From 09e93ffe65b7cc870a25ca694324a9109a6fe117 Mon Sep 17 00:00:00 2001 From: Michael Primeaux Date: Thu, 20 Nov 2025 13:44:20 -0600 Subject: [PATCH] risk: Upgraded golang.org/x/crypto to v0.45.0 to address security vulnerabilities --- .github/workflows/ci.yaml | 2 +- .gitignore | 1 + CHANGELOG.md | 21 ++++- Makefile | 11 ++- README.md | 33 ++++---- compass_heading.pb.go | 2 +- country.pb.go | 2 +- country_subdivision.pb.go | 2 +- email_address.pb.go | 2 +- entity_metadata.pb.go | 2 +- geofence.pb.go | 2 +- geographic_region.pb.go | 2 +- geometry.pb.go | 2 +- geospatial_coordinate.pb.go | 2 +- geospatial_elevation.pb.go | 2 +- geospatial_location.pb.go | 2 +- language.pb.go | 2 +- map_point.pb.go | 2 +- map_polygon.pb.go | 2 +- radial_geofence.pb.go | 2 +- scripts/os-type.sh | 23 ++++++ scripts/verify-mod.sh | 95 ++++++++++++++++++++++ scripts/verify-release.sh | 22 ++++++ scripts/verify-sig.sh | 152 ++++++++++++++++++++++++++++++++++++ temporal_range.pb.go | 2 +- time_zone.pb.go | 2 +- uri.pb.go | 2 +- url.pb.go | 2 +- uuid.pb.go | 2 +- vendor/modules.txt | 2 + version.pb.go | 2 +- 31 files changed, 362 insertions(+), 42 deletions(-) create mode 100755 scripts/verify-mod.sh create mode 100755 scripts/verify-release.sh create mode 100755 scripts/verify-sig.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ebc9a44..9b09426 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -61,7 +61,7 @@ jobs: # Ref: https://github.com/golangci/golangci-lint-action - name: Lint - uses: golangci/golangci-lint-action@v8 + uses: golangci/golangci-lint-action@v9 with: args: --config=.golangci.yaml --verbose diff --git a/.gitignore b/.gitignore index 1cc15ce..e226c63 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,4 @@ out/ .vscode/ dist/ +tmp/ diff --git a/CHANGELOG.md b/CHANGELOG.md index db16a22..0df021c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,24 @@ Date format: `YYYY-MM-DD` ### Fixed ### Security +--- + +## [1.52.0] - 2025-11-20 + +### Added +- **risk:** Added `signature-verify` make target to verify latest release's digital signatures for the current GOOS and GOARCH combination. + +### Changed +- **debt:** Upgraded dependencies to their latest stable versions. + +### Deprecated +### Removed +### Fixed +- **defect:** Fixed `README.md` instructions for verifying module checksums. + +### Security +- **risk:** Upgraded `golang.org/x/crypto` to `v0.45.0` to address vulnerabilities. + --- ## [1.51.3] - 2025-11-07 @@ -365,7 +383,8 @@ Date format: `YYYY-MM-DD` ### Fixed ### Security -[Unreleased]: https://github.com/sixafter/types/compare/v1.51.3...HEAD +[Unreleased]: https://github.com/sixafter/types/compare/v1.52.0...HEAD +[1.52.0]: https://github.com/sixafter/types/compare/v1.51.3...v1.52.0 [1.51.3]: https://github.com/sixafter/types/compare/v1.50.0...v1.51.3 [1.50.0]: https://github.com/sixafter/types/compare/v1.49.0...v1.50.0 [1.49.0]: https://github.com/sixafter/types/compare/v1.48.0...v1.49.0 diff --git a/Makefile b/Makefile index 03dd7ec..7518c4c 100644 --- a/Makefile +++ b/Makefile @@ -92,8 +92,15 @@ vuln: ## Check for vulnerabilities .PHONY: release-verify release-verify: ## Verify the release - rm -fr dist - goreleaser --config .goreleaser.yaml release --snapshot + @scripts/verify-release.sh + +.PHONY: module-verify +mod-verify: ## Verify Go module integrity + @scripts/verify-mod.sh + +.PHONY: signature-verify +signature-verify: ## Verify latest release's digital signatures + @scripts/verify-sig.sh .PHONY: help help: ## Display this help screen diff --git a/README.md b/README.md index 4be09be..2609f59 100644 --- a/README.md +++ b/README.md @@ -32,43 +32,42 @@ To verify the integrity of the `types` source, run the following commands: # Fetch the latest release tag from GitHub API (e.g., "v1.52.0") TAG=$(curl -s https://api.github.com/repos/sixafter/types/releases/latest | jq -r .tag_name) -# Remove leading "v" for filenames (e.g., "v1.52.0" -> "1.52.0") +# Remove the leading "v" for filenames (e.g., "v1.52.0" -> "1.52.0") VERSION=${TAG#v} # --------------------------------------------------------------------- # Verify the source archive using Sigstore bundles # --------------------------------------------------------------------- -# Download the release tarball and its corresponding bundle -curl -LO https://github.com/sixafter/types/releases/download/${TAG}/types-${VERSION}.tar.gz -curl -LO https://github.com/sixafter/types/releases/download/${TAG}/types-${VERSION}.tar.gz.bundle.json +# Download the release tarball and its signature bundle +curl -LO "https://github.com/sixafter/types/releases/download/${TAG}/types-${VERSION}.tar.gz" +curl -LO "https://github.com/sixafter/types/releases/download/${TAG}/types-${VERSION}.tar.gz.sigstore.json" -# Verify the tarball with Cosign using your published public key +# Verify the tarball with Cosign using the published public key cosign verify-blob \ - --key https://raw.githubusercontent.com/sixafter/types/main/cosign.pub \ - --bundle types-${VERSION}.tar.gz.bundle.json \ - types-${VERSION}.tar.gz + --key "https://raw.githubusercontent.com/sixafter/types/main/cosign.pub" \ + --bundle "types-${VERSION}.tar.gz.sigstore.json" \ + "types-${VERSION}.tar.gz" # --------------------------------------------------------------------- # Verify the checksums manifest using Sigstore bundles # --------------------------------------------------------------------- -# Download checksums.txt and its bundle -curl -LO https://github.com/sixafter/types/releases/download/${TAG}/checksums.txt -curl -LO https://github.com/sixafter/types/releases/download/${TAG}/checksums.txt.bundle.json +curl -LO "https://github.com/sixafter/types/releases/download/${TAG}/checksums.txt" +curl -LO "https://github.com/sixafter/types/releases/download/${TAG}/checksums.txt.sigstore.json" -# Verify checksums.txt with Cosign using your public key +# Verify checksums.txt with Cosign cosign verify-blob \ - --key https://raw.githubusercontent.com/sixafter/types/main/cosign.pub \ - --bundle checksums.txt.bundle.json \ - checksums.txt + --key "https://raw.githubusercontent.com/sixafter/types/main/cosign.pub" \ + --bundle "checksums.txt.sigstore.json" \ + "checksums.txt" # --------------------------------------------------------------------- # Confirm local artifact integrity # --------------------------------------------------------------------- -# Compute and validate checksums locally -shasum -a 256 -c checksums.txt +shasum -a 256 -c checksups.txt + ``` If valid, Cosign will output: diff --git a/compass_heading.pb.go b/compass_heading.pb.go index 4740c9c..286db51 100644 --- a/compass_heading.pb.go +++ b/compass_heading.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: compass_heading.proto package types diff --git a/country.pb.go b/country.pb.go index f7aff9a..9c3a892 100644 --- a/country.pb.go +++ b/country.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: country.proto package types diff --git a/country_subdivision.pb.go b/country_subdivision.pb.go index e6e9893..3847945 100644 --- a/country_subdivision.pb.go +++ b/country_subdivision.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: country_subdivision.proto package types diff --git a/email_address.pb.go b/email_address.pb.go index 4ec271e..844bd20 100644 --- a/email_address.pb.go +++ b/email_address.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: email_address.proto package types diff --git a/entity_metadata.pb.go b/entity_metadata.pb.go index ea2c058..3225190 100644 --- a/entity_metadata.pb.go +++ b/entity_metadata.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: entity_metadata.proto package types diff --git a/geofence.pb.go b/geofence.pb.go index ecd1881..2a6a280 100644 --- a/geofence.pb.go +++ b/geofence.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: geofence.proto package types diff --git a/geographic_region.pb.go b/geographic_region.pb.go index 3ee8d64..47b6ae3 100644 --- a/geographic_region.pb.go +++ b/geographic_region.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: geographic_region.proto package types diff --git a/geometry.pb.go b/geometry.pb.go index b14669a..7593020 100644 --- a/geometry.pb.go +++ b/geometry.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: geometry.proto package types diff --git a/geospatial_coordinate.pb.go b/geospatial_coordinate.pb.go index ec155d3..0769274 100644 --- a/geospatial_coordinate.pb.go +++ b/geospatial_coordinate.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: geospatial_coordinate.proto package types diff --git a/geospatial_elevation.pb.go b/geospatial_elevation.pb.go index fdf0a33..0ec8eaf 100644 --- a/geospatial_elevation.pb.go +++ b/geospatial_elevation.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: geospatial_elevation.proto package types diff --git a/geospatial_location.pb.go b/geospatial_location.pb.go index a560e8a..49142d4 100644 --- a/geospatial_location.pb.go +++ b/geospatial_location.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: geospatial_location.proto package types diff --git a/language.pb.go b/language.pb.go index fc397c6..1708754 100644 --- a/language.pb.go +++ b/language.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: language.proto package types diff --git a/map_point.pb.go b/map_point.pb.go index add5d8e..8977bde 100644 --- a/map_point.pb.go +++ b/map_point.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: map_point.proto package types diff --git a/map_polygon.pb.go b/map_polygon.pb.go index 68fa92e..062deb2 100644 --- a/map_polygon.pb.go +++ b/map_polygon.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: map_polygon.proto package types diff --git a/radial_geofence.pb.go b/radial_geofence.pb.go index d989e25..37bfd09 100644 --- a/radial_geofence.pb.go +++ b/radial_geofence.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: radial_geofence.proto package types diff --git a/scripts/os-type.sh b/scripts/os-type.sh index 649858a..cbe7bdb 100755 --- a/scripts/os-type.sh +++ b/scripts/os-type.sh @@ -81,3 +81,26 @@ function is_windows() { return $(false) } + +function goos() { + case "$(detect_os)" in + Linux) echo "linux" ;; + macOS) echo "darwin" ;; + Windows) echo "windows" ;; + *) echo "unsupported"; return 1 ;; + esac +} + +function goarch() { + local ARCH + ARCH=$(uname -m) + + case "$ARCH" in + x86_64|amd64) echo "amd64" ;; + arm64|aarch64) echo "arm64" ;; + armv6l) echo "armv6" ;; + armv7l) echo "armv7" ;; + i386|i686) echo "386" ;; + *) echo "unsupported"; return 1 ;; + esac +} diff --git a/scripts/verify-mod.sh b/scripts/verify-mod.sh new file mode 100755 index 0000000..9ba06b7 --- /dev/null +++ b/scripts/verify-mod.sh @@ -0,0 +1,95 @@ +#!/bin/bash +# Copyright (c) 2024-2025 Six After, Inc. +# +# This source code is licensed under the Apache 2.0 License found in the +# LICENSE file in the root directory of this source tree. +set -euo pipefail + +__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "${__dir}"/os-type.sh + +# Windows +if is_windows; then + echo "[ERROR] Windows is not currently supported." >&2 + exit 1 +fi + +# Ensure tmp directory exists +mkdir -p tmp +rm tmp/*.zip 2>/dev/null || true + +# ------------------------------------------------------------ +# Detect latest release (README method) +# ------------------------------------------------------------ +REPO_OWNER="sixafter" +REPO_NAME="types" +MODULE="github.com/${REPO_OWNER}/${REPO_NAME}" + +TAG=$(curl -s "https://api.github.com/repos/${REPO_OWNER}/${REPO_NAME}/releases/latest" | jq -r .tag_name) +VERSION=${TAG#v} + +echo "Latest release: $TAG (version: $VERSION)" + +# ------------------------------------------------------------ +# Portable SHA-256 function (macOS + Linux) +# ------------------------------------------------------------ +if command -v sha256sum >/dev/null 2>&1; then + SHA256="sha256sum" +else + SHA256="shasum -a 256" +fi + +# ------------------------------------------------------------ +# 1. GitHub Tag ZIP +# ------------------------------------------------------------ +echo "Downloading GitHub tag archive..." +curl -sSfL -o tmp/github.zip \ + "https://github.com/${REPO_OWNER}/${REPO_NAME}/archive/refs/tags/${TAG}.zip" + +GITHUB_SHA=$($SHA256 tmp/github.zip | awk '{print $1}') +echo "GitHub ZIP SHA256: $GITHUB_SHA" + +# ------------------------------------------------------------ +# 2. Direct go mod ZIP +# ------------------------------------------------------------ +echo "Downloading go mod ZIP using direct mode..." + +MOD_JSON=$(GOPROXY=direct go mod download -json "${MODULE}@${TAG}") +MOD_ZIP_PATH=$(echo "$MOD_JSON" | jq -r '.Zip') + +if [ ! -f "$MOD_ZIP_PATH" ]; then + echo "ERROR: The go mod ZIP path does not exist:" + echo "$MOD_ZIP_PATH" + exit 1 +fi + +cp "$MOD_ZIP_PATH" tmp/gomod.zip +GOMOD_SHA=$($SHA256 tmp/gomod.zip | awk '{print $1}') +echo "go mod ZIP SHA256: $GOMOD_SHA" + +# ------------------------------------------------------------ +# 3. Go Proxy ZIP +# ------------------------------------------------------------ +echo "Downloading Go module proxy ZIP..." +curl -sSfL -o tmp/proxy.zip \ + "https://proxy.golang.org/${MODULE}/@v/${TAG}.zip" + +PROXY_SHA=$($SHA256 tmp/proxy.zip | awk '{print $1}') +echo "Proxy ZIP SHA256: $PROXY_SHA" + +# ------------------------------------------------------------ +# Comparison +# ------------------------------------------------------------ +echo +echo "Comparing checksums..." +echo "GitHub : $GITHUB_SHA" +echo "go mod : $GOMOD_SHA" +echo "Proxy : $PROXY_SHA" +echo + +if [ "$GITHUB_SHA" != "$GOMOD_SHA" ] || [ "$GITHUB_SHA" != "$PROXY_SHA" ]; then + echo "ERROR: CHECKSUM MISMATCH DETECTED!" + exit 1 +fi + +echo "Go module archive is fully reproducible across GitHub, direct, and proxy." diff --git a/scripts/verify-release.sh b/scripts/verify-release.sh new file mode 100755 index 0000000..fc9a0bc --- /dev/null +++ b/scripts/verify-release.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Copyright (c) 2024-2025 Six After, Inc. +# +# This source code is licensed under the Apache 2.0 License found in the +# LICENSE file in the root directory of this source tree. + +# Verify the integrity of the latest release using Cosign + checksums +# Works on macOS and Linux + +set -euo pipefail + +__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "${__dir}"/os-type.sh + +# Windows +if is_windows; then + echo "[ERROR] Windows is not currently supported." >&2 + exit 1 +fi + +rm -fr dist +goreleaser --config .goreleaser.yaml release --snapshot diff --git a/scripts/verify-sig.sh b/scripts/verify-sig.sh new file mode 100755 index 0000000..349a159 --- /dev/null +++ b/scripts/verify-sig.sh @@ -0,0 +1,152 @@ +#!/usr/bin/env bash +# Copyright (c) 2024-2025 Six After, Inc. +# +# This source code is licensed under the Apache 2.0 License found in the +# LICENSE file in the root directory of this source tree. + +set -euo pipefail + +__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "${__dir}/os-type.sh" + +# Windows +if is_windows; then + echo "[ERROR] Windows is not currently supported." >&2 + exit 1 +fi + +curl_retry() { + local url="$1" + local out="$2" + local attempt=1 + local max=5 + local delay=2 + + while true; do + # -f: fail on HTTP error codes + # -s: silent + # -S: show errors + # -L: follow redirects + if curl -fSsSL "${url}" -o "${out}"; then + return 0 + fi + + if (( attempt >= max )); then + echo "[ERROR] curl failed after ${attempt} attempts: ${url}" >&2 + return 1 + fi + + echo "[WARN] curl failed (attempt ${attempt}/${max}). Retrying in ${delay}s..." + sleep $delay + attempt=$(( attempt + 1 )) + delay=$(( delay * 2 )) # exponential backoff + done +} + +# ------------------------------------------------------------ +# Project / repository name (portable) +# ------------------------------------------------------------ +PROJECT="types" +REPO="sixafter/${PROJECT}" +MODULE="github.com/${REPO}" + +# tmp directory for artifacts +TMP="${__dir}/tmp" +mkdir -p "${TMP}" + +echo "Project: ${PROJECT}" +echo "Repository: ${REPO}" +echo "Module path: ${MODULE}" +echo "Artifact directory: ${TMP}" +echo + +# ------------------------------------------------------------ +# Detect latest release +# ------------------------------------------------------------ +TAG=$(curl -s "https://api.github.com/repos/${REPO}/releases/latest" | jq -r .tag_name) +VERSION=${TAG#v} + +echo "Latest release: ${TAG} (version: ${VERSION})" + +# ------------------------------------------------------------ +# Determine SHA-256 tool +# ------------------------------------------------------------ +if command -v sha256sum >/dev/null 2>&1; then + SHA256="sha256sum" +else + SHA256="shasum -a 256" +fi + +# ------------------------------------------------------------ +# Download release artifacts → tmp/ +# ------------------------------------------------------------ +echo +echo "Downloading release artifacts into ${TMP}..." + +# Core tarball +curl_retry \ + "https://github.com/${REPO}/releases/download/${TAG}/${PROJECT}-${VERSION}.tar.gz" \ + "${TMP}/${PROJECT}-${VERSION}.tar.gz" + +# Tarball signature +curl_retry \ + "https://github.com/${REPO}/releases/download/${TAG}/${PROJECT}-${VERSION}.tar.gz.sigstore.json" \ + "${TMP}/${PROJECT}-${VERSION}.tar.gz.sigstore.json" + +# SBOM +curl_retry \ + "https://github.com/${REPO}/releases/download/${TAG}/${PROJECT}-${VERSION}.tar.gz.sbom.json" \ + "${TMP}/${PROJECT}-${VERSION}.tar.gz.sbom.json" + +# checksums.txt +curl_retry \ + "https://github.com/${REPO}/releases/download/${TAG}/checksums.txt" \ + "${TMP}/checksums.txt" + +# checksums.txt signature +curl_retry \ + "https://github.com/${REPO}/releases/download/${TAG}/checksums.txt.sigstore.json" \ + "${TMP}/checksums.txt.sigstore.json" + +# ------------------------------------------------------------ +# Verify tarball with Cosign +# ------------------------------------------------------------ +echo +echo "Verifying tarball signature..." + +cosign verify-blob \ + --key "${__dir}/../cosign.pub" \ + --bundle "${TMP}/${PROJECT}-${VERSION}.tar.gz.sigstore.json" \ + "${TMP}/${PROJECT}-${VERSION}.tar.gz" + +echo "Tarball signature OK." + +# ------------------------------------------------------------ +# Verify checksums manifest signature +# ------------------------------------------------------------ +echo +echo "Verifying checksums.txt signature..." + +cosign verify-blob \ + --key "${__dir}/../cosign.pub" \ + --bundle "${TMP}/checksums.txt.sigstore.json" \ + "${TMP}/checksums.txt" + +echo "Checksums signature OK." + +# ------------------------------------------------------------ +# Validate local artifact integrity +# ------------------------------------------------------------ +echo +echo "Verifying file checksums locally..." +( + cd "${TMP}" + $SHA256 -c checksums.txt +) || { + echo + echo "❌ Release verification FAILED." + exit 1 +} + +echo +echo "✔ Release verification succeeded." diff --git a/temporal_range.pb.go b/temporal_range.pb.go index 9fe0c53..4da0f82 100644 --- a/temporal_range.pb.go +++ b/temporal_range.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: temporal_range.proto package types diff --git a/time_zone.pb.go b/time_zone.pb.go index 2e55da1..69d8f73 100644 --- a/time_zone.pb.go +++ b/time_zone.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: time_zone.proto package types diff --git a/uri.pb.go b/uri.pb.go index ce3f4cb..601553b 100644 --- a/uri.pb.go +++ b/uri.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: uri.proto package types diff --git a/url.pb.go b/url.pb.go index d938914..539f1eb 100644 --- a/url.pb.go +++ b/url.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: url.proto package types diff --git a/uuid.pb.go b/uuid.pb.go index e716683..208e841 100644 --- a/uuid.pb.go +++ b/uuid.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: uuid.proto package types diff --git a/vendor/modules.txt b/vendor/modules.txt index 6f315b6..8b86a36 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -11,6 +11,8 @@ github.com/pmezard/go-difflib/difflib ## explicit; go 1.17 github.com/stretchr/testify/assert github.com/stretchr/testify/assert/yaml +# google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 +## explicit; go 1.21 # google.golang.org/protobuf v1.36.10 ## explicit; go 1.23 google.golang.org/protobuf/encoding/protojson diff --git a/version.pb.go b/version.pb.go index fbda765..e28a73f 100644 --- a/version.pb.go +++ b/version.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.10 -// protoc v6.33.0 +// protoc v6.33.1 // source: version.proto package types