go.mod: bump github.com/gorilla/csrf from 1.7.1 to 1.7.3 (#1432)

dependabot[bot] · web-flow · commit c0de9ce5b097 · 2025-05-06T14:35:38.000Z
Bumps [github.com/gorilla/csrf](https://github.com/gorilla/csrf) from 1.7.1 to 1.7.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gorilla/csrf/releases">github.com/gorilla/csrf's releases</a>.</em></p> <blockquote> <h2>v1.7.3</h2> <p>This Release fixes the following:</p> <ul> <li>CVE-2025-24358</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gorilla/csrf/compare/v1.7.2...v1.7.3">https://github.com/gorilla/csrf/compare/v1.7.2...v1.7.3</a></p> <h2>Release v1.7.2</h2> <h2>What's Changed</h2> <ul> <li>Remove pkg/errors dependency by <a href="https://github.com/husio"><code>@​husio</code></a> in <a href="https://redirect.github.com/gorilla/csrf/pull/161">gorilla/csrf#161</a></li> <li>Update README.md by <a href="https://github.com/coreydaley"><code>@​coreydaley</code></a> in <a href="https://redirect.github.com/gorilla/csrf/pull/164">gorilla/csrf#164</a></li> <li>[GPT-96] Update go version &amp; add verification/testing tools by <a href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a> in <a href="https://redirect.github.com/gorilla/csrf/pull/166">gorilla/csrf#166</a></li> <li>updated licence by <a href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a> in <a href="https://redirect.github.com/gorilla/csrf/pull/167">gorilla/csrf#167</a></li> <li>Update issues.yml by <a href="https://github.com/coreydaley"><code>@​coreydaley</code></a> in <a href="https://redirect.github.com/gorilla/csrf/pull/168">gorilla/csrf#168</a></li> <li>issues/158/examples for working api with javascript frontend by <a href="https://github.com/francoposa"><code>@​francoposa</code></a> in <a href="https://redirect.github.com/gorilla/csrf/pull/162">gorilla/csrf#162</a></li> <li>updating github action workflows by <a href="https://github.com/coreydaley"><code>@​coreydaley</code></a> in <a href="https://redirect.github.com/gorilla/csrf/pull/169">gorilla/csrf#169</a></li> <li>Updating gorilla/securecookie to v1.1.2 by <a href="https://github.com/coreydaley"><code>@​coreydaley</code></a> in <a href="https://redirect.github.com/gorilla/csrf/pull/170">gorilla/csrf#170</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/husio"><code>@​husio</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/csrf/pull/161">gorilla/csrf#161</a></li> <li><a href="https://github.com/coreydaley"><code>@​coreydaley</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/csrf/pull/164">gorilla/csrf#164</a></li> <li><a href="https://github.com/apoorvajagtap"><code>@​apoorvajagtap</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/csrf/pull/166">gorilla/csrf#166</a></li> <li><a href="https://github.com/francoposa"><code>@​francoposa</code></a> made their first contribution in <a href="https://redirect.github.com/gorilla/csrf/pull/162">gorilla/csrf#162</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gorilla/csrf/compare/v1.7.1...v1.7.2">https://github.com/gorilla/csrf/compare/v1.7.1...v1.7.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gorilla/csrf/commit/9dd6af1f6d30fc79fb0d972394deebdabad6b5eb"><code>9dd6af1</code></a> Merge commit from fork</li> <li><a href="https://github.com/gorilla/csrf/commit/a009743572494ccbc9d159005bdc58b86a44ddba"><code>a009743</code></a> Updating gorilla/securecookie to v1.1.2 (<a href="https://redirect.github.com/gorilla/csrf/issues/170">#170</a>)</li> <li><a href="https://github.com/gorilla/csrf/commit/94b5a9efbc27ce51c4ac1b1287c964e8f13013ca"><code>94b5a9e</code></a> updating github action workflows (<a href="https://redirect.github.com/gorilla/csrf/issues/169">#169</a>)</li> <li><a href="https://github.com/gorilla/csrf/commit/c1f4eb3aba6fe4cd0d1ef0ed5ca556876b14c29f"><code>c1f4eb3</code></a> issues/158/examples for working api with javascript frontend (<a href="https://redirect.github.com/gorilla/csrf/issues/162">#162</a>)</li> <li><a href="https://github.com/gorilla/csrf/commit/73c96a512fc353d11f3da50cffde1e454884f405"><code>73c96a5</code></a> Update issues.yml (<a href="https://redirect.github.com/gorilla/csrf/issues/168">#168</a>)</li> <li><a href="https://github.com/gorilla/csrf/commit/a71a12f7d30580b6da2183b0f398527be93c0ca9"><code>a71a12f</code></a> updated licence (<a href="https://redirect.github.com/gorilla/csrf/issues/167">#167</a>)</li> <li><a href="https://github.com/gorilla/csrf/commit/15d47eceb8d5861882e276508d7cbb5b0082b980"><code>15d47ec</code></a> [GPT-96] Update go version &amp; add verification/testing tools (<a href="https://redirect.github.com/gorilla/csrf/issues/166">#166</a>)</li> <li><a href="https://github.com/gorilla/csrf/commit/32c27b0316d75a24e55ab36d059d0309238b9ee1"><code>32c27b0</code></a> Merge pull request <a href="https://redirect.github.com/gorilla/csrf/issues/164">#164</a> from gorilla/coreydaley-patch-1</li> <li><a href="https://github.com/gorilla/csrf/commit/04cc5dba5dd0af4341b9b406f05dc569c5e0ab40"><code>04cc5db</code></a> Update README.md</li> <li><a href="https://github.com/gorilla/csrf/commit/93379db1992f1b2fbdd4ba1b55a1bf0414b0535e"><code>93379db</code></a> archive mode</li> <li>Additional commits viewable in <a href="https://github.com/gorilla/csrf/compare/v1.7.1...v1.7.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/gorilla/csrf&package-manager=go_modules&previous-version=1.7.1&new-version=1.7.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/namespacelabs/foundation/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/go.mod b/go.mod
@@ -53,7 +53,7 @@ require (
 	github.com/google/go-cmp v0.6.0
 	github.com/google/go-containerregistry v0.19.1
 	github.com/google/uuid v1.6.0
-	github.com/gorilla/csrf v1.7.1
+	github.com/gorilla/csrf v1.7.3
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/websocket v1.5.1
 	github.com/gravitational/teleport/api v0.0.0-20231212204825-da589355d4ea
@@ -236,7 +236,7 @@ require (
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.2 // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
 	github.com/gravitational/trace v1.3.1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
diff --git a/go.sum b/go.sum
@@ -538,15 +538,15 @@ github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUh
 github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/gorilla/csrf v1.7.1 h1:Ir3o2c1/Uzj6FBxMlAUB6SivgVMy1ONXwYgXn+/aHPE=
-github.com/gorilla/csrf v1.7.1/go.mod h1:+a/4tCmqhG6/w4oafeAZ9pEa3/NZOWYVbD9fV0FwIQA=
+github.com/gorilla/csrf v1.7.3 h1:BHWt6FTLZAb2HtWT5KDBf6qgpZzvtbp9QWDRKZMXJC0=
+github.com/gorilla/csrf v1.7.3/go.mod h1:F1Fj3KG23WYHE6gozCmBAezKookxbIvUJT+121wTuLk=
 github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
 github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
 github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
+github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
 github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
