Align worktree validation with upstream and remove build warnings #958
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some worktree validation rules observed upstream are not checked by go-git, leading to scenarios in which what seems to be a valid repository for go-git is not necessarily the case for the git cli. Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>
The setup-go step can be sped up by caching Go dependencies. The input for that operation is the go.sum file. Previously, the checkout operation was happening after the setup-go, which meant that go.sum was never available which effectively meant the cache was disabled. Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>
hiddeco
approved these changes
Dec 8, 2023
renovate bot
added a commit
to anoriqq/qpm
that referenced
this pull request
Dec 9, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | require | minor | `v5.10.1` -> `v5.11.0` | --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.11.0`](https://togithub.com/go-git/go-git/releases/tag/v5.11.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.1...v5.11.0) #### What's Changed - git: validate reference names ([#​929](https://togithub.com/go-git/go-git/issues/929)) by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#950 - git: stop iterating at oldest shallow when pulling. Fixes [#​305](https://togithub.com/go-git/go-git/issues/305) by [@​dhoizner](https://togithub.com/dhoizner) in [go-git/go-git#939 - plumbing: object, enable renames in getFileStatsFromFilePatches by [@​djmoch](https://togithub.com/djmoch) in [go-git/go-git#941 - storage: filesystem, Add option to set a specific FS for alternates by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#953 - Align worktree validation with upstream and remove build warnings by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#958 #### New Contributors - [@​dhoizner](https://togithub.com/dhoizner) made their first contribution in [go-git/go-git#939 - [@​djmoch](https://togithub.com/djmoch) made their first contribution in [go-git/go-git#941 **Full Changelog**: go-git/go-git@v5.10.1...v5.11.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/anoriqq/qpm). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
another-rex
pushed a commit
to google/osv-scanner
that referenced
this pull request
Dec 27, 2023
…rity] (#721) [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | `v5.10.1` -> `v5.11.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-49568](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) ### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. Applications using only the in-memory filesystem supported by `go-git` are not affected by this vulnerability. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. ### References - [GHSA-mw99-9chc-xw7r](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.11.0`](https://togithub.com/go-git/go-git/releases/tag/v5.11.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.1...v5.11.0) #### What's Changed - git: validate reference names ([#​929](https://togithub.com/go-git/go-git/issues/929)) by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#950 - git: stop iterating at oldest shallow when pulling. Fixes [#​305](https://togithub.com/go-git/go-git/issues/305) by [@​dhoizner](https://togithub.com/dhoizner) in [go-git/go-git#939 - plumbing: object, enable renames in getFileStatsFromFilePatches by [@​djmoch](https://togithub.com/djmoch) in [go-git/go-git#941 - storage: filesystem, Add option to set a specific FS for alternates by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#953 - Align worktree validation with upstream and remove build warnings by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#958 #### New Contributors - [@​dhoizner](https://togithub.com/dhoizner) made their first contribution in [go-git/go-git#939 - [@​djmoch](https://togithub.com/djmoch) made their first contribution in [go-git/go-git#941 **Full Changelog**: go-git/go-git@v5.10.1...v5.11.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Racer159
added a commit
to defenseunicorns/zarf
that referenced
this pull request
Jan 3, 2024
…ntainerd/containerd to v1.7.11 [security] (#2209) [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | `v5.10.1` -> `v5.11.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2023-49568](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) ### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. Applications using only the in-memory filesystem supported by `go-git` are not affected by this vulnerability. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. ### References - [GHSA-mw99-9chc-xw7r](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.11.0`](https://togithub.com/go-git/go-git/releases/tag/v5.11.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.1...v5.11.0) #### What's Changed - git: validate reference names ([#​929](https://togithub.com/go-git/go-git/issues/929)) by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#950 - git: stop iterating at oldest shallow when pulling. Fixes [#​305](https://togithub.com/go-git/go-git/issues/305) by [@​dhoizner](https://togithub.com/dhoizner) in [go-git/go-git#939 - plumbing: object, enable renames in getFileStatsFromFilePatches by [@​djmoch](https://togithub.com/djmoch) in [go-git/go-git#941 - storage: filesystem, Add option to set a specific FS for alternates by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#953 - Align worktree validation with upstream and remove build warnings by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#958 #### New Contributors - [@​dhoizner](https://togithub.com/dhoizner) made their first contribution in [go-git/go-git#939 - [@​djmoch](https://togithub.com/djmoch) made their first contribution in [go-git/go-git#941 **Full Changelog**: go-git/go-git@v5.10.1...v5.11.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/zarf). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Wayne Starr <me@racer159.com>
michaelkedar
pushed a commit
to google/osv.dev
that referenced
this pull request
Jan 9, 2024
…rity] (#1891) [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | `v5.10.1` -> `v5.11.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-49568](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) ### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. Applications using only the in-memory filesystem supported by `go-git` are not affected by this vulnerability. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. ### References - [GHSA-mw99-9chc-xw7r](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.11.0`](https://togithub.com/go-git/go-git/releases/tag/v5.11.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.1...v5.11.0) #### What's Changed - git: validate reference names ([#​929](https://togithub.com/go-git/go-git/issues/929)) by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#950 - git: stop iterating at oldest shallow when pulling. Fixes [#​305](https://togithub.com/go-git/go-git/issues/305) by [@​dhoizner](https://togithub.com/dhoizner) in [go-git/go-git#939 - plumbing: object, enable renames in getFileStatsFromFilePatches by [@​djmoch](https://togithub.com/djmoch) in [go-git/go-git#941 - storage: filesystem, Add option to set a specific FS for alternates by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#953 - Align worktree validation with upstream and remove build warnings by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#958 #### New Contributors - [@​dhoizner](https://togithub.com/dhoizner) made their first contribution in [go-git/go-git#939 - [@​djmoch](https://togithub.com/djmoch) made their first contribution in [go-git/go-git#941 **Full Changelog**: go-git/go-git@v5.10.1...v5.11.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
amenowanna
added a commit
to mergestat/mergestat
that referenced
this pull request
Mar 13, 2024
](https://renovatebot.com){kind=link}
…rity] (#1148) [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | `v5.5.2` -> `v5.11.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-49568](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) ### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. Applications using only the in-memory filesystem supported by `go-git` are not affected by this vulnerability. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. ### References - [GHSA-mw99-9chc-xw7r](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) #### [CVE-2023-49569](https://togithub.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88) ### Impact A path traversal vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the [ChrootOS](https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS), which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using [BoundOS](https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS) or in-memory filesystems are not affected by this issue. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible in a timely manner, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.11.0`](https://togithub.com/go-git/go-git/releases/tag/v5.11.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.1...v5.11.0) #### What's Changed - git: validate reference names ([#​929](https://togithub.com/go-git/go-git/issues/929)) by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#950 - git: stop iterating at oldest shallow when pulling. Fixes [#​305](https://togithub.com/go-git/go-git/issues/305) by [@​dhoizner](https://togithub.com/dhoizner) in [go-git/go-git#939 - plumbing: object, enable renames in getFileStatsFromFilePatches by [@​djmoch](https://togithub.com/djmoch) in [go-git/go-git#941 - storage: filesystem, Add option to set a specific FS for alternates by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#953 - Align worktree validation with upstream and remove build warnings by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#958 #### New Contributors - [@​dhoizner](https://togithub.com/dhoizner) made their first contribution in [go-git/go-git#939 - [@​djmoch](https://togithub.com/djmoch) made their first contribution in [go-git/go-git#941 **Full Changelog**: go-git/go-git@v5.10.1...v5.11.0 ### [`v5.10.1`](https://togithub.com/go-git/go-git/releases/tag/v5.10.1) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.0...v5.10.1) #### What's Changed - Worktree, ignore ModeSocket files by [@​steiler](https://togithub.com/steiler) in [go-git/go-git#930 - git: add tracer package by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#916 - remote: Flip clause for fast-forward only check by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#875 - plumbing: transport/ssh, Fix nil pointer dereference caused when an unreachable proxy server is set. Fixes [#​900](https://togithub.com/go-git/go-git/issues/900) by [@​anandf](https://togithub.com/anandf) in [go-git/go-git#901 - plumbing: uppload-server-info, implement upload-server-info by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#896 - plumbing: optimise memory consumption for filesystem storage by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#799 - plumbing: format/packfile, Refactor patch delta by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#908 - plumbing: fix empty uploadpack request error by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#932 - plumbing: transport/git, Improve tests error message by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#752 - plumbing: format/pktline, Respect pktline error-line errors by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#936 - utils: remove ioutil.Pipe and use std library io.Pipe by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#922 - utils: move trace to utils by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#931 - cli: separate go module for cli by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#914 - build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#887 - build: bump actions/setup-go from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#891 - build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#888 - build: bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#890 - build: bump golang.org/x/sys from 0.13.0 to 0.14.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#907 - build: bump golang.org/x/text from 0.13.0 to 0.14.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#906 - build: bump golang.org/x/crypto from 0.14.0 to 0.15.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#917 - build: bump golang.org/x/net from 0.17.0 to 0.18.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#918 #### New Contributors - [@​anandf](https://togithub.com/anandf) made their first contribution in [go-git/go-git#901 - [@​steiler](https://togithub.com/steiler) made their first contribution in [go-git/go-git#930 **Full Changelog**: go-git/go-git@v5.10.0...v5.10.1 ### [`v5.10.0`](https://togithub.com/go-git/go-git/releases/tag/v5.10.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.9.0...v5.10.0) #### What's Changed - PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#782 - Worktree, apply ProxyOption on Pull by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [go-git/go-git#840 - Repository: add clone --shared feature by [@​enverbisevac](https://togithub.com/enverbisevac) in [go-git/go-git#860 - build: Add github workflow to check commit message format by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#867 - Improve handling of remote errors by [@​makkes](https://togithub.com/makkes) in [go-git/go-git#866 - build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#873 - plumbing: commitgraph, Add generation v2 support by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#869 - plumbing: protocol/packp, Add validation for decodeLine by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#868 - plumbing: parse the encoding header of the commit object by [@​liwenqiu](https://togithub.com/liwenqiu) in [go-git/go-git#761 - plumbing: commitgraph, allow SHA256 commit-graphs by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#853 - plumbing: commitgraph, Allow reading commit-graph chains by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#854 - plumbing/object: Support mergetag in merge commits by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#847 #### New Contributors - [@​nodivbyzero](https://togithub.com/nodivbyzero) made their first contribution in [go-git/go-git#840 - [@​adityasaky](https://togithub.com/adityasaky) made their first contribution in [go-git/go-git#847 - [@​hezhizhen](https://togithub.com/hezhizhen) made their first contribution in [go-git/go-git#836 - [@​0x34d](https://togithub.com/0x34d) made their first contribution in [go-git/go-git#855 - [@​liwenqiu](https://togithub.com/liwenqiu) made their first contribution in [go-git/go-git#761 - [@​enverbisevac](https://togithub.com/enverbisevac) made their first contribution in [go-git/go-git#860 - [@​makkes](https://togithub.com/makkes) made their first contribution in [go-git/go-git#866 **Full Changelog**: go-git/go-git@v5.9.0...v5.10.0 ### [`v5.9.0`](https://togithub.com/go-git/go-git/releases/tag/v5.9.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.8.1...v5.9.0) #### What's Changed - git: worktree: add Amend option to CommitOptions by [@​john-cai](https://togithub.com/john-cai) in [go-git/go-git#438 - git: worktree, reset ignored files that are part of the worktree: Fixes [#​819](https://togithub.com/go-git/go-git/issues/819) by [@​daolis](https://togithub.com/daolis) in [go-git/go-git#821 - plumbing: Do not swallow http message coming from VCS providers by [@​matejrisek](https://togithub.com/matejrisek) in [go-git/go-git#835 - plumbing: transport, handle IPv6 while parsing endpoint. Fixes [#​740](https://togithub.com/go-git/go-git/issues/740) by [@​ninedraft](https://togithub.com/ninedraft) in [go-git/go-git#820 - \*: update goproxy dependency to fix CVE-2023-37788 vulnerability by [@​svghadi](https://togithub.com/svghadi) in [go-git/go-git#832 - \*: bump dependencies and Go to 1.19 by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#837 #### New Contributors - [@​svghadi](https://togithub.com/svghadi) made their first contribution in [go-git/go-git#832 - [@​daolis](https://togithub.com/daolis) made their first contribution in [go-git/go-git#821 **Full Changelog**: go-git/go-git@v5.8.1...v5.9.0 ### [`v5.8.1`](https://togithub.com/go-git/go-git/releases/tag/v5.8.1) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.8.0...v5.8.1) #### What's Changed - \*: Bump dependencies by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#815 **Full Changelog**: go-git/go-git@v5.8.0...v5.8.1 ### [`v5.8.0`](https://togithub.com/go-git/go-git/releases/tag/v5.8.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.7.0...v5.8.0) #### What's Changed - git: Fix fetching after shallow clone. Fixes [#​305](https://togithub.com/go-git/go-git/issues/305) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#778 - git: enable fetch with unqualified references by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#762 - git: don't add to want if exists, shallow and depth 1 by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#763 - git: Clone HEAD should not force master. Fixes [#​363](https://togithub.com/go-git/go-git/issues/363) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#758 - git: fix the issue with submodules having the SCP style URL fail due to the wrong URL parsing by [@​matejrisek](https://togithub.com/matejrisek) in [go-git/go-git#756 - git: add a clone option to allow for shallow cloning of submodules by [@​matejrisek](https://togithub.com/matejrisek) in [go-git/go-git#765 - worktree: minor speedup for `doAddDirectory` by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#702 - \_examples: Remove wrong comment by [@​pascal-hofmann](https://togithub.com/pascal-hofmann) in [go-git/go-git#357 - \*: Handle paths starting with tilde by [@​ricci2511](https://togithub.com/ricci2511) in [go-git/go-git#808 - \*: Handle paths starting with ~Username by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#809 - storage: filesystem/dotgit, add support for tmp_objdir prefix by [@​L11R](https://togithub.com/L11R) in [go-git/go-git#812 - plumbing: gitignore, replace user dir in path by [@​Jleagle](https://togithub.com/Jleagle) in [go-git/go-git#772 - plumbing: gitignore, fix incorrect parsing. Fixes [#​500](https://togithub.com/go-git/go-git/issues/500) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#781 - plumbing: http, Fix empty repos on Git v2.41+ by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#802 - plumbing: packp, A request is not empty if it contains shallows. Fixes [#​328](https://togithub.com/go-git/go-git/issues/328) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#792 - plumbing: blame, Complete rewrite. Fixes [#​603](https://togithub.com/go-git/go-git/issues/603) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#789 - plumbing: gitignore, Allow gitconfig to contain a gitignore relative to any user home. Fixes [#​578](https://togithub.com/go-git/go-git/issues/578) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#785 #### New Contributors - [@​Jleagle](https://togithub.com/Jleagle) made their first contribution in [go-git/go-git#772 - [@​pascal-hofmann](https://togithub.com/pascal-hofmann) made their first contribution in [go-git/go-git#357 - [@​ricci2511](https://togithub.com/ricci2511) made their first contribution in [go-git/go-git#808 - [@​L11R](https://togithub.com/L11R) made their first contribution in [go-git/go-git#812 **Full Changelog**: go-git/go-git@v5.7.0...v5.7.1 ### [`v5.7.0`](https://togithub.com/go-git/go-git/releases/tag/v5.7.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.6.1...v5.7.0) #### What's Changed - \*: Add support for initializing SHA256 repositories by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#707 - git: add mirror clone option by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#735 - git: Add support to ls-remote with peeled references. Fixes [#​749](https://togithub.com/go-git/go-git/issues/749) by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#750 - git: fix cloning with branch name by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#755 - git: Worktree, add check to see if file already checked in. Fixes [#​718](https://togithub.com/go-git/go-git/issues/718) by [@​cbbm142](https://togithub.com/cbbm142) in [go-git/go-git#719 - git: Worktree, git grep bare repositories by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#728 - git: Add Depth to SubmoduleUpdateOptions by [@​matejrisek](https://togithub.com/matejrisek) in [go-git/go-git#754 - git: Testing, Fix tests not cleaning temp folders by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#769 - git: remote, add support for a configurable timeout. by [@​andrewpollock](https://togithub.com/andrewpollock) in [go-git/go-git#753 - git: Allow Initial Branch to be configurable by [@​techknowlogick](https://togithub.com/techknowlogick) in [go-git/go-git#764 - storage: filesystem/dotgit, Improve load packed-refs by [@​fcharlie](https://togithub.com/fcharlie) in [go-git/go-git#743 - storage: filesystem, Populate index before use. Fixes [#​148](https://togithub.com/go-git/go-git/issues/148) by [@​AriehSchneier](https://togithub.com/AriehSchneier) in [go-git/go-git#722 - plumbing: resolve non-external delta references by [@​ZauberNerd](https://togithub.com/ZauberNerd) in [go-git/go-git#485 - plumbing/transport: fix regression in scp-like match by [@​jotadrilo](https://togithub.com/jotadrilo) in [go-git/go-git#715 - plumbing/transport: Add support for custom proxy settings by [@​aryan9600](https://togithub.com/aryan9600) in [go-git/go-git#744 - \*: small fixes across the codebase by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#770 - \*: bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#776 - \*: bump dependencies by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#748 - \*: bump Go version to 1.18 on go.mod by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#774 - \*: add Codeql workflow and bump dependencies by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#775 - ci: fix upstream git build for master branch by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#739 #### New Contributors - [@​ZauberNerd](https://togithub.com/ZauberNerd) made their first contribution in [go-git/go-git#485 - [@​jotadrilo](https://togithub.com/jotadrilo) made their first contribution in [go-git/go-git#715 - [@​fcharlie](https://togithub.com/fcharlie) made their first contribution in [go-git/go-git#743 - [@​AriehSchneier](https://togithub.com/AriehSchneier) made their first contribution in [go-git/go-git#755 - [@​cbbm142](https://togithub.com/cbbm142) made their first contribution in [go-git/go-git#719 - [@​aryan9600](https://togithub.com/aryan9600) made their first contribution in [go-git/go-git#744 - [@​matejrisek](https://togithub.com/matejrisek) made their first contribution in [go-git/go-git#754 - [@​andrewpollock](https://togithub.com/andrewpollock) made their first contribution in [go-git/go-git#753 - [@​techknowlogick](https://togithub.com/techknowlogick) made their first contribution in [go-git/go-git#764 **Full Changelog**: go-git/go-git@v5.6.1...v5.7.0 ### [`v5.6.1`](https://togithub.com/go-git/go-git/releases/tag/v5.6.1) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.6.0...v5.6.1) #### What's Changed - plumbing/transport: don't use the `firstErrLine` when it is empty by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#682 - plumbing/transport: ssh, unable to pass a custom HostKeyCallback func by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#655 - storage/filesystem: dotgit: fix a filesystem race in Refs/walkReferencesTree by [@​MichaelMure](https://togithub.com/MichaelMure) in [go-git/go-git#659 - \*: bump golang.org/x/net from 0.2.0 to 0.7.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#684 - \*: bump dependencies by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#697 - \*: fix panic for empty revisions by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#696 - ci: bump GitHub actions, enable go test race detection and stop using developer's GPG keys during test execution by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#701 **Full Changelog**: go-git/go-git@v5.6.0...v5.6.1 ### [`v5.6.0`](https://togithub.com/go-git/go-git/releases/tag/v5.6.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.5.2...v5.6.0) #### What's Changed - Worktree, check for empty parent dirs during Reset (Fixes [#​670](https://togithub.com/go-git/go-git/issues/670)) by [@​mbohy](https://togithub.com/mbohy) in [go-git/go-git#671 - \*: remove need to build with CGO by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#688 - plumbing: support SSH/X509 signed tags by [@​hiddeco](https://togithub.com/hiddeco) in [go-git/go-git#690 **Full Changelog**: go-git/go-git@v5.5.2...v5.6.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/mergestat/mergestat). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR tackles two things: