Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update module github.com/gin-gonic/gin to v1.9.1 [security] #872

Merged
merged 1 commit into from
Jun 21, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 1, 2023

Mend Renovate

This PR contains the following updates:

Package Type Update Change
github.com/gin-gonic/gin require patch v1.9.0 -> v1.9.1

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-29401

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat";x=.txt" will be sent as a file named "setup.bat".

If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.


Release Notes

gin-gonic/gin

v1.9.1

Compare Source

BUG FIXES
SECURITY
  • fix lack of escaping of filename in Content-Disposition #​3556
ENHANCEMENTS
  • refactor: use bytes.ReplaceAll directly #​3455
  • convert strings and slices using the officially recommended way #​3344
  • improve render code coverage #​3525
DOCS
  • docs: changed documentation link for trusted proxies #​3575
  • chore: improve linting, testing, and GitHub Actions setup #​3583

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner June 1, 2023 20:33
@renovate renovate bot added the dependencies Indicates a change to dependencies label Jun 1, 2023
@codecov
Copy link

codecov bot commented Jun 1, 2023

Codecov Report

Merging #872 (5326424) into main (6f9f29e) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #872   +/-   ##
=======================================
  Coverage   71.47%   71.47%           
=======================================
  Files         304      304           
  Lines       12436    12436           
=======================================
  Hits         8889     8889           
  Misses       3116     3116           
  Partials      431      431           

@renovate renovate bot force-pushed the renovate/go-github.com/gin-gonic/gin-vulnerability branch from 4397b10 to 01c7f8c Compare June 2, 2023 14:37
wass3rw3rk
wass3rw3rk previously approved these changes Jun 2, 2023
@renovate renovate bot force-pushed the renovate/go-github.com/gin-gonic/gin-vulnerability branch 10 times, most recently from fcfbaa3 to 72e09cd Compare June 12, 2023 14:39
@renovate renovate bot force-pushed the renovate/go-github.com/gin-gonic/gin-vulnerability branch from 72e09cd to e720f0e Compare June 13, 2023 16:40
@renovate renovate bot force-pushed the renovate/go-github.com/gin-gonic/gin-vulnerability branch 4 times, most recently from b8953f5 to 7f163c0 Compare June 20, 2023 16:10
@renovate renovate bot force-pushed the renovate/go-github.com/gin-gonic/gin-vulnerability branch from 7f163c0 to 913e738 Compare June 20, 2023 20:49
@renovate renovate bot force-pushed the renovate/go-github.com/gin-gonic/gin-vulnerability branch from 913e738 to 5326424 Compare June 21, 2023 14:36
@ecrupper ecrupper merged commit 7e3fda6 into main Jun 21, 2023
@ecrupper ecrupper deleted the renovate/go-github.com/gin-gonic/gin-vulnerability branch June 21, 2023 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Indicates a change to dependencies
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants