Skip to content

Bump gixy-ng from 0.2.27 to 0.2.33#43

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/main/gixy-ng-0.2.33
Closed

Bump gixy-ng from 0.2.27 to 0.2.33#43
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/main/gixy-ng-0.2.33

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2026

Bumps gixy-ng from 0.2.27 to 0.2.33.

Release notes

Sourced from gixy-ng's releases.

v0.2.33

Fixed

  • status_page_exposed false positive: Servers listening only on Unix sockets (e.g. listen unix:/run/nginx/status.sock) no longer trigger the missing IP restrictions warning, since Unix domain sockets are inherently inaccessible from the network (#101).

v0.2.32

Fixed

  • HSTS false positive: security_headers on; (ngx_security_headers module) is now recognized as providing HSTS — no longer flags "Missing HSTS header".
  • HSTS false positive: more_set_headers setting Strict-Transport-Security is now recognized as providing HSTS.
  • ssl_prefer_server_ciphers false positive: Inverted the check — on is now flagged (LOW) instead of off (MEDIUM). All authoritative sources (Mozilla, nginx maintainers) recommend off for modern cipher lists.

v0.2.31

What's Changed

New Features

  • status_page_exposed: New security check that detects NGINX stub_status directives publicly accessible without IP restrictions. The stub_status module exposes server metrics (active connections, requests handled, etc.) that can aid attackers in reconnaissance. The check flags configurations missing allow directives or deny all.

Full Changelog

dvershinin/gixy@v0.2.30...v0.2.31

v0.2.30

What's Changed

Bug Fixes

  • regex_redos: Fixed false positive in ReDoS detection for optional groups (? quantifier). Patterns like ([a-z]+/)? with inner quantifiers are no longer incorrectly flagged as nested quantifier vulnerabilities, since the ? quantifier (0 or 1 times) cannot cause exponential backtracking.

Full Changelog

dvershinin/gixy@v0.2.29...v0.2.30

v0.2.29

Changed

  • Parser: Use parse_string() API directly instead of temporary file workaround, now that ngxparse supports it.

Full Changelog: dvershinin/gixy@v0.2.28...v0.2.29

v0.2.28

Changed

  • Dependency: Switched from crossplane to ngxparse for NGINX config parsing. ngxparse is a maintained fork with bug fixes and the same API.

Fixed

  • Parser: Fixed tokenization of adjacent braced variables like ${var1}${var2} in map directives (ngxparse 0.5.16).

Full Changelog: dvershinin/gixy@v0.2.27...v0.2.28

Changelog

Sourced from gixy-ng's changelog.

[0.2.33] - 2026-02-09

Fixed

  • status_page_exposed false positive: Servers listening only on Unix sockets (e.g. listen unix:/run/nginx/status.sock) no longer trigger the missing IP restrictions warning, since Unix domain sockets are inherently inaccessible from the network (#101).

[0.2.32] - 2026-02-07

Fixed

  • HSTS false positive: security_headers on; (ngx_security_headers module) is now recognized as providing HSTS — no longer flags "Missing HSTS header".
  • HSTS false positive: more_set_headers setting Strict-Transport-Security is now recognized as providing HSTS.
  • ssl_prefer_server_ciphers false positive: Inverted the check — on is now flagged (LOW) instead of off (MEDIUM). All authoritative sources (Mozilla, nginx maintainers) recommend off for modern cipher lists.

[0.2.29] - 2026-01-30

Changed

  • Parser: Use parse_string() API directly instead of temporary file workaround, now that ngxparse supports it.

[0.2.28] - 2026-01-30

Changed

  • Dependency: Switched from crossplane to ngxparse for NGINX config parsing. ngxparse is a maintained fork with bug fixes and the same API.

Fixed

  • Parser: Fixed tokenization of adjacent braced variables like ${var1}${var2} in map directives (ngxparse 0.5.16).

[0.2.25] - 2025-12-28

Changed

  • Terminology: User-facing documentation now uses "checks" instead of "plugins" for clarity and consistency.
  • CLI: --checks is now the primary flag for selecting checks to run (--tests remains as a backward-compatible alias).
  • Configuration: Config files now prefer checks = ... over tests = ... (both still work for backward compatibility).
  • Help URLs: Plugin help URLs are now auto-generated from class names using kebab-case slugs (e.g., http_splitting/checks/http-splitting/).
  • Documentation URLs: All check documentation moved from /plugins/ to /checks/ path with kebab-case naming.

Fixed

  • Pre-commit hooks: Removed hardcoded filesystem paths; hooks now work in any environment.
  • Documentation front-matter: Fixed missing/short SEO metadata in Chinese documentation files.

Developer

  • Plugin base class now auto-generates help_url property from class name (no manual URL definition needed).
  • Plugins can override with _help_url class attribute for external documentation links.
  • Pre-commit check validates documentation file existence instead of URL format.

[0.2.24] - 2025-12-25

Added

  • New plugin: hsts_header: Detects missing or weak Strict-Transport-Security (HSTS) configuration on HTTPS servers.
  • New plugin: http2_misdirected_request: Detects default_server + HTTP/2 + ssl_reject_handshake on setups missing a defensive location / { return 421; }.

Changed

... (truncated)

Commits
  • 0d3f6ff release: v0.2.33
  • 73990d6 fix: skip status_page_exposed warning for Unix socket listeners (#101)
  • b3bb8c4 release: v0.2.32
  • 04936da fix: resolve false positives in hsts_header and ssl_prefer_server_ciphers checks
  • 0afe730 chore: remove pre-commit config from version control
  • 79c2a3f fix: replace pre-commit config symlink with actual file content
  • c857b6c release: v0.2.31
  • e02bb48 feat(plugin): add status_page_exposed check for unprotected stub_status
  • 77c9fcb release: v0.2.30
  • a3e45a0 fix(regex_redos): don't flag ? quantifier as nested quantifier vulnerability
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump gixy-ng from 0.2.27 to 0.2.33
9761d70 
Bumps [gixy-ng](https://github.com/dvershinin/gixy) from 0.2.27 to 0.2.33.
- [Release notes](https://github.com/dvershinin/gixy/releases)
- [Changelog](https://github.com/dvershinin/gixy/blob/master/CHANGELOG.md)
- [Commits](dvershinin/gixy@v0.2.27...v0.2.33)

---
updated-dependencies:
- dependency-name: gixy-ng
  dependency-version: 0.2.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 9, 2026
@dependabot dependabot bot mentioned this pull request Feb 9, 2026
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 12, 2026

Superseded by #45.

@dependabot dependabot bot closed this Feb 12, 2026
@dependabot dependabot bot deleted the dependabot/pip/main/gixy-ng-0.2.33 branch February 12, 2026 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants