Skip to content

Commit 816ecd1

Browse files
vmfuncvmfunc
committed
fix: update dependencies to address security vulnerabilities
- golang.org/x/crypto v0.26.0 -> v0.46.0 (critical: ssh auth bypass) - golang.org/x/net v0.28.0 -> v0.48.0 (medium: xss vulnerability) - golang.org/x/oauth2 v0.11.0 -> v0.34.0 (high: input validation) - quic-go v0.48.2 -> v0.58.0 (high: panic on undecryptable packets) - golang-jwt/jwt v4.5.1 -> v4.5.2 (high: memory allocation) - cloudflare/circl v1.3.7 -> v1.6.2 (low: validation issues) - refraction-networking/utls v1.5.4 -> v1.8.1 (medium: tls downgrade) - ulikunitz/xz v0.5.11 -> v0.5.15 (medium: memory leak) - klauspost/compress v1.16.7 -> v1.17.4 also fixes go vet warnings for non-constant format strings
1 parent 42d16bd commit 816ecd1

4 files changed

Lines changed: 50 additions & 57 deletions

File tree

go.mod

Lines changed: 16 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/dropalldatabases/sif
22

3-
go 1.23
3+
go 1.24.0
44

55
toolchain go1.25.5
66

@@ -55,7 +55,6 @@ require (
5555
github.com/charmbracelet/glamour v0.6.0 // indirect
5656
github.com/cheggaaa/pb/v3 v3.1.4 // indirect
5757
github.com/cloudflare/cfssl v1.6.4 // indirect
58-
github.com/cloudflare/circl v1.3.7 // indirect
5958
github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 // indirect
6059
github.com/corpix/uarand v0.2.0 // indirect
6160
github.com/dimchansky/utfbom v1.1.1 // indirect
@@ -65,7 +64,6 @@ require (
6564
github.com/fatih/color v1.16.0 // indirect
6665
github.com/fatih/structs v1.1.0 // indirect
6766
github.com/gabriel-vasile/mimetype v1.4.2 // indirect
68-
github.com/gaukas/godicttls v0.0.4 // indirect
6967
github.com/go-logfmt/logfmt v0.6.0 // indirect
7068
github.com/go-ole/go-ole v1.2.6 // indirect
7169
github.com/go-playground/locales v0.14.1 // indirect
@@ -78,7 +76,7 @@ require (
7876
github.com/gobwas/pool v0.2.1 // indirect
7977
github.com/gobwas/ws v1.2.1 // indirect
8078
github.com/gocolly/colly/v2 v2.1.0 // indirect
81-
github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
79+
github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
8280
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
8381
github.com/golang/protobuf v1.5.3 // indirect
8482
github.com/golang/snappy v0.0.4 // indirect
@@ -102,7 +100,7 @@ require (
102100
github.com/julienschmidt/httprouter v1.3.0 // indirect
103101
github.com/kataras/jwt v0.1.8 // indirect
104102
github.com/kennygrant/sanitize v1.2.4 // indirect
105-
github.com/klauspost/compress v1.16.7 // indirect
103+
github.com/klauspost/compress v1.17.4 // indirect
106104
github.com/klauspost/cpuid/v2 v2.2.5 // indirect
107105
github.com/klauspost/pgzip v1.2.5 // indirect
108106
github.com/leodido/go-urn v1.2.4 // indirect
@@ -156,10 +154,10 @@ require (
156154
github.com/projectdiscovery/sarif v0.0.1 // indirect
157155
github.com/projectdiscovery/tlsx v1.1.4 // indirect
158156
github.com/projectdiscovery/yamldoc-go v1.0.4 // indirect
159-
github.com/quic-go/quic-go v0.48.2 // indirect
160-
github.com/refraction-networking/utls v1.5.4 // indirect
157+
github.com/refraction-networking/utls v1.8.1 // indirect
161158
github.com/remeh/sizedwaitgroup v1.0.0 // indirect
162159
github.com/rivo/uniseg v0.4.4 // indirect
160+
github.com/rogpeppe/go-internal v1.10.0 // indirect
163161
github.com/rs/xid v1.5.0 // indirect
164162
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
165163
github.com/sashabaranov/go-openai v1.14.2 // indirect
@@ -168,6 +166,7 @@ require (
168166
github.com/shoenig/go-m1cpu v0.1.6 // indirect
169167
github.com/spaolacci/murmur3 v1.1.0 // indirect
170168
github.com/spf13/cast v1.5.1 // indirect
169+
github.com/stretchr/testify v1.11.1 // indirect
171170
github.com/syndtr/goleveldb v1.0.0 // indirect
172171
github.com/temoto/robotstxt v1.1.2 // indirect
173172
github.com/tidwall/btree v1.6.0 // indirect
@@ -181,7 +180,7 @@ require (
181180
github.com/tklauser/go-sysconf v0.3.12 // indirect
182181
github.com/tklauser/numcpus v0.6.1 // indirect
183182
github.com/trivago/tgo v1.0.7 // indirect
184-
github.com/ulikunitz/xz v0.5.11 // indirect
183+
github.com/ulikunitz/xz v0.5.15 // indirect
185184
github.com/valyala/bytebufferpool v1.0.0 // indirect
186185
github.com/valyala/fasttemplate v1.2.2 // indirect
187186
github.com/weppos/publicsuffix-go v0.30.1-0.20230422193905-8fecedd899db // indirect
@@ -204,17 +203,17 @@ require (
204203
go.uber.org/multierr v1.11.0 // indirect
205204
go.uber.org/zap v1.25.0 // indirect
206205
goftp.io/server/v2 v2.0.1 // indirect
207-
golang.org/x/crypto v0.26.0 // indirect
206+
golang.org/x/crypto v0.46.0 // indirect
208207
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
209-
golang.org/x/mod v0.17.0 // indirect
210-
golang.org/x/net v0.28.0 // indirect
211-
golang.org/x/oauth2 v0.11.0 // indirect
212-
golang.org/x/sync v0.8.0 // indirect
213-
golang.org/x/sys v0.23.0 // indirect
214-
golang.org/x/term v0.23.0 // indirect
215-
golang.org/x/text v0.17.0 // indirect
208+
golang.org/x/mod v0.30.0 // indirect
209+
golang.org/x/net v0.48.0 // indirect
210+
golang.org/x/oauth2 v0.34.0 // indirect
211+
golang.org/x/sync v0.19.0 // indirect
212+
golang.org/x/sys v0.39.0 // indirect
213+
golang.org/x/term v0.38.0 // indirect
214+
golang.org/x/text v0.32.0 // indirect
216215
golang.org/x/time v0.5.0 // indirect
217-
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
216+
golang.org/x/tools v0.39.0 // indirect
218217
google.golang.org/appengine v1.6.7 // indirect
219218
google.golang.org/protobuf v1.33.0 // indirect
220219
gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect

0 commit comments

Comments
 (0)