Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3 #24112

Merged

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 30, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/cyphar/filepath-securejoin v0.3.2 -> v0.3.3 age adoption passing confidence

Release Notes

cyphar/filepath-securejoin (github.com/cyphar/filepath-securejoin)

v0.3.3

Compare Source

This release primarily includes fixes for spurious errors we hit when
checking that directories created by MkdirAll "look right". Upon further
consideration, these checks were fundamentally buggy and didn't offer
any practical protection anyway.

  • The mode and owner verification logic in MkdirAll has been removed. This
    was originally intended to protect against some theoretical attacks but upon
    further consideration these protections don't actually buy us anything and
    they were causing spurious errors with more complicated filesystem setups.
  • The "is the created directory empty" logic in MkdirAll has also been
    removed. This was not causing us issues yet, but some pseudofilesystems (such
    as cgroup) create non-empty directories and so this logic would've been
    wrong for such cases.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai [email protected]


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot added dependencies Pull requests that update a dependency file release-note-none labels Sep 30, 2024
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 1, 2024
Copy link
Contributor

openshift-ci bot commented Oct 1, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99, renovate[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 1, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 09a2c8f into main Oct 1, 2024
81 checks passed
@renovate renovate bot deleted the renovate/github.com-cyphar-filepath-securejoin-0.x branch October 1, 2024 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dependencies Pull requests that update a dependency file lgtm Indicates that a PR is ready to be merged. release-note-none
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant