From c76da8263412b90db5194a245fb7e5e4d3d31992 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 21 Apr 2024 07:47:37 +0000 Subject: [PATCH] =?UTF-8?q?security(deps):=20update=20=F0=9F=9B=A1?= =?UTF-8?q?=EF=B8=8F=20github.com/hashicorp/go-getter=20to=20v1.7.4=20[sec?= =?UTF-8?q?urity]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- go.mod | 2 +- go.sum | 4 ++-- .../github.com/hashicorp/go-getter/get_git.go | 21 +++++++++++-------- .../github.com/hashicorp/go-getter/netrc.go | 3 ++- vendor/modules.txt | 2 +- 5 files changed, 18 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index ade108bf..8110d6e5 100644 --- a/go.mod +++ b/go.mod @@ -53,7 +53,7 @@ require ( github.com/gookit/color v1.5.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-getter v1.7.0 // indirect + github.com/hashicorp/go-getter v1.7.4 // indirect github.com/hashicorp/go-hclog v1.3.1 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.4.5 // indirect diff --git a/go.sum b/go.sum index 54fe82d2..96da1419 100644 --- a/go.sum +++ b/go.sum @@ -429,8 +429,8 @@ github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-getter v1.5.3/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI= -github.com/hashicorp/go-getter v1.7.0 h1:bzrYP+qu/gMrL1au7/aDvkoOVGUJpeKBgbqRHACAFDY= -github.com/hashicorp/go-getter v1.7.0/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744= +github.com/hashicorp/go-getter v1.7.4 h1:3yQjWuxICvSpYwqSayAdKRFcvBl1y/vogCxczWSmix0= +github.com/hashicorp/go-getter v1.7.4/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v1.3.1 h1:vDwF1DFNZhntP4DAjuTpOw3uEgMUpXh1pB5fW9DqHpo= diff --git a/vendor/github.com/hashicorp/go-getter/get_git.go b/vendor/github.com/hashicorp/go-getter/get_git.go index db89edef..28931753 100644 --- a/vendor/github.com/hashicorp/go-getter/get_git.go +++ b/vendor/github.com/hashicorp/go-getter/get_git.go @@ -200,7 +200,7 @@ func (g *GitGetter) clone(ctx context.Context, dst, sshKeyFile string, u *url.UR args = append(args, "--depth", strconv.Itoa(depth)) args = append(args, "--branch", ref) } - args = append(args, u.String(), dst) + args = append(args, "--", u.String(), dst) cmd := exec.CommandContext(ctx, "git", args...) setupGitEnv(cmd, sshKeyFile) @@ -289,7 +289,7 @@ func findDefaultBranch(ctx context.Context, dst string) string { // default branch. "master" is returned if no HEAD symref exists. func findRemoteDefaultBranch(ctx context.Context, u *url.URL) string { var stdoutbuf bytes.Buffer - cmd := exec.CommandContext(ctx, "git", "ls-remote", "--symref", u.String(), "HEAD") + cmd := exec.CommandContext(ctx, "git", "ls-remote", "--symref", "--", u.String(), "HEAD") cmd.Stdout = &stdoutbuf err := cmd.Run() matches := lsRemoteSymRefRegexp.FindStringSubmatch(stdoutbuf.String()) @@ -302,6 +302,11 @@ func findRemoteDefaultBranch(ctx context.Context, u *url.URL) string { // setupGitEnv sets up the environment for the given command. This is used to // pass configuration data to git and ssh and enables advanced cloning methods. func setupGitEnv(cmd *exec.Cmd, sshKeyFile string) { + // If there's no sshKeyFile argument to deal with, we can skip this + // entirely. + if sshKeyFile == "" { + return + } const gitSSHCommand = "GIT_SSH_COMMAND=" var sshCmd []string @@ -323,15 +328,13 @@ func setupGitEnv(cmd *exec.Cmd, sshKeyFile string) { sshCmd = []string{gitSSHCommand + "ssh"} } - if sshKeyFile != "" { - // We have an SSH key temp file configured, tell ssh about this. - if runtime.GOOS == "windows" { - sshKeyFile = strings.Replace(sshKeyFile, `\`, `/`, -1) - } - sshCmd = append(sshCmd, "-i", sshKeyFile) + // We have an SSH key temp file configured, tell ssh about this. + if runtime.GOOS == "windows" { + sshKeyFile = strings.Replace(sshKeyFile, `\`, `/`, -1) } - + sshCmd = append(sshCmd, "-i", sshKeyFile) env = append(env, strings.Join(sshCmd, " ")) + cmd.Env = env } diff --git a/vendor/github.com/hashicorp/go-getter/netrc.go b/vendor/github.com/hashicorp/go-getter/netrc.go index c7f6a3fb..2fe868ad 100644 --- a/vendor/github.com/hashicorp/go-getter/netrc.go +++ b/vendor/github.com/hashicorp/go-getter/netrc.go @@ -5,6 +5,7 @@ import ( "net/url" "os" "runtime" + "syscall" "github.com/bgentry/go-netrc/netrc" "github.com/mitchellh/go-homedir" @@ -38,7 +39,7 @@ func addAuthFromNetrc(u *url.URL) error { // If the file is not a file, then do nothing if fi, err := os.Stat(path); err != nil { // File doesn't exist, do nothing - if os.IsNotExist(err) { + if serr, ok := err.(*os.PathError); ok && (os.IsNotExist(serr.Err) || serr.Err == syscall.ENOTDIR) { return nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 22079152..4491ece2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -168,7 +168,7 @@ github.com/hashicorp/errwrap # github.com/hashicorp/go-cleanhttp v0.5.2 ## explicit; go 1.13 github.com/hashicorp/go-cleanhttp -# github.com/hashicorp/go-getter v1.7.0 +# github.com/hashicorp/go-getter v1.7.4 ## explicit; go 1.13 github.com/hashicorp/go-getter github.com/hashicorp/go-getter/helper/url