There were new features important for compatibility with some of the upcoming cookie security changes with google that required a new Partitioned attribute be added to the cookies, this attribute was only available in go 1.23, which has just recently been released.
If you require a version that is backward compatible with a lower version than go 1.23 then you'll need to use release v1.3.0.
The following notes show the difference between 1.2.2 and the current version because 1.3.0 was a hotfix for go 1.22 and below.
The maintainers of this repo merged a PR into main with the net/http.Cookie field Partitioned which is a field only available in go 1.23. As a result all usage of the main branch will not work unless users are on 1.23 which at the time of writing is currently unreleased. This broke the install for a number of users so the intent of this release is to push out a couple of features and bugfixes with the go 1.23 specific changes removed.
Releases should be used exclusively until go 1.23 is released.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/gorilla/sessions from 1.2.2 to 1.4.0.
Release notes
Sourced from github.com/gorilla/sessions's releases.
Commits
bb4cd60
chore: Update readme to relect go 1.23 releasee2083f9
chore: update to go 1.23 for workflows6eef180
fix: Missing SameSite attribute on optionsa56e60c
Add mysql store to the readme (#279)466d29e
chore: Update readme and copyrights7a8159e
chore(go): Remove go version 1.11 supportff5660f
chore(go): Add warning about main branch8e2d547
chore(go): Remove vendored dependenciesc373b3e
Fix gorillatoolkit link in README.md (#278)ef99c78
fix(cookie): Add default samesite (#276)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show