[PR #137] deps/coraza/api: bump github.com/corazawaf/coraza/v3 from 3.3.2 to 3.3.3 in /coraza/api #135

New issue

Open

opened 2026-03-02 03:00:06 +03:00 by kerem · 0 comments

kerem commented 2026-03-02 03:00:06 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/bunkerity/bunkerweb-plugins/pull/137
Author: @dependabot[bot]
Created: 3/21/2025
Status: 🔄 Open

Base: dev ← Head: dependabot/go_modules/coraza/api/dev/github.com/corazawaf/coraza/v3-3.3.3

---

📝 Commits (1)

• 12a8d2c deps/coraza/api: bump github.com/corazawaf/coraza/v3 in /coraza/api

📊 Changes

1 file changed (+7 additions, -4 deletions)

View changed files

📝 coraza/api/go.mod (+7 -4)

📄 Description

Bumps github.com/corazawaf/coraza/v3 from 3.3.2 to 3.3.3.

Release notes

Sourced from github.com/corazawaf/coraza/v3's releases.

v3.3.3

Important

This release has a fix for https://github.com/corazawaf/coraza/security/advisories/GHSA-q9f5-625g-xm39.

Thanks to @​blotus for finding it and providing a proper discloruse AND fix! ❤️

What's Changed

• fix(deps): update module github.com/corazawaf/coraza/v3 to v3.3.2 in testing/coreruleset/go.mod by @​renovate in corazawaf/coraza#1282
• chore(deps): update github/codeql-action digest to b6a472f in .github/workflows/codeql-analysis.yml by @​renovate in corazawaf/coraza#1284
• fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.8.0 in testing/coreruleset/go.mod by @​renovate in corazawaf/coraza#1285
• ci: add wait-for-status check by @​fzipi in corazawaf/coraza#1286
• chore(deps): update all non-major dependencies in .github/workflows/tinygo.yml by @​renovate in corazawaf/coraza#1289
• chore(deps): pin poseidon/wait-for-status-checks action to 899c768 in .github/workflows/regression.yml by @​renovate in corazawaf/coraza#1288
• chore(deps): update github/codeql-action digest to dd196fa in .github/workflows/codeql-analysis.yml by @​renovate in corazawaf/coraza#1293
• chore(deps): update all non-major dependencies in .github/workflows/regression.yml by @​renovate in corazawaf/coraza#1295
• fix(ci): ignore codecov tests from wait-for-status-checks by @​M4tteoP in corazawaf/coraza#1292
• feat: add hexDecode transformation by @​tty2 in corazawaf/coraza#1275
• chore(deps): update all non-major dependencies in .github/workflows/regression.yml by @​renovate in corazawaf/coraza#1296
• fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.8.1 in testing/coreruleset/go.mod by @​renovate in corazawaf/coraza#1297
• fix(deps): update all non-major dependencies in go.mod by @​renovate in corazawaf/coraza#1298
• chore(deps): update github/codeql-action digest to dd74661 in .github/workflows/codeql-analysis.yml by @​renovate in corazawaf/coraza#1299
• fix(deps): update module golang.org/x/sync to v0.11.0 in go.mod by @​renovate in corazawaf/coraza#1302
• chore(deps): update github/codeql-action digest to 9e8d078 in .github/workflows/codeql-analysis.yml by @​renovate in corazawaf/coraza#1303
• fix(deps): update module golang.org/x/net to v0.35.0 in go.mod by @​renovate in corazawaf/coraza#1306
• fix(deps): update module github.com/coreruleset/go-ftw to v1.3.0 in testing/coreruleset/go.mod by @​renovate in corazawaf/coraza#1308
• chore(deps): update actions/cache digest to 0c907a7 in .github/workflows/tinygo.yml by @​renovate in corazawaf/coraza#1309
• chore(deps): update all non-major dependencies in .github/workflows/codeql-analysis.yml by @​renovate in corazawaf/coraza#1312
• chore: update to golang 1.23.6 by @​fzipi in corazawaf/coraza#1313
• inspectFile: False-positive match fixed by @​vimusov in corazawaf/coraza#1311
• chore(deps): update codecov/codecov-action digest to 0565863 in .github/workflows/regression.yml by @​renovate in corazawaf/coraza#1314
• chore(deps): update actions/cache digest to d4323d4 in .github/workflows/tinygo.yml by @​renovate in corazawaf/coraza#1315
• fix(deps): update all non-major dependencies in go.mod by @​renovate in corazawaf/coraza#1317
• chore(deps): update module golang.org/x/crypto to v0.35.0 [security] by @​renovate in corazawaf/coraza#1319
• fix(deps): update module golang.org/x/net to v0.36.0 in go.mod by @​renovate in corazawaf/coraza#1318
• fix(deps): update go modules in go.mod by @​renovate in corazawaf/coraza#1320
• chore(deps): update github/codeql-action digest to 6bb031a in .github/workflows/codeql-analysis.yml by @​renovate in corazawaf/coraza#1323
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.17.1 in go.mod by @​renovate in corazawaf/coraza#1324
• chore(deps): update module golang.org/x/net to v0.36.0 [security] by @​renovate in corazawaf/coraza#1327
• chore: points to Go v1.23.0 and some clean ups by @​M4tteoP in corazawaf/coraza#1328

New Contributors

• @​vimusov made their first contribution in corazawaf/coraza#1311

Full Changelog: https://github.com/corazawaf/coraza/compare/v3.3.2...v3.3.3

Commits

• 4722c9a Merge commit from fork
• 8b612f4 chore: points to Go v1.23.0 and some clean ups (#1328)
• e29a849 chore(deps): update module golang.org/x/net to v0.36.0 [security] (#1327)
• 117380e fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.17.1 in go....
• 902edfa chore(deps): update github/codeql-action digest to 6bb031a in .github/workflo...
• fa6558b fix(deps): update go modules in go.mod (#1320)
• 78946f6 fix(deps): update module golang.org/x/net to v0.36.0 in go.mod (#1318)
• b9e125f chore(deps): update module golang.org/x/crypto to v0.35.0 [security] (#1319)
• d7a7194 fix(deps): update all non-major dependencies in go.mod (#1317)
• 68ab4db chore(deps): update actions/cache digest to d4323d4 in .github/workflows/tiny...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/bunkerity/bunkerweb-plugins/pull/137 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 3/21/2025 **Status:** 🔄 Open **Base:** `dev` ← **Head:** `dependabot/go_modules/coraza/api/dev/github.com/corazawaf/coraza/v3-3.3.3` --- ### 📝 Commits (1) - [`12a8d2c`](https://github.com/bunkerity/bunkerweb-plugins/commit/12a8d2c5e036887faf4e39369f9032131120f8f9) deps/coraza/api: bump github.com/corazawaf/coraza/v3 in /coraza/api ### 📊 Changes **1 file changed** (+7 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `coraza/api/go.mod` (+7 -4) </details> ### 📄 Description Bumps [github.com/corazawaf/coraza/v3](https://github.com/corazawaf/coraza) from 3.3.2 to 3.3.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/corazawaf/coraza/releases">github.com/corazawaf/coraza/v3's releases</a>.</em></p> <blockquote> <h2>v3.3.3</h2> <h2>Important</h2> <p>This release has a fix for <a href="https://github.com/corazawaf/coraza/security/advisories/GHSA-q9f5-625g-xm39">https://github.com/corazawaf/coraza/security/advisories/GHSA-q9f5-625g-xm39</a>.</p> <p>Thanks to <a href="https://github.com/blotus"><code>@​blotus</code></a> for finding it and providing a proper discloruse AND fix! :heart:</p> <h2>What's Changed</h2> <ul> <li>fix(deps): update module github.com/corazawaf/coraza/v3 to v3.3.2 in testing/coreruleset/go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1282">corazawaf/coraza#1282</a></li> <li>chore(deps): update github/codeql-action digest to b6a472f in .github/workflows/codeql-analysis.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1284">corazawaf/coraza#1284</a></li> <li>fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.8.0 in testing/coreruleset/go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1285">corazawaf/coraza#1285</a></li> <li>ci: add wait-for-status check by <a href="https://github.com/fzipi"><code>@​fzipi</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1286">corazawaf/coraza#1286</a></li> <li>chore(deps): update all non-major dependencies in .github/workflows/tinygo.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1289">corazawaf/coraza#1289</a></li> <li>chore(deps): pin poseidon/wait-for-status-checks action to 899c768 in .github/workflows/regression.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1288">corazawaf/coraza#1288</a></li> <li>chore(deps): update github/codeql-action digest to dd196fa in .github/workflows/codeql-analysis.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1293">corazawaf/coraza#1293</a></li> <li>chore(deps): update all non-major dependencies in .github/workflows/regression.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1295">corazawaf/coraza#1295</a></li> <li>fix(ci): ignore codecov tests from wait-for-status-checks by <a href="https://github.com/M4tteoP"><code>@​M4tteoP</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1292">corazawaf/coraza#1292</a></li> <li>feat: add hexDecode transformation by <a href="https://github.com/tty2"><code>@​tty2</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1275">corazawaf/coraza#1275</a></li> <li>chore(deps): update all non-major dependencies in .github/workflows/regression.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1296">corazawaf/coraza#1296</a></li> <li>fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.8.1 in testing/coreruleset/go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1297">corazawaf/coraza#1297</a></li> <li>fix(deps): update all non-major dependencies in go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1298">corazawaf/coraza#1298</a></li> <li>chore(deps): update github/codeql-action digest to dd74661 in .github/workflows/codeql-analysis.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1299">corazawaf/coraza#1299</a></li> <li>fix(deps): update module golang.org/x/sync to v0.11.0 in go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1302">corazawaf/coraza#1302</a></li> <li>chore(deps): update github/codeql-action digest to 9e8d078 in .github/workflows/codeql-analysis.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1303">corazawaf/coraza#1303</a></li> <li>fix(deps): update module golang.org/x/net to v0.35.0 in go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1306">corazawaf/coraza#1306</a></li> <li>fix(deps): update module github.com/coreruleset/go-ftw to v1.3.0 in testing/coreruleset/go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1308">corazawaf/coraza#1308</a></li> <li>chore(deps): update actions/cache digest to 0c907a7 in .github/workflows/tinygo.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1309">corazawaf/coraza#1309</a></li> <li>chore(deps): update all non-major dependencies in .github/workflows/codeql-analysis.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1312">corazawaf/coraza#1312</a></li> <li>chore: update to golang 1.23.6 by <a href="https://github.com/fzipi"><code>@​fzipi</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1313">corazawaf/coraza#1313</a></li> <li>inspectFile: False-positive match fixed by <a href="https://github.com/vimusov"><code>@​vimusov</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1311">corazawaf/coraza#1311</a></li> <li>chore(deps): update codecov/codecov-action digest to 0565863 in .github/workflows/regression.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1314">corazawaf/coraza#1314</a></li> <li>chore(deps): update actions/cache digest to d4323d4 in .github/workflows/tinygo.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1315">corazawaf/coraza#1315</a></li> <li>fix(deps): update all non-major dependencies in go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1317">corazawaf/coraza#1317</a></li> <li>chore(deps): update module golang.org/x/crypto to v0.35.0 [security] by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1319">corazawaf/coraza#1319</a></li> <li>fix(deps): update module golang.org/x/net to v0.36.0 in go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1318">corazawaf/coraza#1318</a></li> <li>fix(deps): update go modules in go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1320">corazawaf/coraza#1320</a></li> <li>chore(deps): update github/codeql-action digest to 6bb031a in .github/workflows/codeql-analysis.yml by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1323">corazawaf/coraza#1323</a></li> <li>fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.17.1 in go.mod by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1324">corazawaf/coraza#1324</a></li> <li>chore(deps): update module golang.org/x/net to v0.36.0 [security] by <a href="https://github.com/renovate"><code>@​renovate</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1327">corazawaf/coraza#1327</a></li> <li>chore: points to Go <code>v1.23.0</code> and some clean ups by <a href="https://github.com/M4tteoP"><code>@​M4tteoP</code></a> in <a href="https://redirect.github.com/corazawaf/coraza/pull/1328">corazawaf/coraza#1328</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/vimusov"><code>@​vimusov</code></a> made their first contribution in <a href="https://redirect.github.com/corazawaf/coraza/pull/1311">corazawaf/coraza#1311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/corazawaf/coraza/compare/v3.3.2...v3.3.3">https://github.com/corazawaf/coraza/compare/v3.3.2...v3.3.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/corazawaf/coraza/commit/4722c9ad0d502abd56b8d6733c6b47eb4111742d"><code>4722c9a</code></a> Merge commit from fork</li> <li><a href="https://github.com/corazawaf/coraza/commit/8b612f4e6e18c606e371110227bc7669dc714cab"><code>8b612f4</code></a> chore: points to Go <code>v1.23.0</code> and some clean ups (<a href="https://redirect.github.com/corazawaf/coraza/issues/1328">#1328</a>)</li> <li><a href="https://github.com/corazawaf/coraza/commit/e29a849961c1688a7c0700b139262445a098aba3"><code>e29a849</code></a> chore(deps): update module golang.org/x/net to v0.36.0 [security] (<a href="https://redirect.github.com/corazawaf/coraza/issues/1327">#1327</a>)</li> <li><a href="https://github.com/corazawaf/coraza/commit/117380eab5602692b902e9983b8191a6c0949806"><code>117380e</code></a> fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.17.1 in go....</li> <li><a href="https://github.com/corazawaf/coraza/commit/902edfad06039b662973d0907a05da2a33ec5d24"><code>902edfa</code></a> chore(deps): update github/codeql-action digest to 6bb031a in .github/workflo...</li> <li><a href="https://github.com/corazawaf/coraza/commit/fa6558b0b00a281bb71870e7c3f23c22dda9fea6"><code>fa6558b</code></a> fix(deps): update go modules in go.mod (<a href="https://redirect.github.com/corazawaf/coraza/issues/1320">#1320</a>)</li> <li><a href="https://github.com/corazawaf/coraza/commit/78946f66ddef46a3e51695428a90550f74c52fd2"><code>78946f6</code></a> fix(deps): update module golang.org/x/net to v0.36.0 in go.mod (<a href="https://redirect.github.com/corazawaf/coraza/issues/1318">#1318</a>)</li> <li><a href="https://github.com/corazawaf/coraza/commit/b9e125f6882e1b003cdac9b92b25a565e28e9348"><code>b9e125f</code></a> chore(deps): update module golang.org/x/crypto to v0.35.0 [security] (<a href="https://redirect.github.com/corazawaf/coraza/issues/1319">#1319</a>)</li> <li><a href="https://github.com/corazawaf/coraza/commit/d7a7194b83b9bddcbffc3c5e99c8814357eee421"><code>d7a7194</code></a> fix(deps): update all non-major dependencies in go.mod (<a href="https://redirect.github.com/corazawaf/coraza/issues/1317">#1317</a>)</li> <li><a href="https://github.com/corazawaf/coraza/commit/68ab4db0f221ae149dbbcbf86deb83d7cd02123b"><code>68ab4db</code></a> chore(deps): update actions/cache digest to d4323d4 in .github/workflows/tiny...</li> <li>Additional commits viewable in <a href="https://github.com/corazawaf/coraza/compare/v3.3.2...v3.3.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem added the

pull-request

label 2026-03-02 03:00:06 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dev

dependabot/docker/coraza/api/dev/golang-1.26-alpine

dependabot/github_actions/dev/github/codeql-action-4.32.2

dependabot/github_actions/dev/docker/login-action-3.7.0

dependabot/github_actions/dev/actions/checkout-6.0.2

dependabot/go_modules/coraza/api/dev/github.com/corazawaf/coraza/v3-3.3.3

v1.10

v1.9

v1.8

v1.7

v1.6

v1.5

v1.4

v1.3

v1.2

v1.1

v1.0

v0.2

Labels

Clear labels   

bug

  

bug

  

clamav

  

crowdsec

  

documentation

  

enhancement

  

enhancement

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

virustotal

  

virustotal

No labels

bug

bug

clamav

crowdsec

documentation

enhancement

enhancement

enhancement

pull-request

question

virustotal

virustotal

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/bunkerweb-plugins#135

No description provided.