v3.7.1

[dogancanbakir]

Proposed changes

closes #6974

Proof

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

No security issues found

Highlights

• Dependency update: github.com/bytedance/sonic bumped from v1.14.0 to v1.15.0 to fix Go 1.26.0 compatibility (issue [BUG] Nuclei install error #6974)
• Code formatting changes across 10 Go files (32 insertions, 32 deletions) - no functional logic changes
• All security scanners (TruffleHog, Semgrep, ast-grep) returned zero findings

Hardening Notes

• Dependency update resolves build compatibility without introducing new attack surface
• No changes to security-sensitive code paths (authentication, input validation, SQL queries, command execution)
• Monitor sonic release notes for any future security advisories

_{Comment @neo help for available commands. · Open in Neo}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dogancanbakir]

@neo create an issue for this PR to track the new version release

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

@dogancanbakir I'll create an issue to track the v3.7.1 release for this PR.

---

🏁 Script executed:

#!/bin/bash
# Create a GitHub issue to track the v3.7.1 release
gh issue create \
  --title "Track v3.7.1 Release" \
  --body "This issue tracks the v3.7.1 release.

Related PR: https://github.com/projectdiscovery/nuclei/pull/7034

Requested by: `@dogancanbakir`" \
  --assignee dogancanbakir

Length of output: 54

---

@dogancanbakir I've created issue #7035 to track the v3.7.1 release for this PR.

[neo-by-projectdiscovery-dev]

@dogancanbakir Created issue #7036 to track the v3.7.1 release

Check it out here: #7036

[neo]

@dogancanbakir could you please come up with a better name for the bot and stop tagging me?

[dogancanbakir]

@neo my bad!

[neo-by-projectdiscovery-dev]

💡 Question

What should I investigate about PR #7034?

Answer

No worries! I previously reviewed PR #7034 (v3.7.1 release) and didn't find any security vulnerabilities. To help you better, could you clarify what you'd like me to investigate?

---

💬 Follow-up questions:

• @neo investigate @neo investigate the dependency updates in go.mod
• @neo investigate @neo investigate file [specific-file-path]
• @neo investigate @neo investigate the changes in pkg/protocols/
• @neo investigate @neo investigate issue #6974

[dwisiswant0]

Please don't push to the default HEAD branch directly (10421e9 & 0b9665d). Those kind of fixes are queued in #7018.

[dogancanbakir]

@dwisiswant0 reverted changes here so we can merge this without pain #7018 (test fail)