diff --git a/go.mod b/go.mod index 5190d553..1a6535eb 100644 --- a/go.mod +++ b/go.mod @@ -2,12 +2,14 @@ module github.com/ProtonMail/proton-bridge/v3 go 1.24.4 +toolchain go1.24.11 + require ( github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557 github.com/Masterminds/semver/v3 v3.2.0 - github.com/ProtonMail/gluon v0.17.1-0.20251127091939-17b9426ae8f7 + github.com/ProtonMail/gluon v0.17.1-0.20260108112233-b3e52866fa57 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a - github.com/ProtonMail/go-proton-api v0.4.1-0.20251127095056-9039cd6bf32a + github.com/ProtonMail/go-proton-api v0.4.1-0.20260108112223-c9e6b92ad1fc github.com/ProtonMail/gopenpgp/v2 v2.9.0-proton github.com/PuerkitoBio/goquery v1.8.1 github.com/abiosoft/ishell v2.0.0+incompatible @@ -42,7 +44,7 @@ require ( github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 github.com/pkg/errors v0.9.1 github.com/pkg/profile v1.7.0 - github.com/sirupsen/logrus v1.9.2 + github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.11.1 github.com/urfave/cli/v2 v2.24.4 github.com/vmihailenco/msgpack/v5 v5.3.5 @@ -69,7 +71,7 @@ require ( github.com/bytedance/sonic v1.9.1 // indirect github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect github.com/chzyer/test v1.0.0 // indirect - github.com/cloudflare/circl v1.6.0 // indirect + github.com/cloudflare/circl v1.6.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/cronokirby/saferith v0.33.0 // indirect github.com/cucumber/gherkin-go/v19 v19.0.3 // indirect diff --git a/go.sum b/go.sum index 7ca76b62..69e79e09 100644 --- a/go.sum +++ b/go.sum @@ -30,10 +30,10 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE github.com/ProtonMail/bcrypt v0.0.0-20210511135022-227b4adcab57/go.mod h1:HecWFHognK8GfRDGnFQbW/LiV7A3MX3gZVs45vk5h8I= github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf h1:yc9daCCYUefEs69zUkSzubzjBbL+cmOXgnmt9Fyd9ug= github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf/go.mod h1:o0ESU9p83twszAU8LBeJKFAAMX14tISa0yk4Oo5TOqo= -github.com/ProtonMail/gluon v0.17.1-0.20251105080301-a9b2986eafad h1:1j4229rgYMIc4H3eis6c78yTOkDy0tidGN/mclYyPco= -github.com/ProtonMail/gluon v0.17.1-0.20251105080301-a9b2986eafad/go.mod h1:OMwmLjgk6yJHX/P5KPck9WOcBVWIJLvuGZjj/8Ts/cw= github.com/ProtonMail/gluon v0.17.1-0.20251127091939-17b9426ae8f7 h1:PaqJBeXv30G45LFglNMUxChxzGPg+V870BplSGrt0RM= github.com/ProtonMail/gluon v0.17.1-0.20251127091939-17b9426ae8f7/go.mod h1:OMwmLjgk6yJHX/P5KPck9WOcBVWIJLvuGZjj/8Ts/cw= +github.com/ProtonMail/gluon v0.17.1-0.20260108112233-b3e52866fa57 h1:aH0EeiBq/5c1rNI/1xzAmJWKgf+nFcqrKCUTUUV4/Sc= +github.com/ProtonMail/gluon v0.17.1-0.20260108112233-b3e52866fa57/go.mod h1:YbW3CyxVxdbXiEGBwOxTW9nczPa8tA58HMkxosSf8bw= github.com/ProtonMail/go-autostart v0.0.0-20250402094843-326608c16033 h1:4r/ALoiixOOyjc1WhpwlkrcSFtRnc1GHWhk7ERELwbs= github.com/ProtonMail/go-autostart v0.0.0-20250402094843-326608c16033/go.mod h1:oTGdE7/DlWIr23G0IKW3OXK9wZ5Hw1GGiaJFccTvZi4= github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= @@ -47,10 +47,10 @@ github.com/ProtonMail/go-message v0.13.1-0.20240919135104-3bc88e6a9423 h1:p8nBDx github.com/ProtonMail/go-message v0.13.1-0.20240919135104-3bc88e6a9423/go.mod h1:NBAn21zgCJ/52WLDyed18YvYFm5tEoeDauubFqLokM4= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= -github.com/ProtonMail/go-proton-api v0.4.1-0.20250930094753-9c2b53694f72 h1:5CLHiWRSrACIpTyTe2kUbOjVObOui62MflHkQc2f+h8= -github.com/ProtonMail/go-proton-api v0.4.1-0.20250930094753-9c2b53694f72/go.mod h1:Xv7eeoGjaOLMZcjJj++yWNV99q5enByr0WcuF/ltTRA= github.com/ProtonMail/go-proton-api v0.4.1-0.20251127095056-9039cd6bf32a h1:g5A/1Jg7JR8MXucKDUJv48LnXq1mOSlI2yXo6/X4R/s= github.com/ProtonMail/go-proton-api v0.4.1-0.20251127095056-9039cd6bf32a/go.mod h1:Xv7eeoGjaOLMZcjJj++yWNV99q5enByr0WcuF/ltTRA= +github.com/ProtonMail/go-proton-api v0.4.1-0.20260108112223-c9e6b92ad1fc h1:azlBBcGC5Y6FuEFRCY16pXh8vy268C9JBS6oU/AA33k= +github.com/ProtonMail/go-proton-api v0.4.1-0.20260108112223-c9e6b92ad1fc/go.mod h1:aVHyE5kG38rm99RQYuP3wWn8QuJpM5Me6KHaIDD92Qs= github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865 h1:EP1gnxLL5Z7xBSymE9nSTM27nRYINuvssAtDmG0suD8= github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ= github.com/ProtonMail/go-srp v0.0.7 h1:Sos3Qk+th4tQR64vsxGIxYpN3rdnG9Wf9K4ZloC1JrI= @@ -102,8 +102,8 @@ github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04= github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= -github.com/cloudflare/circl v1.6.0 h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk= -github.com/cloudflare/circl v1.6.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= +github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= +github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -434,8 +434,8 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y= -github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= diff --git a/utils/govulncheck.sh b/utils/govulncheck.sh index 9813fad2..90a0db0d 100755 --- a/utils/govulncheck.sh +++ b/utils/govulncheck.sh @@ -31,23 +31,6 @@ main(){ jq -r '.finding | select( (.osv != null) and (.trace[0].function != null) ) | .osv ' < vulns.json > vulns_osv_ids.txt - ignore GO-2023-2328 "GODT-3124 RESTY race condition" - ignore GO-2025-3563 "BRIDGE-346 net/http request smuggling" - ignore GO-2025-3754 "BRIDGE-388 github.com/cloudflare/circl indirect import from gopenpgp; need to wait for upstream to patch" - ignore GO-2025-3849 "BRIDGE-416 database/sql race condition leading to potential data overwrite" - ignore GO-2025-3956 "BRIDGE-428 LookPath from os/exec may result in binaries listed in the path to be returned" - ignore GO-2025-4010 "BRIDGE-440 IPv6 parsing" - ignore GO-2025-4007 "BRIDGE-440 non-linear scaling w.r.t cert chain lenght when validating chains" - ignore GO-2025-4009 "BRIDGE-440 non-linear scaling w.r.t parsing PEM inputs" - ignore GO-2025-4015 "BRIDGE-440 Reader.ReadResponse excessive CPU usage" - ignore GO-2025-4008 "BRIDGE-440 ALPN negotiation failure contains attacker controlled information (not-escaped)" - ignore GO-2025-4012 "BRIDGE-440 potentially excessive memory usage on HTTP servers via cookies" - ignore GO-2025-4013 "BRIDGE-440 validating cert chains with DSA public keys may cause programs to panic" - ignore GO-2025-4011 "BRIDGE-440 pasing a maliciously crafted DER payloads could allocate excessive memory" - ignore GO-2025-4014 "BRIDGE-440 tarball extraction may read an unbounded amount of data from the archive into memory" - ignore GO-2025-4175 "BRIDGE-440 improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509" - ignore GO-2025-4155 "BRIDGE-440 excessive resource consumption when printing error string for host certificate validation in crypto/x509" - has_vulns echo