chore(deps): update module github.com/gin-contrib/cors to v1.6.0 [security] - autoclosed

Doer-org / glyph

A web-service that allows you to save documents in markdown format

https://doer-glyph.net

MIT License

3 stars 2 forks source link

chore(deps): update module github.com/gin-contrib/cors to v1.6.0 [security] - autoclosed #218

Closed renovate[bot] closed 3 months ago

renovate[bot] commented 4 months ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/gin-contrib/cors	`v1.4.0` -> `v1.6.0`

GitHub Vulnerability Alerts

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is that only http://localhost/ should be allowed.

Release Notes

gin-contrib/cors (github.com/gin-contrib/cors)

### [`v1.6.0`](https://togithub.com/gin-contrib/cors/releases/tag/v1.6.0) [Compare Source](https://togithub.com/gin-contrib/cors/compare/v1.5.0...v1.6.0) #### Changelog ##### Features - [`eac6c48`](https://togithub.com/gin-contrib/cors/commit/eac6c48) feat(schema): allow usage of custom schemas ([#139](https://togithub.com/gin-contrib/cors/issues/139)) ##### Bug fixes - [`27b723a`](https://togithub.com/gin-contrib/cors/commit/27b723a) fixe(domain): wildcard parse bug ([#106](https://togithub.com/gin-contrib/cors/issues/106) and [#57](https://togithub.com/gin-contrib/cors/issues/57)) [@maxshine](https://togithub.com/maxshine) and [@Hvitgar](https://togithub.com/Hvitgar) ##### Enhancements - [`f41df75`](https://togithub.com/gin-contrib/cors/commit/f41df75) chore: update GitHub actions to latest versions - [`2451987`](https://togithub.com/gin-contrib/cors/commit/2451987) chore: update dependencies to latest versions - [`7d356c2`](https://togithub.com/gin-contrib/cors/commit/7d356c2) chore: update dependencies to latest versions - [`5da0aee`](https://togithub.com/gin-contrib/cors/commit/5da0aee) chore: update third-party dependencies - [`8263fce`](https://togithub.com/gin-contrib/cors/commit/8263fce) chore: update version of actions/setup-go in GitHub workflows ##### Others - [`fcbd06f`](https://togithub.com/gin-contrib/cors/commit/fcbd06f) ci: enhance testing matrix and tolerance limits - [`f08c1bc`](https://togithub.com/gin-contrib/cors/commit/f08c1bc) ci: refactor CI workflows and improve tests - [`30792dc`](https://togithub.com/gin-contrib/cors/commit/30792dc) ci: refactor GitHub Actions workflows - [`0e993b7`](https://togithub.com/gin-contrib/cors/commit/0e993b7) ci: update GitHub Actions to Version 3 - [`90a7c66`](https://togithub.com/gin-contrib/cors/commit/90a7c66) test(cors): enhance CORS wildcard handling tests ([#145](https://togithub.com/gin-contrib/cors/issues/145)) - [`85bf9fb`](https://togithub.com/gin-contrib/cors/commit/85bf9fb) test: improve CORS wildcard handling and testing ([#144](https://togithub.com/gin-contrib/cors/issues/144)) - [`d5002f2`](https://togithub.com/gin-contrib/cors/commit/d5002f2) test: refactor tests and update CI configurations ### [`v1.5.0`](https://togithub.com/gin-contrib/cors/releases/tag/v1.5.0) [Compare Source](https://togithub.com/gin-contrib/cors/compare/v1.4.0...v1.5.0) #### Changelog ##### Features - [`0eaf9a0`](https://togithub.com/gin-contrib/cors/commit/0eaf9a0) feat: adds support for private network header ([#128](https://togithub.com/gin-contrib/cors/issues/128)) ##### Enhancements - [`c1983b2`](https://togithub.com/gin-contrib/cors/commit/c1983b2) chore(CI): add go1.20 version - [`1d5e083`](https://togithub.com/gin-contrib/cors/commit/1d5e083) chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 ([#112](https://togithub.com/gin-contrib/cors/issues/112)) - [`f8b2357`](https://togithub.com/gin-contrib/cors/commit/f8b2357) chore(options): Added availability to set 200/204 for OPTIONS request status ([#129](https://togithub.com/gin-contrib/cors/issues/129)) - [`f92a222`](https://togithub.com/gin-contrib/cors/commit/f92a222) chore: Add go 1.19 and upgrade lint version to v1.49 - [`95df7c6`](https://togithub.com/gin-contrib/cors/commit/95df7c6) chore: remove `depguard` linter and rename example file - [`7ac4445`](https://togithub.com/gin-contrib/cors/commit/7ac4445) chore: update GitHub Actions configuration files - [`bbf67cd`](https://togithub.com/gin-contrib/cors/commit/bbf67cd) chore: update Go version and setup-go action - [`b216599`](https://togithub.com/gin-contrib/cors/commit/b216599) chore: update `goreleaser/goreleaser-action` to version v4 - [`765e44e`](https://togithub.com/gin-contrib/cors/commit/765e44e) chore: update dependencies to latest versions - [`bf2c9df`](https://togithub.com/gin-contrib/cors/commit/bf2c9df) chore: update linter configuration and changelog titles - [`bbb26b0`](https://togithub.com/gin-contrib/cors/commit/bbb26b0) chore: update supported versions of Go ##### Others - [`5914b2f`](https://togithub.com/gin-contrib/cors/commit/5914b2f) build: update Go version and dependencies

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] commented 4 months ago

ℹ Artifact update notice

File name: server/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

15 additional dependencies were updated
The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.20` -> `1.22.5`
`github.com/bytedance/sonic`	`v1.9.1` -> `v1.11.2`
`github.com/chenzhuoyu/base64x`	`v0.0.0-20221115062448-fe3a3abad311` -> `v0.0.0-20230717121745-296ad89f973d`
`github.com/gabriel-vasile/mimetype`	`v1.4.2` -> `v1.4.3`
`github.com/go-playground/validator/v10`	`v10.14.0` -> `v10.19.0`
`github.com/klauspost/cpuid/v2`	`v2.2.4` -> `v2.2.7`
`github.com/leodido/go-urn`	`v1.2.4` -> `v1.4.0`
`github.com/mattn/go-isatty`	`v0.0.19` -> `v0.0.20`
`github.com/pelletier/go-toml/v2`	`v2.0.8` -> `v2.1.1`
`github.com/ugorji/go/codec`	`v1.2.11` -> `v1.2.12`
`golang.org/x/arch`	`v0.3.0` -> `v0.7.0`
`golang.org/x/crypto`	`v0.14.0` -> `v0.21.0`
`golang.org/x/net`	`v0.17.0` -> `v0.22.0`
`golang.org/x/sys`	`v0.13.0` -> `v0.18.0`
`golang.org/x/text`	`v0.13.0` -> `v0.14.0`
`google.golang.org/protobuf`	`v1.31.0` -> `v1.33.0`

vercel[bot] commented 4 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
glyph	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 6, 2024 5:58pm