Update module github.com/gabriel-vasile/mimetype to v1.4.13

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/gabriel-vasile/mimetype	v1.4.3 → v1.4.13

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

gabriel-vasile/mimetype (github.com/gabriel-vasile/mimetype)

v1.4.13: Support for .hlp, .inf, .fm, .bufr

Compare Source

What's Changed

• ndjson: fix inputs truncated on the second line; fix #​744 in #​745
• bmp: harden detection against false-positives in #​746
• os2: add support for .hlp and .inf in #​747
• ttf: harden detection in #​750
• ttf: use ints instead of string for better performance in #​751
• framemaker: add support in #​752
• bufr: add support in #​754
• Extend: ensure MIME string normalization by @​yzqzss in #​756
• m3u: add x-mpegurl alias by @​AltayAkkus in #​755

New Contributors

• @​yzqzss made their first contribution in #​756
• @​AltayAkkus made their first contribution in #​755

Full Changelog: gabriel-vasile/mimetype@v1.4.12...v1.4.13

v1.4.12: RFC822, GRIB, Zlib support

Compare Source

What's Changed

• zip+json: add benchmarks for better performance tracking of pathological inputs in #​730
• zip+json: performance improvements for pathological cases in #​732
• Fix integer overflow panic on 32bit architectures in #​733
• ci: add more linters and fix their warnings in #​734
• jar: manifest must be first in #​735
• rfc822: add support in #​740
• grib: add support in #​742
• zlib: add support in #​743

Full Changelog: gabriel-vasile/mimetype@v1.4.11...v1.4.12

v1.4.11: cpio, wordperfect support

Compare Source

What's Changed

• wordperfect: add support in #​707
• cpio: add support for binary version in #​709
• shebang: fix detection with args by @​scop in #​710
• shebang: support env -S by @​scop in #​712
• dxf: add support in #​720
• clone: stop cloning MIME when there is no charset in #​722
• aaf: remove individual node for aaf in #​724
• msoxml: match files and directories for first zip entry in #​729

Full Changelog: gabriel-vasile/mimetype@v1.4.10...v1.4.11

v1.4.10: perfomance inprovements, tests and new formats

Compare Source

This release adds support for XHTML, Lotus-1-2-3, KML, shell scripts, VSDX, OneNote, CHM and Netpbm file formats.
Changes were made to make mimetype behave more file linux $ file --mime utility.

https://github.com/gabriel-vasile/mimetype_tests repo is now used for running comparisons between mimetype and $ file --mime. It contains 50 000 samples and mimetype identifies the same format as $ file --mime for ~97% of them. Results are in the Actions tab.

What's Changed

• charset: remove dependency on x/net for parsing html in #​669
• CSV: replace stdlib reader with a parser that allocates less in #​672
• svg: make detection harder in #​674
• pdf: relax check to match file in #​677
• csv: stop mutating input byte slices; for #​680 in #​681
• charset: remove dependency on mime in #​684
• mso_office: increase limit of checked entries from 4 to 100 in #​685
• jar: replace application/jar with application/java-archive in #​686
• Zip container improvements in #​687
• Jar first entry inside a zip in #​688
• svg+html: better handling for comments in #​689
• xhtml: add support in #​690
• misc: behave more like file in #​691
• lotus-1-2-3: add support in #​695
• Add support for zipped KML files by @​dmlambea in #​693
• shell: add support by @​scop in #​694
• ruby: add support by @​scop in #​700
• python: associate with python2 and python3 shebangs by @​scop in #​699
• vsdx: add support in #​702
• oneNote: add support in #​703
• chm: add support for Microsoft Compiled HTML Help in #​704
• Netpbm: add support by @​kenshaw in #​705

New Contributors

• @​dmlambea made their first contribution in #​693
• @​scop made their first contribution in #​694
• @​kenshaw made their first contribution in #​705

Full Changelog: gabriel-vasile/mimetype@v1.4.9...v1.4.10

v1.4.9: GLTF support and performance improvements

Compare Source

What's Changed

• SRT detection: reduce allocs by @​gabriel-vasile in #​636
• json: more benchmarking by @​gabriel-vasile in #​640
• Bump golang.org/x/net from 0.33.0 to 0.39.0 in the gomod
• json: add parser with query capacity by @​gabriel-vasile in #​652
• feat: add support for GLTF by @​gabriel-vasile in #​655

Full Changelog: gabriel-vasile/mimetype@v1.4.8...v1.4.9

v1.4.8: Add support for APK

Compare Source

What's Changed

• Add support for APK; close #​345 in #​624
• (cve_fix)bump golang.org/x/net to v0.33.0 to fix CVE-2024-45338 by @​sonasingh46 in #​623
• zstd: check for skippable frames as well; fix #​619 in #​621

New Contributors

• @​sonasingh46 made their first contribution in #​623

Full Changelog: gabriel-vasile/mimetype@v1.4.7...v1.4.8

v1.4.7

Compare Source

What's Changed

• remove torrent testdata; closes #​398 by @​gabriel-vasile in #​597
• add support for CBOR files by @​gabriel-vasile in #​598
• Remove macho fixtures by @​gabriel-vasile in #​602
• remove most of the files from testdata by @​gabriel-vasile in #​603
• Bump golang.org/x/net from 0.30.0 to 0.31.0 in the gomod group by @​dependabot in #​605
• rename application/javascript to text/javascript by @​gabriel-vasile in #​604

Full Changelog: gabriel-vasile/mimetype@v1.4.6...v1.4.7

v1.4.6

Compare Source

What's Changed

• Improve ftyp detection in #​564
• CSV/TSV use a pool of buffered readers to avoid allocs by in #​573
• feat: Add parquet file detection by @​kwkelly in #​578
• add application/xml as alias of text/xml in #​581
• retract v1.4.4; closes #​575 in #​591
• action for benchmarking detectors in #​590
• Remove GPL file by @​canadacow in #​583

New Contributors

• @​kwkelly made their first contribution in #​578
• @​canadacow made their first contribution in #​583

Full Changelog: gabriel-vasile/mimetype@v1.4.5...v1.4.6

v1.4.5

Compare Source

What's Changed

• json: improve performance by using a pool of scanners in #​535
• tar: remove strconv dependency for tar checksum octal numbers in #​536
• zip: use []byte instead of string to prevent allocs in #​537
• remove tarbomb from testdata folder in #​540
• Updating RTF Magic number to match https://www.iana.org/assignments/media-types/application/rtf by @​zdiff in #​544
• alias text/rtf to application/rtf in #​547
• reduce project size by moving mimetype.gif to testdata in #​548
• Bump golang.org/x/net from 0.25.0 to 0.27.0 in the gomod group across 1 directory by @​dependabot in #​552
• remove exe from testdata in #​561

New Contributors

• @​zdiff made their first contribution in #​544

Full Changelog: gabriel-vasile/mimetype@v1.4.4...v1.4.5

v1.4.4

Compare Source

What's Changed

Security fixes:

Update golang.org/x/net to latest. Fixes: CVE-2023-45288

Performance improvements:

• Change tar detection to use checksum instead of legal ranges of values in #​466
• ftyp: exit asap to prevent mem allocs in #​517
• Improve x-subrip detection performance in #​524
• improve performance for text detection in #​532
• Using io.ReadAll instead of ioutil.ReadAll by @​phihungtf in #​525

Benchmarks:

before:
BenchmarkText/application/x-ndjson-8              663314              2027 ns/op            4306 B/op          6 allocs/op
BenchmarkSliceRand-8                              688160              1690 ns/op             728 B/op         75 allocs/op
BenchmarkSrt-8                                    946042              1089 ns/op            4240 B/op          5 allocs/op
after:
BenchmarkText/application/x-ndjson-8             1930292               678.6 ns/op           160 B/op          4 allocs/op
BenchmarkSliceRand-8                             1232066              1173 ns/op             160 B/op          4 allocs/op
BenchmarkSrt-8                                   3235448               368.8 ns/op            64 B/op          2 allocs/op

New Contributors

• @​phihungtf made their first contribution in #​525

Full Changelog: gabriel-vasile/mimetype@v1.4.3...v1.4.4

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux-kflux-prd-rh02]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: downloading github.com/gabriel-vasile/mimetype v1.4.13
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9
go: github.com/openshift-hyperfleet/hyperfleet-api/pkg/api imports
	github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi: cannot find module providing package github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi
go: module github.com/bxcodec/faker/v3 is deprecated: use github.com/go-faker/faker/v4 instead.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign aredenba-rh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated indirect dependencies to maintain stability and compatibility.

Walkthrough

The pull request updates the go.mod file to bump the indirect dependency github.com/gabriel-vasile/mimetype from version v1.4.3 to v1.4.13. This is a single-line change affecting only the dependency version specification. No other module settings, configurations, or dependencies are modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: updating the github.com/gabriel-vasile/mimetype module from v1.4.3 to v1.4.13.
Description check	✅ Passed	The description is directly related to the changeset, containing detailed release notes, changelog information, and configuration details about the dependency update.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/github.com-gabriel-vasile-mimetype-1.x

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 78: The go.mod declares github.com/gabriel-vasile/mimetype v1.4.13 but
go.sum still has v1.4.3 hashes; run `go mod tidy` locally to refresh module
checksums so go.sum contains the v1.4.13 entries, then commit the updated
go.sum; optionally also verify and align any related module versions (e.g.,
hyperfleet-adapter) if you want consistency across repos.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 68949b9b-3fa2-4648-817e-420821375a27

📥 Commits

Reviewing files that changed from the base of the PR and between 0f2e440 and 961ef74.

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify mimetype v1.4.13 exists and check for security advisories

echo "=== Checking if v1.4.13 exists on GitHub ==="
gh api repos/gabriel-vasile/mimetype/releases --jq '.[] | select(.tag_name == "v1.4.13") | {tag_name, published_at, name}'

echo -e "\n=== Checking for security advisories for github.com/gabriel-vasile/mimetype ==="
gh api graphql -f query='
{
  securityVulnerabilities(first: 10, ecosystem: GO, package: "github.com/gabriel-vasile/mimetype") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

echo -e "\n=== Verifying version v1.4.13 is available on Go proxy ==="
curl -s "https://proxy.golang.org/github.com/gabriel-vasile/mimetype/@v/v1.4.13.info" | jq '.'

Repository: openshift-hyperfleet/hyperfleet-api

Length of output: 811

---

🌐 Web query:

gabriel-vasile mimetype v1.4.13 security vulnerabilities CVE

💡 Result:

No known security vulnerabilities or CVEs specifically affect gabriel-vasile/mimetype version 1.4.13. The project's GitHub security overview states there are no published security advisories [1]. The v1.4.13 release notes mention only new format supports and performance improvements, with no security fixes [2]. Earlier versions addressed inherited vulnerabilities from dependencies like golang.org/x/net CVE-2023-45288 in v1.4.4 [3][4], and other issues in v1.4.6+ and v1.4.8 (CVE-2024-45338) [5], but v1.4.13 postdates these. Some scanners flag false positives from test files containing old Go stdlib CVEs, but these do not impact the library [5][6].

Citations:

• 1: https://github.com/gabriel-vasile/mimetype/security
• 2: https://github.com/gabriel-vasile/mimetype/releases/tag/v1.4.13
• 3: https://newreleases.io/project/github/gabriel-vasile/mimetype/release/v1.4.4
• 4: https://github.com/gabriel-vasile/mimetype/releases/tag/v1.4.4
• 5: CVEs in gabriel-vasile/mimetype package  gin-gonic/gin#4086
• 6: Underlying code vulnerable to CWE-252 gabriel-vasile/mimetype#528

---

🏁 Script executed:

#!/bin/bash
# Check the actual go.mod file to confirm the version change
echo "=== Inspecting go.mod file ==="
cat -n go.mod | grep -A 2 -B 2 "gabriel-vasile/mimetype"

echo -e "\n=== Checking go.sum for related entries ==="
grep "gabriel-vasile/mimetype" go.sum

Repository: openshift-hyperfleet/hyperfleet-api

Length of output: 619

---

🏁 Script executed:

#!/bin/bash
# Get complete go.sum to verify all mimetype entries
echo "=== Complete go.sum for all mimetype versions ==="
grep -E "github.com/gabriel-vasile/mimetype" go.sum | sort -V

echo -e "\n=== Full go.mod dependency section around mimetype ==="
cat go.mod | sed -n '/require/,/^)/p' | grep -A 3 -B 3 "gabriel-vasile"

Repository: openshift-hyperfleet/hyperfleet-api

Length of output: 709

---

🏁 Script executed:

#!/bin/bash
# Check if go.sum needs v1.4.13 hashes
echo "=== Searching for any v1.4.13 references in repo ==="
find . -type f -name "*.mod" -o -name "*.sum" | xargs grep -l "v1.4.13" 2>/dev/null || echo "No v1.4.13 found in module files"

echo -e "\n=== Check if there are go.sum entries expected ==="
echo "If go.mod has v1.4.13, go.sum should have corresponding hashes"
echo "Current state:"
echo "- go.mod has v1.4.13: YES"
echo "- go.sum has v1.4.13: NO (only v1.4.3 found)"

Repository: openshift-hyperfleet/hyperfleet-api

Length of output: 369

---

🏁 Script executed:

#!/bin/bash
# Check what's in .bingo/golangci-lint.sum
echo "=== Checking .bingo/golangci-lint.sum ==="
grep "gabriel-vasile/mimetype" .bingo/golangci-lint.sum

echo -e "\n=== Summary of inconsistency ==="
echo "Status: go.mod declares v1.4.13 but go.sum only has v1.4.3 hashes"
echo "This mismatch needs resolution before merging."

Repository: openshift-hyperfleet/hyperfleet-api

Length of output: 268

---

Update go.sum with v1.4.13 hashes to resolve go.mod/go.sum mismatch.

The go.mod file declares github.com/gabriel-vasile/mimetype v1.4.13 but go.sum still contains only v1.4.3 hashes. This inconsistency prevents proper dependency resolution. Run go mod tidy to update go.sum with the correct v1.4.13 hash entries.

The v1.4.13 version is valid and available; however, the release notes indicate this version includes performance improvements and new format support—not security fixes as the PR description may have suggested. Additionally, consider aligning hyperfleet-adapter from v1.4.12 to v1.4.13 to maintain consistency across repositories, though this is not a blocker.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 78, The go.mod declares github.com/gabriel-vasile/mimetype
v1.4.13 but go.sum still has v1.4.3 hashes; run `go mod tidy` locally to refresh
module checksums so go.sum contains the v1.4.13 entries, then commit the updated
go.sum; optionally also verify and align any related module versions (e.g.,
hyperfleet-adapter) if you want consistency across repos.

[ciaranRoche]

Closing: superseded by renovate.json config in #158 (HYPERFLEET-1095). MintMaker will re-create grouped updates on the next Monday cycle.

[red-hat-konflux-kflux-prd-rh02]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v1.4.13). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.