-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yaml.v3 security patch #1664
Merged
Merged
yaml.v3 security patch #1664
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ubogdan
added a commit
that referenced
this pull request
Oct 19, 2024
* Update README_zh-CN.md (#1545) remove repeat net/http * Add option to set template delimiters (#1499) * Add template action delimiter cli flag * Add delims to generator config and template Also adds tests using the "quote" test as a base. This has to have a custom Instance name or it will clash with the "quotes" one and panic since it will have registered two "swagger" instances in the package test. * Add testdata for custom delim flags Based on the "quote" testdata. * Add delims to the spec, with tests. Make sure we don't add delims if they are empty. This shouldn't be possible, but might as well be safe. * Go mod tidy and sum update * Make the CLI experience a bit cleaner * Revert go.mod and sum * Update readme * fix bug: enums of explicit type conversion (#1556) Signed-off-by: sdghchj <[email protected]> * add retract to fix proxy cache caused by accidentally pushed tags (#1562) * add retract caused by accidentally pushed tags * update version to match new tag version --------- Co-authored-by: Tobias Theel <[email protected]> * docs: doc to pt Add option to set template delims. (#1563) * fix: lint error for generated docs.go (#1583) Co-authored-by: wanglonghui7 <[email protected]> * fix bug: enums of underscored number (#1581) Signed-off-by: sdghchj <[email protected]> * fix using tab (\t) as separator for custom type names (#1594) * chore(deps): bump github.com/gin-gonic/gin (#1598) Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.7.7 to 1.9.1. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](gin-gonic/gin@v1.7.7...v1.9.1) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/gin-gonic/gin in /example/celler (#1599) Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.7.7 to 1.9.1. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](gin-gonic/gin@v1.7.7...v1.9.1) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/gin-gonic/gin in /example/go-module-support (#1600) Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.7.7 to 1.9.1. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](gin-gonic/gin@v1.7.7...v1.9.1) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix required params parsing for routes with multiple paths and multiple params (#1621) * fix required params parsing for routes with multiple paths and multiple params * fix incorrect variable declaration of validParams * parser: if all tags negate return true on no hits (#1624) * parser: if all tags negate return true on no hits * fix: enums in body got parse incorrectly (#1625) * parse binary literal const (#1593) * support binary const Signed-off-by: sdghchj <[email protected]> * add test Signed-off-by: sdghchj <[email protected]> --------- Signed-off-by: sdghchj <[email protected]> * feat: global security (#1620) * global security * improve test * add cli flag --pdl to determine whether parse operations in dependency (#1605) * change cli flag to parse operations in dependency Signed-off-by: sdghchj <[email protected]> * change cli flag to parse operations in dependency Signed-off-by: sdghchj <[email protected]> * add cli flag --pdl to determine whether parse operations in dependency Signed-off-by: sdghchj <[email protected]> * add cli flag --pdl to determine whether parse operations in dependency Signed-off-by: sdghchj <[email protected]> * add cli flag --pdl to determine whether parse operations in dependency Signed-off-by: sdghchj <[email protected]> --------- Signed-off-by: sdghchj <[email protected]> * feat: add --packagePrefix=P for only parse packages matched by prefix P (#1582) * enchancement: report which property is triggering a parsing error (#1439) * add byte check before and after file is formatted (#1637) * feat: preserve file permission when write formatted files (#1636) test: add a test case to validate permission equal * docs(readme): fix param brace (#1647) * chore(deps): bump gopkg.in/yaml.v3 (#1663) Bumps gopkg.in/yaml.v3 from 3.0.0-20200615113413-eeeca48fe776 to 3.0.0. --- updated-dependencies: - dependency-name: gopkg.in/yaml.v3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * yaml.v3 security patch (#1664) * test: remove redundant `filepath.Clean` call (#1675) * chore(deps): bump golang.org/x/net from 0.8.0 to 0.17.0 (#1686) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.8.0 to 0.17.0. - [Commits](golang/net@v0.8.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/net in /example/markdown (#1685) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.7.0 to 0.17.0. - [Commits](golang/net@v0.7.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * When the return value defined by the @success tag is equal to a null value, make fixes to prevent a null pointer exception occurs (#1667) * chore(deps): bump golang.org/x/net in /example/go-module-support (#1682) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/net in /example/object-map-example (#1684) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/net in /example/celler (#1683) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.10.0 to 0.17.0. - [Commits](golang/net@v0.10.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: add PT and EN examples for Go generic types (#1697) * Update README.md (#1698) Adding instructions to finish the steps in `Getting started` section before `How to use it with Gin` It is easy for anybody to miss out that section which causes unwanted failures in the Swagger UI * update gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 to 3.0.0 (#1640) * improve docker container usage (#1704) * Update Go build version for Docker container * Explicitly specify copy target * Set ENTRYPOINT * Move binary to /bin * Add docker usage instructions to the README * Set /code as the default WORKDIR --------- Co-authored-by: Norman Gehrsitz <[email protected]> * fix issue #1662: find definitions from external packages first (#1666) Signed-off-by: sdghchj <[email protected]> * Drop support for go v1.17.x (#1723) * Drop support for go v1.17.x Signed-off-by: sdghchj <[email protected]> * Add flag state #1628 (#1629) * add state flag * fix deps (#1724) Signed-off-by: sdghchj <[email protected]> * chore(deps): bump golang.org/x/crypto in /example/celler (#1727) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](golang/crypto@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/crypto in /example/go-module-support (#1726) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](golang/crypto@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/crypto in /example/object-map-example (#1725) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](golang/crypto@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * deprecate some parts of routers in an operation (#1735) Signed-off-by: sdghchj <[email protected]> * bug: array form filed name should not contains bracket which led to invalid fieldname in ts codegen (#1706) * Struct fields supported for header and path param types (#1740) * Support object data types for header params Add initial struct test for header names and validation. * Add form and query struct test for operations * Operation param add path struct model support and tests wip: fix merge * fix #1742 (#1744) * fix #1742 Signed-off-by: sdghchj <[email protected]> * Feat: Support generic with map params (#1746) * support generic with map params Signed-off-by: sdghchj <[email protected]> * Update version.go (#1751) * Update operation.go (#1753) getUnderlyingSchema can return nil, so it has to be checked here otherwise the code is exposed to invalid memory address or nil pointer dereference * fix: remove dropped tags from general infos (#1764) * fix: remove unneeded tags from general infos Signed-off-by: sdghchj <[email protected]> * Update docker go build version to 1.21 (#1758) * add support for "title" tag (#1762) feat: add support for "title" tag in structField struct to allow specifying a custom field title * chore: fix some typos in comments (#1788) Signed-off-by: camcui <[email protected]> * bump go version (#1797) * bump go version * cleanup pipeline * chore(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 (#1793) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/net in /example/markdown (#1792) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/net in /example/celler (#1794) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/net in /example/go-module-support (#1795) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/net in /example/object-map-example (#1796) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0. - [Commits](golang/net@v0.17.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Handle case of empty GOROOT (#1798) In some situations, such as when using the go-swag Nix package, runtime.GOROOT() will be empty, and RangeFiles will skip all source paths since technically, all paths are prefixed with the empty string. See also NixOS/nixpkgs#224701 May resolve some cases of #1622. * Added multiline support for @description attribute for securityDefinitions (#1786) * Feat: multi-arch docker image (#1756) * Feat: multi-arch docker image - adapt Dockerfile to support cross-compilation depending on TARGETARCH and TARGETOS variables see https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/ - set target platforms for docker/build-push-action * Support running on forks * Fix ARG format * Fix docker digest step * Restrict permissions * Update action versions * Set $TARGETPLATFORM explicitly docker/build-push-action#820 (comment) --------- Co-authored-by: Norman Gehrsitz <[email protected]> * chore(deps): bump google.golang.org/protobuf (#1773) Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/protobuf (#1774) Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump google.golang.org/protobuf in /example/celler (#1775) Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix issue: #1780: filter $GOROOT path (#1827) Signed-off-by: song <[email protected]> * feat: read from stdin, write to stdout (#1831) (#1832) Co-authored-by: Bruno Bonatto <[email protected]> * Added suport for parsing comments inside of function bodies (#1824) Added suport for parsing comments inside of function bodies --------- Co-authored-by: Jonas Ha <[email protected]> * adds support for complex types with function scope (#1813) * [Issue 1812] fix misalignment in expected.json and api.go messing with parser_test (#1836) * Fixes Issue 1829 (#1830) * fix: fixes a bug that could select wrong tag description markdown file * fixes parser to be able to parse file names with and without ext * Fix global overrides for any/interface ref types (#1835) When overriding with any or interface{}, the code should prefer the "any" (empty) schema instead, not the object schema since that's different e.g. * adds support for pointer function scoped fields (#1841) * fix parse nested structs and aliases (#1866) Co-authored-by: ma.mikhaylov <[email protected]> * Fix generics used with function scoped types (#1883) * Fix param comment escaping issue (#1890) This commit fixes a param comment issue where a "\n" gets escaped so it would not be applied to the output swagger file. * support markdown description for declaration (#1893) * feat: support markdown description for declaration * fix: range PackagesDefinitions.uniqueDefinitions cause panic --------- Co-authored-by: xinbi.nie <[email protected]> * update README (#1856) * Update docs for request and response headers (#1825) * fix:parse all field names declared in a row (#1872) * fix:parse all fields names declared in a row * Flags to parse internal and dependency package (#1894) * fix: failing assert in enums test on 32bit (#1634) * Feat: Add support for parenthesis in router patterns (#1859) * chore: Update ci.yml (#1902) * new release (#1901) * fix some issues * fix unit tests --------- Signed-off-by: sdghchj <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: camcui <[email protected]> Signed-off-by: song <[email protected]> Co-authored-by: tzxdtc10 <[email protected]> Co-authored-by: Leo Palmer Sunmo <[email protected]> Co-authored-by: sdghchj <[email protected]> Co-authored-by: Nerzal <[email protected]> Co-authored-by: Tobias Theel <[email protected]> Co-authored-by: Paulo Lopes Estevão <[email protected]> Co-authored-by: lowang-bh <[email protected]> Co-authored-by: wanglonghui7 <[email protected]> Co-authored-by: Martin W. Kirst <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Phenix66 <[email protected]> Co-authored-by: Roy Marples <[email protected]> Co-authored-by: Billy Ho <[email protected]> Co-authored-by: nameoffnv <[email protected]> Co-authored-by: Shengyu Zhang <[email protected]> Co-authored-by: Sakis <[email protected]> Co-authored-by: Daniel Moncada <[email protected]> Co-authored-by: wholesome-ghoul <[email protected]> Co-authored-by: Shimizu1111 <[email protected]> Co-authored-by: Renan Silva <[email protected]> Co-authored-by: Saurabh Chatterjee <[email protected]> Co-authored-by: caption <[email protected]> Co-authored-by: ngehrsitz <[email protected]> Co-authored-by: Norman Gehrsitz <[email protected]> Co-authored-by: Ivan Volkov <[email protected]> Co-authored-by: Jinof <[email protected]> Co-authored-by: Joe Shaw <[email protected]> Co-authored-by: Mathieu Chauvet <[email protected]> Co-authored-by: Matteo Bassan <[email protected]> Co-authored-by: camcui <[email protected]> Co-authored-by: Evan Goode <[email protected]> Co-authored-by: Vladimir Avchenov <[email protected]> Co-authored-by: Timo Naroska <[email protected]> Co-authored-by: bob <[email protected]> Co-authored-by: bfbonatto <[email protected]> Co-authored-by: Bruno Bonatto <[email protected]> Co-authored-by: j-d-ha <[email protected]> Co-authored-by: Jonas Ha <[email protected]> Co-authored-by: Kristoffer Fage Jensen <[email protected]> Co-authored-by: Michi H <[email protected]> Co-authored-by: Ezequiel Rodriguez <[email protected]> Co-authored-by: zdon0 <[email protected]> Co-authored-by: ma.mikhaylov <[email protected]> Co-authored-by: Berk Karaal <[email protected]> Co-authored-by: Yuki Omoto <[email protected]> Co-authored-by: nicoxix <[email protected]> Co-authored-by: xinbi.nie <[email protected]> Co-authored-by: Eike Haller <[email protected]> Co-authored-by: Harsh Mittal <[email protected]> Co-authored-by: Leso_KN <[email protected]> Co-authored-by: alifemove <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Describe the PR
security update for gopkg.in/yaml.v3
Relation issue
#1663
Additional context
Add any other context about the problem here.