Skip to content

deps: bump the chainreactors group across 1 directory with 3 updates#19

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/chainreactors-522915197f
Open

deps: bump the chainreactors group across 1 directory with 3 updates#19
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/chainreactors-522915197f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 29, 2026
edited
Loading

Bumps the chainreactors group with 3 updates in the / directory: github.com/chainreactors/neutron, github.com/chainreactors/proxyclient and github.com/chainreactors/spray.

Updates github.com/chainreactors/neutron from 0.0.0-20260530143533-ea958251e73e to 0.0.1

Commits

Updates github.com/chainreactors/proxyclient from 1.0.4-0.20260218115902-74a84a4535b0 to 1.1.0

Release notes

Sourced from github.com/chainreactors/proxyclient's releases.

v1.1.0 — Multi-protocol Expansion & Modular Architecture

Overview

v1.1.0 是 ProxyClient 的一次重大更新,新增 8 种代理协议,引入 Clash 订阅集成和自适应负载均衡,并将项目架构重构为每个协议独立 Go module 的形式,实现真正的按需引入。

New Features

新增协议

协议 Scheme 依赖
Trojan trojan://password@host:port?sni=xxx 零额外依赖
VMess vmess://host:port?id=uuid sing-vmess
VLess vless://uuid@host:port sing-vmess
AnyTLS anytls://password@host:port sing-anytls
Hysteria2 hysteria2://password@host:port hysteria core (QUIC)
Clash 订阅 clash://?url=<subscribe-url> yaml.v3

Clash 订阅集成

  • 支持 Clash YAML / Base64+YAML / URI-per-line 三种订阅格式
  • 内嵌 GeoIP 数据库,支持按国家、协议类型、节点名称过滤
  • 并发健康检查,自动选择最快节点
  • 6 种负载均衡策略:adaptive / round-robin / random / hash / first / url-test

SOCKS5 UDP ASSOCIATE

完整实现 RFC 1928 UDP ASSOCIATE,dial(ctx, "udp", addr) 自动走 UDP 转发。

自适应负载均衡

loadbalance.NewAdaptive 基于成功率、延迟、最近失败时间三维度综合评分。所有策略内置死节点检测(连续 3 次失败标记死亡,60s 冷却后重试)。

Architecture Changes

独立 Module 架构

所有非核心协议迁移至 extra/,每个协议拥有独立的 go.mod

extra/
├── ssh/go.mod          — golang.org/x/crypto
├── shadowsocks/go.mod  — go-shadowsocks2
├── trojan/go.mod       — 零额外依赖
├── vmess/go.mod        — sing-vmess (含 VLess)
├── anytls/go.mod       — sing-anytls
├── hysteria2/go.mod    — hysteria core
├── suo5/go.mod         — suo5 webshell 隧道
├── neoreg/go.mod       — neoreg webshell 隧道
└── clash/go.mod        — Clash 订阅 + 负载均衡
</tr></table>

... (truncated)

Commits

Updates github.com/chainreactors/spray from 1.2.6-0.20260523083907-546e8ab7756a to 1.3.0

Release notes

Sourced from github.com/chainreactors/spray's releases.

v1.3.0

Changelog

  • [feat] 新增 --poc 插件,基于 neutron 引擎在指纹识别后自动进行漏洞验证,支持 check 模式(exploit 验证)和 brute 模式(默认口令测试),仅对匹配指纹的目标执行 POC,避免盲扫
  • [feat] 模板资源从 base64 编码切换为 go:embed,源码体积从 125KB 降至 ~1KB + 93KB bin,二进制减小约 28KB,启动更快
  • [feat] 新增 SDK 集成入口:暴露可复用的 RunWithArgs 入口点,支持 BeforePrepare/AfterPrepare 生命周期回调与 Help() 函数,便于 aiscan 等外部项目集成
  • [feat] 新增 resource provider 机制,允许外部覆盖内置资源加载
  • [feat] 默认使用 core fingers 引擎
  • [fix] 修复 Handler-reqPool 死锁:doCheck() 在 Handler goroutine 中调用 reqPool.Invoke() 导致循环等待,改为通过 addAddition() 提交请求打破循环依赖
  • [fix] 修复并发安全与优雅关闭:reqCount/failedCount 改为 atomic.Int64done 改为 atomic.Boolrand.Source 加锁,Invoke 失败正确回退 wg 计数
  • [fix] 修复自适应过滤与统计逻辑,优化 BrutePool/CheckPool 过滤行为
  • [fix] 修复 pool 关闭时 additionCh 未排空导致 wg.Wait 挂起的问题
  • [fix] 修复 monitor goroutine 竞态条件,简化并发模型
  • [fix] 修复 pool 关闭时输出丢失的问题,确保 close 期间保留 pool outputs
  • [fix] 增加 FingerEngine nil 检查与各初始化组件幂等性保护,防止 SDK 嵌入场景下 panic 或重复设置
  • [fix] 新增 proton 模板加载器与嵌入资源 proton_rules.bin
  • [refactor] 强化 BrutePool 隔离性,统一 Runner channel 生命周期管理
  • [chore] 更新 fingers/proton/utils 依赖,规范行尾符(CRLF → LF)
  • [ci] 新增 CIDR E2E 测试与 pool 关闭回归测试,覆盖死锁、goroutine 泄漏等场景

Full Changelog: chainreactors/spray@v1.2.6...v1.3.0

v1.2.6

Changelog

  • [fix] 彻底修复生产环境 panic: send on closed channel 崩溃,使用 ctx 作为统一关闭信号,所有 channel 发送均通过 select + ctx.Done() 保护
  • [fix] 修复 addAddition default 分支 wg 泄漏,移除 async goroutine 改为同步阻塞发送
  • [fix] 修复 BrutePool.Close()analyzeDone 条件写反导致忙等永不执行,替换为 handlerDone chan 机制
  • [fix] 修复 processCh 从未关闭导致 Handler goroutine 永久泄漏,Close() 中正确关闭并等待 Handler 退出
  • [fix] 修复 OutputCh/FuzzyCh/checkCh 裸发送在关闭时可能永久阻塞的问题
  • [fix] 修复 doCrawl 孤儿 wg.Add(1) 无对应 wg.Done() 导致 wg 计数泄漏
  • [fix] 修复 baseline.NewBaseline 中 raw response 重解析失败导致 baseline 被错误标记为无效的问题,Location 改从 live response 读取
  • [ci] 新增 GitHub Actions CI,PR 时自动运行 go build + go test -race,覆盖 ubuntu 与 windows
  • [test] 新增 19 个 pool 关闭回归测试,覆盖死锁、goroutine 泄漏、wg 不平衡、并发关闭等场景

Full Changelog: chainreactors/spray@v1.2.5...v1.2.6

Commits

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 29, 2026

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot changed the title deps: bump the chainreactors group with 3 updates deps: bump the chainreactors group across 1 directory with 3 updates May 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/chainreactors-522915197f branch from bdf63ee to 78f047a Compare May 29, 2026 18:09
@dependabot
deps: bump the chainreactors group across 1 directory with 3 updates
3f3c598 
Bumps the chainreactors group with 3 updates in the / directory: [github.com/chainreactors/neutron](https://github.com/chainreactors/neutron), [github.com/chainreactors/proxyclient](https://github.com/chainreactors/proxyclient) and [github.com/chainreactors/spray](https://github.com/chainreactors/spray).


Updates `github.com/chainreactors/neutron` from 0.0.0-20260530143533-ea958251e73e to 0.0.1
- [Commits](https://github.com/chainreactors/neutron/commits/v0.0.1)

Updates `github.com/chainreactors/proxyclient` from 1.0.4-0.20260218115902-74a84a4535b0 to 1.1.0
- [Release notes](https://github.com/chainreactors/proxyclient/releases)
- [Commits](https://github.com/chainreactors/proxyclient/commits/v1.1.0)

Updates `github.com/chainreactors/spray` from 1.2.6-0.20260523083907-546e8ab7756a to 1.3.0
- [Release notes](https://github.com/chainreactors/spray/releases)
- [Commits](https://github.com/chainreactors/spray/commits/v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/chainreactors/neutron
  dependency-version: 0.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: chainreactors
- dependency-name: github.com/chainreactors/proxyclient
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: chainreactors
- dependency-name: github.com/chainreactors/spray
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: chainreactors
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/chainreactors-522915197f branch from 78f047a to 3f3c598 Compare May 30, 2026 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants