Configure Renovate - autoclosed

[renovate[bot]]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• docker/Dockerfile.build.ubuntu (dockerfile)
• docker/Dockerfile.hashcat.ubuntu (dockerfile)
• docker/Dockerfile.server.ubuntu (dockerfile)
• docker/Dockerfile.worker.ubuntu (dockerfile)
• go.mod (gomod)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Enable Renovate Dependency Dashboard creation.
• If Renovate detects semantic commits, it will use semantic commit type fix for dependencies and chore for all others.
• Ignore node_modules, bower_components, vendor and various test/tests directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• apollo-server packages became scoped.
• babel-eslint was renamed under the @babel scope.
• Replace containerbase dependencies.
• cucumber became scoped.
• fastify packages became scoped.
• hapi became scoped.
• Jade was renamed to Pug.
• joi became scoped under the hapi organization.
• joi was moved out of the hapi organization.
• The Kubernetes container registry has changed from k8s.gcr.io to registry.k8s.io.
• The Kubernetes container registry has changed from k8s.gcr.io to registry.k8s.io.
• The material-ui monorepo org was renamed from @material-ui to @mui.
• The messageformat monorepo package naming scheme changed from messageFormat-{{package}}-to-@messageformat/{{package}}.
• middie became scoped.
• now was renamed to vercel.
• @parcel/css was renamed to lightningcss.
• react-query/devtools became scoped under the tanstack organization.
• react-query became scoped under the tanstack organization.
• react-scripts supports TypeScript since version 2.1.0.
• The @renovate/pep440 package was renamed to @renovatebot/pep440.
• The node-resolve plugin for rollup became scoped.
• The vso-task-lib package is now published as azure-pipelines-task-lib.
• The vsts-task-lib package is now published as azure-pipelines-task-lib.
• The xmldom package is now published as @xmldom/xmldom.
• A collection of workarounds for known problems with packages.

🔡 Would you like to change the way Renovate is upgrading your dependencies? Simply edit the renovate.json in this branch with your custom config and the list of Pull Requests in the "What to Expect" section below will be updated the next time Renovate runs.

---

What to Expect

With your current configuration, Renovate will create 20 Pull Requests:

Update github.com/tankbusta/gzip digest to 9b22cb9

- Schedule: ["at any time"] - Branch name: `renovate/github.com-tankbusta-gzip-digest` - Merge into: `master` - Upgrade [github.com/tankbusta/gzip](https://togithub.com/tankbusta/gzip) to `9b22cb967bcc8481c9fe3ab99f70d715f88980f0`

Update module github.com/asdine/storm to v0.8.1

- Schedule: ["at any time"] - Branch name: `renovate/github.com-asdine-storm-0.x` - Merge into: `master` - Upgrade [github.com/asdine/storm](https://togithub.com/asdine/storm) to `2da548c16156b3197728372bff5614033084aff5`

Update module github.com/gin-contrib/cors to v1.4.0

- Schedule: ["at any time"] - Branch name: `renovate/github.com-gin-contrib-cors-1.x` - Merge into: `master` - Upgrade [github.com/gin-contrib/cors](https://togithub.com/gin-contrib/cors) to `v1.4.0`

Update module github.com/gin-gonic/gin to v1.9.0

- Schedule: ["at any time"] - Branch name: `renovate/github.com-gin-gonic-gin-1.x` - Merge into: `master` - Upgrade [github.com/gin-gonic/gin](https://togithub.com/gin-gonic/gin) to `v1.9.0`

Update module github.com/gorilla/csrf to v1.7.1

- Schedule: ["at any time"] - Branch name: `renovate/github.com-gorilla-csrf-1.x` - Merge into: `master` - Upgrade [github.com/gorilla/csrf](https://togithub.com/gorilla/csrf) to `v1.7.1`

Update module github.com/prometheus/client_golang to v0.12.1

- Schedule: ["at any time"] - Branch name: `renovate/github.com-prometheus-client_golang-0.x` - Merge into: `master` - Upgrade [github.com/prometheus/client_golang](https://togithub.com/prometheus/client_golang) to `v0.12.1`

Update module github.com/prometheus/client_model to v0.3.0

- Schedule: ["at any time"] - Branch name: `renovate/github.com-prometheus-client_model-0.x` - Merge into: `master` - Upgrade [github.com/prometheus/client_model](https://togithub.com/prometheus/client_model) to `63fb9822ca3ba7a4ba5184071fb8f2ea000a99ef`

Update module github.com/rs/zerolog to v1.29.0

- Schedule: ["at any time"] - Branch name: `renovate/github.com-rs-zerolog-1.x` - Merge into: `master` - Upgrade [github.com/rs/zerolog](https://togithub.com/rs/zerolog) to `v1.29.0`

Update module github.com/stretchr/testify to v1.8.2

- Schedule: ["at any time"] - Branch name: `renovate/github.com-stretchr-testify-1.x` - Merge into: `master` - Upgrade [github.com/stretchr/testify](https://togithub.com/stretchr/testify) to `v1.8.2`

Update module golang.org/x/crypto to v0.7.0

- Schedule: ["at any time"] - Branch name: `renovate/golang.org-x-crypto-0.x` - Merge into: `master` - Upgrade [golang.org/x/crypto](https://togithub.com/golang/crypto) to `776e461a4e6d8b372a43c72122c5c28cfc40dca2`

Update module gopkg.in/square/go-jose.v2 to v2.6.0

- Schedule: ["at any time"] - Branch name: `renovate/gopkg.in-square-go-jose.v2-2.x` - Merge into: `master` - Upgrade [gopkg.in/square/go-jose.v2](https://togithub.com/square/go-jose) to `v2.6.0`

Update module gopkg.in/yaml.v2 to v2.4.0

- Schedule: ["at any time"] - Branch name: `renovate/gopkg.in-yaml.v2-2.x` - Merge into: `master` - Upgrade [gopkg.in/yaml.v2](https://togithub.com/go-yaml/yaml) to `v2.4.0`

Update module github.com/asdine/storm to v2

- Schedule: ["at any time"] - Branch name: `renovate/github.com-asdine-storm-2.x` - Merge into: `master` - Upgrade [github.com/asdine/storm](https://togithub.com/asdine/storm) to `2da548c16156b3197728372bff5614033084aff5`

Update module github.com/fireeye/gocat to v6

- Schedule: ["at any time"] - Branch name: `renovate/github.com-fireeye-gocat-6.x` - Merge into: `master` - Upgrade [github.com/fireeye/gocat](https://togithub.com/fireeye/gocat) to `11276a85f3983da976cffd19d903446dceb97744`

Update module github.com/nightlyone/lockfile to v1

- Schedule: ["at any time"] - Branch name: `renovate/github.com-nightlyone-lockfile-1.x` - Merge into: `master` - Upgrade [github.com/nightlyone/lockfile](https://togithub.com/nightlyone/lockfile) to `d487ed8593d2cb7638cf901ff9fc48f62c9a902f`

Update module github.com/prometheus/client_golang to v1

- Schedule: ["at any time"] - Branch name: `renovate/github.com-prometheus-client_golang-1.x` - Merge into: `master` - Upgrade [github.com/prometheus/client_golang](https://togithub.com/prometheus/client_golang) to `v1.14.0`

Update module github.com/satori/go.uuid to v1

- Schedule: ["at any time"] - Branch name: `renovate/github.com-satori-go.uuid-1.x` - Merge into: `master` - Upgrade [github.com/satori/go.uuid](https://togithub.com/satori/go.uuid) to `f58768cc1a7a7e77a3bd49e98cdd21419399b6a3`

Update module gopkg.in/ldap.v2 to v3

- Schedule: ["at any time"] - Branch name: `renovate/gopkg.in-ldap.v2-3.x` - Merge into: `master` - Upgrade [gopkg.in/ldap.v2](https://togithub.com/go-ldap/ldap) to `v3.1.3`

Update module gopkg.in/yaml.v2 to v3

- Schedule: ["at any time"] - Branch name: `renovate/gopkg.in-yaml.v2-3.x` - Merge into: `master` - Upgrade [gopkg.in/yaml.v2](https://togithub.com/go-yaml/yaml) to `v3.0.1`

Update ubuntu Docker tag to v22

- Schedule: ["at any time"] - Branch name: `renovate/ubuntu-22.x` - Merge into: `master` - Upgrade ubuntu to `jammy`

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

⚠ Dependency Lookup Warnings ⚠

Please correct - or verify that you can safely ignore - these lookup failures before you merge this PR.

• Could not determine new digest for update (datasource: go)

Files affected: go.mod

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.

---

This PR has been generated by Mend Renovate. View repository job log here.

[viezly[bot]]

Pull request by bot. No need to analyze

[secure-code-warrior-for-github[bot]]

Micro-Learning Topic: Cross-site request forgery (Detected by phrase)

Matched on "csrf"

What is this? (2min video)

Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page.

Try a challenge in Secure Code Warrior

Helpful references

• Securing Rails Applications - Cross-Site Request Forgery (CSRF) - A Rails Guide that describes common security problems in web applications and how to avoid them with Rails.
• Spring Security - Cross Site Request Forgery (CSRF) - A Spring Security article that describes Spring support for protecting against Cross Site Request Forgery attacks.
• csurf Node.js CSRF protection middleware - Documentation on CSRF protection provided by the csurf middleware for Express.
• XSRF/CSRF Prevention in ASP.NET MVC and Web Pages - A detailed Microsoft article on how to prevent cross-site request forgery in ASP.NET MVC and Web Pages.
• Django Documentation - Cross Site Request Forgery protection - Documentation on CSRF protection provided by the Django framework.
• OWASP Cross-Site Request Forgery Prevention Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing cross-site request forgery flaws in your applications.
• Laravel Docs - CSRF Protection - Documentation on CSRF protection provided by the Laravel framework.
• OWASP Cross Site Request Forgery (CSRF) - OWASP community page with comprehensive information about cross-site request forgery, and links to various OWASP resources to help detect or prevent it.
• Preventing Cross-Site Request Forgery (CSRF) Attacks in ASP.NET MVC Application - A detailed Microsoft article on how to prevent cross-site request forgery in ASP.NET MVC.

[difflens[bot]]

View changes in DiffLens

[difflens[bot]]

View changes in DiffLens

[difflens[bot]]

View changes in DiffLens