aboutsummaryrefslogtreecommitdiffstats
path: root/go.mod
Commit message (Collapse)AuthorAgeFilesLines
* build: bump github.com/ProtonMail/go-cryptodependabot[bot]2024-01-171-1/+1
| | | | | | | | | | | | | | Bumps [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) from 0.0.0-20230828082145-3c4c8a2d2371 to 1.0.0. - [Release notes](https://github.com/ProtonMail/go-crypto/releases) - [Commits](https://github.com/ProtonMail/go-crypto/commits/v1.0.0) --- updated-dependencies: - dependency-name: github.com/ProtonMail/go-crypto dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
* build: bump golang.org/x/net from 0.19.0 to 0.20.0dependabot[bot]2024-01-091-2/+2
| | | | | | | | | | | | | Bumps [golang.org/x/net](https://github.com/golang/net) from 0.19.0 to 0.20.0. - [Commits](https://github.com/golang/net/compare/v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* build: bump github.com/cloudflare/circl from 1.3.3 to 1.3.7dependabot[bot]2024-01-081-1/+1
| | | | | | | | | | | | | Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
* build: bump golang.org/x/sys from 0.15.0 to 0.16.0dependabot[bot]2024-01-051-1/+1
| | | | | | | | | | | | | Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/sys/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* build: bump github.com/gliderlabs/ssh from 0.3.5 to 0.3.6dependabot[bot]2023-12-191-1/+1
| | | | | | | | | | | | | | Bumps [github.com/gliderlabs/ssh](https://github.com/gliderlabs/ssh) from 0.3.5 to 0.3.6. - [Release notes](https://github.com/gliderlabs/ssh/releases) - [Commits](https://github.com/gliderlabs/ssh/compare/v0.3.5...v0.3.6) --- updated-dependencies: - dependency-name: github.com/gliderlabs/ssh dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* build: bump golang.org/x/crypto from 0.16.0 to 0.17.0dependabot[bot]2023-12-191-1/+1
| | | | | | | | | | | | Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
* storage: filesystem, Add option to set a specific FS for alternatesPaulo Gomes2023-12-021-0/+4
| | | | | | | | | | | Introduces the option to set a FS for alternates, enabling more flexible cross FS sharing of alternates. If none is set, falls back to the current FS used for the object storage. The changes only process a given path once, and if an alternates dir is not valid, exits with error - aligning behaviour with upstream. Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>
* build: bump golang.org/x/net from 0.18.0 to 0.19.0dependabot[bot]2023-11-281-1/+1
| | | | | | | | | | | | | Bumps [golang.org/x/net](https://github.com/golang/net) from 0.18.0 to 0.19.0. - [Commits](https://github.com/golang/net/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* build: bump golang.org/x/crypto from 0.15.0 to 0.16.0dependabot[bot]2023-11-281-2/+2
| | | | | | | | | | | | | Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/crypto/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* utils: remove ioutil.Pipe and use std library io.PipeAyman Bagabas2023-11-131-1/+0
| | | | ioutil.Pipe literally calls io.Pipe.
* build: bump golang.org/x/net from 0.17.0 to 0.18.0dependabot[bot]2023-11-091-1/+1
| | | | | | | | | | | | | Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* build: bump golang.org/x/crypto from 0.14.0 to 0.15.0dependabot[bot]2023-11-091-1/+1
| | | | | | | | | | | | | Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.15.0. - [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* cli: separate go module for cliAyman Bagabas2023-11-071-1/+0
|
* build: bump golang.org/x/text from 0.13.0 to 0.14.0dependabot[bot]2023-11-061-1/+1
| | | | | | | | | | | | | | Bumps [golang.org/x/text](https://github.com/golang/text) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* build: bump golang.org/x/sys from 0.13.0 to 0.14.0dependabot[bot]2023-11-061-1/+1
| | | | | | | | | | | | | Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/sys/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1dependabot[bot]2023-10-261-1/+1
| | | | | | | | | | | | | Bumps [github.com/skeema/knownhosts](https://github.com/skeema/knownhosts) from 1.2.0 to 1.2.1. - [Commits](https://github.com/skeema/knownhosts/compare/v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: github.com/skeema/knownhosts dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0dependabot[bot]2023-10-251-1/+1
| | | | | | | | | | | | | | Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0. - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0) --- updated-dependencies: - dependency-name: github.com/google/go-cmp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
* Merge pull request #869 from zeripath/graph-generation-2v5.10.0Paulo Gomes2023-10-131-1/+1
|\ | | | | plumbing: commitgraph, Add generation v2 support
| * plumbing: commitgraph, Add generation v2 supportAndrew Thornton2023-10-121-1/+1
| | | | | | | | | | | | | | | | This PR adds in support for generation v2 support and a couple of new walkers to match --date-order etc options on log. This PR also fixes a bug in the chain code and adds more tests. Signed-off-by: Andrew Thornton <art27@cantab.net>
* | build: bump golang.org/x/net from 0.15.0 to 0.17.0Paulo Gomes2023-10-131-2/+2
|/ | | | | | | | | | | | | Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.15.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* plumbing: commitgraph, fix types and handle commit-graph-chainsAndrew Thornton2023-10-081-2/+2
| | | | | | | | | Unfortunately the original variant makes some incorrect typing assumptions about commit-graphs which make handling graph chains difficult to do correctly. This creates a new subpackage and deprecates the old one. It then adds support commit graph chains. Signed-off-by: Andrew Thornton <art27@cantab.net>
* *: Bump go-billy to v5.5.0v5.9.0Máximo Cuadros2023-09-121-1/+1
|
* *: Bump to Go 1.19Paulo Gomes2023-09-121-1/+1
| | | | Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* *: Bump dependenciesPaulo Gomes2023-09-111-10/+11
| | | | Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* *: Bump goproxy dep. Fixes #826Siddhesh Ghadi2023-08-291-1/+1
| | | | | | CVE-2023-37788 is patched in goproxy v0.0.0-20230731152917-f99041a5c027 Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
* *: Bump dependenciesPaulo Gomes2023-07-211-9/+12
| | | | | | | | | | | | - dario.cat/mergo v1.0.0 - github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 - github.com/skeema/knownhosts v1.2.0 - golang.org/x/crypto v0.11.0 - golang.org/x/net v0.12.0 - golang.org/x/sys v0.10.0 - golang.org/x/text v0.11.0 Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* *: Bump dependenciesPaulo Gomes2023-05-231-5/+5
| | | | | | | | | | - github.com/ProtonMail/go-crypto to 0.0.0-20230518184743-7afd39499903. - github.com/skeema/knownhosts to 1.1.1. - golang.org/x/crypto to 0.9.0. - golang.org/x/net to 0.10.0. - golang.org/x/sys to 0.8.0. Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* build(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3dependabot[bot]2023-05-211-1/+1
| | | | | | | | | | | | | Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
* *: Bump Go version to 1.18 on go.modPaulo Gomes2023-05-211-1/+11
| | | | Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* plumbing: transport/http, add support for custom proxy URLsSanskar Jaiswal2023-05-041-0/+1
| | | | | | | | | | | | | | Add support for custom HTTP and HTTPS proxies for each session. The tests require server certificate and a matching private key to be able to run a TLS server and test HTTPS proxy functionality. The cert and the key are stored in `plumbing/transport/http/testdata/certs` and were generated using the following command: `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt` Note: All details were left empty, except for the FQDN for which example.com was used. Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
* plumbing: transport/http, refactor transport to cache underlying transport ↵Sanskar Jaiswal2023-05-041-0/+1
| | | | | | | | | | | | | objects Refactor the in-built http transport to cache the underlying http transport objects mapped to its specific options for each Git transport object. This lets us reuse the transport for a specific set of configurations as recommended. (ref: https://pkg.go.dev/net/http#Transport) If there are no transport specific options provided, the default transport is used. Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
* build: Bump dependencies. Fixes #667Paulo Gomes2023-04-231-9/+7
| | | | | | | | | | | | - github.com/ProtonMail/go-crypto to version 0.0.0-20230417170513-8ee5748c52b5. - github.com/imdario/mergo to version 0.3.15. - golang.org/x/crypto to version 0.8.0. - golang.org/x/net to version 0.9.0. - golang.org/x/sys to version 0.7.0. - golang.org/x/text to version 0.9.0. - github.com/go-git/gcfg to version v1.5.1-0.20230307220236-3a3c6141e376 Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* plumbing: resolve non-external delta referencesZauberNerd2023-03-231-1/+1
| | | | | | | | | | | In a self-contained pack file delta references might point to base objects stored later in the file. In this case we need to replace placeholders for external refs with the actual base object and update the children references. Fixes: #484 Co-authored-by: Markus Wolf <mail@markus-wolf.de>
* Bump dependenciesPaulo Gomes2023-03-021-6/+6
| | | | | | | | | - github.com/ProtonMail/go-crypto to version 0.0.0-20230217124315-7d5c6f04bbb8. - github.com/acomagu/bufpipe to version 1.0.4. - github.com/go-git/go-billy/v5 to version 5.4.1. - golang.org/x/crypto to version 0.6.0. Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* build(deps): bump golang.org/x/net from 0.2.0 to 0.7.0dependabot[bot]2023-03-021-3/+3
| | | | | | | | | | | | | Bumps [golang.org/x/net](https://github.com/golang/net) from 0.2.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.2.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
* Remove need to build with CGOPaulo Gomes2023-02-251-1/+1
| | | | | | | | | | | | Follow-up from #618, at the time the Pure Go sha1cd implementation was not performant enough to be the default. This has now changed and the cgo and generic implementations yields similar results. Users are able to override the default implementation, however this seems to be a better default as it does not require the use of CGO during build time. Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* go.mod: update go-billy v5.4.0, removes racesMáximo Cuadros2023-01-051-2/+2
|
* Merge pull request #617 from doxsch/616-update-ssh-agent-to-masterMáximo Cuadros2022-12-111-1/+1
|\ | | | | plumbing: transport/ssh: fix panic on Windows 10 with paegent as ssh-agent
| * fix: Upgrade github.com/xanzy/ssh-agent to v0.3.3 to fix panicdoxsch2022-12-051-1/+1
| |
* | build: Bump github.com/pjbgf/sha1cd to v0.2.3Paulo Gomes2022-12-031-1/+1
|/ | | | | | | | Fixes regression in which applications that depend on go-git could no longer build with CGO_ENABLED=0 or when vendoring dependencies. Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* Update dependenciesPaulo Gomes2022-11-301-13/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | Mitigates known supply chain CVEs: golang.org/x/crypto: - GO-2021-0356 - GO-2022-0968 golang.org/x/net: - GO-2021-0238 - GO-2022-0236 - GO-2022-0288 - GO-2022-0969 golang.org/x/sys: - GO-2022-0493 golang.org/x/text: - GO-2021-0113 - GO-2022-1059 Updates other dependencies that have no backwards compatibility issues. Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* sha1: Add collision resistent implementationPaulo Gomes2022-11-251-0/+1
| | | | | | | | | | | | | | | | | | | Implement the same SHA1 collision resistent algorithm used by both the Git CLI and libgit2. Only commits with input that match the unavoidable bit conditions will be further processed, which will result in different hashes. Which is the same behaviour experienced in the Git CLI and Libgit2. Users can override the hash algorithm used with: hash.RegisterHash(crypto.SHA1, sha1.New) xref links: https://github.com/libgit2/libgit2/pull/4136/commits/2dfd1294f7a694bfa9e864a9489ae3cb318a5ed0 https://github.com/git/git/commit/28dc98e343ca4eb370a29ceec4c19beac9b5c01e Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* plumbing: transport/ssh, auto-populate ClientConfig.HostKeyAlgorithms. Fixes ↵Evan Elias2022-09-221-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | #411 This commit adjusts the transport/ssh logic in command.connect(), so that it now auto-populates ssh.ClientConfig.HostKeyAlgorithms. The algorithms are chosen based on the known host keys for the target host, as obtained from the known_hosts file. In order to look-up the algorithms from the known_hosts file, external module github.com/skeema/knownhosts is used. This package is just a thin wrapper around golang.org/x/crypto/ssh/knownhosts, adding an extra mechanism to query the known_hosts keys, implemented in a way which avoids duplication of any golang.org/x/crypto/ssh/knownhosts logic. Because HostKeyAlgorithms vary by target host, some related logic for setting HostKeyCallback has been moved out of the various AuthMethod implementations. This was necessary because the old HostKeyCallbackHelper is not host-specific. Since known_hosts handling isn't really tied to AuthMethod anyway, it seems reasonable to separate these. Previously-exported types/methods remain in place for backwards compat, but some of them are now unused. For testing approach, see pull request. Issue #411 can only be reproduced via end-to-end / integration testing, since it requires actually launching an SSH connection, in order to see the key mismatch error triggered from https://github.com/golang/go/issues/29286 as the root cause.
* all: replace go-homedir with os.UserHomeDirDaniel Martí2022-05-291-1/+0
| | | | Added in Go 1.12, this means we need one less dependency.
* remove packfile and align to test fixturespaul.t2022-01-051-1/+1
|
* Update github.com/xanzy/ssh-agent to v0.3.1Tobias Klauser2021-10-291-4/+3
| | | | | | | Commands used: go get github.com/xanzy/ssh-agent@latest go mod tidy
* go modules: update go-git-fixturesMáximo Cuadros2021-05-031-2/+2
|
* *: use go-billy instead of os callsMáximo Cuadros2021-05-021-5/+6
|
* plumbing: transport/file, replace os/exec with golang.org/x/sys/execabs to ↵Máximo Cuadros2021-04-171-0/+1
| | | | improve path security
* *: replace golang.org/x/crypto/openpgp by ↵Johan Fleury2021-04-061-0/+1
| | | | github.com/ProtonMail/go-crypto/openpgp (#283)