Bump github.com/pb33f/libopenapi from 0.21.8 to 0.29.1

[dependabot]

Bumps github.com/pb33f/libopenapi from 0.21.8 to 0.29.1.

Release notes

Sourced from github.com/pb33f/libopenapi's releases.

v0.29.1

Adds additional 3.2 properties that I missed during dev, discovered when testing upstream.

Docs also available https://pb33f.io/libopenapi/what-changed/#configurable-breaking-change-rules

v0.29.0

Configurable Breaking Change Rules

New Feature

• Configurable breaking change detection - All breaking change rules are now configurable instead of hardcoded, allowing users to customize what is considered a breaking change for their use case

New Files

• breaking_rules.go - Core API functions (GenerateDefaultBreakingRules(), IsBreakingChange(), BreakingAdded/Modified/Removed())
• breaking_rules_model.go - Type definitions for all component rules (Schema, Operation, Parameter, etc.)
• breaking_rules_config.go - Configuration management with Merge() and IsBreaking() lookup methods
• breaking_rules_constants.go - Component and property name constants for type-safe lookups
• breaking_rules_test.go

Key Capabilities

• Global config API - SetActiveBreakingRulesConfig() / GetActiveBreakingRulesConfig() for setting custom rules
• Sparse overrides - Users only specify rules they want to change; defaults apply for everything else
• Merge functionality - Custom configs merge cleanly with defaults
• Thread-safe - Uses sync.RWMutex for concurrent access
• Cached defaults - sync.Once pattern for efficient default rule generation

Refactored Files (35+ model files)

All comparison functions now use configurable lookups instead of hardcoded booleans:

• schema.go, operation.go, parameter.go, path_item.go, paths.go
• header.go, media_type.go, response.go, responses.go, request_body.go
• security_scheme.go, security_requirement.go, oauth_flows.go, callback.go
• info.go, contact.go, license.go, tag.go, external_docs.go
• server.go, server_variable.go, link.go, encoding.go, discriminator.go, xml.go, example.go

Backward Compatibility

• Default behavior is unchanged - same rules as previously hardcoded
• No breaking changes to existing API
• Configuration is optional; if not set, defaults apply
• Swagger 2.0 rules remain hardcoded (OpenAPI 3.x only)

Other Changes

• Fixed issue #484
• Bumped go.yaml.in/yaml/v4 from 4.0.0-rc.2 to 4.0.0-rc.3
• Added edge case tests for various properties
• Improved path handling in what-changed

... (truncated)

Commits

• 7c76f00 Add some 3.2 props that got missed.
• 9f0cc9f fix: use native Go coverage to fix Go 1.23 compatibility
• 74d68a9 address coverage
• d7ac8b5 update deps
• 7186aa6 Added configurable breaking changes feature.
• 2c8adb6 remove that flaky test timing.
• 4a1600c Address issue #484
• 9bbc2b3 addressing coverage on new last ditch lookup
• 933e373 addressed copilot review
• a2bd341 fixing tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #288.