mccutchen/go-httpbin (mccutchen/go-httpbin)
### [`v2.15.0`](https://redirect.github.com/mccutchen/go-httpbin/releases/tag/v2.15.0)
[Compare Source](https://redirect.github.com/mccutchen/go-httpbin/compare/v2.14.1...v2.15.0)
#### Summary
- ⚠️ **Minimum Go version is now 1.22** ⚠️ due to use of new stdlib router enhancements
- New `/trailers` endpoint added
- `Server-Timings` headers/trailers added to endpoints with client-controlled response times
##### What's Changed
- chore(build): bump docker image to 1.23 by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/180](https://redirect.github.com/mccutchen/go-httpbin/pull/180)
- feat: use enhanced stdlib HTTP router by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/181](https://redirect.github.com/mccutchen/go-httpbin/pull/181)
- chore(ci): fix code coverage uploads by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/183](https://redirect.github.com/mccutchen/go-httpbin/pull/183)
- refactor: small tweak to template rendering helpers by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/182](https://redirect.github.com/mccutchen/go-httpbin/pull/182)
- feat: add `/trailers` endpoint by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/184](https://redirect.github.com/mccutchen/go-httpbin/pull/184)
- refactor: minor tweaks to `/drip` implementation by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/185](https://redirect.github.com/mccutchen/go-httpbin/pull/185)
- feat: add `Server-Timing` headers/trailers where relevant by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/186](https://redirect.github.com/mccutchen/go-httpbin/pull/186)
**Full Changelog**: https://github.com/mccutchen/go-httpbin/compare/v2.14.1...v2.15.0
### [`v2.14.1`](https://redirect.github.com/mccutchen/go-httpbin/releases/tag/v2.14.1)
[Compare Source](https://redirect.github.com/mccutchen/go-httpbin/compare/v2.14.0...v2.14.1)
#### What's Changed
- feat: support JSON structured log formatting by [@pehlicd](https://redirect.github.com/pehlicd) in [https://github.com/mccutchen/go-httpbin/pull/179](https://redirect.github.com/mccutchen/go-httpbin/pull/179)
#### New Contributors
- [@pehlicd](https://redirect.github.com/pehlicd) made their first contribution in [https://github.com/mccutchen/go-httpbin/pull/179](https://redirect.github.com/mccutchen/go-httpbin/pull/179)
**Full Changelog**: https://github.com/mccutchen/go-httpbin/compare/v2.14.0...v2.14.1
### [`v2.14.0`](https://redirect.github.com/mccutchen/go-httpbin/releases/tag/v2.14.0)
[Compare Source](https://redirect.github.com/mccutchen/go-httpbin/compare/v2.13.4...v2.14.0)
#### What's Changed
- chore(ci): tweak codecov configuration by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/168](https://redirect.github.com/mccutchen/go-httpbin/pull/168)
- add appProcotol to the k8s service for port name 'http' by [@bcollard](https://redirect.github.com/bcollard) in [https://github.com/mccutchen/go-httpbin/pull/169](https://redirect.github.com/mccutchen/go-httpbin/pull/169)
- fix: mitigate allowed redirect domain bypass by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/174](https://redirect.github.com/mccutchen/go-httpbin/pull/174)
#### 🔐 Security fix 🔐
This release fixes a bug that allowed clients to bypass the `-allowed-redirect-domains`/`ALLOWED_REDIRECT_DOMAINS` configuration used by the `/redirect-to` endpoint by passing an absolute URL without a scheme (e.g. `/redirect-to?url=//evil.com`).
See [#173](https://redirect.github.com/mccutchen/go-httpbin/issues/173) and [#174](https://redirect.github.com/mccutchen/go-httpbin/issues/174) for details about the issue and the fix, and see the [Production Considerations](https://redirect.github.com/mccutchen/go-httpbin/blob/main/README.md#production-considerations) section of the README for more info on why that configuration is important.
#### New Contributors
- [@bcollard](https://redirect.github.com/bcollard) made their first contribution in [https://github.com/mccutchen/go-httpbin/pull/169](https://redirect.github.com/mccutchen/go-httpbin/pull/169)
**Full Changelog**: https://github.com/mccutchen/go-httpbin/compare/v2.13.4...v2.14.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v2.13.4->v2.15.0Release Notes
mccutchen/go-httpbin (mccutchen/go-httpbin)
### [`v2.15.0`](https://redirect.github.com/mccutchen/go-httpbin/releases/tag/v2.15.0) [Compare Source](https://redirect.github.com/mccutchen/go-httpbin/compare/v2.14.1...v2.15.0) #### Summary - ⚠️ **Minimum Go version is now 1.22** ⚠️ due to use of new stdlib router enhancements - New `/trailers` endpoint added - `Server-Timings` headers/trailers added to endpoints with client-controlled response times ##### What's Changed - chore(build): bump docker image to 1.23 by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/180](https://redirect.github.com/mccutchen/go-httpbin/pull/180) - feat: use enhanced stdlib HTTP router by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/181](https://redirect.github.com/mccutchen/go-httpbin/pull/181) - chore(ci): fix code coverage uploads by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/183](https://redirect.github.com/mccutchen/go-httpbin/pull/183) - refactor: small tweak to template rendering helpers by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/182](https://redirect.github.com/mccutchen/go-httpbin/pull/182) - feat: add `/trailers` endpoint by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/184](https://redirect.github.com/mccutchen/go-httpbin/pull/184) - refactor: minor tweaks to `/drip` implementation by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/185](https://redirect.github.com/mccutchen/go-httpbin/pull/185) - feat: add `Server-Timing` headers/trailers where relevant by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/186](https://redirect.github.com/mccutchen/go-httpbin/pull/186) **Full Changelog**: https://github.com/mccutchen/go-httpbin/compare/v2.14.1...v2.15.0 ### [`v2.14.1`](https://redirect.github.com/mccutchen/go-httpbin/releases/tag/v2.14.1) [Compare Source](https://redirect.github.com/mccutchen/go-httpbin/compare/v2.14.0...v2.14.1) #### What's Changed - feat: support JSON structured log formatting by [@pehlicd](https://redirect.github.com/pehlicd) in [https://github.com/mccutchen/go-httpbin/pull/179](https://redirect.github.com/mccutchen/go-httpbin/pull/179) #### New Contributors - [@pehlicd](https://redirect.github.com/pehlicd) made their first contribution in [https://github.com/mccutchen/go-httpbin/pull/179](https://redirect.github.com/mccutchen/go-httpbin/pull/179) **Full Changelog**: https://github.com/mccutchen/go-httpbin/compare/v2.14.0...v2.14.1 ### [`v2.14.0`](https://redirect.github.com/mccutchen/go-httpbin/releases/tag/v2.14.0) [Compare Source](https://redirect.github.com/mccutchen/go-httpbin/compare/v2.13.4...v2.14.0) #### What's Changed - chore(ci): tweak codecov configuration by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/168](https://redirect.github.com/mccutchen/go-httpbin/pull/168) - add appProcotol to the k8s service for port name 'http' by [@bcollard](https://redirect.github.com/bcollard) in [https://github.com/mccutchen/go-httpbin/pull/169](https://redirect.github.com/mccutchen/go-httpbin/pull/169) - fix: mitigate allowed redirect domain bypass by [@mccutchen](https://redirect.github.com/mccutchen) in [https://github.com/mccutchen/go-httpbin/pull/174](https://redirect.github.com/mccutchen/go-httpbin/pull/174) #### 🔐 Security fix 🔐 This release fixes a bug that allowed clients to bypass the `-allowed-redirect-domains`/`ALLOWED_REDIRECT_DOMAINS` configuration used by the `/redirect-to` endpoint by passing an absolute URL without a scheme (e.g. `/redirect-to?url=//evil.com`). See [#173](https://redirect.github.com/mccutchen/go-httpbin/issues/173) and [#174](https://redirect.github.com/mccutchen/go-httpbin/issues/174) for details about the issue and the fix, and see the [Production Considerations](https://redirect.github.com/mccutchen/go-httpbin/blob/main/README.md#production-considerations) section of the README for more info on why that configuration is important. #### New Contributors - [@bcollard](https://redirect.github.com/bcollard) made their first contribution in [https://github.com/mccutchen/go-httpbin/pull/169](https://redirect.github.com/mccutchen/go-httpbin/pull/169) **Full Changelog**: https://github.com/mccutchen/go-httpbin/compare/v2.13.4...v2.14.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.