deps: bump golang.org/x/time from 0.5.0 to 0.15.0 in the golang-x group across 1 directory#154
Closed
dependabot[bot] wants to merge 424 commits into
Closed
deps: bump golang.org/x/time from 0.5.0 to 0.15.0 in the golang-x group across 1 directory#154dependabot[bot] wants to merge 424 commits into
dependabot[bot] wants to merge 424 commits into
Conversation
checkonly支持upgrade与redirect
新增checkonly的--match指定过滤器
修复redirect的wg计算错误的bug
- FingerEngine nil 检查防止未初始化时 panic (baseline.go, fingers.go) - 日志/颜色/指纹引擎/Extractor 注册增加状态检查, 防止 SDK 多次调用时重复设置 Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
… faster startup - go:generate now uses -embed flag to produce //go:embed binary data - templates.go reduced from 125KB base64 source to 0.9KB + 93KB .bin files - binary saves ~28KB (removes base64 decode overhead at runtime) - templates submodule updated with embed-aware generator Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Bug fixes: - Defer scopeLocker.Unlock in doScopeCrawl (deadlock on panic) - Defer statsMu.Unlock in recordStat (deadlock on panic) - Defer RUnlock in resource_provider.LoadConfig via inline func - Fix data race in invoke(): move bl field writes before doRedirect - Close response body on ReadAll error (connection leak) - Add defer raw.Close() for raw file parsing (fd leak) - Safe type assertion in load.go keyword parsing (panic on bad YAML) - Check ants pool creation errors in NewBrutePool/NewCheckPool New tests (15 test functions): - pool_test.go: scopeLocker panic recovery, cancel mid-processing, single-threaded map access, valid pool creation - runner_test.go: concurrent recordStat safety, nil stat handling - load_test.go: malformed YAML tolerance, valid YAML loading - e2e_test.go: normal brute scan, context cancellation, server errors, WAF behavior, multi-target check mode, mixed status codes CI hardening: - Add -race detector (Linux, -short mode) - Add -timeout 300s to prevent deadlock hangs Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Root cause: the atomic.Bool + polling monitor goroutine pattern had a race between wg.Wait() in the monitor and wg.Add(1) in the main loop. When the monitor observed done=true and started Wait, the main loop could still dispatch new work, causing Close().wg.Wait() to hang. Fix: replace with nil-channel + sync.Once pattern. When the word stream exhausts or limit is hit, worderCh is set to nil (disabling that select branch permanently), then a single goroutine waits for wg to reach zero. Since wg.Add(1) only occurs in the worderCh branch, nil-ing it before Wait guarantees no new Add after Wait starts — no race possible. Other fixes: - Task feeder goroutine now ctx-aware (prevents leak on cancel) - AddPool checks Invoke error (prevents poolwg counter mismatch) - Revert resource_provider IIFE (reading a struct field cannot panic) - Remove E2E -short skip (race is fixed, full coverage in CI) - Fix Go 1.24+ vet: non-constant format strings in Init() Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Root cause: doCheck() called reqPool.Invoke() from the Handler goroutine. When all reqPool workers blocked on sendProcess waiting for Handler to drain processCh, and Handler blocked on Invoke waiting for a free worker, a circular wait formed. Fix: doCheck now uses addAddition() to submit check requests via additionCh consumed by the Run loop, breaking the circular dependency. Before: 16 targets x 500 words = HANG (>130s) After: 16 targets x 500 words = 1.8s Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
…fter fingerprint detection Supports check mode (exploit verification via finger field) and brute mode (default credential testing via zombie/tags field). POC templates are only executed against targets whose fingerprints match, avoiding blind scanning. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
…ncel When ctx is cancelled (e.g. IsFailed threshold), the Run loop breaks and stops reading additionCh. But doCheck (now via addAddition) may have queued items with wg.Add(1) that no one consumes. Close().wg.Wait() hangs forever. Fix: spawn a drain goroutine in Close() before wg.Wait() that consumes and Done()s remaining additionCh items, then close the channel after Wait returns. Verified: 16 IPs x 2 ports x 1000 words completes with EXIT 0. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Fingers now defaults to RE2 regex engine with AC pre-filtering. No build tag changes needed — RE2 is the new default. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
The file was referenced by //go:embed but never committed, causing build failures when consumed as a remote Go module. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
go generate with the updated templates submodule (7d5675c) produces different embedded data and code. Key changes: - cmd/cmd.go: logs.Info/Important → logs.InfoLevel/ImportantLevel - pkg/templates.go: remove proton_rules.bin/neutron.bin embeds (no longer needed) - core/baseline: use ProtonExtract instead of Extractors.Extract - core/format: list proton extractor names - Update embedded binary data files Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
The replace pinned a pre-v1.0.3 pseudo-version up to the v1.0.3 release. proxyclient v1.1.0 is now published, so require it directly and remove the replace. Core schemes (SOCKS/SOCKS5/HTTP/HTTPS) cover spray's proxy use; the extra protocols (trojan/vmess/ssh/...) are split into separate modules in v1.1.0 but spray doesn't use them. go build ./... passes. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
gomod (grouped golang.org/x/* and chainreactors/*) plus github-actions where present. No ignore on chainreactors/* so inter-repo deps are auto-updated. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
…, and new rules - parsers.Extracted: add Severity and Items (ExtractItem with ctx/line/offset) - ProtonExtract: preserve severity from templates, capture N-char context around matches - Add --extract-context CLI flag (default 0, e.g. --extract-context 50) - Add word matchers pre-filtering to 14 existing templates for performance - Add 9 new HaE-inspired rules: lfi-indicator, upload-form, url-as-value, location-redirect, mac-address, sensitive-field, linkfinder, url-schemes, authorization-header - Total proton templates: 45 (was 35) - Update ColorString/TreeString to render severity and context - Comprehensive tests for severity, context, new templates, tag mappings Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Fix proton import path change: protocols/file -> proton/file Remove local replace directive for parsers Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Mirrors gogo's ResourceLoader pattern. SDK spray engine sets it to no-op after init, preventing RunWithArgs from reloading ports/fingers/templates. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Bumps the golang-x group with 1 update in the / directory: [golang.org/x/time](https://github.com/golang/time). Updates `golang.org/x/time` from 0.5.0 to 0.15.0 - [Commits](golang/time@v0.5.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/time dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/go_modules/golang-x-f66dd7e7cc
branch
from
7e7914c to
f856724
Compare
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the golang-x group with 1 update in the / directory: golang.org/x/time.
Updates
golang.org/x/timefrom 0.5.0 to 0.15.0Commits
812b343all: upgrade go directive to at least 1.25.0 [generated]2b4e439rate: use time.Time.Equal instead of ==c0b0320all: upgrade go directive to at least 1.24.0 [generated]1616a7frate: skip time.Now call in Sometimes.Do unless necessary0c50ed8all: upgrade go directive to at least 1.23.0 [generated]66520f6rate: simplify function advance only returns new Tokens to caller2c6c5a2rate: prevent overflows when calculating durationFromTokens1ce61ferate: make function comment match function name3846194README: don't recommend go get772484ex/time/rate: correctly handle 0 limits