swaggo / gin-swagger

gin middleware to automatically generate RESTful API documentation with Swagger 2.0.

MIT License

3.76k stars 270 forks source link

fix: update gin-contrib/gzip to latest version #220

Closed venu-prasanna-tw closed 2 years ago

venu-prasanna-tw commented 2 years ago

We are using the latest version of [github.com/swaggo/gin-swagger@v1.5.0] which internally uses the gin-contrib/gzip library and the version is [github.com/gin-contrib/gzip@v0.0.5] in go.mod

This has introduced snyk vulnerability HTTP Response Splitting with the following path: github.com/swaggo/gin-swagger@v1.5.0 › github.com/gin-contrib/gzip@v0.0.5 › github.com/gin-gonic/gin@v1.7.4

Snyk issue link: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736

In order to solve this issue I have upgraded gin-contrib/gzip to latest version.

codecov[bot] commented 2 years ago

Codecov Report

Merging #220 (8ba2eb4) into master (0806351) will not change coverage. The diff coverage is n/a.

@@            Coverage Diff            @@
##            master      #220   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines           98        98           
=========================================
  Hits            98        98

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 0806351...8ba2eb4. Read the comment docs.

ubogdan commented 2 years ago

@venu-prasanna-tw Thanks for your contribution.

ruchi-dhore-tw commented 2 years ago

@ubogdan any idea when this change would be released?

ubogdan commented 2 years ago

released.

ruchi-dhore-tw commented 2 years ago

Thank you @ubogdan !

ubogdan commented 2 years ago

You're welcome. 👍