From bd116d6ce79b604297c6497aa07d7ac01768adbb Mon Sep 17 00:00:00 2001
From: Rodolfo Carvalho <rodolfo.carvalho@sentry.io>
Date: Tue, 12 Oct 2021 16:12:43 +0200
Subject: [PATCH] feat: Replace os/exec with golang.org/x/sys/execabs (#386)

Package execabs is a drop-in replacement for os/exec that requires PATH
lookups to find absolute paths. This change guarantees that the SDK will
never run a git binary from the current working directory.

See discussion in https://blog.golang.org/path-security.
---
 go.mod  | 2 +-
 util.go | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 23374eaab..2deb8eafb 100644
--- a/go.mod
+++ b/go.mod
@@ -34,6 +34,6 @@ require (
 	github.com/yudai/pp v2.0.1+incompatible // indirect
 	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
 	golang.org/x/net v0.0.0-20211008194852-3b03d305991f // indirect
-	golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac // indirect
+	golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac
 	golang.org/x/text v0.3.7 // indirect
 )
diff --git a/util.go b/util.go
index 78250c90f..8afa51e98 100644
--- a/util.go
+++ b/util.go
@@ -6,9 +6,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"os/exec"
 	"strings"
 	"time"
+
+	exec "golang.org/x/sys/execabs"
 )
 
 func uuid() string {