This release makes some minor improvements to SecureJoin:
Some changes were made to how lexical components are handled during
resolution. There is no change in behaviour, and both implementations
are safe, however the newer implementation is much easier to reason
about.
The error returned when a symlink loop has been detected will now
reference the correct path. #10
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the go-deps group with 5 updates:
0.2.4
0.2.5
1.19.0
1.19.1
1.8.3
1.8.4
0.22.0
0.23.0
0.177.0
0.182.0
Updates
github.com/cyphar/filepath-securejoin
from 0.2.4 to 0.2.5Release notes
Sourced from github.com/cyphar/filepath-securejoin's releases.
Commits
d861a11
VERSION: release v0.2.587bc53a
join: fix ELOOP error pathe9be397
join: don't allow .. and . in working path during resolution75cdbea
gha: update Go versionsb69b737
VERSION: back to developmentUpdates
github.com/prometheus/client_golang
from 1.19.0 to 1.19.1Release notes
Sourced from github.com/prometheus/client_golang's releases.
Changelog
Sourced from github.com/prometheus/client_golang's changelog.
Commits
6e3f4b1
Cut 1.19.1 (#1494)cad1bfa
Merge pull request #1454 from prometheus/small-nits0aa8c9f
Rephrase incompatibility with common v0.48.0Updates
github.com/sigstore/sigstore
from 1.8.3 to 1.8.4Release notes
Sourced from github.com/sigstore/sigstore's releases.
Commits
5cd937f
build(deps): Bump github.com/hashicorp/vault/api96fc144
build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates2b99005
build(deps): Bump the all group in /pkg/signature/kms/aws with 3 updatesfa5d64b
sync go mod186a1e5
build(deps): Bump the all group across 1 directory with 4 updates1ba2030
Fix Hashicorp Vault KMS to use PKCS1 v1.5ec88c0b
---bbe51a7
---1d8a874
---acb4db4
build(deps): Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1Updates
golang.org/x/crypto
from 0.22.0 to 0.23.0Commits
905d78a
go.mod: update golang.org/x dependenciesebb717d
ssh: validate key type in SSH_MSG_USERAUTH_PK_OK response0da2a6a
openpgp: fix function name in comment5defcc1
sha3: fix Sum results for SHAKE functions on s390xUpdates
google.golang.org/api
from 0.177.0 to 0.182.0Release notes
Sourced from google.golang.org/api's releases.
... (truncated)
Changelog
Sourced from google.golang.org/api's changelog.
... (truncated)
Commits
b49e3b9
chore(main): release 0.182.0 (#2591)b6f615b
chore(all): update all (#2607)c4c51ce
feat(all): auto-regenerate discovery clients (#2609)0e58f74
feat(all): auto-regenerate discovery clients (#2608)ceaeabf
feat(all): auto-regenerate discovery clients (#2606)f474c8f
feat(all): auto-regenerate discovery clients (#2604)ece7727
feat(all): auto-regenerate discovery clients (#2603)a86c4b6
feat(all): auto-regenerate discovery clients (#2602)2e7cc39
feat(all): auto-regenerate discovery clients (#2600)677f53d
feat(all): auto-regenerate discovery clients (#2599)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show