fix: security hardening from CSO audit

- Add auth failure logging (login, API key, JWT) with IP/email/prefix
- Move OAuth JWT from URL params to short-lived cookies to prevent
  token leakage via browser history, server logs, and Referer headers
- Pin Swagger UI to v5.18.2 with SRI integrity hashes
- Upgrade Go toolchain to 1.25.8 (fixes 5 called stdlib vulns)
- Fix unchecked error in host agent credential refresh
- Add .gstack to .gitignore for security report artifacts

This commit is contained in:

Rafeed M. Bhuiyan

2026-04-08 03:46:31 +06:00

parent 3675ecba65

commit dd50cfdcb1

9 changed files with 57 additions and 18 deletions

									
										2

go.mod
									
												View File
												
				@ -1,6 +1,6 @@

				module git.omukk.dev/wrenn/sandbox

				go 1.25.0

				go 1.25.8

				require (

					connectrpc.com/connect v1.19.1

fix: security hardening from CSO audit

2 go.mod Unescape Escape View File

2

go.mod

View File