mirror of
https://github.com/go-vikunja/vikunja.git
synced 2026-03-12 01:59:34 -05:00
ae06956364
Bumps [github.com/labstack/echo/v5](https://github.com/labstack/echo) from 5.0.0 to 5.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/labstack/echo/releases">github.com/labstack/echo/v5's releases</a>.</em></p> <blockquote> <h2>v5.0.3 security (static middleware directory traversal under Windows)</h2> <p>Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by <a href="https://github.com/shblue21"><code>@shblue21</code></a> (<a href="https://redirect.github.com/labstack/echo/pull/2891">labstack/echo#2891</a>).</p> <p>This applies to cases when:</p> <ul> <li>Windows is used as OS</li> <li><code>middleware.StaticConfig.Filesystem</code> is <code>nil</code> (default)</li> <li><code>echo.Filesystem</code> is has not been set explicitly (default)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/labstack/echo/compare/v5.0.2...v5.0.3">https://github.com/labstack/echo/compare/v5.0.2...v5.0.3</a></p> <h2>v5.0.2 security (static middleware folder browsing)</h2> <p><strong>Security</strong></p> <ul> <li>Fix Static middleware when folder browsing is enabled (<code>config.Browse=true</code> , defaults to <code>false</code>) lists all files/subfolders from <code>config.Filesystem</code> root folder and not starting from <code>config.Root</code> and requested folder in <a href="https://redirect.github.com/labstack/echo/pull/2887">labstack/echo#2887</a> . Reported by <a href="https://github.com/shblue21"><code>@shblue21</code></a> in <a href="https://redirect.github.com/labstack/echo/issues/2886">labstack/echo#2886</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/labstack/echo/compare/v5.0.1...v5.0.2">https://github.com/labstack/echo/compare/v5.0.1...v5.0.2</a></p> <h2>v5.0.1 small fixes</h2> <h2>What's Changed</h2> <ul> <li>Panic MW: will now return a custom PanicStackError with stack trace by <a href="https://github.com/aldas"><code>@aldas</code></a> in <a href="https://redirect.github.com/labstack/echo/pull/2871">labstack/echo#2871</a></li> <li>Docs: add missing err parameter to DenyHandler example by <a href="https://github.com/cgalibern"><code>@cgalibern</code></a> in <a href="https://redirect.github.com/labstack/echo/pull/2878">labstack/echo#2878</a></li> <li>Context: improve websocket checks in IsWebSocket() [per RFC 6455] by <a href="https://github.com/raju-mechatronics"><code>@raju-mechatronics</code></a> in <a href="https://redirect.github.com/labstack/echo/pull/2875">labstack/echo#2875</a></li> <li>Fix: Context.Json() should not send status code before serialization is complete by <a href="https://github.com/aldas"><code>@aldas</code></a> in <a href="https://redirect.github.com/labstack/echo/pull/2877">labstack/echo#2877</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/cgalibern"><code>@cgalibern</code></a> made their first contribution in <a href="https://redirect.github.com/labstack/echo/pull/2878">labstack/echo#2878</a></li> <li><a href="https://github.com/raju-mechatronics"><code>@raju-mechatronics</code></a> made their first contribution in <a href="https://redirect.github.com/labstack/echo/pull/2875">labstack/echo#2875</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/labstack/echo/compare/v5.0.0...v5.0.1">https://github.com/labstack/echo/compare/v5.0.0...v5.0.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/labstack/echo/blob/master/CHANGELOG.md">github.com/labstack/echo/v5's changelog</a>.</em></p> <blockquote> <h2>v5.0.3 - 2026-02-06</h2> <p><strong>Security</strong></p> <ul> <li>Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by <a href="https://github.com/shblue21"><code>@shblue21</code></a>.</li> </ul> <p>This applies to cases when:</p> <ul> <li>Windows is used as OS</li> <li><code>middleware.StaticConfig.Filesystem</code> is <code>nil</code> (default)</li> <li><code>echo.Filesystem</code> is has not been set explicitly (default)</li> </ul> <p>Exposure is restricted to the active process working directory and its subfolders.</p> <h2>v5.0.2 - 2026-02-02</h2> <p><strong>Security</strong></p> <ul> <li>Fix Static middleware with <code>config.Browse=true</code> lists all files/subfolders from <code>config.Filesystem</code> root and not starting from <code>config.Root</code> in <a href="https://redirect.github.com/labstack/echo/pull/2887">labstack/echo#2887</a></li> </ul> <h2>v5.0.1 - 2026-01-28</h2> <ul> <li>Panic MW: will now return a custom PanicStackError with stack trace by <a href="https://github.com/aldas"><code>@aldas</code></a> in <a href="https://redirect.github.com/labstack/echo/pull/2871">labstack/echo#2871</a></li> <li>Docs: add missing err parameter to DenyHandler example by <a href="https://github.com/cgalibern"><code>@cgalibern</code></a> in <a href="https://redirect.github.com/labstack/echo/pull/2878">labstack/echo#2878</a></li> <li>improve: improve websocket checks in IsWebSocket() [per RFC 6455] by <a href="https://github.com/raju-mechatronics"><code>@raju-mechatronics</code></a> in <a href="https://redirect.github.com/labstack/echo/pull/2875">labstack/echo#2875</a></li> <li>fix: Context.Json() should not send status code before serialization is complete by <a href="https://github.com/aldas"><code>@aldas</code></a> in <a href="https://redirect.github.com/labstack/echo/pull/2877">labstack/echo#2877</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="b1d443086e"><code>b1d4430</code></a> Merge pull request <a href="https://redirect.github.com/labstack/echo/issues/2891">#2891</a> from aldas/fix_staticmw</li> <li><a href="48f25a6c16"><code>48f25a6</code></a> Fix test reporting different size due Windows / Linux line ending inconsisten...</li> <li><a href="6c162596b4"><code>6c16259</code></a> Fix directory traversal vulnerability under Windows in Static middleware when...</li> <li><a href="88d975a83d"><code>88d975a</code></a> Fix directory traversal vulnerability under Windows in Static middleware when...</li> <li><a href="09ccfbaace"><code>09ccfba</code></a> Fill c.Request().Pattern field with route path to help standard library based...</li> <li><a href="68aaf3a429"><code>68aaf3a</code></a> Changelog for version 5.0.2</li> <li><a href="26ec148ea7"><code>26ec148</code></a> security (static middleware): fix bowser=true listing all file names from giv...</li> <li><a href="ba104908b9"><code>ba10490</code></a> Merge pull request <a href="https://redirect.github.com/labstack/echo/issues/2880">#2880</a> from aldas/changelog_501</li> <li><a href="0954d6e36e"><code>0954d6e</code></a> Changelog for v5.0.1 release</li> <li><a href="8e4c91f736"><code>8e4c91f</code></a> Create SECURITY.md</li> <li>Additional commits viewable in <a href="https://github.com/labstack/echo/compare/v5.0.0...v5.0.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/go-vikunja/vikunja/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
189 lines
8.6 KiB
Modula-2
189 lines
8.6 KiB
Modula-2
// Vikunja is a to-do list application to facilitate your life.
|
|
// Copyright 2018-present Vikunja and contributors. All rights reserved.
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
module code.vikunja.io/api
|
|
|
|
require (
|
|
dario.cat/mergo v1.0.2
|
|
github.com/ThreeDotsLabs/watermill v1.5.1
|
|
github.com/adlio/trello v1.12.0
|
|
github.com/arran4/golang-ical v0.3.2
|
|
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
|
|
github.com/aws/aws-sdk-go-v2 v1.41.1
|
|
github.com/aws/aws-sdk-go-v2/config v1.32.7
|
|
github.com/aws/aws-sdk-go-v2/credentials v1.19.7
|
|
github.com/aws/aws-sdk-go-v2/service/s3 v1.95.1
|
|
github.com/bbrks/go-blurhash v1.1.1
|
|
github.com/c2h5oh/datasize v0.0.0-20231215233829-aa82cc1e6500
|
|
github.com/coreos/go-oidc/v3 v3.17.0
|
|
github.com/cweill/gotests v1.9.0
|
|
github.com/d4l3k/messagediff v1.2.1
|
|
github.com/disintegration/imaging v1.6.2
|
|
github.com/dustinkirkland/golang-petname v0.0.0-20240422154211-76c06c4bde6b
|
|
github.com/fatih/color v1.18.0
|
|
github.com/fclairamb/afero-s3 v0.4.0
|
|
github.com/gabriel-vasile/mimetype v1.4.12
|
|
github.com/ganigeorgiev/fexpr v0.5.0
|
|
github.com/getsentry/sentry-go v0.41.0
|
|
github.com/go-ldap/ldap/v3 v3.4.12
|
|
github.com/go-sql-driver/mysql v1.9.3
|
|
github.com/go-testfixtures/testfixtures/v3 v3.19.0
|
|
github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a
|
|
github.com/golang-jwt/jwt/v5 v5.3.0
|
|
github.com/google/uuid v1.6.0
|
|
github.com/hashicorp/go-version v1.8.0
|
|
github.com/hhsnopek/etag v0.0.0-20171206181245-aea95f647346
|
|
github.com/huandu/go-clone/generic v1.7.3
|
|
github.com/iancoleman/strcase v0.3.0
|
|
github.com/jaswdr/faker/v2 v2.9.1
|
|
github.com/jinzhu/copier v0.4.0
|
|
github.com/jszwedko/go-datemath v0.1.1-0.20230526204004-640a500621d6
|
|
github.com/labstack/echo-jwt/v5 v5.0.0
|
|
github.com/labstack/echo/v5 v5.0.3
|
|
github.com/lib/pq v1.10.9
|
|
github.com/magefile/mage v1.15.0
|
|
github.com/mattn/go-sqlite3 v1.14.33
|
|
github.com/microcosm-cc/bluemonday v1.0.27
|
|
github.com/olekukonko/tablewriter v1.1.3
|
|
github.com/pquerna/otp v1.5.0
|
|
github.com/prometheus/client_golang v1.23.2
|
|
github.com/redis/go-redis/v9 v9.17.3
|
|
github.com/robfig/cron/v3 v3.0.1
|
|
github.com/samedi/caldav-go v3.0.0+incompatible
|
|
github.com/spf13/afero v1.15.0
|
|
github.com/spf13/cobra v1.10.2
|
|
github.com/spf13/viper v1.21.0
|
|
github.com/stretchr/testify v1.11.1
|
|
github.com/swaggo/swag v1.16.6
|
|
github.com/tkuchiki/go-timezone v0.2.3
|
|
github.com/typesense/typesense-go/v2 v2.0.0
|
|
github.com/ulule/limiter/v3 v3.11.2
|
|
github.com/wneessen/go-mail v0.7.2
|
|
github.com/yuin/goldmark v1.7.16
|
|
golang.org/x/crypto v0.47.0
|
|
golang.org/x/image v0.35.0
|
|
golang.org/x/net v0.49.0
|
|
golang.org/x/oauth2 v0.34.0
|
|
golang.org/x/sync v0.19.0
|
|
golang.org/x/sys v0.40.0
|
|
golang.org/x/term v0.39.0
|
|
golang.org/x/text v0.33.0
|
|
gopkg.in/d4l3k/messagediff.v1 v1.2.1
|
|
mvdan.cc/xurls/v2 v2.6.0
|
|
src.techknowlogick.com/xgo v1.8.1-0.20241105013731-313dedef864f
|
|
src.techknowlogick.com/xormigrate v1.7.1
|
|
xorm.io/builder v0.3.13
|
|
xorm.io/xorm v1.3.11
|
|
)
|
|
|
|
require (
|
|
filippo.io/edwards25519 v1.1.0 // indirect
|
|
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
|
|
github.com/KyleBanks/depth v1.2.1 // indirect
|
|
github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
|
|
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect
|
|
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 // indirect
|
|
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.20.19 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
|
|
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.17 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.8 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.17 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 // indirect
|
|
github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 // indirect
|
|
github.com/aws/smithy-go v1.24.0 // indirect
|
|
github.com/aymerick/douceur v0.2.0 // indirect
|
|
github.com/beevik/etree v1.1.0 // indirect
|
|
github.com/beorn7/perks v1.0.1 // indirect
|
|
github.com/boombuler/barcode v1.0.1 // indirect
|
|
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
|
|
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
|
github.com/clipperhouse/displaywidth v0.6.2 // indirect
|
|
github.com/clipperhouse/stringish v0.1.1 // indirect
|
|
github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
|
|
github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
|
|
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
|
|
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
|
github.com/fsnotify/fsnotify v1.9.0 // indirect
|
|
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
|
|
github.com/go-chi/chi/v5 v5.2.2 // indirect
|
|
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
|
|
github.com/go-openapi/jsonpointer v0.21.0 // indirect
|
|
github.com/go-openapi/jsonreference v0.20.3 // indirect
|
|
github.com/go-openapi/spec v0.20.4 // indirect
|
|
github.com/go-openapi/swag v0.23.0 // indirect
|
|
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
|
|
github.com/goccy/go-json v0.10.5 // indirect
|
|
github.com/goccy/go-yaml v1.18.0 // indirect
|
|
github.com/golang/snappy v0.0.4 // indirect
|
|
github.com/gorilla/css v1.0.1 // indirect
|
|
github.com/huandu/go-clone v1.7.3 // indirect
|
|
github.com/inconshreveable/mousetrap v1.1.0 // indirect
|
|
github.com/josharian/intern v1.0.0 // indirect
|
|
github.com/laurent22/ical-go v0.1.1-0.20181107184520-7e5d6ade8eef // indirect
|
|
github.com/lithammer/shortuuid/v3 v3.0.7 // indirect
|
|
github.com/mailru/easyjson v0.7.7 // indirect
|
|
github.com/mattn/go-colorable v0.1.14 // indirect
|
|
github.com/mattn/go-isatty v0.0.20 // indirect
|
|
github.com/mattn/go-runewidth v0.0.19 // indirect
|
|
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
|
|
github.com/oapi-codegen/runtime v1.1.1 // indirect
|
|
github.com/oklog/ulid v1.3.1 // indirect
|
|
github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 // indirect
|
|
github.com/olekukonko/errors v1.1.0 // indirect
|
|
github.com/olekukonko/ll v0.1.4-0.20260115111900-9e59c2286df0 // indirect
|
|
github.com/onsi/ginkgo v1.16.4 // indirect
|
|
github.com/onsi/gomega v1.16.0 // indirect
|
|
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
|
|
github.com/pkg/errors v0.9.1 // indirect
|
|
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
|
|
github.com/prometheus/client_model v0.6.2 // indirect
|
|
github.com/prometheus/common v0.66.1 // indirect
|
|
github.com/prometheus/procfs v0.17.0 // indirect
|
|
github.com/russross/blackfriday/v2 v2.1.0 // indirect
|
|
github.com/sagikazarmark/locafero v0.11.0 // indirect
|
|
github.com/sony/gobreaker v1.0.0 // indirect
|
|
github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
|
|
github.com/spf13/cast v1.10.0 // indirect
|
|
github.com/spf13/pflag v1.0.10 // indirect
|
|
github.com/subosito/gotenv v1.6.0 // indirect
|
|
github.com/syndtr/goleveldb v1.0.0 // indirect
|
|
github.com/tj/assert v0.0.3 // indirect
|
|
github.com/urfave/cli/v2 v2.3.0 // indirect
|
|
github.com/yosssi/gohtml v0.0.0-20201013000340-ee4748c638f4 // indirect
|
|
go.uber.org/mock v0.5.0 // indirect
|
|
go.yaml.in/yaml/v2 v2.4.2 // indirect
|
|
go.yaml.in/yaml/v3 v3.0.4 // indirect
|
|
golang.org/x/mod v0.31.0 // indirect
|
|
golang.org/x/time v0.14.0 // indirect
|
|
golang.org/x/tools v0.40.0 // indirect
|
|
google.golang.org/protobuf v1.36.8 // indirect
|
|
gopkg.in/yaml.v2 v2.4.0 // indirect
|
|
gopkg.in/yaml.v3 v3.0.1 // indirect
|
|
sigs.k8s.io/yaml v1.3.0 // indirect
|
|
)
|
|
|
|
replace github.com/samedi/caldav-go => github.com/kolaente/caldav-go v3.0.1-0.20190610114120-2a4eb8b5dcc9+incompatible // Branch: feature/dynamic-supported-components, PR: https://github.com/samedi/caldav-go/pull/6 and https://github.com/samedi/caldav-go/pull/7
|
|
|
|
go 1.25.0
|
|
|
|
toolchain go1.25.6
|