feat: remediate dependency vulnerabilities

- Updated Go version to 1.25.3 in go.mod and go.work to patch standard library vulnerabilities.
- Explicitly required github.com/cloudflare/circl v1.6.1 in go.mod to resolve a transitive dependency vulnerability.
- Created AUDIT-DEPENDENCIES.md to document the audit findings and remediation steps.

Co-authored-by: Snider <631881+Snider@users.noreply.github.com>

AUDIT-DEPENDENCIES.md

@@ -0,0 +1,28 @@
+# Dependency Audit Report
+
+## Summary
+
+A security audit of the project's dependencies was conducted to identify and remediate vulnerabilities. The audit revealed several vulnerabilities in both transitive dependencies and the Go standard library. All identified vulnerabilities have been successfully remediated.
+
+## Initial Findings
+
+The initial scan using `govulncheck` identified the following vulnerabilities:
+
+*   **GO-2025-3754:** A vulnerability in the `github.com/cloudflare/circl` package, which was included as a transitive dependency.
+*   **GO-2025-4011:** A vulnerability in the `encoding/asn1` package of the Go standard library.
+*   **GO-2025-4009:** A vulnerability in the `encoding/pem` package of the Go standard library.
+*   **GO-2025-4007:** A vulnerability in the `crypto/x509` package of the Go standard library.
+
+## Remediation Steps
+
+The following steps were taken to remediate the identified vulnerabilities:
+
+1.  **Updated `go.mod` to use Go 1.25.3:** The Go version was updated from `1.25` to `1.25.3` to patch the vulnerabilities in the standard library.
+2.  **Updated `go.work` to use Go 1.25.3:** The `go.work` file was synchronized with the `go.mod` file.
+3.  **Explicitly required a patched version of `github.com/cloudflare/circl`:** The `go.mod` file was updated to require `github.com/cloudflare/circl v1.6.1` to resolve the transitive dependency vulnerability.
+4.  **Ran `go mod tidy`:** The dependencies were tidied to ensure the `go.sum` file was updated and all dependencies were consistent.
+5.  **Ran tests:** The test suite was run to ensure that the dependency updates did not introduce any regressions.
+
+## Final Status
+
+A final vulnerability scan was conducted after the remediation steps were applied. The scan confirmed that all identified vulnerabilities have been successfully remediated, and the project's dependencies are now secure.

go.mod

@@ -1,6 +1,6 @@
 module github.com/Snider/Enchantrix
 
-go 1.25
+go 1.25.3
 
 require (
 	github.com/ProtonMail/go-crypto v1.3.0
@@ -10,7 +10,7 @@ require (
 )
 
 require (
-	github.com/cloudflare/circl v1.6.0 // indirect
+	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect

go.sum

@@ -1,7 +1,7 @@
 github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw=
 github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
-github.com/cloudflare/circl v1.6.0 h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk=
-github.com/cloudflare/circl v1.6.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
+github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

go.work

@@ -1,3 +1,3 @@
-go 1.25
+go 1.25.3
 
 use .