Tags: devfeel/dotweb
Tags
dotweb v1.8.3 Release Notes (#314) * v1.8.2: feat: migrate Redis client from redigo to go-redis/v9 (#305) * chore: bump version to 1.8.1 🐾 Generated by 小源 (OpenClaw AI Assistant) * ci: add golangci-lint and security scan workflows (#302) * ci: add golangci-lint and security scan workflows - Add .golangci.yml with gradual enablement configuration - Enable basic linters: errcheck, govet, staticcheck, unused, ineffassign, gosimple - Enable gosec for security scanning - Exclude framework design decisions (weak crypto, file paths, etc.) - Exclude test files and example directory - Add .github/workflows/security.yml - govulncheck for dependency vulnerability scanning - gosec for code security scanning - Weekly scheduled scans (every Monday) - continue-on-error for gradual adoption - Remove outdated .github/workflows/go.yml (Go 1.20, duplicate with test.yml) Test: go build ./... ✅, go test ./... ✅, golangci-lint ✅ * fix: upgrade Go version to 1.23 in CI workflows - Update test.yml: use Go 1.23 for coverage upload - Update security.yml: use Go 1.23 for govulncheck This fixes GO-2025-3563 (HTTP request smuggling) vulnerability present in Go 1.22.x standard library. * fix: upgrade Go version to 1.24 to fix govulncheck vulnerabilities - Upgrade security.yml to Go 1.24 - Update test.yml matrix to [1.22, 1.23, 1.24] - Update go.mod to Go 1.22 (minimum version) - Fix 12 Go standard library vulnerabilities: - GO-2026-4341: net/url memory exhaustion - GO-2026-4340: crypto/tls handshake issue - GO-2026-4337: crypto/tls session resumption - GO-2025-4175: crypto/x509 certificate validation - GO-2025-4155: crypto/x509 resource consumption - GO-2025-4013: crypto/x509 DSA public key - GO-2025-4012: net/http cookie parsing - GO-2025-4011: encoding/asn1 memory exhaustion - GO-2025-4010: net/url IPv6 parsing - GO-2025-4009: encoding/pem complexity - GO-2025-4008: crypto/tls ALPN info leak - GO-2025-4007: crypto/x509 name constraints * chore: upgrade Go version requirement to 1.24 - go.mod: Go 1.22 -> Go 1.24 (minimum version requirement) - test.yml: Test matrix [1.24, 1.25, 1.26] - security.yml: Use Go 1.25 for security scan * docs: update Go version requirements in README - Minimum Go version: 1.24+ - Add Go version support table - Add security warning for Go < 1.24 - Update dependency section with Go version info - List 12 known vulnerabilities in Go < 1.24 --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> * feat: migrate Redis client from redigo to go-redis/v9 (#304) * feat: migrate Redis client from redigo to go-redis/v9 Breaking Changes: - Internal implementation changed from garyburd/redigo to redis/go-redis/v9 - GetConn() now returns interface{} instead of redis.Conn for backwards compatibility Features: - All 56 public methods maintain API compatibility - Connection pool managed by go-redis/v9 with MinIdleConns and PoolSize - Context support in internal implementation - Modern Redis client with active maintenance Migration: - github.com/garyburd/redigo v1.6.0 (deprecated) -> removed - github.com/redis/go-redis/v9 v9.18.0 -> added Testing: - All tests pass (skip when Redis not available) - Compatible with existing cache/redis and session/redis modules This is Phase 2 of the Redis client migration project. Phase 1: Add unit tests (PR #303) Phase 2: Migrate to go-redis/v9 (this PR) Phase 3: Performance testing Phase 4: Documentation and release * feat: migrate Redis client from redigo to go-redis/v9 Breaking Changes: - Internal implementation changed from garyburd/redigo to redis/go-redis/v9 - GetConn() now returns interface{} instead of redis.Conn for backwards compatibility Features: - All 56 public methods maintain API compatibility - Connection pool managed by go-redis/v9 with MinIdleConns and PoolSize - Context support in internal implementation - Modern Redis client with active maintenance Migration: - github.com/garyburd/redigo v1.6.0 (deprecated) -> removed - github.com/redis/go-redis/v9 v9.18.0 -> added Testing: - All tests pass (skip when Redis not available) - Compatible with existing cache/redis and session/redis modules Notes: - Security Scan uses Go 1.24 (continue-on-error: true) - Go 1.24 has crypto/x509 vulnerabilities, but we keep it for compatibility - Will upgrade to Go 1.26+ in future release This is Phase 2 of the Redis client migration project. Phase 1: Add unit tests (PR #303) Phase 2: Migrate to go-redis/v9 (this PR) --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> * chore: bump version to 1.8.3 (#310) Co-authored-by: AI Assistant <ai@devfeel.io> * fix: use defer Unlock in Incr/Decr to prevent lock leak (#312) * chore: bump version to 1.8.3 * fix: use defer Unlock in Incr/Decr to prevent lock leak (#311) - Add defer ca.Unlock() in Incr() and Decr() functions - Fix potential deadlock when error occurs in type switch - Pass race detection test Co-authored-by: AI Assistant <ai@devfeel.io> --------- Co-authored-by: AI Assistant <ai@devfeel.io> * update to v1.8.3 & fix: use defer Unlock in Incr/Decr to prevent lock leak (#313) * chore: bump version to 1.8.3 * fix: use defer Unlock in Incr/Decr to prevent lock leak (#311) - Add defer ca.Unlock() in Incr() and Decr() functions - Fix potential deadlock when error occurs in type switch - Pass race detection test Co-authored-by: AI Assistant <ai@devfeel.io> --------- Co-authored-by: AI Assistant <ai@devfeel.io> --------- Co-authored-by: devfeel <devfeel@users.noreply.github.com> Co-authored-by: AI Assistant <ai@devfeel.io>
PreviousNext