sif/pkg/scan at 816ecd1e46fd6e72697518fe1185fb49fcd66cb5 - sif

mirror of https://github.com/lunchcat/sif.git synced 2026-01-12 13:05:20 -08:00

Files

Celeste Hickenlooper 816ecd1e46 fix: update dependencies to address security vulnerabilities

- golang.org/x/crypto v0.26.0 -> v0.46.0 (critical: ssh auth bypass)
- golang.org/x/net v0.28.0 -> v0.48.0 (medium: xss vulnerability)
- golang.org/x/oauth2 v0.11.0 -> v0.34.0 (high: input validation)
- quic-go v0.48.2 -> v0.58.0 (high: panic on undecryptable packets)
- golang-jwt/jwt v4.5.1 -> v4.5.2 (high: memory allocation)
- cloudflare/circl v1.3.7 -> v1.6.2 (low: validation issues)
- refraction-networking/utls v1.5.4 -> v1.8.1 (medium: tls downgrade)
- ulikunitz/xz v0.5.11 -> v0.5.15 (medium: memory leak)
- klauspost/compress v1.16.7 -> v1.17.4

also fixes go vet warnings for non-constant format strings

2026-01-02 18:03:27 -08:00

license: switch to bsd 3-clause, update headers and readme

2026-01-02 17:41:18 -08:00

cloudstorage.go

license: switch to bsd 3-clause, update headers and readme

2026-01-02 17:41:18 -08:00

cms.go

license: switch to bsd 3-clause, update headers and readme

2026-01-02 17:41:18 -08:00

dirlist.go

license: switch to bsd 3-clause, update headers and readme

2026-01-02 17:41:18 -08:00