fix(deps): update module github.com/go-resty/resty/v2 to v2.11.0 [security] - autoclosed #1790
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
…urity] | datasource | package | from | to | | ---------- | ---------------------------- | ------- | ------- | | go | github.com/go-resty/resty/v2 | v2.10.0 | v2.11.0 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
|
Important Auto Review SkippedBot user detected. To trigger a single review, invoke the Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #1790 +/- ##
===================================================
+ Coverage 52.32849% 52.45475% +0.12625%
===================================================
Files 372 378 +6
Lines 25596 25746 +150
Branches 285 295 +10
===================================================
+ Hits 13394 13505 +111
- Misses 10898 10935 +37
- Partials 1304 1306 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
renovate
bot
changed the title
renovate
bot
deleted the
renovate/omnirpc-go-github.aaakk.us.kg/go-resty/resty/v2-vulnerability
branch
This PR contains the following updates:
v2.10.0->v2.11.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2023-45286
A race condition in go-resty can result in HTTP request body disclosure across requests.
This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request.
The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.
Release Notes
go-resty/resty (github.com/go-resty/resty/v2)
v2.11.0: ReleaseCompare Source
Release Notes
Bug Fixes
New Contributors
Full Changelog: go-resty/resty@v2.10.0...v2.11.0
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.