search

github / codeql-go

The CodeQL extractor and libraries for Go.
MIT License
464 stars 126 forks source link

Bump github.com/emicklei/go-restful/v3 from 3.2.0 to 3.8.0 in /ql/test/library-tests/semmle/go/frameworks/Gorestful #742

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps github.com/emicklei/go-restful/v3 from 3.2.0 to 3.8.0.

Changelog

Sourced from github.com/emicklei/go-restful/v3's changelog.

[v3.8.0] - 20221-06-06

  • use exact matching of allowed domain entries, issue #489 (#493)
    • this changes fixes [security] Authorization Bypass Through User-Controlled Key by changing the behaviour of the AllowedDomains setting in the CORS filter. To support the previous behaviour, the CORS filter type now has a AllowedDomainFunc callback mechanism which is called when a simple domain match fails.
  • add test and fix for POST without body and Content-type, issue #492 (#496)
  • [Minor] Bad practice to have a mix of Receiver types. (#491)

[v3.7.2] - 2021-11-24

  • restored FilterChain (#482 by SVilgelm)

[v3.7.1] - 2021-10-04

  • fix problem with contentEncodingEnabled setting (#479)

[v3.7.0] - 2021-09-24

  • feat(parameter): adds additional openapi mappings (#478)

[v3.6.0] - 2021-09-18

  • add support for vendor extensions (#477 thx erraggy)

[v3.5.2] - 2021-07-14

  • fix removing absent route from webservice (#472)

[v3.5.1] - 2021-04-12

  • fix handling no match access selected path
  • remove obsolete field

[v3.5.0] - 2021-04-10

  • add check for wildcard (#463) in CORS
  • add access to Route from Request, issue #459 (#462)

[v3.4.0] - 2020-11-10

  • Added OPTIONS to WebService

[v3.3.2] - 2020-01-23

  • Fixed duplicate compression in dispatch. #449

... (truncated)

Commits
  • a2ff8b3 update examples
  • 19a9150 add entry to changes
  • fd3c327 use exact matching of allowed domain entries, issue #489 (#493)
  • c2c010a add test and fix for POST without body and Content-type, issue #492 (#496)
  • f04c271 [Minor] Bad practice to have a mix of Receiver types. (#491)
  • 7c971ca update deps of example user-resource
  • 06a2f87 update openapi example deps
  • b124b0a remove insecure dep from go.sum
  • e1ce7c1 fix Authorization bypass problem with jwt dependency
  • e4a1340 Create SECURITY.md
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/github/codeql-go/network/alerts).
dependabot[bot] commented 2 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.