From 07fde7968e7f2912acfed06be4cd95bcf2a753b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= <arne@arnested.dk>
Date: Sun, 28 Dec 2025 19:54:50 +0100
Subject: [PATCH 1/5] Add missing copyright years and convert to markdown

---
 LICENSE => LICENSE.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 rename LICENSE => LICENSE.md (93%)

diff --git a/LICENSE b/LICENSE.md
similarity index 93%
rename from LICENSE
rename to LICENSE.md
index 4fc147f..bebec4b 100644
--- a/LICENSE
+++ b/LICENSE.md
@@ -1,6 +1,7 @@
 MIT License
+===========
 
-Copyright (c) 2017, 2018 Arne Jørgensen
+Copyright (c) 2017, 2018, 2022, 2024, 2025 Arne Jørgensen
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

From b3177d137197798517902ad4b7724ad0dcb3f76d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= <arne@arnested.dk>
Date: Sun, 28 Dec 2025 19:55:59 +0100
Subject: [PATCH 2/5] Update to goreleaser version 2 config format

---
 .github/workflows/release.yml | 1 -
 .goreleaser.yml               | 6 ++++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c13915d..688d742 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -34,7 +34,6 @@ jobs:
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v6
         with:
-          version: latest
           args: release
         env:
           GITHUB_TOKEN: ${{ github.token }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index b1e4fe2..2b8c686 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,9 +1,11 @@
 ---
+version: 2
 builds:
   - env:
       - CGO_ENABLED=0
 archives:
-  - format: binary
+  - formats:
+      - binary
     name_template: >-
       {{ .ProjectName }}_
       {{- if eq .Os "linux" }}Linux
@@ -14,7 +16,7 @@ archives:
 checksum:
   name_template: 'checksums.txt'
 snapshot:
-  name_template: "{{ .Tag }}-next"
+  version_template: "{{ .Tag }}-next"
 changelog:
   sort: asc
   filters:

From d4d9ea0be92f199883e96fae80ceda40eaf6e7e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= <arne@arnested.dk>
Date: Sun, 28 Dec 2025 19:57:49 +0100
Subject: [PATCH 3/5] Update dependencies

---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 919144b..ef9433e 100644
--- a/go.mod
+++ b/go.mod
@@ -14,6 +14,6 @@ require (
 	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+	github.com/shopspring/decimal v1.4.0 // indirect
+	github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 // indirect
 )
diff --git a/go.sum b/go.sum
index d9d0c3a..317d67b 100644
--- a/go.sum
+++ b/go.sum
@@ -14,14 +14,14 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
-github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
+github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU=
 github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4=
-github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
-github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 h1:FnBeRrxr7OU4VvAzt5X7s6266i6cSVkkFPS0TuXWbIg=
+github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
 golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
 golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=

From f082aecba5598c99676c99afbfbe869d1fa9b760 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= <arne@arnested.dk>
Date: Sun, 28 Dec 2025 20:01:07 +0100
Subject: [PATCH 4/5] Make builds reproducible

---
 .goreleaser.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index 2b8c686..e7650ee 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -3,6 +3,11 @@ version: 2
 builds:
   - env:
       - CGO_ENABLED=0
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    flags:
+      - -trimpath
+    ldflags:
+      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{ .CommitDate }}
 archives:
   - formats:
       - binary

From 858be27bff122754adb7800fd59751268d02e3b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= <arne@arnested.dk>
Date: Sun, 28 Dec 2025 20:03:09 +0100
Subject: [PATCH 5/5] Add security workflow to GitHub Actions

---
 .github/workflows/security.yml | 51 ++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 .github/workflows/security.yml

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 0000000..77f27d3
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,51 @@
+---
+name: Security Checks
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+  schedule:
+    - cron: '0 15 * * 0'
+
+permissions:
+  contents: read
+  actions: read
+  pull-requests: read
+  security-events: write
+
+jobs:
+  gosec:
+    name: Golang Security Checker
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v6
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@v2.22.11
+        with:
+          args: '-no-fail -fmt sarif -out results.sarif -tests ./...'
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: results.sarif
+  govulncheck:
+    name: Govulncheck
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v6
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go.mod
+      - id: govulncheck
+        uses: arnested/govulncheck-action@main
+        with:
+          output-format: sarif
+          output-file: results.sarif
+          setup-go: false
+          repo-checkout: false
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: results.sarif