[TT-13098/TT-13107] Backport/release 5.3/release 5.3.6 cherrypick #6553

titpetric · 2024-09-19T12:03:14Z

User description

TT-13098
TT-13107

PR Type

enhancement, dependencies

Description

Fixed a CORS-related test assertion by correcting the case sensitivity of the "Access-Control-Allow-Headers" value.
Updated multiple Go module dependencies to their latest versions in go.mod and go.sum.
Added a new indirect dependency dario.cat/mergo v1.0.1.

Changes walkthrough 📝

Relevant files

Bug fix

reverse_proxy_test.go `Fix CORS header case sensitivity in test assertion` gateway/reverse_proxy_test.go Updated test assertion for CORS headers.	+1/-1

Dependencies

go.sum `Update Go module dependencies to latest versions` go.sum Updated multiple dependencies to newer versions. Added new indirect dependency `dario.cat/mergo v1.0.1`.	+90/-96
go.mod `Update Go module dependencies in go.mod` go.mod Updated several dependencies to newer versions. Added new indirect dependency `dario.cat/mergo v1.0.1`.	+41/-41

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

### **User description** Triggered by: titpetric JIRA: https://tyktech.atlassian.net/browse/TT-13098 Dependency bump + fix a cors related test assertion. | IMPORT | VERSION | LATEST | WARNINGS | CVES | |:---|:---|:---|:---|:---| | Masterminds/sprig/v3 | v3.2.3 | v3.3.0 | | | | cenkalti/backoff/v4 | v4.2.1 | v4.3.0 | | | | getkin/kin-openapi | v0.115.0 | v0.127.0 | Held back from upgrade | | | golang/protobuf | v1.5.3 | v1.5.4 | | | | gorilla/websocket | v1.5.1 | v1.5.3 | | 0 of 1 | | hashicorp/consul/api | v1.26.1 | v1.29.4 | | | | hashicorp/go-version | v1.6.0 | v1.7.0 | | | | hashicorp/vault/api | v1.12.1 | v1.15.0 | | | | miekg/dns | v1.1.57 | v1.1.62 | | 0 of 3 | | openzipkin/zipkin-go | v0.4.2 | v0.4.3 | | | | oschwald/maxminddb-golang | v1.12.0 | v1.13.1 | | | | robertkrimen/otto | v0.3.0 | v0.4.0 | | | | rs/cors | v1.10.1 | v1.11.1 | | 0 of 2 | | stretchr/testify | v1.8.4 | v1.9.0 | | | | valyala/fasthttp | v1.51.0 | v1.55.0 | | 0 of 1 | | golang.org/x/crypto | v0.24.0 | v0.27.0 | | 0 of 10 | | golang.org/x/net | v0.26.0 | v0.29.0 | | 0 of 16 | | golang.org/x/sync | v0.7.0 | v0.8.0 | | | | google.golang.org/grpc | v1.62.1 | v1.66.2 | | 0 of 2 | | google.golang.org/protobuf | v1.33.0 | v1.34.2 | | 0 of 2 | | go-redsync/redsync/v4 | v4.11.0 | v4.13.0 | | | | redis/go-redis/v9 | v9.4.0 | v9.6.1 | | | | newrelic/go-agent | v2.13.0 +incompatible | v3.34.0+incompatible | Held back from upgrade | | | go.opentelemetry.io/otel | v1.19.0 | v1.30.0 | Held back from upgrade | | | go.opentelemetry.io/otel/trace | v1.19.0 | v1.30.0 | Held back from upgrade | | <details> <summary>Steps performed</summary> ~~~ + go get github.com/Masterminds/sprig/v3@v3.3.0 go: downloading github.com/Masterminds/sprig/v3 v3.3.0 go: downloading dario.cat/mergo v1.0.1 go: downloading github.com/Masterminds/semver/v3 v3.3.0 go: downloading github.com/huandu/xstrings v1.5.0 go: downloading github.com/shopspring/decimal v1.4.0 go: downloading github.com/spf13/cast v1.7.0 go: downloading golang.org/x/crypto v0.26.0 go: downloading golang.org/x/sys v0.23.0 go: downloading golang.org/x/text v0.17.0 go: added dario.cat/mergo v1.0.1 go: upgraded github.com/Masterminds/semver/v3 v3.2.0 => v3.3.0 go: upgraded github.com/Masterminds/sprig/v3 v3.2.3 => v3.3.0 go: upgraded github.com/huandu/xstrings v1.3.3 => v1.5.0 go: upgraded github.com/shopspring/decimal v1.2.0 => v1.4.0 go: upgraded github.com/spf13/cast v1.6.0 => v1.7.0 go: upgraded golang.org/x/crypto v0.24.0 => v0.26.0 go: upgraded golang.org/x/sync v0.7.0 => v0.8.0 go: upgraded golang.org/x/sys v0.21.0 => v0.23.0 go: upgraded golang.org/x/text v0.16.0 => v0.17.0 + go get github.com/cenkalti/backoff/v4@v4.3.0 go: downloading github.com/cenkalti/backoff/v4 v4.3.0 go: upgraded github.com/cenkalti/backoff/v4 v4.2.1 => v4.3.0 + go get github.com/golang/protobuf@v1.5.4 go: downloading github.com/golang/protobuf v1.5.4 go: module github.com/golang/protobuf is deprecated: Use the "google.golang.org/protobuf" module instead. go: upgraded github.com/golang/protobuf v1.5.3 => v1.5.4 + go get github.com/gorilla/websocket@v1.5.3 go: downloading github.com/gorilla/websocket v1.5.3 go: upgraded github.com/gorilla/websocket v1.5.1 => v1.5.3 + go get github.com/hashicorp/consul/api@v1.29.4 go: downloading github.com/hashicorp/consul/api v1.29.4 go: downloading github.com/hashicorp/consul/sdk v0.16.1 go: upgraded github.com/hashicorp/consul/api v1.26.1 => v1.29.4 + go get github.com/hashicorp/go-version@v1.7.0 go: downloading github.com/hashicorp/go-version v1.7.0 go: upgraded github.com/hashicorp/go-version v1.6.0 => v1.7.0 + go get github.com/hashicorp/vault/api@v1.15.0 go: downloading github.com/hashicorp/vault v1.15.0 go: downloading github.com/hashicorp/vault/api v1.15.0 go: downloading github.com/go-jose/go-jose/v4 v4.0.1 go: downloading github.com/hashicorp/go-retryablehttp v0.7.7 go: downloading github.com/hashicorp/go-hclog v1.6.3 go: added github.com/go-jose/go-jose/v4 v4.0.1 go: upgraded github.com/hashicorp/go-hclog v1.5.0 => v1.6.3 go: upgraded github.com/hashicorp/go-retryablehttp v0.6.6 => v0.7.7 go: upgraded github.com/hashicorp/vault/api v1.12.1 => v1.15.0 + go get github.com/miekg/dns@v1.1.62 go: downloading github.com/miekg/dns v1.1.62 go: downloading golang.org/x/net v0.27.0 go: downloading golang.org/x/tools v0.22.0 go: downloading golang.org/x/mod v0.18.0 go: upgraded github.com/miekg/dns v1.1.57 => v1.1.62 go: upgraded golang.org/x/mod v0.17.0 => v0.18.0 go: upgraded golang.org/x/net v0.26.0 => v0.27.0 go: upgraded golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d => v0.22.0 + go get github.com/openzipkin/zipkin-go@v0.4.3 go: downloading github.com/openzipkin/zipkin-go v0.4.3 go: downloading github.com/IBM/sarama v1.43.1 go: downloading github.com/eapache/go-resiliency v1.6.0 go: downloading github.com/klauspost/compress v1.17.8 go: downloading github.com/pierrec/lz4/v4 v4.1.21 go: downloading github.com/stretchr/objx v0.5.2 go: downloading github.com/stretchr/testify v1.9.0 go: downloading google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be go: downloading google.golang.org/grpc v1.63.2 go: upgraded github.com/IBM/sarama v1.42.1 => v1.43.1 go: upgraded github.com/eapache/go-resiliency v1.4.0 => v1.6.0 go: upgraded github.com/klauspost/compress v1.17.0 => v1.17.8 go: upgraded github.com/openzipkin/zipkin-go v0.4.2 => v0.4.3 go: upgraded github.com/pierrec/lz4/v4 v4.1.18 => v4.1.21 go: upgraded github.com/stretchr/objx v0.5.0 => v0.5.2 go: upgraded github.com/stretchr/testify v1.8.4 => v1.9.0 go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 => v0.0.0-20240227224415-6ceb2ff114de go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 => v0.0.0-20240415180920-8c6c420018be go: upgraded google.golang.org/grpc v1.62.1 => v1.63.2 + go get github.com/oschwald/maxminddb-golang@v1.13.1 go: downloading github.com/oschwald/maxminddb-golang v1.13.1 go: upgraded github.com/oschwald/maxminddb-golang v1.12.0 => v1.13.1 + go get github.com/robertkrimen/otto@v0.4.0 go: downloading github.com/robertkrimen/otto v0.4.0 go: upgraded github.com/robertkrimen/otto v0.3.0 => v0.4.0 + go get github.com/rs/cors@v1.11.1 go: downloading github.com/rs/cors v1.11.1 go: upgraded github.com/rs/cors v1.10.1 => v1.11.1 + go get github.com/stretchr/testify@v1.9.0 + go get github.com/valyala/fasthttp@v1.55.0 go: downloading github.com/valyala/fasthttp v1.55.0 go: downloading github.com/klauspost/compress v1.17.9 go: upgraded github.com/klauspost/compress v1.17.8 => v1.17.9 go: upgraded github.com/valyala/fasthttp v1.51.0 => v1.55.0 + go get golang.org/x/crypto@v0.27.0 go: downloading golang.org/x/crypto v0.27.0 go: downloading golang.org/x/text v0.18.0 go: upgraded golang.org/x/crypto v0.26.0 => v0.27.0 go: upgraded golang.org/x/sys v0.23.0 => v0.25.0 go: upgraded golang.org/x/text v0.17.0 => v0.18.0 + go get golang.org/x/net@v0.29.0 go: downloading golang.org/x/net v0.29.0 go: upgraded golang.org/x/net v0.27.0 => v0.29.0 + go get golang.org/x/sync@v0.8.0 + go get google.golang.org/grpc@v1.66.2 go: downloading google.golang.org/grpc v1.66.2 go: downloading google.golang.org/protobuf v1.34.1 go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 go: downloading github.com/cespare/xxhash/v2 v2.3.0 go: downloading github.com/golang/glog v1.2.1 go: downloading google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 go: upgraded github.com/cespare/xxhash/v2 v2.2.0 => v2.3.0 go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de => v0.0.0-20240604185151-ef581f913117 go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be => v0.0.0-20240604185151-ef581f913117 go: upgraded google.golang.org/grpc v1.63.2 => v1.66.2 go: upgraded google.golang.org/protobuf v1.33.0 => v1.34.1 + go get google.golang.org/protobuf@v1.34.2 go: downloading google.golang.org/protobuf v1.34.2 go: upgraded google.golang.org/protobuf v1.34.1 => v1.34.2 + go get github.com/go-redsync/redsync/v4@v4.13.0 go: downloading github.com/go-redsync/redsync/v4 v4.13.0 go: downloading github.com/go-redis/redis/v7 v7.4.1 go: downloading github.com/redis/go-redis/v9 v9.5.1 go: upgraded github.com/go-redsync/redsync/v4 v4.11.0 => v4.13.0 go: upgraded github.com/redis/go-redis/v9 v9.4.0 => v9.5.1 + go get github.com/redis/go-redis/v9@v9.6.1 go: downloading github.com/redis/go-redis/v9 v9.6.1 go: upgraded github.com/redis/go-redis/v9 v9.5.1 => v9.6.1 ~~~ </details> <details> <summary>go mod tidy output</summary> ``` === RUN TestLint === RUN TestLint/InvalidJSON === RUN TestLint/WrongType === RUN TestLint/FieldTypo === RUN TestLint/Empty === RUN TestLint/Default === RUN TestLint/OldMonitor === RUN TestLint/NullObject === RUN TestLint/MissingPath === RUN TestLint/ExtraPort === RUN TestLint/BadHost === RUN TestLint/BadLogLevel === RUN TestLint/BadStorageType === RUN TestLint/BadPolicySource === RUN TestLint/MalformedDnsCacheEntry === RUN TestLint/BadDnsCacheTTL === RUN TestLint/ExtraDnsCacheCheckInterval === RUN TestLint/InvalidDnsCacheMultipleIPsHandleStrategy --- PASS: TestLint (0.02s) --- PASS: TestLint/InvalidJSON (0.00s) --- PASS: TestLint/WrongType (0.00s) --- PASS: TestLint/FieldTypo (0.00s) --- PASS: TestLint/Empty (0.00s) --- PASS: TestLint/Default (0.00s) --- PASS: TestLint/OldMonitor (0.00s) --- PASS: TestLint/NullObject (0.00s) --- PASS: TestLint/MissingPath (0.00s) --- PASS: TestLint/ExtraPort (0.00s) --- PASS: TestLint/BadHost (0.00s) --- PASS: TestLint/BadLogLevel (0.00s) --- PASS: TestLint/BadStorageType (0.00s) --- PASS: TestLint/BadPolicySource (0.00s) --- PASS: TestLint/MalformedDnsCacheEntry (0.00s) --- PASS: TestLint/BadDnsCacheTTL (0.00s) --- PASS: TestLint/ExtraDnsCacheCheckInterval (0.00s) --- PASS: TestLint/InvalidDnsCacheMultipleIPsHandleStrategy (0.00s) PASS ok github.com/TykTechnologies/tyk/cli/linter 0.034s === RUN TestXTykGateway_Lint --- PASS: TestXTykGateway_Lint (0.01s) PASS ok github.com/TykTechnologies/tyk/apidef/oas 0.015s ``` </details> ___ ### **PR Type** enhancement, dependencies ___ ### **Description** - Updated several Go module dependencies to their latest versions in `go.mod` and `go.sum` files. - Added new dependency `dario.cat/mergo v1.0.1` to the project. - Ensured compatibility and security by upgrading to the latest stable releases of various libraries. ___ ### **Changes walkthrough** 📝 <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Dependencies</strong></td><td><table> <tr> <td> <details> <summary><strong>go.sum</strong><dd><code>Update and add dependencies in go.sum file</code>                              </dd></summary> <hr> go.sum <li>Added new dependency <code>dario.cat/mergo v1.0.1</code>.<br> <li> Updated multiple dependencies to their latest versions.<br> <li> Removed older versions of dependencies. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6525/files#diff-3295df7234525439d778f1b282d146a4f1ff6b415248aaac074e8042d9f42d63">+90/-96</a>  </td> </tr> <tr> <td> <details> <summary><strong>go.mod</strong><dd><code>Update dependencies in go.mod file</code>                                              </dd></summary> <hr> go.mod <li>Updated <code>github.com/Masterminds/sprig/v3</code> to v3.3.0.<br> <li> Updated <code>github.com/cenkalti/backoff/v4</code> to v4.3.0.<br> <li> Updated <code>github.com/golang/protobuf</code> to v1.5.4.<br> <li> Updated several other dependencies to their latest versions. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6525/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6">+41/-41</a>  </td> </tr> </table></td></tr></tr></tbody></table> ___ > 💡 **PR-Agent usage**: >Comment `/help` on the PR to get a list of all available PR-Agent tools and their descriptions --------- Co-authored-by: titpetric <233360+titpetric@users.noreply.github.com> Co-authored-by: Tit Petric <tit@tyk.io>

github-actions · 2024-09-19T12:04:02Z

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Key issues to review Header Case Sensitivity The header "Access-Control-Allow-Headers" was changed from "Content-Type" to "content-type". Ensure this change doesn't affect case-sensitive header checks in clients or servers. Dependency Updates Multiple dependencies were updated. Verify compatibility and stability of new versions, especially for critical libraries like `github.com/golang/protobuf`, `github.com/hashicorp/consul/api`, and `google.golang.org/grpc`.

github-actions · 2024-09-19T12:04:05Z

PR Code Suggestions ✨

Category	Suggestion	Score
Best practice	Use canonical form for HTTP header keys to ensure case-insensitivity Consider using a case-insensitive comparison for HTTP header keys to ensure compatibility across different clients and servers that may use different casing. gateway/reverse_proxy_test.go [1502] -"Access-Control-Allow-Headers": "content-type", +"Access-Control-Allow-Headers": http.CanonicalHeaderKey("content-type"), Suggestion importance[1-10]: 8 Why: The suggestion to use `http.CanonicalHeaderKey` improves compatibility by ensuring case-insensitivity for HTTP header keys, which is a best practice for handling HTTP headers across different clients and servers. This change is beneficial for robustness and interoperability. The existing code is valid, but this suggestion enhances it by adhering to best practices.	8

github-actions · 2024-09-19T12:04:23Z

API Changes

no api changes detected

https://tyktech.atlassian.net/browse/TT-13107 ___ Bug fix ___ - Removed verbose error logging in `RedisQuotaExceeded` function when quota is disabled, simplifying the code and reducing unnecessary log output. - This change addresses the issue where logs were cluttered with error messages when the quota maximum was set to zero. ___ <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Bug fix</strong></td><td><table> <tr> <td> <details> <summary><strong>session_manager.go</strong><dd><code>Remove verbose error logging for disabled quota</code>                    </dd></summary> <hr> gateway/session_manager.go <li>Removed verbose error logging when quota is disabled.<br> <li> Simplified the code by eliminating unnecessary logging.<br> </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6530/files#diff-e6b40a285464cd86736e970c4c0b320b44c75b18b363d38c200e9a9d36cdabb6">+0/-1</a>      </td> </tr> </table></td></tr></tr></tbody></table> ___ > 💡 **PR-Agent usage**: >Comment `/help` on the PR to get a list of all available PR-Agent tools and their descriptions Co-authored-by: Tit Petric <tit@tyk.io>

github-actions bot added enhancement dependencies Pull requests that update a dependency file Review effort [1-5]: 3 labels Sep 19, 2024

titpetric force-pushed the backport/release-5.3/release-5.3.6-cherrypick branch from 080cc09 to 546c7af Compare September 19, 2024 12:04

titpetric enabled auto-merge (squash) September 19, 2024 12:04

titpetric disabled auto-merge September 19, 2024 12:23

lghiur merged commit d1edd50 into release-5.3.6 Sep 20, 2024
23 of 24 checks passed

lghiur deleted the backport/release-5.3/release-5.3.6-cherrypick branch September 20, 2024 08:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[TT-13098/TT-13107] Backport/release 5.3/release 5.3.6 cherrypick #6553

[TT-13098/TT-13107] Backport/release 5.3/release 5.3.6 cherrypick #6553

titpetric commented Sep 19, 2024 •

edited by github-actions bot

Loading

github-actions bot commented Sep 19, 2024

github-actions bot commented Sep 19, 2024 •

edited

Loading

github-actions bot commented Sep 19, 2024

[TT-13098/TT-13107] Backport/release 5.3/release 5.3.6 cherrypick #6553

[TT-13098/TT-13107] Backport/release 5.3/release 5.3.6 cherrypick #6553

Conversation

titpetric commented Sep 19, 2024 • edited by github-actions bot Loading

User description

PR Type

Description

Changes walkthrough 📝

github-actions bot commented Sep 19, 2024

PR Reviewer Guide 🔍

github-actions bot commented Sep 19, 2024 • edited Loading

PR Code Suggestions ✨

github-actions bot commented Sep 19, 2024

titpetric commented Sep 19, 2024 •

edited by github-actions bot

Loading

github-actions bot commented Sep 19, 2024 •

edited

Loading