deps: bump the chainreactors group with 2 updates

[dependabot]

Bumps the chainreactors group with 2 updates: github.com/chainreactors/neutron and github.com/chainreactors/spray.

Updates github.com/chainreactors/neutron from 0.0.0-20260517173800-28516c3539a3 to 0.0.1

Commits

• See full diff in compare view

Updates github.com/chainreactors/spray from 1.2.6-0.20260518120729-f3f41e015ff5 to 1.2.6

Release notes

Sourced from github.com/chainreactors/spray's releases.

v1.2.6

Changelog

• [fix] 彻底修复生产环境 panic: send on closed channel 崩溃，使用 ctx 作为统一关闭信号，所有 channel 发送均通过 select + ctx.Done() 保护
• [fix] 修复 addAddition default 分支 wg 泄漏，移除 async goroutine 改为同步阻塞发送
• [fix] 修复 BrutePool.Close() 中 analyzeDone 条件写反导致忙等永不执行，替换为 handlerDone chan 机制
• [fix] 修复 processCh 从未关闭导致 Handler goroutine 永久泄漏，Close() 中正确关闭并等待 Handler 退出
• [fix] 修复 OutputCh/FuzzyCh/checkCh 裸发送在关闭时可能永久阻塞的问题
• [fix] 修复 doCrawl 孤儿 wg.Add(1) 无对应 wg.Done() 导致 wg 计数泄漏
• [fix] 修复 baseline.NewBaseline 中 raw response 重解析失败导致 baseline 被错误标记为无效的问题，Location 改从 live response 读取
• [ci] 新增 GitHub Actions CI，PR 时自动运行 go build + go test -race，覆盖 ubuntu 与 windows
• [test] 新增 19 个 pool 关闭回归测试，覆盖死锁、goroutine 泄漏、wg 不平衡、并发关闭等场景

Full Changelog: chainreactors/spray@v1.2.5...v1.2.6

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.

[dependabot]

The group that created this PR has been removed from your configuration.