Skip to content

Commit 6a4bd30

Browse files
umputunumputun
committed
Update github.com/masterminds/vcs to v1.13.2
Fix security vulnerability related to command injection in Mercurial (hg) APIs. This update prevents specially crafted URLs and local file paths from executing arbitrary commands when passed to the Mercurial implementation.
1 parent 96e329a commit 6a4bd30

File tree

2 files changed

+3
-0
lines changed

2 files changed

+3
-0
lines changed

go.mod

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ require (
7575
github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
7676
github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 // indirect
7777
github.com/magiconair/properties v1.8.10 // indirect
78+
github.com/masterminds/vcs v1.13.2 // indirect
7879
github.com/mattn/go-runewidth v0.0.9 // indirect
7980
github.com/mitchellh/go-homedir v1.1.0 // indirect
8081
github.com/mitchellh/mapstructure v1.1.2 // indirect

go.sum

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -252,6 +252,8 @@ github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czP
252252
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
253253
github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
254254
github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
255+
github.com/masterminds/vcs v1.13.2 h1:DsG/kTMFstyRFYOiEN6Pe6bXDfTFHOhQeXZibvfRzyU=
256+
github.com/masterminds/vcs v1.13.2/go.mod h1:jVyjbcKEJwhhiIDU+SnuHLARsI4vVvazsuTKBWfQSHs=
255257
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
256258
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
257259
github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=

0 commit comments

Comments
 (0)