search

ansrivas / fiberprometheus

prometheus middleware for Fiber
MIT License
172 stars 37 forks source link

build(deps): bump github.com/gofiber/fiber/v2 from 2.49.2 to 2.50.0 #183

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/gofiber/fiber/v2 from 2.49.2 to 2.50.0.

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.50.0

❗ Breaking Changes

  • Change signatures of GetReqHeaders and GetRespHeaders (#2650)

To allow single and list values under headers according to the rfc standard

- func (c *Ctx) GetReqHeaders() map[string]string
+ func (c *Ctx) GetReqHeaders() map[string][]string

- func (c *Ctx) GetRespHeaders() map[string]string
+ func (c *Ctx) GetRespHeaders() map[string][]string

👮 Security

https://docs.gofiber.io/api/middleware/csrf

🚀 Improvements to the CSRF middleware:

  • Added support for single-use tokens through the SingleUseToken configuration option.
  • Optional integration with GoFiber session middleware through the Session and SessionKey configuration options.
  • Introduction of origin checks for HTTPS connections to verify referer headers.
  • Implementation of a Double Submit Cookie approach for CSRF token generation and validation when used without Session.
  • Enhancement of error handling with more descriptive error messages.
  • The documentation for the CSRF middleware has been enhanced with the addition of the new options and best practices to improve security.

Thank you @​sixcolors

🚀 New

// Field names should start with an uppercase letter
type Person struct {
    Name     string  `cookie:"name"`
    Age      int     `cookie:"age"`
    Job      bool    `cookie:"job"`
}
// Example route
app.Get("/", func(c *fiber.Ctx) error {
    p := new(Person)
    // This method is similar to BodyParser, but for cookie parameters
    if err := c.CookieParser(p); err != nil {
</tr></table>

... (truncated)

Commits
  • af39998 Add more description to GetClientInfo
  • c864da0 prepare release v2.50.0
  • 8c3916d Merge pull request from GHSA-94w9-97p3-p368
  • d736d3a :bug: bug: fix path checking on route naming (#2676)
  • cb89cce Merge pull request #2675 from jscappini/patch-1
  • d974cf3 Fix typo in requestid.md
  • e70b2e2 Cookie parser (#2656)
  • bb90fc1 fix lint errors
  • b50d91d Merge pull request from GHSA-94w9-97p3-p368
  • 9292a36 :bug: bug: fix nil pointer dereference issue on idempotency middleware (#2668)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)