Skip to content
This repository has been archived by the owner on Oct 30, 2024. It is now read-only.

Bump Yarp.ReverseProxy from 1.0.0-preview.10.21168.2 to 1.0.1 in /ConsumerGatewayNet #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Apr 22, 2022

Bumps Yarp.ReverseProxy from 1.0.0-preview.10.21168.2 to 1.0.1.

Release notes

Sourced from Yarp.ReverseProxy's releases.

1.0.1 Security Patch

A security issue was identified in how YARP 1.0.0 processes input. See Microsoft Security Advisory CVE-2022-26924.

The fix has been released and is available on NuGet.org.

1.0.0

A security issue was identified in how this release of YARP processes input. Please update to 1.0.1.

We invite you to read the Announcing YARP 1.0 Release blog post.

This release supports .NET Core 3.1, .NET 5.0, and .NET 6.0. See Getting Started.

The Yarp.ReverseProxy packages are available on NuGet.org.

Breaking changes

  • When using the PathPattern transform, /{**remainder} has to be used instead of /{remainder} for the catch-all. This comes with a bug fix where the transform would incorrectly escape the / character as %2F in the remainder. #1321

Other changes

  • Fixed a bug with the RequestHeaderRemove transform where it could throw while processing requests. #1335
  • Fixed a narrow HTTP/2 scenario where the destination server responds with a NO_ERROR reset. #1320
  • A number of documentation and sample improvements. #1329, #1322, #1336, #1338, #1339, #1342, #1361, #1365

For a full list of changes see here.

1.0.0-RC.1

This release supports .NET Core 3.1, .NET 5.0, and .NET 6.0. See Getting Started.

The Yarp.ReverseProxy packages are available on NuGet.org.

Breaking changes

  • The Yarp.ReverseProxy.Telemetry.Consumption package was renamed to Yarp.Telemetry.Consumption. #1251
  • The Yarp.ReverseProxy.ServiceFabric nuget package is not included in this release. That work is moving to a different repo and development schedule. #1304
  • The ForwarderRequestConfig.Timeout request timeout has been replaced by an ActivityTimeout. The timeout now restarts when response headers are received, or when any request, response, or websocket data is transferred. WebSockets should enable Pings to keep idle connections alive. gRPC streams should consider using application level pings if they intend to remain idle longer than the timeout. #1289
  • The I*MetricsConsumer interfaces have been consolidated to IMetricsConsumer<T>. #1295
  • ActivityPropagationHandler and ActivityContextHeaders removed. This feature is now available natively in .NET 6. See the discussion for information on how to enable the scenario for prior versions of .NET. #1311
  • Response header and trailer transform APIs now take a ResponseCondition to allow them to run on Success, Failure, or Always. #1300
  • The HttpContext.GetClusterState extension method has been removed. #1166
  • IProxyConfigFilter.ConfigureRouteAsync now takes in ClusterConfig as well. #1231

Other changes

  • The libraries have added a target for net6.0, and various optimizations to take advantage of 6.0.
  • Query parameter based routing, and additional modes for header based routing. #1277
  • Response transforms will be run even if the destination failed to respond. #1257
  • HttpForwarder uses the same default transforms as the rest of YARP, including X-Forwarded-* headers and removing the Host header. #1246
  • New WebSockets telemetry middleware. #1237
  • Support for header allow lists. #1137

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [Yarp.ReverseProxy](https://github.com/microsoft/reverse-proxy) from 1.0.0-preview.10.21168.2 to 1.0.1.
- [Release notes](https://github.com/microsoft/reverse-proxy/releases)
- [Commits](https://github.com/microsoft/reverse-proxy/commits/v1.0.1)

---
updated-dependencies:
- dependency-name: Yarp.ReverseProxy
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 22, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants