Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

yaml.v3 security patch #1664

Merged
merged 1 commit into from
Aug 30, 2023
Merged

yaml.v3 security patch #1664

merged 1 commit into from
Aug 30, 2023

Conversation

ubogdan
Copy link
Contributor

@ubogdan ubogdan commented Aug 30, 2023

Describe the PR
security update for gopkg.in/yaml.v3

Relation issue
#1663

Additional context
Add any other context about the problem here.

@ubogdan ubogdan merged commit e9d0aa5 into master Aug 30, 2023
9 checks passed
@ubogdan ubogdan deleted the security-patch branch August 30, 2023 15:40
ubogdan added a commit that referenced this pull request Oct 19, 2024
* Update README_zh-CN.md (#1545)

remove repeat net/http

* Add option to set template delimiters (#1499)

* Add template action delimiter cli flag

* Add delims to generator config and template

Also adds tests using the "quote" test as a base. This has to have a
custom Instance name or it will clash with the "quotes" one and panic
since it will have registered two "swagger" instances in the package
test.

* Add testdata for custom delim flags

Based on the "quote" testdata.

* Add delims to the spec, with tests.

Make sure we don't add delims if they are empty. This shouldn't be
possible, but might as well be safe.

* Go mod tidy and sum update

* Make the CLI experience a bit cleaner

* Revert go.mod and sum

* Update readme

* fix bug: enums of explicit type conversion (#1556)

Signed-off-by: sdghchj <sdghchj@qq.com>

* add retract to fix proxy cache caused by accidentally pushed tags (#1562)

* add retract caused by accidentally pushed tags

* update version to match new tag version

---------

Co-authored-by: Tobias Theel <tt@fino.digital>

* docs: doc to pt Add option to set template delims. (#1563)

* fix: lint error for generated docs.go (#1583)

Co-authored-by: wanglonghui7 <wanglonghui7@jd.com>

* fix bug: enums of underscored number (#1581)

Signed-off-by: sdghchj <sdghchj@qq.com>

* fix using tab (\t) as separator for custom type names (#1594)

* chore(deps): bump github.com/gin-gonic/gin (#1598)

Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.7.7 to 1.9.1.
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.7.7...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/gin-gonic/gin in /example/celler (#1599)

Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.7.7 to 1.9.1.
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.7.7...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/gin-gonic/gin in /example/go-module-support (#1600)

Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.7.7 to 1.9.1.
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](gin-gonic/gin@v1.7.7...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix required params parsing for routes with multiple paths and multiple params (#1621)

* fix required params parsing for routes with multiple paths and multiple params

* fix incorrect variable declaration of validParams

* parser: if all tags negate return true on no hits (#1624)

* parser: if all tags negate return true on no hits

* fix: enums in body got parse incorrectly (#1625)

* parse binary literal const (#1593)

* support binary const

Signed-off-by: sdghchj <sdghchj@qq.com>

* add test

Signed-off-by: sdghchj <sdghchj@qq.com>

---------

Signed-off-by: sdghchj <sdghchj@qq.com>

* feat: global security (#1620)

* global security

* improve test

* add cli flag --pdl to determine whether parse operations in dependency (#1605)

* change cli flag to parse operations in dependency

Signed-off-by: sdghchj <sdghchj@qq.com>

* change cli flag to parse operations in dependency

Signed-off-by: sdghchj <sdghchj@qq.com>

* add cli flag --pdl to determine whether parse operations in dependency

Signed-off-by: sdghchj <sdghchj@qq.com>

* add cli flag --pdl to determine whether parse operations in dependency

Signed-off-by: sdghchj <sdghchj@qq.com>

* add cli flag --pdl to determine whether parse operations in dependency

Signed-off-by: sdghchj <sdghchj@qq.com>

---------

Signed-off-by: sdghchj <sdghchj@qq.com>

* feat: add --packagePrefix=P for only parse packages matched by prefix P (#1582)

* enchancement: report which property is triggering a parsing error (#1439)

* add byte check before and after file is formatted (#1637)

* feat: preserve file permission when write formatted files (#1636)

test: add a test case to validate permission equal

* docs(readme): fix param brace (#1647)

* chore(deps): bump gopkg.in/yaml.v3 (#1663)

Bumps gopkg.in/yaml.v3 from 3.0.0-20200615113413-eeeca48fe776 to 3.0.0.

---
updated-dependencies:
- dependency-name: gopkg.in/yaml.v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* yaml.v3 security patch (#1664)

* test: remove redundant `filepath.Clean` call (#1675)

* chore(deps): bump golang.org/x/net from 0.8.0 to 0.17.0 (#1686)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.17.0.
- [Commits](golang/net@v0.8.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/net in /example/markdown (#1685)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.7.0 to 0.17.0.
- [Commits](golang/net@v0.7.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* When the return value defined by the @success tag is equal to a null value, make fixes to prevent a null pointer exception occurs (#1667)

* chore(deps): bump golang.org/x/net in /example/go-module-support (#1682)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](golang/net@v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/net in /example/object-map-example (#1684)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](golang/net@v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/net in /example/celler (#1683)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0.
- [Commits](golang/net@v0.10.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* docs: add PT and EN examples for Go generic types (#1697)

* Update README.md (#1698)

Adding instructions to finish the steps in `Getting started` section before `How to use it with Gin`
It is easy for anybody to miss out that section which causes unwanted failures in the Swagger UI

* update gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 to 3.0.0 (#1640)

* improve docker container usage (#1704)

* Update Go build version for Docker container

* Explicitly specify copy target

* Set ENTRYPOINT

* Move binary to /bin

* Add docker usage instructions to the README

* Set /code as the default WORKDIR

---------

Co-authored-by: Norman Gehrsitz <git@gehrsitz.eu>

* fix issue #1662: find definitions from external packages first (#1666)

Signed-off-by: sdghchj <sdghchj@qq.com>

* Drop support for go v1.17.x (#1723)

* Drop support for go v1.17.x 

Signed-off-by: sdghchj <sdghchj@qq.com>

* Add flag state #1628 (#1629)

* add state flag

* fix deps (#1724)

Signed-off-by: sdghchj <sdghchj@qq.com>

* chore(deps): bump golang.org/x/crypto in /example/celler (#1727)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](golang/crypto@v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/crypto in /example/go-module-support (#1726)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](golang/crypto@v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/crypto in /example/object-map-example (#1725)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](golang/crypto@v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* deprecate some parts of routers in an operation (#1735)

Signed-off-by: sdghchj <sdghchj@qq.com>

* bug: array form filed name should not contains bracket which led to invalid fieldname in ts codegen (#1706)

* Struct fields supported for header and path param types (#1740)

* Support object data types for header params

Add initial struct test for header names and validation.

* Add form and query struct test for operations

* Operation param add path struct model support and tests

wip: fix merge

* fix #1742 (#1744)

* fix #1742

Signed-off-by: sdghchj <sdghchj@qq.com>

* Feat: Support generic with map params (#1746)

* support generic with map params

Signed-off-by: sdghchj <sdghchj@qq.com>

* Update version.go (#1751)

* Update operation.go (#1753)

getUnderlyingSchema can return nil, so it has to be checked here otherwise the code is exposed to invalid memory address or nil pointer dereference

* fix: remove dropped tags from general infos (#1764)

* fix: remove unneeded tags from general infos
Signed-off-by: sdghchj <sdghchj@qq.com>

* Update docker go build version to 1.21 (#1758)

* add support for "title" tag (#1762)

feat: add support for "title" tag in structField struct to allow specifying a custom field title

* chore: fix some typos in comments (#1788)

Signed-off-by: camcui <cuishua@sina.cn>

* bump go version (#1797)

* bump go version
* cleanup pipeline

* chore(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 (#1793)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](golang/net@v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/net in /example/markdown (#1792)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](golang/net@v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/net in /example/celler (#1794)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](golang/net@v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/net in /example/go-module-support (#1795)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](golang/net@v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/net in /example/object-map-example (#1796)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](golang/net@v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Handle case of empty GOROOT (#1798)

In some situations, such as when using the go-swag Nix package, runtime.GOROOT() will be empty, and RangeFiles will skip all source paths since technically, all paths are prefixed with the empty string.

See also NixOS/nixpkgs#224701

May resolve some cases of #1622.

* Added multiline support for @description attribute for securityDefinitions (#1786)

* Feat: multi-arch docker image (#1756)

* Feat: multi-arch docker image

- adapt Dockerfile to support cross-compilation depending on TARGETARCH and TARGETOS variables see https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/
- set target platforms for docker/build-push-action

* Support running on forks

* Fix ARG format

* Fix docker digest step

* Restrict permissions

* Update action versions

* Set $TARGETPLATFORM explicitly

docker/build-push-action#820 (comment)

---------

Co-authored-by: Norman Gehrsitz <45375059+ngehrsitz@users.noreply.github.com>

* chore(deps): bump google.golang.org/protobuf (#1773)

Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump google.golang.org/protobuf (#1774)

Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump google.golang.org/protobuf in /example/celler (#1775)

Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix issue: #1780: filter $GOROOT path (#1827)

Signed-off-by: song <tinysong1226@gmail.com>

* feat: read from stdin, write to stdout (#1831) (#1832)

Co-authored-by: Bruno Bonatto <bruno.bonatto@simfrete.com.br>

* Added suport for parsing comments inside of function bodies (#1824)

Added suport for parsing comments inside of function bodies

---------

Co-authored-by: Jonas Ha <jonas-ha@outlook.com>

* adds support for complex types with function scope (#1813)

* [Issue 1812] fix misalignment in expected.json and api.go messing with parser_test (#1836)

* Fixes Issue 1829 (#1830)

* fix: fixes a bug that could select wrong tag description markdown file

* fixes parser to be able to parse file names with and without ext

* Fix global overrides for any/interface ref types (#1835)

When overriding with any or interface{}, the code should prefer the "any" (empty) schema instead, not the object schema since that's different e.g.

* adds support for pointer function scoped fields (#1841)

* fix parse nested structs and aliases (#1866)

Co-authored-by: ma.mikhaylov <ma.mikhaylov@tinkoff.ru>

* Fix generics used with function scoped types (#1883)

* Fix param comment escaping issue (#1890)

This commit fixes a param comment issue where a "\n" gets escaped so it would not be applied to the output swagger file.

* support markdown description for declaration (#1893)

* feat: support markdown description for declaration

* fix: range PackagesDefinitions.uniqueDefinitions cause panic

---------

Co-authored-by: xinbi.nie <xinbi.nie@voidtech.com.cn>

* update README (#1856)

* Update docs for request and response headers (#1825)

* fix:parse all field names declared in a row (#1872)

* fix:parse all fields names declared in a row

* Flags to parse internal and dependency package (#1894)

* fix: failing assert in enums test on 32bit (#1634)

* Feat: Add support for parenthesis in router patterns (#1859)

* chore: Update ci.yml (#1902)

* new release (#1901)

* fix some issues

* fix unit tests

---------

Signed-off-by: sdghchj <sdghchj@qq.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: camcui <cuishua@sina.cn>
Signed-off-by: song <tinysong1226@gmail.com>
Co-authored-by: tzxdtc10 <tzxdtc10@gmail.com>
Co-authored-by: Leo Palmer Sunmo <leosunmo@users.noreply.github.com>
Co-authored-by: sdghchj <sdghchj@qq.com>
Co-authored-by: Nerzal <theel.tobias@gmx.de>
Co-authored-by: Tobias Theel <tt@fino.digital>
Co-authored-by: Paulo Lopes Estevão <66704496+Paulo-Lopes-Estevao@users.noreply.github.com>
Co-authored-by: lowang-bh <lhui_wang@163.com>
Co-authored-by: wanglonghui7 <wanglonghui7@jd.com>
Co-authored-by: Martin W. Kirst <maki@bitkings.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Phenix66 <34311559+Phenix66@users.noreply.github.com>
Co-authored-by: Roy Marples <roy@marples.name>
Co-authored-by: Billy Ho <77315748+hohobilly@users.noreply.github.com>
Co-authored-by: nameoffnv <553619+nameoffnv@users.noreply.github.com>
Co-authored-by: Shengyu Zhang <reg@silverrainz.me>
Co-authored-by: Sakis <sakishrist@gmail.com>
Co-authored-by: Daniel Moncada <daniel.g.moncada@gmail.com>
Co-authored-by: wholesome-ghoul <99685814+wholesome-ghoul@users.noreply.github.com>
Co-authored-by: Shimizu1111 <70021314+Shimizu1111@users.noreply.github.com>
Co-authored-by: Renan Silva <rpedrodasilva10@gmail.com>
Co-authored-by: Saurabh Chatterjee <2438415+saurabhchatterjee23@users.noreply.github.com>
Co-authored-by: caption <101684156+chncaption@users.noreply.github.com>
Co-authored-by: ngehrsitz <45375059+ngehrsitz@users.noreply.github.com>
Co-authored-by: Norman Gehrsitz <git@gehrsitz.eu>
Co-authored-by: Ivan Volkov <volkoffskij@gmail.com>
Co-authored-by: Jinof <1474121785@qq.com>
Co-authored-by: Joe Shaw <joe.r.shaw@gmail.com>
Co-authored-by: Mathieu Chauvet <mathieu.chauvet@gmail.com>
Co-authored-by: Matteo Bassan <44482835+matteobassan@users.noreply.github.com>
Co-authored-by: camcui <166618273+camcui@users.noreply.github.com>
Co-authored-by: Evan Goode <mail@evangoo.de>
Co-authored-by: Vladimir Avchenov <vladimir.lsk.cool@gmail.com>
Co-authored-by: Timo Naroska <tnaroska@yahoo.com>
Co-authored-by: bob <tinysong1226@gmail.com>
Co-authored-by: bfbonatto <bfbonatto@gmail.com>
Co-authored-by: Bruno Bonatto <bruno.bonatto@simfrete.com.br>
Co-authored-by: j-d-ha <61319894+j-d-ha@users.noreply.github.com>
Co-authored-by: Jonas Ha <jonas-ha@outlook.com>
Co-authored-by: Kristoffer Fage Jensen <kristofferfage@gmail.com>
Co-authored-by: Michi H <Kafkalasch@users.noreply.github.com>
Co-authored-by: Ezequiel Rodriguez <ezequiel@users.noreply.github.com>
Co-authored-by: zdon0 <100082302+zdon0@users.noreply.github.com>
Co-authored-by: ma.mikhaylov <ma.mikhaylov@tinkoff.ru>
Co-authored-by: Berk Karaal <karaalberk7@gmail.com>
Co-authored-by: Yuki Omoto <omoto.aijus@gmail.com>
Co-authored-by: nicoxix <13716553+nicoxb@users.noreply.github.com>
Co-authored-by: xinbi.nie <xinbi.nie@voidtech.com.cn>
Co-authored-by: Eike Haller <58111764+eksrha@users.noreply.github.com>
Co-authored-by: Harsh Mittal <harshmittal2210@gmail.com>
Co-authored-by: Leso_KN <info@lesosoftware.com>
Co-authored-by: alifemove <140655906+alifemove@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant