fix(安全): 修复依赖漏洞并强化安全扫描

主要改动:
- 固定 Go 1.25.5 与 CI 校验并更新扫描流程
- 升级 quic-go、x/crypto、req 等依赖并通过 govulncheck
- 强化 JWT 校验、TLS 配置与 xlsx 动态加载
- 新增审计豁免清单与校验脚本
This commit is contained in:
yangjianbo
2026-01-06 11:36:38 +08:00
parent d936eb6518
commit 3f0017d1f1
22 changed files with 1127 additions and 87 deletions

View File

@@ -104,9 +104,14 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '1.24'
go-version-file: backend/go.mod
check-latest: false
cache-dependency-path: backend/go.sum
- name: Verify Go version
run: |
go version | grep -q 'go1.25.5'
# Docker setup for GoReleaser
- name: Set up QEMU
uses: docker/setup-qemu-action@v3