Commit 1b5c7bd
authored
build(deps): bump github.com/cyphar/filepath-securejoin from 0.4.1 to 0.5.0 (#103)
Bumps
[github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin)
from 0.4.1 to 0.5.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md">github.com/cyphar/filepath-securejoin's
changelog</a>.</em></p>
<blockquote>
<h2>[0.5.0] - 2025-09-26</h2>
<blockquote>
<p>Let the past die. Kill it if you have to.</p>
</blockquote>
<blockquote>
<p><strong>NOTE</strong>: With this release, some parts of
<code>github.com/cyphar/filepath-securejoin</code> are now licensed
under the Mozilla
Public License (version 2). Please see <a
href="./COPYING.md">COPYING.md</a> as well as the the
license header in each file for more details.</p>
</blockquote>
<h3>Breaking</h3>
<ul>
<li>
<p>The new API introduced in the [0.3.0][] release has been moved to a
new
subpackage called <code>pathrs-lite</code>. This was primarily done to
better indicate
the split between the new and old APIs, as well as indicate to users the
purpose of this subpackage (it is a less complete version of
[libpathrs][]).</p>
<p>We have added some wrappers to the top-level package to ease the
transition,
but those are deprecated and will be removed in the next minor release
of
filepath-securejoin. Users should update their import paths.</p>
<p>This new subpackage has also been relicensed under the Mozilla Public
License
(version 2), please see <a href="./COPYING.md">COPYING.md</a> for more
details.</p>
</li>
</ul>
<h3>Added</h3>
<ul>
<li>
<p>Most of the key bits the safe <code>procfs</code> API have now been
exported and are
available in
<code>github.com/cyphar/filepath-securejoin/pathrs-lite/procfs</code>.
At
the moment this primarily consists of a new <code>procfs.Handle</code>
API:</p>
<ul>
<li>
<p><code>OpenProcRoot</code> returns a new handle to <code>/proc</code>,
endeavouring to make it
safe if possible (<code>subset=pid</code> to protect against mistaken
write attacks
and leaks, as well as using <code>fsopen(2)</code> to avoid racing mount
attacks).</p>
<p><code>OpenUnsafeProcRoot</code> returns a handle without attempting
to create one
with <code>subset=pid</code>, which makes it more dangerous to leak.
Most users
should use <code>OpenProcRoot</code> (even if you need to use
<code>ProcRoot</code> as the base
of an operation, as filepath-securejoin will internally open a handle
when
necessary).</p>
</li>
<li>
<p>The <code>(*procfs.Handle).Open*</code> family of methods lets you
get a safe
<code>O_PATH</code> handle to subpaths within <code>/proc</code> for
certain subpaths.</p>
<p>For <code>OpenThreadSelf</code>, the returned
<code>ProcThreadSelfCloser</code> needs to be
called after you completely finish using the handle (this is necessary
because Go is multi-threaded and <code>ProcThreadSelf</code> references
<code>/proc/thread-self</code> which may disappear if we do not
<code>runtime.LockOSThread</code> -- <code>ProcThreadSelfCloser</code>
is currently equivalent
to <code>runtime.UnlockOSThread</code>).</p>
<p>Note that you cannot open any <code>procfs</code> symlinks (most
notably magic-links)</p>
</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/bb9e81fe9c0f84b1f0a638e48e41dc5f2ead43f0"><code>bb9e81f</code></a>
VERSION: release 0.5.0</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/17e58e1fb52c5ab12973be3dc69825af4cfeee36"><code>17e58e1</code></a>
CHANGELOG: minor updates</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/cc071b2d3ac259e289c008f2d60dbd7238e69354"><code>cc071b2</code></a>
hack: properly test ./...</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/a1c1895b6752ac0c42e303a04dd19271452f4000"><code>a1c1895</code></a>
CHANGELOG: fix kernel version for open_tree(2)</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/432c95ee30466b3bf93352290e46e6fb251924c5"><code>432c95e</code></a>
doc: minor godoc improvements</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/90002f21fbb33563a9722121a0f6541d842c143d"><code>90002f2</code></a>
CHANGELOG: mention MPLv2 in pathrs-lite entry</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/59fcb8b2e09f7d9e1b977db79eb6bdc949aa18dc"><code>59fcb8b</code></a>
COPYING: fix reference to pathrs-lite internal pkgs</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/43797e7c4b2be2755ce76a3c6e18abfde2ae2ea4"><code>43797e7</code></a>
pathrs-lite: add Close to procfs wrapper</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/2a0e2b69cd9a336a587fefb55ba7a2626eae341c"><code>2a0e2b6</code></a>
pathrs-lite: move Reopen impl to internal/procfs</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/3c5e239abba10ac2b0c6bcd4de577d91551d7107"><code>3c5e239</code></a>
*: update and improve godocs</li>
<li>Additional commits viewable in <a
href="https://github.com/cyphar/filepath-securejoin/compare/v0.4.1...v0.5.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>2 files changed
+3
-3
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3 | 3 | | |
4 | 4 | | |
5 | 5 | | |
6 | | - | |
| 6 | + | |
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
12 | 12 | | |
13 | 13 | | |
14 | 14 | | |
15 | | - | |
16 | | - | |
| 15 | + | |
| 16 | + | |
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
| |||
0 commit comments