chore(deps): bump github.com/projectdiscovery/nuclei/v2 from 2.9.2 to 2.9.9 #42

dependabot · 2023-07-18T10:08:31Z

Bumps github.com/projectdiscovery/nuclei/v2 from 2.9.2 to 2.9.9.

Release notes

Sourced from github.com/projectdiscovery/nuclei/v2's releases.

v2.9.9 (Security Update)

What's Changed

🎉 Features

Added env variable support to disable automatic template update from specifc source (#3705) by @kchason in projectdiscovery/nuclei#3926
export DISABLE_NUCLEI_TEMPLATES_PUBLIC_DOWNLOAD=true # Disable download from the default nuclei-templates project
export DISABLE_NUCLEI_TEMPLATES_GITHUB_DOWNLOAD=true # Disable download from public / private GitHub project(s)
export DISABLE_NUCLEI_TEMPLATES_GITLAB_DOWNLOAD=true # Disable download from public / private GitLab project(s)
export DISABLE_NUCLEI_TEMPLATES_AWS_DOWNLOAD=true # Disable download from public / private AWS Bucket(s)
export DISABLE_NUCLEI_TEMPLATES_AZURE_DOWNLOAD=true # Disable download from public / private Azure Blob Storage
Added helper function to calculate jarm hash by @Mzack9999 in projectdiscovery/nuclei#3906
{{jarm("1.1.1.1:443")}}
Added support for disable-path-automerge in unsafe mode by @RamanaReddy0M in projectdiscovery/nuclei#3888

Added request/reponse in include in result as default by @kchason in projectdiscovery/nuclei#3710

Added epss-percentile attribute template classification section by @ehsandeep in projectdiscovery/nuclei#3911
  classification:
    epss-percentile: 0.00064
Added option to optionally exclude request/reponse in results by @kchason in projectdiscovery/nuclei#3710
   -or, -omit-raw  omit request/response pairs in the JSON, JSONL, and Markdown outputs (for findings only)
Added automatic target merge in network templates by @Mzack9999 in projectdiscovery/nuclei#3904

🐞 Bugs

Fixed issue in workflow concurrency by @Mzack9999 in projectdiscovery/nuclei#3903

🔨 Maintenance

Fixed issue in the payload generator by @tarunKoyalwar in projectdiscovery/nuclei#3918

🔨 Other Changes

Added ztls fallback support as default for tls connection by @tarunKoyalwar in projectdiscovery/nuclei#3909

🔨 Security (breaking change ⚠️)

Fixed issue with payloads loading in sandbox mode by @Mzack9999 in projectdiscovery/nuclei#3927

Disabled payload loading from arbitrary location as default by @Ice3man543 in projectdiscovery/nuclei#3927

Added option to disable network connection to local / private by @Ice3man543 in projectdiscovery/nuclei#3927
   -lfa, -allow-local-file-access        allows file (payload) access anywhere on the system
</tr></table> 

... (truncated)

Commits

53bcc18 Merge branch 'dev'
0828339 version update
729424d chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/storage/azblob (#3933)
22c7422 chore(deps): bump golang from 1.20.5-alpine to 1.20.6-alpine (#3931)
8009fc6 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager in /v2 (#3935)
09a1200 chore(deps): bump github.com/projectdiscovery/dsl in /v2 (#3934)
08e1ab9 Disable Template Locations (#3705) (#3926)
66f0dc7 Adding jarm helper via dsl (#3906)
e5154d3 fixing payload load (#3927)
2cf574a chore(deps): bump github.com/projectdiscovery/httpx in /v2 (#3912)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/projectdiscovery/nuclei/v2](https://github.com/projectdiscovery/nuclei) from 2.9.2 to 2.9.9. - [Release notes](https://github.com/projectdiscovery/nuclei/releases) - [Commits](projectdiscovery/nuclei@v2.9.2...v2.9.9) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/nuclei/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>