fix: update Go version to 1.25.5 in go.work

fix: update version to 0.7.9 and add maxminddb-golang dependency
fix: update log message to include an icon for SQL injection detection
2025-12-14 07:11:04 +00:00 · 2025-12-14 07:09:10 +00:00 · 2025-12-14 06:50:39 +00:00 · 2025-12-14 06:36:42 +00:00 · 2025-12-14 06:28:47 +00:00 · 2025-12-14 06:18:42 +00:00
8 changed files with 12 additions and 5 deletions
@@ -110,6 +110,7 @@ jobs:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          pull: true  # Always pull fresh base images to get latest security patches
          cache-from: type=gha
          cache-to: type=gha,mode=max
          build-args: |
@@ -114,6 +114,8 @@ jobs:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          # Always pull fresh base images to get latest security patches
          pull: true
          cache-from: type=gha
          cache-to: type=gha,mode=max
          build-args: |
@@ -71,6 +71,7 @@ jobs:
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          no-cache: ${{ github.event_name == 'schedule' || inputs.force_rebuild }}
          pull: true  # Always pull fresh base images to get latest security patches
          build-args: |
            VERSION=security-scan
            BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
@@ -121,8 +122,8 @@ jobs:
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "Checking key security packages:" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
-          docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} \
+          docker run --rm --entrypoint "" ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} \
-            sh -c "apk info c-ares curl libcurl openssl" >> $GITHUB_STEP_SUMMARY
+            sh -c "apk update >/dev/null 2>&1 && apk info c-ares curl libcurl openssl" >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY
      - name: Create security scan summary
@@ -1 +1 @@
-0.4.0
+0.7.9
@@ -18,6 +18,7 @@ ARG CADDY_VERSION=2.10.2
 ## plain Alpine base image and overwrite its caddy binary with our
 ## xcaddy-built binary in the later COPY step. This avoids relying on
 ## upstream caddy image tags while still shipping a pinned caddy binary.
 # renovate: datasource=docker depName=alpine
 ARG CADDY_IMAGE=alpine:3.23
 # ---- Cross-Compilation Helpers ----
@@ -203,6 +204,7 @@ RUN mkdir -p /crowdsec-out/config && \
    cp -r config/* /crowdsec-out/config/ || true
 # ---- CrowdSec Fallback (for architectures where build fails) ----
 # renovate: datasource=docker depName=alpine
 FROM alpine:3.23 AS crowdsec-fallback
 WORKDIR /tmp/crowdsec
@@ -406,7 +406,7 @@ describe('LiveLogViewer', () => {
      // Use findBy queries (built-in waiting) instead of single waitFor with multiple assertions
      // This avoids race conditions where one failing assertion causes the entire block to retry
      await screen.findByText('10.0.0.1');
-      await screen.findByText(/BLOCKED: SQL injection detected/);
+      await screen.findByText(/🚫 BLOCKED: SQL injection detected/);
      await screen.findByText(/\[SQL injection detected\]/);
      // For getAllByText, keep in waitFor but separate from other assertions
@@ -1,3 +1,3 @@
-go 1.25
+go 1.25.5
 use ./backend
@@ -42,6 +42,7 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/oschwald/maxminddb-golang/v2 v2.1.1/go.mod h1:PLdx6PR+siSIoXqqy7C7r3SB3KZnhxWr1Dp6g0Hacl8=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
Author	SHA1	Message	Date
GitHub Actions	a26beefb08	fix: update Go version to 1.25.5 in go.work	2025-12-14 07:11:04 +00:00
GitHub Actions	833e2de2d6	fix: update version to 0.7.9 and add maxminddb-golang dependency	2025-12-14 07:09:10 +00:00
GitHub Actions	8c44d52b69	fix: update log message to include an icon for SQL injection detection	2025-12-14 06:50:39 +00:00
GitHub Actions	99b8ed1996	chore: add renovate comments for alpine base image tracking Ensures Renovate detects and updates Alpine 3.23 to future versions (3.24, 3.25, etc.) automatically without manual monitoring.	2025-12-14 06:36:42 +00:00
GitHub Actions	18868a47fc	fix: add pull:true to docker-publish for fresh base images The docker-publish.yml workflow was missing pull:true, causing it to use cached Alpine images with vulnerable c-ares 1.34.5-r0. This completes the fix across all three Docker workflows: - docker-build.yml ✓ - docker-publish.yml ✓ (this commit) - security-weekly-rebuild.yml ✓ Resolves CVE-2025-62408 (c-ares)	2025-12-14 06:28:47 +00:00
GitHub Actions	cb5bd01a93	fix: add pull:true to docker-build to ensure fresh base images Ensures all Docker builds pull fresh Alpine base images to get security patches like c-ares 1.34.6-r0 (CVE-2025-62408). This mirrors the change made to security-weekly-rebuild.yml.	2025-12-14 06:18:42 +00:00
GitHub Actions	72ebde31ce	fix: add pull:true to security rebuild to fetch fresh base images Without pull:true, the weekly security rebuild may use stale base images cached on GitHub runners, missing security patches like c-ares 1.34.6-r0 (CVE-2025-62408).	2025-12-14 05:21:15 +00:00
GitHub Actions	7c79bf066a	fix: update security package check to include apk update for accurate version info	2025-12-14 05:12:01 +00:00
GitHub Actions	394ada14f3	fix: update Docker run command to remove entrypoint for security package checks	2025-12-14 04:36:39 +00:00
`@@ -1,3 +1,3 @@`
	`go 1.25`	`go 1.25.5`

	`use ./backend`	`use ./backend`