Skip to content

chore(RDODCP-918): Upstream sync v1.11.7 and dependabots updates#57

Merged
arshiya-99 merged 6 commits into
masterfrom
RDODCP-918
Jul 13, 2026
Merged

chore(RDODCP-918): Upstream sync v1.11.7 and dependabots updates#57
arshiya-99 merged 6 commits into
masterfrom
RDODCP-918

Conversation

@arshiya-99

@arshiya-99 arshiya-99 commented Jul 13, 2026

Copy link
Copy Markdown

Upstream Sync

  • Fix race in tunnel waitGroup causing negative counter panic (jpillora/chisel#586)
    • Resolves a race condition in the tunnel waitGroup that could cause a negative counter panic under concurrent connection teardown.
  • Improve SOCKS auth: enforce per-user ACL on SOCKS channels (jpillora/chisel#591)
    • Enforces per-user address Access Control Lists (ACLs) on SOCKS proxy channels established after the SSH handshake, preventing ACL bypass via post-handshake channel injection.

📦 Dependency Updates

  • Go Runtime: Bumped from 1.26.4 ──> 1.26.5
  • golang.org/x/net: Bumped from v0.55.0 ──> v0.56.0
grype and trivy report Screenshot 2026-07-13 at 11 58 00 AM Screenshot 2026-07-13 at 11 58 12 AM Screenshot 2026-07-13 at 11 58 20 AM Screenshot 2026-07-13 at 11 58 40 AM

jpillora and others added 4 commits July 9, 2026 23:34
…#586)

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
)

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Trivy flags CVE-2026-48113 on our build because the OutSystems fork tag
`1.11.5-os.N` is a SemVer pre-release of `1.11.5`, sorting below the
fixed version. The fix is already present via PR #51. Ref: RDODCP-917
@arshiya-99 arshiya-99 requested a review from a team as a code owner July 13, 2026 09:11
@arshiya-99 arshiya-99 changed the title Upstream sync v1.11.7 and dependabots updates chore(RDODCP-918): Upstream sync v1.11.7 and dependabots updates Jul 13, 2026
Comment thread .trivyignore Outdated
@samartha-pm

Copy link
Copy Markdown

could you also include the logger level feature from upstream (jpillora#281, commit 200a8e2)?

It's a small, non-breaking change that adds Verbose field to client Config for controlling logger verbosity. Would complement the race fix and SOCKS auth improvements nicely.

Details: jpillora@200a8e2

The Verbose field was present in Config but never used. Apply the
missing half of upstream commit 200a8e2: set Logger.Info = c.Verbose
so callers can control log verbosity programmatically.
@wiz-code-outsystems

wiz-code-outsystems Bot commented Jul 13, 2026

Copy link
Copy Markdown

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities -
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations -
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total -

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

Pull Request Developer Guidance

Questions? See the Wiz FAQ.

Please contact the Security Office if you encounter issues with Wiz pull request scanning.

@arshiya-99 arshiya-99 merged commit ccbadb4 into master Jul 13, 2026
9 checks passed
@arshiya-99 arshiya-99 deleted the RDODCP-918 branch July 13, 2026 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants