Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update actions/setup-go action to v5.0.2 #205

Merged
merged 1 commit into from
Jul 22, 2024
Merged

chore(deps): update actions/setup-go action to v5.0.2 #205

merged 1 commit into from
Jul 22, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 17, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
actions/setup-go action patch v5.0.1 -> v5.0.2

Release Notes

actions/setup-go (actions/setup-go)

v5.0.2

Compare Source

Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@github-actions GitHub Actions
Copy link

[puLL-Merge] - actions/setup-go@v5.0.1..v5.0.2

Description

This PR updates the Go versions used in the GitHub Actions workflow and makes several changes to the undici dependency, including security improvements and performance optimizations.

Changes

Changes

  1. .github/workflows/versions.yml:

    • Updated Go versions in the test matrix from 1.17, 1.18, 1.19 to 1.20.14, 1.21.10, 1.22.3
    • Updated various other Go version references throughout the file to use newer versions

  2. .licenses/npm/undici.dep.yml:

    • Updated undici version from 5.28.3 to 5.28.4

  3. __tests__/data/go.mod and __tests__/data/go.work:

    • Updated Go versions in test data files

  4. dist/cache-save/index.js and dist/setup/index.js:

    • Added new utility functions for header name handling
    • Improved performance of header name comparisons
    • Enhanced security in the SRI (Subresource Integrity) implementation
    • Optimized base64 comparison logic
    • Added support for base64url format in SRI checks
    • Improved parsing of hash options in SRI metadata

Security Hotspots

  1. The changes to the SRI implementation in undici improve security by:

    • Supporting base64url format in addition to base64
    • Optimizing the strongest metadata selection process
    • Improving the parsing of hash options

  2. The addition of headerNameToString function and the use of headerNameLowerCasedRecord improve security by ensuring consistent and efficient header name comparisons.

  3. The update to shouldRemoveHeader function now also checks for the 'proxy-authorization' header when dealing with unknown origins, which enhances security in proxy scenarios.

These changes generally improve the security posture of the project, particularly in areas related to HTTP header handling and subresource integrity checks.

@renovate renovate bot force-pushed the renovate/actions-setup-go-5.x branch from 1258283 to 00119c0 Compare July 17, 2024 06:05
@renovate renovate bot force-pushed the renovate/actions-setup-go-5.x branch from 00119c0 to e027f12 Compare July 17, 2024 07:56
@mihaiplesa mihaiplesa merged commit f3e3218 into master Jul 22, 2024
8 checks passed
@mihaiplesa mihaiplesa deleted the renovate/actions-setup-go-5.x branch July 22, 2024 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mihaiplesa mihaiplesa mihaiplesa approved these changes

Assignees
No one assigned
Labels
puLL-Merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mihaiplesa