From dc0568998b868ddc9a704a1f3a4ff006c242f25e Mon Sep 17 00:00:00 2001 From: "Mr. Z" Date: Thu, 26 Mar 2026 11:43:46 -0400 Subject: [PATCH 1/4] chore(config): adjust whitespace in log_level comment --- config.example.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.example.yaml b/config.example.yaml index 661c355..a98c3c9 100644 --- a/config.example.yaml +++ b/config.example.yaml @@ -2,7 +2,7 @@ # Environment variables can override any setting using ARCADE_ prefix # Example: ARCADE_SERVER_ADDRESS=:9090 overrides server.address network: main -log_level: info # debug, info, warn, error +log_level: info # debug, info, warn, error storage_path: ~/.arcade server: address: ":3011" From e71db0000a1c3a0975553ded68893ac1580e7b2d Mon Sep 17 00:00:00 2001 From: "Mr. Z" Date: Thu, 26 Mar 2026 11:43:51 -0400 Subject: [PATCH 2/4] feat(swagger): enhance API definitions and improve documentation Updated swagger.json to include additional properties for error fields, transaction requests, and policies. Improved endpoint descriptions and added missing tags for better organization. --- docs/swagger.json | 398 +++++++++++++++++++++++----------------------- 1 file changed, 199 insertions(+), 199 deletions(-) diff --git a/docs/swagger.json b/docs/swagger.json index 24560f8..43f5177 100644 --- a/docs/swagger.json +++ b/docs/swagger.json @@ -1,38 +1,147 @@ { - "swagger": "2.0", + "basePath": "/", + "definitions": { + "arcerrors.ErrorFields": { + "properties": { + "detail": { + "type": "string" + }, + "extraInfo": { + "type": "string" + }, + "status": { + "type": "integer" + }, + "title": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "fiber.TransactionRequest": { + "properties": { + "rawTx": { + "example": "0100000001...", + "type": "string" + } + }, + "type": "object" + }, + "models.Policy": { + "properties": { + "maxscriptsizepolicy": { + "type": "integer" + }, + "maxtxsigopscountspolicy": { + "type": "integer" + }, + "maxtxsizepolicy": { + "type": "integer" + }, + "miningFeeBytes": { + "type": "integer" + }, + "miningFeeSatoshis": { + "type": "integer" + } + }, + "type": "object" + }, + "models.Status": { + "enum": [ + "UNKNOWN", + "RECEIVED", + "SENT_TO_NETWORK", + "ACCEPTED_BY_NETWORK", + "SEEN_ON_NETWORK", + "DOUBLE_SPEND_ATTEMPTED", + "REJECTED", + "MINED", + "IMMUTABLE" + ], + "type": "string", + "x-enum-varnames": [ + "StatusUnknown", + "StatusReceived", + "StatusSentToNetwork", + "StatusAcceptedByNetwork", + "StatusSeenOnNetwork", + "StatusDoubleSpendAttempted", + "StatusRejected", + "StatusMined", + "StatusImmutable" + ] + }, + "models.TransactionStatus": { + "properties": { + "blockHash": { + "type": "string" + }, + "blockHeight": { + "type": "integer" + }, + "competingTxs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "extraInfo": { + "type": "string" + }, + "merklePath": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "status": { + "type": "integer" + }, + "timestamp": { + "type": "string" + }, + "txStatus": { + "$ref": "#/definitions/models.Status" + }, + "txid": { + "type": "string" + } + }, + "type": "object" + } + }, "info": { - "description": "BSV transaction broadcast service with ARC-compatible endpoints.", - "title": "Arcade API", "contact": { "name": "BSV Blockchain", "url": "https://github.com/bsv-blockchain/arcade" }, + "description": "BSV transaction broadcast service with ARC-compatible endpoints.", "license": { "name": "Open BSV License", "url": "https://github.com/bsv-blockchain/arcade/blob/main/LICENSE" }, + "title": "Arcade API", "version": "0.1.0" }, - "basePath": "/", "paths": { "/events": { "get": { "description": "Server-Sent Events stream of transaction status updates. If callbackToken is provided, only events for that token are streamed.", - "produces": [ - "text/event-stream" - ], - "tags": [ - "arcade" - ], - "summary": "Stream transaction events", "parameters": [ { - "type": "string", "description": "Callback token from transaction submission", + "in": "query", "name": "callbackToken", - "in": "query" + "type": "string" } ], + "produces": [ + "text/event-stream" + ], "responses": { "200": { "description": "SSE stream of transaction status updates", @@ -40,7 +149,11 @@ "type": "string" } } - } + }, + "summary": "Stream transaction events", + "tags": [ + "arcade" + ] } }, "/health": { @@ -49,10 +162,6 @@ "produces": [ "text/plain" ], - "tags": [ - "arcade" - ], - "summary": "Health check", "responses": { "200": { "description": "OK", @@ -66,7 +175,11 @@ "type": "string" } } - } + }, + "summary": "Health check", + "tags": [ + "arcade" + ] } }, "/policy": { @@ -75,10 +188,6 @@ "produces": [ "application/json" ], - "tags": [ - "arcade" - ], - "summary": "Get policy", "responses": { "200": { "description": "OK", @@ -86,65 +195,65 @@ "$ref": "#/definitions/models.Policy" } } - } + }, + "summary": "Get policy", + "tags": [ + "arcade" + ] } }, "/tx": { "post": { - "description": "Submit a single transaction for broadcast. Accepts raw transaction bytes, hex string, or JSON with rawTx field.", "consumes": [ "application/json", "application/octet-stream", "text/plain" ], - "produces": [ - "application/json" - ], - "tags": [ - "arcade" - ], - "summary": "Submit transaction", + "description": "Submit a single transaction for broadcast. Accepts raw transaction bytes, hex string, or JSON with rawTx field.", "parameters": [ { "description": "Transaction data", - "name": "transaction", "in": "body", + "name": "transaction", "required": true, "schema": { "$ref": "#/definitions/fiber.TransactionRequest" } }, { - "type": "string", "description": "URL for status callbacks", + "in": "header", "name": "X-CallbackUrl", - "in": "header" + "type": "string" }, { - "type": "string", "description": "Token for SSE event filtering", + "in": "header", "name": "X-CallbackToken", - "in": "header" + "type": "string" }, { - "type": "string", "description": "Send all status updates (true/false)", + "in": "header", "name": "X-FullStatusUpdates", - "in": "header" + "type": "string" }, { - "type": "string", "description": "Skip fee validation (true/false)", + "in": "header", "name": "X-SkipFeeValidation", - "in": "header" + "type": "string" }, { - "type": "string", "description": "Skip script validation (true/false)", + "in": "header", "name": "X-SkipScriptValidation", - "in": "header" + "type": "string" } ], + "produces": [ + "application/json" + ], "responses": { "200": { "description": "OK", @@ -167,34 +276,34 @@ "500": { "description": "Internal Server Error", "schema": { - "type": "object", "additionalProperties": { "type": "string" - } + }, + "type": "object" } } - } + }, + "summary": "Submit transaction", + "tags": [ + "arcade" + ] } }, "/tx/{txid}": { "get": { "description": "Get the current status of a submitted transaction", - "produces": [ - "application/json" - ], - "tags": [ - "arcade" - ], - "summary": "Get transaction status", "parameters": [ { - "type": "string", "description": "Transaction ID", - "name": "txid", "in": "path", - "required": true + "name": "txid", + "required": true, + "type": "string" } ], + "produces": [ + "application/json" + ], "responses": { "200": { "description": "OK", @@ -211,80 +320,80 @@ "500": { "description": "Internal Server Error", "schema": { - "type": "object", "additionalProperties": { "type": "string" - } + }, + "type": "object" } } - } + }, + "summary": "Get transaction status", + "tags": [ + "arcade" + ] } }, "/txs": { "post": { - "description": "Submit multiple transactions for broadcast", "consumes": [ "application/json" ], - "produces": [ - "application/json" - ], - "tags": [ - "arcade" - ], - "summary": "Submit multiple transactions", + "description": "Submit multiple transactions for broadcast", "parameters": [ { "description": "Array of transactions", - "name": "transactions", "in": "body", + "name": "transactions", "required": true, "schema": { - "type": "array", "items": { "$ref": "#/definitions/fiber.TransactionRequest" - } + }, + "type": "array" } }, { - "type": "string", "description": "URL for status callbacks", + "in": "header", "name": "X-CallbackUrl", - "in": "header" + "type": "string" }, { - "type": "string", "description": "Token for SSE event filtering", + "in": "header", "name": "X-CallbackToken", - "in": "header" + "type": "string" }, { - "type": "string", "description": "Send all status updates (true/false)", + "in": "header", "name": "X-FullStatusUpdates", - "in": "header" + "type": "string" }, { - "type": "string", "description": "Skip fee validation (true/false)", + "in": "header", "name": "X-SkipFeeValidation", - "in": "header" + "type": "string" }, { - "type": "string", "description": "Skip script validation (true/false)", + "in": "header", "name": "X-SkipScriptValidation", - "in": "header" + "type": "string" } ], + "produces": [ + "application/json" + ], "responses": { "200": { "description": "OK", "schema": { - "type": "array", "items": { "$ref": "#/definitions/models.TransactionStatus" - } + }, + "type": "array" } }, "400": { @@ -299,130 +408,21 @@ "$ref": "#/definitions/arcerrors.ErrorFields" } } - } - } - } - }, - "definitions": { - "arcerrors.ErrorFields": { - "type": "object", - "properties": { - "detail": { - "type": "string" }, - "extraInfo": { - "type": "string" - }, - "status": { - "type": "integer" - }, - "title": { - "type": "string" - }, - "type": { - "type": "string" - } - } - }, - "fiber.TransactionRequest": { - "type": "object", - "properties": { - "rawTx": { - "type": "string", - "example": "0100000001..." - } - } - }, - "models.Policy": { - "type": "object", - "properties": { - "maxscriptsizepolicy": { - "type": "integer" - }, - "maxtxsigopscountspolicy": { - "type": "integer" - }, - "maxtxsizepolicy": { - "type": "integer" - }, - "miningFeeBytes": { - "type": "integer" - }, - "miningFeeSatoshis": { - "type": "integer" - } - } - }, - "models.Status": { - "type": "string", - "enum": [ - "UNKNOWN", - "RECEIVED", - "SENT_TO_NETWORK", - "ACCEPTED_BY_NETWORK", - "SEEN_ON_NETWORK", - "DOUBLE_SPEND_ATTEMPTED", - "REJECTED", - "MINED", - "IMMUTABLE" - ], - "x-enum-varnames": [ - "StatusUnknown", - "StatusReceived", - "StatusSentToNetwork", - "StatusAcceptedByNetwork", - "StatusSeenOnNetwork", - "StatusDoubleSpendAttempted", - "StatusRejected", - "StatusMined", - "StatusImmutable" - ] - }, - "models.TransactionStatus": { - "type": "object", - "properties": { - "blockHash": { - "type": "string" - }, - "blockHeight": { - "type": "integer" - }, - "competingTxs": { - "type": "array", - "items": { - "type": "string" - } - }, - "extraInfo": { - "type": "string" - }, - "merklePath": { - "type": "array", - "items": { - "type": "integer" - } - }, - "status": { - "type": "integer" - }, - "timestamp": { - "type": "string" - }, - "txStatus": { - "$ref": "#/definitions/models.Status" - }, - "txid": { - "type": "string" - } + "summary": "Submit multiple transactions", + "tags": [ + "arcade" + ] } } }, "securityDefinitions": { "BearerAuth": { "description": "Bearer token authentication", - "type": "apiKey", + "in": "header", "name": "Authorization", - "in": "header" + "type": "apiKey" } - } + }, + "swagger": "2.0" } From 980c290a963ae71256b6c336636292eafc197012 Mon Sep 17 00:00:00 2001 From: "Mr. Z" Date: Thu, 26 Mar 2026 11:44:05 -0400 Subject: [PATCH 3/4] chore(deps): update go-chaintracks and AWS SDK dependencies Updated go-chaintracks to v1.2.0 and various AWS SDK components to their latest versions for improved functionality and security. --- go.mod | 18 +++++++++--------- go.sum | 36 ++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index dd12294..49c4f7b 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/bsv-blockchain/arcade go 1.26.0 require ( - github.com/bsv-blockchain/go-chaintracks v1.1.5 + github.com/bsv-blockchain/go-chaintracks v1.2.0 github.com/bsv-blockchain/go-p2p-message-bus v0.1.13 github.com/bsv-blockchain/go-sdk v1.2.19 github.com/bsv-blockchain/go-teranode-p2p-client v0.2.0 @@ -27,11 +27,11 @@ require ( github.com/aerospike/aerospike-client-go/v8 v8.6.0 // indirect github.com/andybalholm/brotli v1.2.0 // indirect github.com/aws/aws-sdk-go-v2 v1.41.4 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.7 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 // indirect github.com/aws/aws-sdk-go-v2/config v1.32.12 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.19.12 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20 // indirect - github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.10 // indirect + github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.11 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.20 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.20 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6 // indirect @@ -40,7 +40,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.12 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.20 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.20 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.97.1 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.97.2 // indirect github.com/aws/aws-sdk-go-v2/service/signin v1.0.8 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.30.13 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.17 // indirect @@ -49,7 +49,7 @@ require ( github.com/benbjohnson/clock v1.3.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bsv-blockchain/go-batcher v1.2.11 // indirect - github.com/bsv-blockchain/go-bt/v2 v2.6.1 // indirect + github.com/bsv-blockchain/go-bt/v2 v2.6.2 // indirect github.com/bsv-blockchain/go-chaincfg v1.5.6 // indirect github.com/bsv-blockchain/go-lockfree-queue v1.1.2 // indirect github.com/bsv-blockchain/go-safe-conversion v1.1.2 // indirect @@ -170,24 +170,24 @@ require ( github.com/ncruces/go-strftime v1.0.0 // indirect github.com/ordishs/gocore v1.0.81 // indirect github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect - github.com/pelletier/go-toml/v2 v2.2.4 // indirect + github.com/pelletier/go-toml/v2 v2.3.0 // indirect github.com/pierrec/lz4/v4 v4.1.26 // indirect github.com/pion/datachannel v1.6.0 // indirect github.com/pion/dtls/v3 v3.1.2 // indirect - github.com/pion/ice/v4 v4.2.1 // indirect + github.com/pion/ice/v4 v4.2.2 // indirect github.com/pion/interceptor v0.1.44 // indirect github.com/pion/logging v0.2.4 // indirect github.com/pion/mdns/v2 v2.1.0 // indirect github.com/pion/randutil v0.1.0 // indirect github.com/pion/rtcp v1.2.16 // indirect github.com/pion/rtp v1.10.1 // indirect - github.com/pion/sctp v1.9.3 // indirect + github.com/pion/sctp v1.9.4 // indirect github.com/pion/sdp/v3 v3.0.18 // indirect github.com/pion/srtp/v3 v3.0.10 // indirect github.com/pion/stun/v3 v3.1.1 // indirect github.com/pion/transport/v4 v4.0.1 // indirect github.com/pion/turn/v4 v4.1.4 // indirect - github.com/pion/webrtc/v4 v4.2.9 // indirect + github.com/pion/webrtc/v4 v4.2.11 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/polydawn/refmt v0.89.1-0.20231129105047-37766d95467a // indirect diff --git a/go.sum b/go.sum index cf7dd45..7702345 100644 --- a/go.sum +++ b/go.sum @@ -67,16 +67,16 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/aws/aws-sdk-go-v2 v1.41.4 h1:10f50G7WyU02T56ox1wWXq+zTX9I1zxG46HYuG1hH/k= github.com/aws/aws-sdk-go-v2 v1.41.4/go.mod h1:mwsPRE8ceUUpiTgF7QmQIJ7lgsKUPQOUl3o72QBrE1o= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.7 h1:3kGOqnh1pPeddVa/E37XNTaWJ8W6vrbYV9lJEkCnhuY= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.7/go.mod h1:lyw7GFp3qENLh7kwzf7iMzAxDn+NzjXEAGjKS2UOKqI= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 h1:eBMB84YGghSocM7PsjmmPffTa+1FBUeNvGvFou6V/4o= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8/go.mod h1:lyw7GFp3qENLh7kwzf7iMzAxDn+NzjXEAGjKS2UOKqI= github.com/aws/aws-sdk-go-v2/config v1.32.12 h1:O3csC7HUGn2895eNrLytOJQdoL2xyJy0iYXhoZ1OmP0= github.com/aws/aws-sdk-go-v2/config v1.32.12/go.mod h1:96zTvoOFR4FURjI+/5wY1vc1ABceROO4lWgWJuxgy0g= github.com/aws/aws-sdk-go-v2/credentials v1.19.12 h1:oqtA6v+y5fZg//tcTWahyN9PEn5eDU/Wpvc2+kJ4aY8= github.com/aws/aws-sdk-go-v2/credentials v1.19.12/go.mod h1:U3R1RtSHx6NB0DvEQFGyf/0sbrpJrluENHdPy1j/3TE= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20 h1:zOgq3uezl5nznfoK3ODuqbhVg1JzAGDUhXOsU0IDCAo= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20/go.mod