Merge ec789274b1f5093f956d71d05b1cf88327e925d5 into 5f4f9643258dc2a65e684b63f12c8d543c936c67

chore(deps): bump the actions group across 1 directory with 2 updates (#4640 )
Bumps the actions group with 2 updates in the / directory: [codecov/codecov-action](https://github.com/codecov/codecov-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `codecov/codecov-action` from 5 to 6 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5...v6) Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-06 12:08:20 +08:00 · 2026-05-15 04:16:09 +08:00 · 2026-05-09 10:20:32 +08:00 · 2026-03-15 21:41:55 +08:00
3 changed files with 14 additions and 3 deletions
--- a/.github/workflows/gin.yml
+++ b/.github/workflows/gin.yml
@ -78,6 +78,6 @@ jobs:
        run: make test

      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
        with:
          flags: ${{ matrix.os }},go-${{ matrix.go }},${{ matrix.test-tags }}
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@ -27,7 +27,7 @@ jobs:
          fetch-depth: 0

      - name: Run Trivy vulnerability scanner (source code)
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          scan-type: "fs"
          scan-ref: "."
@ -44,7 +44,7 @@ jobs:
          sarif_file: "trivy-results.sarif"

      - name: Run Trivy scanner (table output for logs)
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
        if: always()
        with:
          scan-type: "fs"
--- a/gin.go
+++ b/gin.go
@ -486,6 +486,17 @@ func (engine *Engine) validateHeader(header string) (clientIP string, valid bool
 	items := strings.Split(header, ",")
 	for i := len(items) - 1; i >= 0; i-- {
 		ipStr := strings.TrimSpace(items[i])
+
+		// Handle IPv6 with brackets and/or port: [::1], [::1]:8080, 192.168.1.1:8080
+		// net.SplitHostPort handles all these cases and strips brackets
+		if host, _, err := net.SplitHostPort(ipStr); err == nil {
+			ipStr = host
+		} else {
+			// No port present, just strip brackets if any (bare IPv6 like [::1])
+			ipStr = strings.TrimPrefix(ipStr, "[")
+			ipStr = strings.TrimSuffix(ipStr, "]")
+		}
+
 		ip := net.ParseIP(ipStr)
 		if ip == nil {
 			break