This release primarily includes a fix that blocked using
filepath-securejoin in Kubernetes.
Previously, some testing mocks we had resulted in us doing import "testing"
in non-_test.go code, which made some downstreams like Kubernetes unhappy.
This has been fixed. (#32)
Thanks to all of the contributors who made this release possible:
This release primarily includes fixes for spurious errors we hit when
checking that directories created by MkdirAll "look right". Upon further
consideration, these checks were fundamentally buggy and didn't offer
any practical protection anyway.
The mode and owner verification logic in MkdirAll has been removed. This
was originally intended to protect against some theoretical attacks but upon
further consideration these protections don't actually buy us anything and
they were causing spurious errors with more complicated filesystem setups.
The "is the created directory empty" logic in MkdirAll has also been
removed. This was not causing us issues yet, but some pseudofilesystems (such
as cgroup) create non-empty directories and so this logic would've been
wrong for such cases.
Thanks to all of the contributors who made this release possible:
Previously, some testing mocks we had resulted in us doing import "testing"
in non-_test.go code, which made some downstreams like Kubernetes unhappy.
This has been fixed. (#32)
[0.3.3] - 2024-09-30
Fixed
The mode and owner verification logic in MkdirAll has been removed. This
was originally intended to protect against some theoretical attacks but upon
further consideration these protections don't actually buy us anything and
they were causing spurious errors with more complicated filesystem setups.
The "is the created directory empty" logic in MkdirAll has also been
removed. This was not causing us issues yet, but some pseudofilesystems (such
as cgroup) create non-empty directories and so this logic would've been
wrong for such cases.
Export EnforceDefaultTimeoutsWhenUsingContexts and DisableDefaultTimeoutsWhenUsingContext [ca36da1]
v1.35.0
1.35.0
Features
You can now call EnforceDefaultTimeoutsWhenUsingContexts() to have Eventually honor the default timeout when passed a context. (prior to this you had to expclility add a timeout) [e4c4265]
You can call StopTrying(message).Successfully() to abort a Consistently early without failure [eeca931]
Fixes
Stop memoizing the result of HaveField to avoid unexpected errors when used with async assertions. [3bdbc4e]
Export EnforceDefaultTimeoutsWhenUsingContexts and DisableDefaultTimeoutsWhenUsingContext [ca36da1]
1.35.0
Features
You can now call EnforceDefaultTimeoutsWhenUsingContexts() to have Eventually honor the default timeout when passed a context. (prior to this you had to expclility add a timeout) [e4c4265]
You can call StopTrying(message).Successfully() to abort a Consistently early without failure [eeca931]
Fixes
Stop memoizing the result of HaveField to avoid unexpected errors when used with async assertions. [3bdbc4e]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot]
commented
1 week ago
Bumps the go-deps group with 4 updates in the / directory: github.com/ProtonMail/go-crypto, github.com/cyphar/filepath-securejoin, github.com/go-git/go-billy/v5 and github.com/onsi/gomega.
Updates
github.com/ProtonMail/go-cryptofrom 1.1.0-alpha.5-proton to 1.1.0-beta.0-protonRelease notes
Sourced from github.com/ProtonMail/go-crypto's releases.
Commits
b04e354Fix HMAC generation (#204)85bc845Replace ioutil.ReadAll with io.ReadAll5f49c73fix(v2): Adapt NewForwardingEntity to refactored NewEntity9aa010afix(v2): Do not allow encrpytion with a forwarding key91c2e9efeat: Add symmetric keys to v23f6d02afix: Address warningsda0a0cffeat: Add forwarding to v2 api0e6a359fix: Address rebase on version 2 issuesc602a74Use fingerprints instead of KeyIDs348b81dCreate a copy of the encrypted key when forwardingUpdates
github.com/cyphar/filepath-securejoinfrom 0.3.2 to 0.3.4Release notes
Sourced from github.com/cyphar/filepath-securejoin's releases.
Changelog
Sourced from github.com/cyphar/filepath-securejoin's changelog.
Commits
fd16adeVERSION: release v0.3.400e0710godoc: update package documentation0cd6be1README: fix reference to open_tree kernel requirements205046fREADME: add pkg.go.dev badgeecb1b8etests: procfs: clean up mock test hook3ec6eedCHANGELOG: mention #32 fix86e6182merge #32 into cyphar/filepath-securejoin:main6864912Isolate the testing import in test code4348feeopenat: remove unused functiond0c7d67merge #31 into cyphar/filepath-securejoin:mainUpdates
github.com/go-git/go-billy/v5from 5.5.0 to 5.6.0Release notes
Sourced from github.com/go-git/go-billy/v5's releases.
Commits
371e232Merge pull request #85 from go-git/dependabot/github_actions/github/codeql-ac...5087c4cbuild: bump github/codeql-action from 3.26.10 to 3.26.115f263c9Merge pull request #84 from go-git/dependabot/github_actions/github/codeql-ac...18ec098build: bump github/codeql-action from 3.26.8 to 3.26.10c1ee0b9Merge pull request #81 from evankanderson/iofsb50bc97Rename Wrap to New9745bbbMerge pull request #83 from go-git/dependabot/github_actions/github/codeql-ac...d864d47build: bump github/codeql-action from 3.26.7 to 3.26.8b8c5b1bPrevent test failures on Windows, address feedback from pjbgf28f6c49Fix test handling on go < 1.23Updates
github.com/onsi/gomegafrom 1.34.2 to 1.35.1Release notes
Sourced from github.com/onsi/gomega's releases.
Changelog
Sourced from github.com/onsi/gomega's changelog.
Commits
9f5a208v1.35.1ca36da1Export EnforceDefaultTimeoutsWhenUsingContexts and DisableDefaultTimeoutsWhen...d6331f9v1.35.05deaf23fix tests, but like actually this timeeeca931Add Successfully() to StopTrying() to signal that Consistently can end early ...3bdbc4estop memoizing result of HaveFielde35358dsheepishly fix broken test. thanks CI1b717d7grrr. go mod tidya05a416bump all dependenciese4c4265Add EnforceDefaultTimeoutsWhenUsingContexts()Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show