chore(deps): bump ipfs/gateway-conformance from 0.12 to 0.13

[dependabot]

Bumps ipfs/gateway-conformance from 0.12 to 0.13.

Release notes

Sourced from ipfs/gateway-conformance's releases.

v0.13.0

Changed

• Removed If-None-Match test that sent bare CID as weak ETag (W/"<CID>") for directory listings. Matching a bare CID against a DirIndex-* ETag is not a spec requirement, just an optimization specific to boxo/gateway. Test moved to ipfs/boxo#1129. #261
• BREAKING: Range request tests (TestGatewayUnixFSFileRanges) moved to a new path-range-gateway spec. Gateways that do not support HTTP Range requests can now skip them with --specs -path-range-gateway. Multi-range response detection via side-effect was replaced by AnyOf that accepts both single-range and multipart responses. #258

Fixed

• HeaderBuilder.Clone() was copying Key_ into Value_, silently weakening response header assertions in cloned test cases (e.g. range request and CAR helpers). #280
• Removed X-Content-Type-Options: nosniff assertion from dag-json and dag-cbor response tests in TestNativeDag. The spec only requires this header for application/vnd.ipld.car and application/vnd.ipld.raw responses. #282
• CheckNot error messages now include a human-readable description of the negated check instead of printing Go pointer addresses (e.g. not(contains 'nosniff') instead of &{0x140001b3710}). #282
• Removed Content-Type request header from range test helpers. GET requests should not include Content-Type per RFC 7231 section 3.1.1.5, as it describes message body payload. #282
• JSON report now uses suite_pass/suite_fail actions for the overall test suite result, making it easier to distinguish from individual test pass/fail events. #250
• JSON report (--json-output) is now streamed as tests run instead of being generated after the suite finishes. Results appear in the file incrementally, and partial output is preserved if the process is interrupted. #249

[!NOTE] This release was brought to you by the Shipyard team.

Changelog

Sourced from ipfs/gateway-conformance's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.13.0] - 2026-04-01

Changed

• Removed If-None-Match test that sent bare CID as weak ETag (W/"<CID>") for directory listings. Matching a bare CID against a DirIndex-* ETag is not a spec requirement, just an optimization specific to boxo/gateway. Test moved to ipfs/boxo#1129. #261
• BREAKING: Range request tests (TestGatewayUnixFSFileRanges) moved to a new path-range-gateway spec. Gateways that do not support HTTP Range requests can now skip them with --specs -path-range-gateway. Multi-range response detection via side-effect was replaced by AnyOf that accepts both single-range and multipart responses. #258

Fixed

• HeaderBuilder.Clone() was copying Key_ into Value_, silently weakening response header assertions in cloned test cases (e.g. range request and CAR helpers). #280
• Removed X-Content-Type-Options: nosniff assertion from dag-json and dag-cbor response tests in TestNativeDag. The spec only requires this header for application/vnd.ipld.car and application/vnd.ipld.raw responses. #282
• CheckNot error messages now include a human-readable description of the negated check instead of printing Go pointer addresses (e.g. not(contains 'nosniff') instead of &{0x140001b3710}). #282
• Removed Content-Type request header from range test helpers. GET requests should not include Content-Type per RFC 7231 section 3.1.1.5, as it describes message body payload. #282
• JSON report now uses suite_pass/suite_fail actions for the overall test suite result, making it easier to distinguish from individual test pass/fail events. #250
• JSON report (--json-output) is now streamed as tests run instead of being generated after the suite finishes. Results appear in the file incrementally, and partial output is preserved if the process is interrupted. #249

[0.12.0] - 2026-03-11

Changed

• Split TestRedirectsFileWithIfNoneMatchHeader into independent subtests (SubdomainIPFS, SubdomainIPNS, DNSLinkGateway) so dnslink-gateway and subdomain-ipns-gateway tests can be disabled via --specs without losing If-None-Match coverage for CID-based subdomain gateways. #270

[0.11.2] - 2026-03-10

Fixed

• Relaxed _redirects error message assertion in TestRedirectsFileSupport to no longer require a specific "forced redirects" error string. Implementations may report 301! as an invalid status code, unsupported forced redirect syntax, or any other parse error. #269

[0.11.1] - 2026-02-24

Added

• New test TestGatewayIPNSRecordWithSubpath for IPNS records whose Value field contains a sub-path (e.g. /ipfs/<cid>/root2). All prior IPNS tests only covered bare /ipfs/<cid> in the record Value.
• New test TestDNSLinkGatewayWithSubpath for DNSLink TXT records pointing at a content path with a sub-path (e.g. dnslink=/ipfs/<cid>/root2).

[0.11.0] - 2026-02-24

Added

• New test TestDNSLinkGatewayIPNS for DNSLink TXT records pointing at /ipns/<key> instead of /ipfs/<cid>. All prior DNSLink tests only covered the /ipfs/ case. #272
• New test cases in TestSubdomainGatewayDNSLinkInlining for the subdomain form of DNSLink -> IPNS resolution ({dnslink}.ipns.{gateway} and {inlined-dnslink}.ipns.{gateway}). #272

[0.10.1] - 2026-02-13

Fixed

• Renamed Base32Cid() to DNSSafeCidV1() and fixed it to convert CIDv0 to CIDv1 before encoding. Uses base36 for libp2p-key codec (IPNS keys) and base32 for everything else, producing valid DNS-safe CID strings for subdomain gateway tests. #264

[0.10.0] - 2026-02-05

Changed

• IPIP-524: codec conversion tests now expect HTTP 406 Not Acceptable when the requested format does not match the block's native codec. Implementations supporting optional codec conversions for backward compatibility may skip these tests. #254

[0.9.0] - 2026-02-04

Changed

• IPIP-523: ?format= URL query parameter now takes precedence over Accept HTTP header. URL query parameters for CAR options (car-version, car-order, car-dups) also take precedence over parameters in the Accept header. #252

[0.8.4] - 2025-12-12

... (truncated)

Commits

• 5af6e7b chore: release v0.13.0 (#291)
• 7e575a0 ci: remove broken release-fixtures workflow (#290)
• e1de343 ci: uci/update-go (#271)
• b22ec1a feat: stream JSON report as tests run (#289)
• 62fb8b7 feat: add path-range-gateway spec for skippable range tests (#288)
• 73d5fde fix: distinguish suite results from test results (#287)
• cceb1ed fix: replace defunct pl-strflt action refs with ipdxco (#283)
• 8389962 fix: test assertion corrections (#282)
• b6d3e50 fix: remove bare CID etag test for dir listings (#281)
• ac6493d fix: HeaderBuilder.Clone copies Key_ into Value_ (#280)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)