chore(deps): bump github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0

[dependabot]

Bumps github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0.

Release notes

Sourced from github.com/go-chi/chi/v5's releases.

v5.3.0

What's Changed

• Use strings.ReplaceAll where applicable by @​JRaspass in go-chi/chi#1046
• Propagate inline middlewares across mounted subrouters by @​LukasJenicek in go-chi/chi#1049
• add go 1.26 to ci by @​pkieltyka in go-chi/chi#1052
• Remove last uses of io/ioutil by @​JRaspass in go-chi/chi#1054
• Simplify chi.walk with slices.Concat by @​JRaspass in go-chi/chi#1053
• Apply the stringscutprefix modernizer by @​JRaspass in go-chi/chi#1051
• Bump minimum Go to 1.23, always use request.Pattern by @​JRaspass in go-chi/chi#1048
• middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee by @​alliasgher in go-chi/chi#1085
• Fix typo in Route doc comment by @​gouwazi in go-chi/chi#1073
• fix: set Request.Pattern from RoutePattern() by @​leno23 in go-chi/chi#1097
• feat: middleware.ClientIP, a replacement for middleware.RealIP by @​VojtechVitek in go-chi/chi#967

New Contributors

• @​LukasJenicek made their first contribution in go-chi/chi#1049
• @​alliasgher made their first contribution in go-chi/chi#1085
• @​gouwazi made their first contribution in go-chi/chi#1073
• @​leno23 made their first contribution in go-chi/chi#1097

SECURITY: middleware.ClientIP, a replacement for middleware.RealIP

@​VojtechVitek submitted PR #967, which introduces middleware.ClientIP — a replacement for middleware.RealIP that closes the three open spoofing advisories:

• GHSA-9g5q-2w5x-hmxf — IP spoofing via XFF in RemoteAddr resolution (convto)
• GHSA-rjr7-jggh-pgcp — RealIP allows IP spoofing via unvalidated XFF (rezmoss)
• GHSA-3fxj-6jh8-hvhx — IP spoofing in middleware.RealIP (Saku0512, Critical / 9.3)

It also addresses issues outlined at:

• go-chi/chi#708
• https://adam-p.ca/blog/2022/03/x-forwarded-for/
• go-chi/chi#711
• go-chi/chi#453
• go-chi/chi#908

middleware.RealIP is deprecated in this PR with pointers to the new API.

The deprecation only adds a // Deprecated: doc comment; the function keeps working for backward compatibility.

Why a new middleware (not "fix RealIP in place")

RealIP has two unfixable design choices: it mutates r.RemoteAddr, and it tries to be a one-size-fits-all default by walking a hard-coded list of headers any client can supply. Per adam-p's "The perils of the 'real' client IP" (which calls chi out by name on this), there is no safe default — the user must pick their trust source explicitly.

The new API

Four middlewares, two accessors. Pick exactly one middleware based on your infrastructure, read the result with one of the two accessors:

// One of the four. There is no safe default — pick exactly one.
func ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler
func ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler
func ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler
</tr></table> 

... (truncated)

Commits

• 3b17157 feat: middleware.ClientIP, a replacement for middleware.RealIP (#967)
• 818fdcf fix: set Request.Pattern from RoutePattern() (#1097)
• f975af0 Fix typo in Route doc comment (#1073)
• 4ef87ea middleware: fix httpFancyWriter.ReadFrom double-counting bytes with Tee (#1085)
• a54874f Bump minimum Go to 1.23, always use request.Pattern (#1048)
• 3328d4d Apply the stringscutprefix modernizer (#1051)
• be60b2e Simplify chi.walk with slices.Concat (#1053)
• a36a925 Remove last uses of io/ioutil (#1054)
• 7d93ee3 add go 1.26 to ci (#1052)
• 903cff2 Propagate inline middlewares across mounted subrouters (#1049)
• Additional commits viewable in compare view

[greptile-apps]

Greptile Summary

This PR bumps github.com/go-chi/chi/v5 from 5.2.5 to 5.3.0 and takes advantage of the new middleware.ClientIP family to replace the deprecated (and security-advisory-carrying) middleware.RealIP. A new ClientIPMiddlewareConfig lets operators choose their trust source at startup, and pkg/server/attributes.go now reads the IP from context via middleware.GetClientIPAddr rather than from the raw r.RemoteAddr string.

• middleware.RealIP removed — both v1 and v3 router groups now receive the configured ClientIPMiddleware, which defaults to middleware.ClientIPFromRemoteAddr (safe, no header trust). The new Config.Validate() gate ensures the field is never nil.
• New ClientIPMiddlewareConfig in app/config/server.go supports three sources (remote-address, header, x-forwarded-for) with full startup-time validation that guards against known chi panic conditions (zero proxy count, bad CIDR notation).
• Telemetry fix in pkg/server/attributes.go — NetworkPeerAddressKey is now set from the context IP (port-free) with a correct net.SplitHostPort fallback for the no-middleware path.

Confidence Score: 5/5

Safe to merge — the default configuration uses the socket peer address only, preserving existing behaviour for deployments that do not configure clientIPMiddleware, while the new machinery closes three open chi IP-spoofing advisories for deployments that opt in.

All changed paths have startup-time validation that prevents the known chi panic conditions; the dependency bump is a straightforward minor version update with no breaking API changes; tests cover each middleware source and the critical edge cases.

No files require special attention.

Important Files Changed

Filename	Overview
app/config/server.go	Adds ClientIPMiddlewareConfig with thorough startup-time validation guarding chi panic conditions; default source is safe remote-address.
app/common/server.go	Factory NewClientIPMiddleware correctly maps config to chi ClientIP variants; validate-before-construct pattern prevents panics.
openmeter/server/server.go	Replaces deprecated middleware.RealIP in both router groups with injected ClientIPMiddleware; adds Config.Validate() nil guard.
pkg/server/attributes.go	Switches NetworkPeerAddressKey to context-based IP; fallback correctly splits host/port from r.RemoteAddr.
app/common/server_test.go	New tests cover all three ClientIP source modes and the silent TrustedIPPrefixes-over-TrustedProxies precedence.
app/config/server_test.go	Comprehensive table-driven tests for ClientIPMiddlewareConfig.Validate(), including edge cases that would panic chi at runtime.
cmd/server/wire_gen.go	Generated wire code correctly initialises ClientIPMiddleware with proper cleanup chain on error.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[HTTP Request] --> B[ClientIPMiddleware\nconfigured at startup]
    B --> C{Source}
    C -->|remote-address default| D[middleware.ClientIPFromRemoteAddr\nsocket peer only]
    C -->|header| E[middleware.ClientIPFromHeader\ntrusted overwrite header]
    C -->|x-forwarded-for| F{TrustedIPPrefixes set?}
    F -->|yes| G[middleware.ClientIPFromXFF\nCIDR-based trust]
    F -->|no| H[middleware.ClientIPFromXFFTrustedProxies\ncount-based trust]
    D --> I[ctx: clientIP stored]
    E --> I
    G --> I
    H --> I
    I --> J[RequestID / OTEL / auth middlewares]
    J --> K[GetRequestAttributes\npkg/server/attributes.go]
    K --> L{middleware.GetClientIPAddr valid?}
    L -->|yes| M[NetworkPeerAddressKey = IP]
    L -->|no| N[net.SplitHostPort r.RemoteAddr]
    N --> O[NetworkPeerAddressKey = IP\nNetworkPeerPortKey = port]

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[HTTP Request] --> B[ClientIPMiddleware\nconfigured at startup]
    B --> C{Source}
    C -->|remote-address default| D[middleware.ClientIPFromRemoteAddr\nsocket peer only]
    C -->|header| E[middleware.ClientIPFromHeader\ntrusted overwrite header]
    C -->|x-forwarded-for| F{TrustedIPPrefixes set?}
    F -->|yes| G[middleware.ClientIPFromXFF\nCIDR-based trust]
    F -->|no| H[middleware.ClientIPFromXFFTrustedProxies\ncount-based trust]
    D --> I[ctx: clientIP stored]
    E --> I
    G --> I
    H --> I
    I --> J[RequestID / OTEL / auth middlewares]
    J --> K[GetRequestAttributes\npkg/server/attributes.go]
    K --> L{middleware.GetClientIPAddr valid?}
    L -->|yes| M[NetworkPeerAddressKey = IP]
    L -->|no| N[net.SplitHostPort r.RemoteAddr]
    N --> O[NetworkPeerAddressKey = IP\nNetworkPeerPortKey = port]

Loading

_{Reviews (2): Last reviewed commit: "fix: adding client IP to OTel attributes" | Re-trigger Greptile}