dancefinder/dancefetcher
5
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Activity

Chore(deps): [security] bump github.com/antchfx/xmlquery from 1.2.4 to 1.3.1 #35

Merged
argoyle merged 1 commits from dependabot-go_modules-github.com-antchfx-xmlquery-1.3.1 into master 2023-05-23 18:14:14 +00:00
Conversation 5 Commits 1 Files Changed 2
+8 -4
argoyle commented 2023-05-23 17:34:56 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

Bumps github.com/antchfx/xmlquery from 1.2.4 to 1.3.1. This update includes a security fix.

Vulnerabilities fixed

xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.

Patched versions: 1.3.1 Affected versions: < 1.3.1

Release notes

Sourced from github.com/antchfx/xmlquery's releases.

Release 1.3.1

fix #40 fix #39 , checking a content-type value in the HTTP response header, only allows "text/xml" and "application/xml"

Release 1.3.0

Add XML stream loading and parsing support for loading the large document avoid used a lot of memory. (thanks @​jf-tech). about discuss on #32

Expose a number of Node helper functions to operation the XML node : #38

Commits
  • 1871a20 Merge pull request #40 from jf-tech/jf-tech/streamparser-fix
  • e26cec5 Fix a bug in xml stream parsing where a previously unmatched node causing all...
  • 5648b2f checking XML formatted from HTTP response #39
  • 64ca73d Merge PR '#38'. Expose functions:AddAttr, AddChild, AddSibling, `Remove...
  • 2958a82 Expose a number of *Node related helper functions: AddAttr, AddChild, `...
  • 8049e7d Merge PR '#37', Stream Parser Support - pt4
  • 81676ed fix typo in readme
  • 319e0b2 Stream Parser Support - pt4 - Adding stream parsing support
  • fa5754e Merge PR #35, Stream Parser Support - pt3
  • db13d6a move Parse func back to original position in src to reduce diff size
  • Additional commits viewable in compare view

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR. Deprecated, use GitLab's native /rebase instead
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts
Bumps [github.com/antchfx/xmlquery](https://github.com/antchfx/xmlquery) from 1.2.4 to 1.3.1. **This update includes a security fix.** <details> <summary>Vulnerabilities fixed</summary> <blockquote> <p><strong>xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service</strong> xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.</p> <p>Patched versions: 1.3.1 Affected versions: &lt; 1.3.1</p> </blockquote> </details> <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/antchfx/xmlquery/releases">github.com/antchfx/xmlquery's releases</a>.</em></p> <blockquote> <h2>Release 1.3.1</h2> <p>fix <a href="https://github.com/antchfx/xmlquery/issues/40">#40</a> fix <a href="https://github.com/antchfx/xmlquery/issues/39">#39</a> , checking a <code>content-type</code> value in the HTTP response header, only allows &quot;text/xml&quot; and &quot;application/xml&quot;</p> <h2>Release 1.3.0</h2> <p>Add XML stream loading and parsing support for loading the large document avoid used a lot of memory. (thanks <a href="https://github.com/jf-tech"><code>@​jf-tech</code></a>). about discuss on <a href="https://github.com/antchfx/xmlquery/issues/32">#32</a></p> <p>Expose a number of <code>Node</code> helper functions to operation the XML node : <a href="https://github.com/antchfx/xmlquery/issues/38">#38</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/antchfx/xmlquery/commit/1871a20cfb5670b60e14bb303cfac071d4da02a8"><code>1871a20</code></a> Merge pull request <a href="https://github.com/antchfx/xmlquery/issues/40">#40</a> from jf-tech/jf-tech/streamparser-fix</li> <li><a href="https://github.com/antchfx/xmlquery/commit/e26cec513303f0794d94c9b80cee131eb925908a"><code>e26cec5</code></a> Fix a bug in xml stream parsing where a previously unmatched node causing all...</li> <li><a href="https://github.com/antchfx/xmlquery/commit/5648b2f39e8d5d3fc903c45a4f1274829df71821"><code>5648b2f</code></a> checking XML formatted from HTTP response <a href="https://github.com/antchfx/xmlquery/issues/39">#39</a></li> <li><a href="https://github.com/antchfx/xmlquery/commit/64ca73d0e0da75a116e3b7a9d6eb6c493e8a0836"><code>64ca73d</code></a> Merge PR '<a href="https://github.com/antchfx/xmlquery/issues/38">#38</a>'. Expose functions:<code>AddAttr</code>, <code>AddChild</code>, <code>AddSibling</code>, `Remove...</li> <li><a href="https://github.com/antchfx/xmlquery/commit/2958a822a6456bafa570e87112fc53b7a00fb776"><code>2958a82</code></a> Expose a number of <code>*Node</code> related helper functions: <code>AddAttr</code>, <code>AddChild</code>, `...</li> <li><a href="https://github.com/antchfx/xmlquery/commit/8049e7d06a04fc3f07ded2d2a853c652d0218c57"><code>8049e7d</code></a> Merge PR '<a href="https://github.com/antchfx/xmlquery/issues/37">#37</a>', Stream Parser Support - pt4</li> <li><a href="https://github.com/antchfx/xmlquery/commit/81676eda3fbad19f90395233680ec1ed1f872247"><code>81676ed</code></a> fix typo in readme</li> <li><a href="https://github.com/antchfx/xmlquery/commit/319e0b2092bfd63806cb0b05cfe878513a4e9f27"><code>319e0b2</code></a> Stream Parser Support - pt4 - Adding stream parsing support</li> <li><a href="https://github.com/antchfx/xmlquery/commit/fa5754edc20a3db0137bb42e5d2aefdc67aefffc"><code>fa5754e</code></a> Merge PR <a href="https://github.com/antchfx/xmlquery/issues/35">#35</a>, Stream Parser Support - pt3</li> <li><a href="https://github.com/antchfx/xmlquery/commit/db13d6a33d668109b898ad8a7f123dc472b8e24e"><code>db13d6a</code></a> move Parse func back to original position in src to reduce diff size</li> <li>Additional commits viewable in <a href="https://github.com/antchfx/xmlquery/compare/v1.2.4...v1.3.1">compare view</a></li> </ul> </details> <br /> --- <details> <summary>Dependabot commands</summary> <br /> You can trigger Dependabot actions by commenting on this MR - `$dependabot rebase` will rebase this MR. Deprecated, use GitLab's native /rebase instead - `$dependabot recreate` will recreate this MR rewriting all the manual changes and resolving conflicts </details>
argoyle commented 2023-05-23 17:46:19 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

$dependabot recreate

$dependabot recreate
argoyle commented 2023-05-23 18:07:33 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

⚠️ dependabot-gitlab is recreating merge request. All changes will be overwritten! ⚠️

:warning: `dependabot-gitlab` is recreating merge request. All changes will be overwritten! :warning:
argoyle commented 2023-05-23 18:08:00 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

dependabot-gitlab successfully recreated merge request!

:white_check_mark: `dependabot-gitlab` successfully recreated merge request!
argoyle commented 2023-05-23 18:08:00 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

added 3 commits

  • ae8453b2...0b143317 - 2 commits from branch master
  • b52b0b88 - Chore(deps): [security] bump github.com/antchfx/xmlquery

Compare with previous version

added 3 commits <ul><li>ae8453b2...0b143317 - 2 commits from branch <code>master</code></li><li>b52b0b88 - Chore(deps): [security] bump github.com/antchfx/xmlquery</li></ul> [Compare with previous version](/unboundsoftware/dancefinder/dancefetcher/-/merge_requests/32/diffs?diff_id=688883380&start_sha=ae8453b2b0850a1671d20c2268366f0ab7f5012f)
argoyle commented 2023-05-23 18:08:00 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

resolved all threads

resolved all threads
argoyle (Migrated from gitlab.com) merged commit into master 2023-05-23 18:14:15 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
go
security
Pull requests that address a security vulnerability
 severity:moderate
No Label dependencies go security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dancefinder/dancefetcher#35
Delete Branch "dependabot-go_modules-github.com-antchfx-xmlquery-1.3.1"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?