[chore]: Bump github.com/gin-contrib/sessions from 1.0.2 to 1.0.3 (#4033)

Bumps [github.com/gin-contrib/sessions](https://github.com/gin-contrib/sessions) from 1.0.2 to 1.0.3. - [Release notes](https://github.com/gin-contrib/sessions/releases) - [Changelog](https://github.com/gin-contrib/sessions/blob/master/.goreleaser.yaml) - [Commits](https://github.com/gin-contrib/sessions/compare/v1.0.2...v1.0.3) --- updated-dependencies: - dependency-name: github.com/gin-contrib/sessions dependency-version: 1.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-05 21:59:39 +02:00 · 2025-04-22 12:35:14 +02:00
parent 356c2adddc
commit d1abbd0290
33 changed files with 278 additions and 196 deletions
--- a/vendor/github.com/gin-contrib/sessions/.golangci.yml
+++ b/vendor/github.com/gin-contrib/sessions/.golangci.yml
@ -0,0 +1,50 @@
+version: "2"
+linters:
+  default: none
+  enable:
+    - bodyclose
+    - dogsled
+    - dupl
+    - errcheck
+    - exhaustive
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - gocyclo
+    - goprintffuncname
+    - gosec
+    - govet
+    - ineffassign
+    - lll
+    - misspell
+    - nakedret
+    - noctx
+    - nolintlint
+    - rowserrcheck
+    - staticcheck
+    - unconvert
+    - unparam
+    - unused
+    - whitespace
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - gofmt
+    - gofumpt
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
--- a/vendor/github.com/gin-contrib/sessions/bearer.yml
+++ b/vendor/github.com/gin-contrib/sessions/bearer.yml
@ -0,0 +1,2 @@
+rule:
+  skip-rule: [go_gorilla_cookie_missing_http_only, go_gorilla_insecure_cookie]
--- a/vendor/github.com/gin-contrib/sessions/sessions.go
+++ b/vendor/github.com/gin-contrib/sessions/sessions.go
@ -1,7 +1,7 @@
 package sessions

 import (
-	"log"
+	"log/slog"
 	"net/http"

 	"github.com/gin-gonic/gin"
@ -11,7 +11,7 @@ import (

 const (
 	DefaultKey  = "github.com/gin-contrib/sessions"
-	errorFormat = "[sessions] ERROR! %s\n"
+	errorFormat = "[sessions] ERROR!"
 )

 type Store interface {
@ -131,7 +131,10 @@ func (s *session) Session() *sessions.Session {
 		var err error
 		s.session, err = s.store.Get(s.request, s.name)
 		if err != nil {
-			log.Printf(errorFormat, err)
+			slog.Error(errorFormat,
+				"err", err,
+			)
+			return nil
 		}
 	}
 	return s.session
--- a/vendor/github.com/gorilla/sessions/LICENSE
+++ b/vendor/github.com/gorilla/sessions/LICENSE
@ -1,4 +1,4 @@
-Copyright (c) 2023 The Gorilla Authors. All rights reserved.
+Copyright (c) 2024 The Gorilla Authors. All rights reserved.

 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
--- a/vendor/github.com/gorilla/sessions/README.md
+++ b/vendor/github.com/gorilla/sessions/README.md
@ -1,4 +1,7 @@
-# sessions
+# Gorilla Sessions
+
+> [!IMPORTANT]
+> The latest version of this repository requires go 1.23 because of the new partitioned attribute. The last version that is compatible with older versions of go is v1.3.0.

 ![testing](https://github.com/gorilla/sessions/actions/workflows/test.yml/badge.svg)
 [![codecov](https://codecov.io/github/gorilla/sessions/branch/main/graph/badge.svg)](https://codecov.io/github/gorilla/sessions)
@ -59,8 +62,7 @@ secret key used to authenticate the session. Inside the handler, we call
 some session values in session.Values, which is a `map[interface{}]interface{}`.
 And finally we call `session.Save()` to save the session in the response.

-More examples are available [on the Gorilla
-website](https://www.gorillatoolkit.org/pkg/sessions).
+More examples are available at [package documentation](https://pkg.go.dev/github.com/gorilla/sessions).

 ## Store Implementations

@ -75,6 +77,7 @@ Other implementations of the `sessions.Store` interface:
 - [github.com/dsoprea/go-appengine-sessioncascade](https://github.com/dsoprea/go-appengine-sessioncascade) - Memcache/Datastore/Context in AppEngine
 - [github.com/kidstuff/mongostore](https://github.com/kidstuff/mongostore) - MongoDB
 - [github.com/srinathgs/mysqlstore](https://github.com/srinathgs/mysqlstore) - MySQL
+- [github.com/danielepintore/gorilla-sessions-mysql](https://github.com/danielepintore/gorilla-sessions-mysql) - MySQL
 - [github.com/EnumApps/clustersqlstore](https://github.com/EnumApps/clustersqlstore) - MySQL Cluster
 - [github.com/antonlindstrom/pgstore](https://github.com/antonlindstrom/pgstore) - PostgreSQL
 - [github.com/boj/redistore](https://github.com/boj/redistore) - Redis
--- a/vendor/github.com/gorilla/sessions/cookie.go
+++ b/vendor/github.com/gorilla/sessions/cookie.go
@ -1,5 +1,6 @@
-//go:build !go1.11
-// +build !go1.11
+// Copyright 2012 The Gorilla Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.

