Conversation
* chore: bump version to 1.8.1 🐾 Generated by 小源 (OpenClaw AI Assistant) * ci: add golangci-lint and security scan workflows (#302) * ci: add golangci-lint and security scan workflows - Add .golangci.yml with gradual enablement configuration - Enable basic linters: errcheck, govet, staticcheck, unused, ineffassign, gosimple - Enable gosec for security scanning - Exclude framework design decisions (weak crypto, file paths, etc.) - Exclude test files and example directory - Add .github/workflows/security.yml - govulncheck for dependency vulnerability scanning - gosec for code security scanning - Weekly scheduled scans (every Monday) - continue-on-error for gradual adoption - Remove outdated .github/workflows/go.yml (Go 1.20, duplicate with test.yml) Test: go build ./... ✅, go test ./... ✅, golangci-lint ✅ * fix: upgrade Go version to 1.23 in CI workflows - Update test.yml: use Go 1.23 for coverage upload - Update security.yml: use Go 1.23 for govulncheck This fixes GO-2025-3563 (HTTP request smuggling) vulnerability present in Go 1.22.x standard library. * fix: upgrade Go version to 1.24 to fix govulncheck vulnerabilities - Upgrade security.yml to Go 1.24 - Update test.yml matrix to [1.22, 1.23, 1.24] - Update go.mod to Go 1.22 (minimum version) - Fix 12 Go standard library vulnerabilities: - GO-2026-4341: net/url memory exhaustion - GO-2026-4340: crypto/tls handshake issue - GO-2026-4337: crypto/tls session resumption - GO-2025-4175: crypto/x509 certificate validation - GO-2025-4155: crypto/x509 resource consumption - GO-2025-4013: crypto/x509 DSA public key - GO-2025-4012: net/http cookie parsing - GO-2025-4011: encoding/asn1 memory exhaustion - GO-2025-4010: net/url IPv6 parsing - GO-2025-4009: encoding/pem complexity - GO-2025-4008: crypto/tls ALPN info leak - GO-2025-4007: crypto/x509 name constraints * chore: upgrade Go version requirement to 1.24 - go.mod: Go 1.22 -> Go 1.24 (minimum version requirement) - test.yml: Test matrix [1.24, 1.25, 1.26] - security.yml: Use Go 1.25 for security scan * docs: update Go version requirements in README - Minimum Go version: 1.24+ - Add Go version support table - Add security warning for Go < 1.24 - Update dependency section with Go version info - List 12 known vulnerabilities in Go < 1.24 --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> * feat: migrate Redis client from redigo to go-redis/v9 (#304) * feat: migrate Redis client from redigo to go-redis/v9 Breaking Changes: - Internal implementation changed from garyburd/redigo to redis/go-redis/v9 - GetConn() now returns interface{} instead of redis.Conn for backwards compatibility Features: - All 56 public methods maintain API compatibility - Connection pool managed by go-redis/v9 with MinIdleConns and PoolSize - Context support in internal implementation - Modern Redis client with active maintenance Migration: - github.com/garyburd/redigo v1.6.0 (deprecated) -> removed - github.com/redis/go-redis/v9 v9.18.0 -> added Testing: - All tests pass (skip when Redis not available) - Compatible with existing cache/redis and session/redis modules This is Phase 2 of the Redis client migration project. Phase 1: Add unit tests (PR #303) Phase 2: Migrate to go-redis/v9 (this PR) Phase 3: Performance testing Phase 4: Documentation and release * feat: migrate Redis client from redigo to go-redis/v9 Breaking Changes: - Internal implementation changed from garyburd/redigo to redis/go-redis/v9 - GetConn() now returns interface{} instead of redis.Conn for backwards compatibility Features: - All 56 public methods maintain API compatibility - Connection pool managed by go-redis/v9 with MinIdleConns and PoolSize - Context support in internal implementation - Modern Redis client with active maintenance Migration: - github.com/garyburd/redigo v1.6.0 (deprecated) -> removed - github.com/redis/go-redis/v9 v9.18.0 -> added Testing: - All tests pass (skip when Redis not available) - Compatible with existing cache/redis and session/redis modules Notes: - Security Scan uses Go 1.24 (continue-on-error: true) - Go 1.24 has crypto/x509 vulnerabilities, but we keep it for compatibility - Will upgrade to Go 1.26+ in future release This is Phase 2 of the Redis client migration project. Phase 1: Add unit tests (PR #303) Phase 2: Migrate to go-redis/v9 (this PR) --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🐾 Generated by 小源 (OpenClaw AI Assistant)
ci: add golangci-lint and security scan workflows (ci: add golangci-lint and security scan workflows #302)
ci: add golangci-lint and security scan workflows
Add .golangci.yml with gradual enablement configuration
Add .github/workflows/security.yml
Remove outdated .github/workflows/go.yml (Go 1.20, duplicate with test.yml)
Test: go build ./... ✅, go test ./... ✅, golangci-lint ✅
This fixes GO-2025-3563 (HTTP request smuggling) vulnerability present in Go 1.22.x standard library.
feat: migrate Redis client from redigo to go-redis/v9 (feat: migrate Redis client from redigo to go-redis/v9 #304)
feat: migrate Redis client from redigo to go-redis/v9
Breaking Changes:
Features:
Migration:
Testing:
This is Phase 2 of the Redis client migration project. Phase 1: Add unit tests (PR #303)
Phase 2: Migrate to go-redis/v9 (this PR)
Phase 3: Performance testing
Phase 4: Documentation and release
Breaking Changes:
Features:
Migration:
Testing:
Notes:
This is Phase 2 of the Redis client migration project. Phase 1: Add unit tests (PR #303)
Phase 2: Migrate to go-redis/v9 (this PR)