| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Update dependencies to remove supply chain CVEs
|
| |
| |
| |
| | |
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mitigates known supply chain CVEs:
golang.org/x/crypto:
- GO-2021-0356
- GO-2022-0968
golang.org/x/net:
- GO-2021-0238
- GO-2022-0236
- GO-2022-0288
- GO-2022-0969
golang.org/x/sys:
- GO-2022-0493
golang.org/x/text:
- GO-2021-0113
- GO-2022-1059
Updates other dependencies that have no backwards compatibility
issues.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| |
|
|\
| |
| | |
.github: update go version
|
|/ |
|
|\
| |
| | |
sha1: Add collision resistent implementation
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement the same SHA1 collision resistent algorithm used by both the
Git CLI and libgit2.
Only commits with input that match the unavoidable bit conditions will be further
processed, which will result in different hashes.
Which is the same behaviour experienced in the Git CLI and Libgit2.
Users can override the hash algorithm used with:
hash.RegisterHash(crypto.SHA1, sha1.New)
xref links:
https://github.com/libgit2/libgit2/pull/4136/commits/2dfd1294f7a694bfa9e864a9489ae3cb318a5ed0
https://github.com/git/git/commit/28dc98e343ca4eb370a29ceec4c19beac9b5c01e
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|\
| |
| | |
plumbing: object, rename calculation uses too much memory
|
| |
| |
| |
| |
| |
| |
| | |
The size of the similarity matrix is not limited and can be quite big
when lots of files are deleted and added in a commit.
Signed-off-by: Javi Fontan <jfontan@gmail.com>
|
|\ \
| | |
| | | |
plumbing: config, Branch name with hash can be cloned. Fixes #309
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Allow unsupported `multi_ack` capability
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Azure DevOps requires capabilities multi_ack / multi_ack_detailed,
which are not fully implemented and by default are included in
transport.UnsupportedCapabilities.
The initial clone operations require a full download of the repository,
and therefore those unsupported capabilities are not as crucial, so
by removing them from that list allows for the first clone to work
successfully.
Additional fetches will yield issues, therefore to support that
repository users have to work from a clean clone until those
capabilities are fully supported. Commits and pushes back into the
repository have also been tested and work fine.
This change adds an example for cloning Azure DevOps repositories.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|\ \ \
| | | |
| | | | |
Fixed some little typos
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
plumbing: gitattributes, Avoid index out of range
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When a path is deeper than the single asterisk pattern the code would
crash with a "index out of range".
This change checks the length of the remaining pattern before it
references an element of that slice.
With a single trailing asterisk paths deeper than the pattern should not
get the attributes.
For example with the following `.gitattributes` file:
thirdparty/* linguist-vendored
This is how git handles it:
$ git check-attr --all thirdparty/README.md
thirdparty/README.md: diff: markdown
thirdparty/README.md: linguist-vendored: set
$ git check-attr --all thirdparty/package/README.md
thirdparty/package/README.md: diff: markdown
|
|\ \ \ \
| | | | |
| | | | | |
Optimise zlib reader and consolidate sync.Pools
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The previous approach was intermittently flake, leading to different
results based on external results.
The check for goroutines numbers now checks for less or equal, as the
goal of the assertion is to confirm no goroutine is being leaked.
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Expands on the optimisations from https://github.com/fluxcd/go-git/pull/5
and ensures that zlib reader does not need to recreate a deflate
dictionary at every use.
The use of sync pools was consolidated into a new sync utils package.
name old time/op new time/op delta
Parser-16 7.51ms ± 3% 7.71ms ± 6% ~ (p=0.222 n=5+5)
name old alloc/op new alloc/op delta
Parser-16 4.65MB ± 3% 1.90MB ± 3% -59.06% (p=0.008 n=5+5)
name old allocs/op new allocs/op delta
Parser-16 3.48k ± 0% 3.32k ± 0% -4.57% (p=0.016 n=5+4)
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|\| | | |
| |/ / /
|/| | | |
Parse optimisations
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Decreases allocations and bytes per operation by using string builder
with a predefined size.
One additional allocation has been removed by using its own implementation
of Strings(). The reason behind this was due to the fact the calls to
.String() are more recurrent than .Strings() and the performance impact
was worth the code duplication.
