fix(deps): update module github.com/corazawaf/coraza/v3 to v3.3.0 in go.mod

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
github.com/corazawaf/coraza/v3	require	minor	v3.2.2 -> v3.3.0

---

Release Notes

corazawaf/coraza (github.com/corazawaf/coraza/v3)

v3.3.0

Compare Source

Another year, another version 🎉 !

Version 3.3.0 comes with some nice new features, extended compatibility with ModSecurity SecLang, and some quick performance improvements.

The minimum required Go version is 1.22.

New features:

• The coraza.rule.no_regex_multiline build tag has been added. It disables enabling by default regexes multiline modifiers in @rx operator. It aligns with CRS expected behavior, reduces false positives and might improve performances. Mind that it is planned to become the default behavior starting from the next major version. Check details and review available build tags here.
• Added support to OCSF (v1.2.0) audit log format by @​durg78. Reference: #​1089
• Improved compatibility with Windows by @​jabdr. Reference: #​1132 & #​1133 & #​1136 & #​1137 & #​1138
• Added MULTIPART_STRICT_ERROR variable. It is set when mutipart fails to parse by @​fzipi, @​M4tteoP. Reference: #​1098 & #​1166
• Added SecRuleUpdateActionById directive support by @​fzipi. Reference: #​1071
• Added TIME variables support by @​geoolekom and @​jcchavezs for the sake of compatibility with modsec and existing rulesets e.g. Imunify360. Some use cases are described in https://github.com/corazawaf/coraza/pull/1223#issuecomment-2503640872. Reference: #​1223 & #​1242
• Allow square brackets in variables during macro expansion by @​geoolekom as a query parameter can be a slice and hence its name contains square brackets. Reference: #​1226
• Added base64 encode transformation by @​tty2 as it wasn't supported. Reference: #​1257

Fixes:

• Fixed incorrect parsing of regex in SecRule with multiple ARGS specifiers by @​geekeryy. Reference: #​1087
• Fixed default deny action status code to 403 by @​M4tteoP. Reference: #​1097
• Fixed setvar action to allow values to start with - or + by @​soujanyanmbri. Reference: #​1125
• Fixed macro parsing to handle additional border cases by @​fzipi. Reference: #​1180
• Fixed default redirect action status code by @​fzipi. Reference: #​1183
• Improved noisy warn level debug logging when the body limit action is ProcessPartial. Reference: #​1187
• Added empty glob error when no files match by @​gantony as we don't want to accidentally miss rules to be loaded because an incorrect glob. Reference: #​1259
• Go version was pinned to 1.22.0 as coraza is a library and we should not target patch versions. Reference: #​1246

Performance improvements

• Improvements on GetField by reducing heap allocations by @​M4tteoP. Reference: #​1195
• Improvements on transformArg by reducing heap allocations by @​M4tteoP. Reference: #​1198
• Improvements on collections by reducing heap allocations by @​soujanyanmbri. Reference: #​1202

What's Changed

• fix: variable parsing error by @​geekeryy in https://github.com/corazawaf/coraza/pull/1087
• fix: deny action with default status 403 by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1097
• chore(goversion): upgrade minimum version to 1.21 by @​jptosso in https://github.com/corazawaf/coraza/pull/1099
• feat: set MULTIPART_STRICT_ERROR value when mutipart fails to parse by @​fzipi in https://github.com/corazawaf/coraza/pull/1098
• chore: finalizes go 1.21 bump, point to local version for crs tests, minor docs by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1102
• chore: config renovate to update up to our supported go version by @​fzipi in https://github.com/corazawaf/coraza/pull/1105
• fix: broken renovatebot config by @​fzipi in https://github.com/corazawaf/coraza/pull/1107
• chore(deps): pin dependencies by @​renovate in https://github.com/corazawaf/coraza/pull/1108
• chore(deps): update github/codeql-action digest to 5cf07d8 by @​renovate in https://github.com/corazawaf/coraza/pull/1113
• chore(README): removes mention to EOL of Modsec by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1115
• chore(deps): update github/codeql-action digest to afb54ba by @​renovate in https://github.com/corazawaf/coraza/pull/1114
• chore(deps): update github/codeql-action digest to eb055d7 by @​renovate in https://github.com/corazawaf/coraza/pull/1126
• fix(deps): update module golang.org/x/net to v0.28.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1127
• chore(deps): update github/codeql-action digest to 29d86d2 by @​renovate in https://github.com/corazawaf/coraza/pull/1129
• chore(deps): update github/codeql-action digest to 429e197 by @​renovate in https://github.com/corazawaf/coraza/pull/1130
• fix(deps): update module golang.org/x/sync to v0.8.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1124
• fix: broken TestInspectFile on windows by @​jabdr in https://github.com/corazawaf/coraza/pull/1133
• fix: broken multipart processor on windows by @​jabdr in https://github.com/corazawaf/coraza/pull/1137
• fix: broken TestDirectives SecUploadDir on windows by @​jabdr in https://github.com/corazawaf/coraza/pull/1132
• fix: broken TestConcurrentWriterSuccess on windows by @​jabdr in https://github.com/corazawaf/coraza/pull/1138
• chore(goversion): upgrade minimum version to 1.22 by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1145
• chore: update tinygo to 0.33.0 by @​fzipi in https://github.com/corazawaf/coraza/pull/1148
• fix(deps): update module github.com/tidwall/gjson to v1.17.3 by @​renovate in https://github.com/corazawaf/coraza/pull/1116
• feat: ocsf audit logging by @​durg78 in https://github.com/corazawaf/coraza/pull/1089
• fix: update auditlog test names by @​jcchavezs in https://github.com/corazawaf/coraza/pull/1152
• fix: broken TestHardcodedIncludeDirectiveDDOS2 on windows by @​jabdr in https://github.com/corazawaf/coraza/pull/1136
• updates tests to CRS 4.5, albedo by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1122
• fix(deps): update github.com/coreruleset/go-ftw digest to 8474a93 by @​renovate in https://github.com/corazawaf/coraza/pull/1155
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.15.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1142
• chore: ports interceptor correction by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1123
• Bug Fix: The value in the setvar should be able to start with - or +. by @​soujanyanmbri in https://github.com/corazawaf/coraza/pull/1125
• fix(deps): update module github.com/coreruleset/albedo to v0.0.16 by @​renovate in https://github.com/corazawaf/coraza/pull/1158
• tests: unknown key. by @​jcchavezs in https://github.com/corazawaf/coraza/pull/1156
• chore(deps): update codecov/codecov-action digest to b9fd7d1 by @​renovate in https://github.com/corazawaf/coraza/pull/1160
• fix(deps): update module github.com/tidwall/gjson to v1.18.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1161
• refactor: replace reflect.StringHeader with unsafe.StringData by @​Juneezee in https://github.com/corazawaf/coraza/pull/1162
• chore(deps): update github/codeql-action digest to 2c779ab by @​renovate in https://github.com/corazawaf/coraza/pull/1131
• fix(deps): update module golang.org/x/net to v0.30.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1165
• chore(deps): update github/codeql-action digest to 6db8d63 by @​renovate in https://github.com/corazawaf/coraza/pull/1164
• fix: MULTIPART_STRICT_ERROR, updates CRS tests to v4.6.0 by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1166
• docs: SecAuditLogDir, removes mention of SecAuditLogStorageDir by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1167
• fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.2 by @​renovate in https://github.com/corazawaf/coraza/pull/1172
• fix: actions comment by @​fzipi in https://github.com/corazawaf/coraza/pull/1173
• chore(deps): update actions/setup-go digest to 41dfa10 by @​renovate in https://github.com/corazawaf/coraza/pull/1179
• fix: apply mage format by @​fzipi in https://github.com/corazawaf/coraza/pull/1181
• fix: handle additional broken macro definitions by @​fzipi in https://github.com/corazawaf/coraza/pull/1180
• fix: redirect action status codes by @​fzipi in https://github.com/corazawaf/coraza/pull/1183
• feat: add SecRuleUpdateActionById directive by @​fzipi in https://github.com/corazawaf/coraza/pull/1071
• chore(deps): update github/codeql-action digest to 6624720 by @​renovate in https://github.com/corazawaf/coraza/pull/1169
• fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.7.1 by @​renovate in https://github.com/corazawaf/coraza/pull/1171
• chore(deps): update actions/checkout digest to 11bd719 by @​renovate in https://github.com/corazawaf/coraza/pull/1168
• nits: SecRuleUpdateActionById doc by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1185
• chore: update renovate config to use common by @​fzipi in https://github.com/corazawaf/coraza/pull/1184
• fix(deps): update module github.com/coreruleset/go-ftw to v1.1.0 in testing/coreruleset/go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1188
• chore(deps): update actions/cache action to v4 in .github/workflows/tinygo.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1189
• Revert "fix(deps): update module github.com/coreruleset/go-ftw to v1.1.0 in testing/coreruleset/go.mod" by @​fzipi in https://github.com/corazawaf/coraza/pull/1190
• fix: toolchain version in go.mod by @​fzipi in https://github.com/corazawaf/coraza/pull/1192
• chore: refactor process body related logs and doc by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1187
