Update module github.com/gorilla/websocket to v1.5.3

[doctolib-renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/gorilla/websocket	v1.4.0 -> v1.5.3

---

Release Notes

gorilla/websocket (github.com/gorilla/websocket)

v1.5.3

Compare Source

Important change

This reverts the websockets package back to 931041c

What's Changed

• Fixes subprotocol selection (aling with rfc6455) by @​KSDaemon in #​823
• Update README.md, replace master to main by @​mstmdev in #​862
• Use status code constant by @​mstmdev in #​864
• conn.go: default close handler should not return ErrCloseSent. by @​pnx in #​865
• fix: replace ioutil.readfile with os.readfile by @​rfyiamcool in #​868
• fix: add comment for the readBufferSize and writeBufferSize by @​rfyiamcool in #​869
• Remove noisy printf in NextReader() and beginMessage() by @​bcreane in #​878
• docs(echoreadall): fix function echoReadAll comment by @​XdpCs in #​881
• make tests parallel by @​ninedraft in #​872
• Upgrader.Upgrade: use http.ResposnseController by @​ninedraft in #​871
• Do not handle network error in SetCloseHandler() by @​nak3 in #​863
• perf: reduce timer in write_control by @​rfyiamcool in #​879
• fix: lint example code by @​rfyiamcool in #​890
• feat: format message type by @​rfyiamcool in #​889
• Remove hideTempErr to allow downstream users to check for errors like net.ErrClosed by @​UnAfraid in #​894
• Do not timeout when WriteControl deadline is zero in #​898
• Excludes errchecks linter by @​apoorvajagtap in #​904
• Return errors instead of printing to logs by @​apoorvajagtap in #​897
• Revert " Update go version & add verification/testing tools (#​840)" by @​apoorvajagtap in #​908
• Fixes broken random value generation by @​apoorvajagtap in #​926
• Reverts back to v1.5.0 by @​apoorvajagtap in #​929

New Contributors

• @​KSDaemon made their first contribution in #​823
• @​mstmdev made their first contribution in #​862
• @​pnx made their first contribution in #​865
• @​rfyiamcool made their first contribution in #​868
• @​bcreane made their first contribution in #​878
• @​XdpCs made their first contribution in #​881
• @​ninedraft made their first contribution in #​872
• @​nak3 made their first contribution in #​863
• @​UnAfraid made their first contribution in #​894
• @​apoorvajagtap made their first contribution in #​904

Full Changelog: gorilla/websocket@v1.5.1...v1.5.3

v1.5.2

Compare Source

What's Changed

• Fixes subprotocol selection (aling with rfc6455) by @​KSDaemon in #​823
• Update README.md, replace master to main by @​mstmdev in #​862
• Use status code constant by @​mstmdev in #​864
• conn.go: default close handler should not return ErrCloseSent. by @​pnx in #​865
• fix: replace ioutil.readfile with os.readfile by @​rfyiamcool in #​868
• fix: add comment for the readBufferSize and writeBufferSize by @​rfyiamcool in #​869
• Remove noisy printf in NextReader() and beginMessage() by @​bcreane in #​878
• docs(echoreadall): fix function echoReadAll comment by @​XdpCs in #​881
• make tests parallel by @​ninedraft in #​872
• Upgrader.Upgrade: use http.ResposnseController by @​ninedraft in #​871
• Do not handle network error in SetCloseHandler() by @​nak3 in #​863
• perf: reduce timer in write_control by @​rfyiamcool in #​879
• fix: lint example code by @​rfyiamcool in #​890
• feat: format message type by @​rfyiamcool in #​889
• Remove hideTempErr to allow downstream users to check for errors like net.ErrClosed by @​UnAfraid in #​894
• Do not timeout when WriteControl deadline is zero in #​898
• Excludes errchecks linter by @​apoorvajagtap in #​904
• Return errors instead of printing to logs by @​apoorvajagtap in #​897
• Revert " Update go version & add verification/testing tools (#​840)" by @​apoorvajagtap in #​908
• Fixes broken random value generation by @​apoorvajagtap in #​926

New Contributors

• @​KSDaemon made their first contribution in #​823
• @​mstmdev made their first contribution in #​862
• @​pnx made their first contribution in #​865
• @​rfyiamcool made their first contribution in #​868
• @​bcreane made their first contribution in #​878
• @​XdpCs made their first contribution in #​881
• @​ninedraft made their first contribution in #​872
• @​nak3 made their first contribution in #​863
• @​UnAfraid made their first contribution in #​894
• @​apoorvajagtap made their first contribution in #​904

Full Changelog: gorilla/websocket@v1.5.1...v1.5.2

v1.5.1

Compare Source

What's Changed

• Add check for Sec-WebSocket-Key header by @​hirasawayuki in #​752
• Changed the method name UnderlyingConn to NetConn by @​JWSong in #​773
• remove all versions < 1.16 and add 1.18 by @​ChannyClaus in #​793
• Check for and report bad protocol in TLSClientConfig.NextProtos by @​ChannyClaus in #​788
• check err before GotConn for trace by @​junnplus in #​798
• Update README.md by @​coreydaley in #​839
• Correct way to save memory using write buffer pool and freeing net.http default buffers by @​FMLS in #​761
• Update go version & add verification/testing tools by @​coreydaley in #​840
• update golang.org/x/net by @​coreydaley in #​856
• update GitHub workflows by @​coreydaley in #​857

