deps: bump domainfront (h2), kindling, radiance

[myleshorton]

Final hop of the HTTP/2 fronting propagation
(domainfront#9 → kindling#40 → radiance#536 → here).

What

• radiance → v0.0.0-20260624010426-955f5cbfe595 (radiance#536)
• domainfront → v0.0.0-20260624004218-93591749d736 (domainfront#9, indirect)
• kindling → v0.0.0-20260624005117-737fcffe2860 (kindling#40, indirect)
• lantern-box → v0.0.95 (transitive — now required by radiance#536)

Why

domainfront#9 makes the fronted round trip ALPN-aware: when a CDN edge
negotiates HTTP/2 (CloudFront, Aliyun, …) the request is framed as HTTP/2
instead of sending HTTP/1.1 over the h2 connection and failing with
malformed HTTP response "\x00\x00\x12\x04...". This carries that fix into
the client through radiance.

Notes

• API-compatible — domainfront's public surface is unchanged.
• Ran go mod tidy and committed go.mod + go.sum together, so gomobile
  resolves lantern-box v0.0.95 rather than a stale pin (go.sum carries both
  the h1: and /go.mod hashes).

Verification

Full Go build under the CI tag set (CGO_ENABLED=1,
with_gvisor,with_quic,with_wireguard,with_utls,with_grpc,with_conntrack),
go vet, and lantern-core tests all pass.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated project dependencies to the latest compatible versions to maintain system stability and performance.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 68215cc2-167d-4658-a320-69deef34151e

📥 Commits

Reviewing files that changed from the base of the PR and between 718a9a0 and d69882d.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

---

📝 Walkthrough

Walkthrough

Updates go.mod by bumping github.com/getlantern/radiance to a newer commit in the replace block, and advancing github.com/getlantern/domainfront, github.com/getlantern/kindling, and github.com/getlantern/lantern-box to newer versions in the require indirect block.

Changes

Dependency Version Bumps

Layer / File(s)	Summary
go.mod indirect dependency updates go.mod	radiance replace entry and domainfront, kindling, lantern-box require entries are advanced to newer commit versions; keepcurrent is unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐇 Hop, hop, a version leap!
Four modules updated from their sleep,
Radiance shines with a newer hash,
Domainfront, kindling, lantern-box — dash!
The bunny nods, the go.mod is neat. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: bumping three key dependencies (domainfront, kindling, and radiance) that are central to propagating an HTTP/2 fronting fix through the Lantern client.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fisk/bump-domainfront-h2

---

_{Comment @coderabbitai help to get the list of available commands.}

[Copilot]

Pull request overview

This PR updates Go module dependencies to propagate an HTTP/2 (ALPN-aware) domain-fronting fix into lantern via the radiance → kindling → domainfront chain, and aligns the module graph so lantern-box v0.0.95 is resolved as required by the updated radiance.

Changes:

• Bump github.com/getlantern/radiance to v0.0.0-20260624010426-955f5cbfe595.
• Update indirect dependencies domainfront and kindling, and add/update the transitive lantern-box pin to v0.0.95.
• Refresh go.sum to match the new module graph and checksums.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
go.mod	Updates direct/indirect module versions to bring in the ALPN-aware HTTP/2 fronting fixes via radiance and its transitive deps.
go.sum	Updates checksums to reflect the new versions resolved by go mod tidy.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.