Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Protect against invalid route captures #3476

Merged
merged 1 commit into from
Feb 18, 2024
Merged

Protect against invalid route captures #3476

merged 1 commit into from
Feb 18, 2024

Conversation

raphael
Copy link
Member

@raphael raphael commented Feb 18, 2024

Fix #3462

@raphael raphael merged commit f84bac4 into v3 Feb 18, 2024
8 of 9 checks passed
@raphael raphael deleted the bug/route_capture branch February 18, 2024 01:04
ti-chi-bot bot referenced this pull request in PingCAP-QE/ee-apps Apr 16, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [goa.design/goa/v3](https://togithub.com/goadesign/goa) | `v3.14.1` ->
`v3.16.1` |
[![age](https://developer.mend.io/api/mc/badges/age/go/goa.design%2fgoa%2fv3/v3.16.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/goa.design%2fgoa%2fv3/v3.16.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/goa.design%2fgoa%2fv3/v3.14.1/v3.16.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/goa.design%2fgoa%2fv3/v3.14.1/v3.16.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>goadesign/goa (goa.design/goa/v3)</summary>

### [`v3.16.1`](https://togithub.com/goadesign/goa/releases/tag/v3.16.1)

[Compare
Source](https://togithub.com/goadesign/goa/compare/v3.16.0...v3.16.1)

#### What's Changed

- Save r.URL.Query() in a variable by
[@&#8203;duckbrain](https://togithub.com/duckbrain) in
[https://github.com/goadesign/goa/pull/3506](https://togithub.com/goadesign/goa/pull/3506)
- chore: fix function names in comment by
[@&#8203;goodfirm](https://togithub.com/goodfirm) in
[https://github.com/goadesign/goa/pull/3504](https://togithub.com/goadesign/goa/pull/3504)
- go fmt ./... by [@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3507](https://togithub.com/goadesign/goa/pull/3507)
- Fix handling of custom gen packages by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3508](https://togithub.com/goadesign/goa/pull/3508)

#### New Contributors

- [@&#8203;duckbrain](https://togithub.com/duckbrain) made their first
contribution in
[https://github.com/goadesign/goa/pull/3506](https://togithub.com/goadesign/goa/pull/3506)
- [@&#8203;goodfirm](https://togithub.com/goodfirm) made their first
contribution in
[https://github.com/goadesign/goa/pull/3504](https://togithub.com/goadesign/goa/pull/3504)

**Full Changelog**:
goadesign/goa@v3.16.0...v3.16.1

### [`v3.16.0`](https://togithub.com/goadesign/goa/releases/tag/v3.16.0)

[Compare
Source](https://togithub.com/goadesign/goa/compare/v3.15.2...v3.16.0)

#### What's Changed

- Add OpenAPI deprecated support to DSL. by
[@&#8203;xlanor](https://togithub.com/xlanor) in
[https://github.com/goadesign/goa/pull/3497](https://togithub.com/goadesign/goa/pull/3497)
- Customize proto message name by
[@&#8203;nitinmohan87](https://togithub.com/nitinmohan87) in
[https://github.com/goadesign/goa/pull/3498](https://togithub.com/goadesign/goa/pull/3498)
- Fix eval.IncompatibleDSL() to hide internal DSL by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3502](https://togithub.com/goadesign/goa/pull/3502)

#### New Contributors

- [@&#8203;xlanor](https://togithub.com/xlanor) made their first
contribution in
[https://github.com/goadesign/goa/pull/3497](https://togithub.com/goadesign/goa/pull/3497)

**Full Changelog**:
goadesign/goa@v3.15.2...v3.16.0

### [`v3.15.2`](https://togithub.com/goadesign/goa/releases/tag/v3.15.2)

[Compare
Source](https://togithub.com/goadesign/goa/compare/v3.15.1...v3.15.2)

#### What's Changed

- Rename to codegen/service/templates/security_authfuncs.go.tpl by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3496](https://togithub.com/goadesign/goa/pull/3496)

**Full Changelog**:
goadesign/goa@v3.15.1...v3.15.2

### [`v3.15.1`](https://togithub.com/goadesign/goa/releases/tag/v3.15.1)

[Compare
Source](https://togithub.com/goadesign/goa/compare/v3.15.0...v3.15.1)

#### What's Changed

- Add openapi:json:indent Meta by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3480](https://togithub.com/goadesign/goa/pull/3480)
- Fix validation code for projected union types by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3487](https://togithub.com/goadesign/goa/pull/3487)
- Return a validation error when query string is malformed by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3488](https://togithub.com/goadesign/goa/pull/3488)
- Properly handle decoding of maps with nil entries by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3490](https://togithub.com/goadesign/goa/pull/3490)
- Correctly handle union to union transforms by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3491](https://togithub.com/goadesign/goa/pull/3491)

**Full Changelog**:
goadesign/goa@v3.15.0...v3.15.1

### [`v3.15.0`](https://togithub.com/goadesign/goa/releases/tag/v3.15.0)

[Compare
Source](https://togithub.com/goadesign/goa/compare/v3.14.6...v3.15.0)

#### What's Changed

- Standardize OpenAPI integer format by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3451](https://togithub.com/goadesign/goa/pull/3451)
- Fix openapi:generate Meta to affect required validations by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3452](https://togithub.com/goadesign/goa/pull/3452)
- Merge duplicate mustGenerate() functions by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3453](https://togithub.com/goadesign/goa/pull/3453)
- Generate valid OpenAPI specifications by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3454](https://togithub.com/goadesign/goa/pull/3454)
- Embed template files at compile time by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3455](https://togithub.com/goadesign/goa/pull/3455)
- Skip flaky tests by [@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3458](https://togithub.com/goadesign/goa/pull/3458)
- No need to checkout to report test coverage by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3459](https://togithub.com/goadesign/goa/pull/3459)
- Use v3 branch for pushes and feature branch for PRs for code coverage
by [@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3460](https://togithub.com/goadesign/goa/pull/3460)
- Move templates out of Go code into their own files by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3456](https://togithub.com/goadesign/goa/pull/3456)
- Fix env var expansion in DeepSource GitHub action by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3463](https://togithub.com/goadesign/goa/pull/3463)
- Fix godoc for codegen.UserTypeLocation() by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3464](https://togithub.com/goadesign/goa/pull/3464)
- Use crypto/rand for sampling by
[@&#8203;nitinmohan87](https://togithub.com/nitinmohan87) in
[https://github.com/goadesign/goa/pull/3466](https://togithub.com/goadesign/goa/pull/3466)
- Fix/trace sampler by [@&#8203;raphael](https://togithub.com/raphael)
in
[https://github.com/goadesign/goa/pull/3467](https://togithub.com/goadesign/goa/pull/3467)
- Make receiver consistent across all methods of ServiceError by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3468](https://togithub.com/goadesign/goa/pull/3468)
- Treat nested paths for struct:pkg:path Meta by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3469](https://togithub.com/goadesign/goa/pull/3469)
- Validate Array and Map for struct:pkg:path Meta by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3474](https://togithub.com/goadesign/goa/pull/3474)
- Protect against invalid route captures by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3476](https://togithub.com/goadesign/goa/pull/3476)

**Full Changelog**:
goadesign/goa@v3.14.6...v3.15.0

### [`v3.14.6`](https://togithub.com/goadesign/goa/releases/tag/v3.14.6)

[Compare
Source](https://togithub.com/goadesign/goa/compare/v3.14.5...v3.14.6)

#### What's Changed

- Properly generate format for primitive types in OpenAPI specs by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3447](https://togithub.com/goadesign/goa/pull/3447)
- Properly handle MapParams by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3450](https://togithub.com/goadesign/goa/pull/3450)

**Full Changelog**:
goadesign/goa@v3.14.5...v3.14.6

### [`v3.14.5`](https://togithub.com/goadesign/goa/releases/tag/v3.14.5)

[Compare
Source](https://togithub.com/goadesign/goa/compare/v3.14.4...v3.14.5)

#### What's Changed

- Fix godoc for openapi:generate Meta by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3443](https://togithub.com/goadesign/goa/pull/3443)
- Add Speakeasy sponsorship banner by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3444](https://togithub.com/goadesign/goa/pull/3444)
- Add APIName constant to generated code by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3445](https://togithub.com/goadesign/goa/pull/3445)
- Corrected MapParams Behavior to Avoid Unintended Filtering by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3446](https://togithub.com/goadesign/goa/pull/3446)

**Full Changelog**:
goadesign/goa@v3.14.4...v3.14.5

### [`v3.14.4`](https://togithub.com/goadesign/goa/releases/tag/v3.14.4)

#### What's Changed

- Add openapi:generate Meta support to dsl.Attribute by
[@&#8203;tchssk](https://togithub.com/tchssk) in
[https://github.com/goadesign/goa/pull/3437](https://togithub.com/goadesign/goa/pull/3437)
- Add API version constant to generated code by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3439](https://togithub.com/goadesign/goa/pull/3439)
- Deprecate obsolete instrumentation by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3440](https://togithub.com/goadesign/goa/pull/3440)
- Handle inline object array and map elements by
[@&#8203;raphael](https://togithub.com/raphael) in
[https://github.com/goadesign/goa/pull/3442](https://togithub.com/goadesign/goa/pull/3442)

**Full Changelog**:
goadesign/goa@v3.14.1...v3.14.4

###
[`v3.14.2`](https://togithub.com/goadesign/goa/compare/v3.14.1...v3.14.2)

[Compare
Source](https://togithub.com/goadesign/goa/compare/v3.14.1...v3.14.2)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/PingCAP-QE/ee-apps).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjI5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Using Param() to map path parameters to attributes results in a runtime error
1 participant