From 2f2a8a200bdccd123eda2b03f00832cb2cba0c42 Mon Sep 17 00:00:00 2001 From: Atanas Janeshliev Date: Fri, 20 Jun 2025 16:19:12 +0200 Subject: [PATCH] chore(BRIDGE-392): bump go to 1.24.4 --- go.mod | 6 +++--- go.sum | 8 ++++---- utils/govulncheck.sh | 14 +++++++------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index b033c2a4..21ea9562 100644 --- a/go.mod +++ b/go.mod @@ -2,14 +2,14 @@ module github.com/ProtonMail/proton-bridge/v3 go 1.24 -toolchain go1.24.2 +toolchain go1.24.4 require ( github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557 github.com/Masterminds/semver/v3 v3.2.0 - github.com/ProtonMail/gluon v0.17.1-0.20250611120816-05167d499f8d + github.com/ProtonMail/gluon v0.17.1-0.20250623154646-37666f3f37a5 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a - github.com/ProtonMail/go-proton-api v0.4.1-0.20250417134000-e624a080f7ba + github.com/ProtonMail/go-proton-api v0.4.1-0.20250623152652-0808f8569b4c github.com/ProtonMail/gopenpgp/v2 v2.8.2-proton github.com/PuerkitoBio/goquery v1.8.1 github.com/abiosoft/ishell v2.0.0+incompatible diff --git a/go.sum b/go.sum index 086abd54..18ca0b47 100644 --- a/go.sum +++ b/go.sum @@ -36,8 +36,8 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE github.com/ProtonMail/bcrypt v0.0.0-20210511135022-227b4adcab57/go.mod h1:HecWFHognK8GfRDGnFQbW/LiV7A3MX3gZVs45vk5h8I= github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf h1:yc9daCCYUefEs69zUkSzubzjBbL+cmOXgnmt9Fyd9ug= github.com/ProtonMail/bcrypt v0.0.0-20211005172633-e235017c1baf/go.mod h1:o0ESU9p83twszAU8LBeJKFAAMX14tISa0yk4Oo5TOqo= -github.com/ProtonMail/gluon v0.17.1-0.20250611120816-05167d499f8d h1:45W7G+X0w7nzLzeB0eiFkGho5DTK1jNmmNbt3IhN524= -github.com/ProtonMail/gluon v0.17.1-0.20250611120816-05167d499f8d/go.mod h1:0/c03TzZPNiSgY5UDJK1iRDkjlDPwWugxTT6et2qDu8= +github.com/ProtonMail/gluon v0.17.1-0.20250623154646-37666f3f37a5 h1:opkO7CG/1HgBXw+nrzp6oIyh+bT6LvG1UH+wOh8hn+A= +github.com/ProtonMail/gluon v0.17.1-0.20250623154646-37666f3f37a5/go.mod h1:OMwmLjgk6yJHX/P5KPck9WOcBVWIJLvuGZjj/8Ts/cw= github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= github.com/ProtonMail/go-crypto v1.1.4-proton h1:KIo9uNlk3vzlwI7o5VjhiEjI4Ld1TDixOMnoNZyfpFE= github.com/ProtonMail/go-crypto v1.1.4-proton/go.mod h1:zNoyBJW3p/yVWiHNZgfTF9VsjwqYof5YY0M9kt2QaX0= @@ -45,8 +45,8 @@ github.com/ProtonMail/go-message v0.13.1-0.20240919135104-3bc88e6a9423 h1:p8nBDx github.com/ProtonMail/go-message v0.13.1-0.20240919135104-3bc88e6a9423/go.mod h1:NBAn21zgCJ/52WLDyed18YvYFm5tEoeDauubFqLokM4= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= -github.com/ProtonMail/go-proton-api v0.4.1-0.20250417134000-e624a080f7ba h1:DFBngZ7u/f69flRFzPp6Ipo6PKEyflJlA5OCh52yDB4= -github.com/ProtonMail/go-proton-api v0.4.1-0.20250417134000-e624a080f7ba/go.mod h1:eXIoLyIHxvPo8Kd9e1ygYIrAwbeWJhLi3vgSz2crlK4= +github.com/ProtonMail/go-proton-api v0.4.1-0.20250623152652-0808f8569b4c h1:jQPfgwy81uD/HFu16a5/Uz/71wtGOtPmh8GUElBU2jM= +github.com/ProtonMail/go-proton-api v0.4.1-0.20250623152652-0808f8569b4c/go.mod h1:VWJW4g0cT7zwdYjxjy1QDJegdFJItHHQ+M3jHKiI1hY= github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865 h1:EP1gnxLL5Z7xBSymE9nSTM27nRYINuvssAtDmG0suD8= github.com/ProtonMail/go-smtp v0.0.0-20231109081432-2b3d50599865/go.mod h1:qm27SGYgoIPRot6ubfQ/GpiPy/g3PaZAVRxiO/sDUgQ= github.com/ProtonMail/go-srp v0.0.7 h1:Sos3Qk+th4tQR64vsxGIxYpN3rdnG9Wf9K4ZloC1JrI= diff --git a/utils/govulncheck.sh b/utils/govulncheck.sh index a6907bda..eade108a 100755 --- a/utils/govulncheck.sh +++ b/utils/govulncheck.sh @@ -21,19 +21,19 @@ set -eo pipefail main(){ - go install golang.org/x/vuln/cmd/govulncheck@latest + echo "Using Go version:" + go version + echo + + ## go install golang.org/x/vuln/cmd/govulncheck@latest make gofiles - govulncheck -json ./... > vulns.json + GOTOOLCHAIN=auto go run golang.org/x/vuln/cmd/govulncheck@latest -json ./... > vulns.json jq -r '.finding | select( (.osv != null) and (.trace[0].function != null) ) | .osv ' < vulns.json > vulns_osv_ids.txt ignore GO-2023-2328 "GODT-3124 RESTY race condition" ignore GO-2025-3563 "BRIDGE-346 net/http request smuggling" - ignore GO-2025-3749 "BRIDGE-388 affects github.com/cloudflare/circl, not used" - ignore GO-2025-3750 "BRIDGE-388 net/http Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects" - ignore GO-2025-3751 "BRIDGE-388 affects syscall and os for symlink files" - ignore GO-2025-3754 "BRIDGE-388 crypto/x509 policy graphs" - + ignore GO-2025-3754 "BRIDGE-388 github.com/cloudflare/circl indirect import from gopenpgp; need to wait for upstream to patch" has_vulns