h1:z/MVwUARehy6GAg/yQ1GO2IMl0k++cu1ohP9zo887wE= -github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.10 h1:2KCL4TmeiNvpPedtC4Bey5jvjRLD74WUYqGeHJ//aco= -github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.10/go.mod h1:KwaiUFVO7pG8Z9F5bMGvvrRibdSDaAu8HtlKGKkjZSA= +github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.11 h1:UDj3NP0bcHZpoAm1IR/NG5YduEcXXIsVxpaKVsfU5kU= +github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.11/go.mod h1:wp9dMZykzIPOEwVxr4p4fkDY0sHDoMRvo4NBCD4N2Xs= github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.20 h1:CNXO7mvgThFGqOFgbNAP2nol2qAWBOGfqR/7tQlvLmc= github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.20/go.mod h1:oydPDJKcfMhgfcgBUZaG+toBbwy8yPWubJXBVERtI4o= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.20 h1:tN6W/hg+pkM+tf9XDkWUbDEjGLb+raoBMFsTodcoYKw= @@ -93,8 +93,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.20 h1:2HvVAIq+ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.20/go.mod h1:V4X406Y666khGa8ghKmphma/7C0DAtEQYhkq9z4vpbk= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.20 h1:siU1A6xjUZ2N8zjTHSXFhB9L/2OY8Dqs0xXiLjF30jA= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.20/go.mod h1:4TLZCmVJDM3FOu5P5TJP0zOlu9zWgDWU7aUxWbr+rcw= -github.com/aws/aws-sdk-go-v2/service/s3 v1.97.1 h1:csi9NLpFZXb9fxY7rS1xVzgPRGMt7MSNWeQ6eo247kE= -github.com/aws/aws-sdk-go-v2/service/s3 v1.97.1/go.mod h1:qXVal5H0ChqXP63t6jze5LmFalc7+ZE7wOdLtZ0LCP0= +github.com/aws/aws-sdk-go-v2/service/s3 v1.97.2 h1:MRNiP6nqa20aEl8fQ6PJpEq11b2d40b16sm4WD7QgMU= +github.com/aws/aws-sdk-go-v2/service/s3 v1.97.2/go.mod h1:FrNA56srbsr3WShiaelyWYEo70x80mXnVZ17ZZfbeqg= github.com/aws/aws-sdk-go-v2/service/signin v1.0.8 h1:0GFOLzEbOyZABS3PhYfBIx2rNBACYcKty+XGkTgw1ow= github.com/aws/aws-sdk-go-v2/service/signin v1.0.8/go.mod h1:LXypKvk85AROkKhOG6/YEcHFPoX+prKTowKnVdcaIxE= github.com/aws/aws-sdk-go-v2/service/sso v1.30.13 h1:kiIDLZ005EcKomYYITtfsjn7dtOwHDOFy7IbPXKek2o= @@ -113,12 +113,12 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/bsv-blockchain/go-batcher v1.2.11 h1:jYoEfNukLGbmbtacVYBxt/crSEdMlhIL0VxW6xGIHMI= github.com/bsv-blockchain/go-batcher v1.2.11/go.mod h1:NhaO+yJ3eXmR+cavzaUsA2IL5/JQp6wO4OUvJ1JHISI= -github.com/bsv-blockchain/go-bt/v2 v2.6.1 h1:cqtRlqOPUb0qWCAvhtdBqWZmBhVlPND8yCZ3yPNFYtM= -github.com/bsv-blockchain/go-bt/v2 v2.6.1/go.mod h1:Roub1gyqaLT2X2QuCO/3A3sPbIqRztOMeVr6gLcijWE= +github.com/bsv-blockchain/go-bt/v2 v2.6.2 h1:hwces7nj4RMcNpEJxRZSnNVuwvuUbME+oMvtGVzLky4= +github.com/bsv-blockchain/go-bt/v2 v2.6.2/go.mod h1:yAUftVqYfcgYgxVEKtiA/0HXGD1az8MWD3hgnGT/0gM= github.com/bsv-blockchain/go-chaincfg v1.5.6 h1:fjTngPQLG0Z9H3U/c8YVJKvr63gy4oqjiflqQvvWggU= github.com/bsv-blockchain/go-chaincfg v1.5.6/go.mod h1:uWYO61x0CwnChjh79/8hOpoa+OkBOzTw9NlbNMjqchE= -github.com/bsv-blockchain/go-chaintracks v1.1.5 h1:x/aiGDoSjg/DadiKECSFFbwpa2H/QdUFD2stXOhKhxo= -github.com/bsv-blockchain/go-chaintracks v1.1.5/go.mod h1:vxBY9lhoTnZ8gOB6M320sRaV6BSWxYBahzsREFBEJhg= +github.com/bsv-blockchain/go-chaintracks v1.2.0 h1:+QnN1+XXVpzhvyMyCDaMPAbprhZjSdQ2FBvt8cujauk= +github.com/bsv-blockchain/go-chaintracks v1.2.0/go.mod h1:HYPBWDUFjjNDZf/esRNXsaIF46odNHP3u3i8PGyhoBw= github.com/bsv-blockchain/go-lockfree-queue v1.1.2 h1:KjW2TZ9Mewe9xjyf5SV0L5wFjjwJTD7v2yVoFvz4S+A= github.com/bsv-blockchain/go-lockfree-queue