mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-07-09 16:00:59 +00:00
Pin Go toolchain to 1.25.9 and bump x/net to 0.51.0
Clears 11 govulncheck findings on release/5.1: - 10 in the Go standard library (crypto/x509 auth bypass and panics, crypto/tls TLS 1.3 KeyUpdate DoS, archive/tar unbounded allocation, html/template XSS, os.Root filesystem escape, net/url IPv6 parse) — fixed by 1.25.9 - 1 in golang.org/x/net (HTTP/2 frame panic, GO-2026-4559) — fixed by 0.51.0 CI uses go-version-file: go.mod with setup-go@v5, which honors the toolchain directive, so workflow builds will pick up 1.25.9. Verified govulncheck reports no vulnerabilities and full Go test suite outcome is unchanged from the v5.1.28 baseline (the TestSetupScriptTokenLifecycleIntegration_PVE failures are pre-existing on release/5.1 and unrelated to the bump).
This commit is contained in:
parent
570fd31548
commit
94b5bb1b28
2 changed files with 5 additions and 3 deletions
4
go.mod
4
go.mod
|
|
@ -2,6 +2,8 @@ module github.com/rcourtman/pulse-go-rewrite
|
|||
|
||||
go 1.25.0
|
||||
|
||||
toolchain go1.25.9
|
||||
|
||||
require (
|
||||
github.com/IGLOU-EU/go-wildcard/v2 v2.1.0
|
||||
github.com/coreos/go-oidc/v3 v3.17.0
|
||||
|
|
@ -98,7 +100,7 @@ require (
|
|||
go.opentelemetry.io/otel/trace v1.43.0 // indirect
|
||||
go.yaml.in/yaml/v2 v2.4.3 // indirect
|
||||
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
|
||||
golang.org/x/net v0.50.0 // indirect
|
||||
golang.org/x/net v0.51.0 // indirect
|
||||
golang.org/x/text v0.34.0 // indirect
|
||||
golang.org/x/time v0.14.0 // indirect
|
||||
google.golang.org/protobuf v1.36.11 // indirect
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -235,8 +235,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
|
|||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
|
||||
golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
|
||||
golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
|
||||
golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
|
||||
golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
|
||||
golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue