fix(deps): update module github.com/gin-contrib/cors to v1.6.0 [security] #6708
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
ℹ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
renovate
bot
force-pushed
the
renovate/go-github.com/gin-contrib/cors-vulnerability
branch
from
5aebb12
to
c47747b
Compare
xhofe
approved these changes
Jul 13, 2024
renovate
bot
deleted the
renovate/go-github.com/gin-contrib/cors-vulnerability
branch
ForSourceCodeAnalysis
pushed a commit
to ForSourceCodeAnalysis/alist
that referenced
this pull request
Aug 4, 2024
…ity] (AlistGo#6708) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Three-taile-dragon
pushed a commit
to loognsss/blist
that referenced
this pull request
Sep 26, 2024
…ity] (AlistGo#6708) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.5.0->v1.6.0GitHub Vulnerability Alerts
CVE-2019-25211
parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.
Release Notes
gin-contrib/cors (github.com/gin-contrib/cors)
v1.6.0Compare Source
Changelog
Features
eac6c48feat(schema): allow usage of custom schemas (#139)Bug fixes
27b723afixe(domain): wildcard parse bug (#106 and #57) @maxshine and @HvitgarEnhancements
f41df75chore: update GitHub actions to latest versions2451987chore: update dependencies to latest versions7d356c2chore: update dependencies to latest versions5da0aeechore: update third-party dependencies8263fcechore: update version of actions/setup-go in GitHub workflowsOthers
fcbd06fci: enhance testing matrix and tolerance limitsf08c1bcci: refactor CI workflows and improve tests30792dcci: refactor GitHub Actions workflows0e993b7ci: update GitHub Actions to Version 390a7c66test(cors): enhance CORS wildcard handling tests (#145)85bf9fbtest: improve CORS wildcard handling and testing (#144)d5002f2test: refactor tests and update CI configurationsConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.