From d388c9233baa6a9b8dc6cc060b45c44804f9afec Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 14:51:17 +0200
Subject: [PATCH] Bump github.com/gorilla/sessions from 1.1.1 to 1.4.0 in
 /quesma (#887)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/gorilla/sessions](https://github.com/gorilla/sessions)
from 1.1.1 to 1.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gorilla/sessions/releases">github.com/gorilla/sessions's
releases</a>.</em></p>
<blockquote>
<h2>v1.4.0</h2>
<h2>Summary</h2>
<p>There were new features important for <a
href="https://redirect.github.com/golang/go/issues/62490#issuecomment-2127685955">compatibility
with some of the upcoming cookie security changes</a> with google that
required a new <code>Partitioned</code> attribute be added to the
cookies, this attribute was only available in go 1.23, which has just
recently been released.</p>
<p>If you require a version that is backward compatible with a lower
version than go 1.23 then you'll need to use release v1.3.0.</p>
<p>The following notes show the difference between 1.2.2 and the current
version because 1.3.0 was a hotfix for go 1.22 and below.</p>
<h2>What's Changed</h2>
<ul>
<li>Improve File System Path Handling by <a
href="https://github.com/moloch"><code>@​moloch</code></a>-- in <a
href="https://redirect.github.com/gorilla/sessions/pull/274">gorilla/sessions#274</a></li>
<li><a
href="https://redirect.github.com/gorilla/sessions/issues/272">#272</a>:
feat: Add support for paritioned attribute in cookies as per chrome 3rd
party cookie phaseout by <a
href="https://github.com/kashishbehl"><code>@​kashishbehl</code></a> in
<a
href="https://redirect.github.com/gorilla/sessions/pull/273">gorilla/sessions#273</a></li>
<li>fix no default samesite by <a
href="https://github.com/bharat-rajani"><code>@​bharat-rajani</code></a>
in <a
href="https://redirect.github.com/gorilla/sessions/pull/276">gorilla/sessions#276</a></li>
<li>Fix gorillatoolkit link in README.md by <a
href="https://github.com/mbacalan"><code>@​mbacalan</code></a> in <a
href="https://redirect.github.com/gorilla/sessions/pull/278">gorilla/sessions#278</a></li>
<li>Add mysql store to the readme by <a
href="https://github.com/danielepintore"><code>@​danielepintore</code></a>
in <a
href="https://redirect.github.com/gorilla/sessions/pull/279">gorilla/sessions#279</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/moloch"><code>@​moloch</code></a>-- made
their first contribution in <a
href="https://redirect.github.com/gorilla/sessions/pull/274">gorilla/sessions#274</a></li>
<li><a
href="https://github.com/kashishbehl"><code>@​kashishbehl</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/sessions/pull/273">gorilla/sessions#273</a></li>
<li><a
href="https://github.com/bharat-rajani"><code>@​bharat-rajani</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/sessions/pull/276">gorilla/sessions#276</a></li>
<li><a href="https://github.com/mbacalan"><code>@​mbacalan</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/sessions/pull/278">gorilla/sessions#278</a></li>
<li><a
href="https://github.com/danielepintore"><code>@​danielepintore</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/sessions/pull/279">gorilla/sessions#279</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gorilla/sessions/compare/v1.2.2...v1.4.0">https://github.com/gorilla/sessions/compare/v1.2.2...v1.4.0</a></p>
<h2>v1.3.0</h2>
<p>The maintainers of this repo merged a PR into main with the
<code>net/http.Cookie</code> field <code>Partitioned</code> which is a
field only available in go 1.23. As a result all usage of the main
branch will not work unless users are on 1.23 which at the time of
writing is currently unreleased. This broke the install for a number of
users so the intent of this release is to push out a couple of features
and bugfixes with the go 1.23 specific changes removed.</p>
<p>Releases should be used exclusively until go 1.23 is released.</p>
<h2>What's Changed</h2>
<ul>
<li>Improve File System Path Handling by <a
href="https://github.com/moloch"><code>@​moloch</code></a>-- in <a
href="https://redirect.github.com/gorilla/sessions/pull/274">gorilla/sessions#274</a></li>
<li><a
href="https://redirect.github.com/gorilla/sessions/issues/272">#272</a>:
feat: Add support for paritioned attribute in cookies as per chrome 3rd
party cookie phaseout by <a
href="https://github.com/kashishbehl"><code>@​kashishbehl</code></a> in
<a
href="https://redirect.github.com/gorilla/sessions/pull/273">gorilla/sessions#273</a></li>
<li>fix no default samesite by <a
href="https://github.com/bharat-rajani"><code>@​bharat-rajani</code></a>
in <a
href="https://redirect.github.com/gorilla/sessions/pull/276">gorilla/sessions#276</a></li>
<li>Fix gorillatoolkit link in README.md by <a
href="https://github.com/mbacalan"><code>@​mbacalan</code></a> in <a
href="https://redirect.github.com/gorilla/sessions/pull/278">gorilla/sessions#278</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/moloch"><code>@​moloch</code></a>-- made
their first contribution in <a
href="https://redirect.github.com/gorilla/sessions/pull/274">gorilla/sessions#274</a></li>
<li><a
href="https://github.com/kashishbehl"><code>@​kashishbehl</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/sessions/pull/273">gorilla/sessions#273</a></li>
<li><a
href="https://github.com/bharat-rajani"><code>@​bharat-rajani</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/sessions/pull/276">gorilla/sessions#276</a></li>
<li><a href="https://github.com/mbacalan"><code>@​mbacalan</code></a>
made their first contribution in <a
href="https://redirect.github.com/gorilla/sessions/pull/278">gorilla/sessions#278</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/gorilla/sessions/compare/v1.2.2...v1.3.0">https://github.com/gorilla/sessions/compare/v1.2.2...v1.3.0</a></p>
<h2>Release v1.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li>build: use build matrix; drop Go &lt;= 1.10 by <a
href="https://github.com/elithrar"><code>@​elithrar</code></a> in <a
href="https://redirect.github.com/gorilla/sessions/pull/230">gorilla/sessions#230</a></li>
<li>refactor: use base32 encoder with no padding by <a
href="https://github.com/leungyauming"><code>@​leungyauming</code></a>
in <a
href="https://redirect.github.com/gorilla/sessions/pull/240">gorilla/sessions#240</a></li>
<li>docs: Add new TiKV store to README by <a
href="https://github.com/ryicoh"><code>@​ryicoh</code></a> in <a
href="https://redirect.github.com/gorilla/sessions/pull/245">gorilla/sessions#245</a></li>
<li>Fix linting errors for go1.17 by <a
href="https://github.com/mariusor"><code>@​mariusor</code></a> in <a
href="https://redirect.github.com/gorilla/sessions/pull/253">gorilla/sessions#253</a></li>
<li>Update README.md by <a
href="https://github.com/coreydaley"><code>@​coreydaley</code></a> in <a
href="https://redirect.github.com/gorilla/sessions/pull/261">gorilla/sessions#261</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/gorilla/sessions/commit/bb4cd60c952a9ce48ea0dc6cc7b282ff79c38263"><code>bb4cd60</code></a>
chore: Update readme to relect go 1.23 release</li>
<li><a
href="https://github.com/gorilla/sessions/commit/e2083f956282b2e627d9734f4ebbd51fa0339f09"><code>e2083f9</code></a>
chore: update to go 1.23 for workflows</li>
<li><a
href="https://github.com/gorilla/sessions/commit/6eef180e176e826b77f4d2f5f8e1cf855a87db02"><code>6eef180</code></a>
fix: Missing SameSite attribute on options</li>
<li><a
href="https://github.com/gorilla/sessions/commit/a56e60c14e37beb3f690c14311c8ad7be7580bb5"><code>a56e60c</code></a>
Add mysql store to the readme (<a
href="https://redirect.github.com/gorilla/sessions/issues/279">#279</a>)</li>
<li><a
href="https://github.com/gorilla/sessions/commit/466d29e7f343560836292b7c922e1385e908ef95"><code>466d29e</code></a>
chore: Update readme and copyrights</li>
<li><a
href="https://github.com/gorilla/sessions/commit/7a8159ef2d1bc1afea2b9fbb52e947ded867cf0c"><code>7a8159e</code></a>
chore(go): Remove go version 1.11 support</li>
<li><a
href="https://github.com/gorilla/sessions/commit/ff5660f3c355c08371621b642d76c7a4c88836c6"><code>ff5660f</code></a>
chore(go): Add warning about main branch</li>
<li><a
href="https://github.com/gorilla/sessions/commit/8e2d54718e949e895e6a0268e9d4df396b3fbe06"><code>8e2d547</code></a>
chore(go): Remove vendored dependencies</li>
<li><a
href="https://github.com/gorilla/sessions/commit/c373b3e334dc26e3e513168292d784d7773f7d27"><code>c373b3e</code></a>
Fix gorillatoolkit link in README.md (<a
href="https://redirect.github.com/gorilla/sessions/issues/278">#278</a>)</li>
<li><a
href="https://github.com/gorilla/sessions/commit/ef99c782e9aae430b326a614151c983dcd7c2c1d"><code>ef99c78</code></a>
fix(cookie): Add default samesite (<a
href="https://redirect.github.com/gorilla/sessions/issues/276">#276</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/gorilla/sessions/compare/v1.1.1...v1.4.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gorilla/sessions&package-manager=go_modules&previous-version=1.1.1&new-version=1.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 quesma/go.mod |  5 ++---
 quesma/go.sum | 12 ++++++------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/quesma/go.mod b/quesma/go.mod
index 2dabc9ce2..14ea20e3b 100644
--- a/quesma/go.mod
+++ b/quesma/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/coreos/go-semver v0.3.1
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/mux v1.8.1
-	github.com/gorilla/sessions v1.1.1
+	github.com/gorilla/sessions v1.4.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/k0kubun/pp v3.0.1+incompatible
 	github.com/knadh/koanf/parsers/json v0.1.0
@@ -32,8 +32,7 @@ require (
 require (
 	github.com/go-viper/mapstructure/v2 v2.0.0-alpha.1 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/gorilla/context v1.1.1 // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 // indirect
 	github.com/knadh/koanf/maps v0.1.1 // indirect
diff --git a/quesma/go.sum b/quesma/go.sum
index c584c6ba4..e62cfc8fd 100644
--- a/quesma/go.sum
+++ b/quesma/go.sum
@@ -43,16 +43,16 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
-github.com/gorilla/sessions v1.1.1 h1:YMDmfaK68mUixINzY/XjscuJ47uXFWSSHzFbBQM0PrE=
-github.com/gorilla/sessions v1.1.1/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
+github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
+github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
 github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=