Backport fix from https://github.com/hashicorp/go-getter/pull/497 to v2 #498
Conversation
nywilken
changed the title
Backport fix from #497 to v2
nywilken
force-pushed
the
nywilken.backport-git-update-from-v1
branch
from
93b729e
to
b6203bd
Compare
The Go module for v2 is 1.19, bumping the base docker image to match the
minimum version ensures go-getter can be compiled and executed on the
container. This change resolves the failing acceptance test for Samba.
```
Run docker exec -i gogetter bash -c "env ACC_SMB_TEST=1 go test -v ./... -run=TestSmb_"
docker exec -i gogetter bash -c "env ACC_SMB_TEST=1 go test -v ./... -run=TestSmb_"
shell: /usr/bin/bash -e {0}
env:
TEST_RESULTS_PATH: /tmp/test-results
Error: ./get_git.go:366:16: undefined: os.ReadDir
Error: ./get_git_test.go:886:9: undefined: os.WriteFile
Error: ./get_git_test.go:904:22: undefined: os.ReadFile
note: module requires Go 1.19
FAIL github.com/hashicorp/go-getter/v2 [build failed]
? github.com/hashicorp/go-getter/v2/helper/testing [no test files]
testing: warning: no tests to run
PASS
ok github.com/hashicorp/go-getter/v2/helper/url 0.006s [no tests to run]
FAIL
Error: Process completed with exit code 2.
```
There was a problem hiding this comment.
Thanks a lot for the backport 🙌
Should we also backport the fix we did here too (maybe in another PR)
When presented with this PR in Slack @sylviamoss and @mcollao-hc validated that v2 is not susceptible to the vulnerability because v2 does not have a function called Please advise if your testing is showing different results. |
|
👋 @nywilken, this looks good thanks a lot for taking care of the backport |
I work on getting this released by EoD tomorrow the latest. Thanks for review and gentle nudge. |
Recreate git config during update to prevent git config alteration
Related to: #497