From 9453f7885d961e9cab1cf97073bf03bba315ea00 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jan 2026 03:59:26 +0000 Subject: [PATCH] chore(deps): bump github.com/go-pkgz/rest from 1.20.4 to 1.21.0 Bumps [github.com/go-pkgz/rest](https://github.com/go-pkgz/rest) from 1.20.4 to 1.21.0. - [Release notes](https://github.com/go-pkgz/rest/releases) - [Commits](https://github.com/go-pkgz/rest/compare/v1.20.4...v1.21.0) --- updated-dependencies: - dependency-name: github.com/go-pkgz/rest dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 10 +- go.sum | 20 +- vendor/github.com/go-pkgz/rest/.golangci.yml | 109 +++++---- vendor/github.com/go-pkgz/rest/README.md | 150 ++++++++++++- vendor/github.com/go-pkgz/rest/benchmarks.go | 5 +- vendor/github.com/go-pkgz/rest/blackwords.go | 3 +- vendor/github.com/go-pkgz/rest/cors.go | 180 +++++++++++++++ vendor/github.com/go-pkgz/rest/csrf.go | 207 ++++++++++++++++++ vendor/github.com/go-pkgz/rest/csrf_go125.go | 111 ++++++++++ vendor/github.com/go-pkgz/rest/file_server.go | 2 + vendor/github.com/go-pkgz/rest/gzip.go | 2 +- .../github.com/go-pkgz/rest/logger/logger.go | 10 +- vendor/github.com/go-pkgz/rest/metrics.go | 3 +- vendor/github.com/go-pkgz/rest/middleware.go | 31 ++- vendor/github.com/go-pkgz/rest/nocache.go | 13 +- vendor/github.com/go-pkgz/rest/onlyfrom.go | 6 +- vendor/github.com/go-pkgz/rest/realip/real.go | 81 ++++--- vendor/github.com/go-pkgz/rest/rest.go | 9 +- vendor/github.com/go-pkgz/rest/rewrite.go | 73 ++++++ vendor/github.com/go-pkgz/rest/secure.go | 207 ++++++++++++++++++ vendor/golang.org/x/sync/errgroup/errgroup.go | 4 +- vendor/golang.org/x/sys/cpu/cpu.go | 3 - vendor/golang.org/x/sys/cpu/cpu_arm64.go | 20 +- vendor/golang.org/x/sys/cpu/cpu_arm64.s | 7 - vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go | 1 - .../golang.org/x/sys/cpu/cpu_gccgo_arm64.go | 1 - .../golang.org/x/sys/cpu/cpu_netbsd_arm64.go | 2 +- .../golang.org/x/sys/cpu/cpu_openbsd_arm64.go | 2 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 3 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 2 + .../x/sys/unix/zerrors_linux_386.go | 2 + .../x/sys/unix/zerrors_linux_amd64.go | 2 + .../x/sys/unix/zerrors_linux_arm.go | 2 + .../x/sys/unix/zerrors_linux_arm64.go | 2 + .../x/sys/unix/zerrors_linux_loong64.go | 2 + .../x/sys/unix/zerrors_linux_mips.go | 2 + .../x/sys/unix/zerrors_linux_mips64.go | 2 + .../x/sys/unix/zerrors_linux_mips64le.go | 2 + .../x/sys/unix/zerrors_linux_mipsle.go | 2 + .../x/sys/unix/zerrors_linux_ppc.go | 2 + .../x/sys/unix/zerrors_linux_ppc64.go | 2 + .../x/sys/unix/zerrors_linux_ppc64le.go | 2 + .../x/sys/unix/zerrors_linux_riscv64.go | 2 + .../x/sys/unix/zerrors_linux_s390x.go | 2 + .../x/sys/unix/zerrors_linux_sparc64.go | 2 + .../x/sys/unix/ztypes_netbsd_arm.go | 2 +- .../x/text/encoding/japanese/eucjp.go | 6 +- .../x/text/encoding/japanese/iso2022jp.go | 6 +- .../x/text/encoding/japanese/shiftjis.go | 6 +- .../x/text/encoding/korean/euckr.go | 6 +- .../x/text/encoding/simplifiedchinese/gbk.go | 20 +- .../encoding/simplifiedchinese/hzgb2312.go | 6 +- .../text/encoding/traditionalchinese/big5.go | 6 +- .../x/text/encoding/unicode/unicode.go | 6 +- vendor/modules.txt | 12 +- 55 files changed, 1169 insertions(+), 214 deletions(-) create mode 100644 vendor/github.com/go-pkgz/rest/cors.go create mode 100644 vendor/github.com/go-pkgz/rest/csrf.go create mode 100644 vendor/github.com/go-pkgz/rest/csrf_go125.go create mode 100644 vendor/github.com/go-pkgz/rest/secure.go diff --git a/go.mod b/go.mod index d0e11fc..a5c6f7f 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/fatih/color v1.18.0 github.com/go-pkgz/lgr v0.12.1 github.com/go-pkgz/repeater/v2 v2.2.0 - github.com/go-pkgz/rest v1.20.4 + github.com/go-pkgz/rest v1.21.0 github.com/go-pkgz/routegroup v1.6.0 github.com/invopop/jsonschema v0.13.0 github.com/jessevdk/go-flags v1.6.1 @@ -17,7 +17,7 @@ require ( github.com/sashabaranov/go-openai v1.41.2 github.com/stretchr/testify v1.10.0 golang.org/x/net v0.47.0 - golang.org/x/sync v0.18.0 + golang.org/x/sync v0.19.0 gopkg.in/yaml.v3 v3.0.1 modernc.org/sqlite v1.40.1 ) @@ -61,10 +61,10 @@ require ( github.com/wasilibs/wazero-helpers v0.0.0-20250123031827-cd30c44769bb // indirect github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect github.com/yosssi/gohtml v0.0.0-20201013000340-ee4748c638f4 // indirect - golang.org/x/crypto v0.45.0 // indirect + golang.org/x/crypto v0.46.0 // indirect golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6 // indirect - golang.org/x/sys v0.38.0 // indirect - golang.org/x/text v0.31.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect modernc.org/libc v1.67.1 // indirect modernc.org/mathutil v1.7.1 // indirect modernc.org/memory v1.11.0 // indirect diff --git a/go.sum b/go.sum index b0ab648..fe78b09 100644 --- a/go.sum +++ b/go.sum @@ -29,8 +29,8 @@ github.com/go-pkgz/lgr v0.12.1 h1:8GVfG2rSARq3Eaj5PP158rtBR2LHVGkwioIkQBGbvKg= github.com/go-pkgz/lgr v0.12.1/go.mod h1:A4AxjOthFVFK6jRnVYMeusno5SeDAxcLVHd0kI/lN/Y= github.com/go-pkgz/repeater/v2 v2.2.0 h1:8nZR/NaknmLfx2YMHbr78u9OL4Xj+8+romm9dz4FpMg= github.com/go-pkgz/repeater/v2 v2.2.0/go.mod h1:RgX5vUbLKq7PV82QUDP5pFbQS1os4Z+U9XzKymK23A8= -github.com/go-pkgz/rest v1.20.4 h1:8ufcP1IqoDhCvIFdXPtvyX4HSS16SM6THBe2a6L0/kg= -github.com/go-pkgz/rest v1.20.4/go.mod h1:2/LEZGndSxpVvExsMn48AjUgiTn6kILqjpoaRnl62JU= +github.com/go-pkgz/rest v1.21.0 h1:Y/C4d/TpclJJDxqnH1RAcS6Hmox0RIReAlkwMcUWXK4= +github.com/go-pkgz/rest v1.21.0/go.mod h1:+AHzjHazq7Z3Tk/kRWOhbbAz/YZlUV40feC1Hf4NtbE= github.com/go-pkgz/routegroup v1.6.0 h1:44XHZgF6JIIldRlv+zjg6SygULASmjifnfIQjwCT0e4= github.com/go-pkgz/routegroup v1.6.0/go.mod h1:Pmu04fhgWhRtBMIJ8HXppnnzOPjnL/IEPBIdO2zmeqg= github.com/go-shiori/dom v0.0.0-20230515143342-73569d674e1c h1:wpkoddUomPfHiOziHZixGO5ZBS73cKqVzZipfrLmO1w= @@ -144,8 +144,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= -golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6 h1:zfMcR1Cs4KNuomFFgGefv5N0czO2XZpUbxGUy8i8ug0= golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6/go.mod h1:46edojNIoXTNOhySWIWdix628clX9ODXwPsQuG6hsK0= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -173,8 +173,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= -golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -188,8 +188,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= -golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -208,8 +208,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= -golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= diff --git a/vendor/github.com/go-pkgz/rest/.golangci.yml b/vendor/github.com/go-pkgz/rest/.golangci.yml index ec36f9d..7e71eaf 100644 --- a/vendor/github.com/go-pkgz/rest/.golangci.yml +++ b/vendor/github.com/go-pkgz/rest/.golangci.yml @@ -1,66 +1,65 @@ +version: "2" run: timeout: 5m tests: false - -linters-settings: - govet: - enable: - - shadow - goconst: - min-len: 2 - min-occurrences: 2 - misspell: - locale: US - lll: - line-length: 140 - gocritic: - enabled-tags: - - performance - - style - - experimental - disabled-checks: - - wrapperFunc - - hugeParam - - rangeValCopy - - singleCaseSwitch - - ifElseChain - + concurrency: 4 linters: + default: none enable: - - revive - - govet - - unconvert - - staticcheck - - unused - - gosec - dupl - - misspell - - unparam - - typecheck - - ineffassign - - stylecheck - gochecknoinits - - copyloopvar - gocritic + - govet + - ineffassign + - misspell - nakedret - - gosimple - prealloc - fast: false - disable-all: true - -issues: - exclude-dirs: - - vendor - exclude-rules: - - text: "at least one file in a package should have a package comment" - linters: - - stylecheck - - text: "should have a package comment" - linters: - - revive - - path: _test\.go - linters: - - gosec - - dupl - exclude-use-default: false + - revive + - staticcheck + - unconvert + - unparam + - unused + - modernize + - testifylint + settings: + goconst: + min-len: 2 + min-occurrences: 2 + gocritic: + disabled-checks: + - wrapperFunc + - hugeParam + - rangeValCopy + - singleCaseSwitch + - ifElseChain + enabled-tags: + - performance + - style + - experimental + govet: + enable-all: true + disable: + - fieldalignment + lll: + line-length: 140 + misspell: + locale: US + exclusions: + generated: lax + rules: + - linters: + - staticcheck + text: "at least one file in a package should have a package comment" + - linters: + - revive + text: "should have a package comment" + - linters: + - gosec + - dupl + path: _test\.go + paths: + - vendor + - third_party$ + - builtin$ + - examples$ diff --git a/vendor/github.com/go-pkgz/rest/README.md b/vendor/github.com/go-pkgz/rest/README.md index d72d478..749e0da 100644 --- a/vendor/github.com/go-pkgz/rest/README.md +++ b/vendor/github.com/go-pkgz/rest/README.md @@ -143,6 +143,22 @@ The `Rewrite` middleware is designed to rewrite the URL path based on a given ru For example, `Rewrite("^/sites/(.*)/settings/$", "/sites/settings/$1")` will change request's URL from `/sites/id1/settings/` to `/sites/settings/id1` +### CleanPath middleware + +Cleans double slashes from URL path. For example, requests to `/users//1` or `//users////1` will be cleaned to `/users/1` before routing. Trailing slashes are preserved: `/api//v1/` becomes `/api/v1/`. Note: dot segments (`.` and `..`) are intentionally not cleaned to preserve routing semantics. + +```go +router.Use(rest.CleanPath) +``` + +### StripSlashes middleware + +Removes trailing slashes from URL path. For example, `/users/` becomes `/users`. The root path `/` is preserved. + +```go +router.Use(rest.StripSlashes) +``` + ### NoCache middleware Sets a number of HTTP headers to prevent a router (handler's) response from being cached by an upstream proxy and/or client. @@ -157,7 +173,139 @@ Compresses response with gzip. ### RealIP middleware -RealIP is a middleware that sets a http.Request's RemoteAddr to the results of parsing either the X-Forwarded-For or X-Real-IP headers. +RealIP is a middleware that sets a http.Request's RemoteAddr to the results of parsing various headers that contain the client's real IP address. It checks headers in the following priority order: + +1. `X-Real-IP` - trusted proxy (nginx/reproxy) sets this to actual client +2. `CF-Connecting-IP` - Cloudflare's header for original client +3. `X-Forwarded-For` - leftmost public IP (original client in CDN/proxy chain) +4. `RemoteAddr` - fallback for direct connections + +Only public IPs are accepted from headers; private/loopback/link-local IPs are skipped. This makes the middleware compatible with CDN setups like Cloudflare where the leftmost IP in `X-Forwarded-For` is the actual client. + +### CORS middleware + +Handles Cross-Origin Resource Sharing, allowing controlled access from different origins. + +```go +// allow all origins (default) +router.Use(rest.CORS()) + +// specific origins with credentials +router.Use(rest.CORS( + rest.CorsAllowedOrigins("https://app.example.com", "https://admin.example.com"), + rest.CorsAllowCredentials(true), + rest.CorsMaxAge(86400), +)) + +// full configuration +router.Use(rest.CORS( + rest.CorsAllowedOrigins("https://app.example.com"), + rest.CorsAllowedMethods("GET", "POST", "PUT", "DELETE"), + rest.CorsAllowedHeaders("Authorization", "Content-Type", "X-Custom-Header"), + rest.CorsExposedHeaders("X-Request-Id", "X-Total-Count"), + rest.CorsAllowCredentials(true), + rest.CorsMaxAge(3600), +)) +``` + +Features: +- Automatic preflight (OPTIONS) handling +- Origin validation with case-insensitive matching +- Credentials support (reflects origin instead of `*`) +- Configurable cache duration for preflight results + +Available options: +- `CorsAllowedOrigins(origins...)` - allowed origins (default: `*`) +- `CorsAllowedMethods(methods...)` - allowed HTTP methods (default: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD) +- `CorsAllowedHeaders(headers...)` - allowed request headers (default: Accept, Content-Type, Authorization, X-Requested-With) +- `CorsExposedHeaders(headers...)` - headers exposed to client +- `CorsAllowCredentials(bool)` - enable credentials (cookies, auth headers) +- `CorsMaxAge(seconds)` - preflight cache duration + +### Secure middleware + +Adds security headers to responses. By default sets: `X-Frame-Options`, `X-Content-Type-Options`, `Referrer-Policy`, `X-XSS-Protection`, and `Strict-Transport-Security` (for HTTPS only). + +```go +// with sensible defaults +router.Use(rest.Secure()) + +// with full security headers for web apps (adds CSP and Permissions-Policy) +router.Use(rest.Secure(rest.SecAllHeaders())) + +// with custom options +router.Use(rest.Secure( + rest.SecFrameOptions("SAMEORIGIN"), + rest.SecReferrerPolicy("no-referrer"), + rest.SecHSTS(86400, true, true), + rest.SecContentSecurityPolicy("default-src 'self'"), + rest.SecPermissionsPolicy("geolocation=(), camera=()"), +)) +``` + +Default headers: +- `X-Frame-Options: DENY` - prevents clickjacking +- `X-Content-Type-Options: nosniff` - prevents MIME-type sniffing +- `Referrer-Policy: strict-origin-when-cross-origin` - controls referrer information +- `X-XSS-Protection: 1; mode=block` - enables XSS filtering (legacy browsers) +- `Strict-Transport-Security: max-age=31536000; includeSubDomains` - enforces HTTPS (only sent over HTTPS) + +Available options: +- `SecFrameOptions(value)` - set X-Frame-Options (DENY, SAMEORIGIN) +- `SecContentTypeNosniff(enable)` - enable/disable nosniff +- `SecReferrerPolicy(policy)` - set Referrer-Policy +- `SecContentSecurityPolicy(policy)` - set Content-Security-Policy +- `SecPermissionsPolicy(policy)` - set Permissions-Policy +- `SecHSTS(maxAge, includeSubdomains, preload)` - configure HSTS +- `SecXSSProtection(value)` - set X-XSS-Protection +- `SecAllHeaders()` - convenience option that sets CSP and Permissions-Policy with restrictive defaults + +### CSRF middleware + +Provides Cross-Site Request Forgery protection using modern browser Fetch metadata headers (`Sec-Fetch-Site`, `Origin`). For Go 1.25+, this wraps the stdlib's `http.CrossOriginProtection`. For earlier versions, a compatible custom implementation is used. + +```go +// basic protection +protection := rest.NewCrossOriginProtection() +router.Use(protection.Handler) + +// with trusted origins for cross-origin requests +protection := rest.NewCrossOriginProtection() +if err := protection.AddTrustedOrigin("https://mobile.example.com"); err != nil { + log.Fatal(err) +} +if err := protection.AddTrustedOrigin("https://admin.example.com"); err != nil { + log.Fatal(err) +} +router.Use(protection.Handler) + +// with bypass patterns for webhooks or OAuth +protection := rest.NewCrossOriginProtection() +protection.AddBypassPattern("/api/webhook") +protection.AddBypassPattern("/oauth/") +router.Use(protection.Handler) + +// with custom deny handler +protection := rest.NewCrossOriginProtection() +protection.SetDenyHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.Error(w, "CSRF validation failed", http.StatusForbidden) +})) +router.Use(protection.Handler) +``` + +How it works: +- Safe methods (GET, HEAD, OPTIONS) are always allowed +- Checks `Sec-Fetch-Site` header for "same-origin" or "none" +- Falls back to comparing `Origin` header with request `Host` +- Requests without these headers are assumed same-origin (non-browser clients) + +Available methods: +- `NewCrossOriginProtection()` - creates new CSRF protection middleware +- `AddTrustedOrigin(origin)` - adds origin allowed for cross-origin requests (format: "scheme://host[:port]") +- `AddBypassPattern(pattern)` - adds URL pattern that bypasses protection (for webhooks, OAuth, etc.) +- `SetDenyHandler(handler)` - sets custom handler for rejected requests (default: 403 Forbidden) +- `Check(request)` - manually validates a request, returns error if blocked +- `Handler(handler)` - wraps an http.Handler with CSRF protection ### Maybe middleware diff --git a/vendor/github.com/go-pkgz/rest/benchmarks.go b/vendor/github.com/go-pkgz/rest/benchmarks.go index 24e1dea..e422d0e 100644 --- a/vendor/github.com/go-pkgz/rest/benchmarks.go +++ b/vendor/github.com/go-pkgz/rest/benchmarks.go @@ -156,10 +156,7 @@ func (b *Benchmarks) Stats(interval time.Duration) BenchmarkStats { } // ensure we calculate rate based on actual interval - actualInterval := fnInterval.Sub(stInterval) - if actualInterval < time.Second { - actualInterval = time.Second - } + actualInterval := max(fnInterval.Sub(stInterval), time.Second) return BenchmarkStats{ Requests: requests, diff --git a/vendor/github.com/go-pkgz/rest/blackwords.go b/vendor/github.com/go-pkgz/rest/blackwords.go index 01c8502..8954db3 100644 --- a/vendor/github.com/go-pkgz/rest/blackwords.go +++ b/vendor/github.com/go-pkgz/rest/blackwords.go @@ -20,8 +20,7 @@ func BlackWords(words ...string) func(http.Handler) http.Handler { if body != "" { for _, word := range words { if strings.Contains(body, strings.ToLower(word)) { - w.WriteHeader(http.StatusForbidden) - RenderJSON(w, JSON{"error": "one of blacklisted words detected"}) + _ = EncodeJSON(w, http.StatusForbidden, JSON{"error": "one of blacklisted words detected"}) return } } diff --git a/vendor/github.com/go-pkgz/rest/cors.go b/vendor/github.com/go-pkgz/rest/cors.go new file mode 100644 index 0000000..df7d8f9 --- /dev/null +++ b/vendor/github.com/go-pkgz/rest/cors.go @@ -0,0 +1,180 @@ +package rest + +import ( + "net/http" + "strconv" + "strings" +) + +// CORSConfig defines CORS middleware configuration. +// Use CorsOpt functions to customize. +type CORSConfig struct { + // AllowedOrigins is a list of origins that may access the resource. + // use "*" to allow all origins (not recommended with credentials). + // default: ["*"] + AllowedOrigins []string + // AllowedMethods is a list of methods the client is allowed to use. + // default: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD + AllowedMethods []string + // AllowedHeaders is a list of headers the client is allowed to send. + // default: Accept, Content-Type, Authorization, X-Requested-With + AllowedHeaders []string + // ExposedHeaders is a list of headers that are safe to expose to the client. + // default: empty + ExposedHeaders []string + // AllowCredentials indicates whether the request can include credentials. + // when true, AllowedOrigins cannot be "*" (browser security restriction). + // default: false + AllowCredentials bool + // MaxAge indicates how long (in seconds) the results of a preflight can be cached. + // default: 0 (no caching) + MaxAge int +} + +// CorsOpt is a functional option for CORSConfig +type CorsOpt func(*CORSConfig) + +// defaultCORSConfig returns config with sensible defaults +func defaultCORSConfig() CORSConfig { + return CORSConfig{ + AllowedOrigins: []string{"*"}, + AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"}, + AllowedHeaders: []string{"Accept", "Content-Type", "Authorization", "X-Requested-With"}, + ExposedHeaders: []string{}, + AllowCredentials: false, + MaxAge: 0, + } +} + +// CorsAllowedOrigins sets the list of allowed origins. +// Use "*" to allow all origins (not recommended with credentials). +func CorsAllowedOrigins(origins ...string) CorsOpt { + return func(c *CORSConfig) { + c.AllowedOrigins = origins + } +} + +// CorsAllowedMethods sets the list of allowed HTTP methods. +func CorsAllowedMethods(methods ...string) CorsOpt { + return func(c *CORSConfig) { + c.AllowedMethods = methods + } +} + +// CorsAllowedHeaders sets the list of allowed request headers. +func CorsAllowedHeaders(headers ...string) CorsOpt { + return func(c *CORSConfig) { + c.AllowedHeaders = headers + } +} + +// CorsExposedHeaders sets the list of headers exposed to the client. +func CorsExposedHeaders(headers ...string) CorsOpt { + return func(c *CORSConfig) { + c.ExposedHeaders = headers + } +} + +// CorsAllowCredentials enables or disables credentials. +// When true, AllowedOrigins cannot be "*". +func CorsAllowCredentials(allow bool) CorsOpt { + return func(c *CORSConfig) { + c.AllowCredentials = allow + } +} + +// CorsMaxAge sets how long (in seconds) preflight results can be cached. +func CorsMaxAge(seconds int) CorsOpt { + return func(c *CORSConfig) { + c.MaxAge = seconds + } +} + +// CORS is middleware that handles Cross-Origin Resource Sharing. +// It handles preflight OPTIONS requests and sets appropriate headers. +// By default allows all origins with common methods and headers. +func CORS(opts ...CorsOpt) func(http.Handler) http.Handler { + cfg := defaultCORSConfig() + for _, opt := range opts { + opt(&cfg) + } + + // pre-compute joined strings for performance + methodsStr := strings.Join(cfg.AllowedMethods, ", ") + headersStr := strings.Join(cfg.AllowedHeaders, ", ") + exposedStr := strings.Join(cfg.ExposedHeaders, ", ") + + // check if wildcard is used + allowAll := len(cfg.AllowedOrigins) == 1 && cfg.AllowedOrigins[0] == "*" + + // build origin lookup for O(1) check (only when not allowing all) + var originSet map[string]bool + if !allowAll { + originSet = make(map[string]bool, len(cfg.AllowedOrigins)) + for _, o := range cfg.AllowedOrigins { + originSet[strings.ToLower(o)] = true + } + } + + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + origin := r.Header.Get("Origin") + + // no origin header means same-origin or non-browser request + if origin == "" { + next.ServeHTTP(w, r) + return + } + + // check if origin is allowed + var allowed bool + if allowAll { + allowed = true + } else { + allowed = originSet[strings.ToLower(origin)] + } + if !allowed { + // origin not allowed, proceed without CORS headers + next.ServeHTTP(w, r) + return + } + + // set Vary header for caching + w.Header().Add("Vary", "Origin") + + // set allowed origin + if allowAll && !cfg.AllowCredentials { + w.Header().Set("Access-Control-Allow-Origin", "*") + } else { + // reflect the specific origin (required for credentials) + w.Header().Set("Access-Control-Allow-Origin", origin) + } + + // set credentials header if enabled + if cfg.AllowCredentials { + w.Header().Set("Access-Control-Allow-Credentials", "true") + } + + // handle preflight request + if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" { + // preflight request + w.Header().Set("Access-Control-Allow-Methods", methodsStr) + w.Header().Set("Access-Control-Allow-Headers", headersStr) + + if cfg.MaxAge > 0 { + w.Header().Set("Access-Control-Max-Age", strconv.Itoa(cfg.MaxAge)) + } + + w.WriteHeader(http.StatusNoContent) + return + } + + // actual request - set exposed headers + if exposedStr != "" { + w.Header().Set("Access-Control-Expose-Headers", exposedStr) + } + + next.ServeHTTP(w, r) + }) + } +} diff --git a/vendor/github.com/go-pkgz/rest/csrf.go b/vendor/github.com/go-pkgz/rest/csrf.go new file mode 100644 index 0000000..0f1f930 --- /dev/null +++ b/vendor/github.com/go-pkgz/rest/csrf.go @@ -0,0 +1,207 @@ +//go:build !go1.25 + +package rest + +import ( + "fmt" + "net/http" + "net/url" + "strings" + "sync" +) + +// CrossOriginProtection provides CSRF protection using modern browser Fetch metadata. +// It validates requests using Sec-Fetch-Site and Origin headers, rejecting cross-origin +// state-changing requests. Safe methods (GET, HEAD, OPTIONS) are always allowed. +// +// For Go 1.25+, this wraps the stdlib http.CrossOriginProtection. +// For earlier versions, it provides an equivalent custom implementation. +type CrossOriginProtection struct { + mu sync.RWMutex + trustedOrigins map[string]bool + bypassPatterns []string + denyHandler http.Handler +} + +// NewCrossOriginProtection creates a new CSRF protection middleware. +func NewCrossOriginProtection() *CrossOriginProtection { + return &CrossOriginProtection{ + trustedOrigins: make(map[string]bool), + } +} + +// AddTrustedOrigin adds an origin that should be allowed to make cross-origin requests. +// The origin must be in the format "scheme://host" or "scheme://host:port". +// Returns an error if the origin format is invalid. +func (c *CrossOriginProtection) AddTrustedOrigin(origin string) error { + u, err := url.Parse(origin) + if err != nil { + return fmt.Errorf("invalid origin: %w", err) + } + if u.Scheme == "" || u.Host == "" { + return fmt.Errorf("origin must have scheme and host: %s", origin) + } + if u.Path != "" && u.Path != "/" { + return fmt.Errorf("origin must not have path: %s", origin) + } + if u.RawQuery != "" || u.Fragment != "" { + return fmt.Errorf("origin must not have query or fragment: %s", origin) + } + + normalized := strings.ToLower(u.Scheme) + "://" + strings.ToLower(u.Host) + + c.mu.Lock() + c.trustedOrigins[normalized] = true + c.mu.Unlock() + return nil +} + +// AddBypassPattern adds a URL pattern that should bypass CSRF protection. +// Patterns follow the same syntax as http.ServeMux (e.g., "/api/webhook", "/oauth/"). +// Use sparingly and only for endpoints that have alternative authentication. +func (c *CrossOriginProtection) AddBypassPattern(pattern string) { + c.mu.Lock() + c.bypassPatterns = append(c.bypassPatterns, pattern) + c.mu.Unlock() +} + +// SetDenyHandler sets a custom handler for rejected requests. +// If not set, rejected requests receive a 403 Forbidden response. +func (c *CrossOriginProtection) SetDenyHandler(h http.Handler) { + c.mu.Lock() + c.denyHandler = h + c.mu.Unlock() +} + +// Check validates a request against CSRF protection rules. +// Returns nil if the request is allowed, or an error describing why it was rejected. +func (c *CrossOriginProtection) Check(r *http.Request) error { + // safe methods are always allowed + if isSafeMethod(r.Method) { + return nil + } + + // check bypass patterns + if c.matchesBypassPattern(r.URL.Path) { + return nil + } + + // check Sec-Fetch-Site header (modern browsers) + secFetchSite := r.Header.Get("Sec-Fetch-Site") + if secFetchSite != "" { + switch secFetchSite { + case "same-origin", "none": + return nil + case "cross-site", "same-site": + // check if origin is trusted + origin := r.Header.Get("Origin") + if origin != "" && c.isOriginTrusted(origin) { + return nil + } + return fmt.Errorf("cross-origin request blocked: Sec-Fetch-Site=%s", secFetchSite) + } + } + + // fallback: check Origin header against Host + origin := r.Header.Get("Origin") + if origin != "" { + // check if origin is trusted + if c.isOriginTrusted(origin) { + return nil + } + + // compare origin host with request host + originURL, err := url.Parse(origin) + if err != nil { + return fmt.Errorf("invalid Origin header: %w", err) + } + + requestHost := r.Host + if requestHost == "" { + requestHost = r.URL.Host + } + + // normalize hosts for comparison + originHost := strings.ToLower(originURL.Host) + requestHost = strings.ToLower(requestHost) + + if originHost != requestHost { + return fmt.Errorf("cross-origin request blocked: origin %s does not match host %s", originHost, requestHost) + } + return nil + } + + // no Sec-Fetch-Site or Origin headers - assume same-origin or non-browser request + return nil +} + +// Handler wraps an http.Handler with CSRF protection. +// Rejected requests receive a 403 Forbidden response (or custom deny handler). +func (c *CrossOriginProtection) Handler(h http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if err := c.Check(r); err != nil { + c.mu.RLock() + deny := c.denyHandler + c.mu.RUnlock() + + if deny != nil { + deny.ServeHTTP(w, r) + return + } + http.Error(w, "Forbidden - CSRF check failed", http.StatusForbidden) + return + } + h.ServeHTTP(w, r) + }) +} + +// isSafeMethod returns true for HTTP methods that don't modify state. +func isSafeMethod(method string) bool { + switch method { + case http.MethodGet, http.MethodHead, http.MethodOptions: + return true + } + return false +} + +// isOriginTrusted checks if the origin is in the trusted list. +func (c *CrossOriginProtection) isOriginTrusted(origin string) bool { + u, err := url.Parse(origin) + if err != nil { + return false + } + normalized := strings.ToLower(u.Scheme) + "://" + strings.ToLower(u.Host) + + c.mu.RLock() + trusted := c.trustedOrigins[normalized] + c.mu.RUnlock() + return trusted +} + +// matchesBypassPattern checks if the path matches any bypass pattern. +func (c *CrossOriginProtection) matchesBypassPattern(path string) bool { + c.mu.RLock() + patterns := make([]string, len(c.bypassPatterns)) + copy(patterns, c.bypassPatterns) + c.mu.RUnlock() + + for _, pattern := range patterns { + if matchPattern(pattern, path) { + return true + } + } + return false +} + +// matchPattern implements simple pattern matching similar to http.ServeMux. +func matchPattern(pattern, path string) bool { + // exact match + if pattern == path { + return true + } + // prefix match for patterns ending with / + if strings.HasSuffix(pattern, "/") && strings.HasPrefix(path, pattern) { + return true + } + return false +} diff --git a/vendor/github.com/go-pkgz/rest/csrf_go125.go b/vendor/github.com/go-pkgz/rest/csrf_go125.go new file mode 100644 index 0000000..d229f0d --- /dev/null +++ b/vendor/github.com/go-pkgz/rest/csrf_go125.go @@ -0,0 +1,111 @@ +//go:build go1.25 + +package rest + +import ( + "fmt" + "net/http" + "net/url" + "strings" +) + +// CrossOriginProtection provides CSRF protection using modern browser Fetch metadata. +// It validates requests using Sec-Fetch-Site and Origin headers, rejecting cross-origin +// state-changing requests. Safe methods (GET, HEAD, OPTIONS) are always allowed. +// +// For Go 1.25+, this wraps the stdlib http.CrossOriginProtection. +// For earlier versions, it provides an equivalent custom implementation. +type CrossOriginProtection struct { + stdlib *http.CrossOriginProtection +} + +// NewCrossOriginProtection creates a new CSRF protection middleware. +func NewCrossOriginProtection() *CrossOriginProtection { + return &CrossOriginProtection{ + stdlib: http.NewCrossOriginProtection(), + } +} + +// AddTrustedOrigin adds an origin that should be allowed to make cross-origin requests. +// The origin must be in the format "scheme://host" or "scheme://host:port". +// Returns an error if the origin format is invalid. +func (c *CrossOriginProtection) AddTrustedOrigin(origin string) error { + u, err := url.Parse(origin) + if err != nil { + return fmt.Errorf("invalid origin: %w", err) + } + if u.Scheme == "" || u.Host == "" { + return fmt.Errorf("origin must have scheme and host: %s", origin) + } + if u.Path != "" && u.Path != "/" { + return fmt.Errorf("origin must not have path: %s", origin) + } + if u.RawQuery != "" || u.Fragment != "" { + return fmt.Errorf("origin must not have query or fragment: %s", origin) + } + + // normalize to lowercase for consistent case-insensitive matching + normalized := strings.ToLower(u.Scheme) + "://" + strings.ToLower(u.Host) + return c.stdlib.AddTrustedOrigin(normalized) +} + +// AddBypassPattern adds a URL pattern that should bypass CSRF protection. +// Patterns follow the same syntax as http.ServeMux (e.g., "/api/webhook", "/oauth/"). +// Use sparingly and only for endpoints that have alternative authentication. +func (c *CrossOriginProtection) AddBypassPattern(pattern string) { + c.stdlib.AddInsecureBypassPattern(pattern) +} + +// SetDenyHandler sets a custom handler for rejected requests. +// If not set, rejected requests receive a 403 Forbidden response. +func (c *CrossOriginProtection) SetDenyHandler(h http.Handler) { + c.stdlib.SetDenyHandler(h) +} + +// Check validates a request against CSRF protection rules. +// Returns nil if the request is allowed, or an error describing why it was rejected. +func (c *CrossOriginProtection) Check(r *http.Request) error { + // the stdlib Check method panics or returns void, so we use our own check logic + // by creating a test handler and seeing if it gets called + + // safe methods are always allowed + switch r.Method { + case http.MethodGet, http.MethodHead, http.MethodOptions: + return nil + } + + // use a test to determine if request would be allowed + allowed := false + testHandler := http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) { + allowed = true + }) + + // create a response recorder to capture the result + rec := &discardResponseWriter{} + c.stdlib.Handler(testHandler).ServeHTTP(rec, r) + + if !allowed { + return fmt.Errorf("cross-origin request blocked by CSRF protection") + } + return nil +} + +// Handler wraps an http.Handler with CSRF protection. +// Rejected requests receive a 403 Forbidden response (or custom deny handler). +func (c *CrossOriginProtection) Handler(h http.Handler) http.Handler { + return c.stdlib.Handler(h) +} + +// discardResponseWriter is a minimal ResponseWriter for testing. +type discardResponseWriter struct { + header http.Header +} + +func (d *discardResponseWriter) Header() http.Header { + if d.header == nil { + d.header = make(http.Header) + } + return d.header +} +func (d *discardResponseWriter) Write(b []byte) (int, error) { return len(b), nil } +func (d *discardResponseWriter) WriteHeader(_ int) {} diff --git a/vendor/github.com/go-pkgz/rest/file_server.go b/vendor/github.com/go-pkgz/rest/file_server.go index ccf47df..088ac9d 100644 --- a/vendor/github.com/go-pkgz/rest/file_server.go +++ b/vendor/github.com/go-pkgz/rest/file_server.go @@ -68,12 +68,14 @@ func NewFileServer(public, local string, options ...FsOpt) (*FS, error) { } // FileServer is a shortcut for making FS with listing disabled and the custom noFound reader (can be nil). +// // Deprecated: the method is for back-compatibility only and user should use the universal NewFileServer instead func FileServer(public, local string, notFound io.Reader) (http.Handler, error) { return NewFileServer(public, local, FsOptCustom404(notFound)) } // FileServerSPA is a shortcut for making FS with SPA-friendly handling of 404, listing disabled and the custom noFound reader (can be nil). +// // Deprecated: the method is for back-compatibility only and user should use the universal NewFileServer instead func FileServerSPA(public, local string, notFound io.Reader) (http.Handler, error) { return NewFileServer(public, local, FsOptCustom404(notFound), FsOptSPA) diff --git a/vendor/github.com/go-pkgz/rest/gzip.go b/vendor/github.com/go-pkgz/rest/gzip.go index a7328b0..67cac26 100644 --- a/vendor/github.com/go-pkgz/rest/gzip.go +++ b/vendor/github.com/go-pkgz/rest/gzip.go @@ -20,7 +20,7 @@ var gzDefaultContentTypes = []string{ } var gzPool = sync.Pool{ - New: func() interface{} { return gzip.NewWriter(io.Discard) }, + New: func() any { return gzip.NewWriter(io.Discard) }, } type gzipResponseWriter struct { diff --git a/vendor/github.com/go-pkgz/rest/logger/logger.go b/vendor/github.com/go-pkgz/rest/logger/logger.go index e814663..df40932 100644 --- a/vendor/github.com/go-pkgz/rest/logger/logger.go +++ b/vendor/github.com/go-pkgz/rest/logger/logger.go @@ -32,7 +32,7 @@ type Middleware struct { // Backend is logging backend type Backend interface { - Logf(format string, args ...interface{}) + Logf(format string, args ...any) } type logParts struct { @@ -51,7 +51,7 @@ type logParts struct { type stdBackend struct{} -func (s stdBackend) Logf(format string, args ...interface{}) { +func (s stdBackend) Logf(format string, args ...any) { log.Printf(format, args...) } @@ -220,8 +220,8 @@ func (l *Middleware) getBody(r *http.Request) string { // "The Server will close the request body. The ServeHTTP Handler does not need to." // https://golang.org/pkg/net/http/#Request - // So we can use ioutil.NopCloser() to make io.ReadCloser. - // Note that below assignment is not approved by the docs: + // so we can use ioutil.NopCloser() to make io.ReadCloser. + // note that below assignment is not approved by the docs: // "Except for reading the body, handlers should not modify the provided Request." // https://golang.org/pkg/net/http/#Handler r.Body = io.NopCloser(reader) @@ -355,5 +355,5 @@ func (c *customResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { if hj, ok := c.ResponseWriter.(http.Hijacker); ok { return hj.Hijack() } - return nil, nil, fmt.Errorf("ResponseWriter does not implement the Hijacker interface") //nolint:golint //capital letter is OK here + return nil, nil, fmt.Errorf("ResponseWriter does not implement the Hijacker interface") } diff --git a/vendor/github.com/go-pkgz/rest/metrics.go b/vendor/github.com/go-pkgz/rest/metrics.go index 1cf0a41..6edc2da 100644 --- a/vendor/github.com/go-pkgz/rest/metrics.go +++ b/vendor/github.com/go-pkgz/rest/metrics.go @@ -13,8 +13,7 @@ func Metrics(onlyIps ...string) func(http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { if r.Method == "GET" && strings.HasSuffix(strings.ToLower(r.URL.Path), "/metrics") { if matched, ip, err := matchSourceIP(r, onlyIps); !matched || err != nil { - w.WriteHeader(http.StatusForbidden) - RenderJSON(w, JSON{"error": fmt.Sprintf("ip %s rejected", ip)}) + _ = EncodeJSON(w, http.StatusForbidden, JSON{"error": fmt.Sprintf("ip %s rejected", ip)}) return } expvar.Handler().ServeHTTP(w, r) diff --git a/vendor/github.com/go-pkgz/rest/middleware.go b/vendor/github.com/go-pkgz/rest/middleware.go index 86b3cc1..59e9f06 100644 --- a/vendor/github.com/go-pkgz/rest/middleware.go +++ b/vendor/github.com/go-pkgz/rest/middleware.go @@ -19,7 +19,6 @@ func Wrap(handler http.Handler, mws ...func(http.Handler) http.Handler) http.Han return handler } - // AppInfo adds custom app-info to the response header func AppInfo(app, author, version string) func(http.Handler) http.Handler { f := func(h http.Handler) http.Handler { @@ -37,14 +36,17 @@ func AppInfo(app, author, version string) func(http.Handler) http.Handler { return f } -// Ping middleware response with pong to /ping. Stops chain if ping request detected +// Ping middleware response with pong to /ping. Stops chain if ping request detected. +// Handles both GET and HEAD methods - HEAD returns headers only without body, +// which is useful for lightweight health checks by monitoring tools. func Ping(next http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { - - if r.Method == "GET" && strings.HasSuffix(strings.ToLower(r.URL.Path), "/ping") { + if (r.Method == "GET" || r.Method == "HEAD") && strings.HasSuffix(strings.ToLower(r.URL.Path), "/ping") { w.Header().Set("Content-Type", "text/plain") w.WriteHeader(http.StatusOK) - _, _ = w.Write([]byte("pong")) + if r.Method == "GET" { + _, _ = w.Write([]byte("pong")) + } return } next.ServeHTTP(w, r) @@ -82,12 +84,11 @@ func Health(path string, checkers ...func(ctx context.Context) (name string, err } resp = append(resp, hh) } + status := http.StatusOK if anyError { - w.WriteHeader(http.StatusServiceUnavailable) - } else { - w.WriteHeader(http.StatusOK) + status = http.StatusServiceUnavailable } - RenderJSON(w, resp) + _ = EncodeJSON(w, status, resp) } return http.HandlerFunc(fn) } @@ -147,13 +148,19 @@ func Maybe(mw func(http.Handler) http.Handler, maybeFn func(r *http.Request) boo } } -// RealIP is a middleware that sets a http.Request's RemoteAddr to the results -// of parsing either the X-Forwarded-For or X-Real-IP headers. +// RealIP is a middleware that sets a http.Request's RemoteAddr to the client's real IP. +// It checks headers in the following priority order: +// 1. X-Real-IP - trusted proxy (nginx/reproxy) sets this to actual client +// 2. CF-Connecting-IP - Cloudflare's header for original client +// 3. X-Forwarded-For - leftmost public IP (original client in CDN/proxy chain) +// 4. RemoteAddr - fallback for direct connections +// +// Only public IPs are accepted from headers; private/loopback/link-local IPs are skipped. // // This middleware should only be used if user can trust the headers sent with request. // If reverse proxies are configured to pass along arbitrary header values from the client, // or if this middleware used without a reverse proxy, malicious clients could set anything -// as X-Forwarded-For header and attack the server in various ways. +// as these headers and spoof their IP address. func RealIP(h http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { if rip, err := realip.Get(r); err == nil { diff --git a/vendor/github.com/go-pkgz/rest/nocache.go b/vendor/github.com/go-pkgz/rest/nocache.go index aa0fa94..9808a0e 100644 --- a/vendor/github.com/go-pkgz/rest/nocache.go +++ b/vendor/github.com/go-pkgz/rest/nocache.go @@ -29,21 +29,22 @@ var etagHeaders = []string{ // a router (or subrouter) from being cached by an upstream proxy and/or client. // // As per http://wiki.nginx.org/HttpProxyModule - NoCache sets: -// Expires: Thu, 01 Jan 1970 00:00:00 UTC -// Cache-Control: no-cache, private, max-age=0 -// X-Accel-Expires: 0 -// Pragma: no-cache (for HTTP/1.0 proxies/clients) +// +// Expires: Thu, 01 Jan 1970 00:00:00 UTC +// Cache-Control: no-cache, private, max-age=0 +// X-Accel-Expires: 0 +// Pragma: no-cache (for HTTP/1.0 proxies/clients) func NoCache(h http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { - // Delete any ETag headers that may have been set + // delete any ETag headers that may have been set for _, v := range etagHeaders { if r.Header.Get(v) != "" { r.Header.Del(v) } } - // Set our NoCache headers + // set our NoCache headers for k, v := range noCacheHeaders { w.Header().Set(k, v) } diff --git a/vendor/github.com/go-pkgz/rest/onlyfrom.go b/vendor/github.com/go-pkgz/rest/onlyfrom.go index cccd77e..acc8ff2 100644 --- a/vendor/github.com/go-pkgz/rest/onlyfrom.go +++ b/vendor/github.com/go-pkgz/rest/onlyfrom.go @@ -21,8 +21,7 @@ func OnlyFrom(onlyIps ...string) func(http.Handler) http.Handler { } matched, ip, err := matchSourceIP(r, onlyIps) if err != nil { - w.WriteHeader(http.StatusInternalServerError) - RenderJSON(w, JSON{"error": fmt.Sprintf("can't get realip: %s", err)}) + _ = EncodeJSON(w, http.StatusInternalServerError, JSON{"error": fmt.Sprintf("can't get realip: %s", err)}) return } if matched { @@ -31,8 +30,7 @@ func OnlyFrom(onlyIps ...string) func(http.Handler) http.Handler { return } - w.WriteHeader(http.StatusForbidden) - RenderJSON(w, JSON{"error": fmt.Sprintf("ip %q rejected", ip)}) + _ = EncodeJSON(w, http.StatusForbidden, JSON{"error": fmt.Sprintf("ip %q rejected", ip)}) } return http.HandlerFunc(fn) } diff --git a/vendor/github.com/go-pkgz/rest/realip/real.go b/vendor/github.com/go-pkgz/rest/realip/real.go index eb7a952..cb492b1 100644 --- a/vendor/github.com/go-pkgz/rest/realip/real.go +++ b/vendor/github.com/go-pkgz/rest/realip/real.go @@ -33,49 +33,72 @@ var privateRanges = []ipRange{ {start: net.ParseIP("fe80::"), end: net.ParseIP("febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff")}, } -// Get returns real ip from the given request -// Prioritize public IPs over private IPs +// Get returns real IP from the given request. +// It checks headers in the following priority order: +// 1. X-Real-IP - trusted proxy (nginx/reproxy) sets this to actual client +// 2. CF-Connecting-IP - Cloudflare's header for original client +// 3. X-Forwarded-For - leftmost public IP (original client in CDN chain) +// 4. RemoteAddr - fallback for direct connections +// +// Only public IPs are accepted from headers; private/loopback/link-local IPs are skipped. func Get(r *http.Request) (string, error) { - var firstIP string - for _, h := range []string{"X-Forwarded-For", "X-Real-Ip"} { - addresses := strings.Split(r.Header.Get(h), ",") - for i := len(addresses) - 1; i >= 0; i-- { - ip := strings.TrimSpace(addresses[i]) - realIP := net.ParseIP(ip) - if firstIP == "" && realIP != nil { - firstIP = ip - } - // Guard against nil realIP - if realIP == nil || !realIP.IsGlobalUnicast() || isPrivateSubnet(realIP) { - continue + // check X-Real-IP first (single value, set by trusted proxy) + if xRealIP := strings.TrimSpace(r.Header.Get("X-Real-IP")); xRealIP != "" { + if ip := net.ParseIP(xRealIP); isPublicIP(ip) { + return xRealIP, nil + } + } + + // check CF-Connecting-IP (Cloudflare's header) + if cfIP := strings.TrimSpace(r.Header.Get("CF-Connecting-IP")); cfIP != "" { + if ip := net.ParseIP(cfIP); isPublicIP(ip) { + return cfIP, nil + } + } + + // check X-Forwarded-For, find leftmost public IP + if xff := r.Header.Get("X-Forwarded-For"); xff != "" { + for addr := range strings.SplitSeq(xff, ",") { + ip := strings.TrimSpace(addr) + if parsedIP := net.ParseIP(ip); isPublicIP(parsedIP) { + return ip, nil } - return ip, nil } } - if firstIP != "" { - return firstIP, nil + // fall back to RemoteAddr + return parseRemoteAddr(r.RemoteAddr) +} + +// isPublicIP checks if the IP is a valid public (globally routable) IP address. +func isPublicIP(ip net.IP) bool { + if ip == nil { + return false + } + if !ip.IsGlobalUnicast() { + return false } + return !isPrivateSubnet(ip) +} - // handle RemoteAddr which may be just an IP or IP:port - remoteIP := r.RemoteAddr +// parseRemoteAddr extracts and validates IP from RemoteAddr (handles both "ip" and "ip:port" formats). +func parseRemoteAddr(remoteAddr string) (string, error) { + if remoteAddr == "" { + return "", fmt.Errorf("empty remote address") + } // try to extract host from host:port format - host, _, err := net.SplitHostPort(remoteIP) + host, _, err := net.SplitHostPort(remoteAddr) if err == nil { - remoteIP = host + remoteAddr = host } - // at this point remoteIP could be either: - // 1. the host part extracted from host:port - // 2. yhe original RemoteAddr if it doesn't contain a port - - // try to parse it as a valid IP address - if netIP := net.ParseIP(remoteIP); netIP == nil { - return "", fmt.Errorf("no valid ip found in %q", r.RemoteAddr) + // validate it's a proper IP address + if netIP := net.ParseIP(remoteAddr); netIP == nil { + return "", fmt.Errorf("no valid ip found in %q", remoteAddr) } - return remoteIP, nil + return remoteAddr, nil } // isPrivateSubnet - check to see if this ip is in a private subnet diff --git a/vendor/github.com/go-pkgz/rest/rest.go b/vendor/github.com/go-pkgz/rest/rest.go index d8181f3..94b3e9d 100644 --- a/vendor/github.com/go-pkgz/rest/rest.go +++ b/vendor/github.com/go-pkgz/rest/rest.go @@ -13,7 +13,7 @@ import ( type JSON map[string]any // RenderJSON sends data as json -func RenderJSON(w http.ResponseWriter, data interface{}) { +func RenderJSON(w http.ResponseWriter, data any) { buf := &bytes.Buffer{} enc := json.NewEncoder(buf) enc.SetEscapeHTML(true) @@ -35,9 +35,8 @@ func RenderJSONFromBytes(w http.ResponseWriter, r *http.Request, data []byte) er } // RenderJSONWithHTML allows html tags and forces charset=utf-8 -func RenderJSONWithHTML(w http.ResponseWriter, r *http.Request, v interface{}) error { - - encodeJSONWithHTML := func(v interface{}) ([]byte, error) { +func RenderJSONWithHTML(w http.ResponseWriter, r *http.Request, v any) error { + encodeJSONWithHTML := func(v any) ([]byte, error) { buf := &bytes.Buffer{} enc := json.NewEncoder(buf) enc.SetEscapeHTML(false) @@ -55,7 +54,7 @@ func RenderJSONWithHTML(w http.ResponseWriter, r *http.Request, v interface{}) e } // renderJSONWithStatus sends data as json and enforces status code -func renderJSONWithStatus(w http.ResponseWriter, data interface{}, code int) { +func renderJSONWithStatus(w http.ResponseWriter, data any, code int) { buf := &bytes.Buffer{} enc := json.NewEncoder(buf) enc.SetEscapeHTML(true) diff --git a/vendor/github.com/go-pkgz/rest/rewrite.go b/vendor/github.com/go-pkgz/rest/rewrite.go index f3286bd..d9e9537 100644 --- a/vendor/github.com/go-pkgz/rest/rewrite.go +++ b/vendor/github.com/go-pkgz/rest/rewrite.go @@ -9,6 +9,79 @@ import ( "strings" ) +// CleanPath middleware cleans double slashes from URL path. +// For example, if a request is made to /users//1 or //users////1, +// it will be cleaned to /users/1 before routing. +// Trailing slashes are preserved: /users//1/ becomes /users/1/. +// Dot segments (. and ..) are intentionally NOT cleaned to preserve routing semantics. +func CleanPath(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + rctx := r.Context() + // skip if already cleaned + if _, ok := rctx.Value(contextKey("cleanpath")).(bool); ok { + next.ServeHTTP(w, r) + return + } + + p := r.URL.Path + cleaned := cleanDoubleSlashes(p) + + if cleaned != p { + r.URL.Path = cleaned + if r.URL.RawPath != "" { + // clean double slashes in RawPath separately to preserve percent-encoding + r.URL.RawPath = cleanDoubleSlashes(r.URL.RawPath) + } + rctx = context.WithValue(rctx, contextKey("cleanpath"), true) + r = r.WithContext(rctx) + } + next.ServeHTTP(w, r) + }) +} + +// cleanDoubleSlashes removes consecutive slashes from path while preserving +// trailing slashes and dot segments (. and ..). +func cleanDoubleSlashes(p string) string { + if p == "" || p == "/" { + return p + } + + var b strings.Builder + b.Grow(len(p)) + + prevSlash := false + for i := 0; i < len(p); i++ { + c := p[i] + if c == '/' { + if !prevSlash { + b.WriteByte(c) + } + prevSlash = true + } else { + b.WriteByte(c) + prevSlash = false + } + } + + return b.String() +} + +// StripSlashes middleware removes trailing slashes from URL path. +// For example, /users/1/ becomes /users/1. +// The root path "/" is preserved. +func StripSlashes(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + p := r.URL.Path + if len(p) > 1 && p[len(p)-1] == '/' { + r.URL.Path = p[:len(p)-1] + if r.URL.RawPath != "" { + r.URL.RawPath = strings.TrimSuffix(r.URL.RawPath, "/") + } + } + next.ServeHTTP(w, r) + }) +} + // Rewrite middleware with from->to rule. Supports regex (like nginx) and prevents multiple rewrites // example: Rewrite(`^/sites/(.*)/settings/$`, `/sites/settings/$1` func Rewrite(from, to string) func(http.Handler) http.Handler { diff --git a/vendor/github.com/go-pkgz/rest/secure.go b/vendor/github.com/go-pkgz/rest/secure.go new file mode 100644 index 0000000..19d4eb0 --- /dev/null +++ b/vendor/github.com/go-pkgz/rest/secure.go @@ -0,0 +1,207 @@ +package rest + +import ( + "net/http" + "strconv" + "strings" +) + +// SecureConfig defines security headers configuration. +// Use SecOpt functions to customize. +type SecureConfig struct { + // xFrameOptions sets X-Frame-Options header. Default: DENY + XFrameOptions string + // xContentTypeOptions sets X-Content-Type-Options. Default: nosniff + XContentTypeOptions string + // ReferrerPolicy sets Referrer-Policy header. Default: strict-origin-when-cross-origin + ReferrerPolicy string + // ContentSecurityPolicy sets Content-Security-Policy header. Default: empty (not set) + ContentSecurityPolicy string + // PermissionsPolicy sets Permissions-Policy header. Default: empty (not set) + PermissionsPolicy string + // sTSSeconds sets max-age for Strict-Transport-Security. 0 disables. + // only sent when request uses HTTPS. Default: 31536000 (1 year) + STSSeconds int + // sTSIncludeSubdomains adds includeSubDomains to HSTS. Default: true + STSIncludeSubdomains bool + // sTSPreload adds preload flag to HSTS. Default: false + STSPreload bool + // xSSProtection sets X-XSS-Protection header. Default: 1; mode=block + // note: this header is deprecated in modern browsers but still useful for older ones + XSSProtection string +} + +// SecOpt is a functional option for SecureConfig +type SecOpt func(*SecureConfig) + +// defaultSecureConfig returns config with sensible defaults +func defaultSecureConfig() SecureConfig { + return SecureConfig{ + XFrameOptions: "DENY", + XContentTypeOptions: "nosniff", + ReferrerPolicy: "strict-origin-when-cross-origin", + STSSeconds: 31536000, // 1 year + STSIncludeSubdomains: true, + STSPreload: false, + XSSProtection: "1; mode=block", + } +} + +// SecFrameOptions sets X-Frame-Options header. +// Common values: "DENY", "SAMEORIGIN" +func SecFrameOptions(value string) SecOpt { + return func(c *SecureConfig) { + c.XFrameOptions = value + } +} + +// SecContentTypeNosniff enables or disables X-Content-Type-Options: nosniff +func SecContentTypeNosniff(enable bool) SecOpt { + return func(c *SecureConfig) { + if enable { + c.XContentTypeOptions = "nosniff" + } else { + c.XContentTypeOptions = "" + } + } +} + +// SecReferrerPolicy sets Referrer-Policy header. +// Common values: "no-referrer", "same-origin", "strict-origin", "strict-origin-when-cross-origin" +func SecReferrerPolicy(policy string) SecOpt { + return func(c *SecureConfig) { + c.ReferrerPolicy = policy + } +} + +// SecContentSecurityPolicy sets Content-Security-Policy header. +// Example: "default-src 'self'; script-src 'self'" +func SecContentSecurityPolicy(policy string) SecOpt { + return func(c *SecureConfig) { + c.ContentSecurityPolicy = policy + } +} + +// SecPermissionsPolicy sets Permissions-Policy header. +// Example: "geolocation=(), microphone=()" +func SecPermissionsPolicy(policy string) SecOpt { + return func(c *SecureConfig) { + c.PermissionsPolicy = policy + } +} + +// SecHSTS configures Strict-Transport-Security header. +// maxAge is in seconds (0 disables HSTS), includeSubdomains and preload are optional flags. +// Note: HSTS header is only sent when the request is over HTTPS. +func SecHSTS(maxAge int, includeSubdomains, preload bool) SecOpt { + return func(c *SecureConfig) { + c.STSSeconds = maxAge + c.STSIncludeSubdomains = includeSubdomains + c.STSPreload = preload + } +} + +// SecXSSProtection sets X-XSS-Protection header. +// Set to empty string to disable. Common values: "0", "1", "1; mode=block" +func SecXSSProtection(value string) SecOpt { + return func(c *SecureConfig) { + c.XSSProtection = value + } +} + +// SecAllHeaders is a convenience option to set common headers for secure web applications. +// Sets CSP with self-only policy and restrictive permissions. +func SecAllHeaders() SecOpt { + return func(c *SecureConfig) { + c.ContentSecurityPolicy = "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; form-action 'self'; frame-ancestors 'none'" + c.PermissionsPolicy = "geolocation=(), microphone=(), camera=()" + } +} + +// Secure is middleware that adds security headers to responses. +// By default it sets: X-Frame-Options, X-Content-Type-Options, Referrer-Policy, +// X-XSS-Protection, and Strict-Transport-Security (for HTTPS only). +// Use SecOpt functions to customize the configuration. +func Secure(opts ...SecOpt) func(http.Handler) http.Handler { + cfg := defaultSecureConfig() + for _, opt := range opts { + opt(&cfg) + } + + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // set security headers + if cfg.XFrameOptions != "" { + w.Header().Set("X-Frame-Options", cfg.XFrameOptions) + } + if cfg.XContentTypeOptions != "" { + w.Header().Set("X-Content-Type-Options", cfg.XContentTypeOptions) + } + if cfg.ReferrerPolicy != "" { + w.Header().Set("Referrer-Policy", cfg.ReferrerPolicy) + } + if cfg.XSSProtection != "" { + w.Header().Set("X-XSS-Protection", cfg.XSSProtection) + } + if cfg.ContentSecurityPolicy != "" { + w.Header().Set("Content-Security-Policy", cfg.ContentSecurityPolicy) + } + if cfg.PermissionsPolicy != "" { + w.Header().Set("Permissions-Policy", cfg.PermissionsPolicy) + } + + // HSTS only for HTTPS connections + if cfg.STSSeconds > 0 && isHTTPS(r) { + sts := "max-age=" + strconv.Itoa(cfg.STSSeconds) + if cfg.STSIncludeSubdomains { + sts += "; includeSubDomains" + } + if cfg.STSPreload { + sts += "; preload" + } + w.Header().Set("Strict-Transport-Security", sts) + } + + next.ServeHTTP(w, r) + }) + } +} + +// isHTTPS checks if the request is over HTTPS by examining TLS state and common proxy headers +func isHTTPS(r *http.Request) bool { + // direct TLS connection + if r.TLS != nil { + return true + } + // check common proxy headers (case-insensitive) + if strings.EqualFold(r.Header.Get("X-Forwarded-Proto"), "https") { + return true + } + // check RFC 7239 Forwarded header + if forwarded := r.Header.Get("Forwarded"); forwarded != "" { + if forwardedProtoIsHTTPS(forwarded) { + return true + } + } + return false +} + +// forwardedProtoIsHTTPS parses RFC 7239 Forwarded header to check for proto=https. +// The header format is: Forwarded: for=1.2.3.4;proto=https;by=proxy, for=5.6.7.8 +// Parameters are separated by semicolons, multiple forwarded elements by commas. +func forwardedProtoIsHTTPS(header string) bool { + // split by comma to get individual forwarded elements + for element := range strings.SplitSeq(header, ",") { + // split by semicolon to get parameters within element + for param := range strings.SplitSeq(element, ";") { + param = strings.TrimSpace(param) + // check for proto=https (case-insensitive per RFC 7239) + if len(param) > 6 && strings.EqualFold(param[:6], "proto=") { + if strings.EqualFold(strings.TrimSpace(param[6:]), "https") { + return true + } + } + } + } + return false +} diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go index 2f45dbc..f69fd75 100644 --- a/vendor/golang.org/x/sync/errgroup/errgroup.go +++ b/vendor/golang.org/x/sync/errgroup/errgroup.go @@ -144,8 +144,8 @@ func (g *Group) SetLimit(n int) { g.sem = nil return } - if len(g.sem) != 0 { - panic(fmt.Errorf("errgroup: modify limit while %v goroutines in the group are still active", len(g.sem))) + if active := len(g.sem); active != 0 { + panic(fmt.Errorf("errgroup: modify limit while %v goroutines in the group are still active", active)) } g.sem = make(chan token, n) } diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go index 34c9ae7..6354199 100644 --- a/vendor/golang.org/x/sys/cpu/cpu.go +++ b/vendor/golang.org/x/sys/cpu/cpu.go @@ -92,9 +92,6 @@ var ARM64 struct { HasSHA2 bool // SHA2 hardware implementation HasCRC32 bool // CRC32 hardware implementation HasATOMICS bool // Atomic memory operation instruction set - HasHPDS bool // Hierarchical permission disables in translations tables - HasLOR bool // Limited ordering regions - HasPAN bool // Privileged access never HasFPHP bool // Half precision floating-point instruction set HasASIMDHP bool // Advanced SIMD half precision instruction set HasCPUID bool // CPUID identification scheme registers diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go index f449c67..af2aa99 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go @@ -65,10 +65,10 @@ func setMinimalFeatures() { func readARM64Registers() { Initialized = true - parseARM64SystemRegisters(getisar0(), getisar1(), getmmfr1(), getpfr0()) + parseARM64SystemRegisters(getisar0(), getisar1(), getpfr0()) } -func parseARM64SystemRegisters(isar0, isar1, mmfr1, pfr0 uint64) { +func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) { // ID_AA64ISAR0_EL1 switch extractBits(isar0, 4, 7) { case 1: @@ -152,22 +152,6 @@ func parseARM64SystemRegisters(isar0, isar1, mmfr1, pfr0 uint64) { ARM64.HasI8MM = true } - // ID_AA64MMFR1_EL1 - switch extractBits(mmfr1, 12, 15) { - case 1, 2: - ARM64.HasHPDS = true - } - - switch extractBits(mmfr1, 16, 19) { - case 1: - ARM64.HasLOR = true - } - - switch extractBits(mmfr1, 20, 23) { - case 1, 2, 3: - ARM64.HasPAN = true - } - // ID_AA64PFR0_EL1 switch extractBits(pfr0, 16, 19) { case 0: diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s index a4f24b3..3b0450a 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s +++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s @@ -20,13 +20,6 @@ TEXT ·getisar1(SB),NOSPLIT,$0-8 MOVD R0, ret+0(FP) RET -// func getmmfr1() uint64 -TEXT ·getmmfr1(SB),NOSPLIT,$0-8 - // get Memory Model Feature Register 1 into x0 - MRS ID_AA64MMFR1_EL1, R0 - MOVD R0, ret+0(FP) - RET - // func getpfr0() uint64 TEXT ·getpfr0(SB),NOSPLIT,$0-8 // get Processor Feature Register 0 into x0 diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go index e3fc5a8..6ac6e1e 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go @@ -8,6 +8,5 @@ package cpu func getisar0() uint64 func getisar1() uint64 -func getmmfr1() uint64 func getpfr0() uint64 func getzfr0() uint64 diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go index 8df2079..7f19467 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go @@ -8,5 +8,4 @@ package cpu func getisar0() uint64 { return 0 } func getisar1() uint64 { return 0 } -func getmmfr1() uint64 { return 0 } func getpfr0() uint64 { return 0 } diff --git a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go index 19aea06..ebfb3fc 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go @@ -167,7 +167,7 @@ func doinit() { setMinimalFeatures() return } - parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64mmfr1, cpuid.aa64pfr0) + parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64pfr0) Initialized = true } diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go index 87fd3a7..85b64d5 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go @@ -59,7 +59,7 @@ func doinit() { if !ok { return } - parseARM64SystemRegisters(isar0, isar1, 0, 0) + parseARM64SystemRegisters(isar0, isar1, 0) Initialized = true } diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 4251707..fd39be4 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -256,6 +256,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -613,7 +614,7 @@ ccflags="$@" $2 !~ /IOC_MAGIC/ && $2 ~ /^[A-Z][A-Z0-9_]+_MAGIC2?$/ || $2 ~ /^(VM|VMADDR)_/ || - $2 ~ /^IOCTL_VM_SOCKETS_/ || + $2 ~ /^(IOCTL_VM_SOCKETS_|IOCTL_MEI_)/ || $2 ~ /^(TASKSTATS|TS)_/ || $2 ~ /^CGROUPSTATS_/ || $2 ~ /^GENL_/ || diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index d0a75da..120a7b3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1615,6 +1615,8 @@ const ( IN_OPEN = 0x20 IN_Q_OVERFLOW = 0x4000 IN_UNMOUNT = 0x2000 + IOCTL_MEI_CONNECT_CLIENT = 0xc0104801 + IOCTL_MEI_CONNECT_CLIENT_VTAG = 0xc0144804 IPPROTO_AH = 0x33 IPPROTO_BEETPH = 0x5e IPPROTO_COMP = 0x6c diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 1c37f9f..97a61fc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 6f54d34..a0d6d49 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 783ec5c..dd9c903 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index ca83d3b..384c61c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -120,6 +120,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 607e611..6384c98 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index b9cb5bd..553c1c6 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 65b078a..b3339f2 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 5298a30..177091d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 7bc557c..c5abf15 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 152399b..f1f3fad 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 1a1ce24..203ad9c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 4231a1f..4b9abcb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 21c0e95..f879830 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index f00d1cd..64347eb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index bc8d539..7d71911 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -119,6 +119,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x400000 IN_NONBLOCK = 0x4000 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go index 439548e..50e8e64 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go @@ -104,7 +104,7 @@ type Statvfs_t struct { Fsid uint32 Namemax uint32 Owner uint32 - Spare [4]uint32 + Spare [4]uint64 Fstypename [32]byte Mntonname [1024]byte Mntfromname [1024]byte diff --git a/vendor/golang.org/x/text/encoding/japanese/eucjp.go b/vendor/golang.org/x/text/encoding/japanese/eucjp.go index 79313fa..6fce8c5 100644 --- a/vendor/golang.org/x/text/encoding/japanese/eucjp.go +++ b/vendor/golang.org/x/text/encoding/japanese/eucjp.go @@ -17,9 +17,9 @@ import ( var EUCJP encoding.Encoding = &eucJP var eucJP = internal.Encoding{ - &internal.SimpleEncoding{eucJPDecoder{}, eucJPEncoder{}}, - "EUC-JP", - identifier.EUCPkdFmtJapanese, + Encoding: &internal.SimpleEncoding{Decoder: eucJPDecoder{}, Encoder: eucJPEncoder{}}, + Name: "EUC-JP", + MIB: identifier.EUCPkdFmtJapanese, } type eucJPDecoder struct{ transform.NopResetter } diff --git a/vendor/golang.org/x/text/encoding/japanese/iso2022jp.go b/vendor/golang.org/x/text/encoding/japanese/iso2022jp.go index 613226d..6f7bd46 100644 --- a/vendor/golang.org/x/text/encoding/japanese/iso2022jp.go +++ b/vendor/golang.org/x/text/encoding/japanese/iso2022jp.go @@ -17,9 +17,9 @@ import ( var ISO2022JP encoding.Encoding = &iso2022JP var iso2022JP = internal.Encoding{ - internal.FuncEncoding{iso2022JPNewDecoder, iso2022JPNewEncoder}, - "ISO-2022-JP", - identifier.ISO2022JP, + Encoding: internal.FuncEncoding{Decoder: iso2022JPNewDecoder, Encoder: iso2022JPNewEncoder}, + Name: "ISO-2022-JP", + MIB: identifier.ISO2022JP, } func iso2022JPNewDecoder() transform.Transformer { diff --git a/vendor/golang.org/x/text/encoding/japanese/shiftjis.go b/vendor/golang.org/x/text/encoding/japanese/shiftjis.go index 16fd8a6..af65d43 100644 --- a/vendor/golang.org/x/text/encoding/japanese/shiftjis.go +++ b/vendor/golang.org/x/text/encoding/japanese/shiftjis.go @@ -18,9 +18,9 @@ import ( var ShiftJIS encoding.Encoding = &shiftJIS var shiftJIS = internal.Encoding{ - &internal.SimpleEncoding{shiftJISDecoder{}, shiftJISEncoder{}}, - "Shift JIS", - identifier.ShiftJIS, + Encoding: &internal.SimpleEncoding{Decoder: shiftJISDecoder{}, Encoder: shiftJISEncoder{}}, + Name: "Shift JIS", + MIB: identifier.ShiftJIS, } type shiftJISDecoder struct{ transform.NopResetter } diff --git a/vendor/golang.org/x/text/encoding/korean/euckr.go b/vendor/golang.org/x/text/encoding/korean/euckr.go index 034337f..81c8347 100644 --- a/vendor/golang.org/x/text/encoding/korean/euckr.go +++ b/vendor/golang.org/x/text/encoding/korean/euckr.go @@ -20,9 +20,9 @@ var All = []encoding.Encoding{EUCKR} var EUCKR encoding.Encoding = &eucKR var eucKR = internal.Encoding{ - &internal.SimpleEncoding{eucKRDecoder{}, eucKREncoder{}}, - "EUC-KR", - identifier.EUCKR, + Encoding: &internal.SimpleEncoding{Decoder: eucKRDecoder{}, Encoder: eucKREncoder{}}, + Name: "EUC-KR", + MIB: identifier.EUCKR, } type eucKRDecoder struct{ transform.NopResetter } diff --git a/vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go b/vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go index 0e0fabf..2f2fd5d 100644 --- a/vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go +++ b/vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go @@ -22,21 +22,21 @@ var ( ) var gbk = internal.Encoding{ - &internal.SimpleEncoding{ - gbkDecoder{gb18030: false}, - gbkEncoder{gb18030: false}, + Encoding: &internal.SimpleEncoding{ + Decoder: gbkDecoder{gb18030: false}, + Encoder: gbkEncoder{gb18030: false}, }, - "GBK", - identifier.GBK, + Name: "GBK", + MIB: identifier.GBK, } var gbk18030 = internal.Encoding{ - &internal.SimpleEncoding{ - gbkDecoder{gb18030: true}, - gbkEncoder{gb18030: true}, + Encoding: &internal.SimpleEncoding{ + Decoder: gbkDecoder{gb18030: true}, + Encoder: gbkEncoder{gb18030: true}, }, - "GB18030", - identifier.GB18030, + Name: "GB18030", + MIB: identifier.GB18030, } type gbkDecoder struct { diff --git a/vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go b/vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go index e15b7bf..351750e 100644 --- a/vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go +++ b/vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go @@ -17,9 +17,9 @@ import ( var HZGB2312 encoding.Encoding = &hzGB2312 var hzGB2312 = internal.Encoding{ - internal.FuncEncoding{hzGB2312NewDecoder, hzGB2312NewEncoder}, - "HZ-GB2312", - identifier.HZGB2312, + Encoding: internal.FuncEncoding{Decoder: hzGB2312NewDecoder, Encoder: hzGB2312NewEncoder}, + Name: "HZ-GB2312", + MIB: identifier.HZGB2312, } func hzGB2312NewDecoder() transform.Transformer { diff --git a/vendor/golang.org/x/text/encoding/traditionalchinese/big5.go b/vendor/golang.org/x/text/encoding/traditionalchinese/big5.go index 1fcddde..5046920 100644 --- a/vendor/golang.org/x/text/encoding/traditionalchinese/big5.go +++ b/vendor/golang.org/x/text/encoding/traditionalchinese/big5.go @@ -20,9 +20,9 @@ var All = []encoding.Encoding{Big5} var Big5 encoding.Encoding = &big5 var big5 = internal.Encoding{ - &internal.SimpleEncoding{big5Decoder{}, big5Encoder{}}, - "Big5", - identifier.Big5, + Encoding: &internal.SimpleEncoding{Decoder: big5Decoder{}, Encoder: big5Encoder{}}, + Name: "Big5", + MIB: identifier.Big5, } type big5Decoder struct{ transform.NopResetter } diff --git a/vendor/golang.org/x/text/encoding/unicode/unicode.go b/vendor/golang.org/x/text/encoding/unicode/unicode.go index dd99ad1..ce28c90 100644 --- a/vendor/golang.org/x/text/encoding/unicode/unicode.go +++ b/vendor/golang.org/x/text/encoding/unicode/unicode.go @@ -60,9 +60,9 @@ func (utf8bomEncoding) NewDecoder() *encoding.Decoder { } var utf8enc = &internal.Encoding{ - &internal.SimpleEncoding{utf8Decoder{}, runes.ReplaceIllFormed()}, - "UTF-8", - identifier.UTF8, + Encoding: &internal.SimpleEncoding{Decoder: utf8Decoder{}, Encoder: runes.ReplaceIllFormed()}, + Name: "UTF-8", + MIB: identifier.UTF8, } type utf8bomDecoder struct { diff --git a/vendor/modules.txt b/vendor/modules.txt index 1b0f479..6a45043 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -38,8 +38,8 @@ github.com/go-pkgz/lgr # github.com/go-pkgz/repeater/v2 v2.2.0 ## explicit; go 1.23 github.com/go-pkgz/repeater/v2 -# github.com/go-pkgz/rest v1.20.4 -## explicit; go 1.23.0 +# github.com/go-pkgz/rest v1.21.0 +## explicit; go 1.24.0 github.com/go-pkgz/rest github.com/go-pkgz/rest/logger github.com/go-pkgz/rest/realip @@ -253,7 +253,7 @@ github.com/wk8/go-ordered-map/v2 # github.com/yosssi/gohtml v0.0.0-20201013000340-ee4748c638f4 ## explicit github.com/yosssi/gohtml -# golang.org/x/crypto v0.45.0 +# golang.org/x/crypto v0.46.0 ## explicit; go 1.24.0 golang.org/x/crypto/argon2 golang.org/x/crypto/bcrypt @@ -267,15 +267,15 @@ golang.org/x/exp/constraints golang.org/x/net/html golang.org/x/net/html/atom golang.org/x/net/html/charset -# golang.org/x/sync v0.18.0 +# golang.org/x/sync v0.19.0 ## explicit; go 1.24.0 golang.org/x/sync/errgroup -# golang.org/x/sys v0.38.0 +# golang.org/x/sys v0.39.0 ## explicit; go 1.24.0 golang.org/x/sys/cpu golang.org/x/sys/unix golang.org/x/sys/windows -# golang.org/x/text v0.31.0 +# golang.org/x/text v0.32.0 ## explicit; go 1.24.0 golang.org/x/text/cases golang.org/x/text/encoding