Skip to content

Commit

Permalink
chore(deps): update module github.com/cyphar/filepath-securejoin to v…
Browse files Browse the repository at this point in the history 
…0.4.1 (#6218)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[github.com/cyphar/filepath-securejoin](https://redirect.github.com/cyphar/filepath-securejoin)
| `v0.4.0` -> `v0.4.1` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcyphar%2ffilepath-securejoin/v0.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcyphar%2ffilepath-securejoin/v0.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcyphar%2ffilepath-securejoin/v0.4.0/v0.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcyphar%2ffilepath-securejoin/v0.4.0/v0.4.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>cyphar/filepath-securejoin
(github.com/cyphar/filepath-securejoin)</summary>

###
[`v0.4.1`](https://redirect.github.com/cyphar/filepath-securejoin/releases/tag/v0.4.1)

[Compare
Source](https://redirect.github.com/cyphar/filepath-securejoin/compare/v0.4.0...v0.4.1)

This release fixes a regression introduced in one of the hardening
features added to filepath-securejoin 0.4.0.

- The restrictions added for `root` paths passed to `SecureJoin` in
0.4.0 was
found to be too strict and caused some regressions when folks tried to
update, so this restriction has been relaxed to only return an error if
the
path contains a `..` component. We still recommend users use
`filepath.Clean`
(and even `filepath.EvalSymlinks`) on the `root` path they are using,
but at
least you will no longer be punished for "trivial" unclean paths.
([#&#8203;46](https://redirect.github.com/cyphar/filepath-securejoin/issues/46))

Signed-off-by: Aleksa Sarai <[email protected]>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/open-telemetry/opentelemetry-go).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMjUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjEyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJTa2lwIENoYW5nZWxvZyIsImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
@renovate
renovate[bot] authored Jan 28, 2025
1 parent dc7c33a commit 98da0d1
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion internal/tools/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ require (
github.com/ckaznocha/intrange v0.3.0 // indirect
github.com/cloudflare/circl v1.5.0 // indirect
github.com/curioswitch/go-reassign v0.3.0 // indirect
github.com/cyphar/filepath-securejoin v0.4.0 // indirect
github.com/cyphar/filepath-securejoin v0.4.1 // indirect
github.com/daixiang0/gci v0.13.5 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/denis-tingaikin/go-header v0.5.0 // indirect
Expand Down
4 changes: 2 additions & 2 deletions internal/tools/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,8 @@ github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZ
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/curioswitch/go-reassign v0.3.0 h1:dh3kpQHuADL3cobV/sSGETA8DOv457dwl+fbBAhrQPs=
github.com/curioswitch/go-reassign v0.3.0/go.mod h1:nApPCCTtqLJN/s8HfItCcKV0jIPwluBOvZP+dsJGA88=
github.com/cyphar/filepath-securejoin v0.4.0 h1:PioTG9TBRSApBpYGnDU8HC+miIsX8vitBH9LGNNMoLQ=
github.com/cyphar/filepath-securejoin v0.4.0/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
github.com/daixiang0/gci v0.13.5 h1:kThgmH1yBmZSBCh1EJVxQ7JsHpm5Oms0AMed/0LaH4c=
github.com/daixiang0/gci v0.13.5/go.mod h1:12etP2OniiIdP4q+kjUGrC/rUagga7ODbqsom5Eo5Yk=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
Expand Down

0 comments on commit 98da0d1

Please sign in to comment.