add vulnerabilty check

.github/workflows/ci.yml

@@ -18,7 +18,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.26.0"
+          go-version: "1.26.x"
 
       - name: Install gosec
         run: go install github.com/securego/gosec/v2/cmd/gosec@latest
@@ -29,6 +29,9 @@ jobs:
       - name: Run gosec
         run: gosec ./...
 
+      - name: Run govulncheck
+        run: govulncheck ./...
+
   style:
     name: Style
     runs-on: ubuntu-latest

TODO.md

@@ -1,11 +1,15 @@
-- Complete testing
-- Deployment(PKGBUILD, bootstrap script?)
+- Deployment
+    - PKGBUILD
+    - bootstrap script
+    - ~ci testing, lint, gosec~
+    - cd build binary, package
 - More complete sync(refresh packages on schedule with db, prefetch updates to pkgs we already have)
 - clean cache of old files
 - implement streaming
 - Add chi for mux
 - Build server/tool
 - Think about: arch doesn't like partial upgrades, round robin fetching the db files might be an issue
+- ~Complete testing~
 - ~Add better logging for errors, filename more deatail~
     - ~package main~
     - ~internal/cache~