primal/athens
1
0
Fork 0
mirror of https://github.com/gomods/athens synced 2026-02-03 08:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,079 Commits 29 Branches 34 Tags
d2bf84a45dd57354dd53ff0b2a9d77eb2069516e
Commit Graph

1079 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Omar Trigui
d2bf84a45d fix(storage.md): correct redis endpoint format (#2082) 
## Fix Redis URL typo in documentation

Removed duplicate port number in Redis configuration example.
 2025-12-03 04:46:43 +02:00
dependabot[bot]
c442f90cb7 update-github-action(deps): bump actions/checkout from 5 to 6 (#2081) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-24 06:11:37 +02:00
dependabot[bot]
409131a4aa update-github-action(deps): bump golangci/golangci-lint-action (#2079) 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8 to 9.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v8...v9)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-10 05:08:43 +02:00
HDYA
d64bfc61b1 Update git-credential-github-app to version 0.3.4 (#2078) 2025-10-31 17:25:02 +01:00
William Fisher
cef941bf85 go.mod: vulnerabilities: bump go version to 1.23.12 for (#2077) 
`govulncheck` detects some vulnerabilities from the current builds that
are resolved by bumping the minor Go version to `.12`. I have kept the
major version the same.

On current `main`:

    $ go build -o athens ./cmd/proxy/main.go
    $ govulncheck -mode binary ./athens
    === Symbol Results ===

    Vulnerability #1: GO-2025-3956
        Unexpected paths returned from LookPath in os/exec
      More info: https://pkg.go.dev/vuln/GO-2025-3956
      Standard library
        Found in: os/exec@go1.23.5
        Fixed in: os/exec@go1.23.12
        Vulnerable symbols found:
          #1: exec.LookPath

    Vulnerability #2: GO-2025-3849
        Incorrect results returned from Rows.Scan in database/sql
      More info: https://pkg.go.dev/vuln/GO-2025-3849
      Standard library
        Found in: database/sql@go1.23.5
        Fixed in: database/sql@go1.23.12
        Vulnerable symbols found:
          #1: sql.Row.Scan
          #2: sql.Rows.Scan

    Vulnerability #3: GO-2025-3751
        Sensitive headers not cleared on cross-origin redirect in net/http
      More info: https://pkg.go.dev/vuln/GO-2025-3751
      Standard library
        Found in: net/http@go1.23.5
        Fixed in: net/http@go1.23.10
        Vulnerable symbols found:
          #1: http.Client.Do
          #2: http.Client.Get
          #3: http.Client.Head
          #4: http.Client.Post
          #5: http.Client.PostForm

    Vulnerability #4: GO-2025-3563
        Request smuggling due to acceptance of invalid chunked data in net/http
      More info: https://pkg.go.dev/vuln/GO-2025-3563
      Standard library
        Found in: net/http/internal@go1.23.5
        Fixed in: net/http/internal@go1.23.8
        Vulnerable symbols found:
          #1: internal.chunkedReader.Read

    Your code is affected by 4 vulnerabilities from the Go standard library.
    This scan also found 0 vulnerabilities in packages you import and 2
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

After version bump:

    $ go build -o athens ./cmd/proxy/main.go
    $ govulncheck -mode=binary ./athens 
    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 2
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.
 2025-10-23 16:24:05 +02:00
dependabot[bot]
28bc9a806c update-github-action(deps): bump github/codeql-action from 3 to 4 (#2076) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-13 05:15:04 +02:00
DrPsychick
5e91da642e chore: update container image to go 1.25.1 (#2074) 2025-10-05 22:10:40 +00:00
dependabot[bot]
d0d643ae82 update-github-action(deps): bump actions/setup-go from 5 to 6 (#2073) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 05:42:31 +02:00
DrPsychick
9c326020ac fix: add tzdata to image (#2072) 2025-09-26 15:44:01 -07:00
Steve Wills
8e313b60c3 use https if proxied (#2033) 2025-09-26 22:22:15 +02:00
DrPsychick
341bf97233 fix: use request.URL.Host if set (#2069) 2025-09-22 22:15:17 +02:00
dependabot[bot]
89cee24f3e update-github-action(deps): bump actions/upload-pages-artifact (#2068) 
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](https://github.com/actions/upload-pages-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-22 05:16:20 +02:00
DrPsychick
4205b65df4 feat: build docs and publish to GitHub pages (#2067) 
* try: build docs

* try: build docs

* try: publish

* try: verify publishing works on fork

* try: verify publishing works on fork

* try: publish pages using actions/deploy-pages

* try: publish pages using actions/deploy-pages

* try: publish pages using actions/deploy-pages

* try: publish pages using actions/deploy-pages

* feat: build docs and deploy to GitHub pages

* fix: run on PRs for main

* try: baseURL with custom domain

* try: baseURL with custom domain

* fix: revert baseURL with custom domain, it works.
 2025-09-21 19:54:59 +02:00
dependabot[bot]
825d457af1 update-github-action(deps): bump actions/setup-go from 5 to 6 (#2064) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v0.16.1 		2025-09-08 06:36:11 +02:00
dependabot[bot]
5d1d6045f9 update-github-action(deps): bump actions/checkout from 4 to 5 (#2063) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-13 06:25:55 +02:00
dependabot[bot]
caed52a6cd update-docker-image(deps): bump alpine from 3.20 to 3.22 in /cmd/proxy (#2062) 
Bumps alpine from 3.20 to 3.22.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: '3.22'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-13 05:39:09 +02:00
DrPsychick
5b7c76c159 fix: explicit alpine version, so dependabot detects it (#2061) 2025-08-13 00:29:49 +02:00
DrPsychick
086612a044 fix: enable dependabot for Dockerfile (#2060) 2025-08-11 04:55:16 +02:00
south-mer
11d674c8fb feat: GCP checksum (#2052) 2025-08-06 08:24:54 +02:00
Shantanu Gadgil
59253bd64d Update shared-team-instance.md (#2057) 2025-07-19 14:45:10 +02:00
Gerdriaan Mulder
5d36140c5c docfix: use GONOSUMDB on Athens' home page (#2056) 2025-07-19 14:41:09 +02:00
dependabot[bot]
47b69500c2 chore(deps): bump golang.org/x/oauth2 from 0.23.0 to 0.27.0 (#2058) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.23.0 to 0.27.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.23.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.27.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-19 14:31:56 +02:00
south-mer
25b890553a fix: move single-flight to stash (#2050) 2025-07-08 10:00:59 +02:00
south-mer
33f32fd3af Fix GCP Storage Backend Locking Issue (#2051) 2025-06-25 05:04:34 +02:00
Nicholas Wiersma
379144c07e chore: update workflows for consistency (#2053) 2025-06-23 09:41:14 +02:00
south-mer
24895f2a24 Fix no child processes error (#2048) 2025-05-14 13:38:07 +02:00
Nicholas Wiersma
d3db910e70 chore: update goreleaser config (#2045) 2025-04-19 12:30:15 +02:00
dependabot[bot]
b338559444 chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 (#2044) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.36.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.36.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v0.16.0 		2025-04-17 06:27:17 +02:00
Rob Prentiss
c6ec0711d1 feat: add handling for SIGCHLD to cleanup child processes (#2043) 2025-04-06 06:12:22 +02:00
Nicholas Wiersma
1d91fa5d9b chore: bump golangci-lint to v2 (#2042) 2025-04-01 09:08:02 +02:00
Alexandr Hacicheant
ab1775afee Redis Sentinel SingeFlight: support of Redis master node username and password (#2039) 
* Add support for Redis Username and Password configuration

Introduced Redis master authentication parameters (username and password) to the Redis Sentinel setup. This enhances compatibility with Redis environments that require authentication for both sentinel and master nodes.

* Add support for protected Redis Sentinel configuration and related unit tests
 2025-04-01 07:34:13 +02:00
Connor McCarthy
ebb5ac698b feat: add pagination to s3 lister (#2037) 
By default `ListObjectsV2()` returns the first 1000 objects matching the
list parameters. Normally this is fine, as it supports up to 333
versions (1000 / 3 files in proxy-triplet). For modules with more
versions, this is insufficient and must be upgraded to paginate.
 2025-04-01 07:01:35 +02:00
dependabot[bot]
18041d7364 chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#2036) 
Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.5.1 to 4.5.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-22 16:18:19 +02:00
dependabot[bot]
b479740ac2 chore(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 (#2035) 
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-22 15:47:41 +02:00
dependabot[bot]
4a3c4e4051 chore(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 (#2034) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.36.0.
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-13 06:46:04 +02:00
dependabot[bot]
de19d14c17 chore(deps): bump golang.org/x/net from 0.30.0 to 0.33.0 (#2024) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.30.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.30.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matt <matt.ouille@protonmail.com>
 2025-02-19 04:44:41 +00:00
Siyovush
1ac9228759 Update shared-team-instance.md (#2032) 2025-02-18 13:55:37 +01:00
HDYA-BackFire
b1036a9dc8 [chore][golang] bump golang to 1.23.5 for security patches (#2025) 2025-01-27 12:20:22 -08:00
yueluhuan
ac9e4fa4fe Bump go version to 1.23.4 (#2019) 2025-01-20 08:51:00 +01:00
day253
04e425642e add utf8 charset meta to the proxy home (#2017) 2025-01-07 23:54:42 +01:00
Matt
0a4b44bfb9 Fix the README Slack link (#2016) 
The README Slack link points to the Gophers Slack but is not an invite link

Fixes #2013
 2024-12-25 20:56:43 -08:00
dependabot[bot]
f348d6c311 update-go-pkg(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager (#2011) 
Bumps [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) from 1.16.15 to 1.17.43.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.16.15...credentials/v1.17.43)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-09 06:02:40 +02:00
dependabot[bot]
e765256033 update-go-pkg(deps): bump github.com/go-playground/validator/v10 (#2009) 
Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.19.0 to 10.23.0.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.19.0...v10.23.0)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-02 06:17:13 +02:00
yatesliang
8f0ee5e52f Swith s3 ListObjects api to ListObjectsV2 (#2006) 
Switch the ListObjects API used in s3 storage to ListObjectsV2
 2024-11-26 03:08:21 +00:00
dependabot[bot]
bf38a47902 update-go-pkg(deps): bump github.com/gobuffalo/httptest (#2007) 
Bumps [github.com/gobuffalo/httptest](https://github.com/gobuffalo/httptest) from 1.0.4 to 1.5.2.
- [Release notes](https://github.com/gobuffalo/httptest/releases)
- [Commits](https://github.com/gobuffalo/httptest/compare/v1.0.4...v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/gobuffalo/httptest
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-25 08:09:18 +02:00
dependabot[bot]
531dcf6ff3 update-go-pkg(deps): bump github.com/aws/smithy-go from 1.20.2 to 1.22.1 (#2005) 
Bumps [github.com/aws/smithy-go](https://github.com/aws/smithy-go) from 1.20.2 to 1.22.1.
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/smithy-go/compare/v1.20.2...v1.22.1)

---
updated-dependencies:
- dependency-name: github.com/aws/smithy-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-18 08:09:29 +02:00
Nicholas Wiersma
e53c524a96 chore: upgrade go to v1.23.2 (#1997) 
Upgrades Go to 1.23.2
 2024-11-14 05:36:25 +00:00
Nicholas Wiersma
76e7c3746a chore: bump cloud.google.com/go/storage to v1.45.0 (#1996) 2024-11-14 07:23:41 +02:00
Jérôme Foray
223a173806 fix arch selection for github-app helper (#2003) 2024-11-13 11:11:06 +02:00
Jérôme Foray
1644083522 fix: use TARGETARCH to select the git-credential-github-app artifact (#2002) 2024-11-12 19:44:15 +02:00