This is a pragmatic but impure choice, in order to better support the
default tools available on Windows Server, and reduce user confusion due
to otherwise inscrutable-to-the-uninitiated errors like the following:
> invalid character 'þ' looking for beginning of value
> invalid character 'ÿ' looking for beginning of value
While meaningful to those who are familiar with and are equipped to
diagnose encoding issues, these characters will be hidden when the file
is edited with a BOM-aware text editor, and further confuse the user.
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
golang.org/x/net contains a fix for CVE-2022-41717, which was addressed
in stdlib in go1.19.4 and go1.18.9;
> net/http: limit canonical header cache by bytes, not entries
>
> An attacker can cause excessive memory growth in a Go server accepting
> HTTP/2 requests.
>
> HTTP/2 server connections contain a cache of HTTP header keys sent by
> the client. While the total number of entries in this cache is capped,
> an attacker sending very large keys can cause the server to allocate
> approximately 64 MiB per open connection.
>
> This issue is also fixed in golang.org/x/net/http2 v0.4.0,
> for users manually configuring HTTP/2.
full diff: https://github.com/golang/net/compare/v0.2.0...v0.4.0
other dependency updates (due to circular dependencies):
- golang.org/x/sys v0.3.0: https://github.com/golang/sys/compare/v0.2.0...v0.3.0
- golang.org/x/text v0.5.0: https://github.com/golang/text/compare/v0.4.0...v0.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- all changes here are attributed to difference in behaviour between,
namely:
- resolution of secondary test dependencies
- prunning of non-Go files
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This bumps vndr to 9909bb2b8a0b7ea464527b376dc50389c90df587
and revendors dependencies.
Includes a change that prunes go files with `+build ignore`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* run latest vndr so as to collect more LICENSE files
* remove unused packages
* vendor github.com/philhofer/fwd with LICENSE.md (MIT)
* vendor github.com/bsphere/le_go with LICENSE (MIT)
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
