Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update module github.com/gin-gonic/gin to v1.9.1 [security] #240

Merged
merged 1 commit into from
Jun 21, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 1, 2023

Mend Renovate

This PR contains the following updates:

Package Type Update Change
github.com/gin-gonic/gin require patch v1.9.0 -> v1.9.1

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-29401

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat".

If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.


Release Notes

gin-gonic/gin

v1.9.1

Compare Source

BUG FIXES
SECURITY
  • fix lack of escaping of filename in Content-Disposition #​3556
ENHANCEMENTS
  • refactor: use bytes.ReplaceAll directly #​3455
  • convert strings and slices using the officially recommended way #​3344
  • improve render code coverage #​3525
DOCS
  • docs: changed documentation link for trusted proxies #​3575
  • chore: improve linting, testing, and GitHub Actions setup #​3583

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner June 1, 2023 20:32
@renovate renovate bot added the dependencies Indicates a change to dependencies label Jun 1, 2023
@codecov
Copy link

codecov bot commented Jun 1, 2023

Codecov Report

Merging #240 (19d0e97) into main (98b0bc0) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #240   +/-   ##
=======================================
  Coverage   91.15%   91.15%           
=======================================
  Files          19       19           
  Lines        1425     1425           
=======================================
  Hits         1299     1299           
  Misses         92       92           
  Partials       34       34           

@renovate renovate bot force-pushed the renovate/go-github.com/gin-gonic/gin-vulnerability branch 3 times, most recently from f981873 to cfbd650 Compare June 9, 2023 17:26
wass3rw3rk
wass3rw3rk previously approved these changes Jun 13, 2023
@renovate renovate bot force-pushed the renovate/go-github.com/gin-gonic/gin-vulnerability branch from cfbd650 to 19d0e97 Compare June 21, 2023 15:20
@ecrupper ecrupper merged commit a4595be into main Jun 21, 2023
@ecrupper ecrupper deleted the renovate/go-github.com/gin-gonic/gin-vulnerability branch June 21, 2023 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Indicates a change to dependencies
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants