fix(安全): 修复依赖漏洞并强化安全扫描

主要改动： - 固定 Go 1.25.5 与 CI 校验并更新扫描流程 - 升级 quic-go、x/crypto、req 等依赖并通过 govulncheck - 强化 JWT 校验、TLS 配置与 xlsx 动态加载 - 新增审计豁免清单与校验脚本
2026-01-06 11:36:38 +08:00
parent d936eb6518
commit 3f0017d1f1
22 changed files with 1127 additions and 87 deletions
--- a/.github/workflows/backend-ci.yml
+++ b/.github/workflows/backend-ci.yml
@@ -15,8 +15,11 @@ jobs:
      - uses: actions/setup-go@v5
        with:
          go-version-file: backend/go.mod
-          check-latest: true
+          check-latest: false
          cache: true
+      - name: Verify Go version
+        run: |
+          go version | grep -q 'go1.25.5'
      - name: Unit tests
        working-directory: backend
        run: make test-unit
@@ -31,8 +34,11 @@ jobs:
      - uses: actions/setup-go@v5
        with:
          go-version-file: backend/go.mod
-          check-latest: true
+          check-latest: false
          cache: true
+      - name: Verify Go version
+        run: |
+          go version | grep -q 'go1.25.5'
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v9
        with: