[chore]: Bump github.com/gin-contrib/sessions from 0.0.5 to 1.0.0 (#2782)

vendor/github.com/gin-contrib/sessions/.goreleaser.yaml

@@ -1,8 +1,7 @@
 project_name: queue
 
 builds:
-  -
-    # If true, skip the build.
+  - # If true, skip the build.
     # Useful for library projects.
     # Default is false
     skip: true
@@ -38,10 +37,10 @@ changelog:
     - title: Features
       regexp: "^.*feat[(\\w)]*:+.*$"
       order: 0
-    - title: 'Bug fixes'
+    - title: "Bug fixes"
       regexp: "^.*fix[(\\w)]*:+.*$"
       order: 1
-    - title: 'Enhancements'
+    - title: "Enhancements"
       regexp: "^.*chore[(\\w)]*:+.*$"
       order: 2
     - title: Others
@@ -52,6 +51,6 @@ changelog:
     # the changelog
     # Default is empty
     exclude:
-      - '^docs'
-      - 'CICD'
+      - "^docs"
+      - "CICD"
       - typo

vendor/github.com/gin-contrib/sessions/README.md

@@ -1,11 +1,10 @@
 # sessions
 
-[![Run CI Lint](https://github.com/gin-contrib/sessions/actions/workflows/lint.yml/badge.svg)](https://github.com/gin-contrib/sessions/actions/workflows/lint.yml)
-[![Run Testing](https://github.com/gin-contrib/sessions/actions/workflows/testing.yml/badge.svg)](https://github.com/gin-contrib/sessions/actions/workflows/testing.yml)
+[![Run CI Lint](https://github.com/gin-contrib/sessions/actions/workflows/lint.yml/badge.svg?branch=master)](https://github.com/gin-contrib/sessions/actions/workflows/lint.yml)
+[![Run Testing](https://github.com/gin-contrib/sessions/actions/workflows/testing.yml/badge.svg?branch=master)](https://github.com/gin-contrib/sessions/actions/workflows/testing.yml)
 [![codecov](https://codecov.io/gh/gin-contrib/sessions/branch/master/graph/badge.svg)](https://codecov.io/gh/gin-contrib/sessions)
 [![Go Report Card](https://goreportcard.com/badge/github.com/gin-contrib/sessions)](https://goreportcard.com/report/github.com/gin-contrib/sessions)
 [![GoDoc](https://godoc.org/github.com/gin-contrib/sessions?status.svg)](https://godoc.org/github.com/gin-contrib/sessions)
-[![Join the chat at https://gitter.im/gin-gonic/gin](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/gin-gonic/gin)
 
 Gin middleware for session management with multi-backend support:
 
@@ -13,7 +12,7 @@ Gin middleware for session management with multi-backend support:
 - [Redis](#redis)
 - [memcached](#memcached)
 - [MongoDB](#mongodb)
-- [GoRM](#gorm)
+- [GORM](#gorm)
 - [memstore](#memstore)
 - [PostgreSQL](#postgresql)
 
@@ -251,6 +250,7 @@ func main() {
 ### MongoDB
 
 #### mgo
+
 ```go
 package main
 
@@ -291,7 +291,8 @@ func main() {
 ```
 
 #### mongo-driver
-```
+
+```go
 package main
 
 import (
@@ -371,9 +372,8 @@ func main() {
 }
 ```
 
-### GoRM
+### GORM
 
-[embedmd]:# (_example/gorm/main.go go)
 ```go
 package main
 

vendor/github.com/gin-contrib/sessions/session_options_go1.10.go

@@ -1,3 +1,4 @@
+//go:build !go1.11
 // +build !go1.11
 
 package sessions

vendor/github.com/gin-contrib/sessions/session_options_go1.11.go

@@ -1,10 +1,12 @@
+//go:build go1.11
 // +build go1.11
 
 package sessions
 
 import (
-	gsessions "github.com/gorilla/sessions"
 	"net/http"
+
+	gsessions "github.com/gorilla/sessions"
 )
 
 // Options stores configuration for a session or session store.

vendor/github.com/gorilla/context/.editorconfig

@@ -0,0 +1,20 @@
+; https://editorconfig.org/
+
+root = true
+
+[*]
+insert_final_newline = true
+charset = utf-8
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
+
+[{Makefile,go.mod,go.sum,*.go,.gitmodules}]
+indent_style = tab
+indent_size = 4
+
+[*.md]
+indent_size = 4
+trim_trailing_whitespace = false
+
+eclint_indent_style = unset

vendor/github.com/gorilla/context/.gitignore

@@ -0,0 +1 @@
+coverage.coverprofile

vendor/github.com/gorilla/context/.golangci.yml

@@ -0,0 +1,12 @@
+linters:
+  enable:
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    - contextcheck
+    - goconst
+    - gofmt
+    - misspell

vendor/github.com/gorilla/context/.travis.yml

@@ -1,19 +0,0 @@
-language: go
-sudo: false
-
-matrix:
-  include:
-    - go: 1.3
-    - go: 1.4
-    - go: 1.5
-    - go: 1.6
-    - go: 1.7
-    - go: tip
-  allow_failures:
-    - go: tip
-
-script:
-  - go get -t -v ./...
-  - diff -u <(echo -n) <(gofmt -d .)
-  - go vet $(go list ./... | grep -v /vendor/)
-  - go test -v -race ./...

vendor/github.com/gorilla/context/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2012 Rodrigo Moraes. All rights reserved.
+Copyright (c) 2012-2023 The Gorilla web toolkit authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are

vendor/github.com/gorilla/context/Makefile

@@ -0,0 +1,52 @@
+GO_LINT=$(shell which golangci-lint 2> /dev/null || echo '')
+GO_LINT_URI=github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+
+GO_SEC=$(shell which gosec 2> /dev/null || echo '')
+GO_SEC_URI=github.com/securego/gosec/v2/cmd/gosec@latest
+
+GO_VULNCHECK=$(shell which govulncheck 2> /dev/null || echo '')
+GO_VULNCHECK_URI=golang.org/x/vuln/cmd/govulncheck@latest
+
+.PHONY: golangci-lint
+golangci-lint: ## Run golangci-lint. Example: make golangci-lint
+	$(if $(GO_LINT), ,go install $(GO_LINT_URI))
+	@echo "##### Running golangci-lint #####"
+	golangci-lint run -v
+
+.PHONY: verify
+verify: ## Run all verifications [golangci-lint]. Example: make verify
+	@echo "##### Running verifications #####"
+	$(MAKE) golangci-lint
+
+.PHONY: gosec
+gosec: ## Run gosec. Example: make gosec
+	$(if $(GO_SEC), ,go install $(GO_SEC_URI))
+	@echo "##### Running gosec #####"
+	gosec ./...
+
+.PHONY: govulncheck
+govulncheck: ## Run govulncheck. Example: make govulncheck
+	$(if $(GO_VULNCHECK), ,go install $(GO_VULNCHECK_URI))
+	@echo "##### Running govulncheck #####"
+	govulncheck ./...
+
+.PHONY: security
+security: ## Run all security checks [gosec, govulncheck]. Example: make security
+	@echo "##### Running security checks #####"
+	$(MAKE) gosec
+	$(MAKE) govulncheck
+
+.PHONY: test-unit
+test-unit: ## Run unit tests. Example: make test-unit
+	@echo "##### Running unit tests #####"
+	go test -race -cover -coverprofile=coverage.coverprofile -covermode=atomic -v ./...
+
+.PHONY: test
+test: ## Run all tests [test-unit]. Example: make test
+	@echo "##### Running tests #####"
+	$(MAKE) test-unit
+
+.PHONY: help
+help: ## Print this help. Example: make help
+	@echo "##### Printing help #####"
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)

vendor/github.com/gorilla/context/README.md

@@ -1,10 +1,26 @@
-context
-=======
-[![Build Status](https://travis-ci.org/gorilla/context.png?branch=master)](https://travis-ci.org/gorilla/context)
+# gorilla/context
+
+[![License](https://img.shields.io/github/license/gorilla/.github)](https://img.shields.io/github/license/gorilla/.github)
+![testing](https://github.com/gorilla/context/actions/workflows/test.yml/badge.svg)
+[![codecov](https://codecov.io/github/gorilla/context/branch/main/graph/badge.svg)](https://codecov.io/github/gorilla/context)
+[![godoc](https://godoc.org/github.com/gorilla/context?status.svg)](https://godoc.org/github.com/gorilla/context)
+[![sourcegraph](https://sourcegraph.com/github.com/gorilla/context/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/context?badge)
+[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/7656/badge)](https://bestpractices.coreinfrastructure.org/projects/7656)
+
+![Gorilla Logo](https://github.com/gorilla/.github/assets/53367916/d92caabf-98e0-473e-bfbf-ab554ba435e5)
+
+> ⚠⚠⚠ **Note** ⚠⚠⚠ gorilla/context, having been born well before `context.Context` existed, does not play well
+> with the shallow copying of the request that [`http.Request.WithContext`](https://golang.org/pkg/net/http/#Request.WithContext) (added to net/http Go 1.7 onwards) performs.
+>
+> Using gorilla/context may lead to memory leaks under those conditions, as the pointers to each `http.Request` become "islanded" and will not be cleaned up when the response is sent.
+>
+> You should use the `http.Request.Context()` feature in Go 1.7.
 
 gorilla/context is a general purpose registry for global request variables.
 
-> Note: gorilla/context, having been born well before `context.Context` existed, does not play well
-> with the shallow copying of the request that [`http.Request.WithContext`](https://golang.org/pkg/net/http/#Request.WithContext) (added to net/http Go 1.7 onwards) performs. You should either use *just* gorilla/context, or moving forward, the new `http.Request.Context()`.
+* It stores a `map[*http.Request]map[interface{}]interface{}` as a global singleton, and thus tracks variables by their HTTP request.
 
-Read the full documentation here: http://www.gorillatoolkit.org/pkg/context
+
+### License
+
+See the LICENSE file for details.

vendor/github.com/gorilla/context/context.go

@@ -1,7 +1,3 @@
-// Copyright 2012 The Gorilla Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
 package context
 
 import (

vendor/github.com/gorilla/securecookie/.editorconfig

@@ -0,0 +1,20 @@
+; https://editorconfig.org/
+
+root = true
+
+[*]
+insert_final_newline = true
+charset = utf-8
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
+
+[{Makefile,go.mod,go.sum,*.go,.gitmodules}]
+indent_style = tab
+indent_size = 4
+
+[*.md]
+indent_size = 4
+trim_trailing_whitespace = false
+
+eclint_indent_style = unset

vendor/github.com/gorilla/securecookie/.gitignore

@@ -0,0 +1 @@
+coverage.coverprofile

vendor/github.com/gorilla/securecookie/.travis.yml

@@ -1,19 +0,0 @@
-language: go
-sudo: false
-
-matrix:
-  include:
-    - go: 1.3
-    - go: 1.4
-    - go: 1.5
-    - go: 1.6
-    - go: 1.7
-    - go: tip
-  allow_failures:
-    - go: tip
-
-script:
-  - go get -t -v ./...
-  - diff -u <(echo -n) <(gofmt -d .)
-  - go vet $(go list ./... | grep -v /vendor/)
-  - go test -v -race ./...

vendor/github.com/gorilla/securecookie/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2012 Rodrigo Moraes. All rights reserved.
+Copyright (c) 2023 The Gorilla Authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are

vendor/github.com/gorilla/securecookie/Makefile

@@ -0,0 +1,39 @@
+GO_LINT=$(shell which golangci-lint 2> /dev/null || echo '')
+GO_LINT_URI=github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+
+GO_SEC=$(shell which gosec 2> /dev/null || echo '')
+GO_SEC_URI=github.com/securego/gosec/v2/cmd/gosec@latest
+
+GO_VULNCHECK=$(shell which govulncheck 2> /dev/null || echo '')
+GO_VULNCHECK_URI=golang.org/x/vuln/cmd/govulncheck@latest
+
+.PHONY: golangci-lint
+golangci-lint:
+	$(if $(GO_LINT), ,go install $(GO_LINT_URI))
+	@echo "##### Running golangci-lint"
+	golangci-lint run -v
+
+.PHONY: gosec
+gosec:
+	$(if $(GO_SEC), ,go install $(GO_SEC_URI))
+	@echo "##### Running gosec"
+	gosec ./...
+
+.PHONY: govulncheck
+govulncheck:
+	$(if $(GO_VULNCHECK), ,go install $(GO_VULNCHECK_URI))
+	@echo "##### Running govulncheck"
+	govulncheck ./...
+
+.PHONY: verify
+verify: golangci-lint gosec govulncheck
+
+.PHONY: test
+test:
+	@echo "##### Running tests"
+	go test -race -cover -coverprofile=coverage.coverprofile -covermode=atomic -v ./...
+
+.PHONY: fuzz
+fuzz:
+	@echo "##### Running fuzz tests"
+	go test -v -fuzz FuzzEncodeDecode -fuzztime 60s

vendor/github.com/gorilla/securecookie/README.md

@@ -1,10 +1,13 @@
-securecookie
-============
-[![GoDoc](https://godoc.org/github.com/gorilla/securecookie?status.svg)](https://godoc.org/github.com/gorilla/securecookie) [![Build Status](https://travis-ci.org/gorilla/securecookie.png?branch=master)](https://travis-ci.org/gorilla/securecookie)
-[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/securecookie/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/securecookie?badge)
+# gorilla/securecookie
 
+![testing](https://github.com/gorilla/securecookie/actions/workflows/test.yml/badge.svg)
+[![codecov](https://codecov.io/github/gorilla/securecookie/branch/main/graph/badge.svg)](https://codecov.io/github/gorilla/securecookie)
+[![godoc](https://godoc.org/github.com/gorilla/securecookie?status.svg)](https://godoc.org/github.com/gorilla/securecookie)
+[![sourcegraph](https://sourcegraph.com/github.com/gorilla/securecookie/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/securecookie?badge)
 
-securecookie encodes and decodes authenticated and optionally encrypted 
+![Gorilla Logo](https://github.com/gorilla/.github/assets/53367916/d92caabf-98e0-473e-bfbf-ab554ba435e5)
+
+securecookie encodes and decodes authenticated and optionally encrypted
 cookie values.
 
 Secure cookies can't be forged, because their values are validated using HMAC.
@@ -33,7 +36,10 @@ to not use encryption. If set, the length must correspond to the block size
 of the encryption algorithm. For AES, used by default, valid lengths are
 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.
 
-Strong keys can be created using the convenience function GenerateRandomKey().
+Strong keys can be created using the convenience function
+`GenerateRandomKey()`. Note that keys created using `GenerateRandomKey()` are not
+automatically persisted. New keys will be created when the application is
+restarted, and previously issued cookies will not be able to be decoded.
 
 Once a SecureCookie instance is set, use it to encode a cookie value:
 
@@ -75,6 +81,64 @@ registered first using gob.Register(). For basic types this is not needed;
 it works out of the box. An optional JSON encoder that uses `encoding/json` is
 available for types compatible with JSON.
 
+### Key Rotation
+Rotating keys is an important part of any security strategy. The `EncodeMulti` and
+`DecodeMulti` functions allow for multiple keys to be rotated in and out.
+For example, let's take a system that stores keys in a map:
+
+```go
+// keys stored in a map will not be persisted between restarts
+// a more persistent storage should be considered for production applications.
+var cookies = map[string]*securecookie.SecureCookie{
+	"previous": securecookie.New(
+		securecookie.GenerateRandomKey(64),
+		securecookie.GenerateRandomKey(32),
+	),
+	"current": securecookie.New(
+		securecookie.GenerateRandomKey(64),
+		securecookie.GenerateRandomKey(32),
+	),
+}
+```
+
+Using the current key to encode new cookies:
+```go
+func SetCookieHandler(w http.ResponseWriter, r *http.Request) {
+	value := map[string]string{
+		"foo": "bar",
+	}
+	if encoded, err := securecookie.EncodeMulti("cookie-name", value, cookies["current"]); err == nil {
+		cookie := &http.Cookie{
+			Name:  "cookie-name",
+			Value: encoded,
+			Path:  "/",
+		}
+		http.SetCookie(w, cookie)
+	}
+}
+```
+
+Later, decode cookies. Check against all valid keys:
+```go
+func ReadCookieHandler(w http.ResponseWriter, r *http.Request) {
+	if cookie, err := r.Cookie("cookie-name"); err == nil {
+		value := make(map[string]string)
+		err = securecookie.DecodeMulti("cookie-name", cookie.Value, &value, cookies["current"], cookies["previous"])
+		if err == nil {
+			fmt.Fprintf(w, "The value of foo is %q", value["foo"])
+		}
+	}
+}
+```
+
+Rotate the keys. This strategy allows previously issued cookies to be valid until the next rotation:
+```go
+func Rotate(newCookie *securecookie.SecureCookie) {
+	cookies["previous"] = cookies["current"]
+	cookies["current"] = newCookie
+}
+```
+
 ## License
 
 BSD licensed. See the LICENSE file for details.

vendor/github.com/gorilla/securecookie/fuzz.go

@@ -1,25 +0,0 @@
-// +build gofuzz
-
-package securecookie
-
-var hashKey = []byte("very-secret12345")
-var blockKey = []byte("a-lot-secret1234")
-var s = New(hashKey, blockKey)
-
-type Cookie struct {
-	B bool
-	I int
-	S string
-}
-
-func Fuzz(data []byte) int {
-	datas := string(data)
-	var c Cookie
-	if err := s.Decode("fuzz", datas, &c); err != nil {
-		return 0
-	}
-	if _, err := s.Encode("fuzz", c); err != nil {
-		panic(err)
-	}
-	return 1
-}

vendor/github.com/gorilla/securecookie/securecookie.go

@@ -124,7 +124,7 @@ type Codec interface {
 // GenerateRandomKey(). It is recommended to use a key with 32 or 64 bytes.
 //
 // blockKey is optional, used to encrypt values. Create it using
-// GenerateRandomKey(). The key length must correspond to the block size
+// GenerateRandomKey(). The key length must correspond to the key size
 // of the encryption algorithm. For AES, used by default, valid lengths are
 // 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.
 // The default encoder used for cookie serialization is encoding/gob.
@@ -141,7 +141,7 @@ func New(hashKey, blockKey []byte) *SecureCookie {
 		maxLength: 4096,
 		sz:        GobEncoder{},
 	}
-	if hashKey == nil {
+	if len(hashKey) == 0 {
 		s.err = errHashKeyNotSet
 	}
 	if blockKey != nil {
@@ -286,7 +286,7 @@ func (s *SecureCookie) Encode(name string, value interface{}) (string, error) {
 	b = encode(b)
 	// 5. Check length.
 	if s.maxLength != 0 && len(b) > s.maxLength {
-		return "", errEncodedValueTooLong
+		return "", fmt.Errorf("%s: %d", errEncodedValueTooLong, len(b))
 	}
 	// Done.
 	return string(b), nil
@@ -310,7 +310,7 @@ func (s *SecureCookie) Decode(name, value string, dst interface{}) error {
 	}
 	// 1. Check length.
 	if s.maxLength != 0 && len(value) > s.maxLength {
-		return errValueToDecodeTooLong
+		return fmt.Errorf("%s: %d", errValueToDecodeTooLong, len(value))
 	}
 	// 2. Decode from base64.
 	b, err := decode([]byte(value))
@@ -391,7 +391,7 @@ func verifyMac(h hash.Hash, value []byte, mac []byte) error {
 
 // encrypt encrypts a value using the given block in counter mode.
 //
-// A random initialization vector (http://goo.gl/zF67k) with the length of the
+// A random initialization vector ( https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV) ) with the length of the
 // block size is prepended to the resulting ciphertext.
 func encrypt(block cipher.Block, value []byte) ([]byte, error) {
 	iv := GenerateRandomKey(block.BlockSize())
@@ -408,7 +408,7 @@ func encrypt(block cipher.Block, value []byte) ([]byte, error) {
 // decrypt decrypts a value using the given block in counter mode.
 //
 // The value to be decrypted must be prepended by a initialization vector
-// (http://goo.gl/zF67k) with the length of the block size.
+// ( https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Initialization_vector_(IV) ) with the length of the block size.
 func decrypt(block cipher.Block, value []byte) ([]byte, error) {
 	size := block.BlockSize()
 	if len(value) > size {
@@ -506,6 +506,10 @@ func decode(value []byte) ([]byte, error) {
 // GenerateRandomKey creates a random key with the given length in bytes.
 // On failure, returns nil.
 //
+// Note that keys created using `GenerateRandomKey()` are not automatically
+// persisted. New keys will be created when the application is restarted, and
+// previously issued cookies will not be able to be decoded.
+//
 // Callers should explicitly check for the possibility of a nil return, treat
 // it as a failure of the system random number generator, and not continue.
 func GenerateRandomKey(length int) []byte {
@@ -525,22 +529,21 @@ func GenerateRandomKey(length int) []byte {
 //
 // Example:
 //
-//      codecs := securecookie.CodecsFromPairs(
-//           []byte("new-hash-key"),
-//           []byte("new-block-key"),
-//           []byte("old-hash-key"),
-//           []byte("old-block-key"),
-//       )
-//
-//      // Modify each instance.
-//      for _, s := range codecs {
-//             if cookie, ok := s.(*securecookie.SecureCookie); ok {
-//                 cookie.MaxAge(86400 * 7)
-//                 cookie.SetSerializer(securecookie.JSONEncoder{})
-//                 cookie.HashFunc(sha512.New512_256)
-//             }
-//         }
+//	codecs := securecookie.CodecsFromPairs(
+//	     []byte("new-hash-key"),
+//	     []byte("new-block-key"),
+//	     []byte("old-hash-key"),
+//	     []byte("old-block-key"),
+//	 )
 //
+//	// Modify each instance.
+//	for _, s := range codecs {
+//	       if cookie, ok := s.(*securecookie.SecureCookie); ok {
+//	           cookie.MaxAge(86400 * 7)
+//	           cookie.SetSerializer(securecookie.JSONEncoder{})
+//	           cookie.HashFunc(sha512.New512_256)
+//	       }
+//	   }
 func CodecsFromPairs(keyPairs ...[]byte) []Codec {
 	codecs := make([]Codec, len(keyPairs)/2+len(keyPairs)%2)
 	for i := 0; i < len(keyPairs); i += 2 {

vendor/github.com/gorilla/sessions/.editorconfig

@@ -0,0 +1,20 @@
+; https://editorconfig.org/
+
+root = true
+
+[*]
+insert_final_newline = true
+charset = utf-8
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
+
+[{Makefile,go.mod,go.sum,*.go,.gitmodules}]
+indent_style = tab
+indent_size = 4
+
+[*.md]
+indent_size = 4
+trim_trailing_whitespace = false
+
+eclint_indent_style = unset

vendor/github.com/gorilla/sessions/.gitignore

@@ -0,0 +1 @@
+coverage.coverprofile

vendor/github.com/gorilla/sessions/AUTHORS

@@ -1,43 +0,0 @@
-# This is the official list of gorilla/sessions authors for copyright purposes.
-#
-# Please keep the list sorted.
-
-Ahmadreza Zibaei <ahmadrezazibaei@hotmail.com>
-Anton Lindström <lindztr@gmail.com>
-Brian Jones <mojobojo@gmail.com>
-Collin Stedman <kronion@users.noreply.github.com>
-Deniz Eren <dee.116@gmail.com>
-Dmitry Chestnykh <dmitry@codingrobots.com>
-Dustin Oprea <myselfasunder@gmail.com>
-Egon Elbre <egonelbre@gmail.com>
-enumappstore <appstore@enumapps.com>
-Geofrey Ernest <geofreyernest@live.com>
-Google LLC (https://opensource.google.com/)
-Jerry Saravia <SaraviaJ@gmail.com>
-Jonathan Gillham <jonathan.gillham@gamil.com>
-Justin Clift <justin@postgresql.org>
-Justin Hellings <justin.hellings@gmail.com>
-Kamil Kisiel <kamil@kamilkisiel.net>
-Keiji Yoshida <yoshida.keiji.84@gmail.com>
-kliron <kliron@gmail.com>
-Kshitij Saraogi <KshitijSaraogi@gmail.com>
-Lauris BH <lauris@nix.lv>
-Lukas Rist <glaslos@gmail.com>
-Mark Dain <ancarda@users.noreply.github.com>
-Matt Ho <matt.ho@gmail.com>
-Matt Silverlock <matt@eatsleeprepeat.net>
-Mattias Wadman <mattias.wadman@gmail.com>
-Michael Schuett <michaeljs1990@gmail.com>
-Michael Stapelberg <stapelberg@users.noreply.github.com>
-Mirco Zeiss <mirco.zeiss@gmail.com>
-moraes <rodrigo.moraes@gmail.com>
-nvcnvn <nguyen@open-vn.org>
-pappz <zoltan.pmail@gmail.com>
-Pontus Leitzler <leitzler@users.noreply.github.com>
-QuaSoft <info@quasoft.net>
-rcadena <robert.cadena@gmail.com>
-rodrigo moraes <rodrigo.moraes@gmail.com>
-Shawn Smith <shawnpsmith@gmail.com>
-Taylor Hurt <taylor.a.hurt@gmail.com>
-Tortuoise <sanyasinp@gmail.com>
-Vitor De Mario <vitordemario@gmail.com>

vendor/github.com/gorilla/sessions/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2012-2018 The Gorilla Authors. All rights reserved.
+Copyright (c) 2023 The Gorilla Authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are

vendor/github.com/gorilla/sessions/Makefile

@@ -0,0 +1,34 @@
+GO_LINT=$(shell which golangci-lint 2> /dev/null || echo '')
+GO_LINT_URI=github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+
+GO_SEC=$(shell which gosec 2> /dev/null || echo '')
+GO_SEC_URI=github.com/securego/gosec/v2/cmd/gosec@latest
+
+GO_VULNCHECK=$(shell which govulncheck 2> /dev/null || echo '')
+GO_VULNCHECK_URI=golang.org/x/vuln/cmd/govulncheck@latest
+
+.PHONY: golangci-lint
+golangci-lint:
+	$(if $(GO_LINT), ,go install $(GO_LINT_URI))
+	@echo "##### Running golangci-lint"
+	golangci-lint run -v
+
+.PHONY: gosec
+gosec:
+	$(if $(GO_SEC), ,go install $(GO_SEC_URI))
+	@echo "##### Running gosec"
+	gosec ./...
+
+.PHONY: govulncheck
+govulncheck:
+	$(if $(GO_VULNCHECK), ,go install $(GO_VULNCHECK_URI))
+	@echo "##### Running govulncheck"
+	govulncheck ./...
+
+.PHONY: verify
+verify: golangci-lint gosec govulncheck
+
+.PHONY: test
+test:
+	@echo "##### Running tests"
+	go test -race -cover -coverprofile=coverage.coverprofile -covermode=atomic -v ./...

vendor/github.com/gorilla/sessions/README.md

@@ -1,7 +1,11 @@
 # sessions
 
-[![GoDoc](https://godoc.org/github.com/gorilla/sessions?status.svg)](https://godoc.org/github.com/gorilla/sessions) [![Build Status](https://travis-ci.org/gorilla/sessions.svg?branch=master)](https://travis-ci.org/gorilla/sessions)
-[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/sessions/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/sessions?badge)
+![testing](https://github.com/gorilla/sessions/actions/workflows/test.yml/badge.svg)
+[![codecov](https://codecov.io/github/gorilla/sessions/branch/main/graph/badge.svg)](https://codecov.io/github/gorilla/sessions)
+[![godoc](https://godoc.org/github.com/gorilla/sessions?status.svg)](https://godoc.org/github.com/gorilla/sessions)
+[![sourcegraph](https://sourcegraph.com/github.com/gorilla/sessions/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/sessions?badge)
+
+![Gorilla Logo](https://github.com/gorilla/.github/assets/53367916/d92caabf-98e0-473e-bfbf-ab554ba435e5)
 
 gorilla/sessions provides cookie and filesystem sessions and infrastructure for
 custom session backends.
@@ -84,6 +88,7 @@ Other implementations of the `sessions.Store` interface:
 - [github.com/lafriks/xormstore](https://github.com/lafriks/xormstore) - XORM (MySQL, PostgreSQL, SQLite, Microsoft SQL Server, TiDB)
 - [github.com/GoogleCloudPlatform/firestore-gorilla-sessions](https://github.com/GoogleCloudPlatform/firestore-gorilla-sessions) - Cloud Firestore
 - [github.com/stephenafamo/crdbstore](https://github.com/stephenafamo/crdbstore) - CockroachDB
+- [github.com/ryicoh/tikvstore](github.com/ryicoh/tikvstore) - TiKV
 
 ## License
 

vendor/github.com/gorilla/sessions/cookie.go

@@ -1,3 +1,4 @@
+//go:build !go1.11
 // +build !go1.11
 
 package sessions

vendor/github.com/gorilla/sessions/cookie_go111.go

@@ -1,3 +1,4 @@
+//go:build go1.11
 // +build go1.11
 
 package sessions

vendor/github.com/gorilla/sessions/options.go

@@ -1,3 +1,4 @@
+//go:build !go1.11
 // +build !go1.11
 
 package sessions

vendor/github.com/gorilla/sessions/options_go111.go

@@ -1,3 +1,4 @@
+//go:build go1.11
 // +build go1.11
 
 package sessions

vendor/github.com/gorilla/sessions/store.go

@@ -6,11 +6,9 @@ package sessions
 
 import (
 	"encoding/base32"
-	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
-	"strings"
 	"sync"
 
 	"github.com/gorilla/securecookie"
@@ -201,6 +199,8 @@ func (s *FilesystemStore) New(r *http.Request, name string) (*Session, error) {
 	return session, err
 }
 
+var base32RawStdEncoding = base32.StdEncoding.WithPadding(base32.NoPadding)
+
 // Save adds a single session to the response.
 //
 // If the Options.MaxAge of the session is <= 0 then the session file will be
@@ -211,7 +211,7 @@ func (s *FilesystemStore) Save(r *http.Request, w http.ResponseWriter,
 	session *Session) error {
 	// Delete if max-age is <= 0
 	if session.Options.MaxAge <= 0 {
-		if err := s.erase(session); err != nil {
+		if err := s.erase(session); err != nil && !os.IsNotExist(err) {
 			return err
 		}
 		http.SetCookie(w, NewCookie(session.Name(), "", session.Options))
@@ -221,9 +221,8 @@ func (s *FilesystemStore) Save(r *http.Request, w http.ResponseWriter,
 	if session.ID == "" {
 		// Because the ID is used in the filename, encode it to
 		// use alphanumeric characters only.
-		session.ID = strings.TrimRight(
-			base32.StdEncoding.EncodeToString(
-				securecookie.GenerateRandomKey(32)), "=")
+		session.ID = base32RawStdEncoding.EncodeToString(
+			securecookie.GenerateRandomKey(32))
 	}
 	if err := s.save(session); err != nil {
 		return err
@@ -261,7 +260,7 @@ func (s *FilesystemStore) save(session *Session) error {
 	filename := filepath.Join(s.path, "session_"+session.ID)
 	fileMutex.Lock()
 	defer fileMutex.Unlock()
-	return ioutil.WriteFile(filename, []byte(encoded), 0600)
+	return os.WriteFile(filename, []byte(encoded), 0600)
 }
 
 // load reads a file and decodes its content into session.Values.
@@ -269,7 +268,7 @@ func (s *FilesystemStore) load(session *Session) error {
 	filename := filepath.Join(s.path, "session_"+session.ID)
 	fileMutex.RLock()
 	defer fileMutex.RUnlock()
-	fdata, err := ioutil.ReadFile(filename)
+	fdata, err := os.ReadFile(filepath.Clean(filename))
 	if err != nil {
 		return err
 	}

vendor/github.com/klauspost/compress/s2/encode_all.go

@@ -117,6 +117,12 @@ func encodeBlockGo(dst, src []byte) (d int) {
 					i--
 					base--
 				}
+
+				// Bail if we exceed the maximum size.
+				if d+(base-nextEmit) > dstLimit {
+					return 0
+				}
+
 				d += emitLiteral(dst[d:], src[nextEmit:base])
 
 				// Extend forward
@@ -152,7 +158,6 @@ func encodeBlockGo(dst, src []byte) (d int) {
 				if s >= sLimit {
 					goto emitRemainder
 				}
-
 				cv = load64(src, s)
 				continue
 			}
@@ -325,6 +330,11 @@ func encodeBlockSnappyGo(dst, src []byte) (d int) {
 					i--
 					base--
 				}
+				// Bail if we exceed the maximum size.
+				if d+(base-nextEmit) > dstLimit {
+					return 0
+				}
+
 				d += emitLiteral(dst[d:], src[nextEmit:base])
 
 				// Extend forward
@@ -532,6 +542,11 @@ searchDict:
 					i--
 					base--
 				}
+				// Bail if we exceed the maximum size.
+				if d+(base-nextEmit) > dstLimit {
+					return 0
+				}
+
 				d += emitLiteral(dst[d:], src[nextEmit:base])
 				if debug && nextEmit != base {
 					fmt.Println("emitted ", base-nextEmit, "literals")
@@ -880,6 +895,11 @@ searchDict:
 					i--
 					base--
 				}
+				// Bail if we exceed the maximum size.
+				if d+(base-nextEmit) > dstLimit {
+					return 0
+				}
+
 				d += emitLiteral(dst[d:], src[nextEmit:base])
 				if debug && nextEmit != base {
 					fmt.Println("emitted ", base-nextEmit, "literals")

vendor/github.com/klauspost/compress/s2/encodeblock_amd64.s

@@ -100,6 +100,15 @@ repeat_extend_back_loop_encodeBlockAsm:
 	JNZ  repeat_extend_back_loop_encodeBlockAsm
 
 repeat_extend_back_end_encodeBlockAsm:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 5(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_encodeBlockAsm
+	MOVQ $0x00000000, ret+48(FP)
+	RET
+
+repeat_dst_size_check_encodeBlockAsm:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_encodeBlockAsm
@@ -1513,6 +1522,15 @@ repeat_extend_back_loop_encodeBlockAsm4MB:
 	JNZ  repeat_extend_back_loop_encodeBlockAsm4MB
 
 repeat_extend_back_end_encodeBlockAsm4MB:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 4(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_encodeBlockAsm4MB
+	MOVQ $0x00000000, ret+48(FP)
+	RET
+
+repeat_dst_size_check_encodeBlockAsm4MB:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_encodeBlockAsm4MB
@@ -2828,6 +2846,15 @@ repeat_extend_back_loop_encodeBlockAsm12B:
 	JNZ  repeat_extend_back_loop_encodeBlockAsm12B
 
 repeat_extend_back_end_encodeBlockAsm12B:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 3(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_encodeBlockAsm12B
+	MOVQ $0x00000000, ret+48(FP)
+	RET
+
+repeat_dst_size_check_encodeBlockAsm12B:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_encodeBlockAsm12B
@@ -3903,6 +3930,15 @@ repeat_extend_back_loop_encodeBlockAsm10B:
 	JNZ  repeat_extend_back_loop_encodeBlockAsm10B
 
 repeat_extend_back_end_encodeBlockAsm10B:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 3(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_encodeBlockAsm10B
+	MOVQ $0x00000000, ret+48(FP)
+	RET
+
+repeat_dst_size_check_encodeBlockAsm10B:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_encodeBlockAsm10B
@@ -4978,6 +5014,15 @@ repeat_extend_back_loop_encodeBlockAsm8B:
 	JNZ  repeat_extend_back_loop_encodeBlockAsm8B
 
 repeat_extend_back_end_encodeBlockAsm8B:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 3(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_encodeBlockAsm8B
+	MOVQ $0x00000000, ret+48(FP)
+	RET
+
+repeat_dst_size_check_encodeBlockAsm8B:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_encodeBlockAsm8B
@@ -10756,6 +10801,15 @@ repeat_extend_back_loop_encodeSnappyBlockAsm:
 	JNZ  repeat_extend_back_loop_encodeSnappyBlockAsm
 
 repeat_extend_back_end_encodeSnappyBlockAsm:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 5(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_encodeSnappyBlockAsm
+	MOVQ $0x00000000, ret+48(FP)
+	RET
+
+repeat_dst_size_check_encodeSnappyBlockAsm:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_encodeSnappyBlockAsm
@@ -11678,6 +11732,15 @@ repeat_extend_back_loop_encodeSnappyBlockAsm64K:
 	JNZ  repeat_extend_back_loop_encodeSnappyBlockAsm64K
 
 repeat_extend_back_end_encodeSnappyBlockAsm64K:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 3(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_encodeSnappyBlockAsm64K
+	MOVQ $0x00000000, ret+48(FP)
+	RET
+
+repeat_dst_size_check_encodeSnappyBlockAsm64K:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_encodeSnappyBlockAsm64K
@@ -12504,6 +12567,15 @@ repeat_extend_back_loop_encodeSnappyBlockAsm12B:
 	JNZ  repeat_extend_back_loop_encodeSnappyBlockAsm12B
 
 repeat_extend_back_end_encodeSnappyBlockAsm12B:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 3(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_encodeSnappyBlockAsm12B
+	MOVQ $0x00000000, ret+48(FP)
+	RET
+
+repeat_dst_size_check_encodeSnappyBlockAsm12B:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_encodeSnappyBlockAsm12B
@@ -13330,6 +13402,15 @@ repeat_extend_back_loop_encodeSnappyBlockAsm10B:
 	JNZ  repeat_extend_back_loop_encodeSnappyBlockAsm10B
 
 repeat_extend_back_end_encodeSnappyBlockAsm10B:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 3(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_encodeSnappyBlockAsm10B
+	MOVQ $0x00000000, ret+48(FP)
+	RET
+
+repeat_dst_size_check_encodeSnappyBlockAsm10B:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_encodeSnappyBlockAsm10B
@@ -14156,6 +14237,15 @@ repeat_extend_back_loop_encodeSnappyBlockAsm8B:
 	JNZ  repeat_extend_back_loop_encodeSnappyBlockAsm8B
 
 repeat_extend_back_end_encodeSnappyBlockAsm8B:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 3(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_encodeSnappyBlockAsm8B
+	MOVQ $0x00000000, ret+48(FP)
+	RET
+
+repeat_dst_size_check_encodeSnappyBlockAsm8B:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_encodeSnappyBlockAsm8B
@@ -17949,6 +18039,15 @@ repeat_extend_back_loop_calcBlockSize:
 	JNZ  repeat_extend_back_loop_calcBlockSize
 
 repeat_extend_back_end_calcBlockSize:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 5(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_calcBlockSize
+	MOVQ $0x00000000, ret+24(FP)
+	RET
+
+repeat_dst_size_check_calcBlockSize:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_calcBlockSize
@@ -18531,6 +18630,15 @@ repeat_extend_back_loop_calcBlockSizeSmall:
 	JNZ  repeat_extend_back_loop_calcBlockSizeSmall
 
 repeat_extend_back_end_calcBlockSizeSmall:
+	MOVL SI, BX
+	SUBL 12(SP), BX
+	LEAQ 3(AX)(BX*1), BX
+	CMPQ BX, (SP)
+	JB   repeat_dst_size_check_calcBlockSizeSmall
+	MOVQ $0x00000000, ret+24(FP)
+	RET
+
+repeat_dst_size_check_calcBlockSizeSmall:
 	MOVL 12(SP), BX
 	CMPL BX, SI
 	JEQ  emit_literal_done_repeat_emit_calcBlockSizeSmall

vendor/github.com/klauspost/compress/s2/writer.go

@@ -215,7 +215,7 @@ func (w *Writer) ReadFrom(r io.Reader) (n int64, err error) {
 		return 0, err
 	}
 	if len(w.ibuf) > 0 {
-		err := w.Flush()
+		err := w.AsyncFlush()
 		if err != nil {
 			return 0, err
 		}
@@ -225,7 +225,7 @@ func (w *Writer) ReadFrom(r io.Reader) (n int64, err error) {
 		if err := w.EncodeBuffer(buf); err != nil {
 			return 0, err
 		}
-		return int64(len(buf)), w.Flush()
+		return int64(len(buf)), w.AsyncFlush()
 	}
 	for {
 		inbuf := w.buffers.Get().([]byte)[:w.blockSize+obufHeaderLen]
@@ -354,7 +354,7 @@ func (w *Writer) EncodeBuffer(buf []byte) (err error) {
 	}
 	// Flush queued data first.
 	if len(w.ibuf) > 0 {
-		err := w.Flush()
+		err := w.AsyncFlush()
 		if err != nil {
 			return err
 		}
@@ -716,9 +716,9 @@ func (w *Writer) writeSync(p []byte) (nRet int, errRet error) {
 	return nRet, nil
 }
 
-// Flush flushes the Writer to its underlying io.Writer.
-// This does not apply padding.
-func (w *Writer) Flush() error {
+// AsyncFlush writes any buffered bytes to a block and starts compressing it.
+// It does not wait for the output has been written as Flush() does.
+func (w *Writer) AsyncFlush() error {
 	if err := w.err(nil); err != nil {
 		return err
 	}
@@ -738,6 +738,15 @@ func (w *Writer) Flush() error {
 			}
 		}
 	}
+	return w.err(nil)
+}
+
+// Flush flushes the Writer to its underlying io.Writer.
+// This does not apply padding.
+func (w *Writer) Flush() error {
+	if err := w.AsyncFlush(); err != nil {
+		return err
+	}
 	if w.output == nil {
 		return w.err(nil)
 	}