Permalink
Checking mergeability…
Don’t worry, you can still create the pull request.
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 8 commits
- 16 files changed
- 4 contributors
Commits on Mar 8, 2026
-
v1.8.2: feat: migrate Redis client from redigo to go-redis/v9 (#305)
* chore: bump version to 1.8.1 🐾 Generated by 小源 (OpenClaw AI Assistant) * ci: add golangci-lint and security scan workflows (#302) * ci: add golangci-lint and security scan workflows - Add .golangci.yml with gradual enablement configuration - Enable basic linters: errcheck, govet, staticcheck, unused, ineffassign, gosimple - Enable gosec for security scanning - Exclude framework design decisions (weak crypto, file paths, etc.) - Exclude test files and example directory - Add .github/workflows/security.yml - govulncheck for dependency vulnerability scanning - gosec for code security scanning - Weekly scheduled scans (every Monday) - continue-on-error for gradual adoption - Remove outdated .github/workflows/go.yml (Go 1.20, duplicate with test.yml) Test: go build ./... ✅, go test ./... ✅, golangci-lint ✅ * fix: upgrade Go version to 1.23 in CI workflows - Update test.yml: use Go 1.23 for coverage upload - Update security.yml: use Go 1.23 for govulncheck This fixes GO-2025-3563 (HTTP request smuggling) vulnerability present in Go 1.22.x standard library. * fix: upgrade Go version to 1.24 to fix govulncheck vulnerabilities - Upgrade security.yml to Go 1.24 - Update test.yml matrix to [1.22, 1.23, 1.24] - Update go.mod to Go 1.22 (minimum version) - Fix 12 Go standard library vulnerabilities: - GO-2026-4341: net/url memory exhaustion - GO-2026-4340: crypto/tls handshake issue - GO-2026-4337: crypto/tls session resumption - GO-2025-4175: crypto/x509 certificate validation - GO-2025-4155: crypto/x509 resource consumption - GO-2025-4013: crypto/x509 DSA public key - GO-2025-4012: net/http cookie parsing - GO-2025-4011: encoding/asn1 memory exhaustion - GO-2025-4010: net/url IPv6 parsing - GO-2025-4009: encoding/pem complexity - GO-2025-4008: crypto/tls ALPN info leak - GO-2025-4007: crypto/x509 name constraints * chore: upgrade Go version requirement to 1.24 - go.mod: Go 1.22 -> Go 1.24 (minimum version requirement) - test.yml: Test matrix [1.24, 1.25, 1.26] - security.yml: Use Go 1.25 for security scan * docs: update Go version requirements in README - Minimum Go version: 1.24+ - Add Go version support table - Add security warning for Go < 1.24 - Update dependency section with Go version info - List 12 known vulnerabilities in Go < 1.24 --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> * feat: migrate Redis client from redigo to go-redis/v9 (#304) * feat: migrate Redis client from redigo to go-redis/v9 Breaking Changes: - Internal implementation changed from garyburd/redigo to redis/go-redis/v9 - GetConn() now returns interface{} instead of redis.Conn for backwards compatibility Features: - All 56 public methods maintain API compatibility - Connection pool managed by go-redis/v9 with MinIdleConns and PoolSize - Context support in internal implementation - Modern Redis client with active maintenance Migration: - github.com/garyburd/redigo v1.6.0 (deprecated) -> removed - github.com/redis/go-redis/v9 v9.18.0 -> added Testing: - All tests pass (skip when Redis not available) - Compatible with existing cache/redis and session/redis modules This is Phase 2 of the Redis client migration project. Phase 1: Add unit tests (PR #303) Phase 2: Migrate to go-redis/v9 (this PR) Phase 3: Performance testing Phase 4: Documentation and release * feat: migrate Redis client from redigo to go-redis/v9 Breaking Changes: - Internal implementation changed from garyburd/redigo to redis/go-redis/v9 - GetConn() now returns interface{} instead of redis.Conn for backwards compatibility Features: - All 56 public methods maintain API compatibility - Connection pool managed by go-redis/v9 with MinIdleConns and PoolSize - Context support in internal implementation - Modern Redis client with active maintenance Migration: - github.com/garyburd/redigo v1.6.0 (deprecated) -> removed - github.com/redis/go-redis/v9 v9.18.0 -> added Testing: - All tests pass (skip when Redis not available) - Compatible with existing cache/redis and session/redis modules Notes: - Security Scan uses Go 1.24 (continue-on-error: true) - Go 1.24 has crypto/x509 vulnerabilities, but we keep it for compatibility - Will upgrade to Go 1.26+ in future release This is Phase 2 of the Redis client migration project. Phase 1: Add unit tests (PR #303) Phase 2: Migrate to go-redis/v9 (this PR) --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com>
-
fix: use defer Unlock in Incr/Decr to prevent lock leak (#311)
- Add defer ca.Unlock() in Incr() and Decr() functions - Fix potential deadlock when error occurs in type switch - Pass race detection test Co-authored-by: AI Assistant <ai@devfeel.io>
Commits on Mar 10, 2026
-
security: add XXE protection for XML parsing (#315)
* security: add XXE protection for XML parsing * test: add XML parsing security tests
-
-
-
chore: replace ioutil with io/os (#317)
Co-authored-by: root <root@localhost.localdomain>
-
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff master...aicode