aboutsummaryrefslogtreecommitdiffstats
path: root/go.mod
Commit message (Collapse)AuthorAgeFilesLines
...
* | build: Bump github.com/pjbgf/sha1cd to v0.2.3Paulo Gomes2022-12-031-1/+1
|/ | | | | | | | Fixes regression in which applications that depend on go-git could no longer build with CGO_ENABLED=0 or when vendoring dependencies. Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* Update dependenciesPaulo Gomes2022-11-301-13/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | Mitigates known supply chain CVEs: golang.org/x/crypto: - GO-2021-0356 - GO-2022-0968 golang.org/x/net: - GO-2021-0238 - GO-2022-0236 - GO-2022-0288 - GO-2022-0969 golang.org/x/sys: - GO-2022-0493 golang.org/x/text: - GO-2021-0113 - GO-2022-1059 Updates other dependencies that have no backwards compatibility issues. Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* sha1: Add collision resistent implementationPaulo Gomes2022-11-251-0/+1
| | | | | | | | | | | | | | | | | | | Implement the same SHA1 collision resistent algorithm used by both the Git CLI and libgit2. Only commits with input that match the unavoidable bit conditions will be further processed, which will result in different hashes. Which is the same behaviour experienced in the Git CLI and Libgit2. Users can override the hash algorithm used with: hash.RegisterHash(crypto.SHA1, sha1.New) xref links: https://github.com/libgit2/libgit2/pull/4136/commits/2dfd1294f7a694bfa9e864a9489ae3cb318a5ed0 https://github.com/git/git/commit/28dc98e343ca4eb370a29ceec4c19beac9b5c01e Signed-off-by: Paulo Gomes <pjbgf@linux.com>
* plumbing: transport/ssh, auto-populate ClientConfig.HostKeyAlgorithms. Fixes ↵Evan Elias2022-09-221-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | #411 This commit adjusts the transport/ssh logic in command.connect(), so that it now auto-populates ssh.ClientConfig.HostKeyAlgorithms. The algorithms are chosen based on the known host keys for the target host, as obtained from the known_hosts file. In order to look-up the algorithms from the known_hosts file, external module github.com/skeema/knownhosts is used. This package is just a thin wrapper around golang.org/x/crypto/ssh/knownhosts, adding an extra mechanism to query the known_hosts keys, implemented in a way which avoids duplication of any golang.org/x/crypto/ssh/knownhosts logic. Because HostKeyAlgorithms vary by target host, some related logic for setting HostKeyCallback has been moved out of the various AuthMethod implementations. This was necessary because the old HostKeyCallbackHelper is not host-specific. Since known_hosts handling isn't really tied to AuthMethod anyway, it seems reasonable to separate these. Previously-exported types/methods remain in place for backwards compat, but some of them are now unused. For testing approach, see pull request. Issue #411 can only be reproduced via end-to-end / integration testing, since it requires actually launching an SSH connection, in order to see the key mismatch error triggered from https://github.com/golang/go/issues/29286 as the root cause.
* all: replace go-homedir with os.UserHomeDirDaniel Martí2022-05-291-1/+0
| | | | Added in Go 1.12, this means we need one less dependency.
* remove packfile and align to test fixturespaul.t2022-01-051-1/+1
|
* Update github.com/xanzy/ssh-agent to v0.3.1Tobias Klauser2021-10-291-4/+3
| | | | | | | Commands used: go get github.com/xanzy/ssh-agent@latest go mod tidy
* go modules: update go-git-fixturesMáximo Cuadros2021-05-031-2/+2
|
* *: use go-billy instead of os callsMáximo Cuadros2021-05-021-5/+6
|
* plumbing: transport/file, replace os/exec with golang.org/x/sys/execabs to ↵Máximo Cuadros2021-04-171-0/+1
| | | | improve path security
* *: replace golang.org/x/crypto/openpgp by ↵Johan Fleury2021-04-061-0/+1
| | | | github.com/ProtonMail/go-crypto/openpgp (#283)
* go modules updatedMáximo Cuadros2021-03-261-10/+10
|
* Support `.git/commondir` repository layoutTimofey Kirillov2020-06-151-1/+1
| | | | | | | | | | | | | | | | Git creates `.git/commondir` when there are custom worktrees (see "git worktree add" related commands). `.git/commondir` in such case contains a link to another dot-git repository tree, which could contain some folders like: - objects; - config; - refs; - etc. In this PR a new dotgit.RepositoryFilesystem struct is defined, which is billy.Filesystem interface compatible object-wrapper, that can handle commondir and dispatch all operations to the correct file path. `git.PlainOpen` remain unchanged, but `git.PlainOpenWithOptions` has a new option: `PlainOpenOptions.EnableDotGitCommonDir=true|false` (which is false by default). When `EnableDotGitCommonDir=true` repository-open procedure will read `.git/commondir` (if it exists) and then create dotgit.RepositoryFilesystem object initialized with 2 filesystems. This object then passed into storage and then into dotgit.DotGit as `billy.Filesystem` interface. This object will catch all filesystem operations and dispatch to the correct repository-filesystem (dot-git or common-dot-git) according to the rules described in the doc: https://git-scm.com/docs/gitrepository-layout#Documentation/gitrepository-layout.txt. EnableDotGitCommonDir option will only work with the filesystem-backed storage. Also worktree_test.go has been adopted from an older, already existing existing PR: https://github.com/src-d/go-git/pull/1098. This PR needs new fixtures added in the following PR: https://github.com/go-git/go-git-fixtures/pull/1.
* Repository.ConfigScoped and Repository.Commit with empty author supportMáximo Cuadros2020-05-241-0/+1
|
* ci: based on github actionsv5.0.0Máximo Cuadros2020-03-151-1/+1
|
* *: migration from go-git-fixtures/v4 and go-git/gcfgMáximo Cuadros2020-03-101-5/+2
|
* *: migration from gopkg to go modulesMáximo Cuadros2020-03-101-9/+8
|
* Fix date readingAndrew Thornton2020-02-231-0/+2
| | | | | | | | | | | | | | | | In the British TZ the following time: ``` 1579639200 +0100 ``` will be erroneously parsed as being with the GMT TZ. This leads to multiple errors with GPG validation. This PR fixes this by using the provided TZ information to create a FixedZone and sets that as the TZ Signed-off-by: Andrew Thornton <art27@cantab.net>
* *: go module updateMáximo Cuadros2019-07-291-10/+9
| | | | Signed-off-by: Máximo Cuadros <mcuadros@gmail.com>
* ssh: leverage proxy.DialJacob Blain Christen2019-05-021-1/+2
| | | | | | | This enables interacting with git remotes over SSH when behind a SOCKSv5 firewall. Signed-off-by: Jacob Blain Christen <dweomer5@gmail.com>
* go modules updateMáximo Cuadros2019-04-231-11/+11
| | | | Signed-off-by: Máximo Cuadros <mcuadros@gmail.com>
* update gcfg dependency to v1.4.0Dave Henderson2018-10-291-1/+1
| | | | Signed-off-by: Dave Henderson <dhenderson@gmail.com>
* *: go modules supportMáximo Cuadros2018-09-101-0/+29
Signed-off-by: Máximo Cuadros <mcuadros@gmail.com>