build(go): Bump github.com/traefik/traefik/v3 from 3.4.5 to 3.6.7

[dependabot]

Bumps github.com/traefik/traefik/v3 from 3.4.5 to 3.6.7.

Release notes

Sourced from github.com/traefik/traefik/v3's releases.

v3.6.7

⚠️ Breaking change ⚠️ As explained in the comment left on the CVE-2025-66490 fix, this new hotfix version makes the behavior opt-in. As a result, this release is breaking compared to the previous hotfix versions since v3.6.4, but it restores by default the behavior that existed before that hotfix. Please, read the migration guide to enable the feature.

CVE fixed:

• CVE-2026-22045 (Advisory GHSA-cwjm-3f7h-9hwqj)

Bug fixes:

• [acme] Bump github.com/go-acme/lego/v4 to v4.31.0 (#12529 by ldez)
• [acme] Add missing renew options (#12467 by ldez)
• [acme] Replace hardcoded references to LetsEncrypt in log messages (#12464 by schildbach)
• [k8s/ingress-nginx] Fix use-regex nginx annotation (#12531 by LBF38)
• [k8s/ingress-nginx] Prevent Ingress Nginx provider http router to attach to an entrypoint with TLS (#12528 by rtribotte)
• [k8s/ingress] Fix panic for empty defaultBackend and defaultBackend without resources (#12509 by gndz07)
• [k8s] Fix condition used for serving and fenced endpoints (#12521 by LBF38)
• [webui] Validate X-Forwarded-Prefix value for dashboard redirect (#12514 by LBF38)
• [acme] Add timeout to ACME-TLS/1 challenge handshake (#12516 by LBF38)
• [server] Make encoded character options opt-in (#12540 by gndz07)

Documentation:

• [docker/swarm] Update swarm.md traefik version (#12508 by DBouraoui)
• [k8s/ingress-nginx] Fix ingress-nginx annotations documentation (#12510 by nmengin)
• [k8s] Fix Kubernetes reference yml file (#12406 by mmatur)
• Fix code copy button positioning (#12520 by AnuragEkkati)
• Fix typo in kubernetes.md (#12515 by EdwardSalkeld)
• Bring back security section on API & Dashboard documentation page (#12507 by gndz07)
• Fix link description in Traefik Proxy documentation (#12488 by schaerfo)
• Add product comparison matrix and features page (#12037 by sheddy-traefik)

Misc:

• Merge branch v2.11 into v3.6 (#12552 by rtribotte)
• Merge branch v2.11 into v3.6 (#12533 by mmatur)
• Merge branch v2.11 into v3.6 (#12497 by mmatur)

v3.6.6

Bug fixes:

• [acme] Bump github.com/go-acme/lego/v4 to v4.30.1 (#12432 by ldez)
• [http3] Bump github.com/quic-go/quic-go to v0.58.0 (#12448 by GreyXor)
• [redis] Fix mutually exclusive verification for Redis (#12442 by juliens)
• [server] Fix deny encoded characters (#12454 by rtribotte)

Documentation:

• [k8s/ingress,k8s] Fix Kubernetes Ingress provider documentation (#12443 by nmengin)
• [k8s/ingress-nginx] Add RBAC documentation for Ingress NGINX provider (#12445 by nmn3m)
• [k8s] Improve the K8S multi-tenancy security note (#12444 by nmengin)
• Restore documentation on http.maxHeaderBytes (#12440 by mloiseleur)
• Fix Menu Item Naming (#12431 by sheddy-traefik)

... (truncated)

Changelog

Sourced from github.com/traefik/traefik/v3's changelog.

v3.6.7 (2026-01-14)

All Commits

Bug fixes:

• [acme] Bump github.com/go-acme/lego/v4 to v4.31.0 (#12529 by ldez)
• [acme] Add missing renew options (#12467 by ldez)
• [acme] Replace hardcoded references to LetsEncrypt in log messages (#12464 by schildbach)
• [k8s/ingress-nginx] Fix use-regex nginx annotation (#12531 by LBF38)
• [k8s/ingress-nginx] Prevent Ingress Nginx provider http router to attach to an entrypoint with TLS (#12528 by rtribotte)
• [k8s/ingress] Fix panic for empty defaultBackend and defaultBackend without resources (#12509 by gndz07)
• [k8s] Fix condition used for serving and fenced endpoints (#12521 by LBF38)
• [webui] Validate X-Forwarded-Prefix value for dashboard redirect (#12514 by LBF38)
• [acme] Add timeout to ACME-TLS/1 challenge handshake (#12516 by LBF38)
• [server] Make encoded character options opt-in (#12540 by gndz07)

Documentation:

• [docker/swarm] Update swarm.md traefik version (#12508 by DBouraoui)
• [k8s/ingress-nginx] Fix ingress-nginx annotations documentation (#12510 by nmengin)
• [k8s] Fix Kubernetes reference yml file (#12406 by mmatur)
• Fix code copy button positioning (#12520 by AnuragEkkati)
• Fix typo in kubernetes.md (#12515 by EdwardSalkeld)
• Bring back security section on API & Dashboard documentation page (#12507 by gndz07)
• Fix link description in Traefik Proxy documentation (#12488 by schaerfo)
• Add product comparison matrix and features page (#12037 by sheddy-traefik)

Misc:

• Merge branch v2.11 into v3.6 (#12552 by rtribotte)
• Merge branch v2.11 into v3.6 (#12533 by mmatur)
• Merge branch v2.11 into v3.6 (#12497 by mmatur)

v2.11.35 (2026-01-14)

All Commits

Bug fixes:

• [acme] Add timeout to ACME-TLS/1 challenge handshake (#12516 by LBF38)
• [server] Make encoded character options opt-in (#12540 by gndz07)

v3.6.6 (2025-12-29)

All Commits

Bug fixes:

• [acme] Bump github.com/go-acme/lego/v4 to v4.30.1 (#12432 by ldez)
• [http3] Bump github.com/quic-go/quic-go to v0.58.0 (#12448 by GreyXor)
• [redis] Fix mutually exclusive verification for Redis (#12442 by juliens)
• [server] Fix deny encoded characters (#12454 by rtribotte)

Documentation:

• [k8s/ingress,k8s] Fix Kubernetes Ingress provider documentation (#12443 by nmengin)
• [k8s/ingress-nginx] Add RBAC documentation for Ingress NGINX provider (#12445 by nmn3m)
• [k8s] Improve the K8S multi-tenancy security note (#12444 by nmengin)

... (truncated)

Commits

• 1728364 Prepare release v3.6.7
• 8479d66 Merge branch v2.11 into v3.6
• 9e5d4ba Prepare release v2.11.35
• adf47fb Make encoded character options opt-in
• 794916a Update code generator
• 2e6dfba Fix condition used for serving and fenced endpoints
• ee265a8 Add Scarf Analytics to documentation
• 5a9f3e6 Replace markdown-include dependency with mkdocs-include-markdown-plugin
• fc67185 Replace markdown-include dependency with mkdocs-include-markdown-plugin
• d054299 Bump github.com/go-acme/lego/v4 to v4.31.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[borchero]

@copilot fix the CI issue

[Copilot]

@borchero I've opened a new pull request, #211, to work on those changes. Once the pull request is ready, I'll request review from you.