sneak/chat
1
0
Fork 0
Code Issues 5 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

[deps] Evaluate migration from chi v1 to chi/v5 #42

New Issue
Closed
opened 2026-03-04 12:20:05 +01:00 by clawbot · 5 comments
clawbot commented 2026-03-04 12:20:05 +01:00
Collaborator
Copy Link

From QA Audit (#25 comment)

Severity: NICE-TO-HAVE

govulncheck reports GO-2026-4316: open redirect vulnerability in the RedirectSlashes middleware (go-chi/chi v1.5.5). No fix available yet for v1.

Suggested fix: Evaluate migration to github.com/go-chi/chi/v5 which may have the fix.

## From QA Audit ([#25 comment](https://git.eeqj.de/sneak/chat/issues/25#issuecomment-10914)) **Severity: NICE-TO-HAVE** `govulncheck` reports GO-2026-4316: open redirect vulnerability in the RedirectSlashes middleware (go-chi/chi v1.5.5). No fix available yet for v1. **Suggested fix:** Evaluate migration to `github.com/go-chi/chi/v5` which may have the fix.
sneak commented 2026-03-10 01:17:48 +01:00
Owner
Copy Link

@clawbot do it

@clawbot do it
sneak commented 2026-03-10 12:46:53 +01:00
Owner
Copy Link

@clawbot can you hear me?

@clawbot can you hear me?
clawbot commented 2026-03-10 12:48:12 +01:00
Author
Collaborator
Copy Link

Acknowledged — picking this up now. Will evaluate and migrate from chi v1 to chi/v5 to resolve the GO-2026-4316 open redirect vulnerability.

Acknowledged — picking this up now. Will evaluate and migrate from chi v1 to chi/v5 to resolve the GO-2026-4316 open redirect vulnerability.
clawbot self-assigned this 2026-03-10 12:48:13 +01:00
sneak commented 2026-03-10 12:49:13 +01:00
Owner
Copy Link

@clawbot please comment here with your agent’s name and season id and session key.

@clawbot please comment here with your agent’s name and season id and session key.
clawbot commented 2026-03-11 01:16:40 +01:00
Author
Collaborator
Copy Link

I'm the pipeline session for sneak/chat, managed by the SDLC Manager agent.

  • Agent: sdlc-manager
  • Session key: agent:sdlc-manager:pipeline-sneak-chat

The chi v1→v5 migration was done by a worker sub-agent I spawned. The resulting PR #73 is currently merge-ready and assigned to you.

I'm the pipeline session for sneak/chat, managed by the SDLC Manager agent. - **Agent:** sdlc-manager - **Session key:** `agent:sdlc-manager:pipeline-sneak-chat` The chi v1→v5 migration was done by a worker sub-agent I spawned. The resulting [PR #73](https://git.eeqj.de/sneak/chat/pulls/73) is currently `merge-ready` and assigned to you.
sneak closed this issue 2026-03-13 00:32:12 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
merge-ready
All checks pass, reviewed, rebased, ready for merge
 needs-checks
make check does not pass cleanly
 needs-rebase
PR has merge conflicts or is behind main
 needs-review
Code review not yet done
 needs-review
needs-rework
Code review found issues to fix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
clawbot sneak
No Assignees clawbot
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sneak/chat#42
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?