chore(deps): bump the go-security group across 3 directories with 2 updates#63
chore(deps): bump the go-security group across 3 directories with 2 updates#63dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
…pdates Bumps the go-security group with 2 updates in the /server directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure). Bumps the go-security group with 1 update in the /coraza-spoa directory: [golang.org/x/crypto](https://github.com/golang/crypto). Bumps the go-security group with 1 update in the /pkg directory: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.38.0 to 0.45.0 - [Commits](golang/crypto@v0.38.0...v0.45.0) Updates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.4.0 - [Release notes](https://github.com/go-viper/mapstructure/releases) - [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md) - [Commits](go-viper/mapstructure@v2.2.1...v2.4.0) Updates `golang.org/x/crypto` from 0.38.0 to 0.45.0 - [Commits](golang/crypto@v0.38.0...v0.45.0) Updates `golang.org/x/crypto` from 0.38.0 to 0.45.0 - [Commits](golang/crypto@v0.38.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production dependency-group: go-security - dependency-name: github.com/go-viper/mapstructure/v2 dependency-version: 2.4.0 dependency-type: indirect dependency-group: go-security - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: indirect dependency-group: go-security - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: indirect dependency-group: go-security ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
bot
added
dependencies
🎨 Frontend Code Quality Check Unknown
|
⚡ Go Code Quality Check Failed ❌PR #63 Go code quality check completed. 中文报告点击下方链接查看详细检查结果。 English ReportClick the link below to view detailed check results. 🔗 View Details: Click here to see the full check results |
🚀 Docker Quick Build Success ✅PR #63 AMD64 platform verification completed (optimized for faster verification) 中文报告🎉 结果: Docker 构建验证通过!镜像构建成功。 🏗️ 构建详情:
💡 优化说明: PR 阶段仅构建 AMD64 以提高速度,完整的多平台构建将在合并后进行。 English Report🎉 Result: Docker build verification passed! Image build successful. 🏗️ Build Details:
💡 Optimization Note: PR stage only builds AMD64 to improve speed, complete multi-platform build will be performed after merge. 🔗 查看详细信息 / View Details: 点击查看完整构建结果 / Click here to see full build results |
Bumps the go-security group with 2 updates in the /server directory: golang.org/x/crypto and github.com/go-viper/mapstructure/v2.
Bumps the go-security group with 1 update in the /coraza-spoa directory: golang.org/x/crypto.
Bumps the go-security group with 1 update in the /pkg directory: golang.org/x/crypto.
Updates
golang.org/x/cryptofrom 0.38.0 to 0.45.0Commits
4e0068cgo.mod: update golang.org/x dependenciese79546essh: curb GSSAPI DoS risk by limiting number of specified OIDsf91f7a7ssh/agent: prevent panic on malformed constraint2df4153acme/autocert: let automatic renewal work with short lifetime certsbcf6a84acme: pass context to requestb4f2b62ssh: fix error message on unsupported cipher79ec3a5ssh: allow to bind to a hostname in remote forwarding122a78fgo.mod: update golang.org/x dependenciesc0531f9all: eliminate vet diagnostics0997000all: fix some commentsUpdates
github.com/go-viper/mapstructure/v2from 2.2.1 to 2.4.0Release notes
Sourced from github.com/go-viper/mapstructure/v2's releases.
Commits
b9794a5Merge pull request #119 from go-viper/string-to-weak-slice17cdcb0feat: add back previous StringToSlice as a weak function3caca36Merge pull request #117 from ErfanMomeniii/main9a861bcMerge pull request #107 from peczenyj/patch-286ed5b5refactor: updateace5b4echore: add interface any linter1a4f1aeMerge pull request #118 from go-viper/generic-testsa268909fix: lint17f1fd4test: add more commentsb48c856test: expand testsUpdates
golang.org/x/cryptofrom 0.38.0 to 0.45.0Commits
4e0068cgo.mod: update golang.org/x dependenciese79546essh: curb GSSAPI DoS risk by limiting number of specified OIDsf91f7a7ssh/agent: prevent panic on malformed constraint2df4153acme/autocert: let automatic renewal work with short lifetime certsbcf6a84acme: pass context to requestb4f2b62ssh: fix error message on unsupported cipher79ec3a5ssh: allow to bind to a hostname in remote forwarding122a78fgo.mod: update golang.org/x dependenciesc0531f9all: eliminate vet diagnostics0997000all: fix some commentsUpdates
golang.org/x/cryptofrom 0.38.0 to 0.45.0Commits
4e0068cgo.mod: update golang.org/x dependenciese79546essh: curb GSSAPI DoS risk by limiting number of specified OIDsf91f7a7ssh/agent: prevent panic on malformed constraint2df4153acme/autocert: let automatic renewal work with short lifetime certsbcf6a84acme: pass context to requestb4f2b62ssh: fix error message on unsupported cipher79ec3a5ssh: allow to bind to a hostname in remote forwarding122a78fgo.mod: update golang.org/x dependenciesc0531f9all: eliminate vet diagnostics0997000all: fix some commentsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.