTP port is now deprecated — it only reflects that Caddy is running, not transport connectivity. Transports that don't implement the interface (Bolt, Local) are considered always-healthy. by @​dunglas in #1201
• Helm: Add support for HTTProute as an alternative to Ingress for Gateway API-based clusters by @​dunglas in #1122
• Helm: Allow configuring annotations on the Deployment resource by @​vmignot in #1160

Enterprise

... (truncated)

Commits

• 68308db chore: prepare release 0.23.2
• 5a0c8bd fix(bolt): stop leaking post-subscribe events into Last-Event-ID header (#1215)
• 84fe4eb fix(chart): multiple fixes + SSE-friendly rolling update defaults (#1213)
• 15ebb5c fix(subscribe): drain SSE subscribers naturally on hub shutdown (#1212)
• 2ae1758 chore: prepare release 0.23.1
• 5b4b0af chore(caddy): bump dependencies (#1210)
• 2a7da7f ci: publish Helm chart as an asset of the hub GitHub release (#1209)
• 6de9807 fix(chart): wire ServiceMonitor selector labels and pin kubeVersion (#1206)
• 9bf59c4 ci: bump actions/setup-node from 6 to 6.3.0
• 7193c85 chore: prepare release 0.23.0
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.52.0 to 0.53.0

Commits

• a8d1fc1 go.mod: update golang.org/x dependencies
• 056ac74 quic: avoid depending on golang.org/x/sys/unix
• c85f611 http3: add http3 package for testing in std
• 805fc81 http2: add transport API tests
• e63b894 http2: support testing via net/http.Transport.RoundTrip
• 9ee1e48 http2/hpack: prevent HeaderField from escaping during encoding
• 1e71bd8 http2: prevent hanging Transport due to bad SETTINGS frame
• 7bca150 internal/http3: respect net/http Server Shutdown context when shutting down
• 44c41be internal/http3: prevent server from holding mutex when sleeping during shutdown
• 228a67a internal/http3: add CloseIdleConnections support in transport
• Additional commits viewable in compare view

Updates golang.org/x/text from 0.35.0 to 0.36.0

Commits

• 8577a70 go.mod: update golang.org/x dependencies
• See full diff in compare view