test #12

macabu · 2025-09-19T12:46:28Z

No description provided.

github-actions · 2025-09-19T13:18:32Z

Dependency Capability Scanner Results

Found new capabilities being used by the dependency changes in this PR. Please review them to make sure they are safe!

Comparing capabilities in "./..." between revisions "main" and "."

Added 21 new uses of existing capabilities:
CAPABILITY_FILES: Access to the file system
CAPABILITY_NETWORK: Access to the network
CAPABILITY_OPERATING_SYSTEM: Call miscellaneous functions in the "os" package
CAPABILITY_SYSTEM_CALLS: Make system calls
CAPABILITY_ARBITRARY_EXECUTION: Invoke arbitrary code, e.g. assembly or go:linkname
CAPABILITY_UNSAFE_POINTER: Uses unsafe.Pointer
CAPABILITY_REFLECT: Uses reflect

New packages in call paths to capability CAPABILITY_FILES:

Package github.com/ProtonMail/go-crypto/openpgp/ed25519 has capability CAPABILITY_FILES:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/ed25519.init
github.com/cloudflare/circl/sign/ed25519.init
crypto/ed25519.init
crypto/internal/fips140/ed25519.init
crypto/internal/fips140/drbg.init
crypto/internal/fips140/drbg.init#1
cast.go:18:14 crypto/internal/fips140.CAST
cast.go:45:10 crypto/internal/fips140/ecdsa.init$5$1
cast.go:92:19 crypto/internal/fips140/ecdsa.sign[*crypto/internal/fips140/nistec.P256Point]
ecdsa_noasm.go:10:20 crypto/internal/fips140/ecdsa.signGeneric[*crypto/internal/fips140/nistec.P256Point]
ecdsa.go:328:26 crypto/internal/fips140/ecdsa.randomPoint[*crypto/internal/fips140/nistec.P256Point]
ecdsa.go:222:21 crypto/internal/fips140/ecdsa.GenerateKey[*crypto/internal/fips140/nistec.P256Point]$1
ecdsa.go:193:29 crypto/internal/fips140/drbg.ReadWithReader
rand.go:75:7 crypto/internal/fips140/drbg.Read
rand.go:31:15 crypto/internal/sysrand.Read
rand.go:41:16 crypto/internal/sysrand.read
rand_getrandom.go:50:22 crypto/internal/sysrand.urandomRead
rand.go:67:29 (*os.File).Read

Package github.com/ProtonMail/go-crypto/openpgp/x25519 has capability CAPABILITY_FILES:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/x25519.init
golang.org/x/crypto/hkdf.init
crypto/hmac.init
crypto/internal/fips140/hmac.init
crypto/internal/fips140/hmac.init#1
cast.go:15:14 crypto/internal/fips140.CAST
cast.go:45:10 crypto/internal/fips140/ecdsa.init$5$1
cast.go:92:19 crypto/internal/fips140/ecdsa.sign[*crypto/internal/fips140/nistec.P256Point]
ecdsa_noasm.go:10:20 crypto/internal/fips140/ecdsa.signGeneric[*crypto/internal/fips140/nistec.P256Point]
ecdsa.go:328:26 crypto/internal/fips140/ecdsa.randomPoint[*crypto/internal/fips140/nistec.P256Point]
ecdsa.go:222:21 crypto/internal/fips140/ecdsa.GenerateKey[*crypto/internal/fips140/nistec.P256Point]$1
ecdsa.go:193:29 crypto/internal/fips140/drbg.ReadWithReader
rand.go:75:7 crypto/internal/fips140/drbg.Read
rand.go:31:15 crypto/internal/sysrand.Read
rand.go:41:16 crypto/internal/sysrand.read
rand_getrandom.go:50:22 crypto/internal/sysrand.urandomRead
rand.go:67:29 (*os.File).Read

Package github.com/ProtonMail/go-crypto/openpgp/x448 has capability CAPABILITY_FILES:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/x448.init
golang.org/x/crypto/hkdf.init
crypto/hmac.init
crypto/internal/fips140/hmac.init
crypto/internal/fips140/hmac.init#1
cast.go:15:14 crypto/internal/fips140.CAST
cast.go:45:10 crypto/internal/fips140/ecdsa.init$5$1
cast.go:92:19 crypto/internal/fips140/ecdsa.sign[*crypto/internal/fips140/nistec.P256Point]
ecdsa_noasm.go:10:20 crypto/internal/fips140/ecdsa.signGeneric[*crypto/internal/fips140/nistec.P256Point]
ecdsa.go:328:26 crypto/internal/fips140/ecdsa.randomPoint[*crypto/internal/fips140/nistec.P256Point]
ecdsa.go:222:21 crypto/internal/fips140/ecdsa.GenerateKey[*crypto/internal/fips140/nistec.P256Point]$1
ecdsa.go:193:29 crypto/internal/fips140/drbg.ReadWithReader
rand.go:75:7 crypto/internal/fips140/drbg.Read
rand.go:31:15 crypto/internal/sysrand.Read
rand.go:41:16 crypto/internal/sysrand.read
rand_getrandom.go:50:22 crypto/internal/sysrand.urandomRead
rand.go:67:29 (*os.File).Read

Package github.com/rs/zerolog/log has capability CAPABILITY_FILES:
github.com/macabu/cpgo/cmd/cpgo.main
main.go:41:12 github.com/rs/zerolog/log.Fatal
log.go:89:21 (*github.com/rs/zerolog.Logger).Fatal
log.go:390:19 (*github.com/rs/zerolog.Logger).newEvent
log.go:486:8 (*github.com/rs/zerolog.Logger).Fatal$1
log.go:394:16 (*os.File).Close

New packages in call paths to capability CAPABILITY_NETWORK:

Package github.com/ProtonMail/go-crypto/openpgp/ed25519 has capability CAPABILITY_NETWORK:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/ed25519.init
github.com/cloudflare/circl/sign/ed25519.init
crypto/ed25519.init
crypto/internal/fips140/ed25519.init
crypto/internal/fips140/drbg.init
crypto/internal/fips140/drbg.init#1
cast.go:18:14 crypto/internal/fips140.CAST
cast.go:50:66 (*net.OpError).Error
net.go:513:21 (net.fileAddr).String

Package github.com/ProtonMail/go-crypto/openpgp/x25519 has capability CAPABILITY_NETWORK:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/x25519.init
golang.org/x/crypto/hkdf.init
crypto/hmac.init
crypto/internal/fips140/hmac.init
crypto/internal/fips140/hmac.init#1
cast.go:15:14 crypto/internal/fips140.CAST
cast.go:50:66 (*net.OpError).Error
net.go:513:21 (net.fileAddr).String

Package github.com/ProtonMail/go-crypto/openpgp/x448 has capability CAPABILITY_NETWORK:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/x448.init
golang.org/x/crypto/hkdf.init
crypto/hmac.init
crypto/internal/fips140/hmac.init
crypto/internal/fips140/hmac.init#1
cast.go:15:14 crypto/internal/fips140.CAST
cast.go:50:66 (*net.OpError).Error
net.go:513:21 (net.fileAddr).String

New packages in call paths to capability CAPABILITY_OPERATING_SYSTEM:

Package github.com/ProtonMail/go-crypto/openpgp/ed25519 has capability CAPABILITY_OPERATING_SYSTEM:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/ed25519.init
github.com/cloudflare/circl/sign/ed25519.init
crypto/ed25519.init
crypto/internal/fips140/ed25519.init
crypto/internal/fips140/drbg.init
crypto/internal/fips140/drbg.init#1
cast.go:18:14 crypto/internal/fips140.CAST
cast.go:50:66 (os.errSymlink).Error

Package github.com/ProtonMail/go-crypto/openpgp/x25519 has capability CAPABILITY_OPERATING_SYSTEM:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/x25519.init
golang.org/x/crypto/hkdf.init
crypto/hmac.init
crypto/internal/fips140/hmac.init
crypto/internal/fips140/hmac.init#1
cast.go:15:14 crypto/internal/fips140.CAST
cast.go:50:66 (os.errSymlink).Error

Package github.com/ProtonMail/go-crypto/openpgp/x448 has capability CAPABILITY_OPERATING_SYSTEM:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/x448.init
golang.org/x/crypto/hkdf.init
crypto/hmac.init
crypto/internal/fips140/hmac.init
crypto/internal/fips140/hmac.init#1
cast.go:15:14 crypto/internal/fips140.CAST
cast.go:50:66 (os.errSymlink).Error

New packages in call paths to capability CAPABILITY_SYSTEM_CALLS:

Package github.com/ProtonMail/go-crypto/openpgp/ed25519 has capability CAPABILITY_SYSTEM_CALLS:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/ed25519.init
github.com/cloudflare/circl/sign/ed25519.init
crypto/ed25519.init
crypto/internal/fips140/ed25519.init
crypto/internal/fips140/drbg.init
crypto/internal/sysrand.init
internal/syscall/unix.init

Package github.com/ProtonMail/go-crypto/openpgp/x25519 has capability CAPABILITY_SYSTEM_CALLS:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/x25519.init
golang.org/x/crypto/hkdf.init
crypto/hmac.init
crypto/internal/fips140only.init
crypto/internal/fips140/drbg.init
crypto/internal/sysrand.init
internal/syscall/unix.init

Package github.com/ProtonMail/go-crypto/openpgp/x448 has capability CAPABILITY_SYSTEM_CALLS:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/x448.init
golang.org/x/crypto/hkdf.init
crypto/hmac.init
crypto/internal/fips140only.init
crypto/internal/fips140/drbg.init
crypto/internal/sysrand.init
internal/syscall/unix.init

New packages in call paths to capability CAPABILITY_ARBITRARY_EXECUTION:

Package github.com/ProtonMail/go-crypto/openpgp/ed25519 has capability CAPABILITY_ARBITRARY_EXECUTION:
(github.com/macabu/cpgo/internal/gitops/gh.Client).commitFile
client.go:155:48 (*github.com/google/go-github/v53/github.GitService).CreateCommit
git_commits.go:129:36 github.com/google/go-github/v53/github.createSignature
git_commits.go:165:37 github.com/ProtonMail/go-crypto/openpgp.ArmoredDetachSign
write.go:31:26 github.com/ProtonMail/go-crypto/openpgp.armoredDetachSign
write.go:55:18 github.com/ProtonMail/go-crypto/openpgp.detachSign
write.go:91:16 (*github.com/ProtonMail/go-crypto/openpgp/packet.Signature).Sign
signature.go:989:33 github.com/ProtonMail/go-crypto/openpgp/ed25519.Sign
ed25519.go:80:24 github.com/cloudflare/circl/sign/ed25519.Sign
ed25519.go:285:9 github.com/cloudflare/circl/sign/ed25519.signAll
ed25519.go:252:13 (*github.com/cloudflare/circl/sign/ed25519.pointR1).fixedMult
mult.go:122:11 (*github.com/cloudflare/circl/sign/ed25519.pointR1).double
point.go:93:8 github.com/cloudflare/circl/math/fp25519.Add
fp.go:190:29 github.com/cloudflare/circl/math/fp25519.add
fp_amd64.go:16:41 github.com/cloudflare/circl/math/fp25519.addAmd64

Package github.com/ProtonMail/go-crypto/openpgp/ed448 has capability CAPABILITY_ARBITRARY_EXECUTION:
(github.com/macabu/cpgo/internal/gitops/gh.Client).commitFile
client.go:155:48 (*github.com/google/go-github/v53/github.GitService).CreateCommit
git_commits.go:129:36 github.com/google/go-github/v53/github.createSignature
git_commits.go:165:37 github.com/ProtonMail/go-crypto/openpgp.ArmoredDetachSign
write.go:31:26 github.com/ProtonMail/go-crypto/openpgp.armoredDetachSign
write.go:55:18 github.com/ProtonMail/go-crypto/openpgp.detachSign
write.go:91:16 (*github.com/ProtonMail/go-crypto/openpgp/packet.Signature).Sign
signature.go:995:31 github.com/ProtonMail/go-crypto/openpgp/ed448.Sign
ed448.go:82:22 github.com/cloudflare/circl/sign/ed448.Sign
ed448.go:279:9 github.com/cloudflare/circl/sign/ed448.signAll
ed448.go:247:57 (*github.com/cloudflare/circl/ecc/goldilocks.Point).ToBytes
point.go:125:20 (*github.com/cloudflare/circl/ecc/goldilocks.Point).ToAffine
point.go:110:8 github.com/cloudflare/circl/math/fp448.Mul
fp.go:161:29 github.com/cloudflare/circl/math/fp448.mul
fp_amd64.go:19:41 github.com/cloudflare/circl/math/fp448.mulAmd64

New packages in call paths to capability CAPABILITY_UNSAFE_POINTER:

Package github.com/ProtonMail/go-crypto/openpgp/ed25519 has capability CAPABILITY_UNSAFE_POINTER:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/ed25519.init
github.com/cloudflare/circl/sign/ed25519.init
crypto/ed25519.init
crypto/internal/fips140/ed25519.init
crypto/internal/fips140/drbg.init
crypto/internal/fips140/drbg.init#1
cast.go:18:14 crypto/internal/fips140.CAST
cast.go:45:10 crypto/internal/fips140/hmac.init#1$1
cast.go:26:11 crypto/internal/fips140/hmac.New[*crypto/internal/fips140/sha256.Digest]
hmac.go:153:17 (*golang.org/x/crypto/sha3.state).Write
sha3.go:129:13 (*golang.org/x/crypto/sha3.state).permute

Package github.com/ProtonMail/go-crypto/openpgp/ed448 has capability CAPABILITY_UNSAFE_POINTER:
(github.com/macabu/cpgo/internal/gitops/gh.Client).commitFile
client.go:155:48 (*github.com/google/go-github/v53/github.GitService).CreateCommit
git_commits.go:129:36 github.com/google/go-github/v53/github.createSignature
git_commits.go:165:37 github.com/ProtonMail/go-crypto/openpgp.ArmoredDetachSign
write.go:31:26 github.com/ProtonMail/go-crypto/openpgp.armoredDetachSign
write.go:55:18 github.com/ProtonMail/go-crypto/openpgp.detachSign
write.go:91:16 (*github.com/ProtonMail/go-crypto/openpgp/packet.Signature).Sign
signature.go:995:31 github.com/ProtonMail/go-crypto/openpgp/ed448.Sign
ed448.go:82:22 github.com/cloudflare/circl/sign/ed448.Sign
ed448.go:279:9 github.com/cloudflare/circl/sign/ed448.signAll
ed448.go:217:17 (*github.com/cloudflare/circl/internal/sha3.State).Write
sha3.go:138:9 github.com/cloudflare/circl/internal/sha3.xorIn

Package github.com/ProtonMail/go-crypto/openpgp/x25519 has capability CAPABILITY_UNSAFE_POINTER:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/x25519.init
golang.org/x/crypto/hkdf.init
crypto/hmac.init
crypto/internal/fips140/hmac.init
crypto/internal/fips140/hmac.init#1
cast.go:15:14 crypto/internal/fips140.CAST
cast.go:45:10 crypto/internal/fips140/hmac.init#1$1
cast.go:26:11 crypto/internal/fips140/hmac.New[*crypto/internal/fips140/sha256.Digest]
hmac.go:153:17 (*golang.org/x/crypto/sha3.state).Write
sha3.go:129:13 (*golang.org/x/crypto/sha3.state).permute

Package github.com/ProtonMail/go-crypto/openpgp/x448 has capability CAPABILITY_UNSAFE_POINTER:
github.com/macabu/cpgo/internal/gitops/gh.init
github.com/google/go-github/v53/github.init
github.com/ProtonMail/go-crypto/openpgp.init
github.com/ProtonMail/go-crypto/openpgp/x448.init
golang.org/x/crypto/hkdf.init
crypto/hmac.init
crypto/internal/fips140/hmac.init
crypto/internal/fips140/hmac.init#1
cast.go:15:14 crypto/internal/fips140.CAST
cast.go:45:10 crypto/internal/fips140/hmac.init#1$1
cast.go:26:11 crypto/internal/fips140/hmac.New[*crypto/internal/fips140/sha256.Digest]
hmac.go:153:17 (*golang.org/x/crypto/sha3.state).Write
sha3.go:129:13 (*golang.org/x/crypto/sha3.state).permute

New packages in call paths to capability CAPABILITY_REFLECT:

Packages database/sql/driver, github.com/google/uuid have capability CAPABILITY_REFLECT:
github.com/macabu/cpgo/cmd/cpgo.init
github.com/go-co-op/gocron.init
github.com/google/uuid.init
database/sql/driver.init
types.go:219:48 reflect.TypeFor[database/sql/driver.Valuer]

macabu force-pushed the capslock branch 9 times, most recently from 6745610 to b1fae25 Compare September 19, 2025 13:11

Repository owner deleted a comment from github-actions bot Sep 19, 2025

test

c7c20cc

macabu force-pushed the capslock branch from b1fae25 to c7c20cc Compare September 19, 2025 13:17

Repository owner deleted a comment from github-actions bot Sep 19, 2025

macabu closed this Sep 22, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

test #12

test #12

Uh oh!

macabu commented Sep 19, 2025

Uh oh!

github-actions bot commented Sep 19, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

test #12

test #12

Uh oh!

Conversation

macabu commented Sep 19, 2025

Uh oh!

github-actions bot commented Sep 19, 2025

Dependency Capability Scanner Results

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants