New MFA Option: Passkeys

app/application.go

@@ -283,6 +283,11 @@ func initRoutes(router *gin.Engine) {
 		// UI Components
 		webRoutes.GET("/ui_components", webui.ComponentsIndex)
 
+		// User MFA - Passkeys
+		webRoutes.POST("/users/begin_passkey_registration", webui.UserBeginPasskeyRegistration)
+		webRoutes.POST("/users/finish_passkey_registration", webui.UserFinishPasskeyRegistration)
+		webRoutes.POST("/users/begin_login_with_passkey", webui.UserBeginLoginWithPasskey)
+		webRoutes.POST("/users/finish_login_with_passkey", webui.UserFinishLoginWithPasskey)
 	}
 
 	// Root goes to sign-in page, which is a web route,

common/context.go

@@ -8,6 +8,7 @@ import (
 	"github.com/APTrust/registry/constants"
 	"github.com/APTrust/registry/network"
 	"github.com/go-pg/pg/v10"
+	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/rs/zerolog"
 )
 
@@ -46,6 +47,9 @@ type APTContext struct {
 	// SMTPClient is for sending emails from a private subnet that
 	// is not using a NAT gateway.
 	SMTPClient *network.SMTPClient
+
+	// WebAuthnClient is used for passkey authentication
+	WebAuthn *webauthn.WebAuthn
 }
 
 // Context returns an APTContext object, which includes
@@ -90,6 +94,7 @@ func Context() *APTContext {
 			SESClient:   network.NewSESClient(config.Email.Enabled, config.TwoFactor.AWSRegion, config.Email.SesEndpoint, config.Email.SesUser, config.Email.SesPassword, config.Email.FromAddress, zlogger),
 			SNSClient:   network.NewSNSClient(config.TwoFactor.SMSEnabled, config.TwoFactor.AWSRegion, config.TwoFactor.SNSEndpoint, config.TwoFactor.SNSUser, config.TwoFactor.SNSPassword, zlogger),
 			SMTPClient:  network.NewSMTPClient(config.Email.Enabled, config.TwoFactor.AWSRegion, config.Email.SesEndpoint, config.Email.SesUser, config.Email.SesPassword, config.Email.FromAddress, zlogger),
+			WebAuthn:    network.NewWebAuthn(),
 			RedisClient: redisClient,
 		}
 	}

constants/constants.go

@@ -86,6 +86,7 @@ const (
 	RoleSysAdmin               = "admin"
 	SecondFactorAuthy          = "Authy"
 	SecondFactorBackupCode     = "Backup Code"
+	SecondFactorPasskey        = "Passkey"
 	SecondFactorSMS            = "SMS"
 	StageAvailableInS3         = "Available in S3"
 	StageCleanup               = "Cleanup"
@@ -134,6 +135,7 @@ const (
 	TopicObjectRestore         = "restore_object"
 	TwoFactorAuthy             = "onetouch"
 	TwoFactorNone              = "none"
+	TwoFactorPasskey           = "passkey"
 	TwoFactorSMS               = "sms"
 )
 

constants/permissions.go

@@ -67,11 +67,15 @@ const (
 	StorageRecordDelete                = "StorageRecordDelete"
 	StorageRecordRead                  = "StorageRecordRead"
 	StorageRecordUpdate                = "StorageRecordUpdate"
+	UserBeginLoginWithPasskey          = "UserBeginLoginWithPasskey"
+	UserBeginPasskeyRegistration       = "UserBeginPasskeyRegistration"
 	UserComplete2FASetup               = "UserComplete2FASetup"
 	UserConfirmPhone                   = "UserConfirmPhone"
 	UserCreate                         = "UserCreate"
 	UserDelete                         = "UserDelete"
 	UserDeleteSelf                     = "UserDeleteSelf"
+	UserFinishLoginWithPasskey         = "UserFinishLoginWithPasskey"
+	UserFinishPasskeyRegistration      = "UserFinishPasskeyRegistration"
 	UserGenerateBackupCodes            = "UserGenerateBackupCodes"
 	UserInit2FASetup                   = "UserInit2FASetup"
 	UserRead                           = "UserRead"
@@ -146,11 +150,15 @@ var Permissions = []Permission{
 	StorageRecordDelete,
 	StorageRecordRead,
 	StorageRecordUpdate,
+	UserBeginLoginWithPasskey,
+	UserBeginPasskeyRegistration,
 	UserComplete2FASetup,
 	UserConfirmPhone,
 	UserCreate,
 	UserDelete,
 	UserDeleteSelf,
+	UserFinishLoginWithPasskey,
+	UserFinishPasskeyRegistration,
 	UserGenerateBackupCodes,
 	UserInit2FASetup,
 	UserRead,
@@ -225,8 +233,12 @@ func initPermissions() {
 	instUser[IntellectualObjectRestore] = true
 	instUser[ReportRead] = true
 	instUser[StorageRecordRead] = true
+	instUser[UserBeginLoginWithPasskey] = true
+	instUser[UserBeginPasskeyRegistration] = true
 	instUser[UserComplete2FASetup] = true
 	instUser[UserConfirmPhone] = true
+	instUser[UserFinishLoginWithPasskey] = true
+	instUser[UserFinishPasskeyRegistration] = true
 	instUser[UserGenerateBackupCodes] = true
 	instUser[UserInit2FASetup] = true
 	instUser[UserReadSelf] = true
@@ -263,10 +275,14 @@ func initPermissions() {
 	instAdmin[IntellectualObjectRestore] = true
 	instAdmin[ReportRead] = true
 	instAdmin[StorageRecordRead] = true
+	instAdmin[UserBeginLoginWithPasskey] = true
+	instAdmin[UserBeginPasskeyRegistration] = true
 	instAdmin[UserComplete2FASetup] = true
 	instAdmin[UserConfirmPhone] = true
 	instAdmin[UserCreate] = true
 	instAdmin[UserDelete] = true
+	instAdmin[UserFinishLoginWithPasskey] = true
+	instAdmin[UserFinishPasskeyRegistration] = true
 	instAdmin[UserGenerateBackupCodes] = true
 	instAdmin[UserInit2FASetup] = true
 	instAdmin[UserReadSelf] = true
@@ -335,11 +351,15 @@ func initPermissions() {
 	sysAdmin[StorageRecordDelete] = true
 	sysAdmin[StorageRecordRead] = true
 	sysAdmin[StorageRecordUpdate] = true
+	sysAdmin[UserBeginLoginWithPasskey] = true
+	sysAdmin[UserBeginPasskeyRegistration] = true
 	sysAdmin[UserComplete2FASetup] = true
 	sysAdmin[UserConfirmPhone] = true
 	sysAdmin[UserCreate] = true
 	sysAdmin[UserDeleteSelf] = true
 	sysAdmin[UserDelete] = true
+	sysAdmin[UserFinishLoginWithPasskey] = true
+	sysAdmin[UserFinishPasskeyRegistration] = true
 	sysAdmin[UserGenerateBackupCodes] = true
 	sysAdmin[UserInit2FASetup] = true
 	sysAdmin[UserReadSelf] = true

db/fixtures/users.csv

@@ -1,10 +1,10 @@
-id,name,email,phone_number,created_at,updated_at,encrypted_password,reset_password_token,reset_password_sent_at,remember_created_at,sign_in_count,current_sign_in_at,last_sign_in_at,current_sign_in_ip,last_sign_in_ip,institution_id,encrypted_api_secret_key,password_changed_at,encrypted_otp_secret,encrypted_otp_secret_iv,encrypted_otp_secret_salt,encrypted_otp_sent_at,consumed_timestep,otp_required_for_login,deactivated_at,enabled_two_factor,confirmed_two_factor,otp_backup_codes,authy_id,last_sign_in_with_authy,authy_status,email_verified,initial_password_updated,force_password_update,account_confirmed,grace_period,awaiting_second_factor,role
-4,Inactive User,inactive@inst1.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,1/15/21 13:49,FALSE,FALSE,"{code1,code2,code3}",,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,none
-5,Inst Two Admin,admin@inst2.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,3,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_admin
-7,Inst Two User,user@inst2.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,3,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_user
-2,Inst One Admin,admin@inst1.edu,14345551212,1/12/21 17:14,9/10/21 14:22,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,institutional_admin
-3,Inst One User,user@inst1.edu,14345551212,1/12/21 17:14,9/10/21 14:22,$2a$10$raEJqJ7eRcEwWmeoiJ2vxenR8dqVXCI1SU9zcgkrxeS.6/haWGi4K,,,,1,9/10/21 14:22,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,institutional_user
-1,APTrust System,system@aptrust.org,14345551212,1/12/21 17:14,9/10/21 14:24,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,1,9/10/21 14:24,,127.0.0.1,,1,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,admin
-6,Two Factor SMS User,sms_user@example.com,12125551212,9/10/21 14:25,9/10/21 14:25,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,,,,,,,,TRUE,,,,,,,,,,TRUE,TRUE,11/9/21 5:00,FALSE,institutional_user
-8,Test.edu Admin,admin@test.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,4,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_admin
-9,Test.edu User,user@test.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,4,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_user
+id,name,email,phone_number,created_at,updated_at,encrypted_password,reset_password_token,reset_password_sent_at,remember_created_at,sign_in_count,current_sign_in_at,last_sign_in_at,current_sign_in_ip,last_sign_in_ip,institution_id,encrypted_api_secret_key,password_changed_at,encrypted_otp_secret,encrypted_otp_secret_iv,encrypted_otp_secret_salt,encrypted_otp_sent_at,consumed_timestep,otp_required_for_login,deactivated_at,enabled_two_factor,confirmed_two_factor,otp_backup_codes,authy_id,last_sign_in_with_authy,authy_status,email_verified,initial_password_updated,force_password_update,account_confirmed,grace_period,awaiting_second_factor,role,encrypted_passkey_session
+4,Inactive User,inactive@inst1.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,1/15/21 13:49,FALSE,FALSE,"{code1,code2,code3}",,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,none,
+5,Inst Two Admin,admin@inst2.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,3,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_admin,
+7,Inst Two User,user@inst2.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,3,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_user,
+2,Inst One Admin,admin@inst1.edu,14345551212,1/12/21 17:14,9/10/21 14:22,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,institutional_admin,
+3,Inst One User,user@inst1.edu,14345551212,1/12/21 17:14,9/10/21 14:22,$2a$10$raEJqJ7eRcEwWmeoiJ2vxenR8dqVXCI1SU9zcgkrxeS.6/haWGi4K,,,,1,9/10/21 14:22,,,,2,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,institutional_user,
+1,APTrust System,system@aptrust.org,14345551212,1/12/21 17:14,9/10/21 14:24,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,1,9/10/21 14:24,,127.0.0.1,,1,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,,,,,,,TRUE,TRUE,,TRUE,12/31/99 23:59,FALSE,admin,
+6,Two Factor SMS User,sms_user@example.com,12125551212,9/10/21 14:25,9/10/21 14:25,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,2,,,,,,,,TRUE,,,,,,,,,,TRUE,TRUE,11/9/21 5:00,FALSE,institutional_user,
+8,Test.edu Admin,admin@test.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,4,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_admin,
+9,Test.edu User,user@test.edu,14345551212,1/12/21 17:14,1/12/21 17:14,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,0,,,,,4,$2a$10$7aoot2KFFqikpTYVEbErYOxZijCHDPvqT4OMoFwdmsYBE9SK2PibC,,,,,,,,,FALSE,FALSE,,,,,TRUE,TRUE,FALSE,TRUE,12/31/99 23:59,FALSE,institutional_user,

db/migrations/014_add_encrypted_passkey_session.sql

@@ -0,0 +1,12 @@
+-- 014_add_encrypted_passkey_session.sql
+--
+
+-- Note that we're starting the migration.
+insert into schema_migrations ("version", started_at) values ('014_add_encrypted_passkey_session', now())
+on conflict ("version") do update set started_at = now();
+
+-- Add new POSIX metadata column to generic_files table.
+alter table users add column if not exists encrypted_passkey_session varchar null;
+
+-- Now mark the migration as completed.
+update schema_migrations set finished_at = now() where "version" = '014_add_encrypted_passkey_session';

