Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update all dependencies #15

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update all dependencies #15

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 2, 2022
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
actions/checkout action major v3 -> v4 age adoption passing confidence
amannn/action-semantic-pull-request action major v4 -> v5 age adoption passing confidence
github.com/cloudevents/sdk-go/v2 require minor v2.10.1 -> v2.15.2 age adoption passing confidence
github.com/gofiber/fiber/v2 require minor v2.35.0 -> v2.52.5 age adoption passing confidence
github.com/google/uuid require minor v1.3.0 -> v1.6.0 age adoption passing confidence
go.uber.org/zap require minor v1.21.0 -> v1.27.0 age adoption passing confidence
release-drafter/release-drafter action major v5 -> v6 age adoption passing confidence

Release Notes

actions/checkout (actions/checkout)

v4

Compare Source

amannn/action-semantic-pull-request (amannn/action-semantic-pull-request)

v5

Compare Source

cloudevents/sdk-go (github.com/cloudevents/sdk-go/v2)

v2.15.2

Compare Source

What's Changed

  • Patch for a potential security issue. See CVE-2024-28110.
  • Note: this could be a breaking change for people if they purposely change golang's HTTP DefaultClient, or change the CloudEvents Client returned from NewClient, and expect those changes to be visible on other HTTP flows using those Clients. E.g. auth

Full Changelog: cloudevents/sdk-go@v2.15.1...v2.15.2

v2.15.1

Compare Source

What's Changed

New Contributors

Full Changelog: cloudevents/sdk-go@v2.15.0...v2.15.1

v2.15.0

Compare Source

Highlights 💫

This release includes various updates and improvements such as README enhancements, dependency bumps, bug fixes, race condition resolutions, and protocol-related adjustments. Notable changes involve upgrading dependencies like grpc and go.opentelemetry, addressing race conditions, fixing Kafka test issues, and introducing new features like binary content mode for NATS and JetStream protocols. Additionally, there are governance documentation updates, link corrections, and improvements in error handling and documentation across different modules.

Breaking 🚨

The Kafka Sarama protocol now uses the "github.com/IBM/sarama" Go module import path.

Commits 📄

896e1d0 Update README.md
75ec0f2 Bump actions/setup-go from 4 to 5
41e80f7 fixed couple issues
9ccd339 bugfix_value_type_of_dataschema
c8cbca9 adds unique package name for import
f1bca09 relative .pb.go generation, go_package set to package name
c20eef2 bump the pahao mqtt to v0.12
ed7be6b Add WithCustomAttributes for PubSub
be31358 returning the error when doing a nack in the message
ecead5c Make a few comments a bit clearer
57be3cd Try to make sure the Receiver starts before we send events
f5c7061 Try to fix race again - don't reuse clients for sender/receiver
8bea925 Bump google.golang.org/grpc from 1.56.1 to 1.56.3 in /samples/http
fa6be00 Bump google.golang.org/grpc from 1.56.1 to 1.56.3 in /protocol/pubsub/v2
7e05ecd Bump google.golang.org/grpc from 1.56.1 to 1.56.3 in /samples/pubsub
13825ba Sleep less to avoid timeouts
3162d69 Bump github.com/nats-io/nats-server/v2 in /protocol/stan/v2
ec8b0f9 deps: update nats dependencies
dae9f6c Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
1d6360b Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
06658a2 Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
7c1a3b1 fix race
6f5984b Move to go 1.18 Had to run gofmt and fix some weird typos due to tabs in the comments
0a006bb Fix race condition in kafka tests
510b002 issue 814 - Add binary content mode for NATS and JetStream protocols
ac3d30c add link to our security mailing list
9405398 Bump golang.org/x/net in /observability/opencensus/v2
3cbfae0 Bump golang.org/x/net from 0.9.0 to 0.17.0 in /protocol/pubsub/v2
65eb52e Bump golang.org/x/net from 0.12.0 to 0.17.0 in /protocol/kafka_sarama/v2
d25d6e4 Bump golang.org/x/net from 0.9.0 to 0.17.0 in /samples/pubsub
e4653a8 Bump golang.org/x/net from 0.12.0 to 0.17.0 in /test/conformance
6ed9f79 Bump golang.org/x/net from 0.9.0 to 0.17.0 in /samples/http
6a3393c Bump golang.org/x/net from 0.7.0 to 0.17.0 in /test/benchmark
806ef35 Bump golang.org/x/net from 0.12.0 to 0.17.0 in /samples/kafka
de13f1b Bump golang.org/x/net from 0.12.0 to 0.17.0 in /test/integration
3eefeb1 Governance docs per CE PR 1226
1bcaa28 Update links to cloudevents spec
6aa2742 context.Done() may never reach if waiting on r.incoming <- msgErr
4bcddda move it to write message
d06aea7 clean the the previous properties
0cc4fba Bump actions/checkout from 3 to 4
f1c0d0a change denpendency sarama from Shopify to IBM
f84be73 Updated based on feedback
310da90 Support ACK when receiving malformed events
808bf38 provide the qos and retain configuration for mqtt protocol
e085f1a correct the doc links
766b88e remove the usage of deprecated io/ioutil package
e15d03d add assertion helper for extension keys (#​920)
c1482af append mqtt to the doc of protocol binding (#​919)
ff22db5 Bump andstor/file-existence-action from 1 to 2 (#​917)
bf156f1 call finish on unused messages; tidy retry logic
fdcb2d2 mqtt protocol binding (#​910)
f681ac6 Bump grpc dependencies and workflow versions (#​914)
c684ae9 vote to add embano1 as a maintainer
50b18a0 Bump golang.org/x/crypto in /samples/http (#​902)
5232986 http: Fixes for Gin http receiver sample (#​905)
9970acc Added a Gin http receiver sample (#​842)
b7a65db add kafka topic/partition/offset to the extension of event (#​896)
bc9170f Short-circuit AND expressions (#​899)
eae656f Bump nokogiri from 1.14.2 to 1.14.3 in /docs (#​891)
ff0a142 fix: Fixing syntax errors and add some test feedback (#​892)
55e5dba Update RELEASING to be more explicit

