chore: update dependencies #12862
chore: update dependencies #12862
Conversation
Signed-off-by: Abhishek Choudhary <shreemaan.abhishek@gmail.com>
…ate-deps Signed-off-by: Abhishek Choudhary <shreemaan.abhishek@gmail.com>
| function _M.access(conf, ctx) | ||
| local current_uri = ctx.var.uri | ||
| local session_obj_read, session_present = session.open() | ||
| local session_obj, sess_err, session_present = session.open() |
There was a problem hiding this comment.
the response format has changed in the new version
| } | ||
| session_obj_write:start() | ||
| session_obj_write.data.access_token = access_token | ||
| session_obj_write:open() |
There was a problem hiding this comment.
:start has been removed in the new version
| core.log.info("rocketmq nameserver_list[1] port ", | ||
| prod.client.nameservers[1].port) | ||
| core.log.info("rocketmq nameserver_list[1]: ", | ||
| prod.client.nameservers[1]) |
There was a problem hiding this comment.
port is no longer available in this data structure.
| -- Extract cookie which is not authenticated | ||
| local cookie_str = concatenate_cookies(res.headers['Set-Cookie']) | ||
| -- set a random cookie | ||
| local cookie_str = "foobaar" |
There was a problem hiding this comment.
the previous session library used by lua-resty-openidc would set Set-Cookie header. This no longer happens in the new version.
| local cookie_str = concatenate_cookies(res.headers['Set-Cookie']) | ||
| local parts = {} | ||
| for part in string.gmatch(cookie_str, "[^|]+") do |
There was a problem hiding this comment.
cookies are no longer | separated, they are in fact encrypted in the new version.
| GET /echo?args=%40%23%24%25%5E%26 | ||
| --- response_body chomp | ||
| args=@#$%^& | ||
| args=@%23$%25%5E& |
There was a problem hiding this comment.
change due to net-url upgrade
There was a problem hiding this comment.
In other words, the three characters # / % / ^ are no longer decoded by default, which may cause compatibility issues. However, as long as the new behavior conforms to URL parser standards, it should also be upgraded.
dosubot
bot
added
size:M
4 participants
Description
Upgrade
lua-resty-openidc,lua-resty-session,lua-resty-rocketmqandnet-url.All of these libraries have new latest updates, bugfixes and security enhancements. Specially lua-resty-openidc and lua-resty-session.
Security: Enforces AES-256-GCM encryption by default (replacing HMAC-signed plaintext) for full data confidentiality.
Efficiency: Enables automatic compression (Deflate) for payloads >1KB, significantly reducing cookie size and fragmentation overhead.
Checklist