chore(deps): bump github.com/traefik/traefik/v3 from 3.6.8 to 3.6.12 in /tests

[dependabot]

Bumps github.com/traefik/traefik/v3 from 3.6.8 to 3.6.12.

Release notes

Sourced from github.com/traefik/traefik/v3's releases.

v3.6.12

CVE fixed:

• CVE-2026-33433 (Advisory GHSA-qr99-7898-vr7c)
• CVE-2026-33186 (Advisory GHSA-46wh-3698-f2cx)

Bug fixes:

• [k8s/ingress-nginx] Fix auth-response-headers whitespace trimming in ingress-nginx provider (#12856 @​mmatur)
• [acme] Bump github.com/go-acme/lego/v4 to v4.33.0 (#12840 @​ldez)
• [server] Fix comment and unnecessary allocation in withRoutingPath (#12880 @​boinger)
• [server, tcp] Fix postgres STARTTLS with TLS termination (#12847 @​mmatur)
• [api] Fix allow colons and tildes in api.basePath validation (#12857 @​mmatur)
• [grpc] Bump google.golang.org/grpc to v1.79.3 (#12845 @​mmatur)
• [middleware, authentication] Prevent duplicate user headers in basic and digest auth middleware (#12851 @​juliens)
• [middleware] Fix StripPrefix and StripPrefixRegex to slice the prefix using encoded prefix length (#12863 @​gndz07)

Documentation:

• [acme] Clarify CNAME explanation in ACME Documentation (#12818 @​sheddy-traefik)
• [k8s/ingress-nginx] Add ingress-nginx migration banner on documentation pages (#12872 @​gndz07)
• [k8s/ingress-nginx] Clarify that NGINX Ingress watchNamespace watches only one namespace (#12873 @​parkerfath)
• [k8s/ingress] Improve Kubernetes Ingress Routing Documentation (#12876 @​sheddy-traefik)

v3.6.11

CVE fixed:

• CVE-2026-32595 (Advisory GHSA-g3hg-j4jv-cwfr)
• CVE-2026-32305 (Advisory GHSA-wvvq-wgcr-9q48)
• CVE-2026-32695 (Advisory GHSA-67jx-r9pv-98rj)

Bug fixes:

• [logs, otel] Add OTel-conformant trace context attributes to access logs (#12801 @​mmatur)
• [k8s/gatewayapi] Fix incorrect hostname matching between listener and route (#12599 @​TheColorman)
• [k8s/ingress] Fix ingress router's rule (#12808 @​gndz07)
• [webui] Remove AGPL license in code (#12799 @​Desel72)
• [k8s/ingress-nginx] Fix proxy-ssl-verify annotation (#12825 @​LBF38)
• [http] Add maxResponseBodySize configuration on HTTP provider (#12788 @​gndz07)
• [tls] Support fragmented TLS client hello (#12787 @​rtribotte)
• [middleware, authentication] Make basic auth check timing constant (#12803 @​rtribotte)

Documentation:

• [k8s] Improve the multi tenant security note (#12822 @​nmengin)
• Fix unnecessary escaping of pipe in regexp examples (#12784 @​diegmonti)
• Add vulnerability submission quality guidelines (#12807 @​emilevauge)
• Fix start up message format (#12806 @​mloiseleur)
• Remove unsupported servers[n].address from TCP label examples (#12817 @​sheddy-traefik)
• Bump mkdocs-traefiklabs to use consent mode (#12804 @​darkweaver87)

v3.6.10

CVE fixed:

• CVE-2026-29777 (Advisory GHSA-8q2w-wr49-whqj)
• CVE-2026-27141 (Advisory GHSA-4hjq-9h5c-252j)

... (truncated)

Changelog

Sourced from github.com/traefik/traefik/v3's changelog.

v3.6.12 (2026-03-26)

All Commits

Bug fixes:

• [k8s/ingress-nginx] Fix auth-response-headers whitespace trimming in ingress-nginx provider (#12856 @​mmatur)
• [acme] Bump github.com/go-acme/lego/v4 to v4.33.0 (#12840 @​ldez)
• [server] Fix comment and unnecessary allocation in withRoutingPath (#12880 @​boinger)
• [server, tcp] Fix postgres STARTTLS with TLS termination (#12847 @​mmatur)
• [api] Fix allow colons and tildes in api.basePath validation (#12857 @​mmatur)
• [grpc] Bump google.golang.org/grpc to v1.79.3 (#12845 @​mmatur)
• [middleware, authentication] Prevent duplicate user headers in basic and digest auth middleware (#12851 @​juliens)
• [middleware] Fix StripPrefix and StripPrefixRegex to slice the prefix using encoded prefix length (#12863 @​gndz07)

Documentation:

• [acme] Clarify CNAME explanation in ACME Documentation (#12818 @​sheddy-traefik)
• [k8s/ingress-nginx] Add ingress-nginx migration banner on documentation pages (#12872 @​gndz07)
• [k8s/ingress-nginx] Clarify that NGINX Ingress watchNamespace watches only one namespace (#12873 @​parkerfath)
• [k8s/ingress] Improve Kubernetes Ingress Routing Documentation (#12876 @​sheddy-traefik)

v3.6.11 (2026-03-19)

All Commits

Bug fixes:

• [logs, otel] Add OTel-conformant trace context attributes to access logs (#12801 @​mmatur)
• [k8s/gatewayapi] Fix incorrect hostname matching between listener and route (#12599 @​TheColorman)
• [k8s/ingress] Fix ingress router's rule (#12808 @​gndz07)
• [webui] Remove AGPL license in code (#12799 @​Desel72)
• [k8s/ingress-nginx] Fix proxy-ssl-verify annotation (#12825 @​LBF38)
• [http] Add maxResponseBodySize configuration on HTTP provider (#12788 @​gndz07)
• [tls] Support fragmented TLS client hello (#12787 @​rtribotte)
• [middleware, authentication] Make basic auth check timing constant (#12803 @​rtribotte)

Documentation:

• [k8s] Improve the multi tenant security note (#12822 @​nmengin)
• Fix unnecessary escaping of pipe in regexp examples (#12784 @​diegmonti)
• Add vulnerability submission quality guidelines (#12807 @​emilevauge)
• Fix start up message format (#12806 @​mloiseleur)
• Remove unsupported servers[n].address from TCP label examples (#12817 @​sheddy-traefik)
• Bump mkdocs-traefiklabs to use consent mode (#12804 @​darkweaver87)

v2.11.42 (2026-03-26)

All Commits

Bug fixes:

• [grpc] Bump google.golang.org/grpc to v1.79.3 (#12845 @​mmatur)
• [middleware, authentication] Prevent duplicate user headers in basic and digest auth middleware (#12851 @​juliens)
• [middleware] Fix StripPrefix and StripPrefixRegex to slice the prefix using encoded prefix length (#12863 @​gndz07)

v2.11.41 (2026-03-18)

All Commits

... (truncated)

Commits

• b782bd3 Prepare release v3.6.12
• 1b2e824 Merge branch v2.11 into v3.6
• e4b2c64 Prepare release v2.11.42
• 7816ed8 Fix comment and unnecessary allocation in withRoutingPath
• 8eb4d34 Clarify doc: NGINX Ingress watchNamespace watches only one namespace
• cf29feb Improve Kubernetes Ingress Routing Documentation
• f5eb6c9 Remove hidden files in documentation
• 3c74d62 Add ingress-nginx migration banner on documentation pages
• 25ab6f4 Fix allow colons and tildes in api.basePath validation
• f19aaa7 Fix StripPrefix and StripPrefixRegex to slice the prefix using encoded prefix...
• Additional commits viewable in compare view

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ff166777-8cbf-45c5-bb0c-3801d7373462

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/tests/github.com/traefik/traefik/v3-3.6.12

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jentfoo]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[jentfoo]

@dependabot recreate