search

corazawaf / coraza-caddy

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
https://www.coraza.io/
Apache License 2.0
357 stars 41 forks source link

chore(deps): update mccutchen/go-httpbin docker tag to v2.14.0 #149

Closed renovate[bot] closed 5 months ago

renovate[bot] commented 6 months ago

Mend Renovate

This PR contains the following updates:

Package Update Change
mccutchen/go-httpbin minor v2.13.4 -> v2.14.0

Release Notes

mccutchen/go-httpbin (mccutchen/go-httpbin) ### [`v2.14.0`](https://togithub.com/mccutchen/go-httpbin/releases/tag/v2.14.0) [Compare Source](https://togithub.com/mccutchen/go-httpbin/compare/v2.13.4...v2.14.0) #### What's Changed - chore(ci): tweak codecov configuration by [@​mccutchen](https://togithub.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/168](https://togithub.com/mccutchen/go-httpbin/pull/168) - add appProcotol to the k8s service for port name 'http' by [@​bcollard](https://togithub.com/bcollard) in [https://github.com/mccutchen/go-httpbin/pull/169](https://togithub.com/mccutchen/go-httpbin/pull/169) - fix: mitigate allowed redirect domain bypass by [@​mccutchen](https://togithub.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/174](https://togithub.com/mccutchen/go-httpbin/pull/174) #### 🔐 Security fix 🔐 This release fixes a bug that allowed clients to bypass the `-allowed-redirect-domains`/`ALLOWED_REDIRECT_DOMAINS` configuration used by the `/redirect-to` endpoint by passing an absolute URL without a scheme (e.g. `/redirect-to?url=//evil.com`). See [#​173](https://togithub.com/mccutchen/go-httpbin/issues/173) and [#​174](https://togithub.com/mccutchen/go-httpbin/issues/174) for details about the issue and the fix, and see the [Production Considerations](https://togithub.com/mccutchen/go-httpbin/blob/main/README.md#production-considerations) section of the README for more info on why that configuration is important. #### New Contributors - [@​bcollard](https://togithub.com/bcollard) made their first contribution in [https://github.com/mccutchen/go-httpbin/pull/169](https://togithub.com/mccutchen/go-httpbin/pull/169) **Full Changelog**: https://github.com/mccutchen/go-httpbin/compare/v2.13.4...v2.14.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

sonarcloud[bot] commented 6 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud