From fac5b693409282dab7dbf2e86dfe4dd7cf16f1c2 Mon Sep 17 00:00:00 2001 From: Michael Primeaux Date: Fri, 8 May 2026 07:07:18 -0500 Subject: [PATCH] debt: Updated dependencies to latest stable versions. --- .github/workflows/ci.yaml | 2 +- .github/workflows/release.yaml | 2 +- CHANGELOG/CHANGELOG-1.x.md | 18 ++++++- go.mod | 10 ++-- go.sum | 20 ++++---- .../sixafter/aes-ctr-drbg/README.md | 4 +- .../github.com/sixafter/prng-chacha/README.md | 4 +- .../golang.org/x/sys/cpu/cpu_other_arm64.go | 2 +- vendor/golang.org/x/sys/cpu/cpu_windows.go | 26 ++++++++++ .../golang.org/x/sys/cpu/cpu_windows_arm64.go | 38 +++++++++++++++ vendor/golang.org/x/sys/cpu/zcpu_windows.go | 48 +++++++++++++++++++ vendor/modules.txt | 10 ++-- 12 files changed, 156 insertions(+), 28 deletions(-) create mode 100644 vendor/golang.org/x/sys/cpu/cpu_windows.go create mode 100644 vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go create mode 100644 vendor/golang.org/x/sys/cpu/zcpu_windows.go diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 65d8735..9575bbc 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -81,7 +81,7 @@ jobs: # Ref: https://github.com/SonarSource/sonarqube-scan-action - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v7 + uses: SonarSource/sonarqube-scan-action@v8 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} GITHUB_USER: ${{ github.actor }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2b7d5bc..82e12fe 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -63,7 +63,7 @@ jobs: # Ref: https://github.com/sigstore/cosign-installer - name: Install Cosign - uses: sigstore/cosign-installer@v4.1.1 + uses: sigstore/cosign-installer@v4.1.2 # Ref: https://github.com/anchore/sbom-action - name: Generate SBOM via Syft diff --git a/CHANGELOG/CHANGELOG-1.x.md b/CHANGELOG/CHANGELOG-1.x.md index ea627d7..c2108b2 100644 --- a/CHANGELOG/CHANGELOG-1.x.md +++ b/CHANGELOG/CHANGELOG-1.x.md @@ -17,6 +17,21 @@ Date format: `YYYY-MM-DD` ### Fixed ### Security +--- + +## [1.47.2] - 2026-05-08 + +### Added +### Changed +- **debt:** Upgraded to [sixafter/nanoid@v1.64.2](https://github.com/sixafter/nanoid/releases/tag/v1.64.2). +- **debt:** Upgraded dependencies to their latest stable versions. + +### Deprecated +### Removed +### Fixed +### Security + + --- ## [1.47.1] - 2026-04-08 @@ -784,7 +799,8 @@ Date format: `YYYY-MM-DD` ### Fixed ### Security -[Unreleased]: https://github.com/sixafter/nanoid-cli/compare/v1.47.1...HEAD +[Unreleased]: https://github.com/sixafter/nanoid-cli/compare/v1.47.2...HEAD +[1.47.2]: https://github.com/sixafter/nanoid-cli/compare/v1.47.1...v1.47.2 [1.47.1]: https://github.com/sixafter/nanoid-cli/compare/v1.47.0...v1.47.1 [1.47.0]: https://github.com/sixafter/nanoid-cli/compare/v1.46.0...v1.47.0 [1.46.0]: https://github.com/sixafter/nanoid-cli/compare/v1.45.0...v1.46.0 diff --git a/go.mod b/go.mod index b44f55d..4250290 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ go 1.26 require ( github.com/dustin/go-humanize v1.0.1 - github.com/sixafter/nanoid v1.64.1 + github.com/sixafter/nanoid v1.64.2 github.com/sixafter/semver v1.12.0 github.com/spf13/cobra v1.10.2 github.com/stretchr/testify v1.11.1 @@ -19,10 +19,10 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/sixafter/aes-ctr-drbg v1.19.0 // indirect - github.com/sixafter/prng-chacha v1.16.1 // indirect + github.com/sixafter/aes-ctr-drbg v1.19.1 // indirect + github.com/sixafter/prng-chacha v1.16.2 // indirect github.com/spf13/pflag v1.0.10 // indirect - golang.org/x/crypto v0.49.0 // indirect - golang.org/x/sys v0.43.0 // indirect + golang.org/x/crypto v0.50.0 // indirect + golang.org/x/sys v0.44.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 248859a..7e6f131 100644 --- a/go.sum +++ b/go.sum @@ -10,12 +10,12 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sixafter/aes-ctr-drbg v1.19.0 h1:F8hy3L1xcGKWxJZwe/C7xBC8JOqYXwlubrpJpQJ3jWg= -github.com/sixafter/aes-ctr-drbg v1.19.0/go.mod h1:iOBiPPkiy5Z5cEWm2yCoqEtnkfafxNTokJLL0zOPZeQ= -github.com/sixafter/nanoid v1.64.1 h1:bGebqkPC8jU4zoWzHo3UYFafTn967v5alTNsiwJ4Ikk= -github.com/sixafter/nanoid v1.64.1/go.mod h1:fyQMlhFN2YOwRMoDRNeHIZ0Dd+NxrxCkU8s2C72wedk= -github.com/sixafter/prng-chacha v1.16.1 h1:RI+xcPvunrHw5dBbj/hGDCsyUYyMgcBgKHxAcR0dIhI= -github.com/sixafter/prng-chacha v1.16.1/go.mod h1:mdr4XaoAPm+PnEVbjOBmVhM+1ZS3RdopGCjZyO7OHyQ= +github.com/sixafter/aes-ctr-drbg v1.19.1 h1:R0PVPYeCVe+d3I6ZcSs7m922MkIhu5xC5DCoAUdy2pk= +github.com/sixafter/aes-ctr-drbg v1.19.1/go.mod h1:iOBiPPkiy5Z5cEWm2yCoqEtnkfafxNTokJLL0zOPZeQ= +github.com/sixafter/nanoid v1.64.2 h1:87bk5Swb6KzkuCaeeTm8ovF6BL3a6QlvT40vPrt7MXs= +github.com/sixafter/nanoid v1.64.2/go.mod h1:2AQXhpdyZpogefqjPDaYPVDPQPWG5li23MY94gEW/gU= +github.com/sixafter/prng-chacha v1.16.2 h1:7d9YCuu6fYKKG58Nc433hSptaQ5o6SznReiB4HGNevI= +github.com/sixafter/prng-chacha v1.16.2/go.mod h1:eYa+/zivN1hPVOYkgkmcjbGfYKMXITpQ6+JA6+0uk9s= github.com/sixafter/semver v1.12.0 h1:OAC3ux2sExqKOJSPnxpeBTyprEfAKHna0OBh6SdhXRQ= github.com/sixafter/semver v1.12.0/go.mod h1:kIkw1gO0r6JtGoOam9xesWKqOFUH8kfTViLVbiC4WmA= github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= @@ -26,12 +26,12 @@ github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3A github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= +golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= +golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= golang.org/x/exp v0.0.0-20260112195511-716be5621a96 h1:Z/6YuSHTLOHfNFdb8zVZomZr7cqNgTJvA8+Qz75D8gU= golang.org/x/exp v0.0.0-20260112195511-716be5621a96/go.mod h1:nzimsREAkjBCIEFtHiYkrJyT+2uy9YZJB7H1k68CXZU= -golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= -golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= +golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/vendor/github.com/sixafter/aes-ctr-drbg/README.md b/vendor/github.com/sixafter/aes-ctr-drbg/README.md index 444c4e2..6dd4e77 100644 --- a/vendor/github.com/sixafter/aes-ctr-drbg/README.md +++ b/vendor/github.com/sixafter/aes-ctr-drbg/README.md @@ -117,10 +117,10 @@ For a detailed mapping between the implementation and NIST SP 800-90A requiremen To verify the integrity of the release tarball, you can use Cosign to check the signature and checksums. Follow these steps: ```sh -# Fetch the latest release tag from GitHub API (e.g., "v1.16.0") +# Fetch the latest release tag from GitHub API (e.g., "v1.19.0") TAG=$(curl -s https://api.github.com/repos/sixafter/aes-ctr-drbg/releases/latest | jq -r .tag_name) -# Remove leading "v" for filenames (e.g., "v1.16.0" -> "1.16.0") +# Remove leading "v" for filenames (e.g., "v1.19.0" -> "1.19.0") VERSION=${TAG#v} # --------------------------------------------------------------------- diff --git a/vendor/github.com/sixafter/prng-chacha/README.md b/vendor/github.com/sixafter/prng-chacha/README.md index bbe8649..d598835 100644 --- a/vendor/github.com/sixafter/prng-chacha/README.md +++ b/vendor/github.com/sixafter/prng-chacha/README.md @@ -57,10 +57,10 @@ Please see the [godoc](https://pkg.go.dev/github.com/sixafter/prng-chacha) for d To verify the integrity of the release tarball, you can use Cosign to check the signature against the public key. ```sh -# Fetch the latest release tag from GitHub API (e.g., "v1.14.0") +# Fetch the latest release tag from GitHub API (e.g., "v1.16.0") TAG=$(curl -s https://api.github.com/repos/sixafter/prng-chacha/releases/latest | jq -r .tag_name) -# Remove leading "v" for filenames (e.g., "v1.14.0" -> "1.14.0") +# Remove leading "v" for filenames (e.g., "v1.16.0" -> "1.16.0") VERSION=${TAG#v} # --------------------------------------------------------------------- diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go index 53f814d..6c7c5bf 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go +++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build !darwin && !linux && !netbsd && !openbsd && arm64 +//go:build !darwin && !linux && !netbsd && !openbsd && !windows && arm64 package cpu diff --git a/vendor/golang.org/x/sys/cpu/cpu_windows.go b/vendor/golang.org/x/sys/cpu/cpu_windows.go new file mode 100644 index 0000000..99ec8fd --- /dev/null +++ b/vendor/golang.org/x/sys/cpu/cpu_windows.go @@ -0,0 +1,26 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +//go:generate go run golang.org/x/sys/windows/mkwinsyscall -systemdll=false -output zcpu_windows.go cpu_windows.go + +//sys isProcessorFeaturePresent(ProcessorFeature uint32) (ret bool) = kernel32.IsProcessorFeaturePresent + +// The processor features to be tested for IsProcessorFeaturePresent, see +// https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-isprocessorfeaturepresent +const ( + _PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE = 30 + _PF_ARM_V8_CRC32_INSTRUCTIONS_AVAILABLE = 31 + _PF_ARM_V81_ATOMIC_INSTRUCTIONS_AVAILABLE = 34 + _PF_ARM_V82_DP_INSTRUCTIONS_AVAILABLE = 43 + + _PF_ARM_V83_JSCVT_INSTRUCTIONS_AVAILABLE = 44 + _PF_ARM_V83_LRCPC_INSTRUCTIONS_AVAILABLE = 45 + _PF_ARM_SVE_INSTRUCTIONS_AVAILABLE = 46 + _PF_ARM_SVE2_INSTRUCTIONS_AVAILABLE = 47 + + _PF_ARM_SHA3_INSTRUCTIONS_AVAILABLE = 64 + _PF_ARM_SHA512_INSTRUCTIONS_AVAILABLE = 65 +) diff --git a/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go new file mode 100644 index 0000000..034732e --- /dev/null +++ b/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go @@ -0,0 +1,38 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +func doinit() { + // set HasASIMD and HasFP to true as per + // https://learn.microsoft.com/en-us/cpp/build/arm64-windows-abi-conventions?view=msvc-170#base-requirements + // + // The ARM64 version of Windows always presupposes that it's running on an ARMv8 or later architecture. + // Both floating-point and NEON support are presumed to be present in hardware. + // + ARM64.HasASIMD = true + ARM64.HasFP = true + + if isProcessorFeaturePresent(_PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE) { + ARM64.HasAES = true + ARM64.HasPMULL = true + ARM64.HasSHA1 = true + ARM64.HasSHA2 = true + } + ARM64.HasSHA3 = isProcessorFeaturePresent(_PF_ARM_SHA3_INSTRUCTIONS_AVAILABLE) + ARM64.HasCRC32 = isProcessorFeaturePresent(_PF_ARM_V8_CRC32_INSTRUCTIONS_AVAILABLE) + ARM64.HasSHA512 = isProcessorFeaturePresent(_PF_ARM_SHA512_INSTRUCTIONS_AVAILABLE) + ARM64.HasATOMICS = isProcessorFeaturePresent(_PF_ARM_V81_ATOMIC_INSTRUCTIONS_AVAILABLE) + if isProcessorFeaturePresent(_PF_ARM_V82_DP_INSTRUCTIONS_AVAILABLE) { + ARM64.HasASIMDDP = true + ARM64.HasASIMDRDM = true + } + if isProcessorFeaturePresent(_PF_ARM_V83_LRCPC_INSTRUCTIONS_AVAILABLE) { + ARM64.HasLRCPC = true + ARM64.HasSM3 = true + } + ARM64.HasSVE = isProcessorFeaturePresent(_PF_ARM_SVE_INSTRUCTIONS_AVAILABLE) + ARM64.HasSVE2 = isProcessorFeaturePresent(_PF_ARM_SVE2_INSTRUCTIONS_AVAILABLE) + ARM64.HasJSCVT = isProcessorFeaturePresent(_PF_ARM_V83_JSCVT_INSTRUCTIONS_AVAILABLE) +} diff --git a/vendor/golang.org/x/sys/cpu/zcpu_windows.go b/vendor/golang.org/x/sys/cpu/zcpu_windows.go new file mode 100644 index 0000000..6411a7a --- /dev/null +++ b/vendor/golang.org/x/sys/cpu/zcpu_windows.go @@ -0,0 +1,48 @@ +// Code generated by 'go generate'; DO NOT EDIT. + +package cpu + +import ( + "syscall" + "unsafe" +) + +var _ unsafe.Pointer + +// Do the interface allocations only once for common +// Errno values. +const ( + errnoERROR_IO_PENDING = 997 +) + +var ( + errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING) + errERROR_EINVAL error = syscall.EINVAL +) + +// errnoErr returns common boxed Errno values, to prevent +// allocations at runtime. +func errnoErr(e syscall.Errno) error { + switch e { + case 0: + return errERROR_EINVAL + case errnoERROR_IO_PENDING: + return errERROR_IO_PENDING + } + // TODO: add more here, after collecting data on the common + // error values see on Windows. (perhaps when running + // all.bat?) + return e +} + +var ( + modkernel32 = syscall.NewLazyDLL("kernel32.dll") + + procIsProcessorFeaturePresent = modkernel32.NewProc("IsProcessorFeaturePresent") +) + +func isProcessorFeaturePresent(ProcessorFeature uint32) (ret bool) { + r0, _, _ := syscall.SyscallN(procIsProcessorFeaturePresent.Addr(), uintptr(ProcessorFeature)) + ret = r0 != 0 + return +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 72c0664..c3d7fbe 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -10,13 +10,13 @@ github.com/inconshreveable/mousetrap # github.com/pmezard/go-difflib v1.0.0 ## explicit github.com/pmezard/go-difflib/difflib -# github.com/sixafter/aes-ctr-drbg v1.19.0 +# github.com/sixafter/aes-ctr-drbg v1.19.1 ## explicit; go 1.26 github.com/sixafter/aes-ctr-drbg -# github.com/sixafter/nanoid v1.64.1 +# github.com/sixafter/nanoid v1.64.2 ## explicit; go 1.26 github.com/sixafter/nanoid -# github.com/sixafter/prng-chacha v1.16.1 +# github.com/sixafter/prng-chacha v1.16.2 ## explicit; go 1.26 github.com/sixafter/prng-chacha # github.com/sixafter/semver v1.12.0 @@ -32,11 +32,11 @@ github.com/spf13/pflag ## explicit; go 1.17 github.com/stretchr/testify/assert github.com/stretchr/testify/assert/yaml -# golang.org/x/crypto v0.49.0 +# golang.org/x/crypto v0.50.0 ## explicit; go 1.25.0 golang.org/x/crypto/chacha20 golang.org/x/crypto/internal/alias -# golang.org/x/sys v0.43.0 +# golang.org/x/sys v0.44.0 ## explicit; go 1.25.0 golang.org/x/sys/cpu # gopkg.in/yaml.v3 v3.0.1