Skip to content

Commit e4e90fe

Browse files
davidsonffdavidsonff
authored
Fix issue #431: Update go-git to v5 to address RCE vulnerability
1 parent 7272ef7 commit e4e90fe

File tree

4 files changed

+127
-64
lines changed

4 files changed

+127
-64
lines changed

go.mod

+20-10
Original file line numberDiff line numberDiff line change
@@ -5,31 +5,41 @@ go 1.20
55
require (
66
github.com/antlr/antlr4/runtime/Go/antlr v1.4.10
77
github.com/bmatcuk/doublestar v1.3.4
8+
github.com/go-git/go-billy/v5 v5.5.0
9+
github.com/go-git/go-git/v5 v5.11.0
810
github.com/google/uuid v1.3.0
911
github.com/hyperjumptech/hyper-mux v1.1.0
1012
github.com/sirupsen/logrus v1.9.3
1113
github.com/stretchr/testify v1.8.4
1214
go.uber.org/zap v1.25.0
1315
gopkg.in/src-d/go-billy.v4 v4.3.2
14-
gopkg.in/src-d/go-git.v4 v4.13.1
1516
)
1617

1718
require (
19+
dario.cat/mergo v1.0.0 // indirect
20+
github.com/Microsoft/go-winio v0.6.1 // indirect
1821
github.com/NYTimes/gziphandler v1.1.1 // indirect
22+
github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
23+
github.com/cloudflare/circl v1.3.3 // indirect
24+
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
1925
github.com/davecgh/go-spew v1.1.1 // indirect
20-
github.com/emirpasic/gods v1.12.0 // indirect
26+
github.com/emirpasic/gods v1.18.1 // indirect
27+
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
28+
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
2129
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
22-
github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd // indirect
23-
github.com/mitchellh/go-homedir v1.1.0 // indirect
30+
github.com/kevinburke/ssh_config v1.2.0 // indirect
31+
github.com/pjbgf/sha1cd v0.3.0 // indirect
2432
github.com/pmezard/go-difflib v1.0.0 // indirect
2533
github.com/rs/cors v1.8.0 // indirect
26-
github.com/sergi/go-diff v1.0.0 // indirect
27-
github.com/src-d/gcfg v1.4.0 // indirect
28-
github.com/xanzy/ssh-agent v0.2.1 // indirect
34+
github.com/sergi/go-diff v1.1.0 // indirect
35+
github.com/skeema/knownhosts v1.2.1 // indirect
36+
github.com/xanzy/ssh-agent v0.3.3 // indirect
2937
go.uber.org/multierr v1.10.0 // indirect
30-
golang.org/x/crypto v0.1.0 // indirect
31-
golang.org/x/net v0.7.0 // indirect
32-
golang.org/x/sys v0.5.0 // indirect
38+
golang.org/x/crypto v0.18.0 // indirect
39+
golang.org/x/mod v0.12.0 // indirect
40+
golang.org/x/net v0.19.0 // indirect
41+
golang.org/x/sys v0.16.0 // indirect
42+
golang.org/x/tools v0.13.0 // indirect
3343
gopkg.in/warnings.v0 v0.1.2 // indirect
3444
gopkg.in/yaml.v3 v3.0.1 // indirect
3545
)

0 commit comments

Comments
 (0)