Merge d02b7391f00946e0390ae5c3d684dd343f30a49b into 5f4f9643258dc2a65e684b63f12c8d543c936c67

chore(deps): bump the actions group across 1 directory with 2 updates (#4640 )
Bumps the actions group with 2 updates in the / directory: [codecov/codecov-action](https://github.com/codecov/codecov-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `codecov/codecov-action` from 5 to 6 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5...v6) Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-06 20:18:19 +08:00 · 2026-05-15 04:08:02 +08:00 · 2026-05-09 10:20:32 +08:00 · 2025-12-23 16:09:33 +03:30
3 changed files with 96 additions and 3 deletions
--- a/.github/workflows/gin.yml
+++ b/.github/workflows/gin.yml
@ -78,6 +78,6 @@ jobs:
        run: make test

      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
        with:
          flags: ${{ matrix.os }},go-${{ matrix.go }},${{ matrix.test-tags }}
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@ -27,7 +27,7 @@ jobs:
          fetch-depth: 0

      - name: Run Trivy vulnerability scanner (source code)
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          scan-type: "fs"
          scan-ref: "."
@ -44,7 +44,7 @@ jobs:
          sarif_file: "trivy-results.sarif"

      - name: Run Trivy scanner (table output for logs)
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
        if: always()
        with:
          scan-type: "fs"
--- a/binding/plain_test.go
+++ b/binding/plain_test.go
@ -0,0 +1,93 @@
+// Copyright 2025 Gin Core Team. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+package binding
+
+import (
+	"bytes"
+	"errors"
+	"io"
+	"net/http"
+	"strings"
+	"testing"
+)
+
+// errReadCloser simulates a ReadCloser whose Read returns a fixed error.
+type errReadCloser struct{ err error }
+
+func (e *errReadCloser) Read(p []byte) (int, error) { return 0, e.err }
+func (e *errReadCloser) Close() error               { return nil }
+
+func TestDecodePlain_String_Success(t *testing.T) {
+	t.Parallel()
+	var s string
+	if err := (plainBinding{}).BindBody([]byte("hello world"), &s); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if s != "hello world" {
+		t.Fatalf("expected %q, got %q", "hello world", s)
+	}
+}
+
+func TestDecodePlain_ByteSlice_Success(t *testing.T) {
+	t.Parallel()
+	in := []byte{1, 2, 3, 4}
+	var b []byte
+	if err := (plainBinding{}).BindBody(in, &b); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if !bytes.Equal(b, in) {
+		t.Fatalf("expected %v, got %v", in, b)
+	}
+}
+
+func TestPlainBind_UsesHTTPRequestBody(t *testing.T) {
+	t.Parallel()
+	var s string
+	req := &http.Request{Body: io.NopCloser(bytes.NewReader([]byte("reqbody")))}
+	if err := (plainBinding{}).Bind(req, &s); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if s != "reqbody" {
+		t.Fatalf("expected %q, got %q", "reqbody", s)
+	}
+}
+
+func TestDecodePlain_NilObj_NoPanic(t *testing.T) {
+	// Passing nil obj should be a no-op and return nil error.
+	if err := (plainBinding{}).BindBody([]byte("x"), nil); err != nil {
+		t.Fatalf("expected nil error for nil obj, got %v", err)
+	}
+
+	// Passing a nil pointer (e.g., *string == nil) should also return nil error.
+	var ps *string = nil
+	if err := (plainBinding{}).BindBody([]byte("x"), ps); err != nil {
+		t.Fatalf("expected nil error for nil pointer obj, got %v", err)
+	}
+}
+
+func TestDecodePlain_UnsupportedType_Error(t *testing.T) {
+	var x int
+	err := (plainBinding{}).BindBody([]byte("x"), &x)
+	if err == nil {
+		t.Fatalf("expected error for unsupported type, got nil")
+	}
+	if !strings.Contains(err.Error(), "unknown type") {
+		t.Fatalf("expected error to contain 'unknown type', got %v", err)
+	}
+}
+
+func TestPlainBind_ReadError(t *testing.T) {
+	t.Parallel()
+	sentinel := errors.New("read fail")
+	req := &http.Request{Body: &errReadCloser{err: sentinel}}
+	var s string
+	err := (plainBinding{}).Bind(req, &s)
+	if err == nil {
+		t.Fatalf("expected read error, got nil")
+	}
+	if err != sentinel {
+		t.Fatalf("expected sentinel error %v, got %v", sentinel, err)
+	}
+}