From e8f55000e6c9983642bc86487fc517e5b7d53d76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Feb 2024 15:57:01 +0000 Subject: [PATCH] Bump github.com/pivotal-cf/brokerapi/v10 from 10.1.1 to 10.2.0 Bumps [github.com/pivotal-cf/brokerapi/v10](https://github.com/pivotal-cf/brokerapi) from 10.1.1 to 10.2.0. - [Release notes](https://github.com/pivotal-cf/brokerapi/releases) - [Commits](https://github.com/pivotal-cf/brokerapi/compare/v10.1.1...v10.2.0) --- updated-dependencies: - dependency-name: github.com/pivotal-cf/brokerapi/v10 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 +- go.sum | 8 +-- vendor/github.com/go-chi/chi/v5/CHANGELOG.md | 9 ++- vendor/github.com/go-chi/chi/v5/README.md | 2 +- vendor/github.com/go-chi/chi/v5/SECURITY.md | 5 ++ vendor/github.com/go-chi/chi/v5/context.go | 23 ++++---- vendor/github.com/go-chi/chi/v5/mux.go | 9 ++- .../pivotal-cf/brokerapi/v10/api_options.go | 58 ++++++++++++------- vendor/modules.txt | 4 +- 9 files changed, 75 insertions(+), 47 deletions(-) create mode 100644 vendor/github.com/go-chi/chi/v5/SECURITY.md diff --git a/go.mod b/go.mod index b1488b16c..260875219 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/onsi/ginkgo/v2 v2.15.0 github.com/onsi/gomega v1.31.1 github.com/pborman/uuid v1.2.1 - github.com/pivotal-cf/brokerapi/v10 v10.1.1 + github.com/pivotal-cf/brokerapi/v10 v10.2.0 github.com/pivotal-cf/on-demand-services-sdk v0.45.4-0.20240115122012-f4e75cf691c6 github.com/pkg/errors v0.9.1 github.com/urfave/negroni v1.0.0 @@ -31,7 +31,7 @@ require ( github.com/cloudfoundry/socks5-proxy v0.2.108 // indirect github.com/cppforlife/go-semi-semantic v0.0.0-20160921010311-576b6af77ae4 // indirect github.com/gabriel-vasile/mimetype v1.4.2 // indirect - github.com/go-chi/chi/v5 v5.0.10 // indirect + github.com/go-chi/chi/v5 v5.0.11 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect diff --git a/go.sum b/go.sum index fc2273ca8..d6e373527 100644 --- a/go.sum +++ b/go.sum @@ -41,8 +41,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= -github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk= -github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= +github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA= +github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= @@ -119,8 +119,8 @@ github.com/openzipkin/zipkin-go v0.4.2 h1:zjqfqHjUpPmB3c1GlCvvgsM1G4LkvqQbBDueDO github.com/openzipkin/zipkin-go v0.4.2/go.mod h1:ZeVkFjuuBiSy13y8vpSDCjMi9GoI3hPpCJSBx/EYFhY= github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pivotal-cf/brokerapi/v10 v10.1.1 h1:ZVNgqnS7iA5FP6Z2azRPrcnj7k1Pwy/0C+n9zPGWtZk= -github.com/pivotal-cf/brokerapi/v10 v10.1.1/go.mod h1:qmw79bGqYF5TnXMBni0My7PrPHOi7/CtTo+U3eFIYPo= +github.com/pivotal-cf/brokerapi/v10 v10.2.0 h1:cdXk5FMkxuBONiaPS+H9aIu0v5aSYv4qvo5keBcUTGA= +github.com/pivotal-cf/brokerapi/v10 v10.2.0/go.mod h1:UEwbfVgaY8FpQ3NOfjoVRPLW/Ar0c7uYQP5TJj3r3OE= github.com/pivotal-cf/on-demand-services-sdk v0.45.4-0.20240115122012-f4e75cf691c6 h1:05MYDd551MZWqwohQliPRLqQ051w1FioSQ8Qw7VbcvM= github.com/pivotal-cf/on-demand-services-sdk v0.45.4-0.20240115122012-f4e75cf691c6/go.mod h1:GWBLXe9Nf/a5QcMVHq+AkbwkEHpmqEU/fS1ahOWRAYM= github.com/pivotal-cf/paraphernalia v0.0.0-20180203224945-a64ae2051c20 h1:DR5eMfe2+6GzLkVyWytdtgUxgbPiOfvKDuqityTV3y8= diff --git a/vendor/github.com/go-chi/chi/v5/CHANGELOG.md b/vendor/github.com/go-chi/chi/v5/CHANGELOG.md index f6eb7e6e4..83d5aa28f 100644 --- a/vendor/github.com/go-chi/chi/v5/CHANGELOG.md +++ b/vendor/github.com/go-chi/chi/v5/CHANGELOG.md @@ -1,9 +1,14 @@ # Changelog +## v5.0.11 (2023-12-19) + +- History of changes: see https://github.com/go-chi/chi/compare/v5.0.10...v5.0.11 + + ## v5.0.10 (2023-07-13) - Fixed small edge case in tests of v5.0.9 for older Go versions -- History of changes: see https://github.com/go-chi/chi/compare/v5.0.8...v5.0.10 +- History of changes: see https://github.com/go-chi/chi/compare/v5.0.9...v5.0.10 ## v5.0.9 (2023-07-13) @@ -306,7 +311,7 @@ Cheers all, happy coding! request-scoped values. We're very excited about the new context addition and are proud to introduce chi v2, a minimal and powerful routing package for building large HTTP services, with zero external dependencies. Chi focuses on idiomatic design