| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| skipper-v0.27.29-windows-amd64.zip | < 14 hours ago | 149.7 MB | |
| skipper-v0.27.29-linux-armv7.tar.gz | < 14 hours ago | 136.7 MB | |
| skipper-v0.27.29-linux-arm64.tar.gz | < 14 hours ago | 136.0 MB | |
| skipper-v0.27.29-linux-amd64.tar.gz | < 14 hours ago | 148.1 MB | |
| skipper-v0.27.29-darwin-arm64.tar.gz | < 14 hours ago | 147.6 MB | |
| sha256sum.txt | < 14 hours ago | 613 Bytes | |
| skipper-v0.27.29-darwin-amd64.tar.gz | < 14 hours ago | 156.4 MB | |
| README.md | < 15 hours ago | 22.7 kB | |
| v0.27.29 source code.tar.gz | < 15 hours ago | 5.1 MB | |
| v0.27.29 source code.zip | < 15 hours ago | 6.1 MB | |
| Totals: 10 Items | 885.7 MB | 0 | |
Changes
build(deps): bump the all-go-mod-patch-and-minor group with 5 updates (#4134)
Bumps the all-go-mod-patch-and-minor group with 5 updates:
| Package | From | To |
|---|---|---|
| github.com/coreos/go-oidc/v3 | ||
3.19.0 |
3.20.0 |
|
| github.com/hashicorp/memberlist | ||
0.5.4 |
0.6.0 |
|
| github.com/molecule-man/go-brrr | ||
1.0.0 |
1.0.1 |
|
| github.com/pires/go-proxyproto | ||
0.14.0 |
0.15.0 |
|
| golang.org/x/net (github.com) | 0.56.0 |
|
0.57.0 |
Updates github.com/coreos/go-oidc/v3 from 3.19.0 to 3.20.0
Release notes
Sourced from github.com/coreos/go-oidc/v3's releases.
v3.20.0
What's Changed
- oidc: modernize with new Go APIs by
@ericchiangin coreos/go-oidc#487](https://github.com/href="https://redirect.github.com/coreos/go-oidc/pull/487">coreos/go-oidc/issues/487)- oidc: improve documentation for APIs by
@ericchiangin coreos/go-oidc#488](https://github.com/href="https://redirect.github.com/coreos/go-oidc/pull/488">coreos/go-oidc/issues/488)- SECURITY.md: add a security policy and point to project-level reporting by
@ericchiangin coreos/go-oidc#489](https://github.com/href="https://redirect.github.com/coreos/go-oidc/pull/489">coreos/go-oidc/issues/489)- oidc: ignore JWKs with unknown signing algorithms rather than failing by
@ericchiangin coreos/go-oidc#491](https://github.com/href="https://redirect.github.com/coreos/go-oidc/pull/491">coreos/go-oidc/issues/491)- readme: update README and docs by
@ericchiangin coreos/go-oidc#492](https://github.com/href="https://redirect.github.com/coreos/go-oidc/pull/492">coreos/go-oidc/issues/492)- oidc: add API for determining when issuer URLs mismatch by
@ericchiangin coreos/go-oidc#493](https://github.com/href="https://redirect.github.com/coreos/go-oidc/pull/493">coreos/go-oidc/issues/493)- oidc: add constants for "email" and "profile" scopes by
@ericchiangin coreos/go-oidc#494](https://github.com/href="https://redirect.github.com/coreos/go-oidc/pull/494">coreos/go-oidc/issues/494)Full Changelog: https://github.com/coreos/go-oidc/compare/v3.19.0...v3.20.0
Commits
75dfa5coidc: add constants for "email" and "profile" scopesa89f046oidc: add API for determining when issuer URLs mismatch6a69b6dreadme: update README and docsf9049c9oidc: ignore JWKs with unknown signing algorithms rather than failing2f178e0SECURITY.md: add a security policy and point to project-level reportingb3bc7daoidc: improve documentation for APIs0db9053oidc: modernize with new Go APIs- See full diff in compare view
Updates github.com/hashicorp/memberlist from 0.5.4 to 0.6.0
Release notes
Sourced from github.com/hashicorp/memberlist's releases.
v0.6.0
What's Changed
- Fixed concurrent writes/reads in the keyring hashicorp/memberlist#342](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/pull/342">hashicorp/memberlist/issues/342)
- Fixed a data race in the
Leavemethod hashicorp/memberlist#273](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/pull/273">hashicorp/memberlist/issues/273)- Fixed probe selection for very small clusters hashicorp/memberlist#350](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/pull/350">hashicorp/memberlist/issues/350)
- Limit remote state header values to prevent a denial-of-service attack described in HCSEC-2026-18 hashicorp/memberlist#357](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/pull/357">hashicorp/memberlist/issues/357)
Full Changelog: https://github.com/hashicorp/memberlist/compare/v0.5.4...v0.6.0
Commits
371698blimit remote state header values (#357](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/issues/357">/issues/357))0000b77[chore] : Bump golangci/golangci-lint-action in the actions group (#356](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/issues/356">/issues/356))e0f1a1e[chore] : Bump golang.org/x/net (#355](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/issues/355">/issues/355))9f9b819[chore] : Bump github.com/hashicorp/go-metrics in the go group (#352](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/issues/352">/issues/352))bcbacd0[chore] : Bump actions/setup-go from 6.4.0 to 6.5.0 in the actions group (#353](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/issues/353">/issues/353))8c0d992fix probe selection for very small clusters (#350](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/issues/350">/issues/350))d760c6a[chore] : Bump actions/checkout from 6.0.3 to 7.0.0 in the actions group (#351](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/issues/351">/issues/351))4803c01testing: reduce test flakiness (#349](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/issues/349">/issues/349))e15ee5dfixed a data race issue (#273](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/issues/273">/issues/273))29437a6CI: fix broken YAML in config (#347](https://github.com/href="https://redirect.github.com/hashicorp/memberlist/issues/347">/issues/347))- Additional commits viewable in compare view
Updates github.com/molecule-man/go-brrr from 1.0.0 to 1.0.1
Release notes
Sourced from github.com/molecule-man/go-brrr's releases.
v1.0.1
Fixes:
- use unsafe arithmetic only for the unalignedOK archs
Performance improvements:
- convert blockHistograms fields into fixed-size arrays (q2 q3)
Full Changelog: https://github.com/molecule-man/go-brrr/compare/v1.0.0...v1.0.1
Commits
8eab088fix: use unsafe arithmetic only for the unalignedOK archs4664913perf(q2 q3): convert blockHistograms fields into fixed-size arraysf6ba1ccdocs: update status, remove pre-v1 warningda97de7test(benchmarks): add random uncompressable payload- See full diff in compare view
Updates github.com/pires/go-proxyproto from 0.14.0 to 0.15.0
Release notes
Sourced from github.com/pires/go-proxyproto's releases.
v0.15.0
This release aligns the library with PROXY protocol spec 3.4 (2026/04/27). It tightens parsing and trust behavior to match the spec's requirements — which makes some previously accepted inputs and configurations fail loudly — and adds first-class support for the PROXY protocol over UDP.
⚠️ Breaking changes
The PROXY header is now required by default (2cd5f00e2b3010a0fa64f52f077a20fb304b72fa)
- A new
DefaultPolicypackage variable, set toREQUIRE, is applied byNewConnandListener.Acceptwhen no policy is configured. The spec forbids guessing whether a header is present, so headerless connections now fail their firstReadwithErrNoProxyProtocol.- To restore the previous lax behavior:
proxyproto.DefaultPolicy = proxyproto.USE.TrustProxyHeaderFromis now strict: trusted peers getREQUIREand untrusted peers are dropped byAcceptwith an error wrappingErrInvalidUpstream. Previously, untrusted headerless clients could slip through as raw connections.Stricter v1/v2 header parsing per spec 3.4 (5914db81c566830347865256ec22808fc39a0787)
- v1: the full
PROXYtoken is validated; IPv6 zone IDs are rejected; plain IPv4 addresses inTCP6lines are rejected (setV1AcceptIPv4InTCP6for nginx interop); ports are parsed with leading zeros rejected and ranges validated on formatting.- v2: the family/transport whitelist now applies to
LOCALcommands too, rejecting undefined bytes per spec 2.2.LOCALheaders with a valid address block decode addresses and TLVs and round-trip; ill-fitting ones are normalized toUNSPEC.- New
MaxV2HeaderSizevariable bounds the declared v2 length (default 4096) — raise it if you carry large TLVs such asPP2_SUBTYPE_SSL_CLIENT_CERT.✨ New features
PROXY protocol over UDP (499ef90567292b68d14248845f4050f5d917fa5e, fixes #79](https://github.com/href="https://redirect.github.com/pires/go-proxyproto/issues/79">/issues/79))
- New
ParseUDPDatagramandHeader.FormatUDPDatagramimplement the spec's per-datagram semantics (header and payload share a single datagram) for use with anynet.PacketConn.- The library deliberately ships no
net.PacketConnwrapper — reply routing needs an application-policy flow table — butexamples/udppacketconnis a runnable sketch of that pattern, alongsideexamples/udpserverandexamples/udpclientfor the plain paths.Reworked trust policies (2cd5f00e2b3010a0fa64f52f077a20fb304b72fa)
- New
PolicyFromRanges(ranges, matched, unmatched)andMustPolicyFromRangessupersede the whitelist policy family, which is deprecated and now delegates to them. The(REQUIRE, IGNORE)combination covers mixed proxied/direct traffic the old family couldn't express.- New CIDR-capable
TrustProxyHeaderFromRanges.- All built-in policies wrap address-classification failures in
ErrInvalidUpstream, so a single unclassifiable peer can no longer stop an accept loop.TLV registry and PP2SSL caught up to spec 3.4 (4e80228ed95019bd7cba1d215fb169a008c146f5)
Registered()now includesPP2_TYPE_GROUP,PP2_SUBTYPE_SSL_SIG_SCHEME, andPP2_SUBTYPE_SSL_CLIENT_CERT.- New
PP2SSLaccessors:SSLSigAlg,SSLKeyAlg,SSLGroup,SSLSigScheme.🐛 Fixes
Header.EqualsTono longer panics on nil addresses (5914db81c566830347865256ec22808fc39a0787).formatVersion2folds TLV length into the declared length for Unix families instead of emitting TLVs past it (5914db81c566830347865256ec22808fc39a0787).🧪 Testing & CI
- New fuzz/table suites: exhaustive 256-transport-byte sweeps for both v2 commands, a
LOCALdecode matrix, byte-for-byte round-trip stability, andFuzzReadparse–format–reparse invariants (5914db81c566830347865256ec22808fc39a0787).- CI gains a fuzz job that auto-discovers fuzz targets and uploads crashers as artifacts; workflow actions bumped across the board (af4b18ccae4375269802ff0831e5edf8c26c33c6).
- Coverage for the http2
serveConnTLS handshake-failure branch (b01bea45dfd89272ed4ee72c7e7f96c94f1c89fc).📚 Documentation
- README rewritten against spec 3.4: new Security section with the spec's trust requirements, a UDP section, an examples table, and warnings about the new
REQUIREdefault (bd986c0a99dccc91fea506d5a6b8c14c5e0cda7c).
Commits
bd986c0docs: rewrite README against PROXY protocol spec 3.4af4b18cci: add fuzz job, bump workflow actionsb01bea4test: cover http2 serveConn TLS handshake failure499ef90feat: support the PROXY protocol over UDP datagrams4e80228feat: catch TLV registry and PP2SSL parsing up to spec 3.42cd5f00feat!: require the PROXY header by default and rework trust policies5914db8fix!: align v1/v2 header parsing with PROXY protocol spec 3.4- See full diff in compare view
Updates golang.org/x/net from 0.56.0 to 0.57.0
Commits
b8f09f6go.mod: update golang.org/x dependenciesf05f21bidna: reject all-ASCII xn-- labels on all Go versions0f748cfinternal/http3: clean up stream I/O methods usages in tests0bb961einternal/http3: add net/http.ResponseController support0ca694dwebdav: document Dir's lack of defense against filesystem modificationbd5f1dchttp2: initialize Transport on NewClientConn488ff63bpf: add security considerations to package docs93d1f25xsrftoken: avoid token collisions5a3baeeinternal/http3: prevent panic in QPACK decoder due to overflow- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions
Multiarch Docker image
Multiarch Docker image is available in GitHub's docker registry:
docker run -it ghcr.io/zalando/skipper:v0.27.29 skipper --help