cloudfoundry · chombium · Feb 27, 2026 · Feb 24, 2026 · Feb 27, 2026
@@ -9,7 +9,7 @@ require (
 	code.cloudfoundry.org/go-loggregator/v10 v10.2.0
 	code.cloudfoundry.org/go-metric-registry v0.0.0-20260203145707-c2be33097cc5
 	code.cloudfoundry.org/go-pubsub v0.0.0-20251204080526-f88eccbecd26
-	code.cloudfoundry.org/tlsconfig v0.45.0
+	code.cloudfoundry.org/tlsconfig v0.46.0
 	github.com/cloudfoundry/noaa/v2 v2.5.0
 	github.com/cloudfoundry/sonde-go v0.0.0-20251217143644-d1670a435f2a
 	github.com/gorilla/handlers v1.5.2
@@ -24,7 +24,7 @@ require (
 )
 
 require (
-	filippo.io/edwards25519 v1.1.0 // indirect
+	filippo.io/edwards25519 v1.2.0 // indirect
 	github.com/Masterminds/semver/v3 v3.4.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -43,7 +43,7 @@ require (
 	github.com/prometheus/common v0.67.5 // indirect
 	github.com/prometheus/procfs v0.19.2 // indirect
 	github.com/square/certstrap v1.3.0 // indirect
-	go.step.sm/crypto v0.76.0 // indirect
+	go.step.sm/crypto v0.76.2 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/crypto v0.48.0 // indirect

@@ -10,10 +10,10 @@ code.cloudfoundry.org/go-metric-registry v0.0.0-20260203145707-c2be33097cc5 h1:j
 code.cloudfoundry.org/go-metric-registry v0.0.0-20260203145707-c2be33097cc5/go.mod h1:FB69X7y8uQj4DvQzE1OXlqXFgV6sfvw7Tt9X84zpRqw=
 code.cloudfoundry.org/go-pubsub v0.0.0-20251204080526-f88eccbecd26 h1:fXQbh80O2qLsEM3cegK9hyNiGj448CqqAzdzDSCYiVo=
 code.cloudfoundry.org/go-pubsub v0.0.0-20251204080526-f88eccbecd26/go.mod h1:QxOFtPAFdKuZ2+ZsNW9GcMfxc8wAucVJ7dCuai+H6+s=
-code.cloudfoundry.org/tlsconfig v0.45.0 h1:axem2ESLqMm645WyTkw1RZ9zjfZzUiojImNqxGXEtlI=
-code.cloudfoundry.org/tlsconfig v0.45.0/go.mod h1:62TfSYz4O4pgggNLF0wEZOTr2ZtrsnKPX9c2LSL1Cl0=
-filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
-filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+code.cloudfoundry.org/tlsconfig v0.46.0 h1:i9F12K8EWBwL5mBd/rUm/rYAV/Ky34lYyoLzngLXAV8=
+code.cloudfoundry.org/tlsconfig v0.46.0/go.mod h1:RsHyB52jxwVeKn1loOEOrgEEA84vTqwFeOq933uVe+g=
+filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo=
+filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc=
 github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/apoydence/eachers v0.0.0-20181020210610-23942921fe77 h1:afT88tB6u9JCKQZVAAaa9ICz/uGn5Uw9ekn6P22mYKM=
@@ -156,8 +156,8 @@ go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2W
 go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
 go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
 go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
-go.step.sm/crypto v0.76.0 h1:K23BSaeoiY7Y5dvvijTeYC9EduDBetNwQYMBwMhi1aA=
-go.step.sm/crypto v0.76.0/go.mod h1:PXYJdKkK8s+GHLwLguFaLxHNAFsFL3tL1vSBrYfey5k=
+go.step.sm/crypto v0.76.2 h1:JJ/yMcs/rmcCAwlo+afrHjq74XBFRTJw5B2y4Q4Z4c4=
+go.step.sm/crypto v0.76.2/go.mod h1:m6KlB/HzIuGFep0UWI5e0SYi38UxpoKeCg6qUaHV6/Q=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=

@@ -22,7 +22,7 @@ type LogAccessAuthorization struct {
 type LogAdminAuthorization struct {
 	Addr         string `env:"LOG_ADMIN_ADDR,          required, report"`
 	ClientID     string `env:"LOG_ADMIN_CLIENT_ID,     required"`
-	ClientSecret string `env:"LOG_ADMIN_CLIENT_SECRET, required"`
+	ClientSecret string `env:"LOG_ADMIN_CLIENT_SECRET, required"` //nolint:gosec
 	CAPath       string `env:"LOG_ADMIN_CA_PATH,       required, report"`
 }
 

@@ -469,7 +469,7 @@ func (tc *testClient) open(url string) (*http.Response, error) {
 	}
 	req.Header.Set("Authorization", "my-token")
 
-	resp, err := tc.client.Do(req)
+	resp, err := tc.client.Do(req) //nolint:gosec
 	if err != nil {
 		panic(err)
 	}

@@ -129,7 +129,7 @@ func (c *CAPIClient) AvailableSourceIDs(token string) []string {
 	}(resp)
 
 	if resp.StatusCode != http.StatusOK {
-		log.Printf("CAPI request failed (/v3/apps): %d", resp.StatusCode)
+		log.Printf("CAPI request failed (/v3/apps): %d", resp.StatusCode) //nolint:gosec
 		return nil
 	}
 
@@ -169,7 +169,7 @@ func (c *CAPIClient) AvailableSourceIDs(token string) []string {
 	}(resp)
 
 	if resp.StatusCode != http.StatusOK {
-		log.Printf("CAPI request failed (/v3/service_instances): %d", resp.StatusCode)
+		log.Printf("CAPI request failed (/v3/service_instances): %d", resp.StatusCode) //nolint:gosec
 		return nil
 	}
 

@@ -41,7 +41,7 @@ func StartRouter(conf app.Config) (cleanup func(), rp RouterPorts) {
 	Expect(routerPath).ToNot(BeEmpty())
 
 	By("starting router")
-	routerCommand := exec.Command(routerPath)
+	routerCommand := exec.Command(routerPath) //nolint:gosec
 	routerCommand.Env = envstruct.ToEnv(&conf)
 
 	routerSession, err := gexec.Start(

@@ -40,7 +40,7 @@ func waitForPortBinding(prefix string, buf *gbytes.Buffer) int {
 		if len(result) == 2 {
 			port, err := strconv.Atoi(string(result[1]))
 			if err != nil {
-				log.Panicf("unable to parse port number, port: %#v", result[1])
+				log.Panicf("unable to parse port number, port: %#v", result[1]) //nolint:gosec
 			}
 			return port
 		}

@@ -57,7 +57,7 @@ func StartTrafficController(conf tcConf.Config) (cleanup func(), tp TrafficContr
 	Expect(tcPath).ToNot(BeEmpty())
 
 	By("starting trafficcontroller")
-	tcCommand := exec.Command(tcPath)
+	tcCommand := exec.Command(tcPath) //nolint:gosec
 	tcCommand.Env = envstruct.ToEnv(&conf)
 	tcSession, err := gexec.Start(
 		tcCommand,

@@ -35,7 +35,7 @@ func NewLogAccessAuthorizer(c *http.Client, disableAccessControl bool, apiHost s
 		}
 
 		req.Header.Set("Authorization", authToken)
-		res, err := c.Do(req)
+		res, err := c.Do(req) //nolint:gosec
 		if err != nil {
 			log.Printf("Could not get app information: [%s]", err)
 			return http.StatusInternalServerError, err
@@ -44,7 +44,7 @@ func NewLogAccessAuthorizer(c *http.Client, disableAccessControl bool, apiHost s
 
 		err = nil
 		if res.StatusCode != 200 {
-			log.Printf("Non 200 response from CC API: %d for %q", res.StatusCode, target)
+			log.Printf("Non 200 response from CC API: %d for %q", res.StatusCode, target) //nolint:gosec
 			err = errors.New(http.StatusText(res.StatusCode))
 		}
 

@@ -38,7 +38,7 @@ func (c *uaaClient) GetAuthData(token string) (*AuthData, error) {
 	req.SetBasicAuth(c.id, c.secret)
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 
-	response, err := c.httpClient.Do(req)
+	response, err := c.httpClient.Do(req) //nolint:gosec
 	if err != nil {
 		return nil, err
 	}

@@ -23,7 +23,7 @@ func (m *AdminAccessMiddleware) Wrap(h http.Handler) http.Handler {
 		if !authorized {
 			w.Header().Set("WWW-Authenticate", "Basic")
 			w.WriteHeader(http.StatusUnauthorized)
-			fmt.Fprintf(w, "You are not authorized. %s", err.Error())
+			fmt.Fprintf(w, "You are not authorized. %s", err.Error()) //nolint:gosec
 			return
 		}
 

@@ -92,7 +92,7 @@ func (s *WebSocketServer) ServeWS(
 					eventBody,
 				)
 
-				log.Printf("Doppler Proxy: Slow Consumer from %s using %s", r.RemoteAddr, r.URL)
+				log.Printf("Doppler Proxy: Slow Consumer from %s using %s", r.RemoteAddr, r.URL) //nolint:gosec
 				return
 			}
 		}
-Original file line number
+Diff line change
@@ Expand Up / @@ -92,7 +92,7 @@ func (s *WebSocketServer) ServeWS( @@
     					eventBody,
     				)
-    				log.Printf("Doppler Proxy: Slow Consumer from %s using %s", r.RemoteAddr, r.URL)
+    				log.Printf("Doppler Proxy: Slow Consumer from %s using %s", r.RemoteAddr, r.URL) //nolint:gosec
     				return
     			}
     		}
@@ Expand Down @@