build(deps): bump github.com/oaswrap/spec from 0.4.2 to 0.5.1

[dependabot]

Bumps github.com/oaswrap/spec from 0.4.2 to 0.5.1.

Release notes

Sourced from github.com/oaswrap/spec's releases.

v0.5.1

Added

• Logger debug feature for tracing spec generation behavior.
• InterceptSchema and InterceptProp reflector hooks for customizing schema and property generation.
• RequiredPropByValidateTag hook for marking fields required based on validate struct tags.
• ParentType field on InterceptPropParams for richer hook context.
• Automatic content-type detection from struct type when not explicitly set.
• encoding.TextMarshaler/TextUnmarshaler support: types implementing both interfaces (without json.Marshaler) are reflected as type: string.
• EmbedReferencer interface and refer:"true" struct tag: embedded structs opt into allOf $ref instead of field inlining.
• ParameterTagMapping now accepts openapi.ParameterInBody and openapi.ParameterInForm to override the struct tag used for JSON and form request body field names (defaults: json and form).

Changed

• Schema component names now always include the Go package name as a prefix (e.g., models.User → ModelsUser). This eliminates cross-package naming collisions without requiring caller-package detection. Use InterceptDefName or StripDefNamePrefix to remove the prefix if desired.
• DefNameCallerPkg field removed from ReflectorConfig; the caller-package detection mechanism in NewGenerator is removed.
• Package name sanitization handles multi-segment names (e.g., spec_test → SpecTest); unexported type names are title-cased when a package prefix is prepended.

Fixed

• uint8/uint16 reflected as int32 format; uint/uint32/uint64/uintptr reflected as int64 format.
• InterceptSchema/InterceptProp hook error propagation and correctness.
• RefSchema pre-hook: assign StructSchema fields onto existing pointer so pre-hook customizations (extensions, description) survive to the post-hook.
• ApplyNullable (OAS 3.1+): merge "null" into an existing []string type slice instead of silently skipping.
• Lint violations and YAML tag reading in MarshalYAML.

Full Changelog: oaswrap/spec@v0.5.0...v0.5.1

v0.5.0

Added

• OpenAPI 3.2.0 support and expanded version-specific validation checks.
• Validation severity levels (Error, Warning, Info) with best-practice reporting.
• ValidateReport support across the core router and all adapters.
• Dirty-state tracking for incremental build behavior.
• Automatic injection of missing path parameters.
• Support for application/x-www-form-urlencoded querystring parameter content.
• Media type tag support in schema reflection.
• New Iris adapter: irisopenapi.

Changed

• Rebuilt core generator, reflector, and validator internals.
• Aligned all adapters with the updated core behavior.
• Upgraded OpenAPI handling to improve version consistency and validation behavior (including 3.1.2 alignment).
• Prefixed package name in default schema definition names.
• Centralized operation method validation logic.

Fixed

• Hardened path and HTTP method generation behavior.

Removed

• Removed httprouter from the supported adapter list.
• Removed dependency on external OpenAPI generator packages (including github.com/swaggest/openapi-go) as part of the core generator rebuild.

... (truncated)

Changelog

Sourced from github.com/oaswrap/spec's changelog.

[0.5.1] - 2026-05-12

Added

• Logger debug feature for tracing spec generation behavior.
• InterceptSchema and InterceptProp reflector hooks for customizing schema and property generation.
• RequiredPropByValidateTag hook for marking fields required based on validate struct tags.
• ParentType field on InterceptPropParams for richer hook context.
• Automatic content-type detection from struct type when not explicitly set.
• encoding.TextMarshaler/TextUnmarshaler support: types implementing both interfaces (without json.Marshaler) are reflected as type: string.
• EmbedReferencer interface and refer:"true" struct tag: embedded structs opt into allOf $ref instead of field inlining.
• ParameterTagMapping now accepts openapi.ParameterInBody and openapi.ParameterInForm to override the struct tag used for JSON and form request body field names (defaults: json and form).

Changed

• Schema component names now always include the Go package name as a prefix (e.g., models.User → ModelsUser). This eliminates cross-package naming collisions without requiring caller-package detection. Use InterceptDefName or StripDefNamePrefix to remove the prefix if desired.
• DefNameCallerPkg field removed from ReflectorConfig; the caller-package detection mechanism in NewGenerator is removed.
• Package name sanitization handles multi-segment names (e.g., spec_test → SpecTest); unexported type names are title-cased when a package prefix is prepended.

Fixed

• uint8/uint16 reflected as int32 format; uint/uint32/uint64/uintptr reflected as int64 format.
• InterceptSchema/InterceptProp hook error propagation and correctness.
• RefSchema pre-hook: assign StructSchema fields onto existing pointer so pre-hook customizations (extensions, description) survive to the post-hook.
• ApplyNullable (OAS 3.1+): merge "null" into an existing []string type slice instead of silently skipping.
• Required field deduplication to prevent duplicates when both required struct tag and RequiredPropByValidateTag are used simultaneously.
• parentSnapshot restore on ErrSkipProperty in post-hooks to roll back parent schema mutations (AllOf, AnyOf, OneOf, extensions).
• Lint violations and YAML tag reading in MarshalYAML.

[0.5.0] - 2026-05-11

Added

• OpenAPI 3.2.0 support and expanded version-specific validation checks.
• Validation severity levels (Error, Warning, Info) with best-practice reporting.
• ValidateReport support across the core router and all adapters.
• Dirty-state tracking for incremental build behavior.
• Automatic injection of missing path parameters.
• Support for application/x-www-form-urlencoded querystring parameter content.
• Media type tag support in schema reflection.
• New Iris adapter: irisopenapi.

Changed

• Rebuilt core generator, reflector, and validator internals.
• Aligned all adapters with the updated core behavior.
• Upgraded OpenAPI handling to improve version consistency and validation behavior (including 3.1.2 alignment).
• Prefixed package name in default schema definition names.
• Centralized operation method validation logic.

Fixed

• Hardened path and HTTP method generation behavior.

Removed

• Removed httprouter from the supported adapter list.

... (truncated)

Commits

• 18bac0c ci: fix issue at upload sarif
• 280eee2 Merge pull request #63 from oaswrap/feat/logger
• 7475bb6 ci: update lint mechanism to use matrix strategy
• e464f9c ci: update linter to use action and adjust security to upload sarif
• 22042fa refactor(reflect)!: always prefix component names with package name
• f4d1d47 feat: extend ParameterTagMapping to override form and json body tags
• 34bb10b feat: add TextMarshaler reflection and embedded allOf $ref support
• 52e1343 docs: upadte changelog
• d4c3257 feat: auto set content type by struct if it not spesify set
• 5b14ae5 feat: add logger debug feature
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)