Bump github.com/pires/go-proxyproto from 0.2.0 to 0.6.2

[dependabot]

Bumps github.com/pires/go-proxyproto from 0.2.0 to 0.6.2.

Release notes

Sourced from github.com/pires/go-proxyproto's releases.

v0.6.2

• Fix race-condition in SetDeadline (#87) thanks to @​mschneider82 for the fix

v0.6.1

Bugfixes

• Critical: Reset read deadline after parsing header (#76) thanks a ton to @​antoniomika and a bunch of other folks who contributed to finding the solution

Improvements

• Introduce TLV parsing for Google Cloud extensions (#81) thanks to @​igor-kupczynski

v0.6.0

Bugfixes

None

Improvements

• Prevent potentially malicious client(s) from opening connections and not send the proxy protocol header, which could lead to DoS as the server would hold those socket descriptors open indefinitely, eventually running out of resources. The solution is to set a read deadline when waiting for the PROXY protocol header (#74) thanks a lot to @​unmarshal

v0.5.0

Bugfixes

The two bugs addressed below are considered serious security issues that can lead to DoS. I cannot express how thankful I am for @​isedev for sharing the problem and the solution <3

• v1: enforce header maximum size of 107 bytes to avoid unbounded memory consumption (#71)
• v1: sender must always ensure that the header is sent at once to avoid slow loris attack (#71)

Improvements

• Add PP2_TYPE_UNIQUE_ID (#67) thanks to @​TimWolla
• Add ReadFrom/WriteTo to increase performance when proxying wrapped connections using io.Copy (#68) thanks to @​databus23

v0.4.2

Bugfixes

• v1: fix command always LOCAL (#64) thanks to @​bohanyang

Documentation

• Fix LICENSE (#66)

v0.4.1

Bugfixes

• v2: respect length and any TLVs when UNSPEC (#62) thanks to @​bohanyang

v0.4.0

Announcement

... (truncated)

Commits

• db39a71 Merge pull request #87 from mschneider82/master
• b4887c1 added -race for github action tests
• d78b4b6 protocol: fixed deadline datarace #86
• 2e44d7a Merge pull request #76 from pires/bugfix/reset_conn_read_deadline_after_succe...
• 880d578 protocol: DEFAULT_TIMEOUT is now DefaultReadHeaderTimeout
• 0c5719a protocol: fix header timeout when the user supplied deadline(s)
• 094c0b6 ci: remove Go 1.14
• a4e6227 protocol: reset timeout after processing header
• 67d28b3 protocol: prove erroneous timeout after timeout is set
• a55009f Merge pull request #82 from drakkan/staticcheck
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)