Benchmark results:
cpu: 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz
name old time/op new time/op delta
ReferenceStringSymbolic-16 140ns ± 4% 40ns ± 9% -71.19% (p=0.008 n=5+5)
ReferenceStringHash-16 174ns ±14% 85ns ± 4% -51.13% (p=0.008 n=5+5)
ReferenceStringInvalid-16 48.9ns ± 2% 1.5ns ± 3% -96.96% (p=0.008 n=5+5)
name old alloc/op new alloc/op delta
ReferenceStringSymbolic-16 88.0B ± 0% 32.0B ± 0% -63.64% (p=0.008 n=5+5)
ReferenceStringHash-16 176B ± 0% 144B ± 0% -18.18% (p=0.008 n=5+5)
ReferenceStringInvalid-16 0.00B 0.00B ~ (all equal)
name old allocs/op new allocs/op delta
ReferenceStringSymbolic-16 4.00 ± 0% 1.00 ± 0% -75.00% (p=0.008 n=5+5)
ReferenceStringHash-16 5.00 ± 0% 3.00 ± 0% -40.00% (p=0.008 n=5+5)
ReferenceStringInvalid-16 0.00 0.00 ~ (all equal)
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: cui fliter <imcusg@gmail.com>
Signed-off-by: cui fliter <imcusg@gmail.com>
|
| | | |
|
| | |
| | |
| | |
| | | |
`GO_GIT_USER_AGENT_EXTRA` as the git user agent. Fixes #529
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
#411
This commit adjusts the transport/ssh logic in command.connect(), so that it
now auto-populates ssh.ClientConfig.HostKeyAlgorithms. The algorithms are
chosen based on the known host keys for the target host, as obtained from the
known_hosts file.
In order to look-up the algorithms from the known_hosts file, external module
github.com/skeema/knownhosts is used. This package is just a thin wrapper
around golang.org/x/crypto/ssh/knownhosts, adding an extra mechanism to query
the known_hosts keys, implemented in a way which avoids duplication of any
golang.org/x/crypto/ssh/knownhosts logic.
Because HostKeyAlgorithms vary by target host, some related logic for setting
HostKeyCallback has been moved out of the various AuthMethod implementations.
This was necessary because the old HostKeyCallbackHelper is not host-specific.
Since known_hosts handling isn't really tied to AuthMethod anyway, it seems
reasonable to separate these. Previously-exported types/methods remain in
place for backwards compat, but some of them are now unused.
For testing approach, see pull request. Issue #411 can only be reproduced
via end-to-end / integration testing, since it requires actually launching
an SSH connection, in order to see the key mismatch error triggered from
https://github.com/golang/go/issues/29286 as the root cause.
|
| | | |
|
| | |
| | |
| | |
| | | |
Added in Go 1.12, this means we need one less dependency.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
value. (#521)
Previously, calling `Set($CAPABILITY, ...)` on a `capability.List` where `$CAPABILITY`
was already present would correctly replace the existing value of that capability, but
would also result in that capability being listed twice in the internal `l.sort` slice.
This manifested publicly when the `List` was encoded as the same capability appearing
twice with the same value in the encoded output.
|
| |/
|/|
| |
| | |
Use the syscall method instead of repeating the type conversions for
the syscall.Stat_t Atim/Atimespec/Ctim members.
|
|\ \
| | |
| | | |
revision: fix endless looping in revision parser
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes a bug in the revision parser which caused an endless loop when
parsing revisions with opening braces "{" but no closing braces "}".
Example bad revisions:
- ^{/
- ~@{
- @@{{0
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When fs.Stat returns an error, pathinfo may be nil. In such situations
the only safe response seems to be to return the error to the caller.
Without this fix, accessing pathinfo.IsDir() below would lead to a crash
dereferencing a nil pointer.
This crash can be reproduced by trying to initialize a Git repo with an
invalid path name.
Also see: https://github.com/muesli/gitty/issues/36
|
| |
| |
| | |
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
|
|\ \
| | |
| | | |
fix: resolve external reference delta
|
| | | |
|
| |\ \ |
|
| | |\ \
| |_|/ /
|/| | | |
|
|\ \ \ \
| | | | |
| | | | | |
error strings: Don't capitalize, use periods, or newlines
|
| | | | |
| | | | |
| | | | |
| | | | | |
The test verifies the exact error message.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Per [Go Code Review Comments][1],
> Error strings should not be capitalized (unless beginning with proper
> nouns or acronyms) or end with punctuation
staticcheck's [ST1005][2] also complains about these. For example,
```
object_walker.go:63:10: error strings should not be capitalized (ST1005)
object_walker.go:101:10: error strings should not be capitalized (ST1005)
object_walker.go:101:10: error strings should not end with punctuation or a newline (ST1005)
plumbing/format/commitgraph/file.go:17:26: error strings should not be capitalized (ST1005)
```
This fixes all instances of this issue reported by staticcheck.
[1]: https://github.com/golang/go/wiki/CodeReviewComments#error-strings
[2]: https://staticcheck.io/docs/checks/#ST1005
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Remove unused vars/types/funcs/fields
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The membership check before attempting to `delete` from the `tags` map
is unnecessary because the operation is a no-op if the item does not
already exist in the map.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The packRefs field is unused.
It is assigned to true from the `PackRefs()` method,
but because the method is not on the pointer type,
the assignment has no effect.
var st ReferenceStorage
fmt.Println(st.packRefs) // false
st.PackRefs()
fmt.Println(st.packRefs) // false
Delete the unused field.
|