Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/pkg/sftp from 1.8.3 to 1.12.0 #328

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot-preview[bot]
Copy link

Bumps github.com/pkg/sftp from 1.8.3 to 1.12.0.

Release notes

Sourced from github.com/pkg/sftp's releases.

v1.12.0: Bugfixes, and caching buffer allocation

First release in some time. Fixing lots of bugs and adding io.ReaderAt compatibility of files, and various allocation and byte-slice optimizations courtesy of Nicola "@drakkan" Murino. Below are the highlights:

Features: GH-285 Implement io.ReaderAt interface on File struct. GH-338 Remove an unnecessary allocate+copy when unmarshaling data packets. GH-343 Allocate byte-slices anticipating full capacity to avoid allocate+copies when they are extended. GH-344 Add an optional caching allocator, to allow reuse of buffers, rather than always allocating anew.

Bugfixes: GH-329 S_IFMT overridden for Windows, JS, WASM to the most prevalent POSIX value. GH-337: In integration tests, expect /usr/lib/ssh/sftp-server as a possible executable location. GH-340: Update golang.org/x/crypto to address vulnerability CVE-2020-9283 GH-342: Fix race condition between Connection and Close GH-355: cleanPath operates on remote paths, so always use path (POSIX) rather than filepath (local file system rules). GH-363: Fix some small unlikely RequestServer.Serve bugs. GH-372: Add mutex protection to internal File offset used by Read. GH-373: RequestServer incorrectly interpreted SSH_FXP_FSETSTAT as a "Put" request.

Updates: GH-365, GH-376: Update dependencies In GH-344, GH-373: travis now tests against Go versions { 1.14, 1.15 }, instead of { 1.12, 1.13 }

Commits
  • 60ec050 Merge pull request #376 from pkg/update-go-mod-for-1-12
  • 1d7625b update go.mod dependencies
  • 06ab92e Merge pull request #373 from drakkan/fsetstat
  • 07229f2 Improve Fsetstat test case
  • b6bdd77 truncate should not change offset
  • 4da3253 travis: add 1.15
  • a011842 request server: add support for SSH_FXP_FSETSTAT
  • 2c44234 Merge pull request #375 from tklauser/revert-pr-370
  • 7d8a855 Revert PR #370
  • a6e55f6 Merge pull request #372 from pkg/hotfix/add-a-mutex-for-File-Read
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

Bumps [github.com/pkg/sftp](https://github.com/pkg/sftp) from 1.8.3 to 1.12.0.
- [Release notes](https://github.com/pkg/sftp/releases)
- [Commits](pkg/sftp@v1.8.3...v1.12.0)

Signed-off-by: dependabot-preview[bot] <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants