From c36b738240b689a29552ae3594a800e37f69be05 Mon Sep 17 00:00:00 2001 From: Micheal Wilkinson Date: Sat, 21 Mar 2026 13:15:12 +0000 Subject: [PATCH] docs: document dependency security updates --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4701afe..7f6330c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ A `### Breaking` section is used in addition to Keep a Changelog's standard sect ### Changed +- Dependencies updated to resolve security vulnerabilities: `cloudflare/circl` to v1.6.3, `go-git/v5` to v5.17.0, `golang.org/x/crypto` to v0.49.0, and `golang.org/x/net` to v0.52.0. - CI workflows now include explicit caching for Go modules, build artifacts, and security tool binaries to reduce pipeline execution time. - Security hardening: file and directory creation now uses restrictive permissions (`0o750` for directories, `0o600` for files) instead of world-accessible defaults. Executable wrapper scripts are created with restricted permissions and then explicitly made executable via `chmod`. - Security: `Open()` now executes the editor directly without shell intermediary to prevent injection through the `$EDITOR` environment variable.