From d569b518fbdfc9a80b991a13ded4b1c7fe01f41c Mon Sep 17 00:00:00 2001 From: GRINISH NEPAL Date: Wed, 14 Aug 2024 15:48:56 -0700 Subject: [PATCH] dep: use chainguard/git-urls instead of whilp/git-urls chainguards repo fixes the security issue with regex used - https://github.com/whilp/git-urls/issues/24 --- go.mod | 2 +- go.sum | 4 ++-- pkg/git/url.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 626d73b8..1c5b8714 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/antlr4-go/antlr/v4 v4.13.1 github.com/apigear-io/objectlink-core-go v0.5.1 + github.com/chainguard-dev/git-urls v1.0.2 github.com/creativeprojects/go-selfupdate v1.3.0 github.com/dop251/goja v0.0.0-20240707163329-b1681fb2a2f5 github.com/dop251/goja_nodejs v0.0.0-20240418154818-2aae10d4cbcf @@ -24,7 +25,6 @@ require ( github.com/gocarina/gocsv v0.0.0-20240520201108-78e41c74b4b1 github.com/google/uuid v1.6.0 github.com/rs/zerolog v1.33.0 - github.com/whilp/git-urls v1.0.0 github.com/xeipuuv/gojsonschema v1.2.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 ) diff --git a/go.sum b/go.sum index 726a31c4..618210a6 100644 --- a/go.sum +++ b/go.sum @@ -36,6 +36,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/atomicgo/cursor v0.0.1/go.mod h1:cBON2QmmrysudxNBFthvMtN32r3jxVRIvzkUiF/RuIk= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/chainguard-dev/git-urls v1.0.2 h1:pSpT7ifrpc5X55n4aTTm7FFUE+ZQHKiqpiwNkJrVcKQ= +github.com/chainguard-dev/git-urls v1.0.2/go.mod h1:rbGgj10OS7UgZlbzdUQIQpT0k/D4+An04HJY7Ol+Y/o= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE= github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= @@ -231,8 +233,6 @@ github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= -github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= diff --git a/pkg/git/url.go b/pkg/git/url.go index adad0aea..63e811c5 100644 --- a/pkg/git/url.go +++ b/pkg/git/url.go @@ -3,8 +3,8 @@ package git import ( "net/url" + urls "github.com/chainguard-dev/git-urls" "github.com/gitsight/go-vcsurl" - urls "github.com/whilp/git-urls" ) func ParseAsUrl(url string) (*url.URL, error) {