diff --git a/go.mod b/go.mod index 27f5ed894e..b4243c1ae6 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/opencloud-eu/opencloud -go 1.25.0 +go 1.25.8 require ( dario.cat/mergo v1.0.2 @@ -13,7 +13,7 @@ require ( github.com/beevik/etree v1.6.0 github.com/blevesearch/bleve/v2 v2.6.0 github.com/cenkalti/backoff v2.2.1+incompatible - github.com/coreos/go-oidc/v3 v3.18.0 + github.com/coreos/go-oidc/v3 v3.19.0 github.com/cs3org/go-cs3apis v0.0.0-20260424072047-8d9ef7076ae9 github.com/davidbyttow/govips/v2 v2.18.0 github.com/dhowden/tag v0.0.0-20240417053706-3d75831295e8 @@ -74,7 +74,7 @@ require ( github.com/riandyrn/otelchi v0.12.3 github.com/rogpeppe/go-internal v1.14.1 github.com/rs/cors v1.11.1 - github.com/rs/zerolog v1.35.0 + github.com/rs/zerolog v1.35.1 github.com/sirupsen/logrus v1.9.4 github.com/spf13/afero v1.15.0 github.com/spf13/cobra v1.10.2 @@ -88,7 +88,7 @@ require ( github.com/thejerf/suture/v4 v4.0.6 github.com/tidwall/gjson v1.19.0 github.com/tidwall/sjson v1.2.5 - github.com/tus/tusd/v2 v2.9.2 + github.com/tus/tusd/v2 v2.10.0 github.com/unrolled/secure v1.16.0 github.com/vmihailenco/msgpack/v5 v5.4.1 github.com/xhit/go-simple-mail/v2 v2.16.0 @@ -393,7 +393,7 @@ require ( golang.org/x/sys v0.45.0 // indirect golang.org/x/time v0.15.0 // indirect golang.org/x/tools v0.45.0 // indirect - google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 // indirect + google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa // indirect gopkg.in/cenkalti/backoff.v1 v1.1.0 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect diff --git a/go.sum b/go.sum index 30e98176b6..89292010e5 100644 --- a/go.sum +++ b/go.sum @@ -240,8 +240,8 @@ github.com/containerd/platforms v1.0.0-rc.2 h1:0SPgaNZPVWGEi4grZdV8VRYQn78y+nm6a github.com/containerd/platforms v1.0.0-rc.2/go.mod h1:J71L7B+aiM5SdIEqmd9wp6THLVRzJGXfNuWCZCllLA4= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-oidc/v3 v3.18.0 h1:V9orjXynvu5wiC9SemFTWnG4F45v403aIcjWo0d41+A= -github.com/coreos/go-oidc/v3 v3.18.0/go.mod h1:DYCf24+ncYi+XkIH97GY1+dqoRlbaSI26KVTCI9SrY4= +github.com/coreos/go-oidc/v3 v3.19.0 h1:F/xyOi3x1UnG1U27YVnM1N6bHiL1K2upi6U/0qr8r+I= +github.com/coreos/go-oidc/v3 v3.19.0/go.mod h1:DYCf24+ncYi+XkIH97GY1+dqoRlbaSI26KVTCI9SrY4= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= @@ -1074,8 +1074,8 @@ github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA= github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU= github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= -github.com/rs/zerolog v1.35.0 h1:VD0ykx7HMiMJytqINBsKcbLS+BJ4WYjz+05us+LRTdI= -github.com/rs/zerolog v1.35.0/go.mod h1:EjML9kdfa/RMA7h/6z6pYmq1ykOuA8/mjWaEvGI+jcw= +github.com/rs/zerolog v1.35.1 h1:m7xQeoiLIiV0BCEY4Hs+j2NG4Gp2o2KPKmhnnLiazKI= +github.com/rs/zerolog v1.35.1/go.mod h1:EjML9kdfa/RMA7h/6z6pYmq1ykOuA8/mjWaEvGI+jcw= github.com/russellhaering/goxmldsig v1.6.0 h1:8fdWXEPh2k/NZNQBPFNoVfS3JmzS4ZprY/sAOpKQLks= github.com/russellhaering/goxmldsig v1.6.0/go.mod h1:TrnaquDcYxWXfJrOjeMBTX4mLBeYAqaHEyUeWPxZlBM= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -1222,8 +1222,8 @@ github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208/go.mod h1:BzWtXXrXz github.com/transip/gotransip/v6 v6.2.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= github.com/trustelem/zxcvbn v1.0.1 h1:mp4JFtzdDYGj9WYSD3KQSkwwUumWNFzXaAjckaTYpsc= github.com/trustelem/zxcvbn v1.0.1/go.mod h1:zonUyKeh7sw6psPf/e3DtRqkRyZvAbOfjNz/aO7YQ5s= -github.com/tus/tusd/v2 v2.9.2 h1:Dd/Dh0CG7+/wom4lDQnnhca+1p5qVwgnbyEBacj1v7c= -github.com/tus/tusd/v2 v2.9.2/go.mod h1:+a9uNLru2Qy+CUu7QUIshmQ+X0fLNw77eu8voKVxmgA= +github.com/tus/tusd/v2 v2.10.0 h1:2yOGmkrDl9RQmRIt/00DR2WvYWOoiEu3CoygILb+WRw= +github.com/tus/tusd/v2 v2.10.0/go.mod h1:T/OuJHIAC2NHpkEUyQyyaoWyDNRDcQVpJzWl8tX5GY4= github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= @@ -1708,8 +1708,8 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 h1:VQZ/yAbAtjkHgH80teYd2em3xtIkkHd7ZhqfH2N9CsM= -google.golang.org/genproto v0.0.0-20260128011058-8636f8732409/go.mod h1:rxKD3IEILWEu3P44seeNOAwZN4SaoKaQ/2eTg4mM6EM= +google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7 h1:XzmzkmB14QhVhgnawEVsOn6OFsnpyxNPRY9QV01dNB0= +google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7/go.mod h1:L43LFes82YgSonw6iTXTxXUX1OlULt4AQtkik4ULL/I= google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa h1:Kjn0N0tCrDgiAFW+lGO4JZ3ck44CehvJQMAwj9QF0G8= google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa/go.mod h1:q4lMZS6kskjT5HvCPrnnypcDPVJqT/f4nfxmkE7gryY= google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa h1:mZHHdPZl0dbGHCflZgAq/Q468DWVFcU2whhB2KAo8fk= diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go b/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go index c5e4d787c8..d892d54e61 100644 --- a/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go +++ b/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go @@ -238,6 +238,7 @@ func (r *RemoteKeySet) updateKeys() ([]jose.JSONWebKey, error) { if err != nil { return nil, fmt.Errorf("oidc: can't create request: %v", err) } + req.Header.Set("Cache-Control", "no-cache") resp, err := doRequest(r.ctx, req) if err != nil { diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/logout.go b/vendor/github.com/coreos/go-oidc/v3/oidc/logout.go new file mode 100644 index 0000000000..2edeaa2441 --- /dev/null +++ b/vendor/github.com/coreos/go-oidc/v3/oidc/logout.go @@ -0,0 +1,187 @@ +package oidc + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "time" +) + +// LogoutToken represents a verified token from a Back-Channel Logout. Use +// [IDTokenVerifier.VerifyLogout] within a POST handler to receive and validate +// a token. +// +// See the ./example/logout at the top-level of this repo for a full example +// application. +type LogoutToken struct { + // The required token ID claim ("jti"). When processing this token for + // logout, applications should validate that no recent token with the same + // value has been processed. + TokenID string + // The unique identifier of the user that this logout token is for. This + // will match the subject value of the ID Token. + // + // If not set, SessionID will be. + Subject string + + // The "iss" claim. This is validated against the provider URL unless + // explicitly skipped through SkipIssuerCheck. + Issuer string + // The Client ID this logout token is for. Validated against the config + // unless SkipClientIDCheck is provided. + Audience []string + // When this token was issued. + IssuedAt time.Time + // When this token expires. Validated unless SkipExpiryCheck is provided. + Expiry time.Time + // Optional session ID claim ("sid"). + // + // The exact semantics of session IDs very between identity providers. Use + // your provider's documentation to determine what this correlates to and + // how it should be handled. + SessionID string + + claims []byte +} + +// Claims unmarshals the raw JSON payload of the Logout Token into a provided +// struct. This can be used to access field not exposed by the LogoutToken +// fields. +// +// logoutToken, err := idTokenVerifier.VerifyLogout(ctx, rawLogoutToken) +// if err != nil{ +// // ... +// } +// var claims struct { +// TraceID string `json:"trace_id"` +// } +// if err := logoutToken.Claims(&claims); err != nil { +// // ... +// } +func (l *LogoutToken) Claims(v any) error { + if l.claims == nil { + return errors.New("oidc: claims not set") + } + return json.Unmarshal(l.claims, v) +} + +// https://openid.net/specs/openid-connect-backchannel-1_0.html#LogoutToken +type logoutTokenJSON struct { + Issuer string `json:"iss"` + Subject string `json:"sub"` + Audience audience `json:"aud"` + Expiry jsonTime `json:"exp"` + IssuedAt jsonTime `json:"iat"` + JTI string `json:"jti"` + Events struct { + Logout json.RawMessage `json:"http://schemas.openid.net/event/backchannel-logout"` + } + SessionID string `json:"sid"` + // Nonce is parsed as a raw message so its mere presence can be detected. + // The spec requires logout tokens to not contain a nonce claim, regardless + // of its value. + Nonce json.RawMessage `json:"nonce"` +} + +// VerifyLogout validates a back-channel logout token. Logout tokens are +// received by the relying party (this package) from the identity provider at a +// preconfigured "backchannel_logout_uri" through a POST. Then on certain +// events, such as RP-Initiated Logout, the identity provider will send a signed +// token indicating that sessions for a specific user should be terminated. +// +// To support back-channel logout within your app, register a POST endpoint and +// verify the token: +// +// oidcConfig := &oidc.Config{ +// ClientID: clientID, +// } +// verifier := provider.Verifier(oidcConfig) +// +// mux.HandleFunc("POST /logout", func(w http.ResponseWriter, r *http.Reequest) { +// rawLogoutToken := r.PostFormValue("logout_token") +// if rawLogoutToken == "" { +// // ... +// } +// logoutToken, err := verifier.VerifyLogout(r.Context(), rawLogoutToken) +// if err != nil { +// // ... +// } +// // Use fields in the logoutToken to determine what sessions to +// // terminate. +// +// }) +// +// Back-channel logout spec: https://openid.net/specs/openid-connect-backchannel-1_0.html +// +// RP-initiated logout spec: https://openid.net/specs/openid-connect-rpinitiated-1_0.html +func (v *IDTokenVerifier) VerifyLogout(ctx context.Context, rawLogoutToken string) (*LogoutToken, error) { + payload, _, err := v.verifyJWT(ctx, rawLogoutToken) + if err != nil { + return nil, err + } + var logoutToken logoutTokenJSON + if err := json.Unmarshal(payload, &logoutToken); err != nil { + return nil, fmt.Errorf("oidc: parsing logout token payload: %v", err) + } + + if len(logoutToken.Events.Logout) == 0 { + return nil, fmt.Errorf("oidc: logout token missing required http://schemas.openid.net/event/backchannel-logout event") + } + + // A logout token MUST NOT contain a nonce claim. This prevents an ID token + // from being replayed as a logout token. + if len(logoutToken.Nonce) != 0 { + return nil, fmt.Errorf("oidc: logout token must not contain a 'nonce' claim") + } + + t := &LogoutToken{ + Issuer: logoutToken.Issuer, + Subject: logoutToken.Subject, + Audience: logoutToken.Audience, + IssuedAt: time.Time(logoutToken.IssuedAt), + Expiry: time.Time(logoutToken.Expiry), + SessionID: logoutToken.SessionID, + TokenID: logoutToken.JTI, + claims: payload, + } + if t.TokenID == "" { + return nil, fmt.Errorf("oidc: logout token missing required claim 'jti'") + } + if t.Expiry.IsZero() { + return nil, fmt.Errorf("oidc: logout token must contain an 'exp' claim") + } + + // A logout token MUST contain a 'sub' claim, a 'sid' claim, or both. + if t.Subject == "" && t.SessionID == "" { + return nil, fmt.Errorf("oidc: logout token must contain a 'sub' claim, a 'sid' claim, or both") + } + + if !v.config.SkipIssuerCheck && t.Issuer != v.issuer { + return nil, fmt.Errorf("oidc: logout token issued by a different provider, expected %q, got %q", v.issuer, t.Issuer) + } + + if !v.config.SkipClientIDCheck { + if v.config.ClientID != "" { + if !contains(t.Audience, v.config.ClientID) { + return nil, fmt.Errorf("oidc: expected logout token audience %q got %q", v.config.ClientID, t.Audience) + } + } else { + return nil, fmt.Errorf("oidc: invalid configuration, clientID must be provided or SkipClientIDCheck must be set") + } + } + + // If a SkipExpiryCheck is false, make sure token is not expired. + if !v.config.SkipExpiryCheck { + now := time.Now + if v.config.Now != nil { + now = v.config.Now + } + nowTime := now() + + if t.Expiry.Before(nowTime) { + return nil, &TokenExpiredError{Expiry: t.Expiry} + } + } + return t, nil +} diff --git a/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go b/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go index a8bf107d4a..895721e2b9 100644 --- a/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go +++ b/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go @@ -17,9 +17,10 @@ const ( issuerGoogleAccountsNoScheme = "accounts.google.com" ) -// TokenExpiredError indicates that Verify failed because the token was expired. This -// error does NOT indicate that the token is not also invalid for other reasons. Other -// checks might have failed if the expiration check had not failed. +// TokenExpiredError indicates that Verify or VerifyLogout failed because the +// token was expired. This error does NOT indicate that the token is not also +// invalid for other reasons. Other checks might have failed if the expiration +// check had not failed. type TokenExpiredError struct { // Expiry is the time when the token expired. Expiry time.Time @@ -44,7 +45,7 @@ type KeySet interface { VerifySignature(ctx context.Context, jwt string) (payload []byte, err error) } -// IDTokenVerifier provides verification for ID Tokens. +// IDTokenVerifier provides verification for ID Tokens and Logout Tokens. type IDTokenVerifier struct { keySet KeySet config *Config @@ -203,48 +204,9 @@ func resolveDistributedClaim(ctx context.Context, verifier *IDTokenVerifier, src // // token, err := verifier.Verify(ctx, rawIDToken) func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDToken, error) { - var supportedSigAlgs []jose.SignatureAlgorithm - for _, alg := range v.config.SupportedSigningAlgs { - supportedSigAlgs = append(supportedSigAlgs, jose.SignatureAlgorithm(alg)) - } - if len(supportedSigAlgs) == 0 { - // If no algorithms were specified by both the config and discovery, default - // to the one mandatory algorithm "RS256". - supportedSigAlgs = []jose.SignatureAlgorithm{jose.RS256} - } - if v.config.InsecureSkipSignatureCheck { - // "none" is a required value to even parse a JWT with the "none" algorithm - // using go-jose. - supportedSigAlgs = append(supportedSigAlgs, "none") - } - - // Parse and verify the signature first. This at least forces the user to have - // a valid, signed ID token before we do any other processing. - jws, err := jose.ParseSigned(rawIDToken, supportedSigAlgs) + payload, sig, err := v.verifyJWT(ctx, rawIDToken) if err != nil { - return nil, fmt.Errorf("oidc: malformed jwt: %v", err) - } - switch len(jws.Signatures) { - case 0: - return nil, fmt.Errorf("oidc: id token not signed") - case 1: - default: - return nil, fmt.Errorf("oidc: multiple signatures on id token not supported") - } - sig := jws.Signatures[0] - - var payload []byte - if v.config.InsecureSkipSignatureCheck { - // Yolo mode. - payload = jws.UnsafePayloadWithoutVerification() - } else { - // The JWT is attached here for the happy path to avoid the verifier from - // having to parse the JWT twice. - ctx = context.WithValue(ctx, parsedJWTKey, jws) - payload, err = v.keySet.VerifySignature(ctx, rawIDToken) - if err != nil { - return nil, fmt.Errorf("failed to verify signature: %v", err) - } + return nil, err } var token idToken if err := json.Unmarshal(payload, &token); err != nil { @@ -336,3 +298,50 @@ func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDTok func Nonce(nonce string) oauth2.AuthCodeOption { return oauth2.SetAuthURLParam("nonce", nonce) } + +func (v *IDTokenVerifier) verifyJWT(ctx context.Context, rawIDToken string) ([]byte, jose.Signature, error) { + var supportedSigAlgs []jose.SignatureAlgorithm + for _, alg := range v.config.SupportedSigningAlgs { + supportedSigAlgs = append(supportedSigAlgs, jose.SignatureAlgorithm(alg)) + } + if len(supportedSigAlgs) == 0 { + // If no algorithms were specified by both the config and discovery, default + // to the one mandatory algorithm "RS256". + supportedSigAlgs = []jose.SignatureAlgorithm{jose.RS256} + } + if v.config.InsecureSkipSignatureCheck { + // "none" is a required value to even parse a JWT with the "none" algorithm + // using go-jose. + supportedSigAlgs = append(supportedSigAlgs, "none") + } + + // Parse and verify the signature first. This at least forces the user to have + // a valid, signed ID token before we do any other processing. + jws, err := jose.ParseSigned(rawIDToken, supportedSigAlgs) + if err != nil { + return nil, jose.Signature{}, fmt.Errorf("oidc: malformed jwt: %v", err) + } + switch len(jws.Signatures) { + case 0: + return nil, jose.Signature{}, fmt.Errorf("oidc: id token not signed") + case 1: + default: + return nil, jose.Signature{}, fmt.Errorf("oidc: multiple signatures on id token not supported") + } + sig := jws.Signatures[0] + + var payload []byte + if v.config.InsecureSkipSignatureCheck { + // Yolo mode. + payload = jws.UnsafePayloadWithoutVerification() + } else { + // The JWT is attached here for the happy path to avoid the verifier from + // having to parse the JWT twice. + ctx = context.WithValue(ctx, parsedJWTKey, jws) + payload, err = v.keySet.VerifySignature(ctx, rawIDToken) + if err != nil { + return nil, jose.Signature{}, fmt.Errorf("failed to verify signature: %v", err) + } + } + return payload, sig, nil +} diff --git a/vendor/github.com/rs/zerolog/event.go b/vendor/github.com/rs/zerolog/event.go index 7538e66e95..8c9c523fbb 100644 --- a/vendor/github.com/rs/zerolog/event.go +++ b/vendor/github.com/rs/zerolog/event.go @@ -466,7 +466,8 @@ func (e *Event) Err(err error) *Event { if e.stack && ErrorStackMarshaler != nil { switch m := ErrorStackMarshaler(err).(type) { case nil: - return e + // ErrorStackMarshaler returned nil — the error has no stack trace to + // attach. Fall through and still log the error via AnErr below. case LogObjectMarshaler: e = e.Object(ErrorStackFieldName, m) case error: diff --git a/vendor/modules.txt b/vendor/modules.txt index 8564e62adc..9c440ebf29 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -292,7 +292,7 @@ github.com/containerd/log # github.com/containerd/platforms v1.0.0-rc.2 ## explicit; go 1.20 github.com/containerd/platforms -# github.com/coreos/go-oidc/v3 v3.18.0 +# github.com/coreos/go-oidc/v3 v3.19.0 ## explicit; go 1.25.0 github.com/coreos/go-oidc/v3/oidc # github.com/coreos/go-semver v0.3.1 @@ -1874,7 +1874,7 @@ github.com/rs/cors/internal # github.com/rs/xid v1.6.0 ## explicit; go 1.16 github.com/rs/xid -# github.com/rs/zerolog v1.35.0 +# github.com/rs/zerolog v1.35.1 ## explicit; go 1.23 github.com/rs/zerolog github.com/rs/zerolog/internal/cbor @@ -2123,8 +2123,8 @@ github.com/trustelem/zxcvbn/internal/mathutils github.com/trustelem/zxcvbn/match github.com/trustelem/zxcvbn/matching github.com/trustelem/zxcvbn/scoring -# github.com/tus/tusd/v2 v2.9.2 -## explicit; go 1.25.0 +# github.com/tus/tusd/v2 v2.10.0 +## explicit; go 1.25.8 github.com/tus/tusd/v2/pkg/handler # github.com/unrolled/secure v1.16.0 => github.com/opencloud-eu/secure v0.0.0-20260312082735-b6f5cb2244e4 ## explicit; go 1.13 @@ -2574,8 +2574,8 @@ golang.org/x/tools/internal/stdlib golang.org/x/tools/internal/typeparams golang.org/x/tools/internal/typesinternal golang.org/x/tools/internal/versions -# google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 -## explicit; go 1.24.0 +# google.golang.org/genproto v0.0.0-20260319201613-d00831a3d3e7 +## explicit; go 1.25.0 google.golang.org/genproto/protobuf/field_mask # google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa ## explicit; go 1.25.0