db/schema.sql

@@ -501,6 +501,7 @@ CREATE TABLE public.users (
 	grace_period timestamp NULL,
 	awaiting_second_factor bool NOT NULL DEFAULT false,
 	"role" varchar(50) NOT NULL DEFAULT 'none'::character varying,
+	encrypted_passkey_session varchar null,
 	CONSTRAINT users_pkey PRIMARY KEY (id)
 );
 CREATE INDEX index_users_on_authy_id ON public.users USING btree (authy_id);

forms/lists.go

@@ -80,6 +80,7 @@ var StorageOptionList = []*ListOption{
 
 var TwoFactorMethodList = []*ListOption{
 	{constants.TwoFactorNone, "None (Turn Off Two-Factor Authentication)", false},
+	{constants.TwoFactorPasskey, "Passkey", false},
 	{constants.TwoFactorAuthy, "Authy OneTouch", false},
 	{constants.TwoFactorSMS, "Text Message", false},
 }

forms/two_factor_setup_form.go

@@ -20,7 +20,7 @@ func NewTwoFactorSetupForm(user *pgmodels.User) *TwoFactorSetupForm {
 func (f *TwoFactorSetupForm) init() {
 	f.Fields["AuthyStatus"] = &Field{
 		Name:        "AuthyStatus",
-		Label:       "Preferred Method for Two-Factor Auth",
+		Label:       "Authy",
 		Placeholder: "",
 		ErrMsg:      "Please choose your preferred method.",
 		Options:     TwoFactorMethodList,

go.mod

@@ -1,8 +1,8 @@
 module github.com/APTrust/registry
 
-go 1.23.0
+go 1.24.0
 
-toolchain go1.23.3
+toolchain go1.24.5
 
 require (
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
@@ -14,17 +14,18 @@ require (
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-pg/pg/v10 v10.12.0
 	github.com/go-redis/redis/v7 v7.4.1
-	github.com/google/uuid v1.2.0
+	github.com/go-webauthn/webauthn v0.10.2
+	github.com/google/uuid v1.6.0
 	github.com/gorilla/securecookie v1.1.1
 	github.com/jinzhu/copier v0.3.0
 	github.com/nsqio/nsq v1.2.0
 	github.com/nyaruka/phonenumbers v1.0.71
 	github.com/rs/zerolog v1.20.0
 	github.com/spf13/viper v1.7.1
 	github.com/stretchr/stew v0.0.0-20130812190256-80ef0842b48b
-	github.com/stretchr/testify v1.8.3
-	golang.org/x/crypto v0.36.0
-	golang.org/x/text v0.23.0
+	github.com/stretchr/testify v1.11.1
+	golang.org/x/crypto v0.41.0
+	golang.org/x/text v0.29.0
 )
 
 require (
@@ -37,19 +38,23 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
+	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-pg/zerochecker v0.2.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.14.0 // indirect
+	github.com/go-webauthn/x v0.1.9 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gojektech/heimdall v5.0.2+incompatible // indirect
 	github.com/gojektech/valkyrie v0.0.0-20190210220504-8f62c1e7ba45 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/protobuf v1.5.0 // indirect
 	github.com/golang/snappy v0.0.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/go-tpm v0.9.0 // indirect
 	github.com/gorilla/websocket v1.4.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/imkira/go-interpol v1.1.0 // indirect
@@ -63,7 +68,7 @@ require (
 	github.com/magiconair/properties v1.8.1 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
-	github.com/mitchellh/mapstructure v1.1.2 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/nsqio/go-diskqueue v0.0.0-20180306152900-74cfbc9de839 // indirect
@@ -88,15 +93,16 @@ require (
 	github.com/vmihailenco/msgpack/v5 v5.3.4 // indirect
 	github.com/vmihailenco/tagparser v0.1.2 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 // indirect
 	github.com/yudai/gojsondiff v1.0.0 // indirect
 	github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 // indirect
 	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/net v0.37.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
 	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/ini.v1 v1.51.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect