From ab4d5a97f3bfbaf9f6bd8be13adf85da2247e228 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Jun 2026 22:02:56 +0000 Subject: [PATCH 1/2] build(deps): bump github.com/pilot-protocol/app-store Bumps [github.com/pilot-protocol/app-store](https://github.com/pilot-protocol/app-store) from 1.0.1-beta.1 to 1.0.2. - [Release notes](https://github.com/pilot-protocol/app-store/releases) - [Changelog](https://github.com/pilot-protocol/app-store/blob/main/CHANGELOG.md) - [Commits](https://github.com/pilot-protocol/app-store/compare/v1.0.1-beta.1...v1.0.2) --- updated-dependencies: - dependency-name: github.com/pilot-protocol/app-store dependency-version: 1.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index e086433..3f4029c 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/pilot-protocol/wallet -go 1.25.0 +go 1.25.10 require ( github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.1 @@ -13,7 +13,7 @@ require ( github.com/google/uuid v1.6.0 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/ncruces/go-strftime v1.0.0 // indirect - github.com/pilot-protocol/app-store v1.0.1-beta.1 + github.com/pilot-protocol/app-store v1.0.2 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect golang.org/x/sys v0.46.0 // indirect modernc.org/libc v1.72.3 // indirect diff --git a/go.sum b/go.sum index 31c5c37..2a5a4e6 100644 --- a/go.sum +++ b/go.sum @@ -14,8 +14,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w= github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= -github.com/pilot-protocol/app-store v1.0.1-beta.1 h1:8CIzfNkFNLO17Es+XV8JSF336JJgqUGLNBcXYMMZcMo= -github.com/pilot-protocol/app-store v1.0.1-beta.1/go.mod h1:cOvtwcrp7iDZfMKaHY4KE8dvhKoOoO7MdRhnbSBKVXw= +github.com/pilot-protocol/app-store v1.0.2 h1:oK7cNl3e/gfxVhhkUFKNLRN256+7sDSBw81oC9QmnB0= +github.com/pilot-protocol/app-store v1.0.2/go.mod h1:deltPnaQkiTgMcxWU+honz3+Bl2R1cthhuZra4pQ4PI= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto= From 07ff5f0fea3c61925b914d7c13e9f06d7c3edf1e Mon Sep 17 00:00:00 2001 From: TeoSlayer Date: Tue, 30 Jun 2026 15:43:04 +0300 Subject: [PATCH 2/2] Bump go directive to 1.25.11 for stdlib security fixes Resolves GO-2026-5037 (crypto/x509), GO-2026-5038 (mime), and GO-2026-5039 (net/textproto), all fixed in go1.25.11. govulncheck flagged GO-2026-5037 and GO-2026-5039 as reachable from pkg/evm. This matches the toolchain already used on the first-party dep bump branch. --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 3f4029c..2203ed8 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/pilot-protocol/wallet -go 1.25.10 +go 1.25.11 require ( github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.1