 package sessions

@ -8,13 +9,15 @@ import "net/http"
 // newCookieFromOptions returns an http.Cookie with the options set.
 func newCookieFromOptions(name, value string, options *Options) *http.Cookie {
 	return &http.Cookie{
-		Name:     name,
-		Value:    value,
-		Path:     options.Path,
-		Domain:   options.Domain,
-		MaxAge:   options.MaxAge,
-		Secure:   options.Secure,
-		HttpOnly: options.HttpOnly,
+		Name:        name,
+		Value:       value,
+		Path:        options.Path,
+		Domain:      options.Domain,
+		MaxAge:      options.MaxAge,
+		Secure:      options.Secure,
+		HttpOnly:    options.HttpOnly,
+		Partitioned: options.Partitioned,
+		SameSite:    options.SameSite,
 	}

 }
--- a/vendor/github.com/gorilla/sessions/cookie_go111.go
+++ b/vendor/github.com/gorilla/sessions/cookie_go111.go
@ -1,21 +0,0 @@
-//go:build go1.11
-// +build go1.11
-
-package sessions
-
-import "net/http"
-
-// newCookieFromOptions returns an http.Cookie with the options set.
-func newCookieFromOptions(name, value string, options *Options) *http.Cookie {
-	return &http.Cookie{
-		Name:     name,
-		Value:    value,
-		Path:     options.Path,
-		Domain:   options.Domain,
-		MaxAge:   options.MaxAge,
-		Secure:   options.Secure,
-		HttpOnly: options.HttpOnly,
-		SameSite: options.SameSite,
-	}
-
-}
--- a/vendor/github.com/gorilla/sessions/options.go
+++ b/vendor/github.com/gorilla/sessions/options.go
@ -1,8 +1,11 @@
-//go:build !go1.11
-// +build !go1.11
+// Copyright 2012 The Gorilla Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.

 package sessions

+import "net/http"
+
 // Options stores configuration for a session or session store.
 //
 // Fields are a subset of http.Cookie fields.
@ -13,7 +16,9 @@ type Options struct {
 	// deleted after the browser session ends.
 	// MaxAge<0 means delete cookie immediately.
 	// MaxAge>0 means Max-Age attribute present and given in seconds.
-	MaxAge   int
-	Secure   bool
-	HttpOnly bool
+	MaxAge      int
+	Secure      bool
+	HttpOnly    bool
+	Partitioned bool
+	SameSite    http.SameSite
 }
--- a/vendor/github.com/gorilla/sessions/options_go111.go
+++ b/vendor/github.com/gorilla/sessions/options_go111.go
@ -1,23 +0,0 @@
-//go:build go1.11
-// +build go1.11
-
-package sessions
-
-import "net/http"
-
-// Options stores configuration for a session or session store.
-//
-// Fields are a subset of http.Cookie fields.
-type Options struct {
-	Path   string
-	Domain string
-	// MaxAge=0 means no Max-Age attribute specified and the cookie will be
-	// deleted after the browser session ends.
-	// MaxAge<0 means delete cookie immediately.
-	// MaxAge>0 means Max-Age attribute present and given in seconds.
-	MaxAge   int
-	Secure   bool
-	HttpOnly bool
-	// Defaults to http.SameSiteDefaultMode
-	SameSite http.SameSite
-}
--- a/vendor/github.com/gorilla/sessions/store.go
+++ b/vendor/github.com/gorilla/sessions/store.go
@ -14,6 +14,11 @@ import (
 	"github.com/gorilla/securecookie"
 )

+const (
+	// File name prefix for session files.
+	sessionFilePrefix = "session_"
+)
+
 // Store is an interface for custom session stores.
 //
 // See CookieStore and FilesystemStore for examples.
@ -49,8 +54,10 @@ func NewCookieStore(keyPairs ...[]byte) *CookieStore {
 	cs := &CookieStore{
 		Codecs: securecookie.CodecsFromPairs(keyPairs...),
 		Options: &Options{
-			Path:   "/",
-			MaxAge: 86400 * 30,
+			Path:     "/",
+			MaxAge:   86400 * 30,
+			SameSite: http.SameSiteNoneMode,
+			Secure:   true,
 		},
 	}

@ -257,7 +264,7 @@ func (s *FilesystemStore) save(session *Session) error {
 	if err != nil {
 		return err
 	}
-	filename := filepath.Join(s.path, "session_"+session.ID)
+	filename := filepath.Join(s.path, sessionFilePrefix+filepath.Base(session.ID))
 	fileMutex.Lock()
 	defer fileMutex.Unlock()
 	return os.WriteFile(filename, []byte(encoded), 0600)
@ -265,7 +272,7 @@ func (s *FilesystemStore) save(session *Session) error {

 // load reads a file and decodes its content into session.Values.
 func (s *FilesystemStore) load(session *Session) error {
-	filename := filepath.Join(s.path, "session_"+session.ID)
+	filename := filepath.Join(s.path, sessionFilePrefix+filepath.Base(session.ID))
 	fileMutex.RLock()
 	defer fileMutex.RUnlock()
 	fdata, err := os.ReadFile(filepath.Clean(filename))
@ -281,7 +288,7 @@ func (s *FilesystemStore) load(session *Session) error {

 // delete session file
 func (s *FilesystemStore) erase(session *Session) error {
-	filename := filepath.Join(s.path, "session_"+session.ID)
+	filename := filepath.Join(s.path, sessionFilePrefix+filepath.Base(session.ID))

 	fileMutex.RLock()
 	defer fileMutex.RUnlock()