fix(deps): update module golang.org/x/net to v0.17.0 [security] #5370
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/go-golang.org/x/net-vulnerability
branch
from
62ce181
to
c54dd25
Compare
xhofe
approved these changes
Oct 29, 2023
xhofe
added a commit
that referenced
this pull request
Nov 5, 2023
commit 65c5ec0 Author: itsHenry <2671230065@qq.com> Date: Sat Nov 4 13:35:09 2023 +0800 feat(cloudreve): folder size count and switch (#5457 close #5395) commit a632596 Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Mon Oct 30 15:11:20 2023 +0800 fix(deps): update module github.com/charmbracelet/lipgloss to v0.9.1 (#5234) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> commit 4dff494 Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Mon Oct 30 15:10:36 2023 +0800 fix(deps): update golang.org/x/exp digest to 7918f67 (#5366) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> commit cc86d6f Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Sun Oct 29 14:45:55 2023 +0800 fix(deps): update module golang.org/x/net to v0.17.0 [security] (#5370) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> commit c0f9c8e Author: Andy Hsu <i@nn.ci> Date: Thu Oct 26 19:21:09 2023 +0800 feat: add ignore direct link params (close #5434)
xhofe
added a commit
that referenced
this pull request
Nov 6, 2023
* wip: refactor offline download (#5331) * base tool * working: aria2 * refactor: change type of percentage to float64 * wip: adapt aria2 * wip: use items in offline_download * wip: use tool manager * wip: adapt qBittorrent * chore: fix typo * Squashed commit of the following: commit 4fc0a77 Author: Andy Hsu <i@nn.ci> Date: Fri Oct 20 21:06:25 2023 +0800 fix(baidu_netdisk): upload file > 4GB (close #5392) commit aaffaee Author: gmugu <94156510@qq.com> Date: Thu Oct 19 19:17:53 2023 +0800 perf(webdav): support request with cookies (#5391) commit 8ef8023 Author: NewbieOrange <NewbieOrange@users.noreply.github.com> Date: Thu Oct 19 19:17:09 2023 +0800 fix(aliyundrive_open): upload progress for normal upload (#5398) commit cdfbe6d Author: foxxorcat <95907542+foxxorcat@users.noreply.github.com> Date: Wed Oct 18 16:27:07 2023 +0800 fix: hash gcid empty file (#5394) commit 94d0287 Author: Andy Hsu <i@nn.ci> Date: Sat Oct 14 13:17:51 2023 +0800 ci: remove `pr-welcome` label when close issue [skip ci] commit 7f73354 Author: itsHenry <2671230065@qq.com> Date: Sat Oct 14 13:12:46 2023 +0800 feat(cloudreve): support thumbnail (#5373 close #5348) * feat(cloudreve): support thumbnail * chore: remove unnecessary code commit b9e192b Author: foxxorcat <95907542+foxxorcat@users.noreply.github.com> Date: Thu Oct 12 20:57:12 2023 +0800 fix(115): limit request rate (#5367 close #5275) * fix(115):limit request rate * chore(115): fix unit of `limit_rate` --------- Co-authored-by: Andy Hsu <i@nn.ci> commit 69a98ea Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Wed Oct 11 22:01:55 2023 +0800 fix(deps): update module github.com/aliyun/aliyun-oss-go-sdk to v2.2.9+incompatible (#5141) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> commit 1ebc96a Author: Andy Hsu <i@nn.ci> Date: Tue Oct 10 18:32:00 2023 +0800 fix(wopan): fatal error concurrent map writes (close #5352) commit 66e2324 Author: Andy Hsu <i@nn.ci> Date: Tue Oct 10 18:23:11 2023 +0800 chore(deps): upgrade dependencies commit 7600dc2 Author: Andy Hsu <i@nn.ci> Date: Tue Oct 10 18:13:58 2023 +0800 fix(aliyundrive_open): change default api to raw server (close #5358) commit 8ef89ad Author: foxxorcat <95907542+foxxorcat@users.noreply.github.com> Date: Tue Oct 10 18:08:27 2023 +0800 fix(baidu_netdisk): hash and `error 2` (#5356) * fix(baidu):hash and error:2 * fix:invalid memory address commit 35d6722 Author: jeffmingup <1960588251@qq.com> Date: Sun Oct 8 19:29:45 2023 +0800 fix(onedrive_app): incorrect api on `_accessToken` (#5346) commit 1a283bb Author: foxxorcat <95907542+foxxorcat@users.noreply.github.com> Date: Fri Oct 6 16:04:39 2023 +0800 feat(google_drive): add `hash_info`, `ctime`, `thumbnail` (#5334) commit a008f54 Author: nkh0472 <67589323+nkh0472@users.noreply.github.com> Date: Thu Oct 5 13:10:51 2023 +0800 docs: minor language improvements (#5329) [skip ci] * fix: adapt update progress type * Squashed commit of the following: commit 65c5ec0 Author: itsHenry <2671230065@qq.com> Date: Sat Nov 4 13:35:09 2023 +0800 feat(cloudreve): folder size count and switch (#5457 close #5395) commit a632596 Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Mon Oct 30 15:11:20 2023 +0800 fix(deps): update module github.com/charmbracelet/lipgloss to v0.9.1 (#5234) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> commit 4dff494 Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Mon Oct 30 15:10:36 2023 +0800 fix(deps): update golang.org/x/exp digest to 7918f67 (#5366) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> commit cc86d6f Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Sun Oct 29 14:45:55 2023 +0800 fix(deps): update module golang.org/x/net to v0.17.0 [security] (#5370) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> commit c0f9c8e Author: Andy Hsu <i@nn.ci> Date: Thu Oct 26 19:21:09 2023 +0800 feat: add ignore direct link params (close #5434)
truecharts-admin
referenced
this pull request
in truecharts/public
Nov 25, 2023
…15347) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [xhofe/alist](https://togithub.com/alist-org/alist) | minor | `v3.28.0` -> `v3.29.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>alist-org/alist (xhofe/alist)</summary> ### [`v3.29.1`](https://togithub.com/alist-org/alist/releases/tag/v3.29.1) [Compare Source](https://togithub.com/alist-org/alist/compare/v3.29.0...v3.29.1) ##### 🐞 Bug Fixes - Task popped but not execute - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5565](https://togithub.com/alist-org/alist/issues/5565) [<samp>(68af2)</samp>](https://togithub.com/alist-org/alist/commit/68af284) ##### [View changes on GitHub](https://togithub.com/alist-org/alist/compare/v3.29.0...v3.29.1) ### [`v3.29.0`](https://togithub.com/alist-org/alist/releases/tag/v3.29.0) [Compare Source](https://togithub.com/alist-org/alist/compare/v3.28.0...v3.29.0) ##### 🚀 Features - Add `header` to `meta` - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5317](https://togithub.com/alist-org/alist/issues/5317) [<samp>(9ff83)</samp>](https://togithub.com/alist-org/alist/commit/9ff83a7) - Add ignore direct link params - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5434](https://togithub.com/alist-org/alist/issues/5434) [<samp>(c0f9c)</samp>](https://togithub.com/alist-org/alist/commit/c0f9c8e) - Refactor offline download ([#​5408](https://togithub.com/alist-org/alist/issues/5408) close [#​4108](https://togithub.com/alist-org/alist/issues/4108)) - by [@​xhofe](https://togithub.com/xhofe) and [@​renovate](https://togithub.com/renovate)\[bot] in[https://github.com/alist-org/alist/issues/5408](https://togithub.com/alist-org/alist/issues/5408)8 and[https://github.com/alist-org/alist/issues/4108](https://togithub.com/alist-org/alist/issues/4108)8 [<samp>(76928)</samp>](https://togithub.com/alist-org/alist/commit/769281b) - Add `115_share` driver ([#​5481](https://togithub.com/alist-org/alist/issues/5481) close [#​5384](https://togithub.com/alist-org/alist/issues/5384)) - by [@​SheltonZhu](https://togithub.com/SheltonZhu) in [https://github.com/alist-org/alist/issues/5481](https://togithub.com/alist-org/alist/issues/5481) and [https://github.com/alist-org/alist/issues/5384](https://togithub.com/alist-org/alist/issues/5384) [<samp>(da1c7)</samp>](https://togithub.com/alist-org/alist/commit/da1c7a4) - Invalidate old token after changing the password - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5515](https://togithub.com/alist-org/alist/issues/5515) [<samp>(3d518)</samp>](https://togithub.com/alist-org/alist/commit/3d51845) - Support using external dist files - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5531](https://togithub.com/alist-org/alist/issues/5531) [<samp>(6fc67)</samp>](https://togithub.com/alist-org/alist/commit/6fc6751) - Refactor task module - by [@​xhofe](https://togithub.com/xhofe) [<samp>(11a30)</samp>](https://togithub.com/alist-org/alist/commit/11a30c5) - Customize workers and retry of task (close [#​5493](https://togithub.com/alist-org/alist/issues/5493) fix [#​5274](https://togithub.com/alist-org/alist/issues/5274)) - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5493](https://togithub.com/alist-org/alist/issues/5493) and [https://github.com/alist-org/alist/issues/5274](https://togithub.com/alist-org/alist/issues/5274) [<samp>(7583c)</samp>](https://togithub.com/alist-org/alist/commit/7583c4d) - Retry all failed task - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5242](https://togithub.com/alist-org/alist/issues/5242) [<samp>(b2890)</samp>](https://togithub.com/alist-org/alist/commit/b2890f0) - Add chaoxing and vtencent driver ([#​5526](https://togithub.com/alist-org/alist/issues/5526) close [#​3347](https://togithub.com/alist-org/alist/issues/3347)) - by [@​msterzhang](https://togithub.com/msterzhang) in [https://github.com/alist-org/alist/issues/5526](https://togithub.com/alist-org/alist/issues/5526) and [https://github.com/alist-org/alist/issues/3347](https://togithub.com/alist-org/alist/issues/3347) [<samp>(12800)</samp>](https://togithub.com/alist-org/alist/commit/1280070) - Allow keep files in offline download - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/4678](https://togithub.com/alist-org/alist/issues/4678) [<samp>(b6134)</samp>](https://togithub.com/alist-org/alist/commit/b6134dc) - Customize allow `origins`, `headers` and `methods` - by [@​xhofe](https://togithub.com/xhofe) [<samp>(3f405)</samp>](https://togithub.com/alist-org/alist/commit/3f405de) - **cloudreve**: - Support thumbnail ([#​5373](https://togithub.com/alist-org/alist/issues/5373) close [#​5348](https://togithub.com/alist-org/alist/issues/5348)) - by [@​itsHenry35](https://togithub.com/itsHenry35) in [https://github.com/alist-org/alist/issues/5373](https://togithub.com/alist-org/alist/issues/5373) and [https://github.com/alist-org/alist/issues/5348](https://togithub.com/alist-org/alist/issues/5348) [<samp>(7f733)</samp>](https://togithub.com/alist-org/alist/commit/7f73354) - Folder size count and switch ([#​5457](https://togithub.com/alist-org/alist/issues/5457) close [#​5395](https://togithub.com/alist-org/alist/issues/5395)) - by [@​itsHenry35](https://togithub.com/itsHenry35) in [https://github.com/alist-org/alist/issues/5457](https://togithub.com/alist-org/alist/issues/5457) and [https://github.com/alist-org/alist/issues/5395](https://togithub.com/alist-org/alist/issues/5395) [<samp>(65c5e)</samp>](https://togithub.com/alist-org/alist/commit/65c5ec0) - **crypt**: - Optional pre-generated thumbnails - by [@​chaoqing](https://togithub.com/chaoqing) in [https://github.com/alist-org/alist/issues/5284](https://togithub.com/alist-org/alist/issues/5284) [<samp>(fb13d)</samp>](https://togithub.com/alist-org/alist/commit/fb13dae) - Add show hidden option - by [@​textrix](https://togithub.com/textrix) in [https://github.com/alist-org/alist/issues/5554](https://togithub.com/alist-org/alist/issues/5554) [<samp>(fe34d)</samp>](https://togithub.com/alist-org/alist/commit/fe34d30) - **google_drive**: - Add `hash_info`, `ctime`, `thumbnail` - by [@​foxxorcat](https://togithub.com/foxxorcat) in [https://github.com/alist-org/alist/issues/5334](https://togithub.com/alist-org/alist/issues/5334) [<samp>(1a283)</samp>](https://togithub.com/alist-org/alist/commit/1a283bb) - **offline_download**: - Add simple http tool - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/4002](https://togithub.com/alist-org/alist/issues/4002) [<samp>(34746)</samp>](https://togithub.com/alist-org/alist/commit/34746e9) - **onedrive**: - Custom host for download link - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5310](https://togithub.com/alist-org/alist/issues/5310) [<samp>(0fd51)</samp>](https://togithub.com/alist-org/alist/commit/0fd5164) - **sso**: - Custom username key for `OIDC` - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5169](https://togithub.com/alist-org/alist/issues/5169) [<samp>(e719a)</samp>](https://togithub.com/alist-org/alist/commit/e719a1a) - **webdav**: - Add `tls_insecure_skip_verify` field - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5490](https://togithub.com/alist-org/alist/issues/5490) [<samp>(91f51)</samp>](https://togithub.com/alist-org/alist/commit/91f51f1) ##### 🐞 Bug Fixes - Hash gcid empty file - by [@​foxxorcat](https://togithub.com/foxxorcat) in [https://github.com/alist-org/alist/issues/5394](https://togithub.com/alist-org/alist/issues/5394) [<samp>(cdfbe)</samp>](https://togithub.com/alist-org/alist/commit/cdfbe6d) - Incorrect content-type of apk files - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5385](https://togithub.com/alist-org/alist/issues/5385) [<samp>(4355d)</samp>](https://togithub.com/alist-org/alist/commit/4355dae) - Reflected XSS vulnerability plist api - by [@​xhofe](https://togithub.com/xhofe) [<samp>(61006)</samp>](https://togithub.com/alist-org/alist/commit/6100647) - `content-type` conflicts with [#​5420](https://togithub.com/alist-org/alist/issues/5420) - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5420](https://togithub.com/alist-org/alist/issues/5420) [<samp>(d2688)</samp>](https://togithub.com/alist-org/alist/commit/d26887d) - **115**: - Allow use proxy directly - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5324](https://togithub.com/alist-org/alist/issues/5324) [<samp>(e8958)</samp>](https://togithub.com/alist-org/alist/commit/e895801) - Limit request rate ([#​5367](https://togithub.com/alist-org/alist/issues/5367) close [#​5275](https://togithub.com/alist-org/alist/issues/5275)) - by [@​foxxorcat](https://togithub.com/foxxorcat) and [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5367](https://togithub.com/alist-org/alist/issues/5367) and [https://github.com/alist-org/alist/issues/5275](https://togithub.com/alist-org/alist/issues/5275) [<samp>(b9e19)</samp>](https://togithub.com/alist-org/alist/commit/b9e192b) - Fix driver package import and variable - by [@​SheltonZhu](https://togithub.com/SheltonZhu) in [https://github.com/alist-org/alist/issues/5482](https://togithub.com/alist-org/alist/issues/5482) [<samp>(3bbdd)</samp>](https://togithub.com/alist-org/alist/commit/3bbdd4f) - **aliyundrive_open**: - Change default api to raw server - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5358](https://togithub.com/alist-org/alist/issues/5358) [<samp>(7600d)</samp>](https://togithub.com/alist-org/alist/commit/7600dc2) - Upload progress for normal upload - by [@​NewbieOrange](https://togithub.com/NewbieOrange) in [https://github.com/alist-org/alist/issues/5398](https://togithub.com/alist-org/alist/issues/5398) [<samp>(8ef80)</samp>](https://togithub.com/alist-org/alist/commit/8ef8023) - Mitigation measures for 15-minute limit ([#​5560](https://togithub.com/alist-org/alist/issues/5560) close [#​5547](https://togithub.com/alist-org/alist/issues/5547)) - by [@​BlueSkyXN](https://togithub.com/BlueSkyXN) and [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5560](https://togithub.com/alist-org/alist/issues/5560) and [https://github.com/alist-org/alist/issues/5547](https://togithub.com/alist-org/alist/issues/5547) [<samp>(0fbb9)</samp>](https://togithub.com/alist-org/alist/commit/0fbb986) - **baidu_netdisk**: - Hash and `error 2` - by [@​foxxorcat](https://togithub.com/foxxorcat) in [https://github.com/alist-org/alist/issues/5356](https://togithub.com/alist-org/alist/issues/5356) [<samp>(8ef89)</samp>](https://togithub.com/alist-org/alist/commit/8ef89ad) - Upload file > 4GB - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5392](https://togithub.com/alist-org/alist/issues/5392) [<samp>(4fc0a)</samp>](https://togithub.com/alist-org/alist/commit/4fc0a77) - **deps**: - Update module github.com/ipfs/go-ipfs-api to v0.7.0 - by [@​renovate](https://togithub.com/renovate)\[bot] in[https://github.com/alist-org/alist/issues/5247](https://togithub.com/alist-org/alist/issues/5247)7 [<samp>(eb918)</samp>](https://togithub.com/alist-org/alist/commit/eb91865) - Update module github.com/aliyun/aliyun-oss-go-sdk to v2.2.9+incompatible - by [@​renovate](https://togithub.com/renovate)\[bot] in[https://github.com/alist-org/alist/issues/5141](https://togithub.com/alist-org/alist/issues/5141)1 [<samp>(69a98)</samp>](https://togithub.com/alist-org/alist/commit/69a98ea) - Update module golang.org/x/net to v0.17.0 \[security] - by [@​renovate](https://togithub.com/renovate)\[bot] in[https://github.com/alist-org/alist/issues/5370](https://togithub.com/alist-org/alist/issues/5370)0 [<samp>(cc86d)</samp>](https://togithub.com/alist-org/alist/commit/cc86d6f) - Update golang.org/x/exp digest to [`7918f67`](https://togithub.com/alist-org/alist/commit/7918f67) - by [@​renovate](https://togithub.com/renovate)\[bot] in[https://github.com/alist-org/alist/issues/5366](https://togithub.com/alist-org/alist/issues/5366)6 [<samp>(4dff4)</samp>](https://togithub.com/alist-org/alist/commit/4dff494) - Update module github.com/charmbracelet/lipgloss to v0.9.1 - by [@​renovate](https://togithub.com/renovate)\[bot] in[https://github.com/alist-org/alist/issues/5234](https://togithub.com/alist-org/alist/issues/5234)4 [<samp>(a6325)</samp>](https://togithub.com/alist-org/alist/commit/a632596) - Update module github.com/aws/aws-sdk-go to v1.46.7 - by [@​renovate](https://togithub.com/renovate)\[bot] in[https://github.com/alist-org/alist/issues/5068](https://togithub.com/alist-org/alist/issues/5068)8 [<samp>(a7421)</samp>](https://togithub.com/alist-org/alist/commit/a7421d8) - **local**: - Video file thumbnails not displaying on iOS Safari - by [@​gmugu](https://togithub.com/gmugu) in [https://github.com/alist-org/alist/issues/5420](https://togithub.com/alist-org/alist/issues/5420) [<samp>(867ac)</samp>](https://togithub.com/alist-org/alist/commit/867acca) - **mopan**: - 302 Redirect ([#​5505](https://togithub.com/alist-org/alist/issues/5505) close [#​5502](https://togithub.com/alist-org/alist/issues/5502)) - by [@​foxxorcat](https://togithub.com/foxxorcat) and [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5505](https://togithub.com/alist-org/alist/issues/5505) and [https://github.com/alist-org/alist/issues/5502](https://togithub.com/alist-org/alist/issues/5502) [<samp>(55a14)</samp>](https://togithub.com/alist-org/alist/commit/55a14bc) - **onedrive_app**: - Incorrect api on `_accessToken` - by [@​jeffmingup](https://togithub.com/jeffmingup) in [https://github.com/alist-org/alist/issues/5346](https://togithub.com/alist-org/alist/issues/5346) [<samp>(35d67)</samp>](https://togithub.com/alist-org/alist/commit/35d6722) - **terabox**: - Auto refresh `JsToken` - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5277](https://togithub.com/alist-org/alist/issues/5277) [<samp>(6b67a)</samp>](https://togithub.com/alist-org/alist/commit/6b67a36) - Encode parameters for `filemanager` api - by [@​URenko](https://togithub.com/URenko) in [https://github.com/alist-org/alist/issues/5308](https://togithub.com/alist-org/alist/issues/5308) [<samp>(e1ef6)</samp>](https://togithub.com/alist-org/alist/commit/e1ef690) - **vtencent**: - Hack file with size 0 but actual size is not 0 - by [@​xhofe](https://togithub.com/xhofe) [<samp>(d455a)</samp>](https://togithub.com/alist-org/alist/commit/d455a23) - **weiyun**: - Unmarshal overflow - by [@​foxxorcat](https://togithub.com/foxxorcat) in [https://github.com/alist-org/alist/issues/5459](https://togithub.com/alist-org/alist/issues/5459) [<samp>(68f44)</samp>](https://togithub.com/alist-org/alist/commit/68f440a) - **wopan**: - Fatal error concurrent map writes - by [@​xhofe](https://togithub.com/xhofe) in [https://github.com/alist-org/alist/issues/5352](https://togithub.com/alist-org/alist/issues/5352) [<samp>(1ebc9)</samp>](https://togithub.com/alist-org/alist/commit/1ebc96a) ##### 🏎 Performance - **webdav**: Support request with cookies - by [@​gmugu](https://togithub.com/gmugu) in [https://github.com/alist-org/alist/issues/5391](https://togithub.com/alist-org/alist/issues/5391) [<samp>(aaffa)</samp>](https://togithub.com/alist-org/alist/commit/aaffaee) ##### [View changes on GitHub](https://togithub.com/alist-org/alist/compare/v3.28.0...v3.29.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy42OC4wIiwidXBkYXRlZEluVmVyIjoiMzcuNjguMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.16.0->v0.17.0GitHub Vulnerability Alerts
CVE-2023-39325
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.
With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.
CVE-2023-44487
swift-nio-http2 is vulnerable to a denial-of-service vulnerability in which a malicious client can create and then reset a large number of HTTP/2 streams in a short period of time. This causes swift-nio-http2 to commit to a large amount of expensive work which it then throws away, including creating entirely new
Channels to serve the traffic. This can easily overwhelm anEventLoopand prevent it from making forward progress.swift-nio-http2 1.28 contains a remediation for this issue that applies reset counter using a sliding window. This constrains the number of stream resets that may occur in a given window of time. Clients violating this limit will have their connections torn down. This allows clients to continue to cancel streams for legitimate reasons, while constraining malicious actors.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.