Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update golang.org/x/* deps #2625

Merged
merged 1 commit into from
Apr 15, 2024
Merged

Update golang.org/x/* deps #2625

merged 1 commit into from
Apr 15, 2024

Conversation

aldas
Copy link
Contributor

@aldas aldas commented Apr 15, 2024

golang.org/x/net needs to be updated

Vulnerability #1: GO-2024-2687
HTTP/2 CONTINUATION flood in net/http
More info: https://pkg.go.dev/vuln/GO-2024-2687
Module: golang.org/x/net
Found in: golang.org/x/net@v0.22.0
Fixed in: golang.org/x/net@v0.23.0
Example traces found:

@aldas aldas merged commit 3062025 into labstack:master Apr 15, 2024
14 checks passed
@aldas aldas deleted the update_deps2 branch April 15, 2024 17:45
nono referenced this pull request in cozy/cozy-stack Apr 22, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [github.com/labstack/echo/v4](https://togithub.com/labstack/echo) |
`v4.11.4` -> `v4.12.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2flabstack%2fecho%2fv4/v4.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2flabstack%2fecho%2fv4/v4.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2flabstack%2fecho%2fv4/v4.11.4/v4.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2flabstack%2fecho%2fv4/v4.11.4/v4.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>labstack/echo (github.com/labstack/echo/v4)</summary>

###
[`v4.12.0`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4120---2024-04-15)

[Compare
Source](https://togithub.com/labstack/echo/compare/v4.11.4...v4.12.0)

**Security**

- Update golang.org/x/net dep because of
[GO-2024-2687](https://pkg.go.dev/vuln/GO-2024-2687) by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2625](https://togithub.com/labstack/echo/pull/2625)

**Enhancements**

- binder: make binding to Map work better with string destinations by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2554](https://togithub.com/labstack/echo/pull/2554)
- README.md: add Encore as sponsor by
[@&#8203;marcuskohlberg](https://togithub.com/marcuskohlberg) in
[https://github.com/labstack/echo/pull/2579](https://togithub.com/labstack/echo/pull/2579)
- Reorder paragraphs in README.md by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2581](https://togithub.com/labstack/echo/pull/2581)
- CI: upgrade actions/checkout to v4 by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2584](https://togithub.com/labstack/echo/pull/2584)
- Remove default charset from 'application/json' Content-Type header by
[@&#8203;doortts](https://togithub.com/doortts) in
[https://github.com/labstack/echo/pull/2568](https://togithub.com/labstack/echo/pull/2568)
- CI: Use Go 1.22 by [@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2588](https://togithub.com/labstack/echo/pull/2588)
- binder: allow binding to a nil map by
[@&#8203;georgmu](https://togithub.com/georgmu) in
[https://github.com/labstack/echo/pull/2574](https://togithub.com/labstack/echo/pull/2574)
- Add Skipper Unit Test In BasicBasicAuthConfig and Add More Detail
Explanation regarding BasicAuthValidator by
[@&#8203;RyoKusnadi](https://togithub.com/RyoKusnadi) in
[https://github.com/labstack/echo/pull/2461](https://togithub.com/labstack/echo/pull/2461)
- fix some typos by
[@&#8203;teslaedison](https://togithub.com/teslaedison) in
[https://github.com/labstack/echo/pull/2603](https://togithub.com/labstack/echo/pull/2603)
- fix: some typos by [@&#8203;pomadev](https://togithub.com/pomadev) in
[https://github.com/labstack/echo/pull/2596](https://togithub.com/labstack/echo/pull/2596)
- Allow ResponseWriters to unwrap writers when flushing/hijacking by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2595](https://togithub.com/labstack/echo/pull/2595)
- Add SPDX licence comments to files. by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2604](https://togithub.com/labstack/echo/pull/2604)
- Upgrade deps by [@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2605](https://togithub.com/labstack/echo/pull/2605)
- Change type definition blocks to single declarations. This helps copy…
by [@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2606](https://togithub.com/labstack/echo/pull/2606)
- Fix Real IP logic by [@&#8203;cl-bvl](https://togithub.com/cl-bvl) in
[https://github.com/labstack/echo/pull/2550](https://togithub.com/labstack/echo/pull/2550)
- Default binder can use `UnmarshalParams(params []string) error` inter…
by [@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2607](https://togithub.com/labstack/echo/pull/2607)
- Default binder can bind pointer to slice as struct field. For example
`*[]string` by [@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2608](https://togithub.com/labstack/echo/pull/2608)
- Remove maxparam dependence from Context by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2611](https://togithub.com/labstack/echo/pull/2611)
- When route is registered with empty path it is normalized to `/`. by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2616](https://togithub.com/labstack/echo/pull/2616)
- proxy middleware should use httputil.ReverseProxy for SSE requests by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2624](https://togithub.com/labstack/echo/pull/2624)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on Monday" in timezone
Europe/Paris, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/cozy/cozy-stack).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjMxMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->
github-merge-queue bot referenced this pull request in infratographer/x Aug 8, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [github.com/labstack/echo/v4](https://togithub.com/labstack/echo) |
`v4.11.4` -> `v4.12.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2flabstack%2fecho%2fv4/v4.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2flabstack%2fecho%2fv4/v4.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2flabstack%2fecho%2fv4/v4.11.4/v4.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2flabstack%2fecho%2fv4/v4.11.4/v4.12.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>labstack/echo (github.com/labstack/echo/v4)</summary>

###
[`v4.12.0`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4120---2024-04-15)

[Compare
Source](https://togithub.com/labstack/echo/compare/v4.11.4...v4.12.0)

**Security**

- Update golang.org/x/net dep because of
[GO-2024-2687](https://pkg.go.dev/vuln/GO-2024-2687) by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2625](https://togithub.com/labstack/echo/pull/2625)

**Enhancements**

- binder: make binding to Map work better with string destinations by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2554](https://togithub.com/labstack/echo/pull/2554)
- README.md: add Encore as sponsor by
[@&#8203;marcuskohlberg](https://togithub.com/marcuskohlberg) in
[https://github.com/labstack/echo/pull/2579](https://togithub.com/labstack/echo/pull/2579)
- Reorder paragraphs in README.md by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2581](https://togithub.com/labstack/echo/pull/2581)
- CI: upgrade actions/checkout to v4 by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2584](https://togithub.com/labstack/echo/pull/2584)
- Remove default charset from 'application/json' Content-Type header by
[@&#8203;doortts](https://togithub.com/doortts) in
[https://github.com/labstack/echo/pull/2568](https://togithub.com/labstack/echo/pull/2568)
- CI: Use Go 1.22 by [@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2588](https://togithub.com/labstack/echo/pull/2588)
- binder: allow binding to a nil map by
[@&#8203;georgmu](https://togithub.com/georgmu) in
[https://github.com/labstack/echo/pull/2574](https://togithub.com/labstack/echo/pull/2574)
- Add Skipper Unit Test In BasicBasicAuthConfig and Add More Detail
Explanation regarding BasicAuthValidator by
[@&#8203;RyoKusnadi](https://togithub.com/RyoKusnadi) in
[https://github.com/labstack/echo/pull/2461](https://togithub.com/labstack/echo/pull/2461)
- fix some typos by
[@&#8203;teslaedison](https://togithub.com/teslaedison) in
[https://github.com/labstack/echo/pull/2603](https://togithub.com/labstack/echo/pull/2603)
- fix: some typos by [@&#8203;pomadev](https://togithub.com/pomadev) in
[https://github.com/labstack/echo/pull/2596](https://togithub.com/labstack/echo/pull/2596)
- Allow ResponseWriters to unwrap writers when flushing/hijacking by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2595](https://togithub.com/labstack/echo/pull/2595)
- Add SPDX licence comments to files. by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2604](https://togithub.com/labstack/echo/pull/2604)
- Upgrade deps by [@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2605](https://togithub.com/labstack/echo/pull/2605)
- Change type definition blocks to single declarations. This helps copy…
by [@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2606](https://togithub.com/labstack/echo/pull/2606)
- Fix Real IP logic by [@&#8203;cl-bvl](https://togithub.com/cl-bvl) in
[https://github.com/labstack/echo/pull/2550](https://togithub.com/labstack/echo/pull/2550)
- Default binder can use `UnmarshalParams(params []string) error` inter…
by [@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2607](https://togithub.com/labstack/echo/pull/2607)
- Default binder can bind pointer to slice as struct field. For example
`*[]string` by [@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2608](https://togithub.com/labstack/echo/pull/2608)
- Remove maxparam dependence from Context by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2611](https://togithub.com/labstack/echo/pull/2611)
- When route is registered with empty path it is normalized to `/`. by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2616](https://togithub.com/labstack/echo/pull/2616)
- proxy middleware should use httputil.ReverseProxy for SSE requests by
[@&#8203;aldas](https://togithub.com/aldas) in
[https://github.com/labstack/echo/pull/2624](https://togithub.com/labstack/echo/pull/2624)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job log](https://developer.mend.io/github/infratographer/x).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

---------

Signed-off-by: Mike Mason <mimason@equinix.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Mike Mason <mimason@equinix.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant