dep: use chainguard/git-urls instead of whilp/git-urls

grinish21 · grinish21 · commit d569b518fbdf · 2024-08-14T15:48:56.000-07:00
chainguards repo fixes the security issue with regex used - whilp/git-urls#24
diff --git a/go.mod b/go.mod
@@ -13,6 +13,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/antlr4-go/antlr/v4 v4.13.1
 	github.com/apigear-io/objectlink-core-go v0.5.1
+	github.com/chainguard-dev/git-urls v1.0.2
 	github.com/creativeprojects/go-selfupdate v1.3.0
 	github.com/dop251/goja v0.0.0-20240707163329-b1681fb2a2f5
 	github.com/dop251/goja_nodejs v0.0.0-20240418154818-2aae10d4cbcf
@@ -24,7 +25,6 @@ require (
 	github.com/gocarina/gocsv v0.0.0-20240520201108-78e41c74b4b1
 	github.com/google/uuid v1.6.0
 	github.com/rs/zerolog v1.33.0
-	github.com/whilp/git-urls v1.0.0
 	github.com/xeipuuv/gojsonschema v1.2.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 )
diff --git a/go.sum b/go.sum
@@ -36,6 +36,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/atomicgo/cursor v0.0.1/go.mod h1:cBON2QmmrysudxNBFthvMtN32r3jxVRIvzkUiF/RuIk=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/chainguard-dev/git-urls v1.0.2 h1:pSpT7ifrpc5X55n4aTTm7FFUE+ZQHKiqpiwNkJrVcKQ=
+github.com/chainguard-dev/git-urls v1.0.2/go.mod h1:rbGgj10OS7UgZlbzdUQIQpT0k/D4+An04HJY7Ol+Y/o=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE=
 github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
@@ -231,8 +233,6 @@ github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
 github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
-github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
 github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y=
 github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
diff --git a/pkg/git/url.go b/pkg/git/url.go
@@ -3,8 +3,8 @@ package git
 import (
 	"net/url"
 
+	urls "github.com/chainguard-dev/git-urls"
 	"github.com/gitsight/go-vcsurl"
-	urls "github.com/whilp/git-urls"
 )
 
 func ParseAsUrl(url string) (*url.URL, error) {

Original file line number	Diff line number	Diff line change
`@@ -3,8 +3,8 @@ package git`
`3`	`3`	`import (`
`4`	`4`	`"net/url"`
`5`	`5`
	`6`	`+ urls "github.com/chainguard-dev/git-urls"`
`6`	`7`	`"github.com/gitsight/go-vcsurl"`
`7`		`- urls "github.com/whilp/git-urls"`
`8`	`8`	`)`
`9`	`9`
`10`	`10`	`func ParseAsUrl(url string) (*url.URL, error) {`