dd-trace-go icon indicating copy to clipboard operation
dd-trace-go copied to clipboard

Published 20 hours ago verified publisher icon DataDog

build(deps): bump github.com/gofiber/fiber/v2 from 2.50.0 to 2.52.1

Open dependabot[bot] opened this issue 1 year ago • 1 comments

Bumps github.com/gofiber/fiber/v2 from 2.50.0 to 2.52.1.

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.52.1

👮 Security

https://docs.gofiber.io/api/middleware/cors

🐛 Fixes

  • Middleware/healthcheck: Not working with route group(#2863)

📚 Documentation

  • Fix default value to false in docs of QueryBool (#2811)
  • Fix code snippet indentation in /docs/api/middleware/keyauth.md (#2867)

Full Changelog: https://github.com/gofiber/fiber/compare/v2.52.0...v2.52.1

Thank you @​luk3skyw4lker, @​CAEL0, @​grivera64, @​gaby and @​sixcolors for making this update possible.

v2.52.0

🚀 New

// Direct usage with default config
app.Use(healthcheck.New())

// Or extend your config for customization
app.Use(healthcheck.New(healthcheck.Config{
LivenessEndpoint: "/live",
LivenessProbe: func(c *fiber.Ctx) bool {
return true
},
ReadinessEndpoint: "/ready",
ReadinessProbe: func(c *fiber.Ctx) bool {
return serviceA.Ready() && serviceB.Ready() && ...
},
}))

🧹 Updates

  • Middlewares: don't constrain middlewares context-keys to strings (#2751)
  • Middleware/logger: colorize logger error message #2593 (#2773)

... (truncated)

Commits
  • 70f21d5 fix cors domain normalize
  • f9fcb02 Update app.go
  • f0cd3b4 Merge pull request from GHSA-fmg4-x8pw-hjhg
  • 5e30112 fix: healthcheck middleware not working with route group (#2863)
  • cf54c25 Merge pull request #2867 from grivera64/v2
  • a84a7ce :books: Doc: Fix code snippet indentation in /docs/api/middleware/keyauth.md
  • 4e0f180 Update routing.md
  • 56d2ec7 Update ctx.md
  • 8325ed0 update queryParser config
  • e524b73 Fix default value to false in docs of QueryBool (#2811)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Feb 22 '24 18:02 dependabot[bot]

Benchmarks

Benchmark execution time: 2024-03-11 09:56:26

Comparing candidate commit 286fd6614464592276bb271023056754a744bd2e in PR branch dependabot/go_modules/github.com/gofiber/fiber/v2-2.52.1 with baseline commit 1e168ddbf4e9b56cb4cd3a8524d176511470d008 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 39 metrics, 2 unstable metrics.

pr-commenter[bot] avatar Feb 22 '24 18:02 pr-commenter[bot]

Sorry, only users with push access can use that command.

dependabot[bot] avatar Mar 08 '24 17:03 dependabot[bot]

@katiehockman would you kindly be able to merge this bump in dependency as this is currently being flagged as a critical vulnerable package

Birajpjpt avatar Mar 11 '24 09:03 Birajpjpt

We are using dd_trace and it is reported as a critical vulnerability stating the fiber version to upgrade. can this be merged sooner? If so, when can we expect the next version of dd_trace? we would like to upgrade at the earliest. Thanks. CC: @felixge

trigunam avatar Mar 18 '24 07:03 trigunam

@trigunam If you upgrade Fiber in your go.mod, it overrides dd-trace-go imported version for Fiber. go.mod versions are minimum required versions.

As CI is green, we'll merge it and it'll be released in the next version v1.63.0.

darccio avatar Mar 22 '24 11:03 darccio

/merge

darccio avatar Mar 22 '24 11:03 darccio

:steam_locomotive: MergeQueue

Pull request added to the queue.

This build is going to start soon! (estimated merge in less than 9m)

Use /merge -c to cancel this operation!

dd-devflow[bot] avatar Mar 22 '24 11:03 dd-devflow[bot]

:x: MergeQueue

This PR is rejected because it was updated

If you need support, contact us on Slack #ci-interfaces with those details!

dd-devflow[bot] avatar Mar 22 '24 13:03 dd-devflow[bot]