Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Inconsistent HTTP status code on query mismatch #712

Merged
merged 4 commits into from
Aug 17, 2023

Conversation

soheilrt
Copy link
Contributor

The logical behavior of a router should return an HTTP status code of 404 when a request fails to satisfy route validation logic. Previously, MUX was returning a 405 HTTP status code in some rare scenarios, which was not valid in its case.

For more info, See: #704

Fixes #704

Summary of Changes

  1. Clear the mismatch error of the previous validations on method match.
  2. Added related tests

PS: Make sure your PR includes/updates tests! If you need help with this part, just ask!

soheilrt and others added 2 commits July 14, 2023 19:57
The logical behavour of a router should return http status code of 404 when a request fails to stisfy a route validation logics. Before this, mux was returning 405 http status code in some rare scenarios which is not a valid on its case.

For more info, See: gorilla#704
@codecov
Copy link

codecov bot commented Jul 30, 2023

Codecov Report

Merging #712 (74ea253) into main (24c3e7f) will decrease coverage by 0.44%.
The diff coverage is 100.00%.

❗ Current head 74ea253 differs from pull request most recent head f0c4f4f. Consider uploading reports for the commit f0c4f4f to get more accurate results

@@            Coverage Diff             @@
##             main     #712      +/-   ##
==========================================
- Coverage   78.44%   78.01%   -0.44%     
==========================================
  Files           5        5              
  Lines         877      887      +10     
==========================================
+ Hits          688      692       +4     
- Misses        135      140       +5     
- Partials       54       55       +1     
Files Changed Coverage Δ
route.go 68.46% <100.00%> (-0.84%) ⬇️

@soheilrt
Copy link
Contributor Author

soheilrt commented Aug 2, 2023

Hey @coreydaley 👋 Is there anything that I can help you with in here?

@coreydaley
Copy link
Contributor

@soheilrt Thank you for the pull request, we will prioritize it's review based on the priority/severity of the associated github issue during one of our upcoming community meetings.

@coreydaley coreydaley self-assigned this Aug 16, 2023
@coreydaley coreydaley enabled auto-merge (squash) August 17, 2023 01:34
@coreydaley coreydaley merged commit 395ad81 into gorilla:main Aug 17, 2023
6 checks passed
oguzhand95 referenced this pull request in cerbos/cerbos Nov 6, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/aws/aws-sdk-go](https://togithub.com/aws/aws-sdk-go) |
require | minor | `v1.46.6` -> `v1.47.3` |
|
[github.com/bufbuild/protovalidate-go](https://togithub.com/bufbuild/protovalidate-go)
| require | minor | `v0.3.1` -> `v0.4.0` |
|
[github.com/cerbos/cerbos/api/genpb](https://togithub.com/cerbos/cerbos)
| require | digest | `f134903` -> `761a3dc` |
| [github.com/cerbos/cloud-api](https://togithub.com/cerbos/cloud-api) |
require | patch | `v0.1.8` -> `v0.1.9` |
| [github.com/go-logr/zapr](https://togithub.com/go-logr/zapr) | require
| minor | `v1.2.4` -> `v1.3.0` |
| [github.com/gorilla/mux](https://togithub.com/gorilla/mux) | require |
patch | `v1.8.0` -> `v1.8.1` |
| [github.com/jackc/pgx/v5](https://togithub.com/jackc/pgx) | require |
minor | `v5.4.3` -> `v5.5.0` |
| [github.com/lestrrat-go/jwx/v2](https://togithub.com/lestrrat-go/jwx)
| require | patch | `v2.0.15` -> `v2.0.16` |
| [github.com/pterm/pterm](https://togithub.com/pterm/pterm) | require |
patch | `v0.12.69` -> `v0.12.70` |
| [github.com/rivo/tview](https://togithub.com/rivo/tview) | require |
digest | `8b7bcf9` -> `1b91b81` |
| [github.com/twmb/franz-go](https://togithub.com/twmb/franz-go) |
require | patch | `v1.15.1` -> `v1.15.2` |
| [github.com/vektra/mockery/v2](https://togithub.com/vektra/mockery) |
require | patch | `v2.36.0` -> `v2.36.1` |
| golang.org/x/sync | require | minor | `v0.4.0` -> `v0.5.0` |
|
[google.golang.org/genproto/googleapis/api](https://togithub.com/googleapis/go-genproto)
| require | digest | `49dd2c1` -> `d783a09` |
| [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | require |
minor | `v1.26.0` -> `v1.27.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>aws/aws-sdk-go (github.com/aws/aws-sdk-go)</summary>

###
[`v1.47.3`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1473-2023-11-03)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.47.2...v1.47.3)

\===

##### Service Client Updates

-   `service/config`: Updates service API
-   `service/connect`: Updates service API and documentation
-   `service/iotwireless`: Updates service API and documentation
-   `service/launch-wizard`: Adds new service

###
[`v1.47.2`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1472-2023-11-02)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.47.1...v1.47.2)

\===

##### Service Client Updates

-   `service/apprunner`: Updates service API and documentation
-   `service/connect`: Updates service documentation
-   `service/gamelift`: Updates service API and documentation
- Amazon GameLift adds support for shared credentials, which allows
applications that are deployed on managed EC2 fleets to interact with
other AWS resources.
-   `service/glue`: Updates service API and documentation
- This release introduces Google BigQuery Source and Target in AWS Glue
CodeGenConfigurationNode.
-   `service/network-firewall`: Updates service API and documentation
-   `service/quicksight`: Updates service API and documentation
- Got confirmed from qmeixua@ about custom week features, and tested
locally with aws cli and java sdk that the subtypes are showing up.

##### SDK Enhancements

- `aws/ec2metadata`: Added environment and shared config support for
disabling IMDSv1 fallback.
- Use env `AWS_EC2_METADATA_V1_DISABLED` or shared config
`ec2_metadata_v1_disabled` accordingly.

###
[`v1.47.1`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1471-2023-11-01)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.47.0...v1.47.1)

\===

##### Service Client Updates

- `service/connect`: Updates service API, documentation, and paginators
- `service/globalaccelerator`: Updates service API, documentation, and
paginators
- `service/rds`: Updates service API, documentation, waiters,
paginators, and examples
- This release adds support for customized networking resources to
Amazon RDS Custom.
-   `service/redshift`: Updates service API and documentation
- Added support for Multi-AZ deployments for Provisioned RA3 clusters
that provide 99.99% SLA availability.
-   `service/sagemaker`: Updates service API and documentation
    -   Support for batch transform input in Model dashboard

###
[`v1.47.0`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1470-2023-10-31)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.7...v1.47.0)

\===

##### Service Client Updates

- `service/amplify`: Updates service API, documentation, and paginators
- `service/application-insights`: Updates service API and documentation
-   `service/ec2`: Updates service API, documentation, and paginators
- Capacity Blocks for ML are a new EC2 purchasing option for reserving
GPU instances on a future date to support short duration machine
learning (ML) workloads. Capacity Blocks automatically place instances
close together inside Amazon EC2 UltraClusters for low-latency,
high-throughput networking.
-   `service/m2`: Updates service API and documentation
-   `service/neptunedata`: Updates service API and documentation
-   `service/translate`: Updates service API and documentation

##### SDK Features

-   `aws`: Bump minimum go version to 1.19.
- See
https://aws.amazon.com/blogs/developer/aws-sdk-for-go-aligns-with-go-release-policy-on-supported-runtimes/.

###
[`v1.46.7`](https://togithub.com/aws/aws-sdk-go/blob/HEAD/CHANGELOG.md#Release-v1467-2023-10-30)

[Compare
Source](https://togithub.com/aws/aws-sdk-go/compare/v1.46.6...v1.46.7)

\===

##### Service Client Updates

-   `service/connect`: Updates service API and documentation
-   `service/dataexchange`: Updates service API and documentation
-   `service/datasync`: Updates service API and documentation
-   `service/finspace`: Updates service API and documentation
-   `service/mediapackagev2`: Updates service API and documentation
- `service/rds`: Updates service API, documentation, waiters,
paginators, and examples
- This release launches the CreateIntegration, DeleteIntegration, and
DescribeIntegrations APIs to manage zero-ETL Integrations.
- `service/redshift-serverless`: Updates service API, documentation, and
paginators
-   `service/resiliencehub`: Updates service API and documentation
-   `service/s3outposts`: Updates service API and documentation
-   `service/wisdom`: Updates service documentation

</details>

<details>
<summary>bufbuild/protovalidate-go
(github.com/bufbuild/protovalidate-go)</summary>

###
[`v0.4.0`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.4.0)

[Compare
Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.4...v0.4.0)

#### What's Changed

- Fix bug where cel expression cannot compile for fields of type
google.protobuf.Any by
[@&#8203;oliversun9](https://togithub.com/oliversun9) in
[https://github.com/bufbuild/protovalidate-go/pull/65](https://togithub.com/bufbuild/protovalidate-go/pull/65)
- Link to connect/validate-go by
[@&#8203;emcfarlane](https://togithub.com/emcfarlane) in
[https://github.com/bufbuild/protovalidate-go/pull/66](https://togithub.com/bufbuild/protovalidate-go/pull/66)
- Run CI on Go 1.19 by
[@&#8203;akshayjshah](https://togithub.com/akshayjshah) in
[https://github.com/bufbuild/protovalidate-go/pull/72](https://togithub.com/bufbuild/protovalidate-go/pull/72)
- Use make lint in CI instead of golangci-lint action by
[@&#8203;oliversun9](https://togithub.com/oliversun9) in
[https://github.com/bufbuild/protovalidate-go/pull/70](https://togithub.com/bufbuild/protovalidate-go/pull/70)
- Add isIpPrefix by [@&#8203;higebu](https://togithub.com/higebu) in
[https://github.com/bufbuild/protovalidate-go/pull/53](https://togithub.com/bufbuild/protovalidate-go/pull/53)

#### New Contributors

- [@&#8203;higebu](https://togithub.com/higebu) made their first
contribution in
[https://github.com/bufbuild/protovalidate-go/pull/53](https://togithub.com/bufbuild/protovalidate-go/pull/53)

**Full Changelog**:
bufbuild/protovalidate-go@v0.3.4...v0.4.0

###
[`v0.3.4`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.4)

[Compare
Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.3...v0.3.4)

#### What's Changed

- Make DefaultResolver public by
[@&#8203;oliversun9](https://togithub.com/oliversun9) in
[https://github.com/bufbuild/protovalidate-go/pull/59](https://togithub.com/bufbuild/protovalidate-go/pull/59)
- Update minimum required Go version from 1.18 to 1.19 by
[@&#8203;nicksnyder](https://togithub.com/nicksnyder) in
[https://github.com/bufbuild/protovalidate-go/pull/62](https://togithub.com/bufbuild/protovalidate-go/pull/62)
- Fix ignore path for resolver.go by
[@&#8203;nicksnyder](https://togithub.com/nicksnyder) in
[https://github.com/bufbuild/protovalidate-go/pull/63](https://togithub.com/bufbuild/protovalidate-go/pull/63)

#### New Contributors

- [@&#8203;nicksnyder](https://togithub.com/nicksnyder) made their first
contribution in
[https://github.com/bufbuild/protovalidate-go/pull/62](https://togithub.com/bufbuild/protovalidate-go/pull/62)

**Full Changelog**:
bufbuild/protovalidate-go@v0.3.3...v0.3.4

###
[`v0.3.3`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.3)

[Compare
Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.2...v0.3.3)

#### What's Changed

- Update benchmarks by [@&#8203;rodaine](https://togithub.com/rodaine)
in
[https://github.com/bufbuild/protovalidate-go/pull/50](https://togithub.com/bufbuild/protovalidate-go/pull/50)
- Bug: transitive field CEL expressions fail to resolve types during
type checking by [@&#8203;rodaine](https://togithub.com/rodaine) in
[https://github.com/bufbuild/protovalidate-go/pull/51](https://togithub.com/bufbuild/protovalidate-go/pull/51)
- Fix loading field message when dependency is more than one step by
[@&#8203;oliversun9](https://togithub.com/oliversun9) in
[https://github.com/bufbuild/protovalidate-go/pull/54](https://togithub.com/bufbuild/protovalidate-go/pull/54)
- Bump github.com/google/cel-go from 0.18.0 to 0.18.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/55](https://togithub.com/bufbuild/protovalidate-go/pull/55)
- Make constraint resolution more flexible to different concrete
extension types by [@&#8203;rodaine](https://togithub.com/rodaine) in
[https://github.com/bufbuild/protovalidate-go/pull/57](https://togithub.com/bufbuild/protovalidate-go/pull/57)
- Move package `celext` out of internal by
[@&#8203;oliversun9](https://togithub.com/oliversun9) in
[https://github.com/bufbuild/protovalidate-go/pull/56](https://togithub.com/bufbuild/protovalidate-go/pull/56)

#### New Contributors

- [@&#8203;oliversun9](https://togithub.com/oliversun9) made their first
contribution in
[https://github.com/bufbuild/protovalidate-go/pull/54](https://togithub.com/bufbuild/protovalidate-go/pull/54)

**Full Changelog**:
bufbuild/protovalidate-go@v0.3.2...v0.3.3

###
[`v0.3.2`](https://togithub.com/bufbuild/protovalidate-go/releases/tag/v0.3.2)

[Compare
Source](https://togithub.com/bufbuild/protovalidate-go/compare/v0.3.1...v0.3.2)

#### What's Changed

- Build validator copy cache on write by
[@&#8203;emcfarlane](https://togithub.com/emcfarlane) in
[https://github.com/bufbuild/protovalidate-go/pull/31](https://togithub.com/bufbuild/protovalidate-go/pull/31)
- Bump github.com/google/cel-go from 0.17.4 to 0.17.6 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/39](https://togithub.com/bufbuild/protovalidate-go/pull/39)
- Bump github.com/google/cel-go from 0.17.6 to 0.18.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/42](https://togithub.com/bufbuild/protovalidate-go/pull/42)
- Bump buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go from
1.31.0-20230824200731-b9b8148056b9.1 to
1.31.0-20230830185350-7a34d6557349.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/41](https://togithub.com/bufbuild/protovalidate-go/pull/41)
- Bypass deprecation lint warning by
[@&#8203;akshayjshah](https://togithub.com/akshayjshah) in
[https://github.com/bufbuild/protovalidate-go/pull/45](https://togithub.com/bufbuild/protovalidate-go/pull/45)
- Bump actions/checkout from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/bufbuild/protovalidate-go/pull/46](https://togithub.com/bufbuild/protovalidate-go/pull/46)
- Cleanup: replace deprecated OptCheckStringFormat by
[@&#8203;rodaine](https://togithub.com/rodaine) in
[https://github.com/bufbuild/protovalidate-go/pull/48](https://togithub.com/bufbuild/protovalidate-go/pull/48)
- Conformance: support for multiple uniques by
[@&#8203;rodaine](https://togithub.com/rodaine) in
[https://github.com/bufbuild/protovalidate-go/pull/49](https://togithub.com/bufbuild/protovalidate-go/pull/49)

#### New Contributors

- [@&#8203;emcfarlane](https://togithub.com/emcfarlane) made their first
contribution in
[https://github.com/bufbuild/protovalidate-go/pull/31](https://togithub.com/bufbuild/protovalidate-go/pull/31)
- [@&#8203;akshayjshah](https://togithub.com/akshayjshah) made their
first contribution in
[https://github.com/bufbuild/protovalidate-go/pull/45](https://togithub.com/bufbuild/protovalidate-go/pull/45)

**Full Changelog**:
bufbuild/protovalidate-go@v0.3.1...v0.3.2

</details>

<details>
<summary>cerbos/cloud-api (github.com/cerbos/cloud-api)</summary>

###
[`v0.1.9`](https://togithub.com/cerbos/cloud-api/compare/v0.1.8...v0.1.9)

[Compare
Source](https://togithub.com/cerbos/cloud-api/compare/v0.1.8...v0.1.9)

</details>

<details>
<summary>go-logr/zapr (github.com/go-logr/zapr)</summary>

### [`v1.3.0`](https://togithub.com/go-logr/zapr/releases/tag/v1.3.0)

[Compare
Source](https://togithub.com/go-logr/zapr/compare/v1.2.4...v1.3.0)

This release adds [support for
slog](https://togithub.com/go-logr/logr#slog-interoperability). zapr
implements `slogr.SlogSink` and therefore can be used through
[`slogr.NewSlogHandler`](https://pkg.go.dev/github.com/go-logr/[email protected]/slogr#NewSlogHandler)
as backend for slog.

#### What's Changed

- Added dependabot by [@&#8203;Neo2308](https://togithub.com/Neo2308) in
[https://github.com/go-logr/zapr/pull/63](https://togithub.com/go-logr/zapr/pull/63)
- Updated min supported version to go 1.18 by
[@&#8203;Neo2308](https://togithub.com/Neo2308) in
[https://github.com/go-logr/zapr/pull/62](https://togithub.com/go-logr/zapr/pull/62)
- update linter config and fix issues by
[@&#8203;pohly](https://togithub.com/pohly) in
[https://github.com/go-logr/zapr/pull/61](https://togithub.com/go-logr/zapr/pull/61)
- Bump github.com/go-logr/logr from 1.2.4 to 1.3.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/71](https://togithub.com/go-logr/zapr/pull/71)
- support slog by [@&#8203;pohly](https://togithub.com/pohly) in
[https://github.com/go-logr/zapr/pull/60](https://togithub.com/go-logr/zapr/pull/60)

***

- Bump github.com/stretchr/testify from 1.8.0 to 1.8.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/65](https://togithub.com/go-logr/zapr/pull/65)
- Bump actions/checkout from 2 to 3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/66](https://togithub.com/go-logr/zapr/pull/66)
- Bump actions/setup-go from 2 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/67](https://togithub.com/go-logr/zapr/pull/67)
- Bump golangci/golangci-lint-action from 2 to 3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/68](https://togithub.com/go-logr/zapr/pull/68)
- Bump actions/checkout from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/69](https://togithub.com/go-logr/zapr/pull/69)
- Bump go.uber.org/zap from 1.24.0 to 1.25.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/64](https://togithub.com/go-logr/zapr/pull/64)
- Bump go.uber.org/zap from 1.25.0 to 1.26.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/go-logr/zapr/pull/70](https://togithub.com/go-logr/zapr/pull/70)

#### New Contributors

- [@&#8203;Neo2308](https://togithub.com/Neo2308) made their first
contribution in
[https://github.com/go-logr/zapr/pull/63](https://togithub.com/go-logr/zapr/pull/63)
- [@&#8203;dependabot](https://togithub.com/dependabot) made their first
contribution in
[https://github.com/go-logr/zapr/pull/65](https://togithub.com/go-logr/zapr/pull/65)

**Full Changelog**:
go-logr/zapr@v1.2.4...v1.3.0

</details>

<details>
<summary>google/cel-go (github.com/google/cel-go)</summary>

### [`v0.18.1`](https://togithub.com/google/cel-go/releases/tag/v0.18.1)

[Compare
Source](https://togithub.com/google/cel-go/compare/v0.18.0...v0.18.1)

#### What's Changed

- Add support for a relative offset within ast.SourceInfo by
\[[#&#8203;836](https://togithub.com/google/cel-go/issues/836)]
- Fix last optional element to be retained as an optional index while
folding \[[#&#8203;841](https://togithub.com/google/cel-go/issues/841)]
- Fix deprecation notice for string format validation
\[[#&#8203;840](https://togithub.com/google/cel-go/issues/840)]
- Update cel-spec and enable wrappers conformance tests
\[[#&#8203;842](https://togithub.com/google/cel-go/issues/842)]
- refactor: remove lexer and parser pools
\[[#&#8203;838](https://togithub.com/google/cel-go/issues/838)]

#### New Contributors

- [@&#8203;TulgaCG](https://togithub.com/TulgaCG) made their first
contribution in
[https://github.com/google/cel-go/pull/835](https://togithub.com/google/cel-go/pull/835)
- [@&#8203;aimuz](https://togithub.com/aimuz) made their first
contribution in
[https://github.com/google/cel-go/pull/838](https://togithub.com/google/cel-go/pull/838)

**Full Changelog**:
google/cel-go@v0.18.0...v0.18.1

### [`v0.18.0`](https://togithub.com/google/cel-go/releases/tag/v0.18.0)

[Compare
Source](https://togithub.com/google/cel-go/compare/v0.17.7...v0.18.0)

#### Features

The latest release of CEL introduces validators
([#&#8203;775](https://togithub.com/google/cel-go/issues/775)) and
optimizers
([#&#8203;804](https://togithub.com/google/cel-go/issues/804),
[#&#8203;827](https://togithub.com/google/cel-go/issues/827)) and
migrates the core CEL internals off of the
protobuf expression and type representations
([#&#8203;789](https://togithub.com/google/cel-go/issues/789)).

- String format validator
\[[#&#8203;775](https://togithub.com/google/cel-go/issues/775)]
- Create a Function that Reverses a String
\[[#&#8203;796](https://togithub.com/google/cel-go/issues/796)]
- Introduce pre-order / post-order visitor pattern
\[[#&#8203;813](https://togithub.com/google/cel-go/issues/813)]
- Add Libraries() function to Env
\[[#&#8203;822](https://togithub.com/google/cel-go/issues/822)]
- Static optimizer for constant folding
\[[#&#8203;804](https://togithub.com/google/cel-go/issues/804)]
- Inlining optimizer
\[[#&#8203;827](https://togithub.com/google/cel-go/issues/827)]
- FindStructTypeFields support for types.Provider
\[[#&#8203;814](https://togithub.com/google/cel-go/issues/814)]

#### Breaking Changes

The following PR changes the API signature of the `checker.AstNode`
method `Expr` to return an `ast.Expr`.

- Migrate the checker.Coster to the ast.Expr
\[[#&#8203;798](https://togithub.com/google/cel-go/issues/798)]

#### Fixes

- Nil safety checks for cel.Ast
\[[#&#8203;784](https://togithub.com/google/cel-go/issues/784)]
- Fix cost estimates to propagate result sizes
\[[#&#8203;787](https://togithub.com/google/cel-go/issues/787)]
- Catch invalid literals created from expression factories
\[[#&#8203;810](https://togithub.com/google/cel-go/issues/810)]
- Ensure stable ordering of overload candidates
\[[#&#8203;817](https://togithub.com/google/cel-go/issues/817)]
- Clarify replace with/by empty string
\[[#&#8203;820](https://togithub.com/google/cel-go/issues/820)]
- Fix functional exemptions for homogeneous literal checks
\[[#&#8203;832](https://togithub.com/google/cel-go/issues/832)]
- Fix logical operator folding that only involve literals
\[[#&#8203;833](https://togithub.com/google/cel-go/issues/833)]
- Upgrade go-genproto to latest
\[[#&#8203;831](https://togithub.com/google/cel-go/issues/831)]

#### New Contributors

- [@&#8203;bboogler](https://togithub.com/bboogler) made their first
contribution in
[https://github.com/google/cel-go/pull/796](https://togithub.com/google/cel-go/pull/796)

**Full Changelog**:
google/cel-go@v0.17.1...v0.18.0

### [`v0.17.7`](https://togithub.com/google/cel-go/releases/tag/v0.17.7)

[Compare
Source](https://togithub.com/google/cel-go/compare/v0.17.6...v0.17.7)

#### What's Changed

- Backport [#&#8203;850](https://togithub.com/google/cel-go/issues/850):
Sets cost estimation and tracking options
\[[#&#8203;852](https://togithub.com/google/cel-go/issues/852)]

**Full Changelog**:
google/cel-go@v0.17.6...v0.17.7

</details>

<details>
<summary>gorilla/mux (github.com/gorilla/mux)</summary>

### [`v1.8.1`](https://togithub.com/gorilla/mux/releases/tag/v1.8.1)

[Compare
Source](https://togithub.com/gorilla/mux/compare/v1.8.0...v1.8.1)

#### What's Changed

- build: CircleCI 2.1 + build matrix by
[@&#8203;elithrar](https://togithub.com/elithrar) in
[https://github.com/gorilla/mux/pull/595](https://togithub.com/gorilla/mux/pull/595)
- Include "404" and "405" in the docs by
[@&#8203;Jille](https://togithub.com/Jille) in
[https://github.com/gorilla/mux/pull/602](https://togithub.com/gorilla/mux/pull/602)
- docs: update README w.r.t new maintainer ask by
[@&#8203;elithrar](https://togithub.com/elithrar) in
[https://github.com/gorilla/mux/pull/660](https://togithub.com/gorilla/mux/pull/660)
- regexp: use iota instead of hardcoded values for regexType\* by
[@&#8203;michaelgrigoryan25](https://togithub.com/michaelgrigoryan25) in
[https://github.com/gorilla/mux/pull/679](https://togithub.com/gorilla/mux/pull/679)
- Fix `authenticationMiddleware` initialization in the `README.md` file
by [@&#8203;amustaque97](https://togithub.com/amustaque97) in
[https://github.com/gorilla/mux/pull/693](https://togithub.com/gorilla/mux/pull/693)
- Update README.md by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/713](https://togithub.com/gorilla/mux/pull/713)
- \[GPT-95] Update go version, add tools for verification and testing by
[@&#8203;apoorvajagtap](https://togithub.com/apoorvajagtap) in
[https://github.com/gorilla/mux/pull/718](https://togithub.com/gorilla/mux/pull/718)
- Delete release-drafter.yml by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/719](https://togithub.com/gorilla/mux/pull/719)
- Delete stale.yml by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/720](https://togithub.com/gorilla/mux/pull/720)
- Delete AUTHORS by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/721](https://togithub.com/gorilla/mux/pull/721)
- Update LICENSE by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/722](https://togithub.com/gorilla/mux/pull/722)
- Updated the logo in README.md by
[@&#8203;shamkarthik](https://togithub.com/shamkarthik) in
[https://github.com/gorilla/mux/pull/724](https://togithub.com/gorilla/mux/pull/724)
- Update LICENSE by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/723](https://togithub.com/gorilla/mux/pull/723)
- Update issues.yml by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/726](https://togithub.com/gorilla/mux/pull/726)
- Update issues.yml by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/727](https://togithub.com/gorilla/mux/pull/727)
- run go fmt with Go 1.20 by
[@&#8203;shogo82148](https://togithub.com/shogo82148) in
[https://github.com/gorilla/mux/pull/725](https://togithub.com/gorilla/mux/pull/725)
- Fix `Single Page Application` example in `README.md` file by
[@&#8203;amustaque97](https://togithub.com/amustaque97) in
[https://github.com/gorilla/mux/pull/678](https://togithub.com/gorilla/mux/pull/678)
- \[BUG] Inconsistent HTTP status code on query mismatch by
[@&#8203;soheilrt](https://togithub.com/soheilrt) in
[https://github.com/gorilla/mux/pull/712](https://togithub.com/gorilla/mux/pull/712)
- Clarify documentation examples of Route methods by
[@&#8203;andrew-werdna](https://togithub.com/andrew-werdna) in
[https://github.com/gorilla/mux/pull/672](https://togithub.com/gorilla/mux/pull/672)
- changed the routeVariables text content. by
[@&#8203;sumanpaikdev](https://togithub.com/sumanpaikdev) in
[https://github.com/gorilla/mux/pull/708](https://togithub.com/gorilla/mux/pull/708)
- Add GetVarNames() by [@&#8203;eh-steve](https://togithub.com/eh-steve)
in
[https://github.com/gorilla/mux/pull/676](https://togithub.com/gorilla/mux/pull/676)
- fix SPA handler in README.md by
[@&#8203;sy9](https://togithub.com/sy9) in
[https://github.com/gorilla/mux/pull/733](https://togithub.com/gorilla/mux/pull/733)
- update GitHub workflows by
[@&#8203;coreydaley](https://togithub.com/coreydaley) in
[https://github.com/gorilla/mux/pull/734](https://togithub.com/gorilla/mux/pull/734)

#### New Contributors

- [@&#8203;Jille](https://togithub.com/Jille) made their first
contribution in
[https://github.com/gorilla/mux/pull/602](https://togithub.com/gorilla/mux/pull/602)
- [@&#8203;michaelgrigoryan25](https://togithub.com/michaelgrigoryan25)
made their first contribution in
[https://github.com/gorilla/mux/pull/679](https://togithub.com/gorilla/mux/pull/679)
- [@&#8203;amustaque97](https://togithub.com/amustaque97) made their
first contribution in
[https://github.com/gorilla/mux/pull/693](https://togithub.com/gorilla/mux/pull/693)
- [@&#8203;coreydaley](https://togithub.com/coreydaley) made their first
contribution in
[https://github.com/gorilla/mux/pull/713](https://togithub.com/gorilla/mux/pull/713)
- [@&#8203;apoorvajagtap](https://togithub.com/apoorvajagtap) made their
first contribution in
[https://github.com/gorilla/mux/pull/718](https://togithub.com/gorilla/mux/pull/718)
- [@&#8203;shamkarthik](https://togithub.com/shamkarthik) made their
first contribution in
[https://github.com/gorilla/mux/pull/724](https://togithub.com/gorilla/mux/pull/724)
- [@&#8203;shogo82148](https://togithub.com/shogo82148) made their first
contribution in
[https://github.com/gorilla/mux/pull/725](https://togithub.com/gorilla/mux/pull/725)
- [@&#8203;soheilrt](https://togithub.com/soheilrt) made their first
contribution in
[https://github.com/gorilla/mux/pull/712](https://togithub.com/gorilla/mux/pull/712)
- [@&#8203;andrew-werdna](https://togithub.com/andrew-werdna) made their
first contribution in
[https://github.com/gorilla/mux/pull/672](https://togithub.com/gorilla/mux/pull/672)
- [@&#8203;sumanpaikdev](https://togithub.com/sumanpaikdev) made their
first contribution in
[https://github.com/gorilla/mux/pull/708](https://togithub.com/gorilla/mux/pull/708)
- [@&#8203;eh-steve](https://togithub.com/eh-steve) made their first
contribution in
[https://github.com/gorilla/mux/pull/676](https://togithub.com/gorilla/mux/pull/676)
- [@&#8203;sy9](https://togithub.com/sy9) made their first contribution
in
[https://github.com/gorilla/mux/pull/733](https://togithub.com/gorilla/mux/pull/733)

**Full Changelog**:
gorilla/mux@v1.8.0...v1.8.1

</details>

<details>
<summary>jackc/pgx (github.com/jackc/pgx/v5)</summary>

### [`v5.5.0`](https://togithub.com/jackc/pgx/compare/v5.4.3...v5.5.0)

[Compare Source](https://togithub.com/jackc/pgx/compare/v5.4.3...v5.5.0)

</details>

<details>
<summary>lestrrat-go/jwx (github.com/lestrrat-go/jwx/v2)</summary>

###
[`v2.0.16`](https://togithub.com/lestrrat-go/jwx/releases/tag/v2.0.16)

[Compare
Source](https://togithub.com/lestrrat-go/jwx/compare/v2.0.15...v2.0.16)

    v2.0.16 31 Oct 2023
    [Security]
* [jws] ECDSA signature verification requires us to check if the
signature
is of the desired length of bytes, but this check that used to exist
before
had been removed in #&#8203;65, resulting in certain malformed
signatures to pass
        verification.

One of the ways this could happen if R is a 31 byte integer and S is 32
byte integer,
both containing the correct signature values, but R is not zero-padded.

           Correct = R: [ 0 , ... ] (32 bytes) S: [ ... ] (32 bytes)
           Wrong   = R: [ ... ] (31 bytes)     S: [ ... ] (32 bytes)

In order for this check to pass, you would still need to have all 63
bytes
populated with the correct signature. The only modification a bad actor
may be able to do is to add one more byte at the end, in which case the
first 32 bytes (including what would have been S's first byte) is used
for R,
and S would contain the rest. But this will only result in the
verification to
fail. Therefore this in itself should not pose any security risk, albeit
        allowing some illegally formated messages to be verified.

* [jwk] `jwk.Key` objects now have a `Validate()` method to validate the
data
stored in the keys. However, this still does not necessarily mean that
the key's
are valid for use in cryptographic operations. If `Validate()` is
successful,
it only means that the keys are in the right _format_, including the
presence
of required fields and that certain fields have proper length, etc.

    [New Features]
* [jws] Added `jws.WithValidateKey()` to force calling `key.Validate()`
before
        signing or verification.

* [jws] `jws.Sign()` now returns a special type of error that can hold
the
individual errors from the signers. The stringification is still the
same
        as before to preserve backwards compatibility.

* [jwk] Added `jwk.IsKeyValidationError` that checks if an error is an
error
        from `key.Validate()`.

    [Bug Fixes]
* [jwt] `jwt.ParseInsecure()` was running verification if you provided a
key
        via `jwt.WithKey()` or `jwt.WithKeySet()` (#&#8203;1007)

</details>

<details>
<summary>pterm/pterm (github.com/pterm/pterm)</summary>

###
[`v0.12.70`](https://togithub.com/pterm/pterm/releases/tag/v0.12.70):
Heatmap Printer 🎉

[Compare
Source](https://togithub.com/pterm/pterm/compare/v0.12.69...v0.12.70)

<!-- Release notes generated using configuration in .github/release.yml
at master -->

#### What's Changed

##### Exciting New Features 🎉

- Feature: Default value for interactive text input by
[@&#8203;KarolosLykos](https://togithub.com/KarolosLykos) in
[https://github.com/pterm/pterm/pull/577](https://togithub.com/pterm/pterm/pull/577)
- Added a heatmap printer by
[@&#8203;floaust](https://togithub.com/floaust) in
[https://github.com/pterm/pterm/pull/487](https://togithub.com/pterm/pterm/pull/487)

<img width="800"
src="https://github.com/pterm/pterm/assets/56639481/c994c395-3b94-4b27-af20-4ae5fd6fc0be"
/>

##### Fixes 🔧
* fix(heatmap): fix bug legend was not fully boxed by
@&#8203;floau[https://github.com/pterm/pterm/pull/583](https://togithub.com/pterm/pterm/pull/583)ll/583
* fix(heatmap): fix bug legend was too long by
@&#8203;floau[https://github.com/pterm/pterm/pull/585](https://togithub.com/pterm/pterm/pull/585)ll/585

**Full Changelog**:
pterm/pterm@v0.12.69...v0.12.70

</details>

<details>
<summary>twmb/franz-go (github.com/twmb/franz-go)</summary>

###
[`v1.15.2`](https://togithub.com/twmb/franz-go/blob/HEAD/CHANGELOG.md#v1152)

[Compare
Source](https://togithub.com/twmb/franz-go/compare/v1.15.1...v1.15.2)

\===

This patch release fixes two bugs and changes Mark functions to be
no-ops when
not using AutoCommitMarks to avoid confusion. This also includes a minor
commit
further improving the sticky balancer. See the commits for more details.

- [`72778cb`](https://togithub.com/twmb/franz-go/commit/72778cb)
**behavior change** kgo: no-op mark functions when not using
AutoCommitMarks
- [`e209bb6`](https://togithub.com/twmb/franz-go/commit/e209bb6)
**bugfix** kgo: pin AddPartitionsToTxn to v3 when using one transaction
- [`36b4437`](https://togithub.com/twmb/franz-go/commit/36b4437) sticky:
further improvements
- [`af5bc1f`](https://togithub.com/twmb/franz-go/commit/af5bc1f)
**bugfix** kgo: be sure to use topics when other topics are paused

</details>

<details>
<summary>vektra/mockery (github.com/vektra/mockery/v2)</summary>

###
[`v2.36.1`](https://togithub.com/vektra/mockery/releases/tag/v2.36.1)

[Compare
Source](https://togithub.com/vektra/mockery/compare/v2.36.0...v2.36.1)

#### Changelog

- [`b648c23`](https://togithub.com/vektra/mockery/commit/b648c23) Add
additional test
- [`0310201`](https://togithub.com/vektra/mockery/commit/0310201) Add
fix for showconfig command
- [`d3515d1`](https://togithub.com/vektra/mockery/commit/d3515d1) Fix
bug with sub-package inheritance
- [`77064ad`](https://togithub.com/vektra/mockery/commit/77064ad) Fix
config bug where mockery crashes when package map is nil
- [`5978bc5`](https://togithub.com/vektra/mockery/commit/5978bc5) Fix
test with config initialization
- [`deb4860`](https://togithub.com/vektra/mockery/commit/deb4860) Merge
pull request
[#&#8203;730](https://togithub.com/vektra/mockery/issues/730) from
LandonTClipp/issue\_726
- [`e86d230`](https://togithub.com/vektra/mockery/commit/e86d230)
Simplifying some config in interface copying code
- [`726d76c`](https://togithub.com/vektra/mockery/commit/726d76c) Update
running.md
- [`2dd8f00`](https://togithub.com/vektra/mockery/commit/2dd8f00) Use
gotestsum for better testing output

</details>

<details>
<summary>cznic/sqlite (modernc.org/sqlite)</summary>

###
[`v1.27.0`](https://gitlab.com/cznic/sqlite/compare/v1.26.0...v1.27.0)

[Compare
Source](https://gitlab.com/cznic/sqlite/compare/v1.26.0...v1.27.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/cerbos/cerbos).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

---------

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Oğuzhan Durgun <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Oğuzhan Durgun <[email protected]>
hanzei added a commit to mattermost/mattermost-plugin-jira that referenced this pull request Mar 13, 2024
mickmister pushed a commit to mattermost/mattermost-plugin-jira that referenced this pull request Mar 14, 2024
…brary (#1034)

* Use local requests instead of HTTP requests in the flow library

* Update test due to behaviour change in mux

See gorilla/mux#712
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: ✅ Done
Development

Successfully merging this pull request may close these issues.

[bug] Adding to GET the same endpoint with POST and different Queries ends up with inconsistent error messages
2 participants