Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: gomods/athens
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.16.1
Choose a base ref
...
head repository: gomods/athens
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
  • 9 commits
  • 12 files changed
  • 4 contributors

Commits on Sep 21, 2025

  1. feat: build docs and publish to GitHub pages (#2067) 

    * try: build docs

* try: build docs

* try: publish

* try: verify publishing works on fork

* try: verify publishing works on fork

* try: publish pages using actions/deploy-pages

* try: publish pages using actions/deploy-pages

* try: publish pages using actions/deploy-pages

* try: publish pages using actions/deploy-pages

* feat: build docs and deploy to GitHub pages

* fix: run on PRs for main

* try: baseURL with custom domain

* try: baseURL with custom domain

* fix: revert baseURL with custom domain, it works.
    @DrPsychick
    DrPsychick authored Sep 21, 2025
    Configuration menu
    Copy the full SHA
    4205b65 View commit details
    Browse the repository at this point in the history

Commits on Sep 22, 2025

  1. update-github-action(deps): bump actions/upload-pages-artifact (#2068) 

    Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](actions/upload-pages-artifact@v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 22, 2025
    Configuration menu
    Copy the full SHA
    89cee24 View commit details
    Browse the repository at this point in the history

  2. fix: use request.URL.Host if set (#2069)

    @DrPsychick
    DrPsychick authored Sep 22, 2025
    Configuration menu
    Copy the full SHA
    341bf97 View commit details
    Browse the repository at this point in the history

Commits on Sep 26, 2025

  1. use https if proxied (#2033)

    @swills
    swills authored Sep 26, 2025
    Configuration menu
    Copy the full SHA
    8e313b6 View commit details
    Browse the repository at this point in the history

  2. fix: add tzdata to image (#2072)

    @DrPsychick
    DrPsychick authored Sep 26, 2025
    Configuration menu
    Copy the full SHA
    9c32602 View commit details
    Browse the repository at this point in the history

Commits on Sep 29, 2025

  1. update-github-action(deps): bump actions/setup-go from 5 to 6 (#2073) 

    Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 29, 2025
    Configuration menu
    Copy the full SHA
    d0d643a View commit details
    Browse the repository at this point in the history

Commits on Oct 5, 2025

  1. chore: update container image to go 1.25.1 (#2074)

    @DrPsychick
    DrPsychick authored Oct 5, 2025
    Configuration menu
    Copy the full SHA
    5e91da6 View commit details
    Browse the repository at this point in the history

Commits on Oct 13, 2025

  1. update-github-action(deps): bump github/codeql-action from 3 to 4 (#2076 

    )

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 13, 2025
    Configuration menu
    Copy the full SHA
    28bc9a8 View commit details
    Browse the repository at this point in the history

Commits on Oct 23, 2025

  1. go.mod: vulnerabilities: bump go version to 1.23.12 for (#2077) 

    `govulncheck` detects some vulnerabilities from the current builds that
are resolved by bumping the minor Go version to `.12`. I have kept the
major version the same.

On current `main`:

    $ go build -o athens ./cmd/proxy/main.go
    $ govulncheck -mode binary ./athens
    === Symbol Results ===

    Vulnerability #1: GO-2025-3956
        Unexpected paths returned from LookPath in os/exec
      More info: https://pkg.go.dev/vuln/GO-2025-3956
      Standard library
        Found in: os/[email protected]
        Fixed in: os/[email protected]
        Vulnerable symbols found:
          #1: exec.LookPath

    Vulnerability #2: GO-2025-3849
        Incorrect results returned from Rows.Scan in database/sql
      More info: https://pkg.go.dev/vuln/GO-2025-3849
      Standard library
        Found in: database/[email protected]
        Fixed in: database/[email protected]
        Vulnerable symbols found:
          #1: sql.Row.Scan
          #2: sql.Rows.Scan

    Vulnerability #3: GO-2025-3751
        Sensitive headers not cleared on cross-origin redirect in net/http
      More info: https://pkg.go.dev/vuln/GO-2025-3751
      Standard library
        Found in: net/[email protected]
        Fixed in: net/[email protected]
        Vulnerable symbols found:
          #1: http.Client.Do
          #2: http.Client.Get
          #3: http.Client.Head
          #4: http.Client.Post
          #5: http.Client.PostForm

    Vulnerability #4: GO-2025-3563
        Request smuggling due to acceptance of invalid chunked data in net/http
      More info: https://pkg.go.dev/vuln/GO-2025-3563
      Standard library
        Found in: net/http/[email protected]
        Fixed in: net/http/[email protected]
        Vulnerable symbols found:
          #1: internal.chunkedReader.Read

    Your code is affected by 4 vulnerabilities from the Go standard library.
    This scan also found 0 vulnerabilities in packages you import and 2
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

After version bump:

    $ go build -o athens ./cmd/proxy/main.go
    $ govulncheck -mode=binary ./athens 
    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 0 vulnerabilities in packages you import and 2
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.
    @FilWisher
    FilWisher authored Oct 23, 2025
    Configuration menu
    Copy the full SHA
    cef941b View commit details
    Browse the repository at this point in the history
Loading