Open renovate[bot] opened 2 weeks ago
In order to perform the update(s) described in the table above, Renovate ran the go get
command, which resulted in the following additional change(s):
Details:
Package | Change |
---|---|
github.com/corazawaf/libinjection-go |
v0.1.3 -> v0.2.1 |
github.com/petar-dambovaliev/aho-corasick |
v0.0.0-20230725210150-fb29fc3c913e -> v0.0.0-20240411101913-e07a1f0e8eb4 |
github.com/tidwall/gjson |
v1.17.0 -> v1.17.1 |
golang.org/x/crypto |
v0.19.0 -> v0.24.0 |
golang.org/x/mod |
v0.14.0 -> v0.17.0 |
golang.org/x/net |
v0.21.0 -> v0.26.0 |
golang.org/x/sync |
v0.6.0 -> v0.7.0 |
golang.org/x/sys |
v0.17.0 -> v0.21.0 |
golang.org/x/term |
v0.17.0 -> v0.21.0 |
golang.org/x/text |
v0.14.0 -> v0.16.0 |
golang.org/x/tools |
v0.15.0 -> v0.21.1-0.20240508182429-e35e4ccd0d2d |
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
This PR contains the following updates:
v3.1.0
->v3.2.1
Release Notes
corazawaf/coraza (github.com/corazawaf/coraza/v3)
### [`v3.2.1`](https://togithub.com/corazawaf/coraza/releases/tag/v3.2.1): Coraza 3.2.1 [Compare Source](https://togithub.com/corazawaf/coraza/compare/v3.2.0...v3.2.1) This is a quick patch release to fix a potential data race that was noticed right after `v3.2.0` (Thanks [@MarcWort](https://togithub.com/MarcWort) for reporting it!) and a minor fix about logging. #### What's Changed - fix: race condition on StrID by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1084](https://togithub.com/corazawaf/coraza/pull/1084) - fix: makes max size log message CRS correlation rule friendly by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1085](https://togithub.com/corazawaf/coraza/pull/1085) **Full Changelog**: https://github.com/corazawaf/coraza/compare/v3.2.0...v3.2.1 ### [`v3.2.0`](https://togithub.com/corazawaf/coraza/releases/tag/v3.2.0): Version 3.2.0 [Compare Source](https://togithub.com/corazawaf/coraza/compare/v3.1.0...v3.2.0) Coraza v3.2.0 comes with: - Support for `SecRuleUpdateTargetByTag`, `Base64DecodeExt`, extended support for ranges of IDs with `SecRuleUpdateTargetByID`. - Support for case-sensitive matching for `ARGS` keys. It currently comes under the [`coraza.rule.case_sensitive_args_keys`](https://togithub.com/corazawaf/coraza?tab=readme-ov-file#build-tags). Mind that, in compliance with RFC 3986 specification, it is planned to become the default behavior starting from the next major version. - Support for auditlog formatters for tinygo builds. - Various bug fixes, among other things, around log generation and Coraza middleware. - Performance implements and reduced memory allocation mostly thanks to [@noboruma](https://togithub.com/noboruma). - Updated CRS support to the latest CRS v4.3.0 version. #### What's Changed - fix(deps): update module github.com/tidwall/gjson to v1.17.1 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1004](https://togithub.com/corazawaf/coraza/pull/1004) - fix(deps): update module golang.org/x/net to v0.22.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1011](https://togithub.com/corazawaf/coraza/pull/1011) - feat: expose expected directives for e2e test by [@fionera](https://togithub.com/fionera) in [https://github.com/corazawaf/coraza/pull/1012](https://togithub.com/corazawaf/coraza/pull/1012) - avoid executing costly With if noop logger by [@noboruma](https://togithub.com/noboruma) in [https://github.com/corazawaf/coraza/pull/1015](https://togithub.com/corazawaf/coraza/pull/1015) - tests: covers eq operator. by [@jcchavezs](https://togithub.com/jcchavezs) in [https://github.com/corazawaf/coraza/pull/1002](https://togithub.com/corazawaf/coraza/pull/1002) - fix: RegisterWriter/RegisterFormatter case insensitive by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1026](https://togithub.com/corazawaf/coraza/pull/1026) - feat: Implements SecRuleUpdateTargetByTag, extends ByID with ranges by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1020](https://togithub.com/corazawaf/coraza/pull/1020) - tests: covers zero case in eq operator. by [@jcchavezs](https://togithub.com/jcchavezs) in [https://github.com/corazawaf/coraza/pull/1029](https://togithub.com/corazawaf/coraza/pull/1029) - feat: registers `RegisterFormatter`s for tinygo by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1027](https://togithub.com/corazawaf/coraza/pull/1027) - fix(deps): update module golang.org/x/net to v0.23.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1033](https://togithub.com/corazawaf/coraza/pull/1033) - Fix: audit logs RelevantOnly match if interruption happens by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1025](https://togithub.com/corazawaf/coraza/pull/1025) - tests: adds logs for unexpected status code. by [@jcchavezs](https://togithub.com/jcchavezs) in [https://github.com/corazawaf/coraza/pull/1037](https://togithub.com/corazawaf/coraza/pull/1037) - fix(deps): update module golang.org/x/net to v0.24.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1035](https://togithub.com/corazawaf/coraza/pull/1035) - cache Rule ID string version by [@noboruma](https://togithub.com/noboruma) in [https://github.com/corazawaf/coraza/pull/1039](https://togithub.com/corazawaf/coraza/pull/1039) - chore: adds fs access check at startup time by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1030](https://togithub.com/corazawaf/coraza/pull/1030) - Add support for Base64DecodeExt by [@soujanyanmbri](https://togithub.com/soujanyanmbri) in [https://github.com/corazawaf/coraza/pull/1046](https://togithub.com/corazawaf/coraza/pull/1046) - fix: FuzzB64Decode regexp match for fuzzing by [@fzipi](https://togithub.com/fzipi) in [https://github.com/corazawaf/coraza/pull/1054](https://togithub.com/corazawaf/coraza/pull/1054) - chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 in /testing/coreruleset in the go_modules group across 1 directory by [@dependabot](https://togithub.com/dependabot) in [https://github.com/corazawaf/coraza/pull/1043](https://togithub.com/corazawaf/coraza/pull/1043) - fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.13.4 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1001](https://togithub.com/corazawaf/coraza/pull/1001) - fix(deps): update module github.com/petar-dambovaliev/aho-corasick to v0.0.0-20240411101913-e07a1f0e8eb4 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1057](https://togithub.com/corazawaf/coraza/pull/1057) - feat: add new maps with case sensitive keys by [@fzipi](https://togithub.com/fzipi) in [https://github.com/corazawaf/coraza/pull/1055](https://togithub.com/corazawaf/coraza/pull/1055) - fix: http parameter pollution test cases by [@fzipi](https://togithub.com/fzipi) in [https://github.com/corazawaf/coraza/pull/1058](https://togithub.com/corazawaf/coraza/pull/1058) - fix(deps): update module golang.org/x/sync to v0.7.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1034](https://togithub.com/corazawaf/coraza/pull/1034) - fix(deps): update module golang.org/x/net to v0.25.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1060](https://togithub.com/corazawaf/coraza/pull/1060) - fix: RemoveTargetById Args in multiphase mode by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1061](https://togithub.com/corazawaf/coraza/pull/1061) - fix: headers leaked during interruptions at phase 3/4 by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1062](https://togithub.com/corazawaf/coraza/pull/1062) - chore: deletes content temporary file on close. by [@jcchavezs](https://togithub.com/jcchavezs) in [https://github.com/corazawaf/coraza/pull/924](https://togithub.com/corazawaf/coraza/pull/924) - chore: upgrades to CRS 4.1. by [@jcchavezs](https://togithub.com/jcchavezs) in [https://github.com/corazawaf/coraza/pull/1032](https://togithub.com/corazawaf/coraza/pull/1032) - chore: updates CRS tests to CRS4.2 by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1066](https://togithub.com/corazawaf/coraza/pull/1066) - fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.14.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1067](https://togithub.com/corazawaf/coraza/pull/1067) - feat: add support for case sensitive args by [@fzipi](https://togithub.com/fzipi) in [https://github.com/corazawaf/coraza/pull/1059](https://togithub.com/corazawaf/coraza/pull/1059) - fix: logs multiple vars matched by same rule by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1074](https://togithub.com/corazawaf/coraza/pull/1074) - fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1076](https://togithub.com/corazawaf/coraza/pull/1076) - fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.1 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1079](https://togithub.com/corazawaf/coraza/pull/1079) - fix(deps): update module golang.org/x/net to v0.26.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1075](https://togithub.com/corazawaf/coraza/pull/1075) - fix: setters of INBOUND_DATA_ERROR and OUTBOUND_DATA_ERROR by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1078](https://togithub.com/corazawaf/coraza/pull/1078) - fix(deps): update module github.com/rs/zerolog to v1.33.0 by [@renovate](https://togithub.com/renovate) in [https://github.com/corazawaf/coraza/pull/1073](https://togithub.com/corazawaf/coraza/pull/1073) - chore: updates CRS tests to CRS4.3 by [@M4tteoP](https://togithub.com/M4tteoP) in [https://github.com/corazawaf/coraza/pull/1081](https://togithub.com/corazawaf/coraza/pull/1081) #### New Contributors (thanks a lot!) - [@fionera](https://togithub.com/fionera) made their first contribution in [https://github.com/corazawaf/coraza/pull/1012](https://togithub.com/corazawaf/coraza/pull/1012) - [@noboruma](https://togithub.com/noboruma) made their first contribution in [https://github.com/corazawaf/coraza/pull/1015](https://togithub.com/corazawaf/coraza/pull/1015) - [@soujanyanmbri](https://togithub.com/soujanyanmbri) made their first contribution in [https://github.com/corazawaf/coraza/pull/1046](https://togithub.com/corazawaf/coraza/pull/1046) **Full Changelog**: https://github.com/corazawaf/coraza/compare/v3.1.0...v3.2.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.