fix(deps): update module github.com/corazawaf/coraza/v3 to v3.2.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/corazawaf/coraza/v3	v3.0.5-0.20240205085451-fc71a09e809b -> v3.2.1

---

Release Notes

corazawaf/coraza (github.com/corazawaf/coraza/v3)

v3.2.1: Coraza 3.2.1

Compare Source

This is a quick patch release to fix a potential data race that was noticed right after v3.2.0 (Thanks @​MarcWort for reporting it!) and a minor fix about logging.

What's Changed

• fix: race condition on StrID by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1084
• fix: makes max size log message CRS correlation rule friendly by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1085

Full Changelog: corazawaf/coraza@v3.2.0...v3.2.1

v3.2.0: Version 3.2.0

Compare Source

Coraza v3.2.0 comes with:

• Support for SecRuleUpdateTargetByTag, Base64DecodeExt, extended support for ranges of IDs with SecRuleUpdateTargetByID.
• Support for case-sensitive matching for ARGS keys. It currently comes under the coraza.rule.case_sensitive_args_keys. Mind that, in compliance with RFC 3986 specification, it is planned to become the default behavior starting from the next major version.
• Support for auditlog formatters for tinygo builds.
• Various bug fixes, among other things, around log generation and Coraza middleware.
• Performance implements and reduced memory allocation mostly thanks to @​noboruma.
• Updated CRS support to the latest CRS v4.3.0 version.

What's Changed

• fix(deps): update module github.com/tidwall/gjson to v1.17.1 by @​renovate in https://github.com/corazawaf/coraza/pull/1004
• fix(deps): update module golang.org/x/net to v0.22.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1011
• feat: expose expected directives for e2e test by @​fionera in https://github.com/corazawaf/coraza/pull/1012
• avoid executing costly With if noop logger by @​noboruma in https://github.com/corazawaf/coraza/pull/1015
• tests: covers eq operator. by @​jcchavezs in https://github.com/corazawaf/coraza/pull/1002
• fix: RegisterWriter/RegisterFormatter case insensitive by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1026
• feat: Implements SecRuleUpdateTargetByTag, extends ByID with ranges by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1020
• tests: covers zero case in eq operator. by @​jcchavezs in https://github.com/corazawaf/coraza/pull/1029
• feat: registers RegisterFormatters for tinygo by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1027
• fix(deps): update module golang.org/x/net to v0.23.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1033
• Fix: audit logs RelevantOnly match if interruption happens by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1025
• tests: adds logs for unexpected status code. by @​jcchavezs in https://github.com/corazawaf/coraza/pull/1037
• fix(deps): update module golang.org/x/net to v0.24.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1035
• cache Rule ID string version by @​noboruma in https://github.com/corazawaf/coraza/pull/1039
• chore: adds fs access check at startup time by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1030
• Add support for Base64DecodeExt by @​soujanyanmbri in https://github.com/corazawaf/coraza/pull/1046
• fix: FuzzB64Decode regexp match for fuzzing by @​fzipi in https://github.com/corazawaf/coraza/pull/1054
• chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 in /testing/coreruleset in the go_modules group across 1 directory by @​dependabot in https://github.com/corazawaf/coraza/pull/1043
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.13.4 by @​renovate in https://github.com/corazawaf/coraza/pull/1001
• fix(deps): update module github.com/petar-dambovaliev/aho-corasick to v0.0.0-20240411101913-e07a1f0e8eb4 by @​renovate in https://github.com/corazawaf/coraza/pull/1057
• feat: add new maps with case sensitive keys by @​fzipi in https://github.com/corazawaf/coraza/pull/1055
• fix: http parameter pollution test cases by @​fzipi in https://github.com/corazawaf/coraza/pull/1058
• fix(deps): update module golang.org/x/sync to v0.7.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1034
• fix(deps): update module golang.org/x/net to v0.25.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1060
• fix: RemoveTargetById Args in multiphase mode by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1061
• fix: headers leaked during interruptions at phase 3/4 by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1062
• chore: deletes content temporary file on close. by @​jcchavezs in https://github.com/corazawaf/coraza/pull/924
• chore: upgrades to CRS 4.1. by @​jcchavezs in https://github.com/corazawaf/coraza/pull/1032
• chore: updates CRS tests to CRS4.2 by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1066
• fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.14.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1067
• feat: add support for case sensitive args by @​fzipi in https://github.com/corazawaf/coraza/pull/1059
• fix: logs multiple vars matched by same rule by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1074
• fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1076
• fix(deps): update module github.com/corazawaf/libinjection-go to v0.2.1 by @​renovate in https://github.com/corazawaf/coraza/pull/1079
• fix(deps): update module golang.org/x/net to v0.26.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1075
• fix: setters of INBOUND_DATA_ERROR and OUTBOUND_DATA_ERROR by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1078
• fix(deps): update module github.com/rs/zerolog to v1.33.0 by @​renovate in https://github.com/corazawaf/coraza/pull/1073
• chore: updates CRS tests to CRS4.3 by @​M4tteoP in https://github.com/corazawaf/coraza/pull/1081

New Contributors (thanks a lot!)

• @​fionera made their first contribution in https://github.com/corazawaf/coraza/pull/1012
• @​noboruma made their first contribution in https://github.com/corazawaf/coraza/pull/1015
• @​soujanyanmbri made their first contribution in https://github.com/corazawaf/coraza/pull/1046

Full Changelog: corazawaf/coraza@v3.1.0...v3.2.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 5 additional dependencies were updated

Details:

Package	Change
github.com/corazawaf/libinjection-go	v0.1.3 -> v0.2.1
github.com/petar-dambovaliev/aho-corasick	v0.0.0-20230725210150-fb29fc3c913e -> v0.0.0-20240411101913-e07a1f0e8eb4
github.com/tidwall/gjson	v1.17.0 -> v1.17.1
golang.org/x/net	v0.20.0 -> v0.26.0
golang.org/x/sync	v0.6.0 -> v0.7.0

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.