From 84fd18b98272140d767bf95b6a4e24782f8901a6 Mon Sep 17 00:00:00 2001 From: Martin Hutchinson Date: Wed, 10 Jun 2026 10:42:07 +0000 Subject: [PATCH 1/2] Lowered go.mod to 1.25.0 This restores support for consumers still using Go 1.25. The previous bump to `go 1.26.4` forced all consumers of this library to use Go 1.26 or newer. The codebase does not use any Go 1.26-specific features, making the `1.26` language requirement unnecessary. `go1.25.11` contains the same critical security patches as `go1.26.4` (fixing vulnerabilities in `crypto/x509`, `net/textproto`, and `mime`). Go's toolchain auto-switching (introduced in Go 1.21) will automatically download and use `go1.25.11` for developers working on this module if their local toolchain is older, ensuring they build with the secure version without forcing a major Go upgrade. --- go.mod | 4 +++- go.sum | 10 +++------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index b1e8c79..c3f393c 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module github.com/bitfield/script -go 1.26.4 +go 1.25.0 + +toolchain go1.25.11 require ( github.com/google/go-cmp v0.5.9 diff --git a/go.sum b/go.sum index d81deb2..2a74125 100644 --- a/go.sum +++ b/go.sum @@ -1,24 +1,20 @@ -github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= +github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/itchyny/gojq v0.12.12 h1:x+xGI9BXqKoJQZkr95ibpe3cdrTbY8D9lonrK433rcA= -github.com/itchyny/gojq v0.12.12/go.mod h1:j+3sVkjxwd7A7Z5jrbKibgOLn0ZfLWkV+Awxr/pyzJE= github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU= github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4= github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8= golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8= -mvdan.cc/sh/v3 v3.6.0 h1:gtva4EXJ0dFNvl5bHjcUEvws+KRcDslT8VKheTYkbGU= -mvdan.cc/sh/v3 v3.6.0/go.mod h1:U4mhtBLZ32iWhif5/lD+ygy1zrgaQhUu+XFy7C8+TTA= mvdan.cc/sh/v3 v3.7.0 h1:lSTjdP/1xsddtaKfGg7Myu7DnlHItd3/M2tomOcNNBg= mvdan.cc/sh/v3 v3.7.0/go.mod h1:K2gwkaesF/D7av7Kxl0HbF5kGOd2ArupNTX3X44+8l8= From 581913bd92cff6449c963ec21e4821cbc27de692 Mon Sep 17 00:00:00 2001 From: Martin Hutchinson Date: Wed, 10 Jun 2026 10:47:13 +0000 Subject: [PATCH 2/2] Changed toolchain to 1.26.4 This makes govulncheck work even for users with go1.26.{0-3} --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index c3f393c..0e7c1c6 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/bitfield/script go 1.25.0 -toolchain go1.25.11 +toolchain go1.26.4 require ( github.com/google/go-cmp v0.5.9