v8.16.0 Add an Option to Skip Webhook Signature Verification

What's Changed

✨ Add an Option to Skip Webhook Signature Verification

• Add option to skip signature verification by @habara-k in #595

With this release, developers can now optionally skip signature verification when parsing incoming webhook requests. This new capability is especially useful in scenarios where the channel secret may change, potentially causing temporary signature mismatches.

Example Usage:

opt := &webhook.ParseOption{
	SkipSignatureValidation: func() bool { return true },
}
cb, err := webhook.ParseRequestWithOption(os.Getenv("LINE_CHANNEL_SECRET"), req, opt)

When signature verification is skipped, the signatureValidator will not be invoked. This allows webhook requests to be processed even if their signatures do not match the current channel secret used for verification.

This feature is particularly helpful in high-availability systems where avoiding downtime or message loss during configuration updates is critical.

Dependency updates

• chore(deps): update actions/setup-node action to v5 by @renovate[bot] in #614
• chore(deps): update actions/setup-go action to v6 by @renovate[bot] in #613
• chore(deps): update actions/setup-python action to v6 by @renovate[bot] in #615
• chore(deps): update actions/stale action to v10 by @renovate[bot] in #616
• chore(deps): update actions/github-script action to v8 by @renovate[bot] in #618
• chore(deps): update dependency org.apache.maven.plugins:maven-shade-plugin to v3.6.1 by @renovate[bot] in #620
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.4 by @renovate[bot] in #621

Other Changes

• Set minimumReleaseAge to 7 days to avoid merge renovate PR quickly by @Yang-33 in #619
• Use github actor id instead of bot name to avoid renaming issues by @Yang-33 in #622

Full Changelog: v8.15.0...v8.15.1