Skip to content

fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3#2120

Merged
openshift-merge-bot[bot] merged 1 commit intomainfrom
renovate/github.com-cyphar-filepath-securejoin-0.x
Sep 30, 2024
Merged

fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3#2120
openshift-merge-bot[bot] merged 1 commit intomainfrom
renovate/github.com-cyphar-filepath-securejoin-0.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 30, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/cyphar/filepath-securejoin v0.3.2 -> v0.3.3 age adoption passing confidence

Release Notes

cyphar/filepath-securejoin (github.com/cyphar/filepath-securejoin)

v0.3.3

Compare Source

This release primarily includes fixes for spurious errors we hit when
checking that directories created by MkdirAll "look right". Upon further
consideration, these checks were fundamentally buggy and didn't offer
any practical protection anyway.

  • The mode and owner verification logic in MkdirAll has been removed. This
    was originally intended to protect against some theoretical attacks but upon
    further consideration these protections don't actually buy us anything and
    they were causing spurious errors with more complicated filesystem setups.
  • The "is the created directory empty" logic in MkdirAll has also been
    removed. This was not causing us issues yet, but some pseudofilesystems (such
    as cgroup) create non-empty directories and so this logic would've been
    wrong for such cases.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3
06e3543 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Sep 30, 2024
Honny1
Honny1 approved these changes Sep 30, 2024
View reviewed changes
Copy link
Member

@Honny1 Honny1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rhatdan
Copy link
Member

rhatdan commented Sep 30, 2024

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm label Sep 30, 2024
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 30, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Honny1, renovate[bot], rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit 4bf3f07 into main Sep 30, 2024
@renovate renovate bot deleted the renovate/github.com-cyphar-filepath-securejoin-0.x branch September 30, 2024 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Honny1 Honny1 Honny1 approved these changes

Assignees

@rhatdan rhatdan

Labels

approved dependencies Pull requests that update a dependency file lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rhatdan @Honny1