Skip to content

deps: bump the chainreactors group across 1 directory with 3 updates#29

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/chainreactors-35fee38f15
Closed

deps: bump the chainreactors group across 1 directory with 3 updates#29
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/chainreactors-35fee38f15

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the chainreactors group with 2 updates in the / directory: github.com/chainreactors/proton and github.com/chainreactors/zombie.

Updates github.com/chainreactors/proton from 0.3.1-0.20260629055539-f6509337ef42 to 0.3.1

Release notes

Sourced from github.com/chainreactors/proton's releases.

v0.3.1

proton 引擎更新

  • fix(scan): 修复多行文件扫描时 opResult 合并丢失 — 后续行的 matches/extracts 不再被静默丢弃
  • fix(template): Template.Execute 切换到 Request.ExecuteWithResults,正确支持文件/目录/glob 路径输入以及模板定义的 extensions/denylist 过滤
  • refactor: Finding/MatchEvent 类型迁移至 utils/parsers,统一跨项目类型定义
  • fix(compat): 修复 Go 1.17 构建兼容性,通过 build tag 隔离 Go 1.18+ 依赖

found 工具更新

  • fix(build): macOS 构建跳过 UPX 压缩(macOS 不支持 UPX)
  • fix(darwin): 修复 macOS mach_task_self() CGO 编译问题(宏包装为 C 函数)
  • docs: README 更新,补充进程扫描、网络捕获、注册表扫描、baseline、zombie 模式、C FFI 等文档
  • ci: goreleaser 构建后自动上传二进制到 proton release
Commits

Updates github.com/chainreactors/utils/parsers from 0.0.0-20260629054935-23a3e0a235f9 to 0.0.0-20260630095004-c4fb7a13ed39

Commits

Updates github.com/chainreactors/zombie from 1.2.3-0.20260629062908-99a0f34ed031 to 1.3.0

Release notes

Sourced from github.com/chainreactors/zombie's releases.

v1.3.0 — SDK 编程接口 + 代理注入 + go:embed 模板 + 并发控制

v1 系列最终版本。全面重构为 SDK 友好架构;支持 per-instance 代理注入;模板从 base64 切换到 go:embed;新增 per-host 并发限速。后续新功能(service protocol / 模板化后渗透)将在 zombie2.0 分支开发。

New Features

SDK 编程接口

  • NewRunner(opt) + RunnerOption 独立结构体,支持程序化调用
  • RunWithArgs(ctx, args, options) 复用 CLI 解析 + 信号处理
  • Help() 函数暴露帮助文本
  • SetResourceProvider() / SetResourceLoader() 资源注入覆盖
opt := &core.RunnerOption{
    Threads:     50,
    Concurrency: 4,
    Timeout:     10,
    Mod:         "clusterbomb",
    FirstOnly:   true,
}
runner := core.NewRunner(opt)
runner.SetTargets(targets)
runner.SetUsers([]string{"root", "admin"})
runner.SetPasswords([]string{"123456", "admin"})
runner.RunWithContext(ctx)

代理注入

  • ProxyDial 字段注入到 RunnerOption,per-execution 代理
  • Socket 协议(SSH/Redis/MySQL/FTP/...)和 HTTP 协议统一走注入的 DialFunc
  • 基于 utils/httpx 统一 HTTP transport 构建
opt.ProxyDial = proxyclient.NewDialFunc("socks5://127.0.0.1:1080")

go:embed 模板

  • 模板从 base64 编码切换到 go:embed + deflate 压缩的 .bin 文件
  • 源码体积减小,编译和启动速度提升
  • templates_gen.go -embed 模式自动生成 embed 声明

per-host 并发限速

  • --concurrency N(原 --host-threads)限制单 host 在飞连接数
  • 基于 channel semaphore,避免触发 sshd MaxStartups 等服务端限速
  • context 取消感知:目标命中后排队任务立即退出,不再建连

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the chainreactors group with 2 updates in the / directory: [github.com/chainreactors/proton](https://github.com/chainreactors/proton) and [github.com/chainreactors/zombie](https://github.com/chainreactors/zombie).


Updates `github.com/chainreactors/proton` from 0.3.1-0.20260629055539-f6509337ef42 to 0.3.1
- [Release notes](https://github.com/chainreactors/proton/releases)
- [Commits](https://github.com/chainreactors/proton/commits/v0.3.1)

Updates `github.com/chainreactors/utils/parsers` from 0.0.0-20260629054935-23a3e0a235f9 to 0.0.0-20260630095004-c4fb7a13ed39
- [Commits](https://github.com/chainreactors/utils/commits)

Updates `github.com/chainreactors/zombie` from 1.2.3-0.20260629062908-99a0f34ed031 to 1.3.0
- [Release notes](https://github.com/chainreactors/zombie/releases)
- [Commits](https://github.com/chainreactors/zombie/commits/v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/chainreactors/proton
  dependency-version: 0.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: chainreactors
- dependency-name: github.com/chainreactors/utils/parsers
  dependency-version: 0.0.0-20260630095004-c4fb7a13ed39
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: chainreactors
- dependency-name: github.com/chainreactors/zombie
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: chainreactors
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 1, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/chainreactors-35fee38f15 branch July 1, 2026 05:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants