-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix path param override by query params #3946
fix path param override by query params #3946
Conversation
WalkthroughThe recent updates focus on enhancing the Echo Service API by introducing optional parameters to methods across several files, adding new message structures for nested messages, and implementing additional test functions. These changes aim to enrich the API's functionality, address security concerns related to parameter overwriting, and improve test coverage. The modifications span across both annotated and unannotated echo services, reflecting a comprehensive approach to evolving the API's capabilities. Changes
Assessment against linked issues
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 0
Configuration used: CodeRabbit UI
Files ignored due to path filters (7)
examples/internal/clients/echo/api/swagger.yaml
is excluded by:!**/*.yaml
examples/internal/clients/unannotatedecho/api/swagger.yaml
is excluded by:!**/*.yaml
examples/internal/proto/examplepb/echo_service.pb.go
is excluded by:!**/*.pb.go
examples/internal/proto/examplepb/echo_service.pb.gw.go
is excluded by:!**/*.pb.gw.go
examples/internal/proto/examplepb/echo_service.swagger.json
is excluded by:!**/*.json
examples/internal/proto/examplepb/unannotated_echo_service.pb.go
is excluded by:!**/*.pb.go
examples/internal/proto/examplepb/unannotated_echo_service.swagger.json
is excluded by:!**/*.json
Files selected for processing (10)
- examples/internal/clients/echo/api_echo_service.go (24 hunks)
- examples/internal/clients/echo/model_examplepb_nested_message.go (1 hunks)
- examples/internal/clients/echo/model_examplepb_simple_message.go (1 hunks)
- examples/internal/clients/unannotatedecho/api_unannotated_echo_service.go (9 hunks)
- examples/internal/clients/unannotatedecho/model_examplepb_unannotated_nested_message.go (1 hunks)
- examples/internal/clients/unannotatedecho/model_examplepb_unannotated_simple_message.go (1 hunks)
- examples/internal/integration/integration_test.go (2 hunks)
- examples/internal/proto/examplepb/echo_service.proto (3 hunks)
- examples/internal/proto/examplepb/unannotated_echo_service.proto (2 hunks)
- runtime/query.go (2 hunks)
Additional comments: 26
examples/internal/clients/echo/model_examplepb_nested_message.go (1)
- 12-15: The
ExamplepbNestedMessage
struct is well-defined with appropriate JSON tags foromitempty
. This ensures that these fields will only be included in the JSON output if they are not empty, which is a good practice for optional fields.examples/internal/clients/unannotatedecho/model_examplepb_unannotated_nested_message.go (1)
- 13-16: The
ExamplepbUnannotatedNestedMessage
struct is correctly defined with JSON tags indicating optional fields (omitempty
). This is consistent with the approach taken inmodel_examplepb_nested_message.go
, ensuring uniform handling of optional fields across related structs.examples/internal/clients/echo/model_examplepb_simple_message.go (1)
- 22-23: The addition of
ResourceId
andNId
fields to theExamplepbSimpleMessage
struct is consistent with the PR's objective to enhance security by preventing path parameter overrides. The use of pointers for complex types (*ExamplepbNestedMessage
) is a good practice for indicating optional fields in Go.examples/internal/clients/unannotatedecho/model_examplepb_unannotated_simple_message.go (1)
- 25-26: The addition of
ResourceId
andNId
fields to theExamplepbUnannotatedSimpleMessage
struct aligns with the changes made in the annotated version, ensuring consistency across both annotated and unannotated versions. This supports the PR's goal of enhancing security through the URL routing mechanism.examples/internal/proto/examplepb/unannotated_echo_service.proto (2)
- 25-28: The definition of
UnannotatedNestedMessage
with fieldsn_id
andval
is correctly implemented in Proto3 syntax. This addition is necessary for supporting the new validation logic that prevents path parameter override.- 45-47: The addition of
resource_id
andn_id
fields toUnannotatedSimpleMessage
is consistent with the changes in the corresponding Go structs, ensuring that the protobuf definitions align with the backend models. This is crucial for the integrity of the data model and the security enhancements described in the PR.examples/internal/proto/examplepb/echo_service.proto (3)
- 23-26: The
NestedMessage
message type is correctly defined withn_id
andval
fields, following Proto3 syntax. This addition supports the new security feature by allowing nested messages to be securely passed without risking path parameter override.- 42-44: The addition of
resource_id
andn_id
fields to theSimpleMessage
message type is correctly implemented. This change is essential for the security feature that prevents path parameter overrides by ensuring these fields are explicitly defined in the message structure.- 72-73: The new route bindings for
resource_id
andn_id
in theEchoService
service are correctly added, following the grpc-gateway conventions. These bindings are necessary for the new security feature to function correctly by ensuring that these parameters are handled appropriately in the URL routing.runtime/query.go (2)
- 73-101: The
normalizeFieldPath
function is correctly implemented, ensuring that field paths are normalized based on the message descriptor. This is crucial for the security feature, as it ensures that query parameters are correctly mapped to their corresponding fields without allowing for path parameter overrides.- 103-134: The
findFieldFromPath
function is well-implemented, providing a mechanism to retrieve a field descriptor and its value from a given field path. This function is essential for the new security feature, as it aids in accurately parsing and populating fields from a message, ensuring that query parameters do not override path parameters.examples/internal/clients/unannotatedecho/api_unannotated_echo_service.go (3)
- 45-47: The addition of
ResourceId
,NIdNId
, andNIdVal
as optional parameters in theUnannotatedEchoServiceEchoOpts
struct aligns with the PR's objectives to enhance security by preventing path parameter overrides. This ensures that these new fields are correctly handled in the API calls.- 253-255: Similarly, the addition of
ResourceId
,NIdNId
, andNIdVal
as optional parameters in theUnannotatedEchoServiceEcho2Opts
struct is consistent with the changes made in theUnannotatedEchoServiceEchoOpts
struct, ensuring uniform handling of these new fields across different API calls.- 595-597: The inclusion of
ResourceId
,NIdNId
, andNIdVal
as optional parameters in theUnannotatedEchoServiceEchoDeleteOpts
struct is a necessary extension of the security feature to delete operations, ensuring that these fields can be passed securely without risking path parameter override.examples/internal/clients/echo/api_echo_service.go (8)
- 43-45: The addition of
ResourceId
,NIdNId
, andNIdVal
as optional parameters in the method signatures is consistent with the PR's objective to enhance security by preventing query parameters from overriding path parameters. This change ensures that these new parameters are considered in the query construction, aligning with the security enhancement goals.- 59-61: The inclusion of
ResourceId
,NIdNId
, andNIdVal
in theEchoServiceEchoOpts
struct is correctly implemented. These fields are marked as optional, which is appropriate given their use case in query parameter construction. This change supports the PR's objective of enhancing URL routing security.- 105-113: The implementation correctly adds the new optional parameters
ResourceId
,NIdNId
, andNIdVal
to the query parameters in theEchoServiceEcho
method. This ensures that these parameters are included in the request, supporting the PR's security enhancements.- 203-205: The addition of
ResourceId
,NIdNId
, andNIdVal
as optional parameters in theEchoServiceEcho2
method aligns with the PR's objectives. This consistent application of security enhancements across methods is noted and approved.- 218-220: The inclusion of
ResourceId
,NIdNId
, andNIdVal
in theEchoServiceEcho2Opts
struct is correctly implemented, supporting the PR's security objectives by allowing these parameters to be included in the query string.- 262-270: The correct implementation of adding
ResourceId
,NIdNId
, andNIdVal
to the query parameters in theEchoServiceEcho2
method is noted. This consistency in applying security enhancements across different methods is crucial for the overall security objective of the PR.- 360-362: The addition of
ResourceId
,NIdNId
, andNIdVal
as optional parameters in theEchoServiceEcho3
method is consistent with the PR's security enhancement goals. This change is correctly implemented.- 374-376: The inclusion of
ResourceId
,NIdNId
, andNIdVal
in theEchoServiceEcho3Opts
struct supports the PR's objective of enhancing security. These fields are correctly marked as optional and are implemented consistently across the service methods.examples/internal/integration/integration_test.go (4)
- 49-51: The addition of
testEchoPathParamOverwrite
,testEchoNested
, andtestEchoNestedOverride
functions expands the test coverage for theTestEcho
function, specifically testing the prevention of path parameter override by query parameters.- 355-381: The
testEchoPathParamOverwrite
function correctly tests the scenario where a query parameter (resourceId
) attempts to override a path parameter. It validates that the path parameter's value remains unchanged, ensuring path parameters' immutability.- 384-409: The
testEchoNested
function tests nested parameter handling, ensuring that nested query parameters (n_id.val
) are correctly parsed and do not override path parameters. This test is crucial for validating the handling of complex parameter structures.- 412-436: The
testEchoNestedOverride
function tests the prevention of nested path parameter override by nested query parameters (nId.nId
). It ensures that nested path parameters remain immutable against query parameter manipulation, which is essential for maintaining the integrity of URL routing.
@coderabbitai review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 1
Configuration used: CodeRabbit UI
Files selected for processing (3)
- examples/internal/proto/examplepb/echo_service.proto (3 hunks)
- examples/internal/proto/examplepb/unannotated_echo_service.proto (2 hunks)
- runtime/query.go (2 hunks)
Files skipped from review as they are similar to previous changes (2)
- examples/internal/proto/examplepb/echo_service.proto
- examples/internal/proto/examplepb/unannotated_echo_service.proto
Additional comments: 1
runtime/query.go (1)
- 55-60: The implementation of
normalizeFieldPath
within theParse
method effectively prevents query parameters from overriding path parameters by normalizing field paths. This change is crucial for enhancing security by ensuring the immutability of requested resource URLs. However, it's important to ensure that all possible edge cases are covered in the test scenarios, especially those involving nested fields and arrays.Verification successful
The verification process has successfully identified the presence of test cases
testEchoNested
andtestEchoNestedOverride
withinexamples/internal/integration/integration_test.go
. This confirms that the test scenarios covering edge cases for nested fields and arrays, as mentioned in the review comment, do exist in the codebase.Scripts Executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Verify that test scenarios cover edge cases for nested fields and arrays. rg "testEchoNested" tests/ rg "testEchoNestedOverride" tests/Length of output: 155
Script:
#!/bin/bash # Attempting a broader search for test cases covering nested fields and arrays without assuming a specific directory name. rg "testEchoNested" --type-add 'custom:*.go' --type custom rg "testEchoNestedOverride" --type-add 'custom:*.go' --type customLength of output: 676
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review Status
Actionable comments generated: 0
Configuration used: CodeRabbit UI
Files selected for processing (3)
- examples/internal/clients/echo/BUILD.bazel (1 hunks)
- examples/internal/clients/unannotatedecho/BUILD.bazel (1 hunks)
- runtime/query.go (2 hunks)
Additional comments: 5
examples/internal/clients/unannotatedecho/BUILD.bazel (1)
- 13-13: Added
model_examplepb_unannotated_nested_message.go
to thesrcs
list of thego_library
rule. This change is straightforward and aligns with the PR's objective to enhance the Echo Service API and Unannotated Echo Service with new structs to support enhanced validation logic.examples/internal/clients/echo/BUILD.bazel (1)
- 14-14: Added
model_examplepb_nested_message.go
to thesrcs
list of thego_library
rule. This addition is consistent with the PR's goals to introduce new structs for supporting the updated validation logic in the Echo Service API.runtime/query.go (3)
- 55-60: The logic within the
Parse
method now includes calls tonormalizeFieldPath
andpopulateFieldValueFromPath
, reflecting the PR's strategy to prevent query parameters from overriding path parameters. This change is crucial for enhancing security. Ensure that thefilter.HasCommonPrefix(fieldPath)
check correctly filters out unwanted fields before attempting to populate field values.- 73-103: The
normalizeFieldPath
function transforms field paths based on the message descriptor, ensuring that the field names used in the URL match the actual field names in the message. This function is a key part of the new validation logic. It's important to verify that this function correctly handles edge cases, such as fields not found in the message descriptor, and that it only allows singular message fields to be navigated. The logic appears sound, but testing for edge cases in field names (e.g., JSON names vs. Protobuf field names) is recommended.- 104-104: The
populateFieldValueFromPath
function is responsible for setting the value of a field in a message based on the provided path and value(s). This function is central to the PR's functionality, ensuring that query parameters do not override path parameters. It's important to ensure comprehensive error handling and validation of field types, especially for repeated fields and maps. The implementation seems to align with these requirements, but additional testing for complex field types (e.g., maps, oneofs) is advised.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thank you so much for coming back and reimplementing a fix for this :). Trust me, I appreciate the security concerns. I'll prepare a new release with this fix in place. |
… v2.19.1 (#30854) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/grpc-ecosystem/grpc-gateway/v2](https://togithub.com/grpc-ecosystem/grpc-gateway) | `v2.19.0` -> `v2.19.1` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.0/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.0/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>grpc-ecosystem/grpc-gateway (github.com/grpc-ecosystem/grpc-gateway/v2)</summary> ### [`v2.19.1`](https://togithub.com/grpc-ecosystem/grpc-gateway/releases/tag/v2.19.1) [Compare Source](https://togithub.com/grpc-ecosystem/grpc-gateway/compare/v2.19.0...v2.19.1) #### What's Changed - (fix) remove internal comments from generated protoComments by [@​kiambogo](https://togithub.com/kiambogo) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3864](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3864) - fix(protoc-gen-openapiv2): exclude from query params oneof fields in the same group as the one used in the body by [@​ovargas](https://togithub.com/ovargas) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3862](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3862) - If no subfields are set in a map, add the field to fieldMask by [@​sbansal7](https://togithub.com/sbansal7) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3879](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3879) - Parse request body when using X-HTTP-Method-Override header by [@​eyasy1217](https://togithub.com/eyasy1217) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3918](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3918) - fix path param override by query params by [@​ljmsc](https://togithub.com/ljmsc) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3946](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3946) #### New Contributors - [@​kiambogo](https://togithub.com/kiambogo) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3864](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3864) - [@​ovargas](https://togithub.com/ovargas) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3862](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3862) - [@​sbansal7](https://togithub.com/sbansal7) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3879](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3879) - [@​eyasy1217](https://togithub.com/eyasy1217) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3918](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3918) **Full Changelog**: grpc-ecosystem/grpc-gateway@v2.19.0...v2.19.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector-contrib). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: opentelemetrybot <107717825+opentelemetrybot@users.noreply.github.com>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [github.com/grpc-ecosystem/grpc-gateway/v2](https://togithub.com/grpc-ecosystem/grpc-gateway) | `v2.19.0` -> `v2.19.1` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.0/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.0/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | patch | | | All locks refreshed | [![age](https://developer.mend.io/api/mc/badges/age///?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption///?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility////?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence////?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | lockFileMaintenance | | [jekyll-feed](https://togithub.com/jekyll/jekyll-feed) | `0.15.1` -> `0.17.0` | [![age](https://developer.mend.io/api/mc/badges/age/rubygems/jekyll-feed/0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/rubygems/jekyll-feed/0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/rubygems/jekyll-feed/0.15.1/0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/rubygems/jekyll-feed/0.15.1/0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | minor | --- ### Release Notes <details> <summary>grpc-ecosystem/grpc-gateway (github.com/grpc-ecosystem/grpc-gateway/v2)</summary> ### [`v2.19.1`](https://togithub.com/grpc-ecosystem/grpc-gateway/releases/tag/v2.19.1) [Compare Source](https://togithub.com/grpc-ecosystem/grpc-gateway/compare/v2.19.0...v2.19.1) #### What's Changed - (fix) remove internal comments from generated protoComments by [@​kiambogo](https://togithub.com/kiambogo) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3864](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3864) - fix(protoc-gen-openapiv2): exclude from query params oneof fields in the same group as the one used in the body by [@​ovargas](https://togithub.com/ovargas) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3862](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3862) - If no subfields are set in a map, add the field to fieldMask by [@​sbansal7](https://togithub.com/sbansal7) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3879](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3879) - Parse request body when using X-HTTP-Method-Override header by [@​eyasy1217](https://togithub.com/eyasy1217) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3918](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3918) - fix path param override by query params by [@​ljmsc](https://togithub.com/ljmsc) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3946](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3946) #### New Contributors - [@​kiambogo](https://togithub.com/kiambogo) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3864](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3864) - [@​ovargas](https://togithub.com/ovargas) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3862](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3862) - [@​sbansal7](https://togithub.com/sbansal7) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3879](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3879) - [@​eyasy1217](https://togithub.com/eyasy1217) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3918](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3918) **Full Changelog**: grpc-ecosystem/grpc-gateway@v2.19.0...v2.19.1 </details> <details> <summary>jekyll/jekyll-feed (jekyll-feed)</summary> ### [`v0.17.0`](https://togithub.com/jekyll/jekyll-feed/blob/HEAD/History.markdown#0170--2022-10-14) [Compare Source](https://togithub.com/jekyll/jekyll-feed/compare/v0.16.0...v0.17.0) ##### Documentation - Update CI status badge ([#​363](https://togithub.com/jekyll/jekyll-feed/issues/363)) ##### Development Fixes - Add Ruby 3.1 to the CI matrix ([#​365](https://togithub.com/jekyll/jekyll-feed/issues/365)) ##### Minor Enhancements - Allow disabling of jekyll-feed while in development ([#​370](https://togithub.com/jekyll/jekyll-feed/issues/370)) ### [`v0.16.0`](https://togithub.com/jekyll/jekyll-feed/blob/HEAD/History.markdown#0160--2022-01-03) [Compare Source](https://togithub.com/jekyll/jekyll-feed/compare/v0.15.1...v0.16.0) ##### Minor Enhancements - Add support for `page.description` in front matter to become entry `<summary>` ([#​297](https://togithub.com/jekyll/jekyll-feed/issues/297)) ##### Bug Fixes - Fold private methods into the `:render` method as local variables ([#​327](https://togithub.com/jekyll/jekyll-feed/issues/327)) - Check `post.categories` instead of `post.category` ([#​357](https://togithub.com/jekyll/jekyll-feed/issues/357)) - Switched xml_escape for `<![CDATA[]]>` for post content ([#​332](https://togithub.com/jekyll/jekyll-feed/issues/332)) ##### Development Fixes - Add Ruby 3.0 to CI ([#​337](https://togithub.com/jekyll/jekyll-feed/issues/337)) - Lock RuboCop to v1.18.x ([#​348](https://togithub.com/jekyll/jekyll-feed/issues/348)) - Add workflow to release gem via GH Action ([#​355](https://togithub.com/jekyll/jekyll-feed/issues/355)) ##### Documentation - Use `.atom` extension in documented examples since we write an Atom feed ([#​359](https://togithub.com/jekyll/jekyll-feed/issues/359)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
… v2.19.1 (open-telemetry#30854) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/grpc-ecosystem/grpc-gateway/v2](https://togithub.com/grpc-ecosystem/grpc-gateway) | `v2.19.0` -> `v2.19.1` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.0/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.0/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>grpc-ecosystem/grpc-gateway (github.com/grpc-ecosystem/grpc-gateway/v2)</summary> ### [`v2.19.1`](https://togithub.com/grpc-ecosystem/grpc-gateway/releases/tag/v2.19.1) [Compare Source](https://togithub.com/grpc-ecosystem/grpc-gateway/compare/v2.19.0...v2.19.1) #### What's Changed - (fix) remove internal comments from generated protoComments by [@&open-telemetry#8203;kiambogo](https://togithub.com/kiambogo) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3864](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3864) - fix(protoc-gen-openapiv2): exclude from query params oneof fields in the same group as the one used in the body by [@&open-telemetry#8203;ovargas](https://togithub.com/ovargas) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3862](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3862) - If no subfields are set in a map, add the field to fieldMask by [@&open-telemetry#8203;sbansal7](https://togithub.com/sbansal7) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3879](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3879) - Parse request body when using X-HTTP-Method-Override header by [@&open-telemetry#8203;eyasy1217](https://togithub.com/eyasy1217) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3918](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3918) - fix path param override by query params by [@&open-telemetry#8203;ljmsc](https://togithub.com/ljmsc) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3946](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3946) #### New Contributors - [@&open-telemetry#8203;kiambogo](https://togithub.com/kiambogo) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3864](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3864) - [@&open-telemetry#8203;ovargas](https://togithub.com/ovargas) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3862](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3862) - [@&open-telemetry#8203;sbansal7](https://togithub.com/sbansal7) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3879](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3879) - [@&open-telemetry#8203;eyasy1217](https://togithub.com/eyasy1217) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3918](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3918) **Full Changelog**: grpc-ecosystem/grpc-gateway@v2.19.0...v2.19.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/open-telemetry/opentelemetry-collector-contrib). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: opentelemetrybot <107717825+opentelemetrybot@users.noreply.github.com>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go | `v1.31.0-20230914171853-63dfe56cc2c4.1` -> `v1.32.0-20231115204500-e097f827e652.1` | [![age](https://developer.mend.io/api/mc/badges/age/go/buf.build%2fgen%2fgo%2fbufbuild%2fprotovalidate%2fprotocolbuffers%2fgo/v1.32.0-20231115204500-e097f827e652.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/buf.build%2fgen%2fgo%2fbufbuild%2fprotovalidate%2fprotocolbuffers%2fgo/v1.32.0-20231115204500-e097f827e652.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/buf.build%2fgen%2fgo%2fbufbuild%2fprotovalidate%2fprotocolbuffers%2fgo/v1.31.0-20230914171853-63dfe56cc2c4.1/v1.32.0-20231115204500-e097f827e652.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/buf.build%2fgen%2fgo%2fbufbuild%2fprotovalidate%2fprotocolbuffers%2fgo/v1.31.0-20230914171853-63dfe56cc2c4.1/v1.32.0-20231115204500-e097f827e652.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | minor | | [github.com/aws/aws-sdk-go](https://togithub.com/aws/aws-sdk-go) | `v1.50.1` -> `v1.50.10` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2faws%2faws-sdk-go/v1.50.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2faws%2faws-sdk-go/v1.50.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2faws%2faws-sdk-go/v1.50.1/v1.50.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2faws%2faws-sdk-go/v1.50.1/v1.50.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | patch | | [github.com/bufbuild/buf](https://togithub.com/bufbuild/buf) | `v1.28.1` -> `v1.29.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fbufbuild%2fbuf/v1.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fbufbuild%2fbuf/v1.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fbufbuild%2fbuf/v1.28.1/v1.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fbufbuild%2fbuf/v1.28.1/v1.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | minor | | [github.com/goccy/go-yaml](https://togithub.com/goccy/go-yaml) | `v1.11.2` -> `v1.11.3` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgoccy%2fgo-yaml/v1.11.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgoccy%2fgo-yaml/v1.11.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgoccy%2fgo-yaml/v1.11.2/v1.11.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgoccy%2fgo-yaml/v1.11.2/v1.11.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | patch | | [github.com/google/uuid](https://togithub.com/google/uuid) | `v1.5.0` -> `v1.6.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgoogle%2fuuid/v1.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgoogle%2fuuid/v1.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgoogle%2fuuid/v1.5.0/v1.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgoogle%2fuuid/v1.5.0/v1.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | minor | | [github.com/grpc-ecosystem/grpc-gateway/v2](https://togithub.com/grpc-ecosystem/grpc-gateway) | `v2.19.0` -> `v2.19.1` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.0/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgrpc-ecosystem%2fgrpc-gateway%2fv2/v2.19.0/v2.19.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | patch | | [github.com/jackc/pgx/v5](https://togithub.com/jackc/pgx) | `v5.5.2` -> `v5.5.3` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fjackc%2fpgx%2fv5/v5.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fjackc%2fpgx%2fv5/v5.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fjackc%2fpgx%2fv5/v5.5.2/v5.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fjackc%2fpgx%2fv5/v5.5.2/v5.5.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | patch | | [github.com/planetscale/vtprotobuf](https://togithub.com/planetscale/vtprotobuf) | `v0.5.0` -> `v0.6.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fplanetscale%2fvtprotobuf/v0.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fplanetscale%2fvtprotobuf/v0.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fplanetscale%2fvtprotobuf/v0.5.0/v0.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fplanetscale%2fvtprotobuf/v0.5.0/v0.6.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | minor | | [github.com/pterm/pterm](https://togithub.com/pterm/pterm) | `v0.12.75` -> `v0.12.78` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fpterm%2fpterm/v0.12.78?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fpterm%2fpterm/v0.12.78?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fpterm%2fpterm/v0.12.75/v0.12.78?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fpterm%2fpterm/v0.12.75/v0.12.78?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | patch | | [github.com/rivo/tview](https://togithub.com/rivo/tview) | `8526c9f` -> `861aa94` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2frivo%2ftview/?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2frivo%2ftview/?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2frivo%2ftview/v0.0.0-20240122063236-8526c9fe1b54/?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2frivo%2ftview/v0.0.0-20240122063236-8526c9fe1b54/?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | digest | | [google.golang.org/genproto/googleapis/api](https://togithub.com/googleapis/go-genproto) | `ef43131` -> `1f4bbc5` | [![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgenproto%2fgoogleapis%2fapi/?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fgenproto%2fgoogleapis%2fapi/?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fgenproto%2fgoogleapis%2fapi/v0.0.0-20240123012728-ef4313101c80/?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgenproto%2fgoogleapis%2fapi/v0.0.0-20240123012728-ef4313101c80/?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | digest | | [google.golang.org/grpc](https://togithub.com/grpc/grpc-go) | `v1.60.1` -> `v1.61.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgrpc/v1.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fgrpc/v1.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fgrpc/v1.60.1/v1.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgrpc/v1.60.1/v1.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | require | minor | --- ### Release Notes <details> <summary>aws/aws-sdk-go (github.com/aws/aws-sdk-go)</summary> ### [`v1.50.10`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v15010-2024-02-02) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.9...v1.50.10) \=== ##### Service Client Updates - `service/dynamodb`: Updates service API, documentation, waiters, paginators, and examples - Any number of users can execute up to 50 concurrent restores (any type of restore) in a given account. - `service/sagemaker`: Updates service API and documentation - Amazon SageMaker Canvas adds GenerativeAiSettings support for CanvasAppSettings. ### [`v1.50.9`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1509-2024-02-01) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.8...v1.50.9) \=== ##### Service Client Updates - `service/cognito-idp`: Updates service API and documentation - `service/ivs`: Updates service API, documentation, and paginators - `service/managedblockchain-query`: Updates service API and documentation - `service/mediaconvert`: Updates service API and documentation - This release includes support for broadcast-mixed audio description tracks. ### [`v1.50.8`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1508-2024-01-31) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.7...v1.50.8) \=== ##### Service Client Updates - `service/cloudformation`: Updates service API, documentation, paginators, and examples - CloudFormation IaC generator allows you to scan existing resources in your account and select resources to generate a template for a new or existing CloudFormation stack. - `service/elasticloadbalancingv2`: Updates service API and documentation - `service/glue`: Updates service API and documentation - Update page size limits for GetJobRuns and GetTriggers APIs. - `service/ssm`: Updates service API and documentation - This release adds an optional Duration parameter to StateManager Associations. This allows customers to specify how long an apply-only-on-cron association execution should run. Once the specified Duration is out all the ongoing cancellable commands or automations are cancelled. ### [`v1.50.7`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1507-2024-01-30) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.6...v1.50.7) \=== ##### Service Client Updates - `service/datazone`: Updates service API and documentation - `service/route53`: Updates service documentation - Update the SDKs for text changes in the APIs. ### [`v1.50.6`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1506-2024-01-29) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.5...v1.50.6) \=== ##### Service Client Updates - `service/autoscaling`: Updates service API and documentation - EC2 Auto Scaling customers who use attribute based instance-type selection can now intuitively define their Spot instances price protection limit as a percentage of the lowest priced On-Demand instance type. - `service/comprehend`: Updates service documentation - `service/ec2`: Updates service API and documentation - EC2 Fleet customers who use attribute based instance-type selection can now intuitively define their Spot instances price protection limit as a percentage of the lowest priced On-Demand instance type. - `service/mwaa`: Updates service API and documentation - `service/rds`: Updates service API, documentation, waiters, paginators, and examples - Introduced support for the InsufficientDBInstanceCapacityFault error in the RDS RestoreDBClusterFromSnapshot and RestoreDBClusterToPointInTime API methods. This provides enhanced error handling, ensuring a more robust experience. - `service/snowball`: Updates service documentation - Modified description of createaddress to include direction to add path when providing a JSON file. ### [`v1.50.5`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1505-2024-01-26) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.4...v1.50.5) \=== ##### Service Client Updates - `service/connect`: Updates service API - `service/inspector2`: Updates service API and documentation - `service/sagemaker`: Updates service API and documentation - Amazon SageMaker Automatic Model Tuning now provides an API to programmatically delete tuning jobs. ### [`v1.50.4`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1504-2024-01-25) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.3...v1.50.4) \=== ##### Service Client Updates - `service/acm-pca`: Updates service API, documentation, and waiters - `service/lightsail`: Updates service API and documentation - This release adds support for IPv6-only instance plans. ### [`v1.50.3`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1503-2024-01-24) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.2...v1.50.3) \=== ##### Service Client Updates - `service/ec2`: Updates service API and documentation - Introduced a new clientToken request parameter on CreateNetworkAcl and CreateRouteTable APIs. The clientToken parameter allows idempotent operations on the APIs. - `service/ecs`: Updates service documentation - Documentation updates for Amazon ECS. - `service/outposts`: Updates service API - `service/rds`: Updates service API, documentation, waiters, paginators, and examples - This release adds support for Aurora Limitless Database. - `service/storagegateway`: Updates service API and documentation - Add DeprecationDate and SoftwareVersion to response of ListGateways. ### [`v1.50.2`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1502-2024-01-23) [Compare Source](https://togithub.com/aws/aws-sdk-go/compare/v1.50.1...v1.50.2) \=== ##### Service Client Updates - `service/inspector2`: Updates service API, documentation, and paginators </details> <details> <summary>bufbuild/buf (github.com/bufbuild/buf)</summary> ### [`v1.29.0`](https://togithub.com/bufbuild/buf/blob/HEAD/CHANGELOG.md#v1290---2024-01-24) [Compare Source](https://togithub.com/bufbuild/buf/compare/v1.28.1...v1.29.0) - Add support for `yaml` format. All commands that take image inputs, output images, or convert between message formats, now take `yaml` as a format, in addition to the existing `binpb` and `txtpb` formats. Some examples: - `buf build -o image.yaml` - `buf ls-files image.yaml` - `buf convert --type foo.Bar --from input.binpb --to output.yaml` - The `yaml` and `json` formats now accept two new options: `use_proto_names` and `use_enum_numbers`. This affects output serialization. Some examples: - `buf convert --type foo.Bar --from input.binpb --to output.yaml#use_proto_names=true` - `buf convert --type foo.Bar --from input.binpb --to -#format=yaml,use_enum_numbers=true` - Fix issue where `buf format` would inadvertently mangle files that used the [expanded `Any` syntax](https://protobuf.com/docs/language-spec#any-messages) in option values. </details> <details> <summary>goccy/go-yaml (github.com/goccy/go-yaml)</summary> ### [`v1.11.3`](https://togithub.com/goccy/go-yaml/releases/tag/v1.11.3): 1.11.3 [Compare Source](https://togithub.com/goccy/go-yaml/compare/v1.11.2...v1.11.3) #### What's Changed - fix: remove any trailing empty lines if the block scalar has strip indicator by [@​zoncoen](https://togithub.com/zoncoen) in [/~https://github.com/goccy/go-yaml/pull/421](https://togithub.com/goccy/go-yaml/pull/421) **Full Changelog**: goccy/go-yaml@v1.11.2...v1.11.3 </details> <details> <summary>google/uuid (github.com/google/uuid)</summary> ### [`v1.6.0`](https://togithub.com/google/uuid/releases/tag/v1.6.0) [Compare Source](https://togithub.com/google/uuid/compare/v1.5.0...v1.6.0) ##### Features - add Max UUID constant ([#​149](https://togithub.com/google/uuid/issues/149)) ([c58770e](https://togithub.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3)) ##### Bug Fixes - fix typo in version 7 uuid documentation ([#​153](https://togithub.com/google/uuid/issues/153)) ([016b199](https://togithub.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06)) - Monotonicity in UUIDv7 ([#​150](https://togithub.com/google/uuid/issues/150)) ([a2b2b32](https://togithub.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6)) </details> <details> <summary>grpc-ecosystem/grpc-gateway (github.com/grpc-ecosystem/grpc-gateway/v2)</summary> ### [`v2.19.1`](https://togithub.com/grpc-ecosystem/grpc-gateway/releases/tag/v2.19.1) [Compare Source](https://togithub.com/grpc-ecosystem/grpc-gateway/compare/v2.19.0...v2.19.1) #### What's Changed - (fix) remove internal comments from generated protoComments by [@​kiambogo](https://togithub.com/kiambogo) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3864](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3864) - fix(protoc-gen-openapiv2): exclude from query params oneof fields in the same group as the one used in the body by [@​ovargas](https://togithub.com/ovargas) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3862](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3862) - If no subfields are set in a map, add the field to fieldMask by [@​sbansal7](https://togithub.com/sbansal7) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3879](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3879) - Parse request body when using X-HTTP-Method-Override header by [@​eyasy1217](https://togithub.com/eyasy1217) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3918](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3918) - fix path param override by query params by [@​ljmsc](https://togithub.com/ljmsc) in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3946](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3946) #### New Contributors - [@​kiambogo](https://togithub.com/kiambogo) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3864](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3864) - [@​ovargas](https://togithub.com/ovargas) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3862](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3862) - [@​sbansal7](https://togithub.com/sbansal7) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3879](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3879) - [@​eyasy1217](https://togithub.com/eyasy1217) made their first contribution in [/~https://github.com/grpc-ecosystem/grpc-gateway/pull/3918](https://togithub.com/grpc-ecosystem/grpc-gateway/pull/3918) **Full Changelog**: grpc-ecosystem/grpc-gateway@v2.19.0...v2.19.1 </details> <details> <summary>jackc/pgx (github.com/jackc/pgx/v5)</summary> ### [`v5.5.3`](https://togithub.com/jackc/pgx/compare/v5.5.2...v5.5.3) [Compare Source](https://togithub.com/jackc/pgx/compare/v5.5.2...v5.5.3) </details> <details> <summary>planetscale/vtprotobuf (github.com/planetscale/vtprotobuf)</summary> ### [`v0.6.0`](https://togithub.com/planetscale/vtprotobuf/releases/tag/v0.6.0) [Compare Source](https://togithub.com/planetscale/vtprotobuf/compare/v0.5.0...v0.6.0) #### Notable new features - Support for Well-Known Type Wrappers ([/~https://github.com/planetscale/vtprotobuf/pull/99](https://togithub.com/planetscale/vtprotobuf/pull/99)) - Unsafe unmarshalling without memory allocations ([/~https://github.com/planetscale/vtprotobuf/pull/103](https://togithub.com/planetscale/vtprotobuf/pull/103)) - Support for custom build tags ([/~https://github.com/planetscale/vtprotobuf/pull/122](https://togithub.com/planetscale/vtprotobuf/pull/122)) - Support for using wildcards when choosing which objects to pool ([/~https://github.com/planetscale/vtprotobuf/pull/115](https://togithub.com/planetscale/vtprotobuf/pull/115)) #### List of all merged PRs - feat: use vtpool when cloning poolable objects by [@​kruskall](https://togithub.com/kruskall) in [/~https://github.com/planetscale/vtprotobuf/pull/95](https://togithub.com/planetscale/vtprotobuf/pull/95) - fix: do not try to reset nil objects by [@​kruskall](https://togithub.com/kruskall) in [/~https://github.com/planetscale/vtprotobuf/pull/96](https://togithub.com/planetscale/vtprotobuf/pull/96) - Fix misspell in clone.go by [@​cristaloleg](https://togithub.com/cristaloleg) in [/~https://github.com/planetscale/vtprotobuf/pull/98](https://togithub.com/planetscale/vtprotobuf/pull/98) - Well known type wrappers by [@​vmg](https://togithub.com/vmg) in [/~https://github.com/planetscale/vtprotobuf/pull/99](https://togithub.com/planetscale/vtprotobuf/pull/99) - Added well-known types generated by vtproto plugin by [@​biosvs](https://togithub.com/biosvs) in [/~https://github.com/planetscale/vtprotobuf/pull/93](https://togithub.com/planetscale/vtprotobuf/pull/93) - Add `unmarshal_unsafe` feature by [@​nockty](https://togithub.com/nockty) in [/~https://github.com/planetscale/vtprotobuf/pull/103](https://togithub.com/planetscale/vtprotobuf/pull/103) - fix: ResetVT oneof by [@​evgfedotov](https://togithub.com/evgfedotov) in [/~https://github.com/planetscale/vtprotobuf/pull/109](https://togithub.com/planetscale/vtprotobuf/pull/109) - Fix alloc qualify ident by [@​evgfedotov](https://togithub.com/evgfedotov) in [/~https://github.com/planetscale/vtprotobuf/pull/113](https://togithub.com/planetscale/vtprotobuf/pull/113) - fix: check oneof on syntetic by [@​evgfedotov](https://togithub.com/evgfedotov) in [/~https://github.com/planetscale/vtprotobuf/pull/111](https://togithub.com/planetscale/vtprotobuf/pull/111) - Support `Struct` for wellknown type wrappers by [@​howardjohn](https://togithub.com/howardjohn) in [/~https://github.com/planetscale/vtprotobuf/pull/116](https://togithub.com/planetscale/vtprotobuf/pull/116) - Bump go.mod dependencies by [@​howardjohn](https://togithub.com/howardjohn) in [/~https://github.com/planetscale/vtprotobuf/pull/119](https://togithub.com/planetscale/vtprotobuf/pull/119) - Make generated code use public helpers instead of generating them by [@​nockty](https://togithub.com/nockty) in [/~https://github.com/planetscale/vtprotobuf/pull/120](https://togithub.com/planetscale/vtprotobuf/pull/120) - Downgrade `grpc` to version 1.58.2 by [@​nockty](https://togithub.com/nockty) in [/~https://github.com/planetscale/vtprotobuf/pull/121](https://togithub.com/planetscale/vtprotobuf/pull/121) - Fix: Append check on IsMap in pool message generation by [@​evgfedotov](https://togithub.com/evgfedotov) in [/~https://github.com/planetscale/vtprotobuf/pull/124](https://togithub.com/planetscale/vtprotobuf/pull/124) - Add ability to include a build tag by [@​howardjohn](https://togithub.com/howardjohn) in [/~https://github.com/planetscale/vtprotobuf/pull/122](https://togithub.com/planetscale/vtprotobuf/pull/122) - Fix: Prevent out of bounds access when unsafe unmarshalling empty strings by [@​maheeshap-canopus](https://togithub.com/maheeshap-canopus) in [/~https://github.com/planetscale/vtprotobuf/pull/127](https://togithub.com/planetscale/vtprotobuf/pull/127) - feature: pool with wildcard by [@​evgfedotov](https://togithub.com/evgfedotov) in [/~https://github.com/planetscale/vtprotobuf/pull/115](https://togithub.com/planetscale/vtprotobuf/pull/115) #### New Contributors - [@​kruskall](https://togithub.com/kruskall) made their first contribution in [/~https://github.com/planetscale/vtprotobuf/pull/95](https://togithub.com/planetscale/vtprotobuf/pull/95) - [@​cristaloleg](https://togithub.com/cristaloleg) made their first contribution in [/~https://github.com/planetscale/vtprotobuf/pull/98](https://togithub.com/planetscale/vtprotobuf/pull/98) - [@​nockty](https://togithub.com/nockty) made their first contribution in [/~https://github.com/planetscale/vtprotobuf/pull/103](https://togithub.com/planetscale/vtprotobuf/pull/103) - [@​evgfedotov](https://togithub.com/evgfedotov) made their first contribution in [/~https://github.com/planetscale/vtprotobuf/pull/109](https://togithub.com/planetscale/vtprotobuf/pull/109) - [@​howardjohn](https://togithub.com/howardjohn) made their first contribution in [/~https://github.com/planetscale/vtprotobuf/pull/116](https://togithub.com/planetscale/vtprotobuf/pull/116) - [@​maheeshap-canopus](https://togithub.com/maheeshap-canopus) made their first contribution in [/~https://github.com/planetscale/vtprotobuf/pull/127](https://togithub.com/planetscale/vtprotobuf/pull/127) **Full Changelog**: planetscale/vtprotobuf@v0.5.0...v0.6.0 </details> <details> <summary>pterm/pterm (github.com/pterm/pterm)</summary> ### [`v0.12.78`](https://togithub.com/pterm/pterm/releases/tag/v0.12.78) [Compare Source](https://togithub.com/pterm/pterm/compare/v0.12.77...v0.12.78) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Fixes 🔧 - fix(progressbar): `Progressbar` and `Logger` did not work together co… by [@​MarvinJWendt](https://togithub.com/MarvinJWendt) in [/~https://github.com/pterm/pterm/pull/627](https://togithub.com/pterm/pterm/pull/627) - fix(textinput): fixed text width calculation by [@​auntan](https://togithub.com/auntan) in [/~https://github.com/pterm/pterm/pull/624](https://togithub.com/pterm/pterm/pull/624) #### New Contributors - [@​auntan](https://togithub.com/auntan) made their first contribution in [/~https://github.com/pterm/pterm/pull/624](https://togithub.com/pterm/pterm/pull/624) **Full Changelog**: pterm/pterm@v0.12.77...v0.12.78 ### [`v0.12.77`](https://togithub.com/pterm/pterm/releases/tag/v0.12.77) [Compare Source](https://togithub.com/pterm/pterm/compare/v0.12.76...v0.12.77) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Fixes 🔧 - fix: graceful handling of odd args by [@​TylerGillson](https://togithub.com/TylerGillson) in [/~https://github.com/pterm/pterm/pull/629](https://togithub.com/pterm/pterm/pull/629) #### New Contributors - [@​TylerGillson](https://togithub.com/TylerGillson) made their first contribution in [/~https://github.com/pterm/pterm/pull/629](https://togithub.com/pterm/pterm/pull/629) **Full Changelog**: pterm/pterm@v0.12.76...v0.12.77 ### [`v0.12.76`](https://togithub.com/pterm/pterm/releases/tag/v0.12.76) [Compare Source](https://togithub.com/pterm/pterm/compare/v0.12.75...v0.12.76) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Fixes 🔧 - fix(rgb): `Sprintf` did not format properly by [@​MarvinJWendt](https://togithub.com/MarvinJWendt) in [/~https://github.com/pterm/pterm/pull/622](https://togithub.com/pterm/pterm/pull/622) **Full Changelog**: pterm/pterm@v0.12.75...v0.12.76 </details> <details> <summary>grpc/grpc-go (google.golang.org/grpc)</summary> ### [`v1.61.0`](https://togithub.com/grpc/grpc-go/releases/tag/v1.61.0): Release 1.61.0 [Compare Source](https://togithub.com/grpc/grpc-go/compare/v1.60.1...v1.61.0) ### New Features - resolver: provide method, `AuthorityOverrider`, to allow resolver.Builders to override the default authority for a `ClientConn`. (EXPERIMENTAL) ([#​6752](https://togithub.com/grpc/grpc-go/issues/6752)) - Special Thanks: [@​Aditya-Sood](https://togithub.com/Aditya-Sood) - xds: add support for mTLS Credentials in xDS bootstrap ([gRFC A65](github.com/grpc/proposal/blob/8c31bfedded5f0a51c4933e9e9a8246122f9c41a/A65-xds-mtls-creds-in-bootstrap.md)) ([#​6757](https://togithub.com/grpc/grpc-go/issues/6757)) - Special Thanks: [@​atollena](https://togithub.com/atollena) - server: add `grpc.WaitForHandlers` `ServerOption` to cause `Server.Stop` to block until method handlers return. (EXPERIMENTAL) ([#​6922](https://togithub.com/grpc/grpc-go/issues/6922)) ### Performance Improvements - grpc: skip compression of empty messages as an optimization ([#​6842](https://togithub.com/grpc/grpc-go/issues/6842)) - Special Thanks: [@​jroper](https://togithub.com/jroper) - orca: use atomic pointer to improve performance in server metrics recorder ([#​6799](https://togithub.com/grpc/grpc-go/issues/6799)) - Special Thanks: [@​danielzhaotongliu](https://togithub.com/danielzhaotongliu) ### Bug Fixes - client: correctly enable TCP keepalives with OS defaults on windows ([#​6863](https://togithub.com/grpc/grpc-go/issues/6863)) - Special Thanks: [@​mmatczuk](https://togithub.com/mmatczuk) - server: change some stream operations to return `UNAVAILABLE` instead of `UNKNOWN` when underlying connection is broken ([#​6891](https://togithub.com/grpc/grpc-go/issues/6891)) - Special Thanks: [@​mustafasen81](https://togithub.com/mustafasen81) - server: fix `GracefulStop` to block until all method handlers return (v1.60 regression). ([#​6922](https://togithub.com/grpc/grpc-go/issues/6922)) - server: fix two bugs that could lead to panics at shutdown when using [`NumStreamWorkers`](https://pkg.go.dev/google.golang.org/grpc#NumStreamWorkers) (EXPERIMENTAL). ([#​6856](https://togithub.com/grpc/grpc-go/issues/6856)) - reflection: do not send invalid descriptors to clients for files that cannot be fully resolved ([#​6771](https://togithub.com/grpc/grpc-go/issues/6771)) - Special Thanks: [@​jhump](https://togithub.com/jhump) - xds: don't fail channel/server startup when xds creds is specified, but bootstrap is missing certificate providers ([#​6848](https://togithub.com/grpc/grpc-go/issues/6848)) - xds: Atomically read and write xDS security configuration client side ([#​6796](https://togithub.com/grpc/grpc-go/issues/6796)) - xds/server: fix RDS handling for non-inline route configs ([#​6915](https://togithub.com/grpc/grpc-go/issues/6915)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/cerbos/cerbos). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> --------- Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Charith Ellawala <charith@cerbos.dev> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Charith Ellawala <charith@cerbos.dev>
References to other Issues or PRs
Fixes #3069
original fix was reverted because of #3848
Have you read the Contributing Guidelines?
Yes
Brief description of what is fixed or changed
This PR should fix the possibility to override path parameters with query parameters. It was originally fixed with #3072 but a year later reverted because of #3848. In this PR the fix is a different approach, since the JSON names are the problem, I added a normalization function to rename query param names to the corresponding field name. The validation logic will now drop values which would override path parameters.
Other comments
I once again want to point out the criticality of this issue. A lot of authorization systems validate access based on the requested resource url. With this security issue it is easy to bypass those validations to get unauthorized access to other resources.
Summary by CodeRabbit
New Features
ResourceId
,NIdNId
, andNIdVal
) across various methods to enhance query capabilities.ExamplepbNestedMessage
andExamplepbUnannotatedNestedMessage
structs for improved data structuring.EchoService
andUnannotatedEchoService
with new message types and additional route bindings.Enhancements
ResourceId
andNId
) toExamplepbSimpleMessage
andExamplepbUnannotatedSimpleMessage
structs for better resource identification and nested message support.Refactor
normalizeFieldPath
andfindFieldFromPath
functions inquery.go
for optimized field path normalization and retrieval, enhancing parsing and field population logic.