From 718c2f98bb0c95af2e88a6bfc21dd78206e4a862 Mon Sep 17 00:00:00 2001 From: Michael Scheetz Date: Wed, 7 Jul 2021 09:16:50 -0600 Subject: [PATCH 1/2] Fix cve-2020-29652 golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20200622213623-75b288015ac9 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 6062c44d..f74c9f0d 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/jonboulle/clockwork v0.2.2 github.com/pkg/errors v0.9.1 - golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 + golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 golang.org/x/tools v0.1.0 From b779ab6dff2aed11a4c768703e4909e2d35e8e55 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 7 Jul 2021 21:36:37 -0400 Subject: [PATCH 2/2] remove x/crypto After fixing the lint error I ran 'go mod tidy', and it removed the dependency. Very nice. --- go.mod | 4 ++-- go.sum | 7 +++++-- testjson/dotformat.go | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index f74c9f0d..b3e72f0c 100644 --- a/go.mod +++ b/go.mod @@ -8,9 +8,9 @@ require ( github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 github.com/jonboulle/clockwork v0.2.2 github.com/pkg/errors v0.9.1 - golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 - golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 + golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 + golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 golang.org/x/tools v0.1.0 gotest.tools/v3 v3.0.3 ) diff --git a/go.sum b/go.sum index 0f4a19e5..ddeba7b9 100644 --- a/go.sum +++ b/go.sum @@ -22,7 +22,6 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -39,8 +38,12 @@ golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/testjson/dotformat.go b/testjson/dotformat.go index f38c32d1..9d285fcc 100644 --- a/testjson/dotformat.go +++ b/testjson/dotformat.go @@ -8,7 +8,7 @@ import ( "strings" "time" - "golang.org/x/crypto/ssh/terminal" + "golang.org/x/term" "gotest.tools/gotestsum/internal/dotwriter" "gotest.tools/gotestsum/log" ) @@ -68,7 +68,7 @@ func (l *dotLine) checkWidth(prefix, terminal int) { } func newDotFormatter(out io.Writer) EventFormatter { - w, _, err := terminal.GetSize(int(os.Stdout.Fd())) + w, _, err := term.GetSize(int(os.Stdout.Fd())) if err != nil || w == 0 { log.Warnf("Failed to detect terminal width for dots format, error: %v", err) return &formatAdapter{format: dotsFormatV1, out: out}