Prepare release v2.11.37

Cap TLS record length to RFC 8446 limit in ClientHello peeking
Validate healthcheck path configuration
2026-06-27 12:04:31 +00:00 · 2026-02-11 10:42:04 +01:00 · 2026-02-11 09:22:04 +01:00 · 2026-02-10 14:52:05 +01:00 · 2026-02-02 11:24:20 +01:00 · 2026-01-30 17:30:05 +01:00
293 changed files with 3413 additions and 6726 deletions
@@ -10,7 +10,7 @@ on:
      - 'script/gcg/**'

 env:
-  GO_VERSION: '1.24'
+  GO_VERSION: '1.25'
  CGO_ENABLED: 0

 jobs:
@@ -51,12 +51,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        env:
          ImageOS: ${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.goarm }}
        with:
@@ -64,7 +64,7 @@ jobs:
          check-latest: true

      - name: Artifact webui
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          name: webui.tar.gz

@@ -16,7 +16,7 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

@@ -28,7 +28,7 @@ jobs:
        run: ./docs/scripts/lint.sh docs

      - name: Setup python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: '3.12'
          cache: 'pip'
@@ -41,7 +41,7 @@ jobs:
          mkdocs build --strict

      - name: Setup ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@90be1154f987f4dc0fe0dd0feedac9e473aa4ba8 # v1.286.0
        with:
          ruby-version: '3.4'

@@ -54,7 +54,7 @@ jobs:

      # Comes from https://github.com/gjtorikian/html-proofer?tab=readme-ov-file#caching-with-continuous-integration
      - name: Cache HTMLProofer
-        uses: actions/cache@v4
+        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
        with:
          path: tmp/.htmlproofer
          key: ${{ runner.os }}-htmlproofer
@@ -28,17 +28,17 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

    - name: setup go
-      uses: actions/setup-go@v5
+      uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
      if: ${{ matrix.language == 'go' }}
      with:
        go-version-file: 'go.mod'

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@38e701f46e33fb233075bf4238cb1e5d68e429e4 # v3.31.11
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@38e701f46e33fb233075bf4238cb1e5d68e429e4 # v3.31.11

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -65,6 +65,6 @@ jobs:
    #     ./location_of_script_within_repo/buildscript.sh

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@38e701f46e33fb233075bf4238cb1e5d68e429e4 # v3.31.11
      with:
        category: "/language:${{matrix.language}}"
@@ -20,12 +20,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -7,7 +7,7 @@ on:
      - v*

 env:
-  GO_VERSION: '1.24'
+  GO_VERSION: '1.25'
  CGO_ENABLED: 0

 jobs:
@@ -23,12 +23,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        env:
          ImageOS: ${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.goarm }}
        with:
@@ -42,19 +42,19 @@ jobs:
        run: echo ${GITHUB_REF##*/}

      - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Artifact webui
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          name: webui.tar.gz

@@ -6,7 +6,7 @@ on:
      - 'v*.*.*'

 env:
-  GO_VERSION: '1.24'
+  GO_VERSION: '1.25'
  CGO_ENABLED: 0
  VERSION: ${{ github.ref_name }}
  TRAEFIKER_EMAIL: "traefiker@traefik.io"
@@ -30,12 +30,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        env:
          # Ensure cache consistency on Linux, see https://github.com/actions/setup-go/pull/383
          ImageOS: ${{ matrix.os }}
@@ -44,7 +44,7 @@ jobs:
          check-latest: true

      - name: Artifact webui
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          name: webui.tar.gz

@@ -63,7 +63,7 @@ jobs:
          echo "GORELEASER_CONFIG_FILE_PATH=$GORELEASER_CONFIG_FILE_PATH" >> $GITHUB_ENV

      - name: Build with goreleaser
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
        with:
          distribution: goreleaser
          # 'latest', 'nightly', or a semver
@@ -71,7 +71,7 @@ jobs:
          args: release --clean --timeout="90m" --config "${{ env.GORELEASER_CONFIG_FILE_PATH }}"

      - name: Artifact binaries
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: ${{ matrix.os }}-binaries
          path: |
@@ -89,12 +89,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Artifact webui
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          name: webui.tar.gz

@@ -111,7 +111,7 @@ jobs:
          echo "${TRAEFIKER_RSA}" | base64 --decode > ~/.ssh/traefiker_rsa

      - name: Download All Artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          path: dist/
          pattern: "*-binaries"
@@ -128,9 +128,9 @@ jobs:
            --exclude .idea \
            --exclude .github \
            --exclude dist .
-          
+
          chown -R "$(id -u)":"$(id -g)" dist/
          gh release create ${VERSION} ./dist/**/traefik*.{zip,tar.gz} ./dist/traefik*.{tar.gz,txt} --repo traefik/traefik --title ${VERSION} --notes ${VERSION} --latest=false
-          
+
          ./script/deploy.sh

@@ -10,12 +10,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Setup node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
        with:
          node-version-file: webui/.nvmrc
          cache: yarn
@@ -38,7 +38,7 @@ jobs:
          tar czvf webui.tar.gz ./webui/static/

      - name: Artifact webui
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: webui.tar.gz
          path: webui.tar.gz
@@ -10,7 +10,7 @@ on:
      - 'script/gcg/**'

 env:
-  GO_VERSION: '1.24'
+  GO_VERSION: '1.25'
  CGO_ENABLED: 0

 jobs:
@@ -20,12 +20,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        with:
          go-version: ${{ env.GO_VERSION }}
          check-latest: true
@@ -37,14 +37,14 @@ jobs:
        run: make binary-linux-amd64

      - name: Save go cache build
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
        with:
          path: |
            ~/.cache/go-build
          key: ${{ runner.os }}-go-build-cache-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}

      - name: Artifact traefik binary
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: traefik
          path: ./dist/linux/amd64/traefik
@@ -62,12 +62,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        with:
          go-version: ${{ env.GO_VERSION }}
          check-latest: true
@@ -76,7 +76,7 @@ jobs:
        run: touch webui/static/index.html

      - name: Download traefik binary
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          name: traefik
          path: ./dist/linux/amd64/
@@ -85,7 +85,7 @@ jobs:
        run: chmod +x ./dist/linux/amd64/traefik

      - name: Restore go cache build
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
        with:
          path: |
            ~/.cache/go-build
@@ -93,7 +93,7 @@ jobs:

      - name: Generate go test Slice
        id: test_split
-        uses: hashicorp-forge/go-test-split-action@v2.0.0
+        uses: hashicorp-forge/go-test-split-action@ddb2685fb140c29505663b405af7eb2cd953dd13 # v2.0.1
        with:
          packages: ./integration
          total: ${{ matrix.parallel }}
@@ -10,7 +10,7 @@ on:
      - 'script/gcg/**'

 env:
-  GO_VERSION: '1.24'
+  GO_VERSION: '1.25'

 jobs:

@@ -21,12 +21,12 @@ jobs:
      matrix: ${{ steps.set-matrix.outputs.matrix }}
    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        with:
          go-version: ${{ env.GO_VERSION }}
          check-latest: true
@@ -47,12 +47,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        with:
          go-version: ${{ env.GO_VERSION }}
          check-latest: true
@@ -69,12 +69,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
        with:
          node-version-file: webui/.nvmrc
          cache: 'yarn'
@@ -6,9 +6,9 @@ on:
      - '*'

 env:
-  GO_VERSION: '1.24'
-  GOLANGCI_LINT_VERSION: v2.0.2
-  MISSPELL_VERSION: v0.6.0
+  GO_VERSION: '1.25'
+  GOLANGCI_LINT_VERSION: v2.8.0
+  MISSPELL_VERSION: v0.7.0

 jobs:

@@ -17,18 +17,18 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        with:
          go-version: ${{ env.GO_VERSION }}
          check-latest: true

      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v7
+        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
        with:
          version: "${{ env.GOLANGCI_LINT_VERSION }}"

@@ -37,12 +37,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        with:
          go-version: ${{ env.GO_VERSION }}
          check-latest: true
@@ -61,12 +61,12 @@ jobs:

    steps:
      - name: Check out code
-        uses: actions/checkout@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          fetch-depth: 0

      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
        with:
          go-version: ${{ env.GO_VERSION }}
          check-latest: true
@@ -36,6 +36,7 @@ linters:
    - nilnil # Not relevant
    - nlreturn # Not relevant
    - noctx # Too strict
+    - noinlineerr # Too strict
    - nonamedreturns # Too strict
    - paralleltest # Not relevant
    - prealloc # Too many false-positive.
@@ -47,6 +48,7 @@ linters:
    - varnamelen # Not relevant
    - wrapcheck # Too strict
    - wsl # Too strict
+    - wsl_v5 # Too strict

  settings:
    depguard:
@@ -292,15 +294,31 @@ linters:
        source: 'errors.New\("Nomad provider'
        text: 'ST1005: error strings should not be capitalized'
      - path: (.+)\.go
-        text: 'struct-tag: unknown option ''inline'' in JSON tag'
+        text: 'omitzero: Omitempty has no effect on nested struct field'
+        linters:
+          - modernize
+      - path: (.+)\.go
+        text: 'struct-tag: unknown option "inline" in json tag'
        linters:
          - revive
      - path: (.+)\.go
-        text: 'struct-tag: unknown option ''omitzero'' in TOML tag'
+        text: 'struct-tag: unknown option "omitzero" in toml tag'
+        linters:
+          - revive
+      - path: (pkg/types/.+|pkg/api/.+)\.go
+        text: 'var-naming: avoid meaningless package names'
+        linters:
+          - revive
+      - path: (pkg/muxer/http/.+|pkg/provider/http/.+)\.go
+        text: 'var-naming: avoid package names that conflict with Go standard library package names'
        linters:
          - revive
      - path: (.+)\.go$
        text: 'SA1019: http.CloseNotifier has been deprecated' # FIXME must be fixed
+      - path: (.+)\.go$
+        text: 'SA1019: dynamic.(TCPIPWhiteList|IPWhiteList) is deprecated: please use IPAllowList instead.'
+      - path: (.+)\.go$
+        text: 'SA1019: middlewareTCP.Spec.IPWhiteList is deprecated: please use IPAllowList instead.'
      - path: (.+)\.go$
        text: 'SA1019: cfg.(SSLRedirect|SSLTemporaryRedirect|SSLHost|SSLForceHost|FeaturePolicy) is deprecated'
      - path: (.+)\.go$
@@ -1,3 +1,20 @@
+## [v2.11.37](https://github.com/traefik/traefik/tree/v2.11.37) (2026-02-11)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.36...v2.11.37)
+
+**Bug fixes:**
+- **[healthcheck]** Validate healthcheck path configuration (#12642 by @rtribotte)
+- **[tls, server]** Cap TLS record length to RFC 8446 limit in ClientHello peeking (#12638 by @mmatur)
+
+## [v2.11.36](https://github.com/traefik/traefik/tree/v2.11.36) (2026-02-02)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.35...v2.11.36)
+
+**Bug fixes:**
+- **[service]** Avoid recursion with services ([#12591](https://github.com/traefik/traefik/pull/12591) by [juliens](https://github.com/juliens))
+- **[webui]** Bump dependencies of documentation and webui ([#12581](https://github.com/traefik/traefik/pull/12581) by [gndz07](https://github.com/gndz07))
+
+**Documentation:**
+- Remove extra dots in migration guide ([#12573](https://github.com/traefik/traefik/pull/12573) by [rtribotte](https://github.com/rtribotte))
+
 ## [v2.11.35](https://github.com/traefik/traefik/tree/v2.11.35) (2026-01-14)
 [All Commits](https://github.com/traefik/traefik/compare/v2.11.34...v2.11.35)

@@ -10,6 +10,7 @@ import (
 // TraefikCmdConfiguration wraps the static configuration and extra parameters.
 type TraefikCmdConfiguration struct {
 	static.Configuration `export:"true"`
+
 	// ConfigFile is the path to the configuration file.
 	ConfigFile string `description:"Configuration file to use. If specified all other flags are ignored." export:"true"`
 }
@@ -83,7 +83,7 @@ func run(dest string) error {
 		return err
 	}

-	return os.WriteFile(filepath.Join(dest, "marshaler.go"), []byte(fmt.Sprintf(marsh, destPkg)), 0o666)
+	return os.WriteFile(filepath.Join(dest, "marshaler.go"), fmt.Appendf(nil, marsh, destPkg), 0o666)
 }

 func cleanType(typ types.Type, base string) string {
@@ -21,7 +21,7 @@ docs: docs-clean docs-image docs-lint docs-build docs-verify
 # Writer Mode: build and serve docs on http://localhost:8000 with livereload
 .PHONY: docs-serve
 docs-serve: docs-image
-	docker run  $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) mkdocs serve
+	docker run  $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) mkdocs serve -a 0.0.0.0:8000

 ## Pull image for doc building
 .PHONY: docs-pull-images
@@ -726,12 +726,12 @@ Here is the list of the encoded characters that are rejected by default, along w
 | Encoded Character | Character               | Config option to allow the encoded character                                         |
 |-------------------|-------------------------|--------------------------------------------------------------------------------------|
 | `%2f` or `%2F`    | `/` (slash)             | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedSlash`          |
-| `%5c` or `%5C`    | `\` (backslash)         | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedBackSlash`     |
-| `%00`             | `NULL` (null character) | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedNullCharacter` |
-| `%3b` or `%3B`    | `;` (semicolon)         | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedSemicolon`     |
-| `%25`             | `%` (percent)           | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedPercent`       |
-| `%3f` or `%3F`    | `?` (question mark)     | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedQuestionMark`  |
-| `%23`             | `#` (hash)              | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedHash`          |
+| `%5c` or `%5C`    | `\` (backslash)         | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedBackSlash`     |
+| `%00`             | `NULL` (null character) | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedNullCharacter` |
+| `%3b` or `%3B`    | `;` (semicolon)         | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedSemicolon`     |
+| `%25`             | `%` (percent)           | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedPercent`       |
+| `%3f` or `%3F`    | `?` (question mark)     | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedQuestionMark`  |
+| `%23`             | `#` (hash)              | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedHash`          |

 Note: This check is not done against query parameters,
 but only against the request path as defined in [RFC3986 section-3](https://datatracker.ietf.org/doc/html/rfc3986#section-3).
@@ -751,12 +751,12 @@ Here is the list of the encoded characters that can be configured to `false` to
 | Encoded Character | Character               | Config options                                                                       | Default value |
 |-------------------|-------------------------|--------------------------------------------------------------------------------------|---------------|
 | `%2f` or `%2F`    | `/` (slash)             | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedSlash`          | `true`        |
-| `%5c` or `%5C`    | `\` (backslash)         | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedBackSlash`     | `true`        |
-| `%00`             | `NULL` (null character) | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedNullCharacter` | `true`        |
-| `%3b` or `%3B`    | `;` (semicolon)         | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedSemicolon`     | `true`        |
-| `%25`             | `%` (percent)           | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedPercent`       | `true`        |
-| `%3f` or `%3F`    | `?` (question mark)     | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedQuestionMark`  | `true`        |
-| `%23`             | `#` (hash)              | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedHash`          | `true`        |
+| `%5c` or `%5C`    | `\` (backslash)         | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedBackSlash`     | `true`        |
+| `%00`             | `NULL` (null character) | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedNullCharacter` | `true`        |
+| `%3b` or `%3B`    | `;` (semicolon)         | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedSemicolon`     | `true`        |
+| `%25`             | `%` (percent)           | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedPercent`       | `true`        |
+| `%3f` or `%3F`    | `?` (question mark)     | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedQuestionMark`  | `true`        |
+| `%23`             | `#` (hash)              | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedHash`          | `true`        |

 Note: This check is not done against query parameters,
 but only against the request path as defined
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutes.traefik.io
 spec:
  group: traefik.io
@@ -290,7 +290,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutetcps.traefik.io
 spec:
  group: traefik.io
@@ -514,7 +514,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressrouteudps.traefik.io
 spec:
  group: traefik.io
@@ -618,7 +618,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewares.traefik.io
 spec:
  group: traefik.io
@@ -1273,6 +1273,7 @@ spec:
                  IPWhiteList holds the IP whitelist middleware configuration.
                  This middleware limits allowed requests based on the client IP.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+
                  Deprecated: please use IPAllowList instead.
                properties:
                  ipStrategy:
@@ -1598,7 +1599,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewaretcps.traefik.io
 spec:
  group: traefik.io
@@ -1663,8 +1664,9 @@ spec:
                description: |-
                  IPWhiteList defines the IPWhiteList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
-                  Deprecated: please use IPAllowList instead.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
+
+                  Deprecated: please use IPAllowList instead.
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -1685,7 +1687,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: serverstransports.traefik.io
 spec:
  group: traefik.io
@@ -1811,7 +1813,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsoptions.traefik.io
 spec:
  group: traefik.io
@@ -1907,6 +1909,7 @@ spec:
                description: |-
                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                  It is enabled automatically when minVersion or maxVersion is set.
+
                  Deprecated: https://github.com/golang/go/issues/45430
                type: boolean
              sniStrict:
@@ -1925,7 +1928,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsstores.traefik.io
 spec:
  group: traefik.io
@@ -2022,7 +2025,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: traefikservices.traefik.io
 spec:
  group: traefik.io
@@ -2433,7 +2436,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutes.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -2720,7 +2723,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutetcps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -2944,7 +2947,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressrouteudps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3048,7 +3051,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewares.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3703,6 +3706,7 @@ spec:
                  IPWhiteList holds the IP whitelist middleware configuration.
                  This middleware limits allowed requests based on the client IP.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+
                  Deprecated: please use IPAllowList instead.
                properties:
                  ipStrategy:
@@ -4028,7 +4032,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewaretcps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -4093,8 +4097,9 @@ spec:
                description: |-
                  IPWhiteList defines the IPWhiteList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
-                  Deprecated: please use IPAllowList instead.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
+
+                  Deprecated: please use IPAllowList instead.
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -4115,7 +4120,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: serverstransports.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -4241,7 +4246,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsoptions.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -4337,6 +4342,7 @@ spec:
                description: |-
                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                  It is enabled automatically when minVersion or maxVersion is set.
+
                  Deprecated: https://github.com/golang/go/issues/45430
                type: boolean
              sniStrict:
@@ -4355,7 +4361,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsstores.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -4452,7 +4458,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: traefikservices.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutes.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutetcps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressrouteudps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewares.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -658,6 +658,7 @@ spec:
                  IPWhiteList holds the IP whitelist middleware configuration.
                  This middleware limits allowed requests based on the client IP.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+
                  Deprecated: please use IPAllowList instead.
                properties:
                  ipStrategy:
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewaretcps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -68,8 +68,9 @@ spec:
                description: |-
                  IPWhiteList defines the IPWhiteList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
-                  Deprecated: please use IPAllowList instead.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
+
+                  Deprecated: please use IPAllowList instead.
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: serverstransports.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsoptions.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -99,6 +99,7 @@ spec:
                description: |-
                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                  It is enabled automatically when minVersion or maxVersion is set.
+
                  Deprecated: https://github.com/golang/go/issues/45430
                type: boolean
              sniStrict:
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsstores.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: traefikservices.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutes.traefik.io
 spec:
  group: traefik.io
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutetcps.traefik.io
 spec:
  group: traefik.io
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressrouteudps.traefik.io
 spec:
  group: traefik.io
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewares.traefik.io
 spec:
  group: traefik.io
@@ -658,6 +658,7 @@ spec:
                  IPWhiteList holds the IP whitelist middleware configuration.
                  This middleware limits allowed requests based on the client IP.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+
                  Deprecated: please use IPAllowList instead.
                properties:
                  ipStrategy:
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewaretcps.traefik.io
 spec:
  group: traefik.io
@@ -68,8 +68,9 @@ spec:
                description: |-
                  IPWhiteList defines the IPWhiteList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
-                  Deprecated: please use IPAllowList instead.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
+
+                  Deprecated: please use IPAllowList instead.
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: serverstransports.traefik.io
 spec:
  group: traefik.io
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsoptions.traefik.io
 spec:
  group: traefik.io
@@ -99,6 +99,7 @@ spec:
                description: |-
                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                  It is enabled automatically when minVersion or maxVersion is set.
+
                  Deprecated: https://github.com/golang/go/issues/45430
                type: boolean
              sniStrict:
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsstores.traefik.io
 spec:
  group: traefik.io
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: traefikservices.traefik.io
 spec:
  group: traefik.io
@@ -322,7 +322,7 @@ To propagate status changes (e.g. all servers of this service are down) upwards,

 Below are the available options for the health check mechanism:

- `path` (required), defines the server URL path for the health check endpoint .
+- `path` (required), defines the server URL path for the health check endpoint (must be a relative URL).
 - `scheme` (optional), replaces the server URL `scheme` for the health check endpoint.
 - `hostname` (optional), sets the value of `hostname` in the `Host` header of the health check request.
 - `port` (optional), replaces the server URL `port` for the health check endpoint.
@@ -28,7 +28,7 @@ theme:
    prev: 'Previous'
    next: 'Next'

-copyright: 'Traefik Labs • Copyright &copy; 2016-2025'
+copyright: 'Traefik Labs • Copyright &copy; 2016-2026'

 extra_javascript:
  - assets/js/hljs/highlight.pack.js # Download from https://highlightjs.org/download/ and enable YAML, TOML and Dockerfile
@@ -7,7 +7,7 @@ click==8.1.7
 colorama==0.4.6
 ghp-import==2.1.0
 importlib_metadata==7.1.0
-Jinja2==3.1.3
+Jinja2==3.1.6
 Markdown==3.3.6
 MarkupSafe==2.1.5
 mergedeep==1.3.4
@@ -20,4 +20,4 @@ PyYAML==6.0.1
 pyyaml_env_tag==0.1
 six==1.16.0
 watchdog==4.0.0
-zipp==3.18.1
+zipp==3.19.1
@@ -1,6 +1,6 @@
 module github.com/traefik/traefik/v2

-go 1.24.0
+go 1.25.0

 require (
 	github.com/BurntSushi/toml v1.5.0
@@ -168,7 +168,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575 // indirect
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
-	github.com/containerd/containerd v1.7.23 // indirect
+	github.com/containerd/containerd v1.7.29 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
@@ -338,8 +338,8 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ=
-github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
+github.com/containerd/containerd v1.7.29 h1:90fWABQsaN9mJhGkoVnuzEY+o1XDPbg9BTC9QTAHnuE=
+github.com/containerd/containerd v1.7.29/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
@@ -245,8 +245,7 @@ func digestParts(resp *http.Response) map[string]string {
 	result := map[string]string{}
 	if len(resp.Header["Www-Authenticate"]) > 0 {
 		wantedHeaders := []string{"nonce", "realm", "qop", "opaque"}
-		responseHeaders := strings.Split(resp.Header["Www-Authenticate"][0], ",")
-		for _, r := range responseHeaders {
+		for r := range strings.SplitSeq(resp.Header["Www-Authenticate"][0], ",") {
 			for _, w := range wantedHeaders {
 				if strings.Contains(r, w) {
 					result[w] = strings.Split(r, `"`)[1]
@@ -27,6 +27,7 @@ import (
 // ACME test suites.
 type AcmeSuite struct {
 	BaseSuite
+
 	pebbleIP      string
 	fakeDNSServer *dns.Server
 }
@@ -63,11 +64,6 @@ const (
 	wildcardDomain = "*.acme.wtf"
 )

-func (s *AcmeSuite) getAcmeURL() string {
-	return fmt.Sprintf("https://%s/dir",
-		net.JoinHostPort(s.pebbleIP, "14000"))
-}
-
 func setupPebbleRootCA() (*http.Transport, error) {
 	path, err := filepath.Abs("fixtures/acme/ssl/pebble.minica.pem")
 	if err != nil {
@@ -540,3 +536,8 @@ func (s *AcmeSuite) retrieveAcmeCertificate(testCase acmeTestCase) {
 		assert.Equal(s.T(), sub.expectedAlgorithm, gotPublicKeyAlgorithm)
 	}
 }
+
+func (s *AcmeSuite) getAcmeURL() string {
+	return fmt.Sprintf("https://%s/dir",
+		net.JoinHostPort(s.pebbleIP, "14000"))
+}
@@ -16,6 +16,7 @@ import (

 type ConsulCatalogSuite struct {
 	BaseSuite
+
 	consulClient      *api.Client
 	consulAgentClient *api.Client
 	consulURL         string
@@ -53,47 +54,6 @@ func (s *ConsulCatalogSuite) TearDownSuite() {
 	s.BaseSuite.TearDownSuite()
 }

-func (s *ConsulCatalogSuite) waitToElectConsulLeader() error {
-	return try.Do(15*time.Second, func() error {
-		leader, err := s.consulClient.Status().Leader()
-
-		if err != nil || len(leader) == 0 {
-			return fmt.Errorf("leader not found. %w", err)
-		}
-
-		return nil
-	})
-}
-
-func (s *ConsulCatalogSuite) waitForConnectCA() error {
-	return try.Do(15*time.Second, func() error {
-		caroots, _, err := s.consulClient.Connect().CARoots(nil)
-
-		if err != nil || len(caroots.Roots) == 0 {
-			return fmt.Errorf("connect CA not fully initialized. %w", err)
-		}
-
-		return nil
-	})
-}
-
-func (s *ConsulCatalogSuite) registerService(reg *api.AgentServiceRegistration, onAgent bool) error {
-	client := s.consulClient
-	if onAgent {
-		client = s.consulAgentClient
-	}
-
-	return client.Agent().ServiceRegister(reg)
-}
-
-func (s *ConsulCatalogSuite) deregisterService(id string, onAgent bool) error {
-	client := s.consulClient
-	if onAgent {
-		client = s.consulAgentClient
-	}
-	return client.Agent().ServiceDeregister(id)
-}
-
 func (s *ConsulCatalogSuite) TestWithNotExposedByDefaultAndDefaultsSettings() {
 	reg1 := &api.AgentServiceRegistration{
 		ID:      "whoami1",
@@ -847,3 +807,44 @@ func (s *ConsulCatalogSuite) TestConsulConnect_NotAware() {
 	err = s.deregisterService("whoami1", false)
 	require.NoError(s.T(), err)
 }
+
+func (s *ConsulCatalogSuite) waitToElectConsulLeader() error {
+	return try.Do(15*time.Second, func() error {
+		leader, err := s.consulClient.Status().Leader()
+
+		if err != nil || len(leader) == 0 {
+			return fmt.Errorf("leader not found. %w", err)
+		}
+
+		return nil
+	})
+}
+
+func (s *ConsulCatalogSuite) waitForConnectCA() error {
+	return try.Do(15*time.Second, func() error {
+		caroots, _, err := s.consulClient.Connect().CARoots(nil)
+
+		if err != nil || len(caroots.Roots) == 0 {
+			return fmt.Errorf("connect CA not fully initialized. %w", err)
+		}
+
+		return nil
+	})
+}
+
+func (s *ConsulCatalogSuite) registerService(reg *api.AgentServiceRegistration, onAgent bool) error {
+	client := s.consulClient
+	if onAgent {
+		client = s.consulAgentClient
+	}
+
+	return client.Agent().ServiceRegister(reg)
+}
+
+func (s *ConsulCatalogSuite) deregisterService(id string, onAgent bool) error {
+	client := s.consulClient
+	if onAgent {
+		client = s.consulAgentClient
+	}
+	return client.Agent().ServiceDeregister(id)
+}
@@ -26,6 +26,7 @@ import (
 // Consul test suites.
 type ConsulSuite struct {
 	BaseSuite
+
 	kvClient  store.Store
 	consulURL string
 }
@@ -164,16 +165,6 @@ func (s *ConsulSuite) TestSimpleConfiguration() {
 	}
 }

-func (s *ConsulSuite) assertWhoami(host string, expectedStatusCode int) {
-	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
-	require.NoError(s.T(), err)
-	req.Host = host
-
-	resp, err := try.ResponseUntilStatusCode(req, 15*time.Second, expectedStatusCode)
-	require.NoError(s.T(), err)
-	resp.Body.Close()
-}
-
 func (s *ConsulSuite) TestDeleteRootKey() {
 	// This test case reproduce the issue: https://github.com/traefik/traefik/issues/8092

@@ -222,3 +213,13 @@ func (s *ConsulSuite) TestDeleteRootKey() {
 	s.assertWhoami("kv1.localhost", http.StatusNotFound)
 	s.assertWhoami("kv2.localhost", http.StatusNotFound)
 }
+
+func (s *ConsulSuite) assertWhoami(host string, expectedStatusCode int) {
+	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
+	require.NoError(s.T(), err)
+	req.Host = host
+
+	resp, err := try.ResponseUntilStatusCode(req, 15*time.Second, expectedStatusCode)
+	require.NoError(s.T(), err)
+	resp.Body.Close()
+}
@@ -81,7 +81,7 @@ func (s *DockerSuite) TestDefaultDockerContainers() {
 	body, err := io.ReadAll(resp.Body)
 	require.NoError(s.T(), err)

-	var version map[string]interface{}
+	var version map[string]any

 	assert.NoError(s.T(), json.Unmarshal(body, &version))
 	assert.Equal(s.T(), "swarm/1.0.0", version["Version"])
@@ -145,7 +145,7 @@ func (s *DockerSuite) TestDockerContainersWithLabels() {
 	body, err := io.ReadAll(resp.Body)
 	require.NoError(s.T(), err)

-	var version map[string]interface{}
+	var version map[string]any

 	assert.NoError(s.T(), json.Unmarshal(body, &version))
 	assert.Equal(s.T(), "swarm/1.0.0", version["Version"])
@@ -203,7 +203,7 @@ func (s *DockerSuite) TestRestartDockerContainers() {
 	body, err := io.ReadAll(resp.Body)
 	require.NoError(s.T(), err)

-	var version map[string]interface{}
+	var version map[string]any

 	assert.NoError(s.T(), json.Unmarshal(body, &version))
 	assert.Equal(s.T(), "swarm/1.0.0", version["Version"])
@@ -14,6 +14,7 @@ import (
 // ErrorPagesSuite test suites.
 type ErrorPagesSuite struct {
 	BaseSuite
+
 	ErrorPageIP string
 	BackendIP   string
 }
@@ -24,6 +24,7 @@ import (
 // etcd test suites.
 type EtcdSuite struct {
 	BaseSuite
+
 	kvClient store.Store
 	etcdAddr string
 }
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutes.traefik.io
 spec:
  group: traefik.io
@@ -290,7 +290,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutetcps.traefik.io
 spec:
  group: traefik.io
@@ -514,7 +514,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressrouteudps.traefik.io
 spec:
  group: traefik.io
@@ -618,7 +618,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewares.traefik.io
 spec:
  group: traefik.io
@@ -1273,6 +1273,7 @@ spec:
                  IPWhiteList holds the IP whitelist middleware configuration.
                  This middleware limits allowed requests based on the client IP.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+
                  Deprecated: please use IPAllowList instead.
                properties:
                  ipStrategy:
@@ -1598,7 +1599,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewaretcps.traefik.io
 spec:
  group: traefik.io
@@ -1663,8 +1664,9 @@ spec:
                description: |-
                  IPWhiteList defines the IPWhiteList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
-                  Deprecated: please use IPAllowList instead.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
+
+                  Deprecated: please use IPAllowList instead.
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -1685,7 +1687,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: serverstransports.traefik.io
 spec:
  group: traefik.io
@@ -1811,7 +1813,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsoptions.traefik.io
 spec:
  group: traefik.io
@@ -1907,6 +1909,7 @@ spec:
                description: |-
                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                  It is enabled automatically when minVersion or maxVersion is set.
+
                  Deprecated: https://github.com/golang/go/issues/45430
                type: boolean
              sniStrict:
@@ -1925,7 +1928,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsstores.traefik.io
 spec:
  group: traefik.io
@@ -2022,7 +2025,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: traefikservices.traefik.io
 spec:
  group: traefik.io
@@ -2433,7 +2436,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutes.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -2720,7 +2723,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressroutetcps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -2944,7 +2947,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: ingressrouteudps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3048,7 +3051,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewares.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -3703,6 +3706,7 @@ spec:
                  IPWhiteList holds the IP whitelist middleware configuration.
                  This middleware limits allowed requests based on the client IP.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+
                  Deprecated: please use IPAllowList instead.
                properties:
                  ipStrategy:
@@ -4028,7 +4032,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: middlewaretcps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -4093,8 +4097,9 @@ spec:
                description: |-
                  IPWhiteList defines the IPWhiteList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
-                  Deprecated: please use IPAllowList instead.
                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
+
+                  Deprecated: please use IPAllowList instead.
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -4115,7 +4120,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: serverstransports.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -4241,7 +4246,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsoptions.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -4337,6 +4342,7 @@ spec:
                description: |-
                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                  It is enabled automatically when minVersion or maxVersion is set.
+
                  Deprecated: https://github.com/golang/go/issues/45430
                type: boolean
              sniStrict:
@@ -4355,7 +4361,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: tlsstores.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -4452,7 +4458,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.1
+    controller-gen.kubebuilder.io/version: v0.19.0
  name: traefikservices.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -19,6 +19,7 @@ import (
 // HealthCheck test suites.
 type HealthCheckSuite struct {
 	BaseSuite
+
 	whoami1IP string
 	whoami2IP string
 	whoami3IP string
@@ -305,7 +306,7 @@ func (s *HealthCheckSuite) TestPropagate() {
 		require.NoError(s.T(), err)
 	}

-	try.Sleep(time.Second)
+	try.Sleep(time.Second) //nolint:staticcheck // Intentional use for integration test timing.

 	want2 := `IP: ` + s.whoami2IP
 	want4 := `IP: ` + s.whoami4IP
@@ -387,7 +388,7 @@ func (s *HealthCheckSuite) TestPropagate() {
 		require.NoError(s.T(), err)
 	}

-	try.Sleep(time.Second)
+	try.Sleep(time.Second) //nolint:staticcheck // Intentional use for integration test timing.

 	// Verify that everything is down, and that we get 503s everywhere.
 	for range 2 {
@@ -413,7 +414,7 @@ func (s *HealthCheckSuite) TestPropagate() {
 		require.NoError(s.T(), err)
 	}

-	try.Sleep(time.Second)
+	try.Sleep(time.Second) //nolint:staticcheck // Intentional use for integration test timing.

 	// Verify everything is up on root router.
 	reachedServers = make(map[string]int)
@@ -187,7 +187,7 @@ func RegisterGreeterServer(s *grpc.Server, srv GreeterServer) {
 	s.RegisterService(&_Greeter_serviceDesc, srv)
 }

-func _Greeter_SayHello_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+func _Greeter_SayHello_Handler(srv any, ctx context.Context, dec func(any) error, interceptor grpc.UnaryServerInterceptor) (any, error) {
 	in := new(HelloRequest)
 	if err := dec(in); err != nil {
 		return nil, err
@@ -199,13 +199,13 @@ func _Greeter_SayHello_Handler(srv interface{}, ctx context.Context, dec func(in
 		Server:     srv,
 		FullMethod: "/helloworld.Greeter/SayHello",
 	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+	handler := func(ctx context.Context, req any) (any, error) {
 		return srv.(GreeterServer).SayHello(ctx, req.(*HelloRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }

-func _Greeter_StreamExample_Handler(srv interface{}, stream grpc.ServerStream) error {
+func _Greeter_StreamExample_Handler(srv any, stream grpc.ServerStream) error {
 	m := new(StreamExampleRequest)
 	if err := stream.RecvMsg(m); err != nil {
 		return err
@@ -876,40 +876,6 @@ func (s *HTTPSSuite) TestWithSNIDynamicConfigRouteWithTlsConfigurationDeletion()
 	require.NoError(s.T(), err)
 }

-// modifyCertificateConfFileContent replaces the content of a HTTPS configuration file.
-func (s *HTTPSSuite) modifyCertificateConfFileContent(certFileName, confFileName string) {
-	file, err := os.OpenFile("./"+confFileName, os.O_WRONLY, os.ModeExclusive)
-	require.NoError(s.T(), err)
-	defer func() {
-		file.Close()
-	}()
-	err = file.Truncate(0)
-	require.NoError(s.T(), err)
-
-	// If certificate file is not provided, just truncate the configuration file
-	if len(certFileName) > 0 {
-		tlsConf := dynamic.Configuration{
-			TLS: &dynamic.TLSConfiguration{
-				Certificates: []*traefiktls.CertAndStores{
-					{
-						Certificate: traefiktls.Certificate{
-							CertFile: traefiktls.FileOrContent("fixtures/https/" + certFileName + ".cert"),
-							KeyFile:  traefiktls.FileOrContent("fixtures/https/" + certFileName + ".key"),
-						},
-					},
-				},
-			},
-		}
-
-		var confBuffer bytes.Buffer
-		err := toml.NewEncoder(&confBuffer).Encode(tlsConf)
-		require.NoError(s.T(), err)
-
-		_, err = file.Write(confBuffer.Bytes())
-		require.NoError(s.T(), err)
-	}
-}
-
 func (s *HTTPSSuite) TestEntryPointHttpsRedirectAndPathModification() {
 	file := s.adaptFile("fixtures/https/https_redirect.toml", struct{}{})
 	s.traefikCmd(withConfigFile(file))
@@ -1176,6 +1142,40 @@ func (s *HTTPSSuite) TestWithInvalidTLSOption() {
 	}
 }

+// modifyCertificateConfFileContent replaces the content of a HTTPS configuration file.
+func (s *HTTPSSuite) modifyCertificateConfFileContent(certFileName, confFileName string) {
+	file, err := os.OpenFile("./"+confFileName, os.O_WRONLY, os.ModeExclusive)
+	require.NoError(s.T(), err)
+	defer func() {
+		file.Close()
+	}()
+	err = file.Truncate(0)
+	require.NoError(s.T(), err)
+
+	// If certificate file is not provided, just truncate the configuration file
+	if len(certFileName) > 0 {
+		tlsConf := dynamic.Configuration{
+			TLS: &dynamic.TLSConfiguration{
+				Certificates: []*traefiktls.CertAndStores{
+					{
+						Certificate: traefiktls.Certificate{
+							CertFile: traefiktls.FileOrContent("fixtures/https/" + certFileName + ".cert"),
+							KeyFile:  traefiktls.FileOrContent("fixtures/https/" + certFileName + ".key"),
+						},
+					},
+				},
+			},
+		}
+
+		var confBuffer bytes.Buffer
+		err := toml.NewEncoder(&confBuffer).Encode(tlsConf)
+		require.NoError(s.T(), err)
+
+		_, err = file.Write(confBuffer.Bytes())
+		require.NoError(s.T(), err)
+	}
+}
+
 func (s *SimpleSuite) TestMaxConcurrentStream() {
 	file := s.adaptFile("fixtures/https/max_concurrent_stream.toml", struct{}{})

@@ -61,45 +61,12 @@ type composeDeploy struct {

 type BaseSuite struct {
 	suite.Suite
+
 	containers map[string]testcontainers.Container
 	network    *testcontainers.DockerNetwork
 	hostIP     string
 }

-func (s *BaseSuite) waitForTraefik(containerName string) {
-	time.Sleep(1 * time.Second)
-
-	// Wait for Traefik to turn ready.
-	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/api/rawdata", nil)
-	require.NoError(s.T(), err)
-
-	err = try.Request(req, 2*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains(containerName))
-	require.NoError(s.T(), err)
-}
-
-func (s *BaseSuite) displayTraefikLogFile(path string) {
-	if s.T().Failed() {
-		if _, err := os.Stat(path); !os.IsNotExist(err) {
-			content, errRead := os.ReadFile(path)
-			// TODO TestName
-			// fmt.Printf("%s: Traefik logs: \n", c.TestName())
-			fmt.Print("Traefik logs: \n")
-			if errRead == nil {
-				fmt.Println(string(content))
-			} else {
-				fmt.Println(errRead)
-			}
-		} else {
-			// fmt.Printf("%s: No Traefik logs.\n", c.TestName())
-			fmt.Print("No Traefik logs.\n")
-		}
-		errRemove := os.Remove(path)
-		if errRemove != nil {
-			fmt.Println(errRemove)
-		}
-	}
-}
-
 func (s *BaseSuite) SetupSuite() {
 	if isDockerDesktop(context.Background(), s.T()) {
 		_, err := os.Stat(tailscaleSecretFilePath)
@@ -400,7 +367,7 @@ func (s *BaseSuite) displayTraefikLog(output *bytes.Buffer) {
 	if output == nil || output.Len() == 0 {
 		log.WithoutContext().Info("No Traefik logs.")
 	} else {
-		for _, line := range strings.Split(output.String(), "\n") {
+		for line := range strings.SplitSeq(output.String(), "\n") {
 			log.WithoutContext().Info(line)
 		}
 	}
@@ -416,7 +383,7 @@ func (s *BaseSuite) getDockerHost() string {
 	return dockerHost
 }

-func (s *BaseSuite) adaptFile(path string, tempObjects interface{}) string {
+func (s *BaseSuite) adaptFile(path string, tempObjects any) string {
 	// Load file
 	tmpl, err := template.ParseFiles(path)
 	require.NoError(s.T(), err)
@@ -504,3 +471,37 @@ func (s *BaseSuite) composeExec(service string, args ...string) string {

 	return string(content)
 }
+
+func (s *BaseSuite) waitForTraefik(containerName string) {
+	time.Sleep(1 * time.Second)
+
+	// Wait for Traefik to turn ready.
+	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/api/rawdata", nil)
+	require.NoError(s.T(), err)
+
+	err = try.Request(req, 2*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains(containerName))
+	require.NoError(s.T(), err)
+}
+
+func (s *BaseSuite) displayTraefikLogFile(path string) {
+	if s.T().Failed() {
+		if _, err := os.Stat(path); !os.IsNotExist(err) {
+			content, errRead := os.ReadFile(path)
+			// TODO TestName
+			// fmt.Printf("%s: Traefik logs: \n", c.TestName())
+			fmt.Print("Traefik logs: \n")
+			if errRead == nil {
+				fmt.Println(string(content))
+			} else {
+				fmt.Println(errRead)
+			}
+		} else {
+			// fmt.Printf("%s: No Traefik logs.\n", c.TestName())
+			fmt.Print("No Traefik logs.\n")
+		}
+		errRemove := os.Remove(path)
+		if errRemove != nil {
+			fmt.Println(errRemove)
+		}
+	}
+}
@@ -1,5 +1,4 @@
 //go:build !windows
-// +build !windows

 package integration

@@ -14,6 +14,7 @@ import (
 // Marathon test suites.
 type MarathonSuite15 struct {
 	BaseSuite
+
 	marathonURL string
 }

@@ -16,6 +16,7 @@ const containerNameMarathon = "marathon"
 // Marathon test suites.
 type MarathonSuite struct {
 	BaseSuite
+
 	marathonURL string
 }

@@ -3,6 +3,7 @@ package integration
 import (
 	"bufio"
 	"net"
+	"strings"
 	"testing"
 	"time"

@@ -15,6 +16,7 @@ import (

 type ProxyProtocolSuite struct {
 	BaseSuite
+
 	whoamiIP string
 }

@@ -124,15 +126,16 @@ func proxyProtoRequest(address string, version byte) (string, error) {
 	}

 	// Read the response from the server
-	var content string
+	var content strings.Builder
 	scanner := bufio.NewScanner(conn)
 	for scanner.Scan() {
-		content += scanner.Text() + "\n"
+		content.WriteString(scanner.Text())
+		content.WriteString("\n")
 	}

 	if scanner.Err() != nil {
 		return "", err
 	}

-	return content, nil
+	return content.String(), nil
 }
@@ -12,6 +12,7 @@ import (

 type RateLimitSuite struct {
 	BaseSuite
+
 	ServerIP string
 }

@@ -29,6 +29,7 @@ import (
 // Redis test suites.
 type RedisSentinelSuite struct {
 	BaseSuite
+
 	kvClient       store.Store
 	redisEndpoints []string
 }
@@ -76,36 +77,6 @@ func (s *RedisSentinelSuite) TearDownSuite() {
 	}
 }

-func (s *RedisSentinelSuite) setupSentinelConfiguration(ports []string) {
-	for i, port := range ports {
-		templateValue := struct{ SentinelPort string }{SentinelPort: port}
-
-		// Load file
-		templateFile := "resources/compose/config/sentinel_template.conf"
-		tmpl, err := template.ParseFiles(templateFile)
-		require.NoError(s.T(), err)
-
-		folder, prefix := filepath.Split(templateFile)
-
-		fileName := fmt.Sprintf("%s/sentinel%d.conf", folder, i+1)
-		tmpFile, err := os.Create(fileName)
-		require.NoError(s.T(), err)
-		defer tmpFile.Close()
-
-		err = tmpFile.Chmod(0o666)
-		require.NoError(s.T(), err)
-
-		model := structs.Map(templateValue)
-		model["SelfFilename"] = tmpFile.Name()
-
-		err = tmpl.ExecuteTemplate(tmpFile, prefix, model)
-		require.NoError(s.T(), err)
-
-		err = tmpFile.Sync()
-		require.NoError(s.T(), err)
-	}
-}
-
 func (s *RedisSentinelSuite) TestSentinelConfiguration() {
 	file := s.adaptFile("fixtures/redis/sentinel.toml", struct{ RedisAddress string }{
 		RedisAddress: strings.Join(s.redisEndpoints, `","`),
@@ -202,3 +173,33 @@ func (s *RedisSentinelSuite) TestSentinelConfiguration() {
 		log.WithoutContext().Info(text)
 	}
 }
+
+func (s *RedisSentinelSuite) setupSentinelConfiguration(ports []string) {
+	for i, port := range ports {
+		templateValue := struct{ SentinelPort string }{SentinelPort: port}
+
+		// Load file
+		templateFile := "resources/compose/config/sentinel_template.conf"
+		tmpl, err := template.ParseFiles(templateFile)
+		require.NoError(s.T(), err)
+
+		folder, prefix := filepath.Split(templateFile)
+
+		fileName := fmt.Sprintf("%s/sentinel%d.conf", folder, i+1)
+		tmpFile, err := os.Create(fileName)
+		require.NoError(s.T(), err)
+		defer tmpFile.Close()
+
+		err = tmpFile.Chmod(0o666)
+		require.NoError(s.T(), err)
+
+		model := structs.Map(templateValue)
+		model["SelfFilename"] = tmpFile.Name()
+
+		err = tmpl.ExecuteTemplate(tmpFile, prefix, model)
+		require.NoError(s.T(), err)
+
+		err = tmpFile.Sync()
+		require.NoError(s.T(), err)
+	}
+}
@@ -25,6 +25,7 @@ import (
 // Redis test suites.
 type RedisSuite struct {
 	BaseSuite
+
 	kvClient       store.Store
 	redisEndpoints []string
 }
@@ -18,6 +18,7 @@ import (

 type RestSuite struct {
 	BaseSuite
+
 	whoamiAddr string
 }

@@ -15,6 +15,7 @@ import (

 type RetrySuite struct {
 	BaseSuite
+
 	whoamiIP string
 }

@@ -12,6 +12,7 @@ import (

 type TracingSuite struct {
 	BaseSuite
+
 	whoamiIP       string
 	whoamiPort     int
 	tracerZipkinIP string
@@ -43,15 +44,6 @@ func (s *TracingSuite) TearDownSuite() {
 	s.BaseSuite.TearDownSuite()
 }

-func (s *TracingSuite) startZipkin() {
-	s.composeUp("zipkin")
-	s.tracerZipkinIP = s.getComposeServiceIP("zipkin")
-
-	// Wait for Zipkin to turn ready.
-	err := try.GetRequest("http://"+s.tracerZipkinIP+":9411/api/v2/services", 20*time.Second, try.StatusCodeIs(http.StatusOK))
-	require.NoError(s.T(), err)
-}
-
 func (s *TracingSuite) TestZipkinRateLimit() {
 	s.startZipkin()

@@ -141,15 +133,6 @@ func (s *TracingSuite) TestZipkinAuth() {
 	require.NoError(s.T(), err)
 }

-func (s *TracingSuite) startJaeger() {
-	s.composeUp("jaeger", "whoami")
-	s.tracerJaegerIP = s.getComposeServiceIP("jaeger")
-
-	// Wait for Jaeger to turn ready.
-	err := try.GetRequest("http://"+s.tracerJaegerIP+":16686/api/services", 20*time.Second, try.StatusCodeIs(http.StatusOK))
-	require.NoError(s.T(), err)
-}
-
 func (s *TracingSuite) TestJaegerRateLimit() {
 	s.startJaeger()
 	// defer s.composeStop(c, "jaeger")
@@ -290,3 +273,21 @@ func (s *TracingSuite) TestJaegerAuthCollector() {
 	err = try.GetRequest("http://"+s.tracerJaegerIP+":16686/api/traces?service=tracing", 20*time.Second, try.BodyContains("EntryPoint web", "basic-auth@file"))
 	require.NoError(s.T(), err)
 }
+
+func (s *TracingSuite) startZipkin() {
+	s.composeUp("zipkin")
+	s.tracerZipkinIP = s.getComposeServiceIP("zipkin")
+
+	// Wait for Zipkin to turn ready.
+	err := try.GetRequest("http://"+s.tracerZipkinIP+":9411/api/v2/services", 20*time.Second, try.StatusCodeIs(http.StatusOK))
+	require.NoError(s.T(), err)
+}
+
+func (s *TracingSuite) startJaeger() {
+	s.composeUp("jaeger", "whoami")
+	s.tracerJaegerIP = s.getComposeServiceIP("jaeger")
+
+	// Wait for Jaeger to turn ready.
+	err := try.GetRequest("http://"+s.tracerJaegerIP+":16686/api/services", 20*time.Second, try.StatusCodeIs(http.StatusOK))
+	require.NoError(s.T(), err)
+}
@@ -19,6 +19,7 @@ const (
 type timedAction func(timeout time.Duration, operation DoCondition) error

 // Sleep pauses the current goroutine for at least the duration d.
+//
 // Deprecated: Use only when use another Try[...] functions is not possible.
 func Sleep(d time.Duration) {
 	d = applyCIMultiplier(d)
@@ -92,10 +93,7 @@ func Do(timeout time.Duration, operation DoCondition) error {
 		panic("timeout must be larger than zero")
 	}

-	interval := time.Duration(math.Ceil(float64(timeout) / 15.0))
-	if interval > maxInterval {
-		interval = maxInterval
-	}
+	interval := min(time.Duration(math.Ceil(float64(timeout)/15.0)), maxInterval)

 	timeout = applyCIMultiplier(timeout)

@@ -166,7 +164,7 @@ func doRequest(action timedAction, timeout time.Duration, request *http.Request,
 func applyCIMultiplier(timeout time.Duration) time.Duration {
 	ci := os.Getenv("CI")
 	if len(ci) > 0 {
-		log.Debug("Apply CI multiplier:", CITimeoutMultiplier)
+		log.WithoutContext().Debug("Apply CI multiplier:", CITimeoutMultiplier)
 		return time.Duration(float64(timeout) * CITimeoutMultiplier)
 	}
 	return timeout
@@ -25,6 +25,7 @@ import (
 // Zk test suites.
 type ZookeeperSuite struct {
 	BaseSuite
+
 	kvClient      store.Store
 	zookeeperAddr string
 }
@@ -78,7 +78,7 @@ func main() {
 		logger.Fatal(err)
 	}

-	genStaticConfDoc("./docs/content/reference/static-configuration/env-ref.md", "", func(i interface{}) ([]parser.Flat, error) {
+	genStaticConfDoc("./docs/content/reference/static-configuration/env-ref.md", "", func(i any) ([]parser.Flat, error) {
 		return env.Encode(env.DefaultNamePrefix, i)
 	})
 	genStaticConfDoc("./docs/content/reference/static-configuration/cli-ref.md", "--", flag.Encode)
@@ -240,7 +240,7 @@ func clean(element any) {
 	valSvcs.SetMapIndex(reflect.ValueOf(fmt.Sprintf("%s1", valueSvcRoot.Type().Name())), reflect.Value{})
 }

-func genStaticConfDoc(outputFile, prefix string, encodeFn func(interface{}) ([]parser.Flat, error)) {
+func genStaticConfDoc(outputFile, prefix string, encodeFn func(any) ([]parser.Flat, error)) {
 	logger := log.WithoutContext().WithField("file", outputFile)

 	element := &cmd.NewTraefikConfiguration().Configuration
@@ -309,7 +309,7 @@ type errWriter struct {
 	err error
 }

-func (ew *errWriter) writeln(a ...interface{}) {
+func (ew *errWriter) writeln(a ...any) {
 	if ew.err != nil {
 		return
 	}
@@ -319,15 +319,15 @@ func (ew *errWriter) writeln(a ...interface{}) {

 func genKVDynConfDoc(outputFile string) {
 	dynConfPath := "./docs/content/reference/dynamic-configuration/file.toml"
-	conf := map[string]interface{}{}
+	conf := map[string]any{}
 	_, err := toml.DecodeFile(dynConfPath, &conf)
 	if err != nil {
-		log.Fatal(err)
+		log.WithoutContext().Fatal(err)
 	}

 	file, err := os.Create(outputFile)
 	if err != nil {
-		log.Fatal(err)
+		log.WithoutContext().Fatal(err)
 	}

 	store := storeWriter{data: map[string]string{}}
@@ -335,7 +335,7 @@ func genKVDynConfDoc(outputFile string) {
 	c := client{store: store}
 	err = c.load("traefik", conf)
 	if err != nil {
-		log.Fatal(err)
+		log.WithoutContext().Fatal(err)
 	}

 	var keys []string
@@ -374,10 +374,10 @@ type client struct {
 	store storeWriter
 }

-func (c client) load(parentKey string, conf map[string]interface{}) error {
+func (c client) load(parentKey string, conf map[string]any) error {
 	for k, v := range conf {
 		switch entry := v.(type) {
-		case map[string]interface{}:
+		case map[string]any:
 			key := path.Join(parentKey, k)

 			if len(entry) == 0 {
@@ -391,7 +391,7 @@ func (c client) load(parentKey string, conf map[string]interface{}) error {
 					return err
 				}
 			}
-		case []map[string]interface{}:
+		case []map[string]any:
 			for i, o := range entry {
 				key := path.Join(parentKey, k, strconv.Itoa(i))

@@ -399,11 +399,11 @@ func (c client) load(parentKey string, conf map[string]interface{}) error {
 					return err
 				}
 			}
-		case []interface{}:
+		case []any:
 			for i, o := range entry {
 				key := path.Join(parentKey, k, strconv.Itoa(i))

-				err := c.store.Put(key, []byte(fmt.Sprintf("%v", o)), nil)
+				err := c.store.Put(key, fmt.Appendf(nil, "%v", o), nil)
 				if err != nil {
 					return err
 				}
@@ -411,7 +411,7 @@ func (c client) load(parentKey string, conf map[string]interface{}) error {
 		default:
 			key := path.Join(parentKey, k)

-			err := c.store.Put(key, []byte(fmt.Sprintf("%v", v)), nil)
+			err := c.store.Put(key, fmt.Appendf(nil, "%v", v), nil)
 			if err != nil {
 				return err
 			}
@@ -38,7 +38,7 @@ func encodeNode(labels map[string]string, root string, node *parser.Node) {
 	}
 }

-func encodeRawValue(labels map[string]string, root string, rawValue interface{}) {
+func encodeRawValue(labels map[string]string, root string, rawValue any) {
 	if rawValue == nil {
 		return
 	}
@@ -47,14 +47,14 @@ func encodeRawValue(labels map[string]string, root string, rawValue interface{})

 	if tValue.Kind() == reflect.Map && tValue.Elem().Kind() == reflect.Interface {
 		r := reflect.ValueOf(rawValue).
-			Convert(reflect.TypeOf((map[string]interface{})(nil))).
-			Interface().(map[string]interface{})
+			Convert(reflect.TypeFor[map[string]any]()).
+			Interface().(map[string]any)

 		for k, v := range r {
 			switch tv := v.(type) {
 			case string:
 				labels[root+"."+k] = tv
-			case []interface{}:
+			case []any:
 				for i, e := range tv {
 					encodeRawValue(labels, fmt.Sprintf("%s.%s[%d]", root, k, i), e)
 				}
@@ -72,10 +72,7 @@ func pagination(request *http.Request, maximum int) (pageInfo, error) {
 		return pageInfo{}, fmt.Errorf("invalid request: page: %d, per_page: %d", page, perPage)
 	}

-	endIndex := startIndex + perPage
-	if endIndex >= maximum {
-		endIndex = maximum
-	}
+	endIndex := min(startIndex+perPage, maximum)

 	nextPage := 1
 	if page*perPage < maximum {
@@ -15,7 +15,7 @@ func init() {
 	expvar.Publish("Goroutines2", expvar.Func(goroutines))
 }

-func goroutines() interface{} {
+func goroutines() any {
 	return runtime.NumGoroutine()
 }

@@ -30,6 +30,7 @@ func writeError(rw http.ResponseWriter, msg string, code int) {

 type serviceInfoRepresentation struct {
 	*runtime.ServiceInfo
+
 	ServerStatus map[string]string `json:"serverStatus,omitempty"`
 }

@@ -147,12 +148,12 @@ func getProviderName(id string) string {
 	return strings.SplitN(id, "@", 2)[1]
 }

-func extractType(element interface{}) string {
+func extractType(element any) string {
 	v := reflect.ValueOf(element).Elem()
 	for i := range v.NumField() {
 		field := v.Field(i)

-		if field.Kind() == reflect.Map && field.Type().Elem() == reflect.TypeOf(dynamic.PluginConf{}) {
+		if field.Kind() == reflect.Map && field.Type().Elem() == reflect.TypeFor[dynamic.PluginConf]() {
 			if keys := field.MapKeys(); len(keys) == 1 {
 				return keys[0].String()
 			}
@@ -15,6 +15,7 @@ import (

 type entryPointRepresentation struct {
 	*static.EntryPoint
+
 	Name string `json:"name,omitempty"`
 }

@@ -235,7 +235,7 @@ func TestHandler_EntryPoints(t *testing.T) {
 			require.NoError(t, err)

 			if *updateExpected {
-				var results interface{}
+				var results any
 				err := json.Unmarshal(contents, &results)
 				require.NoError(t, err)

@@ -17,6 +17,7 @@ import (

 type routerRepresentation struct {
 	*runtime.RouterInfo
+
 	Name     string `json:"name,omitempty"`
 	Provider string `json:"provider,omitempty"`
 }
@@ -35,6 +36,7 @@ func newRouterRepresentation(name string, rt *runtime.RouterInfo) routerRepresen

 type serviceRepresentation struct {
 	*runtime.ServiceInfo
+
 	ServerStatus map[string]string `json:"serverStatus,omitempty"`
 	Name         string            `json:"name,omitempty"`
 	Provider     string            `json:"provider,omitempty"`
@@ -53,6 +55,7 @@ func newServiceRepresentation(name string, si *runtime.ServiceInfo) serviceRepre

 type middlewareRepresentation struct {
 	*runtime.MiddlewareInfo
+
 	Name     string `json:"name,omitempty"`
 	Provider string `json:"provider,omitempty"`
 	Type     string `json:"type,omitempty"`
@@ -950,7 +950,7 @@ func TestHandler_HTTP(t *testing.T) {
 			require.NoError(t, err)

 			if *updateExpected {
-				var results interface{}
+				var results any
 				err := json.Unmarshal(contents, &results)
 				require.NoError(t, err)

@@ -232,7 +232,7 @@ func getProviders(conf static.Configuration) []string {
 			if !field.IsNil() {
 				providers = append(providers, v.Type().Field(i).Name)
 			}
-		} else if field.Kind() == reflect.Map && field.Type().Elem() == reflect.TypeOf(static.PluginConf{}) {
+		} else if field.Kind() == reflect.Map && field.Type().Elem() == reflect.TypeFor[static.PluginConf]() {
 			for _, value := range field.MapKeys() {
 				providers = append(providers, "plugin-"+value.String())
 			}
@@ -243,7 +243,7 @@ func TestHandler_Overview(t *testing.T) {
 					Rest:              &rest.Provider{},
 					Rancher:           &rancher.Provider{},
 					Plugin: map[string]static.PluginConf{
-						"test": map[string]interface{}{},
+						"test": map[string]any{},
 					},
 				},
 			},
@@ -298,7 +298,7 @@ func TestHandler_Overview(t *testing.T) {
 			require.NoError(t, err)

 			if *updateExpected {
-				var results interface{}
+				var results any
 				err := json.Unmarshal(contents, &results)
 				require.NoError(t, err)

@@ -16,6 +16,7 @@ import (

 type tcpRouterRepresentation struct {
 	*runtime.TCPRouterInfo
+
 	Name     string `json:"name,omitempty"`
 	Provider string `json:"provider,omitempty"`
 }
@@ -30,6 +31,7 @@ func newTCPRouterRepresentation(name string, rt *runtime.TCPRouterInfo) tcpRoute

 type tcpServiceRepresentation struct {
 	*runtime.TCPServiceInfo
+
 	Name     string `json:"name,omitempty"`
 	Provider string `json:"provider,omitempty"`
 	Type     string `json:"type,omitempty"`
@@ -46,6 +48,7 @@ func newTCPServiceRepresentation(name string, si *runtime.TCPServiceInfo) tcpSer

 type tcpMiddlewareRepresentation struct {
 	*runtime.TCPMiddlewareInfo
+
 	Name     string `json:"name,omitempty"`
 	Provider string `json:"provider,omitempty"`
 	Type     string `json:"type,omitempty"`
@@ -821,7 +821,7 @@ func TestHandler_TCP(t *testing.T) {
 			require.NoError(t, err)

 			if *updateExpected {
-				var results interface{}
+				var results any
 				err := json.Unmarshal(contents, &results)
 				require.NoError(t, err)

@@ -178,7 +178,7 @@ func TestHandler_GetMiddleware(t *testing.T) {
 		middlewareName string
 		conf           runtime.Configuration
 		expectedStatus int
-		expected       interface{}
+		expected       any
 	}{
 		{
 			desc:           "Middleware not found",
@@ -16,6 +16,7 @@ import (

 type udpRouterRepresentation struct {
 	*runtime.UDPRouterInfo
+
 	Name     string `json:"name,omitempty"`
 	Provider string `json:"provider,omitempty"`
 }
@@ -30,6 +31,7 @@ func newUDPRouterRepresentation(name string, rt *runtime.UDPRouterInfo) udpRoute

 type udpServiceRepresentation struct {
 	*runtime.UDPServiceInfo
+
 	Name     string `json:"name,omitempty"`
 	Provider string `json:"provider,omitempty"`
 	Type     string `json:"type,omitempty"`
@@ -560,7 +560,7 @@ func TestHandler_UDP(t *testing.T) {
 			require.NoError(t, err)

 			if *updateExpected {
-				var results interface{}
+				var results any
 				err := json.Unmarshal(contents, &results)
 				require.NoError(t, err)

@@ -63,7 +63,7 @@ func (f *FileLoader) Load(args []string, cmd *cli.Command) (bool, error) {

 // loadConfigFiles tries to decode the given configuration file and all default locations for the configuration file.
 // It stops as soon as decoding one of them is successful.
-func loadConfigFiles(configFile string, element interface{}) (string, error) {
+func loadConfigFiles(configFile string, element any) (string, error) {
 	finder := cli.Finder{
 		BasePaths:  []string{"/etc/traefik/traefik", "$XDG_CONFIG_HOME/traefik", "$HOME/.config/traefik", "./traefik"},
 		Extensions: []string{"toml", "yaml", "yml"},
@@ -18,7 +18,7 @@ const (
 )

 // Hydrate hydrates a configuration.
-func Hydrate(element interface{}) error {
+func Hydrate(element any) error {
 	field := reflect.ValueOf(element)
 	return fill(field)
 }
@@ -55,7 +55,7 @@ func fill(field reflect.Value) error {
 		setTyped(field, int32(defaultNumber))
 	case reflect.Int64:
 		switch field.Type() {
-		case reflect.TypeOf(types.Duration(time.Second)):
+		case reflect.TypeFor[types.Duration]():
 			setTyped(field, types.Duration(defaultNumber*time.Second))
 		default:
 			setTyped(field, int64(defaultNumber))
@@ -81,7 +81,7 @@ func fill(field reflect.Value) error {
 	return nil
 }

-func setTyped(field reflect.Value, i interface{}) {
+func setTyped(field reflect.Value, i any) {
 	baseValue := reflect.ValueOf(i)
 	if field.Kind().String() == field.Type().String() {
 		field.Set(baseValue)
@@ -21,7 +21,7 @@ func TestDeepCopy(t *testing.T) {

 	cfgDeepCopy := cfg.DeepCopy()
 	assert.NotEqual(t, reflect.ValueOf(cfgDeepCopy), reflect.ValueOf(cfg))
-	assert.Equal(t, reflect.TypeOf(cfgDeepCopy), reflect.TypeOf(cfg))
+	assert.Equal(t, reflect.TypeOf(cfgDeepCopy), reflect.TypeOf(cfg)) //nolint:modernize // Comparing runtime types of two values.
 	assert.Equal(t, cfgDeepCopy, cfg)

 	// Update cfg
@@ -32,6 +32,6 @@ func TestDeepCopy(t *testing.T) {
 	assert.Equal(t, cfgCopy, cfg)

 	assert.NotEqual(t, reflect.ValueOf(cfgDeepCopy), reflect.ValueOf(cfg))
-	assert.Equal(t, reflect.TypeOf(cfgDeepCopy), reflect.TypeOf(cfg))
+	assert.Equal(t, reflect.TypeOf(cfgDeepCopy), reflect.TypeOf(cfg)) //nolint:modernize // Comparing runtime types of two values.
 	assert.NotEqual(t, cfgDeepCopy, cfg)
 }
@@ -389,6 +389,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
 // IPWhiteList holds the IP whitelist middleware configuration.
 // This middleware limits allowed requests based on the client IP.
 // More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+//
 // Deprecated: please use IPAllowList instead.
 type IPWhiteList struct {
 	// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required.
@@ -44,11 +44,11 @@ func TestPluginConf_DeepCopy_mapOfStruct(t *testing.T) {
 }

 func TestPluginConf_DeepCopy_map(t *testing.T) {
-	m := map[string]interface{}{
+	m := map[string]any{
 		"name": "bar",
 	}
 	p := PluginConf{
-		"config": map[string]interface{}{
+		"config": map[string]any{
 			"foo": m,
 		},
 	}
@@ -64,7 +64,7 @@ func TestPluginConf_DeepCopy_map(t *testing.T) {

 func TestPluginConf_DeepCopy_panic(t *testing.T) {
 	p := &PluginConf{
-		"config": map[string]interface{}{
+		"config": map[string]any{
 			"foo": &Foo{Name: "gigi"},
 		},
 	}
@@ -26,6 +26,7 @@ type TCPInFlightConn struct {
 // TCPIPWhiteList holds the TCP IPWhiteList middleware configuration.
 // This middleware limits allowed requests based on the client IP.
 // More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
+//
 // Deprecated: please use IPAllowList instead.
 type TCPIPWhiteList struct {
 	// SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
@@ -13,7 +13,7 @@ import (
 // KV pairs -> tree of untyped nodes
 // untyped nodes -> nodes augmented with metadata such as kind (inferred from element)
 // "typed" nodes -> typed element.
-func Decode(pairs []*store.KVPair, element interface{}, rootName string) error {
+func Decode(pairs []*store.KVPair, element any, rootName string) error {
 	if element == nil {
 		return nil
 	}
@@ -34,7 +34,7 @@ func Decode(pairs []*store.KVPair, element interface{}, rootName string) error {
 	return parser.Fill(element, node, parser.FillerOpts{AllowSliceAsStruct: false})
 }

-func getRootFieldNames(rootName string, element interface{}) []string {
+func getRootFieldNames(rootName string, element any) []string {
 	if element == nil {
 		return nil
 	}
@@ -31,6 +31,6 @@ func EncodeConfiguration(conf *dynamic.Configuration) (map[string]string, error)

 // Decode converts the labels to an element.
 // labels -> [ node -> node + metadata (type) ] -> element (node).
-func Decode(labels map[string]string, element interface{}, filters ...string) error {
+func Decode(labels map[string]string, element any, filters ...string) error {
 	return parser.Decode(labels, element, parser.DefaultRootName, filters...)
 }
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"maps"
 	"slices"
 	"sort"
 	"sync"
@@ -72,6 +73,7 @@ func unique(src []string) []string {
 // RouterInfo holds information about a currently running HTTP router.
 type RouterInfo struct {
 	*dynamic.Router // dynamic configuration
+
 	// Err contains all the errors that occurred during router's creation.
 	Err []string `json:"error,omitempty"`
 	// Status reports whether the router is disabled, in a warning state, or all good (enabled).
@@ -84,10 +86,8 @@ type RouterInfo struct {
 // AddError adds err to r.Err, if it does not already exist.
 // If critical is set, r is marked as disabled.
 func (r *RouterInfo) AddError(err error, critical bool) {
-	for _, value := range r.Err {
-		if value == err.Error() {
-			return
-		}
+	if slices.Contains(r.Err, err.Error()) {
+		return
 	}

 	r.Err = append(r.Err, err.Error())
@@ -105,6 +105,7 @@ func (r *RouterInfo) AddError(err error, critical bool) {
 // MiddlewareInfo holds information about a currently running middleware.
 type MiddlewareInfo struct {
 	*dynamic.Middleware // dynamic configuration
+
 	// Err contains all the errors that occurred during service creation.
 	Err    []string `json:"error,omitempty"`
 	Status string   `json:"status,omitempty"`
@@ -114,10 +115,8 @@ type MiddlewareInfo struct {
 // AddError adds err to s.Err, if it does not already exist.
 // If critical is set, m is marked as disabled.
 func (m *MiddlewareInfo) AddError(err error, critical bool) {
-	for _, value := range m.Err {
-		if value == err.Error() {
-			return
-		}
+	if slices.Contains(m.Err, err.Error()) {
+		return
 	}

 	m.Err = append(m.Err, err.Error())
@@ -135,6 +134,7 @@ func (m *MiddlewareInfo) AddError(err error, critical bool) {
 // ServiceInfo holds information about a currently running service.
 type ServiceInfo struct {
 	*dynamic.Service // dynamic configuration
+
 	// Err contains all the errors that occurred during service creation.
 	Err []string `json:"error,omitempty"`
 	// Status reports whether the service is disabled, in a warning state, or all good (enabled).
@@ -150,10 +150,8 @@ type ServiceInfo struct {
 // AddError adds err to s.Err, if it does not already exist.
 // If critical is set, s is marked as disabled.
 func (s *ServiceInfo) AddError(err error, critical bool) {
-	for _, value := range s.Err {
-		if value == err.Error() {
-			return
-		}
+	if slices.Contains(s.Err, err.Error()) {
+		return
 	}

 	s.Err = append(s.Err, err.Error())
@@ -190,9 +188,5 @@ func (s *ServiceInfo) GetAllStatus() map[string]string {
 		return nil
 	}

-	allStatus := make(map[string]string, len(s.serverStatus))
-	for k, v := range s.serverStatus {
-		allStatus[k] = v
-	}
-	return allStatus
+	return maps.Clone(s.serverStatus)
 }
@@ -47,8 +47,9 @@ func (c *Configuration) GetTCPRoutersByEntryPoints(ctx context.Context, entryPoi

 // TCPRouterInfo holds information about a currently running TCP router.
 type TCPRouterInfo struct {
-	*dynamic.TCPRouter          // dynamic configuration
-	Err                []string `json:"error,omitempty"` // initialization error
+	*dynamic.TCPRouter // dynamic configuration
+
+	Err []string `json:"error,omitempty"` // initialization error
 	// Status reports whether the router is disabled, in a warning state, or all good (enabled).
 	// If not in "enabled" state, the reason for it should be in the list of Err.
 	// It is the caller's responsibility to set the initial status.
@@ -59,10 +60,8 @@ type TCPRouterInfo struct {
 // AddError adds err to r.Err, if it does not already exist.
 // If critical is set, r is marked as disabled.
 func (r *TCPRouterInfo) AddError(err error, critical bool) {
-	for _, value := range r.Err {
-		if value == err.Error() {
-			return
-		}
+	if slices.Contains(r.Err, err.Error()) {
+		return
 	}

 	r.Err = append(r.Err, err.Error())
@@ -79,8 +78,9 @@ func (r *TCPRouterInfo) AddError(err error, critical bool) {

 // TCPServiceInfo holds information about a currently running TCP service.
 type TCPServiceInfo struct {
-	*dynamic.TCPService          // dynamic configuration
-	Err                 []string `json:"error,omitempty"` // initialization error
+	*dynamic.TCPService // dynamic configuration
+
+	Err []string `json:"error,omitempty"` // initialization error
 	// Status reports whether the service is disabled, in a warning state, or all good (enabled).
 	// If not in "enabled" state, the reason for it should be in the list of Err.
 	// It is the caller's responsibility to set the initial status.
@@ -91,10 +91,8 @@ type TCPServiceInfo struct {
 // AddError adds err to s.Err, if it does not already exist.
 // If critical is set, s is marked as disabled.
 func (s *TCPServiceInfo) AddError(err error, critical bool) {
-	for _, value := range s.Err {
-		if value == err.Error() {
-			return
-		}
+	if slices.Contains(s.Err, err.Error()) {
+		return
 	}

 	s.Err = append(s.Err, err.Error())
@@ -112,6 +110,7 @@ func (s *TCPServiceInfo) AddError(err error, critical bool) {
 // TCPMiddlewareInfo holds information about a currently running middleware.
 type TCPMiddlewareInfo struct {
 	*dynamic.TCPMiddleware // dynamic configuration
+
 	// Err contains all the errors that occurred during service creation.
 	Err    []string `json:"error,omitempty"`
 	Status string   `json:"status,omitempty"`
@@ -121,10 +120,8 @@ type TCPMiddlewareInfo struct {
 // AddError adds err to s.Err, if it does not already exist.
 // If critical is set, m is marked as disabled.
 func (m *TCPMiddlewareInfo) AddError(err error, critical bool) {
-	for _, value := range m.Err {
-		if value == err.Error() {
-			return
-		}
+	if slices.Contains(m.Err, err.Error()) {
+		return
 	}

 	m.Err = append(m.Err, err.Error())
@@ -53,8 +53,9 @@ func (c *Configuration) GetUDPRoutersByEntryPoints(ctx context.Context, entryPoi

 // UDPRouterInfo holds information about a currently running UDP router.
 type UDPRouterInfo struct {
-	*dynamic.UDPRouter          // dynamic configuration
-	Err                []string `json:"error,omitempty"` // initialization error
+	*dynamic.UDPRouter // dynamic configuration
+
+	Err []string `json:"error,omitempty"` // initialization error
 	// Status reports whether the router is disabled, in a warning state, or all good (enabled).
 	// If not in "enabled" state, the reason for it should be in the list of Err.
 	// It is the caller's responsibility to set the initial status.
@@ -65,10 +66,8 @@ type UDPRouterInfo struct {
 // AddError adds err to r.Err, if it does not already exist.
 // If critical is set, r is marked as disabled.
 func (r *UDPRouterInfo) AddError(err error, critical bool) {
-	for _, value := range r.Err {
-		if value == err.Error() {
-			return
-		}
+	if slices.Contains(r.Err, err.Error()) {
+		return
 	}

 	r.Err = append(r.Err, err.Error())
@@ -85,8 +84,9 @@ func (r *UDPRouterInfo) AddError(err error, critical bool) {

 // UDPServiceInfo holds information about a currently running UDP service.
 type UDPServiceInfo struct {
-	*dynamic.UDPService          // dynamic configuration
-	Err                 []string `json:"error,omitempty"` // initialization error
+	*dynamic.UDPService // dynamic configuration
+
+	Err []string `json:"error,omitempty"` // initialization error
 	// Status reports whether the service is disabled, in a warning state, or all good (enabled).
 	// If not in "enabled" state, the reason for it should be in the list of Err.
 	// It is the caller's responsibility to set the initial status.
@@ -97,10 +97,8 @@ type UDPServiceInfo struct {
 // AddError adds err to s.Err, if it does not already exist.
 // If critical is set, s is marked as disabled.
 func (s *UDPServiceInfo) AddError(err error, critical bool) {
-	for _, value := range s.Err {
-		if value == err.Error() {
-			return
-		}
+	if slices.Contains(s.Err, err.Error()) {
+		return
 	}

 	s.Err = append(s.Err, err.Error())
@@ -1,4 +1,4 @@
 package static

 // PluginConf holds the plugin configuration.
-type PluginConf map[string]interface{}
+type PluginConf map[string]any
@@ -295,20 +295,6 @@ func (c *Configuration) SetEffectiveConfiguration() {
 	c.initACMEProvider()
 }

-func (c *Configuration) hasUserDefinedEntrypoint() bool {
-	return len(c.EntryPoints) != 0
-}
-
-func (c *Configuration) initACMEProvider() {
-	for _, resolver := range c.CertificatesResolvers {
-		if resolver.ACME != nil {
-			resolver.ACME.CAServer = getSafeACMECAServer(resolver.ACME.CAServer)
-		}
-	}
-
-	legolog.Logger = stdlog.New(log.WithoutContext().WriterLevel(logrus.DebugLevel), "legolog: ", 0)
-}
-
 // ValidateConfiguration validate that configuration is coherent.
 func (c *Configuration) ValidateConfiguration() error {
 	var acmeEmail string
@@ -342,6 +328,20 @@ func (c *Configuration) ValidateConfiguration() error {
 	return nil
 }

+func (c *Configuration) hasUserDefinedEntrypoint() bool {
+	return len(c.EntryPoints) != 0
+}
+
+func (c *Configuration) initACMEProvider() {
+	for _, resolver := range c.CertificatesResolvers {
+		if resolver.ACME != nil {
+			resolver.ACME.CAServer = getSafeACMECAServer(resolver.ACME.CAServer)
+		}
+	}
+
+	legolog.Logger = stdlog.New(log.WithoutContext().WriterLevel(logrus.DebugLevel), "legolog: ", 0)
+}
+
 func getSafeACMECAServer(caServerSrc string) string {
 	if len(caServerSrc) == 0 {
 		return DefaultAcmeCAServer
@@ -82,10 +82,19 @@ type backendURL struct {
 // BackendConfig HealthCheck configuration for a backend.
 type BackendConfig struct {
 	Options
+
 	name         string
 	disabledURLs []backendURL
 }

+// NewBackendConfig Instantiate a new BackendConfig.
+func NewBackendConfig(options Options, backendName string) *BackendConfig {
+	return &BackendConfig{
+		Options: options,
+		name:    backendName,
+	}
+}
+
 func (b *BackendConfig) newRequest(serverURL *url.URL) (*http.Request, error) {
 	u, err := serverURL.Parse(b.Path)
 	if err != nil {
@@ -236,14 +245,6 @@ func newHealthCheck(registry metrics.Registry) *HealthCheck {
 	}
 }

-// NewBackendConfig Instantiate a new BackendConfig.
-func NewBackendConfig(options Options, backendName string) *BackendConfig {
-	return &BackendConfig{
-		Options: options,
-		name:    backendName,
-	}
-}
-
 // checkHealth returns a nil error in case it was successful and otherwise
 // a non-nil error with a meaningful description why the health check failed.
 func checkHealth(serverURL *url.URL, backend *BackendConfig) error {
@@ -286,6 +287,16 @@ type StatusUpdater interface {
 	RegisterStatusUpdater(fn func(up bool)) error
 }

+// LbStatusUpdater wraps a BalancerHandler and a ServiceInfo,
+// so it can keep track of the status of a server in the ServiceInfo.
+type LbStatusUpdater struct {
+	BalancerHandler
+
+	serviceInfo      *runtime.ServiceInfo // can be nil
+	updaters         []func(up bool)
+	wantsHealthCheck bool
+}
+
 // NewLBStatusUpdater returns a new LbStatusUpdater.
 func NewLBStatusUpdater(bh BalancerHandler, info *runtime.ServiceInfo, hc *dynamic.ServerHealthCheck) *LbStatusUpdater {
 	return &LbStatusUpdater{
@@ -295,15 +306,6 @@ func NewLBStatusUpdater(bh BalancerHandler, info *runtime.ServiceInfo, hc *dynam
 	}
 }

-// LbStatusUpdater wraps a BalancerHandler and a ServiceInfo,
-// so it can keep track of the status of a server in the ServiceInfo.
-type LbStatusUpdater struct {
-	BalancerHandler
-	serviceInfo      *runtime.ServiceInfo // can be nil
-	updaters         []func(up bool)
-	wantsHealthCheck bool
-}
-
 // RegisterStatusUpdater adds fn to the list of hooks that are run when the
 // status of the Balancer changes.
 // Not thread safe.
@@ -128,12 +128,10 @@ func TestSetBackendsConfiguration(t *testing.T) {
 			}

 			wg := sync.WaitGroup{}
-			wg.Add(1)

-			go func() {
+			wg.Go(func() {
 				check.execute(ctx, backend)
-				wg.Done()
-			}()
+			})

 			// Make test timeout dependent on number of expected requests, health
 			// check interval, and a safety margin.
@@ -456,6 +454,7 @@ type testLoadBalancer struct {
 	// RWMutex needed due to parallel test execution: Both the system-under-test
 	// and the test assertions reference the counters.
 	*sync.RWMutex
+
 	numRemovedServers  int
 	numUpsertedServers int
 	servers            []*url.URL
@@ -598,12 +597,9 @@ func TestNotFollowingRedirects(t *testing.T) {
 	}

 	wg := sync.WaitGroup{}
-	wg.Add(1)
-
-	go func() {
+	wg.Go(func() {
 		check.execute(ctx, backend)
-		wg.Done()
-	}()
+	})

 	timeout := time.Duration(int(healthCheckInterval) + 500)
 	select {
@@ -17,6 +17,7 @@ const (
 // If operation() takes more than MinJobInterval, Reset() is called in NextBackOff().
 type BackOff struct {
 	*backoff.ExponentialBackOff
+
 	MinJobInterval time.Duration
 }

@@ -9,68 +9,79 @@ import (
 )

 // Debug logs a message at level Debug on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Debug(...) instead.
-func Debug(args ...interface{}) {
+func Debug(args ...any) {
 	mainLogger.Debug(args...)
 }

 // Debugf logs a message at level Debug on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Debugf(...) instead.
-func Debugf(format string, args ...interface{}) {
+func Debugf(format string, args ...any) {
 	mainLogger.Debugf(format, args...)
 }

 // Info logs a message at level Info on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Info(...) instead.
-func Info(args ...interface{}) {
+func Info(args ...any) {
 	mainLogger.Info(args...)
 }

 // Infof logs a message at level Info on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Infof(...) instead.
-func Infof(format string, args ...interface{}) {
+func Infof(format string, args ...any) {
 	mainLogger.Infof(format, args...)
 }

 // Warn logs a message at level Warn on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Warn(...) instead.
-func Warn(args ...interface{}) {
+func Warn(args ...any) {
 	mainLogger.Warn(args...)
 }

 // Warnf logs a message at level Warn on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Warnf(...) instead.
-func Warnf(format string, args ...interface{}) {
+func Warnf(format string, args ...any) {
 	mainLogger.Warnf(format, args...)
 }

 // Error logs a message at level Error on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Error(...) instead.
-func Error(args ...interface{}) {
+func Error(args ...any) {
 	mainLogger.Error(args...)
 }

 // Errorf logs a message at level Error on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Errorf(...) instead.
-func Errorf(format string, args ...interface{}) {
+func Errorf(format string, args ...any) {
 	mainLogger.Errorf(format, args...)
 }

 // Panic logs a message at level Panic on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Panic(...) instead.
-func Panic(args ...interface{}) {
+func Panic(args ...any) {
 	mainLogger.Panic(args...)
 }

 // Fatal logs a message at level Fatal on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Fatal(...) instead.
-func Fatal(args ...interface{}) {
+func Fatal(args ...any) {
 	mainLogger.Fatal(args...)
 }

 // Fatalf logs a message at level Fatal on the standard logger.
+//
 // Deprecated: use log.FromContext(ctx).Fatalf(...) instead.
-func Fatalf(format string, args ...interface{}) {
+func Fatalf(format string, args ...any) {
 	mainLogger.Fatalf(format, args...)
 }

@@ -84,7 +95,7 @@ func AddHook(hook logrus.Hook) {
 func CustomWriterLevel(level logrus.Level, maxScanTokenSize int) *io.PipeWriter {
 	reader, writer := io.Pipe()

-	var printFunc func(args ...interface{})
+	var printFunc func(args ...any)

 	switch level {
 	case logrus.DebugLevel:
@@ -111,7 +122,7 @@ func CustomWriterLevel(level logrus.Level, maxScanTokenSize int) *io.PipeWriter

 // extract from github.com/Sirupsen/logrus/writer.go
 // Hack the buffer size.
-func writerScanner(reader io.ReadCloser, scanTokenSize int, printFunc func(args ...interface{})) {
+func writerScanner(reader io.ReadCloser, scanTokenSize int, printFunc func(args ...any)) {
 	scanner := bufio.NewScanner(reader)

 	if scanTokenSize > bufio.MaxScanTokenSize {
@@ -58,7 +58,7 @@ func RegisterDatadog(ctx context.Context, config *types.Datadog) Registry {
 		config.Prefix = defaultMetricsPrefix
 	}

-	datadogClient = dogstatsd.New(config.Prefix+".", kitlog.LoggerFunc(func(keyvals ...interface{}) error {
+	datadogClient = dogstatsd.New(config.Prefix+".", kitlog.LoggerFunc(func(keyvals ...any) error {
 		log.WithoutContext().WithField(log.MetricsProviderName, "datadog").Info(keyvals...)
 		return nil
 	}))
@@ -36,16 +36,16 @@ func (c MultiCounterWithHeaders) With(headers http.Header, labelValues ...string
 	return next
 }

-// NewCounterWithNoopHeaders returns a CounterWithNoopHeaders.
-func NewCounterWithNoopHeaders(counter metrics.Counter) CounterWithNoopHeaders {
-	return CounterWithNoopHeaders{counter: counter}
-}
-
 // CounterWithNoopHeaders is a counter that satisfies CounterWithHeaders but ignores the given http.Header.
 type CounterWithNoopHeaders struct {
 	counter metrics.Counter
 }

+// NewCounterWithNoopHeaders returns a CounterWithNoopHeaders.
+func NewCounterWithNoopHeaders(counter metrics.Counter) CounterWithNoopHeaders {
+	return CounterWithNoopHeaders{counter: counter}
+}
+
 // Add adds the given delta value to the counter value.
 func (c CounterWithNoopHeaders) Add(delta float64) {
 	c.counter.Add(delta)
@@ -147,7 +147,7 @@ func initInfluxDBClient(ctx context.Context, config *types.InfluxDB) *influx.Inf
 			Database:        config.Database,
 			RetentionPolicy: config.RetentionPolicy,
 		},
-		kitlog.LoggerFunc(func(keyvals ...interface{}) error {
+		kitlog.LoggerFunc(func(keyvals ...any) error {
 			log.WithoutContext().WithField(log.MetricsProviderName, "influxdb").Info(keyvals...)
 			return nil
 		}))
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Michael	7747b40310	Prepare release v2.11.37	2026-02-11 10:42:04 +01:00
Michael	72e2454e42	Cap TLS record length to RFC 8446 limit in ClientHello peeking	2026-02-11 09:22:04 +01:00
Romain	0beed101ec	Validate healthcheck path configuration Co-authored-by: Michael <michael.matur@gmail.com>	2026-02-10 14:52:05 +01:00
Romain	f1e850ae0b	Prepare release v2.11.36	2026-02-02 11:24:20 +01:00
Jesper Noordsij	c320bb4adb	Bump to go1.25	2026-01-30 17:30:05 +01:00
Michael	ed990f279a	Upgrade github action versions	2026-01-27 11:20:10 +01:00
Rémi BUISSON	7e5ee8988e	chore: pin GitHub Actions to SHA hashes for supply chain security	2026-01-26 15:14:05 +01:00
Julien Salleyron	85cd5485b7	Avoid recursion with services	2026-01-26 10:28:04 +01:00
Gina A.	9ac5d3ac1c	Bump dependencies of documentation and webui	2026-01-22 12:10:07 +01:00
Romain	d675b163b3	Bump github.com/containerd/containerd to v1.7.29	2026-01-22 09:54:04 +01:00
Romain	7cb25da31c	Remove extra dots in migration guide	2026-01-20 15:40:05 +01:00
Michael	51343bc15f	Upgrade golangci-lint	2026-01-14 17:26:08 +01:00