Found via code audit.
1. Transient errors cached forever (HIGH) - internal/resolver/resolver.go:89-91: Network failures cached permanently. Fix: Only cache successful results.
2. Panic on short digest (HIGH) - cmd/pin.go:222: digest[:19] panics if < 19 chars. Fix: min(19, len(digest)).
3. File permissions overwritten (HIGH) - cmd/pin.go:249: Hardcoded 0644 replaces original permissions. Fix: Preserve via os.Stat.
Found via code audit.
1. Transient errors cached forever (HIGH) -
internal/resolver/resolver.go:89-91: Network failures cached permanently. Fix: Only cache successful results.2. Panic on short digest (HIGH) -
cmd/pin.go:222:digest[:19]panics if < 19 chars. Fix:min(19, len(digest)).3. File permissions overwritten (HIGH) -
cmd/pin.go:249: Hardcoded0644replaces original permissions. Fix: Preserve viaos.Stat.