Bump github.com/corazawaf/coraza/v3 from 3.2.1 to 3.3.3 in /environments/vercel-waf-env/waf #7

dependabot · 2025-12-25T15:29:23Z

Bumps github.com/corazawaf/coraza/v3 from 3.2.1 to 3.3.3.

Release notes

Sourced from github.com/corazawaf/coraza/v3's releases.

v3.3.3

Important

This release has a fix for GHSA-q9f5-625g-xm39.

Thanks to @blotus for finding it and providing a proper discloruse AND fix! ❤️

What's Changed

fix(deps): update module github.com/corazawaf/coraza/v3 to v3.3.2 in testing/coreruleset/go.mod by @renovate in corazawaf/coraza#1282

chore(deps): update github/codeql-action digest to b6a472f in .github/workflows/codeql-analysis.yml by @renovate in corazawaf/coraza#1284

fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.8.0 in testing/coreruleset/go.mod by @renovate in corazawaf/coraza#1285

ci: add wait-for-status check by @fzipi in corazawaf/coraza#1286

chore(deps): update all non-major dependencies in .github/workflows/tinygo.yml by @renovate in corazawaf/coraza#1289

chore(deps): pin poseidon/wait-for-status-checks action to 899c768 in .github/workflows/regression.yml by @renovate in corazawaf/coraza#1288

chore(deps): update github/codeql-action digest to dd196fa in .github/workflows/codeql-analysis.yml by @renovate in corazawaf/coraza#1293

chore(deps): update all non-major dependencies in .github/workflows/regression.yml by @renovate in corazawaf/coraza#1295

fix(ci): ignore codecov tests from wait-for-status-checks by @M4tteoP in corazawaf/coraza#1292

feat: add hexDecode transformation by @tty2 in corazawaf/coraza#1275

chore(deps): update all non-major dependencies in .github/workflows/regression.yml by @renovate in corazawaf/coraza#1296

fix(deps): update module github.com/bmatcuk/doublestar/v4 to v4.8.1 in testing/coreruleset/go.mod by @renovate in corazawaf/coraza#1297

fix(deps): update all non-major dependencies in go.mod by @renovate in corazawaf/coraza#1298

chore(deps): update github/codeql-action digest to dd74661 in .github/workflows/codeql-analysis.yml by @renovate in corazawaf/coraza#1299

fix(deps): update module golang.org/x/sync to v0.11.0 in go.mod by @renovate in corazawaf/coraza#1302

chore(deps): update github/codeql-action digest to 9e8d078 in .github/workflows/codeql-analysis.yml by @renovate in corazawaf/coraza#1303

fix(deps): update module golang.org/x/net to v0.35.0 in go.mod by @renovate in corazawaf/coraza#1306

fix(deps): update module github.com/coreruleset/go-ftw to v1.3.0 in testing/coreruleset/go.mod by @renovate in corazawaf/coraza#1308

chore(deps): update actions/cache digest to 0c907a7 in .github/workflows/tinygo.yml by @renovate in corazawaf/coraza#1309

chore(deps): update all non-major dependencies in .github/workflows/codeql-analysis.yml by @renovate in corazawaf/coraza#1312

chore: update to golang 1.23.6 by @fzipi in corazawaf/coraza#1313

inspectFile: False-positive match fixed by @vimusov in corazawaf/coraza#1311

chore(deps): update codecov/codecov-action digest to 0565863 in .github/workflows/regression.yml by @renovate in corazawaf/coraza#1314

chore(deps): update actions/cache digest to d4323d4 in .github/workflows/tinygo.yml by @renovate in corazawaf/coraza#1315

fix(deps): update all non-major dependencies in go.mod by @renovate in corazawaf/coraza#1317

chore(deps): update module golang.org/x/crypto to v0.35.0 [security] by @renovate in corazawaf/coraza#1319

fix(deps): update module golang.org/x/net to v0.36.0 in go.mod by @renovate in corazawaf/coraza#1318

fix(deps): update go modules in go.mod by @renovate in corazawaf/coraza#1320

chore(deps): update github/codeql-action digest to 6bb031a in .github/workflows/codeql-analysis.yml by @renovate in corazawaf/coraza#1323

fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.17.1 in go.mod by @renovate in corazawaf/coraza#1324

chore(deps): update module golang.org/x/net to v0.36.0 [security] by @renovate in corazawaf/coraza#1327

chore: points to Go v1.23.0 and some clean ups by @M4tteoP in corazawaf/coraza#1328

New Contributors

@vimusov made their first contribution in corazawaf/coraza#1311

Full Changelog: corazawaf/coraza@v3.3.2...v3.3.3

Version 3.3.2

What's Changed

fix: warn instead of returning error on empty glob result (#1280) by @jcchavezs in corazawaf/coraza#1281

... (truncated)

Commits

4722c9a Merge commit from fork
8b612f4 chore: points to Go v1.23.0 and some clean ups (#1328)
e29a849 chore(deps): update module golang.org/x/net to v0.36.0 [security] (#1327)
117380e fix(deps): update module github.com/mccutchen/go-httpbin/v2 to v2.17.1 in go....
902edfa chore(deps): update github/codeql-action digest to 6bb031a in .github/workflo...
fa6558b fix(deps): update go modules in go.mod (#1320)
78946f6 fix(deps): update module golang.org/x/net to v0.36.0 in go.mod (#1318)
b9e125f chore(deps): update module golang.org/x/crypto to v0.35.0 [security] (#1319)
d7a7194 fix(deps): update all non-major dependencies in go.mod (#1317)
68ab4db chore(deps): update actions/cache digest to d4323d4 in .github/workflows/tiny...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/corazawaf/coraza/v3](https://github.com/corazawaf/coraza) from 3.2.1 to 3.3.3. - [Release notes](https://github.com/corazawaf/coraza/releases) - [Changelog](https://github.com/corazawaf/coraza/blob/main/CHANGELOG.md) - [Commits](corazawaf/coraza@v3.2.1...v3.3.3) --- updated-dependencies: - dependency-name: github.com/corazawaf/coraza/v3 dependency-version: 3.3.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Dec 25, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump github.com/corazawaf/coraza/v3 from 3.2.1 to 3.3.3 in /environments/vercel-waf-env/waf #7

Bump github.com/corazawaf/coraza/v3 from 3.2.1 to 3.3.3 in /environments/vercel-waf-env/waf #7

dependabot bot commented on behalf of github Dec 25, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump github.com/corazawaf/coraza/v3 from 3.2.1 to 3.3.3 in /environments/vercel-waf-env/waf #7

Are you sure you want to change the base?

Bump github.com/corazawaf/coraza/v3 from 3.2.1 to 3.3.3 in /environments/vercel-waf-env/waf #7

Conversation

dependabot bot commented on behalf of github Dec 25, 2025

v3.3.3

Important

What's Changed

New Contributors

Version 3.3.2

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant