Bump github.com/gorilla/schema from 1.2.0 to 1.4.1 in /data-layer in the go_modules group across 1 directory #3

dependabot · 2024-09-17T10:39:30Z

Bumps the go_modules group with 1 update in the /data-layer directory: github.com/gorilla/schema.

Updates github.com/gorilla/schema from 1.2.0 to 1.4.1

Release notes

Sourced from github.com/gorilla/schema's releases.

v1.4.1

Security Release

Fixes an issue where sparse slice deserialization can cause memory exhaustion CVE-2024-37298

Thanks to @AlexVasiluta for the report and following responsible disclosure.

Full Changelog: gorilla/schema@v1.4.0...v1.4.1

v1.4.0

What's Changed

feat: if a different type in slice, raise error by @lll-lll-lll-lll in gorilla/schema#212

fixed panic: reflect: indirection through nil pointer to embedded struct by @morus12 in gorilla/schema#211

New Contributors

@lll-lll-lll-lll made their first contribution in gorilla/schema#212

Full Changelog: gorilla/schema@v1.3.0...v1.3.1

v1.3.0

What's Changed

Remove log.Fatal() usage in encoder.go by @h2570su in gorilla/schema#207

Add default tag by @zak905 in gorilla/schema#183

update readme: add informations about the default tag option usage by @zak905 in gorilla/schema#209

New Contributors

@h2570su made their first contribution in gorilla/schema#207

@zak905 made their first contribution in gorilla/schema#183

Full Changelog: gorilla/schema@v1.2.1...v1.3.0

Release v1.2.1

What's Changed

build: use build matrix; drop Go <= 1.10 by @elithrar in gorilla/schema#147

doc: Update README CI badge by @elithrar in gorilla/schema#148

docs: remove travis badge by @elithrar in gorilla/schema#149

build: fix config.yml by @elithrar in gorilla/schema#150

[bug] Registered encoder doesn't work for struct pointer types by @tkhametov in gorilla/schema#174

Update README.md by @coreydaley in gorilla/schema#197

[GPT-98] Update go version & add verification/testing tools by @apoorvajagtap in gorilla/schema#200

fix misspell by @YuyaAbo in gorilla/schema#192

Update issues.yml by @coreydaley in gorilla/schema#201

update GitHub workflows by @coreydaley in gorilla/schema#205

New Contributors

@tkhametov made their first contribution in gorilla/schema#174

@coreydaley made their first contribution in gorilla/schema#197

@apoorvajagtap made their first contribution in gorilla/schema#200

@YuyaAbo made their first contribution in gorilla/schema#192

Full Changelog: gorilla/schema@v1.2.0...v1.2.1

Commits

cd59f2f Merge pull request from GHSA-3669-72x9-r9p3
180f71e fix: indirection through nil pointer to embedded struct (#211)
a377fd6 fix: fix assertion test
be699f4 fix delete pointer slice test
50924ff fix:test: fix comment
c44c90d fix:test: add assertion
7d1c58e fix: decode error message
4548527 fix: test data
993e5b1 fix: add test
7487651 fix: if default element type of value are setted in slice , raise error
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 1 update in the /data-layer directory: [github.com/gorilla/schema](https://github.com/gorilla/schema). Updates `github.com/gorilla/schema` from 1.2.0 to 1.4.1 - [Release notes](https://github.com/gorilla/schema/releases) - [Commits](gorilla/schema@v1.2.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/gorilla/schema dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-09-17T10:59:00Z