blackteay/gin
3
0
Fork 0
mirror of https://github.com/gin-gonic/gin.git synced 2026-04-29 15:08:19 +08:00
Code Issues Projects Releases Wiki Activity
1,972 Commits 20 Branches 38 Tags
Commit Graph

1972 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Amirhf
6f1d5fe3cd
test(render): add comprehensive error handling tests (#4541) 
* test(render): add comprehensive error handling tests
Add error case tests for XML, Data, BSON, and HTML renderers to improve test coverage and ensure proper error handling:

- TestRenderXMLError: validates XML marshal error handling for unsupported types
- TestRenderDataError: validates Data write error handling
- TestRenderBSONError: validates BSON marshal error handling for unsupported types
- TestRenderBSONWriteError: validates BSON write error handling
- TestRenderHTMLTemplateError: validates HTML template execution error with invalid field access
- TestRenderHTMLTemplateExecuteError: validates HTML template execution error with invalid nested field

All tests pass and maintain 100% coverage for the render package.

* test(render): improve robustness of error handling tests based on PR feedback

---------

Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: AmirHossein Fallah <amirhossein.fallah@arvancloud.ir>
 2026-02-28 10:11:57 +08:00
Denis Galeev
5c00df8afa
fix(render): write content length in Data.Render (#4206) 
* init test

* fix test

* fix assert.EqualValues usage

---------

Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2026-02-28 10:07:31 +08:00
Jacob McSwain
db309081bc
chore(logger): allow skipping query string output (#4547) 
This is useful for APIs that might have sensitive information in the query string, such as API keys.

This patch does not change the default behavior of the code unless the new `SkipQueryString` config option is passed in.

The "skip" term is a bit of a misnomer here, as this doesn't actually skip that log, but modifies the output. I'm open to suggestions for a more appropriate name.

Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2026-02-27 23:33:46 +08:00
Bob Du
ba093d1947
chore(binding): upgrade bson dependency to mongo-driver v2 (#4549) 
Signed-off-by: Bob Du <i@bobdu.cc>
 2026-02-27 23:20:01 +08:00
dependabot[bot]
1b414bd54e
chore(deps): bump goreleaser/goreleaser-action in the actions group (#4546) 
Bumps the actions group with 1 update: [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action).


Updates `goreleaser/goreleaser-action` from 6 to 7
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-27 23:18:28 +08:00
dependabot[bot]
81dba46872
chore(deps): bump github.com/go-playground/validator/v10 (#4509) 
Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.28.0 to 10.30.1.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.28.0...v10.30.1)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-version: 10.30.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-21 22:39:56 +08:00
dependabot[bot]
0c219e7902
chore(deps): bump aquasecurity/trivy-action in the actions group (#4544) 
Bumps the actions group with 1 update: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `aquasecurity/trivy-action` from 0.34.0 to 0.34.1
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.0...0.34.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-21 22:33:30 +08:00
Bo-Yi Wu
00900fb3e1
ci: update CI workflows and standardize Trivy config quotes (#4531) 
- Update gin workflow to use v2.9 and add Go 1.26 to the matrix
- Upgrade Trivy action to v0.34.0 in the scan workflow
- Change all single quotes to double quotes in Trivy workflow configuration

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2026-02-21 22:32:32 +08:00
dependabot[bot]
5260de6a83
chore(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 (#4538) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.49.0 to 0.50.0.
- [Commits](https://github.com/golang/net/compare/v0.49.0...v0.50.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.50.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-18 00:40:02 +08:00
dependabot[bot]
5f424ff6f6
chore(deps): bump github.com/bytedance/sonic from 1.14.2 to 1.15.0 (#4539) 
Bumps [github.com/bytedance/sonic](https://github.com/bytedance/sonic) from 1.14.2 to 1.15.0.
- [Release notes](https://github.com/bytedance/sonic/releases)
- [Commits](https://github.com/bytedance/sonic/compare/v1.14.2...v1.15.0)

---
updated-dependencies:
- dependency-name: github.com/bytedance/sonic
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-18 00:39:40 +08:00
Amirhf
216a4a7c28
test(render): add comprehensive tests for MsgPack render (#4537) 
* test(render): add comprehensive tests for MsgPack render

* test(render): make msgpack tests deterministic

Decode the rendered msgpack output and assert values instead of comparing raw bytes (which can vary with map iteration order).
Enable MsgpackHandle.RawToString so msgpack strings decode as Go strings.

---------

Co-authored-by: AmirHossein Fallah <amirhossein.fallah@arvancloud.ir>
 2026-02-18 00:38:36 +08:00
dependabot[bot]
f5c267d2f8
chore(deps): bump aquasecurity/trivy-action in the actions group (#4534) 
Bumps the actions group with 1 update: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-15 10:58:17 +08:00
dependabot[bot]
bf52b077c8
chore(deps): bump go.mongodb.org/mongo-driver from 1.17.7 to 1.17.9 (#4533) 
Bumps [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) from 1.17.7 to 1.17.9.
- [Release notes](https://github.com/mongodb/mongo-go-driver/releases)
- [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.17.7...v1.17.9)

---
updated-dependencies:
- dependency-name: go.mongodb.org/mongo-driver
  dependency-version: 1.17.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-15 10:57:27 +08:00
dependabot[bot]
6e3ac82fa7
chore(deps): bump github.com/quic-go/quic-go from 0.57.1 to 0.59.0 (#4532) 
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.57.1 to 0.59.0.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.57.1...v0.59.0)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.59.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-15 10:57:06 +08:00
dependabot[bot]
71cefce08e
chore(deps): bump github.com/goccy/go-yaml from 1.19.1 to 1.19.2 (#4507) 
Bumps [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml) from 1.19.1 to 1.19.2.
- [Release notes](https://github.com/goccy/go-yaml/releases)
- [Changelog](https://github.com/goccy/go-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/goccy/go-yaml/compare/v1.19.1...v1.19.2)

---
updated-dependencies:
- dependency-name: github.com/goccy/go-yaml
  dependency-version: 1.19.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-13 13:56:40 +08:00
dependabot[bot]
882f42b0ed
chore(deps): bump golang.org/x/net from 0.47.0 to 0.49.0 (#4508) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.47.0 to 0.49.0.
- [Commits](https://github.com/golang/net/compare/v0.47.0...v0.49.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-13 13:56:24 +08:00
Varun Chawla
488f8c3ffa
refactor: replace magic numbers with named constants in bodyAllowedForStatus (#4529) 
Use http.StatusContinue and http.StatusOK instead of hardcoded 100 and
199 for the 1xx informational status range check, consistent with the
pattern already used in logger.go.

Fixes #4489
 2026-02-13 13:55:23 +08:00
Mahan Adhikari
8e07d37c63
fix: Correct typos, improve documentation clarity, and remove dead code (#4511) 
* fix: correct typos and improve documentation clarity

- Fix typo "Oupps" to "Oops" in recovery test panic messages
- Fix confusing documentation in Bind() and ShouldBind() methods
  that incorrectly stated "JSON or XML as a JSON input"
- Remove double period in StaticFileFS documentation comment
- Remove unused ErrorTypeNu constant that had duplicate comment
  with ErrorTypeAny and was never used in the codebase

* tech: Fix the pull request routing link
 2026-02-13 13:54:14 +08:00
Laurent Caumont
d7776de7d4
feat(render): add bson protocol (#4145) 2026-01-27 10:09:01 +08:00
wanghaolong613
e3118cc378
refactor: for loop can be modernized using range over int (#4392) 
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2026-01-25 00:51:11 +08:00
Artur Melanchyk
cad29c5e3f
perf(tree): reduce allocations in findCaseInsensitivePath (#4417) 
Co-authored-by: Artur Melanchyk <13834276+arturmelanchyk@users.noreply.github.com>
 2026-01-25 00:46:02 +08:00
dependabot[bot]
d9e5cdf9c6
chore(deps): bump github.com/goccy/go-yaml from 1.19.0 to 1.19.1 (#4476) 
Bumps [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/goccy/go-yaml/releases)
- [Changelog](https://github.com/goccy/go-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/goccy/go-yaml/compare/v1.19.0...v1.19.1)

---
updated-dependencies:
- dependency-name: github.com/goccy/go-yaml
  dependency-version: 1.19.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-24 17:55:09 +08:00
Raju Ahmed
53410d2e07
feat(context): add GetError and GetErrorSlice methods for error retrieval (#4502) 
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2026-01-24 17:54:37 +08:00
dependabot[bot]
ac95fa6bbc
chore(deps): bump goreleaser/goreleaser-action from 5 to 6 (#3992) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 5 to 6.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-24 15:22:06 +08:00
takanuva15
192ac89eef
feat(binding): add support for encoding.UnmarshalText in uri/query binding (#4203) 2026-01-24 15:20:24 +08:00
WeidiDeng
b2b489dbf4
chore(context): always trust xff headers from unix socket (#3359) 
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2026-01-18 12:56:22 +08:00
OHZEKI Naoki
3ab698dc51
refactor(recovery): smart error comparison (#4142) 
* refactor(recovery): rename var in CustomRecoveryWithWriter

* refactor(recovery): smart error comparison

* test(recovery): Directly reference the syscall error string
 2026-01-17 16:40:43 +08:00
Nurysso
9914178584
fix(context): ClientIP handling for multiple X-Forwarded-For header values (#4472) 
* Fix ClientIP calculation by concatenating all RemoteIPHeaders values

* test: used http.MethodGet instead constants and fix lints

* lint error fixed

* Refactor ClientIP X-Forwarded-For tests

---------

Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2026-01-02 10:15:27 +08:00
Paulo Henrique
915e4c90d2
refactor(context): replace hardcoded localhost IPs with constants (#4481) 2025-12-27 19:25:17 +08:00
Twacqwq
26c3a62865
chore(response): prevent Flush() panic when http.Flusher (#4479) 2025-12-24 18:35:20 +08:00
dependabot[bot]
22c274c84b
chore(deps): bump actions/cache from 4 to 5 in the actions group (#4469) 
Bumps the actions group with 1 update: [actions/cache](https://github.com/actions/cache).


Updates `actions/cache` from 4 to 5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-24 18:33:46 +08:00
OHZEKI Naoki
d1a15347b1
refactor(utils): move util functions to utils.go (#4467) 
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-12-12 13:43:25 +08:00
Name
64a6ed9a41
perf(recovery): optimize line reading in stack function (#4466) 
Co-authored-by: 1911860538 <alxps1911@gmail.com>
 2025-12-12 13:42:03 +08:00
OHZEKI Naoki
19b877fa50
test(debug): improve the test coverage of debug.go to 100% (#4404) 2025-12-05 11:18:08 +08:00
OHZEKI Naoki
2a794cd0b0
fix(debug): version mismatch (#4403) 
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-12-04 10:49:37 +08:00
guonaihong
b917b14ff9
fix(binding): empty value error (#2169) 
* fix empty value error

Here is the code that can report an error
```go
package main

import (
	"fmt"
	"github.com/gin-gonic/gin"
	"io"
	"net/http"
	"os"
	"time"
)

type header struct {
	Duration   time.Duration `header:"duration"`
	CreateTime time.Time     `header:"createTime" time_format:"unix"`
}

func needFix1() {
	g := gin.Default()
	g.GET("/", func(c *gin.Context) {
		h := header{}
		err := c.ShouldBindHeader(&h)
		if err != nil {
			c.JSON(500, fmt.Sprintf("fail:%s\n", err))
			return
		}

		c.JSON(200, h)
	})

	g.Run(":8081")
}

func needFix2() {
	g := gin.Default()
	g.GET("/", func(c *gin.Context) {
		h := header{}
		err := c.ShouldBindHeader(&h)
		if err != nil {
			c.JSON(500, fmt.Sprintf("fail:%s\n", err))
			return
		}

		c.JSON(200, h)
	})

	g.Run(":8082")
}

func sendNeedFix1() {
	// send to needFix1
	sendBadData("http://127.0.0.1:8081", "duration")
}

func sendNeedFix2() {
	// send to needFix2
	sendBadData("http://127.0.0.1:8082", "createTime")
}

func sendBadData(url, key string) {
	req, err := http.NewRequest("GET", "http://127.0.0.1:8081", nil)
	if err != nil {
		fmt.Printf("err:%s\n", err)
		return
	}

	// Only the key and no value can cause an error
	req.Header.Add(key, "")
	rsp, err := http.DefaultClient.Do(req)
	if err != nil {
		return
	}
	io.Copy(os.Stdout, rsp.Body)
	rsp.Body.Close()
}

func main() {
	go needFix1()
	go needFix2()

	time.Sleep(time.Second / 1000 * 200) // 200ms
	sendNeedFix1()
	sendNeedFix2()
}

```

* modify code

* add comment

* test(binding): use 'any' alias and require.NoError in form mapping tests

- Replace 'interface{}' with 'any' alias in bindTestData struct
- Change assert.NoError to require.NoError in TestMappingTimeUnixNano and TestMappingTimeDuration to fail fast on mapping errors

---------

Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-12-03 19:18:10 +08:00
dependabot[bot]
fad706f121
chore(deps): bump github.com/goccy/go-yaml from 1.18.0 to 1.19.0 (#4458) 
Bumps [github.com/goccy/go-yaml](https://github.com/goccy/go-yaml) from 1.18.0 to 1.19.0.
- [Release notes](https://github.com/goccy/go-yaml/releases)
- [Changelog](https://github.com/goccy/go-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/goccy/go-yaml/compare/v1.18.0...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/goccy/go-yaml
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-02 20:09:41 +08:00
Wayne Aki
f416d1e594
test(gin): resolve race conditions in integration tests (#4453) 
- Implement TestRebuild404Handlers to verify 404 handler chain rebuilding
  when global middleware is added via Use()
- Add waitForServerReady helper with exponential backoff to replace
  unreliable time.Sleep() calls in integration tests
- Fix race conditions in TestRunEmpty, TestRunEmptyWithEnv, and
  TestRunWithPort by using proper server readiness checks
- All tests now pass consistently with -race flag

This addresses the empty test function and eliminates flaky test failures
caused by insufficient wait times for server startup.

Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-11-30 15:38:07 +08:00
Milad
583db590ec
test(bytesconv): add tests for empty/nil cases (#4454) 
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-11-30 15:25:46 +08:00
appleboy
af6e8b70b8
chore(deps): upgrade quic-go to v0.57.1 
Fix CVE-2025-59530 vulnerability (quic-go Crash Due to Premature HANDSHAKE_DONE Frame)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-30 11:52:47 +08:00
Yilong Li
63dd3e60ca
fix(recover): suppress http.ErrAbortHandler in recover (#4336) 
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-11-27 23:20:52 +08:00
Milad
c358d5656d
test(gin): Add comprehensive test coverage for ginS package (#4442) 
* test(ginS): add comprehensive test coverage for ginS package

Improve test coverage for ginS package by adding 18 test functions covering HTTP methods, routing, middleware, static files, and templates.

* use http.Method* constants instead of raw strings in gins_test.go

* copyright updated in gins_test.go

---------

Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-11-27 23:01:57 +08:00
Aeddis Desauw
771dcc6476
feat(gin): add option to use escaped path (#4420) 
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-11-27 17:55:34 +08:00
dependabot[bot]
52ecf029bd
chore(deps): bump actions/checkout from 5 to 6 in the actions group (#4446) 
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 5 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
 2025-11-26 23:33:08 +08:00
Name
440eb14ab8
perf(path): replace regex with custom functions in redirectTrailingSlash (#4414) 
* perf: replace regex with custom functions in redirectTrailingSlash

* perf: use more efficient removeRepeatedChar for path slash handling

---------

Co-authored-by: 1911860538 <alxps1911@gmail.com>
 2025-11-26 23:32:18 +08:00
Bo-Yi Wu
ecb3f7b5e2
chore(deps): upgrade golang.org/x/crypto to v0.45.0 (#4449) 
- Update golang.org/x/crypto dependency to version 0.45.0

1. https://avd.aquasec.com/nvd/cve-2025-47914
2. https://avd.aquasec.com/nvd/cve-2025-58181

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-11-23 11:46:13 +08:00
Bo-Yi Wu
e88fc8927a
ci(sec): schedule Trivy security scans to run daily at midnight UTC (#4439) 
- Change Trivy scan schedule from quarterly to daily runs at 00:00 UTC

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-11-18 23:05:54 +08:00
Pawan Kalyan
5fad976b37
fix(gin): literal colon routes not working with engine.Handler() (#4415) 
* fix: call updateRouteTrees in ServeHTTP using sync.Once to support literal colon routes in all usage scenarios (#4413)

* chore: fixed golangci-lint issue in test cases for literal colon

* fix: gofumpt formatting issue

* fix: gofumpt issue in gin.go

* chore: updated routeTreesUpdated comments

* chore: removed unused variable and updated TestUpdateRouteTreesCalledOnce testcase

* chore: moved tests from literal_colon_test.go into gin_test.go

---------

Co-authored-by: pawannn <pawan@zenz.tech>
 2025-11-16 09:22:07 +08:00
Bo-Yi Wu
93ff771e6d
ci(sec): improve type safety and server organization in HTTP middleware (#4437) 
- Update linting configuration to exclude G115 gosec check instead of including specific checks
- Add the safeInt8 helper for safer type conversions and use it to prevent int8 overflow in middleware handler execution
- Group related constants and variables together for better organization in gin.go
- Refactor HTTP server instantiation to use a dedicated http.Server object for all Run methods
- Add the safeUint16 helper and use it to safely handle conversions in tree node functions to prevent uint16 overflow

Signed-off-by: appleboy <appleboy.tw@gmail.com>
 2025-11-15 23:03:32 +08:00
AtoriUzawa
58135f06cf
docs(context): add example comments for ShouldBind* methods (#4428) 
- Added detailed example for ShouldBindJSON
- Added consistent descriptive comments for ShouldBindXML, ShouldBindQuery, ShouldBindYAML, ShouldBindTOML, ShouldBindPlain, ShouldBindHeader, ShouldBindUri
- Makes binding method usage clearer for new users
 2025-11-15 19:46:45 +08:00