• fix(deps): update module github.com/coreruleset/go-ftw to v1.1.1 in testing/coreruleset/go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1191
• perf: GetField reduce allocations by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1195
• docs: nits and avoids mentioning not existing resources by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1203
• fix(deps): update module golang.org/x/sync to v0.9.0 in go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1206
• chore(deps): update github/codeql-action digest to 4f3212b in .github/workflows/codeql-analysis.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1209
• fix(deps): update module golang.org/x/net to v0.31.0 in go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1210
• Adds a mergefs.Merge test by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1211
• chore(deps): update github/codeql-action digest to 396bb3e in .github/workflows/codeql-analysis.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1213
• chore(regression): improve coverage with testing tag matrix by @​jptosso in https://github.com/corazawaf/coraza/pull/1214
• add codecov token by @​jptosso in https://github.com/corazawaf/coraza/pull/1215
• chore(deps): pin actions/checkout action to 11bd719 in .github/workflows/regression.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1216
• fix(deps): update module github.com/corazawaf/coraza-coreruleset/v4 to v4.7.0 in testing/coreruleset/go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1217
• perf: reduces transformArg allocation without multimatch by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1198
• fix(deps): update all non-major dependencies in testing/coreruleset/go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1218
• chore(deps): update codecov/codecov-action action to v5 in .github/workflows/regression.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1219
• Perf: Improve Performance, reduce heap allocations by @​soujanyanmbri in https://github.com/corazawaf/coraza/pull/1202
• chore(deps): update codecov/codecov-action digest to 5c47607 in .github/workflows/regression.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1222
• fix: removes multiline from default regex modifiers by @​M4tteoP in https://github.com/corazawaf/coraza/pull/876
• chore(deps): update codecov/codecov-action digest to 05f5a9c in .github/workflows/regression.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1224
• chore(deps): update codecov/codecov-action digest to 985343d in .github/workflows/regression.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1225
• chore(deps): update all non-major dependencies in .github/workflows/regression.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1228
• chore(deps): update codecov/codecov-action digest to 015f24e in .github/workflows/regression.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1229
• Allow square brackets in variables (macro expansion) by @​geoolekom in https://github.com/corazawaf/coraza/pull/1226
• tests: adds engine tests about args with square brackets by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1230
• fix(deps): update github.com/magefile/mage digest to 32e0107 in go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1234
• fix(deps): update github.com/magefile/mage digest to bdc92f6 in go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1235
• fix(deps): update module github.com/coreruleset/go-ftw to v1.1.2 in testing/coreruleset/go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1236
• chore(deps): update github/codeql-action digest to aa57810 in .github/workflows/codeql-analysis.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1237
• fix(deps): update go modules in go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1240
• chore(deps): update all non-major dependencies in .github/workflows/tinygo.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1241
• feat: TIME variables support by @​geoolekom in https://github.com/corazawaf/coraza/pull/1223
• chore: optimizes time variables. by @​jcchavezs in https://github.com/corazawaf/coraza/pull/1242
• chore(deps): update github/codeql-action digest to babb554 in .github/workflows/codeql-analysis.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1244
• chore(deps): update actions/setup-go digest to 3041bf5 in .github/workflows/tinygo.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1245
• chore: lint go versions. by @​jcchavezs in https://github.com/corazawaf/coraza/pull/1246
• chore(deps): update module golang.org/x/crypto to v0.31.0 [security] by @​renovate in https://github.com/corazawaf/coraza/pull/1247
• chore(deps): update github/codeql-action digest to df409f7 in .github/workflows/codeql-analysis.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1248
• chore(deps): update codecov/codecov-action digest to 1e68e06 in .github/workflows/regression.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1254
• fix(deps): update module golang.org/x/net to v0.33.0 in go.mod by @​renovate in https://github.com/corazawaf/coraza/pull/1255
• chore(deps): update module golang.org/x/net to v0.33.0 [security] by @​renovate in https://github.com/corazawaf/coraza/pull/1256
• chore(deps): update github/codeql-action digest to 48ab28a in .github/workflows/codeql-analysis.yml by @​renovate in https://github.com/corazawaf/coraza/pull/1260
• feat: add base64 encode transformation by @​tty2 in https://github.com/corazawaf/coraza/pull/1257
• fix: add empty glob error when no files match by @​gantony in https://github.com/corazawaf/coraza/pull/1259
• chore: Replace sync.Mutex with sync.Map by @​piyushroshan in https://github.com/corazawaf/coraza/pull/1197
• Revert "chore: Replace sync.Mutex with sync.Map" by @​fzipi in https://github.com/corazawaf/coraza/pull/1262

New Contributors

• @​geekeryy made their first contribution in https://github.com/corazawaf/coraza/pull/1087
• @​jabdr made their first contribution in https://github.com/corazawaf/coraza/pull/1133
• @​durg78 made their first contribution in https://github.com/corazawaf/coraza/pull/1089
• @​Juneezee made their first contribution in https://github.com/corazawaf/coraza/pull/1162
• @​geoolekom made their first contribution in https://github.com/corazawaf/coraza/pull/1226
• @​tty2 made their first contribution in https://github.com/corazawaf/coraza/pull/1257
• @​gantony made their first contribution in https://github.com/corazawaf/coraza/pull/1259

Full Changelog: corazawaf/coraza@v3.2.1...v3.3.0

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: install-tool golang 1.22.10