Skip to content

update any-sync #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cheggaaa merged 1 commit into from
Jan 28, 2026
Merged

update any-sync #209

cheggaaa merged 1 commit into from
Jan 28, 2026

Conversation

@cheggaaa
Copy link
Member

@cheggaaa cheggaaa commented Jan 28, 2026

  • I understand that contributing to this repository will require me to agree with the CLA

Description

What type of PR is this? (check all applicable)

  • 🍕 Feature
  • 🐛 Bug Fix
  • 📝 Documentation Update
  • 🎨 Style
  • 🧑‍💻 Code Refactor
  • 🔥 Performance Improvements
  • ✅ Test
  • 🤖 Build
  • 🔁 CI

Related Tickets & Documents

Mobile & Desktop Screenshots/Recordings

Added tests?

  • 👍 yes
  • 🙅 no, because they aren't needed
  • 🙋 no, because I need help

Added to documentation?

  • 📜 README.md
  • 📓 tech-docs
  • 🙅 no documentation needed

[optional] Are there any post-deployment tasks we need to perform?

@socket-security
Copy link

socket-security bot commented Jan 28, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgithub.com/​anyproto/​any-sync@​v0.11.4 ⏵ v0.11.974 +110010010070
Updatedgolang.org/​x/​net@​v0.47.0 ⏵ v0.49.075 +1100100100100
Updatedgoogle.golang.org/​protobuf@​v1.36.10 ⏵ v1.36.1175 +1100100100100
Updatedgo.uber.org/​zap@​v1.27.0 ⏵ v1.27.198 +1100100100100
Updatedgithub.com/​anyproto/​any-store@​v0.4.3 ⏵ v0.4.4100 +1100100100100

View full report

@socket-security
Copy link

socket-security bot commented Jan 28, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: golang github.com/libp2p/go-libp2p is 98.0% likely obfuscated

Confidence: 0.98

Location: Package overview

From: ?golang/github.com/anyproto/any-sync@v0.11.9golang/github.com/libp2p/go-libp2p@v0.46.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/libp2p/go-libp2p@v0.46.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@github-actions
Copy link

github-actions bot commented Jan 28, 2026

New Coverage 52.3% of statements
Patch Coverage 0.0% of changed statements (0/0)

Coverage provided by https://github.com/seriousben/go-patch-cover-action

@cheggaaa cheggaaa merged commit 1ebf34c into main Jan 28, 2026
6 checks passed
@cheggaaa cheggaaa deleted the update-any-sync branch January 28, 2026 15:24
@github-actions github-actions bot locked and limited conversation to collaborators Jan 28, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@deff7 deff7 deff7 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cheggaaa @deff7