Merge d4e96937657f2fc156d0233e8d8c30668e15e3d4 into 5f4f9643258dc2a65e684b63f12c8d543c936c67

chore(deps): bump the actions group across 1 directory with 2 updates (#4640 )
Bumps the actions group with 2 updates in the / directory: [codecov/codecov-action](https://github.com/codecov/codecov-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `codecov/codecov-action` from 5 to 6 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5...v6) Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-06 12:08:20 +08:00 · 2026-05-15 04:08:29 +08:00 · 2026-05-09 10:20:32 +08:00 · 2025-12-30 12:03:55 +03:30
3 changed files with 67 additions and 3 deletions
--- a/.github/workflows/gin.yml
+++ b/.github/workflows/gin.yml
@ -78,6 +78,6 @@ jobs:
        run: make test

      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
        with:
          flags: ${{ matrix.os }},go-${{ matrix.go }},${{ matrix.test-tags }}
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@ -27,7 +27,7 @@ jobs:
          fetch-depth: 0

      - name: Run Trivy vulnerability scanner (source code)
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          scan-type: "fs"
          scan-ref: "."
@ -44,7 +44,7 @@ jobs:
          sarif_file: "trivy-results.sarif"

      - name: Run Trivy scanner (table output for logs)
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
        if: always()
        with:
          scan-type: "fs"
--- a/binding/form_test.go
+++ b/binding/form_test.go
@ -0,0 +1,64 @@
+// Copyright 2025 Gin Core Team. All rights reserved.
+// Use of this source code is governed by a MIT style
+// license that can be found in the LICENSE file.
+
+package binding
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestFormBindings_Names(t *testing.T) {
+	assert.Equal(t, "form", Form.Name())
+	assert.Equal(t, "form-urlencoded", FormPost.Name())
+	assert.Equal(t, "multipart/form-data", FormMultipart.Name())
+}
+
+func TestFormBinding_BasicPost(t *testing.T) {
+	b := Form
+	obj := FooBarStruct{}
+	req := requestWithBody(http.MethodPost, "/", "foo=bar&bar=foo")
+	req.Header.Add("Content-Type", MIMEPOSTForm)
+	err := b.Bind(req, &obj)
+	require.NoError(t, err)
+	assert.Equal(t, "bar", obj.Foo)
+	assert.Equal(t, "foo", obj.Bar)
+}
+
+func TestFormPostBinding_Basic(t *testing.T) {
+	b := FormPost
+	obj := FooBarStruct{}
+	req := requestWithBody(http.MethodPost, "/", "foo=bar&bar=foo")
+	req.Header.Add("Content-Type", MIMEPOSTForm)
+	err := b.Bind(req, &obj)
+	require.NoError(t, err)
+	assert.Equal(t, "bar", obj.Foo)
+	assert.Equal(t, "foo", obj.Bar)
+}
+
+func TestFormMultipartBinding_BasicMultipart(t *testing.T) {
+	// reuse helper that exists in binding_test.go
+	req := createFormMultipartRequest(t)
+	var obj FooBarStruct
+	err := FormMultipart.Bind(req, &obj)
+	require.NoError(t, err)
+	assert.Equal(t, "bar", obj.Foo)
+	assert.Equal(t, "foo", obj.Bar)
+}
+
+// ensure that a non-multipart POST with form content still binds with Form (ParseMultipartForm should be ignored)
+func TestFormBinding_NonMultipartPostIgnoresMultipartError(t *testing.T) {
+	b := Form
+	obj := FooBarStruct{}
+	req := requestWithBody(http.MethodPost, "/", "foo=bar&bar=foo")
+	// Intentionally do not set multipart content-type so ParseMultipartForm returns ErrNotMultipart and is ignored
+	req.Header.Add("Content-Type", MIMEPOSTForm)
+	err := b.Bind(req, &obj)
+	require.NoError(t, err)
+	assert.Equal(t, "bar", obj.Foo)
+	assert.Equal(t, "foo", obj.Bar)
+}