and encourages the use of - stdlib HTTP handlers and middlwares. + stdlib HTTP handlers and middlewares. - chi v2 deprecates its `chi.Handler` interface and requires `http.Handler` or `http.HandlerFunc` - chi v2 stores URL routing parameters and patterns in the standard request context: `r.Context()` - chi v2 lower-level routing context is accessible by `chi.RouteContext(r.Context()) *chi.Context`, diff --git a/vendor/github.com/go-chi/chi/v5/README.md b/vendor/github.com/go-chi/chi/v5/README.md index 718e373fa..4b1c99d12 100644 --- a/vendor/github.com/go-chi/chi/v5/README.md +++ b/vendor/github.com/go-chi/chi/v5/README.md @@ -494,7 +494,7 @@ Copyright (c) 2015-present [Peter Kieltyka](https://github.com/pkieltyka) Licensed under [MIT License](./LICENSE) -[GoDoc]: https://pkg.go.dev/github.com/go-chi/chi?tab=versions +[GoDoc]: https://pkg.go.dev/github.com/go-chi/chi/v5 [GoDoc Widget]: https://godoc.org/github.com/go-chi/chi?status.svg [Travis]: https://travis-ci.org/go-chi/chi [Travis Widget]: https://travis-ci.org/go-chi/chi.svg?branch=master diff --git a/vendor/github.com/go-chi/chi/v5/SECURITY.md b/vendor/github.com/go-chi/chi/v5/SECURITY.md new file mode 100644 index 000000000..7e937f87f --- /dev/null +++ b/vendor/github.com/go-chi/chi/v5/SECURITY.md @@ -0,0 +1,5 @@ +# Reporting Security Issues + +We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. + +To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/go-chi/chi/security/advisories/new) tab. diff --git a/vendor/github.com/go-chi/chi/v5/context.go b/vendor/github.com/go-chi/chi/v5/context.go index 88f8e221a..82e5f2890 100644 --- a/vendor/github.com/go-chi/chi/v5/context.go +++ b/vendor/github.com/go-chi/chi/v5/context.go @@ -60,7 +60,7 @@ type Context struct { URLParams RouteParams // Route parameters matched for the current sub-router. It is - // intentionally unexported so it cant be tampered. + // intentionally unexported so it can't be tampered. routeParams RouteParams // The endpoint routing pattern that matched the request URI path @@ -92,6 +92,7 @@ func (x *Context) Reset() { x.routeParams.Keys = x.routeParams.Keys[:0] x.routeParams.Values = x.routeParams.Values[:0] x.methodNotAllowed = false + x.methodsAllowed = x.methodsAllowed[:0] x.parentCtx = nil } @@ -113,18 +114,20 @@ func (x *Context) URLParam(key string) string { // // For example, // -// func Instrument(next http.Handler) http.Handler { -// return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { -// next.ServeHTTP(w, r) -// routePattern := chi.RouteContext(r.Context()).RoutePattern() -// measure(w, r, routePattern) -// }) -// } +// func Instrument(next http.Handler) http.Handler { +// return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { +// next.ServeHTTP(w, r) +// routePattern := chi.RouteContext(r.Context()).RoutePattern() +// measure(w, r, routePattern) +// }) +// } func (x *Context) RoutePattern() string { routePattern := strings.Join(x.RoutePatterns, "") routePattern = replaceWildcards(routePattern) - routePattern = strings.TrimSuffix(routePattern, "//") - routePattern = strings.TrimSuffix(routePattern, "/") + if routePattern != "/" { + routePattern = strings.TrimSuffix(routePattern, "//") + routePattern = strings.TrimSuffix(routePattern, "/") + } return routePattern } diff --git a/vendor/github.com/go-chi/chi/v5/mux.go b/vendor/github.com/go-chi/chi/v5/mux.go index 977aa52dd..735ab2323 100644 --- a/vendor/github.com/go-chi/chi/v5/mux.go +++ b/vendor/github.com/go-chi/chi/v5/mux.go @@ -250,20 +250,19 @@ func (mx *Mux) With(middlewares ...func(http.Handler) http.Handler) Router { return im } -// Group creates a new inline-Mux with a fresh middleware stack. It's useful +// Group creates a new inline-Mux with a copy of middleware stack. It's useful // for a group of handlers along the same routing path that use an additional // set of middlewares. See _examples/. func (mx *Mux) Group(fn func(r Router)) Router { - im := mx.With().(*Mux) + im := mx.With() if fn != nil { fn(im) } return im } -// Route creates a new Mux with a fresh middleware stack and mounts it -// along the `pattern` as a subrouter. Effectively, this is a short-hand -// call to Mount. See _examples/. +// Route creates a new Mux and mounts it along the `pattern` as a subrouter. +// Effectively, this is a short-hand call to Mount. See _examples/. func (mx *Mux) Route(pattern string, fn func(r Router)) Router { if fn == nil { panic(fmt.Sprintf("chi: attempting to Route() a nil subrouter on '%s'", pattern)) diff --git a/vendor/github.com/pivotal-cf/brokerapi/v10/api_options.go b/vendor/github.com/pivotal-cf/brokerapi/v10/api_options.go index 488b24173..69e51c215 100644 --- a/vendor/github.com/pivotal-cf/brokerapi/v10/api_options.go +++ b/vendor/github.com/pivotal-cf/brokerapi/v10/api_options.go @@ -27,9 +27,20 @@ import ( type middlewareFunc func(http.Handler) http.Handler +type config struct { + router chi.Router + customRouter bool + logger lager.Logger + additionalMiddleware []middlewareFunc +} + func NewWithOptions(serviceBroker domain.ServiceBroker, logger lager.Logger, opts ...Option) http.Handler { - cfg := newDefaultConfig(logger) - WithOptions(append(opts, withDefaultMiddleware())...)(cfg) + cfg := config{ + router: chi.NewRouter(), + logger: logger, + } + + WithOptions(append(opts, withDefaultMiddleware())...)(&cfg) attachRoutes(cfg.router, serviceBroker, logger) return cfg.router @@ -50,12 +61,25 @@ func WithBrokerCredentials(brokerCredentials BrokerCredentials) Option { } } +// WithCustomAuth adds the specified middleware *before* any other middleware. +// Despite the name, any middleware can be added whether nor not it has anything to do with authentication. +// But `WithAdditionalMiddleware()` may be a better choice if the middleware is not related to authentication. +// Can be called multiple times. func WithCustomAuth(authMiddleware middlewareFunc) Option { return func(c *config) { c.router.Use(authMiddleware) } } +// WithAdditionalMiddleware adds the specified middleware *after* the default middleware. +// Can be called multiple times. +// This option is ignored if `WithRouter()` is used. +func WithAdditionalMiddleware(m middlewareFunc) Option { + return func(c *config) { + c.additionalMiddleware = append(c.additionalMiddleware, m) + } +} + // WithEncodedPath used to opt in to a gorilla/mux behaviour that would treat encoded // slashes "/" as IDs. For example, it would change `PUT /v2/service_instances/foo%2Fbar` // to treat `foo%2Fbar` as an instance ID, while the default behavior was to treat it @@ -70,11 +94,17 @@ func WithEncodedPath() Option { func withDefaultMiddleware() Option { return func(c *config) { if !c.customRouter { - c.router.Use(middlewares.APIVersionMiddleware{LoggerFactory: c.logger}.ValidateAPIVersionHdr) - c.router.Use(middlewares.AddCorrelationIDToContext) - c.router.Use(middlewares.AddOriginatingIdentityToContext) - c.router.Use(middlewares.AddInfoLocationToContext) - c.router.Use(middlewares.AddRequestIdentityToContext) + defaults := []middlewareFunc{ + middlewares.APIVersionMiddleware{LoggerFactory: c.logger}.ValidateAPIVersionHdr, + middlewares.AddCorrelationIDToContext, + middlewares.AddOriginatingIdentityToContext, + middlewares.AddInfoLocationToContext, + middlewares.AddRequestIdentityToContext, + } + + for _, m := range append(defaults, c.additionalMiddleware...) { + c.router.Use(m) + } } } } @@ -86,17 +116,3 @@ func WithOptions(opts ...Option) Option { } } } - -func newDefaultConfig(logger lager.Logger) *config { - return &config{ - router: chi.NewRouter(), - customRouter: false, - logger: logger, - } -} - -type config struct { - router chi.Router - customRouter bool - logger lager.Logger -} diff --git a/vendor/modules.txt b/vendor/modules.txt index b715d6746..ae36653b4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -63,7 +63,7 @@ github.com/gabriel-vasile/mimetype github.com/gabriel-vasile/mimetype/internal/charset github.com/gabriel-vasile/mimetype/internal/json github.com/gabriel-vasile/mimetype/internal/magic -# github.com/go-chi/chi/v5 v5.0.10 +# github.com/go-chi/chi/v5 v5.0.11 ## explicit; go 1.14 github.com/go-chi/chi/v5 # github.com/go-logr/logr v1.4.1 @@ -164,7 +164,7 @@ github.com/openzipkin/zipkin-go/model # github.com/pborman/uuid v1.2.1 ## explicit github.com/pborman/uuid -# github.com/pivotal-cf/brokerapi/v10 v10.1.1 +# github.com/pivotal-cf/brokerapi/v10 v10.2.0 ## explicit; go 1.20 github.com/pivotal-cf/brokerapi/v10 github.com/pivotal-cf/brokerapi/v10/auth