v1.1.2/go.mod h1:1ah9XaAKnXdZwoAAlBZCX+cd3mMRDTlxKIRY6tVsiOM= github.com/bsv-blockchain/go-p2p-message-bus v0.1.13 h1:gSQsKkXDPfcA3AMgQwpQ/TTjcGS+zqDdx02wdyRDfak= @@ -636,16 +636,16 @@ github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FI github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0= github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4= -github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= +github.com/pelletier/go-toml/v2 v2.3.0 h1:k59bC/lIZREW0/iVaQR8nDHxVq8OVlIzYCOJf421CaM= +github.com/pelletier/go-toml/v2 v2.3.0/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= github.com/pierrec/lz4/v4 v4.1.26 h1:GrpZw1gZttORinvzBdXPUXATeqlJjqUG/D87TKMnhjY= github.com/pierrec/lz4/v4 v4.1.26/go.mod h1:EoQMVJgeeEOMsCqCzqFm2O0cJvljX2nGZjcRIPL34O4= github.com/pion/datachannel v1.6.0 h1:XecBlj+cvsxhAMZWFfFcPyUaDZtd7IJvrXqlXD/53i0= github.com/pion/datachannel v1.6.0/go.mod h1:ur+wzYF8mWdC+Mkis5Thosk+u/VOL287apDNEbFpsIk= github.com/pion/dtls/v3 v3.1.2 h1:gqEdOUXLtCGW+afsBLO0LtDD8GnuBBjEy6HRtyofZTc= github.com/pion/dtls/v3 v3.1.2/go.mod h1:Hw/igcX4pdY69z1Hgv5x7wJFrUkdgHwAn/Q/uo7YHRo= -github.com/pion/ice/v4 v4.2.1 h1:XPRYXaLiFq3LFDG7a7bMrmr3mFr27G/gtXN3v/TVfxY= -github.com/pion/ice/v4 v4.2.1/go.mod h1:2quLV1S5v1tAx3VvAJaH//KGitRXvo4RKlX6D3tnN+c= +github.com/pion/ice/v4 v4.2.2 h1:dQJzzcgTFHDYyV3BoCfjPeX+JEtr58BWPi4PGyo6Vjg= +github.com/pion/ice/v4 v4.2.2/go.mod h1:2quLV1S5v1tAx3VvAJaH//KGitRXvo4RKlX6D3tnN+c= github.com/pion/interceptor v0.1.44 h1:sNlZwM8dWXU9JQAkJh8xrarC0Etn8Oolcniukmuy0/I= github.com/pion/interceptor v0.1.44/go.mod h1:4atVlBkcgXuUP+ykQF0qOCGU2j7pQzX2ofvPRFsY5RY= github.com/pion/logging v0.2.4 h1:tTew+7cmQ+Mc1pTBLKH2puKsOvhm32dROumOZ655zB8= @@ -658,8 +658,8 @@ github.com/pion/rtcp v1.2.16 h1:fk1B1dNW4hsI78XUCljZJlC4kZOPk67mNRuQ0fcEkSo= github.com/pion/rtcp v1.2.16/go.mod h1:/as7VKfYbs5NIb4h6muQ35kQF/J0ZVNz2Z3xKoCBYOo= github.com/pion/rtp v1.10.1 h1:xP1prZcCTUuhO2c83XtxyOHJteISg6o8iPsE2acaMtA= github.com/pion/rtp v1.10.1/go.mod h1:rF5nS1GqbR7H/TCpKwylzeq6yDM+MM6k+On5EgeThEM= -github.com/pion/sctp v1.9.3 h1:tjuOX9K/U4udMR2I7QDqr4sLE0tFzegtou7OF4a7p8A= -github.com/pion/sctp v1.9.3/go.mod h1:N20Dq6LY+JvJDAh9VVh1JELngb2rQ8dPgds5yBWiPgw= +github.com/pion/sctp v1.9.4 h1:cMxEu0F5tbP4qH07bKf1Zjf4rUih9LIo0qQt424e258= +github.com/pion/sctp v1.9.4/go.mod h1:N20Dq6LY+JvJDAh9VVh1JELngb2rQ8dPgds5yBWiPgw= github.com/pion/sdp/v3 v3.0.18 h1:l0bAXazKHpepazVdp+tPYnrsy9dfh7ZbT8DxesH5ZnI= github.com/pion/sdp/v3 v3.0.18/go.mod h1:ZREGo6A9ZygQ9XkqAj5xYCQtQpif0i6Pa81HOiAdqQ8= github.com/pion/srtp/v3 v3.0.10 h1:tFirkpBb3XccP5VEXLi50GqXhv5SKPxqrdlhDCJlZrQ= @@ -672,8 +672,8 @@ github.com/pion/transport/v4 v4.0.1 h1:sdROELU6BZ63Ab7FrOLn13M6YdJLY20wldXW2Cu2k github.com/pion/transport/v4 v4.0.1/go.mod h1:nEuEA4AD5lPdcIegQDpVLgNoDGreqM/YqmEx3ovP4jM= github.com/pion/turn/v4 v4.1.4 h1:EU11yMXKIsK43FhcUnjLlrhE4nboHZq+TXBIi3QpcxQ= github.com/pion/turn/v4 v4.1.4/go.mod h1:ES1DXVFKnOhuDkqn9hn5VJlSWmZPaRJLyBXoOeO/BmQ= -github.com/pion/webrtc/v4 v4.2.9 h1:DZIh1HAhPIL3RvwEDFsmL5hfPSLEpxsQk9/Jir2vkJE= -github.com/pion/webrtc/v4 v4.2.9/go.mod h1:9EmLZve0H76eTzf8v2FmchZ6tcBXtDgpfTEu+drW6SY= +github.com/pion/webrtc/v4 v4.2.11 h1:QUX1QZKlNIn4O7U5JxLPGP0sV5RTncZkzu9SPR3jVNU= +github.com/pion/webrtc/v4 