[pull] master from valyala:master #94
Open
+5,573
−2,242
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Adds a workflow to run fasthttp's fuzzers in the CI.
This is required for google/oss-fuzz#11453
* update go.sum * update build tag
From the Go docs: - Fuzz targets should be fast and deterministic so the fuzzing engine can work efficiently, and new failures and code coverage can be easily reproduced. - Since the fuzz target is invoked in parallel across multiple workers and in nondeterministic order, the state of a fuzz target should not persist past the end of each call, and the behavior of a fuzz target should not depend on global state.
…to use DNS resolution because they have already determined that the requested address is a list of IP addresses. (#1702) Co-authored-by: wangzhengkai.wzk <[email protected]>
* Implement `GetRejectedConnectionsCount` * Implement test for `GetRejectedConnectionsCount`
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v3...v4) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Require that HTTP versions match the following pattern: HTTP/[0-9]\.[0-9]
* Prevent request smuggling Prevent request smuggling when fasthttp is behind a reverse proxy that might interprets headers differently by being stricter. Should also prevent request smuggling when fasthttp is used as the reverse proxy. * Make header value comparison case-insensitive
Bumps [securego/gosec](https://github.com/securego/gosec) from 2.18.2 to 2.19.0. - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](securego/gosec@v2.18.2...v2.19.0) --- updated-dependencies: - dependency-name: securego/gosec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…1525) * adding hijack method and pass proper fields * adding hijack method and pass proper fields - adding tests * improve hijack handling, use proper test for hijacking * extend hijackhandler propogation to NewFastHTTPHandlerFunc * align hijacking of fasthttp adaptor net request with fasthttp request, safe conn handling for proper release of resources and custom hijack handler for more controlled by hijacking implementation * Implement actual behaviour of net/http Hijacker --------- Co-authored-by: Erik Dubbelboer <[email protected]>
CIFuzz has low memory limits that we keep hitting without there being an issue.
* feat:support zstd compress and uncompressed * fix:real & stackless write using different pool to avoid get stackless.writer * fix:zstd normalize compress level * Change empty string checks to be more idiomatic (#1684) * chore:lint fix and rebase with master * chore:remove 1.18 test & upgrade compress version * fix:error default compress level * Fix lint --------- Co-authored-by: Erik Dubbelboer <[email protected]>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.19.0 to 0.20.0. - [Commits](golang/crypto@v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
http://google.com#@github.com parses incorrectly as github.com instead of google.com. Reported by Jesse Yang
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.32.0 to 0.33.0. - [Commits](golang/net@v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This improves links rendering on pkg.go.dev.
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.28.0 to 0.29.0. - [Commits](golang/sys@v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.31.0 to 0.32.0. - [Commits](golang/crypto@v0.31.0...v0.32.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [securego/gosec](https://github.com/securego/gosec) from 2.21.4 to 2.22.0. - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](securego/gosec@v2.21.4...v2.22.0) --- updated-dependencies: - dependency-name: securego/gosec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore: migrate https://github.com/valyala/tcplisten * chore: merge upstream PR #6 from valyala/tcplisten: Backport TCP backlog size update of uint16->uint32 with Linux * chore: merge upstream PR #10 from valyala/tcplisten: add support for dual-stack socket * refactor: update to modern Go syntax * doc: update README.md * refactor: replace valyala/tcplisten package with custom implementation * fix: the goroutine calls T.Fatalf, which must be called in the same goroutine as the test * fix: golangci-lint * fix: add windows fallback * fix: prevent integer overflow * test: skip TestConfigDeferAccept, TestConfigFastOpen, TestConfigAll on non-linux OS * fix: resolve overflow security issue and use wrapped error * refactor: migrate from syscall to golang.org/x/sys/unix for better compatibility * chore: merge upstream PR #8 from valyala/tcplisten: z/OS Compatibility * refactor: rename tcplisten_bsd.go to tscplisten_other.go
* client: Client {} supports custom Transport
* client: Modify some interfaces to be exportable
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.34.0. - [Commits](golang/net@v0.33.0...v0.34.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Use github.com and .io instead of example.com and google.com as they are probably more reliable within Github actions.
* client: add interfaces for reading clientConn * client: add docs
DoRedirects was not using DisablePathNormalizing for the initial request like the other Do function. This change is not completely backwards compatible, but I can't imagine a real world scenario in which this was the desired behaviour.
…#1928) * refact: represent trailer filed by [][]byte instead of []argsKV * fix: address golangci-lint warnings
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.29.0 to 0.30.0. - [Commits](golang/sys@v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.32.0 to 0.33.0. - [Commits](golang/crypto@v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.34.0 to 0.35.0. - [Commits](golang/net@v0.34.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Initial update * update remaining tests * update .gitignore * update another test, fix linting * fix tests * add missing Vary header
Bumps [securego/gosec](https://github.com/securego/gosec) from 2.22.0 to 2.22.1. - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](securego/gosec@v2.22.0...v2.22.1) --- updated-dependencies: - dependency-name: securego/gosec dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Renamed the original `delAllArgs` method to `delAllArgsStable` to maintain stable behavior. - Added a new `delAllArgs` method for non-stable functionality, improving runtime efficiency.
* fix: accept invalid headers with a space #1917 Make behavior consistent with net/http by allowing header keys and trailers containing spaces without canonicalizing them * fix: lint paramTypeCombine * fix: #1953 (comment) * fix: golangci-lint nestingReduce
erikdubbelboer
force-pushed
the
master
branch
from
1c04f5e to
086a114
Compare
#1958) Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.17.11 to 1.18.0. - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](klauspost/compress@v1.17.11...v1.18.0) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* add related project for opentelemetry-go-auto-instrumentation * Update README.md
The fuzzer found some cases where it would panic. The output of normalizeHeaderValue doesn't need to affect s.b and s.hLen because the length of the normalized header will never be bigger, so it can just be normalize in place without affecting the rest of the buffer.
Some of our dependences require the supported versions of Go. For example github.com/golang/crypto now requires 1.23 or higher. See: golang/crypto@89ff08d For more information on the new policy of the Go team see: golang/go#69095 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
erikdubbelboer
force-pushed
the
master
branch
from
6ef78c2 to
69dc7b1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )