Bump github.com/gofiber/fiber/v2 from 2.52.4 to 2.52.5

Bumps github.com/gofiber/fiber/v2 from 2.52.4 to 2.52.5.

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.52.5

👮 Security

https://docs.gofiber.io/api/middleware/session

🧹 Updates

Middleware/session: Remove extra release and aquire ctx calls in session_test.go (#3043)

🐛 Bug Fixes

Middleware/monitor: middleware reporting of CPU usage (#2984)

Middleware/session: mutex for thread safety (#3050)

📚 Documentation

Improve ctx.Locals method description and example (#3030)

Improve ctx.Locals method documentation (#3033)

Update README_id.md (#3045)

Full Changelog: https://github.com/gofiber/fiber/compare/v2.52.4...v2.52.5

Thank you @nyufeng, @PaulTitto and @sixcolors for making this update possible.

Commits

6968d51 add release.yml config
66a8814 fix(middleware/session): mutex for thread safety (#3050)
6fa0e7c Update README_id.md (#3045)
c7bfb31 test(middleware/session): Remove extra release and aquire ctx calls in sessio...
abf8f32 prepare version v2.52.5
7926e5b Merge pull request from GHSA-98j2-3j3p-fw2v
4262f5b fix: monitor middleware reporting of CPU usage (#2984)
232c0fa docs: Improve ctx.Locals method documentation (#3033)
6c9510d docs: Improve ctx.Locals method description and example (#3030)
6c3eb80 Update csrf.md
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


ghcr.io/webp-sh/webp_server_go (debian 12.5)
============================================
Total: 8 (HIGH: 8, CRITICAL: 0)

┌─────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────────────┬──────────────────────────────────────────────────────────────┐
│         Library         │ Vulnerability  │ Severity │ Status │ Installed Version │     Fixed Version      │                            Title                             │
├─────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────────────┼──────────────────────────────────────────────────────────────┤
│ libcurl3-gnutls         │ CVE-2024-2398  │ HIGH     │ fixed  │ 7.88.1-10+deb12u5 │ 7.88.1-10+deb12u6      │ curl: HTTP/2 push headers memory-leak                        │
│                         │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2024-2398                    │
├─────────────────────────┤                │          │        │                   │                        │                                                              │
│ libcurl4                │                │          │        │                   │                        │                                                              │
│                         │                │          │        │                   │                        │                                                              │
├─────────────────────────┼────────────────┤          │        ├───────────────────┼────────────────────────┼──────────────────────────────────────────────────────────────┤
│ libgdk-pixbuf-2.0-0     │ CVE-2022-48622 │          │        │ 2.42.10+dfsg-1+b1 │ 2.42.10+dfsg-1+deb12u1 │ gnome: heap memory corruption on gdk-pixbuf                  │
│                         │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2022-48622                   │
├─────────────────────────┤                │          │        ├───────────────────┤                        │                                                              │
│ libgdk-pixbuf2.0-common │                │          │        │ 2.42.10+dfsg-1    │                        │                                                              │
│                         │                │          │        │                   │                        │                                                              │
├─────────────────────────┼────────────────┤          │        ├───────────────────┼────────────────────────┼──────────────────────────────────────────────────────────────┤
│ libsystemd0             │ CVE-2023-50387 │          │        │ 252.22-1~deb12u1  │ 252.23-1~deb12u1       │ bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator │
│                         │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2023-50387                   │
│                         ├────────────────┤          │        │                   │                        ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2023-50868 │          │        │                   │                        │ bind9: Preparing an NSEC3 closest encloser proof can exhaust │
│                         │                │          │        │                   │                        │ CPU resources                                                │
│                         │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2023-50868                   │
├─────────────────────────┼────────────────┤          │        │                   │                        ├──────────────────────────────────────────────────────────────┤
│ libudev1                │ CVE-2023-50387 │          │        │                   │                        │ bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator │
│                         │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2023-50387                   │
│                         ├────────────────┤          │        │                   │                        ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2023-50868 │          │        │                   │                        │ bind9: Preparing an NSEC3 closest encloser proof can exhaust │
│                         │                │          │        │                   │                        │ CPU resources                                                │
│                         │                │          │        │                   │                        │ https://avd.aquasec.com/nvd/cve-2023-50868                   │
└─────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────────────┴──────────────────────────────────────────────────────────────┘

webp-sh / webp_server_go

Bump github.com/gofiber/fiber/v2 from 2.52.4 to 2.52.5 #346

v2.52.5

👮 Security

🧹 Updates

🐛 Bug Fixes

📚 Documentation