fix(deps): update module github.com/pires/go-proxyproto to v0.15.0#907
Open
renovate[bot] wants to merge 1 commit into
Open
fix(deps): update module github.com/pires/go-proxyproto to v0.15.0#907renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
Contributor
Author
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
Deploying gate-minekube with
|
| Latest commit: |
3044478
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://bc7986bf.gate-minekube.pages.dev |
| Branch Preview URL: | https://renovate-github-com-pires-go.gate-minekube.pages.dev |
306435d to
a5f10c5
Compare
a5f10c5 to
3044478
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.13.0→v0.15.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
pires/go-proxyproto (github.com/pires/go-proxyproto)
v0.15.0Compare Source
v0.15.0
This release aligns the library with PROXY protocol spec 3.4 (2026/04/27). It tightens parsing and trust behavior to match the spec's requirements — which makes some previously accepted inputs and configurations fail loudly — and adds first-class support for the PROXY protocol over UDP.
The PROXY header is now required by default (
2cd5f00)DefaultPolicypackage variable, set toREQUIRE, is applied byNewConnandListener.Acceptwhen no policy is configured. The spec forbids guessing whether a header is present, so headerless connections now fail their firstReadwithErrNoProxyProtocol.proxyproto.DefaultPolicy = proxyproto.USE.TrustProxyHeaderFromis now strict: trusted peers getREQUIREand untrusted peers are dropped byAcceptwith an error wrappingErrInvalidUpstream. Previously, untrusted headerless clients could slip through as raw connections.Stricter v1/v2 header parsing per spec 3.4 (
5914db8)PROXYtoken is validated; IPv6 zone IDs are rejected; plain IPv4 addresses inTCP6lines are rejected (setV1AcceptIPv4InTCP6for nginx interop); ports are parsed with leading zeros rejected and ranges validated on formatting.LOCALcommands too, rejecting undefined bytes per spec 2.2.LOCALheaders with a valid address block decode addresses and TLVs and round-trip; ill-fitting ones are normalized toUNSPEC.MaxV2HeaderSizevariable bounds the declared v2 length (default 4096) — raise it if you carry large TLVs such asPP2_SUBTYPE_SSL_CLIENT_CERT.✨ New features
PROXY protocol over UDP (
499ef90, fixes #79)ParseUDPDatagramandHeader.FormatUDPDatagramimplement the spec's per-datagram semantics (header and payload share a single datagram) for use with anynet.PacketConn.net.PacketConnwrapper — reply routing needs an application-policy flow table — butexamples/udppacketconnis a runnable sketch of that pattern, alongsideexamples/udpserverandexamples/udpclientfor the plain paths.Reworked trust policies (
2cd5f00)PolicyFromRanges(ranges, matched, unmatched)andMustPolicyFromRangessupersede the whitelist policy family, which is deprecated and now delegates to them. The(REQUIRE, IGNORE)combination covers mixed proxied/direct traffic the old family couldn't express.TrustProxyHeaderFromRanges.ErrInvalidUpstream, so a single unclassifiable peer can no longer stop an accept loop.TLV registry and PP2SSL caught up to spec 3.4 (
4e80228)Registered()now includesPP2_TYPE_GROUP,PP2_SUBTYPE_SSL_SIG_SCHEME, andPP2_SUBTYPE_SSL_CLIENT_CERT.PP2SSLaccessors:SSLSigAlg,SSLKeyAlg,SSLGroup,SSLSigScheme.🐛 Fixes
Header.EqualsTono longer panics on nil addresses (5914db8).formatVersion2folds TLV length into the declared length for Unix families instead of emitting TLVs past it (5914db8).🧪 Testing & CI
LOCALdecode matrix, byte-for-byte round-trip stability, andFuzzReadparse–format–reparse invariants (5914db8).af4b18c).serveConnTLS handshake-failure branch (b01bea4).📚 Documentation
REQUIREdefault (bd986c0).v0.14.0Compare Source
What's Changed
Full Changelog: pires/go-proxyproto@v0.13.0...v0.14.0
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.