v4.2.11/go.mod h1:s/rAiyy77GyRFrZMx+Ls6aua26dIBPudH8/ZHYbIRWY= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= From 81959b2d04e0e7a369f39e4edccc1a9ed92bdac7 Mon Sep 17 00:00:00 2001 From: "Mr. Z" Date: Thu, 26 Mar 2026 11:51:59 -0400 Subject: [PATCH 4/4] chore(env): update CVE exclusions for Nancy and Mage-X --- .github/env/90-project.env | 31 ++----------------------------- 1 file changed, 2 insertions(+), 29 deletions(-) diff --git a/.github/env/90-project.env b/.github/env/90-project.env index d0bcdc6..b5e09c4 100644 --- a/.github/env/90-project.env +++ b/.github/env/90-project.env @@ -43,34 +43,7 @@ GO_COVERAGE_EXCLUDE_PATHS=.github/,.mage-cache/,.vscode/,bin/,example/,examples/ # ================================================================================================ # Nancy CVE Exclusions -NANCY_EXCLUDES=CVE-2024-38513,CVE-2023-45142,CVE-2025-64702,CVE-2021-43668,CVE-2023-26248,CVE-2026-24051,CVE-2026-26014,CVE-2026-26958,CVE-2025-15558,CVE-2026-4427 +NANCY_EXCLUDES=CVE-2024-38513,CVE-2023-45142,CVE-2025-64702,CVE-2021-43668,CVE-2023-26248,CVE-2026-24051,CVE-2026-26014,CVE-2026-26958,CVE-2025-15558,CVE-2026-4427,CVE-2026-33809 # Govulncheck/Magex CVE Exclusions -MAGE_X_CVE_EXCLUDES=CVE-2024-38513,CVE-2023-45142,CVE-2025-64702,CVE-2021-43668,CVE-2023-26248,CVE-2026-24051,CVE-2026-26014,CVE-2026-26958,CVE-2025-15558,CVE-2026-4427 - -# CVE-2026-26014 for pion/dtls (EXCLUDED: Invalid/non-existent CVE) -# -# Vulnerability: CVE-2026-26014 -# False positive from Nancy scan - this CVE does not exist in public databases -# (NVD, OSS Index, or pion/dtls security advisories as of 2026-02-12) -# Affected packages: github.com/pion/dtls/v2@v2.2.12, github.com/pion/dtls/v3@v3.0.10 -# Current versions: v2.2.12 (latest v2), v3.1.2 (latest v3, includes security fixes) -# Rationale: No actual vulnerability exists. Nancy likely reporting stale/incorrect data. -# Resolution: Excluded as false positive. Already using latest pion/dtls versions. - -# CVE-2026-26958 for filippo.io/edwards25519@v1.1.0 (CWE-665 Improper Initialization) -# Transitive dependency via github.com/bsv-blockchain/teranode@v0.13.2. -# Advisory notes that uses "only through github.com/go-sql-driver/mysql are not affected", -# which is our path (teranode uses it for MySQL auth). Cannot upgrade via go mod tidy since -# no package in this module directly imports edwards25519; pin would be removed. Will resolve -# when teranode upgrades to filippo.io/edwards25519 v1.2.0. - -# CVE-2026-24051 for go.opentelemetry.io/otel/sdk@v1.39.0 (macOS PATH hijacking - low risk) -# CVE-2025-64702 for quic-go@v0.55.0 -# GO-2024-3218: Content Censorship in IPFS via Kademlia DHT abuse in github.com/libp2p/go-libp2p-kad-dht -# More info: https://pkg.go.dev/vuln/GO-2024-3218 -# Module: github.com/libp2p/go-libp2p-kad-dht@v0.35.1 - -# CVE-2025-15558 for docker/compose/v2 (Windows-only Docker CLI plugin path vulnerability) -# Affects only Windows hosts; not applicable to Linux CI/production environments. -# Transitive dependency, cannot be upgraded independently. +MAGE_X_CVE_EXCLUDES=CVE-2024-38513,CVE-2023-45142,CVE-2025-64702,CVE-2021-43668,CVE-2023-26248,CVE-2026-24051,CVE-2026-26014,CVE-2026-26958,CVE-2025-15558,CVE-2026-4427,CVE-2026-33809