New Contributors

• @​hirasawayuki made their first contribution in #​752
• @​JWSong made their first contribution in #​773
• @​ChannyClaus made their first contribution in #​793
• @​junnplus made their first contribution in #​798
• @​coreydaley made their first contribution in #​839
• @​FMLS made their first contribution in #​761

Full Changelog: gorilla/websocket@v1.5.0...v1.5.1

v1.5.0: Minor new features and maintenance update

Compare Source

Minor new features and maintenance update

CHANGELOG

• Dialer: add optional method NetDialTLSContext (#​746) @​lluiscampos
• Update README (#​757) @​garyburd
• Remove support for Go 1.8 (#​755) @​garyburd
• Improve protocol error messages (#​754) @​garyburd
• Update autobahn example (#​753) @​garyburd
• Fix broadcast benchmarks (#​542) @​FZambia
• Use context.Context in TLS handshake (#​751) @​garyburd
• Modify http Method String Literal to Variable (#​728) @​thak1411
• Update to match gofmt 1.17 (#​750) @​garyburd
• Document the allowed concurrency on Upgrader and Dialer (#​636) @​ghost
• improve echo example (#​671) @​hellflame
• build: use build matrix; drop Go <= 1.10 (#​629) @​elithrar
• Fix Docs w.r.t. setting subprotocols (#​627) @​elithrar
• Fix how the client checks for presence of Upgrade: websocket, Connection: upgrade (#​604) @​bluetech

v1.4.2

Compare Source

v1.4.2 is a minor maintenance release, with minor fixes to examples, documentation, and internals.

Note: We are still looking for proactive maintainer(s) and issue triagers. Thanks to all who contributed to this release with either PRs or reviews - especially @​srybacki for the ongoing efforts here.

CHANGELOG

• build: clean up go.sum (#​584) @​elithrar
• Fix typo. (#​568) @​jongillham
• Duration order consistency when multiplying number by time unit (#​570) @​maxifom
• echo example: handle received messages as text, not HTML (#​563) @​srybacki
• Use empty struct to protect writing (#​566) @​ferhatelmas
• input autofocus (#​564) @​codenoid
• Fix a couple of small typos (#​567) @​johnernaut
• minor typo (#​583) @​dbaker-rh
• Changed the link of API references to pkg.go.dev (#​577) @​thearyanahmed

v1.4.1

Compare Source

Notable Changes

⚠️ This release fixes a potential denial-of-service (DoS) vector in gorilla/websocket, and we recommend that all users upgrade to this version (v1.4.1) or later

The vulnerability could allow an attacker to consume excessive amounts of memory on the server by bypassing read limits, and potentially cause the server to go out-of-memory (OOM).

See the published security advisory for more details.

Credit to Max Justicz (https://justi.cz/) for discovering and reporting this, as well as providing a robust PoC and review.

CHANGELOG

c3e18be Create release-drafter.yml (#​538)
5b740c2 Read Limit Fix (#​537)
7e9819d fix typos (#​532)
ae1634f Create CircleCI config.yml (#​519)
80c2d40 fix autobahn test suite link (#​503)
6a67f44 remove redundant err!=nil check in conn.go Close method (#​505)
0ec3d1b Fix typo
856ca61 Add buffer commentary
7c8e298 Add support for go-module
8ab6030 Add JoinMessages
95ba29e Updated autobahn test suite URL
483fb8d Add "in bytes" to sizes in documentation
76e4896 Fix formatting problem in the docs. (#​435)
a51a35a Improve header parsing code
3130e8d Return write buffer to pool on write error (#​427)
cdd40f5 Add comprehensive host test (#​429)

---

Configuration

📅 Schedule: Branch creation - Between 06:00 AM and 09:59 AM ( * 6-9 * * * ), Between 05:00 PM and 08:59 PM ( * 17-20 * * * ) in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was created by Renovate.

Details

Check the default configuration and documentation.

See the logs on Datadog.
To replay this update, you can use the following packageRules on the Manual Run page: [{"matchPackageNames": ["*"], "enabled": false}, {"matchPackageNames": ["github.com/gorilla/websocket"], "enabled": true}]

[doctolib-renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: downloading github.com/gorilla/websocket v1.5.3
go: github.com/doctolib/MailHog imports
	github.com/doctolib/MailHog/generated/assets: cannot find module providing package github.com/doctolib/MailHog/generated/assets
go: github.com/doctolib/MailHog/pkg/storage imports
	github.com/doctolib/MailHog/generated/queries: cannot find module providing package github.com/doctolib/MailHog/generated/queries

[docto-mergebot]

Please add the auto-merge label to the PR.