v2.14.0

Compare Source

What's Changed

New Contributors

Full Changelog: cloudevents/sdk-go@v2.13.0...v2.14.0

v2.13.0

Compare Source

What's Changed

New Contributors

Full Changelog: cloudevents/sdk-go@v2.12.0...v2.13.0

v2.12.0

Compare Source

What's Changed

New Contributors

Full Changelog: cloudevents/sdk-go@v2.11.0...v2.12.0

v2.11.0: Release 2.11.0

Compare Source

What's Changed

New Contributors

Full Changelog: cloudevents/sdk-go@v2.10.0...v2.11.0

gofiber/fiber (github.com/gofiber/fiber/v2)

v2.52.5

Compare Source

👮 Security
Middleware/session: Session Middleware Token Injection Vulnerability - GHSA-98j2-3j3p-fw2v

https://docs.gofiber.io/api/middleware/session

🧹 Updates
  • Middleware/session: Remove extra release and aquire ctx calls in session_test.go (#​3043)
🐛 Bug Fixes
  • Middleware/monitor: middleware reporting of CPU usage (#​2984)
  • Middleware/session: mutex for thread safety (#​3050)
📚 Documentation
  • Improve ctx.Locals method description and example (#​3030)
  • Improve ctx.Locals method documentation (#​3033)
  • Update README_id.md (#​3045)

Full Changelog: gofiber/fiber@v2.52.4...v2.52.5

Thank you @​nyufeng, @​PaulTitto and @​sixcolors for making this update possible.

v2.52.4

Compare Source

🐛 Fixes

Full Changelog: gofiber/fiber@v2.52.3...v2.52.4

v2.52.3

Compare Source

🐛 Fixes

Full Changelog: gofiber/fiber@v2.52.2...v2.52.3

v2.52.2

Compare Source

🐛 Fixes

Full Changelog: gofiber/fiber@v2.52.1...v2.52.2

v2.52.1

Compare Source

👮 Security

Middleware/cors: Insecure CORS Configuration Allowing Wildcard Origin with Credentials - GHSA-fmg4-x8pw-hjhg

https://docs.gofiber.io/api/middleware/cors

🐛 Fixes

  • Middleware/healthcheck: Not working with route group(#​2863)

📚 Documentation

  • Fix default value to false in docs of QueryBool (#​2811)
  • Fix code snippet indentation in /docs/api/middleware/keyauth.md (#​2867)

Full Changelog: gofiber/fiber@v2.52.0...v2.52.1

Thank you @​luk3skyw4lker, @​CAEL0, @​grivera64, @​gaby and @​sixcolors for making this update possible.

v2.52.0

Compare Source

🚀 New

// Direct usage with default config
app.Use(healthcheck.New())

// Or extend your config for customization
app.Use(healthcheck.New(healthcheck.Config{
    LivenessEndpoint: "/live",
    LivenessProbe: func(c *fiber.Ctx) bool {
        return true
    },
    ReadinessEndpoint: "/ready",
    ReadinessProbe: func(c *fiber.Ctx) bool {
        return serviceA.Ready() && serviceB.Ready() && ...
    },
}))

🧹 Updates

  • Middlewares: don't constrain middlewares context-keys to strings (#​2751)
  • Middleware/logger: colorize logger error message #​2593 (#​2773)
  • Middleware/logger: changing default log output (#​2730)
  • Middleware/logger: log client IP address by default (#​2755)
  • Middleware/encryptcookie: update default config (#​2753)
  • Improve benchmarks for getOffer (#​2739)

🛠️ Maintenance

  • Bump github/codeql-action from 2 to 3 (#​2763)
  • Bump github.com/google/uuid from 1.4.0 to 1.5.0 (#​2762)
  • Bump actions/setup-go from 4 to 5 (#​2754)
  • Bump golang.org/x/sys from 0.14.0 to 0.15.0 (#​2744)
  • Bump github.com/valyala/fasthttp from 1.50.0 to 1.51.0 (#​2721)

🐛 Fixes

  • Middleware/redirect : fix for redirect with query params (#​2748)
  • Middleware/adaptor: Adaptor + otelfiber issue #​2641 (#​2772)
  • Middleware/cors: Should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#​2771)
  • Middleware/session: Race in session middleware tests (#​2740)
  • Middleware/csrf: Fix failing CSRF tests (#​2720)
  • Fix race condition in parallel tests (#​2734)
  • utils.IsIPv4 and net.ParseIP have inconsistent results #​2735 (#​2736)

📚 Documentation

Full Changelog: gofiber/fiber@v2.51.0...v2.52.0

Thank you @​MehmetFiratKomurcu, @​benjajaja, @​brunodmartins, @​gilwo, @​iredmail, @​itswcg, @​luk3skyw4lker, @​muhammadkholidb, @​nickajacks1, @​sixcolors and @​tokelo-12 for making this update possible.

v2.51.0

Compare Source

🚀 New

// Consideration of parameters in the accepted headers
// Accept: text/plain, application/json; version=1; foo=bar

app.Get("/", func(c *fiber.Ctx) error {
  // Extra parameters in the accept are ignored
  c.Accepts("text/plain;format=flowed") // "text/plain;format=flowed"

  // An offer must contain all parameters present in the Accept type
  c.Accepts("application/json") // ""

  // Parameter order and capitalization does not matter. Quotes on values are stripped.
  c.Accepts(`application/json;foo="bar";VERSION=1`) // "application/json;foo="bar";VERSION=1"
})
// Passing a custom json type
ctx.JSON(fiber.Map{
    "type": "https://example.com/probs/out-of-credit",
    "title": "You do not have enough credit.",
    "status": 403,
    "detail": "Your current balance is 30, but that costs 50.",
    "instance": "/account/12345/msgs/abc",
  }, fiber.)

🧹 Updates

  • Ctx.Range: reduce allocations (#​2705)
  • Middleware/pprof: improve performance (#​2709)

🛠️ Maintenance

  • Bump golang.org/x/sys from 0.13.0 to 0.14.0 (#​2707)
  • Bump github.com/google/uuid from 1.3.1 to 1.4.0 (#​2693)
  • Bump actions/setup-node from 3 to 4 (#​2690)
  • Bump github.com/mattn/go-isatty from 0.0.19 to 0.0.20 (#​2679)

🐛 Fixes

  • Middleware/limiter: fix intermittent failures (#​2716)
  • Naming of routes works wrong after mount #​2688 (#​2689)
  • Fix method validation on route naming (#​2686)

📚 Documentation

  • Changed "Twitter" to "X (Twitter)" in README.md Contribute Section (#​2696)
  • Add additional information as to why GetReqHeaders returns a map where the values are slices of strings (#​2698)
  • Enhance csrf.md (#​2692)

Full Changelog: gofiber/fiber@v2.50.0...v2.51.0

Thank you @​BandhiyaHardik, @​database64128, @​efectn, @​moritz157, @​nickajacks1, @​rhburt and @​sixcolors for making this update possible.

v2.50.0

Compare Source

❗ Breaking Changes

  • Change signatures of GetReqHeaders and GetRespHeaders (#​2650)

To allow single and list values under headers according to the rfc standard

- func (c *Ctx) GetReqHeaders() map[string]string
+ func (c *Ctx) GetReqHeaders() map[string][]string
- func (c *Ctx) GetRespHeaders() map[string]string
+ func (c *Ctx) GetRespHeaders() map[string][]string

👮 Security

Middleware/csrf: Token Vulnerability (GHSA-mv73-f69x-444p, GHSA-94w9-97p3-p368)

https://docs.gofiber.io/api/middleware/csrf

🚀 Improvements to the CSRF middleware:

  • Added support for single-use tokens through the SingleUseToken configuration option.
  • Optional integration with GoFiber session middleware through the Session and SessionKey configuration options.
  • Introduction of origin checks for HTTPS connections to verify referer headers.
  • Implementation of a Double Submit Cookie approach for CSRF token generation and validation when used without Session.
  • Enhancement of error handling with more descriptive error messages.
  • The documentation for the CSRF middleware has been enhanced with the addition of the new options and best practices to improve security.

Thank you @​sixcolors

🚀 New

// Field names should start with an uppercase letter
type Person struct {
    Name     string  `cookie:"name"`
    Age      int     `cookie:"age"`
    Job      bool    `cookie:"job"`
}
// Example route
app.Get("/", func(c *fiber.Ctx) error {
    p := new(Person)
    // This method is similar to BodyParser, but for cookie parameters
    if err := c.CookieParser(p); err != nil {
        return err
    }
    
    log.Println(p.Name)     // Joseph
    log.Println(p.Age)      // 23
    log.Println(p.Job)      // true
})
// To disable caching completely, pass MaxAge value negative. It will set the Access-Control-Max-Age header 0.
app.Use(cors.New(cors.Config{MaxAge: -1})) 
// Provide more flexibility in session management, especially in scenarios like repeated user logins
func (s *Session) Reset() error

Example usage:

// Initialize default config
// This stores all of your app's sessions
store := session.New()

app.Post("/login", func(c *fiber.Ctx) error {
    // Get session from storage
    sess, err := store.Get(c)
    if err != nil {
        panic(err)
    }
    
    // ... validate login ...
    
    // Check if the session is fresh
    if !sess.Fresh() {
        // If the session is not fresh, reset it
        if err := sess.Reset(); err != nil {
            panic(err)
        }
    }
    // Set new session data
    sess.Set("user_id", user.ID)
    // Save session
    if err := sess.Save(); err != nil {
        panic(err)
    }

    return c.SendString(fmt.Sprintf("Welcome %v", user.ID))
})
// Provide more control over individual session management, especially in scenarios 
// like administrator-enforced user logout or user-initiated logout from a specific device session
func (s *Store) Delete(id string) error

Example usage:

app.Post("/admin/session/:id/logout", func(c *fiber.Ctx) error {
    // Get session id from request
    sessionID := c.Params("id")

    // Delete the session
    if err := store.Delete(sessionID); err != nil {
        return c.Status(500).SendString(err.Error())
    }

    return c.SendString("Logout successful")
})

🧹 Updates

  • Middleware/filesystem: Improve status for SendFile (#​2664)
  • Middleware/filesystem: Set response code (#​2632)
  • Refactor Ctx.Method func to improve code readability (#​2647)

🛠️ Maintenance

  • Fix loop variable captured by func literal (#​2660)
  • Run gofumpt and goimports (#​2662)
  • Use utils.AssertEqual instead of t.Fatal on some tests (#​2653)
  • Apply go fix ./... with latest version of go in repository (#​2661)
  • Bump github.com/valyala/fasthttp from 1.49.0 to 1.50.0 (#​2634)
  • Bump golang.org/x/sys from 0.12.0 to 0.13.0 (#​2665)

🐛 Fixes

  • Path checking on route naming (#​2676)
  • Incorrect log depth when use log.WithContext (#​2666)
  • Jsonp ignoring custom json encoder (#​2658)
  • PassLocalsToView when bind parameter is nil (#​2651)
  • Parse ips return invalid in abnormal case (#​2642)
  • Bug parse custom header (#​2638)
  • Middleware/adaptor: Reduce memory usage by replacing io.ReadAll() with io.Copy() (#​2637)
  • Middleware/idempotency: Nil pointer dereference issue on idempotency middleware (#​2668)

📚 Documentation

  • Incorrect status code source (#​2667)
  • Middleware/requestid: Typo in requestid.md (#​2675)
  • Middleware/cors: Update docs to better explain AllowOriginsFunc (#​2652)

Full Changelog: gofiber/fiber@v2.49.2...v2.50.0

Thank you @​KaptinLin, @​Skyenought, @​cuipeiyu, @​dairlair, @​efectn, @​gaby, @​geerew, @​huykn, @​jimmyl02, @​joey1123455, @​joshlarsen, @​jscappini, @​peczenyj and @​sixcolors for making this update possible.

v2.49.2

Compare Source

🧹 Updates

  • Middleware/logger: Enabling color changes padding for some fields #​2604 (#​2616)
  • Bump actions/checkout from 3 to 4 (#​2618)
  • Bump golang.org/x/sys from 0.11.0 to 0.12.0 (#​2617)

🐛 Fixes

📚 Documentation

  • Replaced double quotes with backticks in all route parameter strings (#​2591)

Full Changelog: gofiber/fiber@v2.49.1...v2.49.2

Thank you @​11-aryan and @​AKARSHITJOSHI for making this update possible.

v2.49.1

Compare Source

🧹 Updates

  • Bump github.com/valyala/fasthttp from 1.48.0 to 1.49.0 (#​2615)

🐛 Fixes

  • Rollback changes to go.mod file (#​2614)

📚 Documentation

  • Add Polish translation - README_pl.md (#​2613)
  • Update README_ko.md (#​2605)

Full Changelog: gofiber/fiber@v2.49.0...v2.49.1

Thank you @​KompocikDot, @​LimJiAn and @​gaby for making this update possible.

v2.49.0

Compare Source

❗ Breaking Changes

EnableSplittingOnParsers splits the query/body/header parameters by comma when it's true (default: false).

For example, you can use it to parse multiple values from a query parameter like this:
/api?foo=bar,baz == foo[]=bar&foo[]=baz

🚀 New

This allows the user to use //go:embed flags to load favicon data during build-time, and supply it to the middleware instead of reading the file every time the application starts.

🧹 Updates

  • Middleware/logger: Latency match gin-gonic/gin formatter (#​2569)
  • Middleware/filesystem: Refactor: use errors.Is instead of os.IsNotExist (#​2558)
  • Use Global vars instead of local vars for isLocalHost (#​2595)
  • Remove redundant nil check (#​2584)
  • Bump github.com/mattn/go-runewidth from 0.0.14 to 0.0.15 (#​2551)
  • Bump github.com/google/uuid from 1.3.0 to 1.3.1 (#​2592)
  • Bump golang.org/x/sys from 0.10.0 to 0.11.0 (#​2563)
  • Add go 1.21 to ci and readmes (#​2588)

🐛 Fixes

  • Middleware/logger: Default latency output format (#​2580)
  • Decompress request body when multi Content-Encoding sent on request headers (#​2555)

📚 Documentation

  • Fix wrong JSON docs (#​2554)
  • Update io/ioutil package to io package (#​2589)
  • Replace EG flag with the proper and smaller SVG (#​2585)
  • Added Egyptian Arabic readme file ([#​2565](https://togit

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the type: dependencies Represents an automated change to the dependencies label Aug 2, 2022
@github-actions github-actions bot added the type: bug Represents a bug that has been fixed label Aug 2, 2022
@renovate renovate bot changed the title fix(deps): update module github.com/gofiber/fiber/v2 to v2.36.0 fix(deps): update all dependencies Aug 2, 2022
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from c1a8b2f to 1f1ab66 Compare August 12, 2022 17:51
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 18c1bbc to 0fb523d Compare August 30, 2022 20:22
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 7d553c7 to 8adf3b7 Compare September 26, 2022 15:36
@renovate renovate bot changed the title fix(deps): update all dependencies chore(deps): update all dependencies Nov 20, 2022
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 0282ac6 to 41b7a6f Compare August 27, 2023 12:38
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 86209c7 to ae8001f Compare September 4, 2023 13:19
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from df33ccf to 7d70302 Compare September 14, 2023 21:11
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 2c355f5 to 7ffd078 Compare January 23, 2024 22:04
@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from 8fa17f3 to bf40b80 Compare February 21, 2024 21:29
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from d196c34 to c28f6f7 Compare March 6, 2024 19:58
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from bc4f060 to 942f606 Compare March 27, 2024 07:06
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jun 30, 2024

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 8 additional dependencies were updated

Details:

Package Change
github.com/andybalholm/brotli v1.0.4 -> v1.0.5
github.com/klauspost/compress v1.15.6 -> v1.17.0
github.com/valyala/fasthttp v1.38.0 -> v1.51.0
go.uber.org/multierr v1.8.0 -> v1.10.0
golang.org/x/net v0.0.0-20220615171555-694bf12d69de -> v0.17.0
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 -> v0.15.0
golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 -> v0.13.0
golang.org/x/text v0.3.7 -> v0.13.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type: bug Represents a bug that has been fixed type: dependencies Represents an automated change to the dependencies
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants