commit a9a43beca238516d5296829d13982e96ad7f8f2c
parent 18e7e0073224d9bf44c37341f8670c99886ef825
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 8 Nov 2022 11:11:35 +0100
[chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.20 to 1.0.21 (#1004)
Bumps [github.com/microcosm-cc/bluemonday](https://github.com/microcosm-cc/bluemonday) from 1.0.20 to 1.0.21.
- [Release notes](https://github.com/microcosm-cc/bluemonday/releases)
- [Commits](https://github.com/microcosm-cc/bluemonday/compare/v1.0.20...v1.0.21)
---
updated-dependencies:
- dependency-name: github.com/microcosm-cc/bluemonday
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Diffstat:
11 files changed, 131 insertions(+), 77 deletions(-)
diff --git a/go.mod b/go.mod
@@ -29,7 +29,7 @@ require (
github.com/h2non/filetype v1.1.3
github.com/jackc/pgconn v1.13.0
github.com/jackc/pgx/v4 v4.17.2
- github.com/microcosm-cc/bluemonday v1.0.20
+ github.com/microcosm-cc/bluemonday v1.0.21
github.com/miekg/dns v1.1.50
github.com/minio/minio-go/v7 v7.0.43
github.com/mitchellh/mapstructure v1.5.0
@@ -50,7 +50,7 @@ require (
github.com/wagslane/go-password-validator v0.3.0
golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
golang.org/x/exp v0.0.0-20220613132600-b0d781184e0d
- golang.org/x/net v0.0.0-20220909164309-bea034e7d591
+ golang.org/x/net v0.0.0-20221002022538-bcab6841153b
golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
golang.org/x/text v0.4.0
gopkg.in/mcuadros/go-syslog.v2 v2.3.0
diff --git a/go.sum b/go.sum
@@ -451,8 +451,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
-github.com/microcosm-cc/bluemonday v1.0.20 h1:flpzsq4KU3QIYAYGV/szUat7H+GPOXR0B2JU5A1Wp8Y=
-github.com/microcosm-cc/bluemonday v1.0.20/go.mod h1:yfBmMi8mxvaZut3Yytv+jTXRY8mxyjJ0/kQBTElld50=
+github.com/microcosm-cc/bluemonday v1.0.21 h1:dNH3e4PSyE4vNX+KlRGHT5KrSvjeUkoNPwEORjffHJg=
+github.com/microcosm-cc/bluemonday v1.0.21/go.mod h1:ytNkv4RrDrLJ2pqlsSI46O6IVXmZOBBD4SaJyDwwTkM=
github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
@@ -758,8 +758,8 @@ golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su
golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
-golang.org/x/net v0.0.0-20220909164309-bea034e7d591 h1:D0B/7al0LLrVC8aWF4+oxpv/m8bc7ViFfVS8/gXGdqI=
-golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20221002022538-bcab6841153b h1:6e93nYa3hNqAvLr0pD4PN1fFS+gKzp2zAXqrnTCstqU=
+golang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
diff --git a/vendor/github.com/microcosm-cc/bluemonday/doc.go b/vendor/github.com/microcosm-cc/bluemonday/doc.go
@@ -35,31 +35,31 @@ the allowlist will be stripped.
The default bluemonday.UGCPolicy().Sanitize() turns this:
- Hello <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>World
+ Hello <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>World
Into the more harmless:
- Hello World
+ Hello World
And it turns this:
- <a href="javascript:alert('XSS1')" onmouseover="alert('XSS2')">XSS<a>
+ <a href="javascript:alert('XSS1')" onmouseover="alert('XSS2')">XSS<a>
Into this:
- XSS
+ XSS
Whilst still allowing this:
- <a href="http://www.google.com/">
- <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/>
- </a>
+ <a href="http://www.google.com/">
+ <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/>
+ </a>
To pass through mostly unaltered (it gained a rel="nofollow"):
- <a href="http://www.google.com/" rel="nofollow">
- <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/>
- </a>
+ <a href="http://www.google.com/" rel="nofollow">
+ <img src="https://ssl.gstatic.com/accounts/ui/logo_2x.png"/>
+ </a>
The primary purpose of bluemonday is to take potentially unsafe user generated
content (from things like Markdown, HTML WYSIWYG tools, etc) and make it safe
@@ -95,10 +95,10 @@ attributes are considered safe for your scenario. OWASP provide an XSS
prevention cheat sheet ( https://www.google.com/search?q=xss+prevention+cheat+sheet )
to help explain the risks, but essentially:
- 1. Avoid allowing anything other than plain HTML elements
- 2. Avoid allowing `script`, `style`, `iframe`, `object`, `embed`, `base`
- elements
- 3. Avoid allowing anything other than plain HTML elements with simple
- values that you can match to a regexp
+ 1. Avoid allowing anything other than plain HTML elements
+ 2. Avoid allowing `script`, `style`, `iframe`, `object`, `embed`, `base`
+ elements
+ 3. Avoid allowing anything other than plain HTML elements with simple
+ values that you can match to a regexp
*/
package bluemonday
diff --git a/vendor/github.com/microcosm-cc/bluemonday/helpers.go b/vendor/github.com/microcosm-cc/bluemonday/helpers.go
@@ -193,10 +193,11 @@ func (p *Policy) AllowImages() {
// http://en.wikipedia.org/wiki/Data_URI_scheme
//
// Images must have a mimetype matching:
-// image/gif
-// image/jpeg
-// image/png
-// image/webp
+//
+// image/gif
+// image/jpeg
+// image/png
+// image/webp
//
// NOTE: There is a potential security risk to allowing data URIs and you should
// only permit them on content you already trust.
diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
@@ -440,8 +440,8 @@ func (p *Policy) sanitize(r io.Reader, w io.Writer) error {
if _, err := buff.WriteString(" "); err != nil {
return err
}
- break
}
+ break
}
if !skipElementContent {
if _, err := buff.WriteString(token.String()); err != nil {
diff --git a/vendor/golang.org/x/net/http2/h2c/h2c.go b/vendor/golang.org/x/net/http2/h2c/h2c.go
@@ -70,6 +70,15 @@ func NewHandler(h http.Handler, s *http2.Server) http.Handler {
}
}
+// extractServer extracts existing http.Server instance from http.Request or create an empty http.Server
+func extractServer(r *http.Request) *http.Server {
+ server, ok := r.Context().Value(http.ServerContextKey).(*http.Server)
+ if ok {
+ return server
+ }
+ return new(http.Server)
+}
+
// ServeHTTP implement the h2c support that is enabled by h2c.GetH2CHandler.
func (s h2cHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Handle h2c with prior knowledge (RFC 7540 Section 3.4)
@@ -87,6 +96,7 @@ func (s h2cHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
defer conn.Close()
s.s.ServeConn(conn, &http2.ServeConnOpts{
Context: r.Context(),
+ BaseConfig: extractServer(r),
Handler: s.Handler,
SawClientPreface: true,
})
@@ -104,6 +114,7 @@ func (s h2cHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
defer conn.Close()
s.s.ServeConn(conn, &http2.ServeConnOpts{
Context: r.Context(),
+ BaseConfig: extractServer(r),
Handler: s.Handler,
UpgradeRequest: r,
Settings: settings,
diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go
@@ -143,7 +143,7 @@ type Server struct {
}
func (s *Server) initialConnRecvWindowSize() int32 {
- if s.MaxUploadBufferPerConnection > initialWindowSize {
+ if s.MaxUploadBufferPerConnection >= initialWindowSize {
return s.MaxUploadBufferPerConnection
}
return 1 << 20
@@ -869,9 +869,7 @@ func (sc *serverConn) serve() {
// Each connection starts with initialWindowSize inflow tokens.
// If a higher value is configured, we add more tokens.
- if diff := sc.srv.initialConnRecvWindowSize() - initialWindowSize; diff > 0 {
- sc.sendWindowUpdate(nil, int(diff))
- }
+ sc.sendWindowUpdate(nil)
if err := sc.readPreface(); err != nil {
sc.condlogf(err, "http2: server: error reading preface from client %v: %v", sc.conn.RemoteAddr(), err)
@@ -1588,7 +1586,7 @@ func (sc *serverConn) closeStream(st *stream, err error) {
if p := st.body; p != nil {
// Return any buffered unread bytes worth of conn-level flow control.
// See golang.org/issue/16481
- sc.sendWindowUpdate(nil, p.Len())
+ sc.sendWindowUpdate(nil)
p.CloseWithError(err)
}
@@ -1736,7 +1734,7 @@ func (sc *serverConn) processData(f *DataFrame) error {
// sendWindowUpdate, which also schedules sending the
// frames.
sc.inflow.take(int32(f.Length))
- sc.sendWindowUpdate(nil, int(f.Length)) // conn-level
+ sc.sendWindowUpdate(nil) // conn-level
if st != nil && st.resetQueued {
// Already have a stream error in flight. Don't send another.
@@ -1754,7 +1752,7 @@ func (sc *serverConn) processData(f *DataFrame) error {
return sc.countError("data_flow", streamError(id, ErrCodeFlowControl))
}
sc.inflow.take(int32(f.Length))
- sc.sendWindowUpdate(nil, int(f.Length)) // conn-level
+ sc.sendWindowUpdate(nil) // conn-level
st.body.CloseWithError(fmt.Errorf("sender tried to send more than declared Content-Length of %d bytes", st.declBodyBytes))
// RFC 7540, sec 8.1.2.6: A request or response is also malformed if the
@@ -1772,7 +1770,7 @@ func (sc *serverConn) processData(f *DataFrame) error {
if len(data) > 0 {
wrote, err := st.body.Write(data)
if err != nil {
- sc.sendWindowUpdate(nil, int(f.Length)-wrote)
+ sc.sendWindowUpdate32(nil, int32(f.Length)-int32(wrote))
return sc.countError("body_write_err", streamError(id, ErrCodeStreamClosed))
}
if wrote != len(data) {
@@ -2099,12 +2097,6 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res
return nil, nil, sc.countError("bad_path_method", streamError(f.StreamID, ErrCodeProtocol))
}
- bodyOpen := !f.StreamEnded()
- if rp.method == "HEAD" && bodyOpen {
- // HEAD requests can't have bodies
- return nil, nil, sc.countError("head_body", streamError(f.StreamID, ErrCodeProtocol))
- }
-
rp.header = make(http.Header)
for _, hf := range f.RegularFields() {
rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value)
@@ -2117,6 +2109,7 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res
if err != nil {
return nil, nil, err
}
+ bodyOpen := !f.StreamEnded()
if bodyOpen {
if vv, ok := rp.header["Content-Length"]; ok {
if cl, err := strconv.ParseUint(vv[0], 10, 63); err == nil {
@@ -2329,17 +2322,32 @@ func (sc *serverConn) noteBodyReadFromHandler(st *stream, n int, err error) {
func (sc *serverConn) noteBodyRead(st *stream, n int) {
sc.serveG.check()
- sc.sendWindowUpdate(nil, n) // conn-level
+ sc.sendWindowUpdate(nil) // conn-level
if st.state != stateHalfClosedRemote && st.state != stateClosed {
// Don't send this WINDOW_UPDATE if the stream is closed
// remotely.
- sc.sendWindowUpdate(st, n)
+ sc.sendWindowUpdate(st)
}
}
// st may be nil for conn-level
-func (sc *serverConn) sendWindowUpdate(st *stream, n int) {
+func (sc *serverConn) sendWindowUpdate(st *stream) {
sc.serveG.check()
+
+ var n int32
+ if st == nil {
+ if avail, windowSize := sc.inflow.available(), sc.srv.initialConnRecvWindowSize(); avail > windowSize/2 {
+ return
+ } else {
+ n = windowSize - avail
+ }
+ } else {
+ if avail, windowSize := st.inflow.available(), sc.srv.initialStreamRecvWindowSize(); avail > windowSize/2 {
+ return
+ } else {
+ n = windowSize - avail
+ }
+ }
// "The legal range for the increment to the flow control
// window is 1 to 2^31-1 (2,147,483,647) octets."
// A Go Read call on 64-bit machines could in theory read
@@ -2505,6 +2513,10 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
rws.writeHeader(200)
}
+ if rws.handlerDone {
+ rws.promoteUndeclaredTrailers()
+ }
+
isHeadResp := rws.req.Method == "HEAD"
if !rws.sentHeader {
rws.sentHeader = true
@@ -2576,10 +2588,6 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
return 0, nil
}
- if rws.handlerDone {
- rws.promoteUndeclaredTrailers()
- }
-
// only send trailers if they have actually been defined by the
// server handler.
hasNonemptyTrailers := rws.hasNonemptyTrailers()
diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go
@@ -258,7 +258,8 @@ func (t *Transport) initConnPool() {
// HTTP/2 server.
type ClientConn struct {
t *Transport
- tconn net.Conn // usually *tls.Conn, except specialized impls
+ tconn net.Conn // usually *tls.Conn, except specialized impls
+ tconnClosed bool
tlsState *tls.ConnectionState // nil only for specialized impls
reused uint32 // whether conn is being reused; atomic
singleUse bool // whether being used for a single http.Request
@@ -344,8 +345,8 @@ type clientStream struct {
readErr error // sticky read error; owned by transportResponseBody.Read
reqBody io.ReadCloser
- reqBodyContentLength int64 // -1 means unknown
- reqBodyClosed bool // body has been closed; guarded by cc.mu
+ reqBodyContentLength int64 // -1 means unknown
+ reqBodyClosed chan struct{} // guarded by cc.mu; non-nil on Close, closed when done
// owned by writeRequest:
sentEndStream bool // sent an END_STREAM flag to the peer
@@ -385,9 +386,8 @@ func (cs *clientStream) abortStreamLocked(err error) {
cs.abortErr = err
close(cs.abort)
})
- if cs.reqBody != nil && !cs.reqBodyClosed {
- cs.reqBody.Close()
- cs.reqBodyClosed = true
+ if cs.reqBody != nil {
+ cs.closeReqBodyLocked()
}
// TODO(dneil): Clean up tests where cs.cc.cond is nil.
if cs.cc.cond != nil {
@@ -400,13 +400,24 @@ func (cs *clientStream) abortRequestBodyWrite() {
cc := cs.cc
cc.mu.Lock()
defer cc.mu.Unlock()
- if cs.reqBody != nil && !cs.reqBodyClosed {
- cs.reqBody.Close()
- cs.reqBodyClosed = true
+ if cs.reqBody != nil && cs.reqBodyClosed == nil {
+ cs.closeReqBodyLocked()
cc.cond.Broadcast()
}
}
+func (cs *clientStream) closeReqBodyLocked() {
+ if cs.reqBodyClosed != nil {
+ return
+ }
+ cs.reqBodyClosed = make(chan struct{})
+ reqBodyClosed := cs.reqBodyClosed
+ go func() {
+ cs.reqBody.Close()
+ close(reqBodyClosed)
+ }()
+}
+
type stickyErrWriter struct {
conn net.Conn
timeout time.Duration
@@ -921,10 +932,10 @@ func (cc *ClientConn) onIdleTimeout() {
cc.closeIfIdle()
}
-func (cc *ClientConn) closeConn() error {
+func (cc *ClientConn) closeConn() {
t := time.AfterFunc(250*time.Millisecond, cc.forceCloseConn)
defer t.Stop()
- return cc.tconn.Close()
+ cc.tconn.Close()
}
// A tls.Conn.Close can hang for a long time if the peer is unresponsive.
@@ -990,7 +1001,8 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error {
shutdownEnterWaitStateHook()
select {
case <-done:
- return cc.closeConn()
+ cc.closeConn()
+ return nil
case <-ctx.Done():
cc.mu.Lock()
// Free the goroutine above
@@ -1027,7 +1039,7 @@ func (cc *ClientConn) sendGoAway() error {
// closes the client connection immediately. In-flight requests are interrupted.
// err is sent to streams.
-func (cc *ClientConn) closeForError(err error) error {
+func (cc *ClientConn) closeForError(err error) {
cc.mu.Lock()
cc.closed = true
for _, cs := range cc.streams {
@@ -1035,7 +1047,7 @@ func (cc *ClientConn) closeForError(err error) error {
}
cc.cond.Broadcast()
cc.mu.Unlock()
- return cc.closeConn()
+ cc.closeConn()
}
// Close closes the client connection immediately.
@@ -1043,16 +1055,17 @@ func (cc *ClientConn) closeForError(err error) error {
// In-flight requests are interrupted. For a graceful shutdown, use Shutdown instead.
func (cc *ClientConn) Close() error {
err := errors.New("http2: client connection force closed via ClientConn.Close")
- return cc.closeForError(err)
+ cc.closeForError(err)
+ return nil
}
// closes the client connection immediately. In-flight requests are interrupted.
-func (cc *ClientConn) closeForLostPing() error {
+func (cc *ClientConn) closeForLostPing() {
err := errors.New("http2: client connection lost")
if f := cc.t.CountError; f != nil {
f("conn_close_lost_ping")
}
- return cc.closeForError(err)
+ cc.closeForError(err)
}
// errRequestCanceled is a copy of net/http's errRequestCanceled because it's not
@@ -1430,11 +1443,19 @@ func (cs *clientStream) cleanupWriteRequest(err error) {
// and in multiple cases: server replies <=299 and >299
// while still writing request body
cc.mu.Lock()
+ mustCloseBody := false
+ if cs.reqBody != nil && cs.reqBodyClosed == nil {
+ mustCloseBody = true
+ cs.reqBodyClosed = make(chan struct{})
+ }
bodyClosed := cs.reqBodyClosed
- cs.reqBodyClosed = true
cc.mu.Unlock()
- if !bodyClosed && cs.reqBody != nil {
+ if mustCloseBody {
cs.reqBody.Close()
+ close(bodyClosed)
+ }
+ if bodyClosed != nil {
+ <-bodyClosed
}
if err != nil && cs.sentEndStream {
@@ -1614,7 +1635,7 @@ func (cs *clientStream) writeRequestBody(req *http.Request) (err error) {
}
if err != nil {
cc.mu.Lock()
- bodyClosed := cs.reqBodyClosed
+ bodyClosed := cs.reqBodyClosed != nil
cc.mu.Unlock()
switch {
case bodyClosed:
@@ -1709,7 +1730,7 @@ func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error)
if cc.closed {
return 0, errClientConnClosed
}
- if cs.reqBodyClosed {
+ if cs.reqBodyClosed != nil {
return 0, errStopReqBodyWrite
}
select {
@@ -2005,7 +2026,7 @@ func (cc *ClientConn) forgetStreamID(id uint32) {
// wake up RoundTrip if there is a pending request.
cc.cond.Broadcast()
- closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives()
+ closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives() || cc.goAway != nil
if closeOnIdle && cc.streamsReserved == 0 && len(cc.streams) == 0 {
if VerboseLogs {
cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, cc.nextStreamID-2)
@@ -2081,6 +2102,7 @@ func (rl *clientConnReadLoop) cleanup() {
err = io.ErrUnexpectedEOF
}
cc.closed = true
+
for _, cs := range cc.streams {
select {
case <-cs.peerClosed:
@@ -2674,7 +2696,6 @@ func (rl *clientConnReadLoop) processGoAway(f *GoAwayFrame) error {
if fn := cc.t.CountError; fn != nil {
fn("recv_goaway_" + f.ErrCode.stringToken())
}
-
}
cc.setGoAway(f)
return nil
@@ -3028,7 +3049,7 @@ func traceGotConn(req *http.Request, cc *ClientConn, reused bool) {
cc.mu.Lock()
ci.WasIdle = len(cc.streams) == 0 && reused
if ci.WasIdle && !cc.lastActive.IsZero() {
- ci.IdleTime = time.Now().Sub(cc.lastActive)
+ ci.IdleTime = time.Since(cc.lastActive)
}
cc.mu.Unlock()
diff --git a/vendor/golang.org/x/net/internal/socket/mmsghdr_unix.go b/vendor/golang.org/x/net/internal/socket/mmsghdr_unix.go
@@ -172,7 +172,23 @@ type mmsgTmpsPool struct {
}
func (p *mmsgTmpsPool) Get() *mmsgTmps {
- return p.p.Get().(*mmsgTmps)
+ m := p.p.Get().(*mmsgTmps)
+ // Clear fields up to the len (not the cap) of the slice,
+ // assuming that the previous caller only used that many elements.
+ for i := range m.packer.sockaddrs {
+ m.packer.sockaddrs[i] = 0
+ }
+ m.packer.sockaddrs = m.packer.sockaddrs[:0]
+ for i := range m.packer.vs {
+ m.packer.vs[i] = iovec{}
+ }
+ m.packer.vs = m.packer.vs[:0]
+ for i := range m.packer.hs {
+ m.packer.hs[i].Len = 0
+ m.packer.hs[i].Hdr = msghdr{}
+ }
+ m.packer.hs = m.packer.hs[:0]
+ return m
}
func (p *mmsgTmpsPool) Put(tmps *mmsgTmps) {
diff --git a/vendor/golang.org/x/net/internal/socket/msghdr_linux.go b/vendor/golang.org/x/net/internal/socket/msghdr_linux.go
@@ -17,9 +17,6 @@ func (h *msghdr) pack(vs []iovec, bs [][]byte, oob []byte, sa []byte) {
if sa != nil {
h.Name = (*byte)(unsafe.Pointer(&sa[0]))
h.Namelen = uint32(len(sa))
- } else {
- h.Name = nil
- h.Namelen = 0
}
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -263,7 +263,7 @@ github.com/magiconair/properties
# github.com/mattn/go-isatty v0.0.16
## explicit; go 1.15
github.com/mattn/go-isatty
-# github.com/microcosm-cc/bluemonday v1.0.20
+# github.com/microcosm-cc/bluemonday v1.0.21
## explicit; go 1.19
github.com/microcosm-cc/bluemonday
github.com/microcosm-cc/bluemonday/css
@@ -655,7 +655,7 @@ golang.org/x/image/tiff/lzw
# golang.org/x/mod v0.6.0-dev.0.20220907135952-02c991387e35
## explicit; go 1.17
golang.org/x/mod/semver
-# golang.org/x/net v0.0.0-20220909164309-bea034e7d591
+# golang.org/x/net v0.0.0-20221002022538-bcab6841153b
## explicit; go 1.17
golang.org/x/net/bpf
golang.org/x/net/context