From e89fcc6d0b615c5048596c18bf77565127cad723 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 03:38:44 +0000 Subject: [PATCH] chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.1 Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar) from 4.7.1 to 4.8.1. - [Release notes](https://github.com/bmatcuk/doublestar/releases) - [Commits](https://github.com/bmatcuk/doublestar/compare/v4.7.1...v4.8.1) --- updated-dependencies: - dependency-name: github.com/bmatcuk/doublestar/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/bmatcuk/doublestar/v4/README.md | 10 ++++++---- vendor/github.com/bmatcuk/doublestar/v4/glob.go | 3 +-- vendor/github.com/bmatcuk/doublestar/v4/globwalk.go | 2 +- vendor/github.com/bmatcuk/doublestar/v4/match.go | 10 +++++----- vendor/github.com/bmatcuk/doublestar/v4/utils.go | 5 ++++- vendor/modules.txt | 2 +- 8 files changed, 21 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 8d7df720..08572662 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.22 toolchain go1.22.5 require ( - github.com/bmatcuk/doublestar/v4 v4.7.1 + github.com/bmatcuk/doublestar/v4 v4.8.1 github.com/go-git/go-git/v5 v5.13.1 github.com/hashicorp/go-retryablehttp v0.7.7 github.com/iancoleman/strcase v0.3.0 diff --git a/go.sum b/go.sum index 197fe6b2..fd364d23 100644 --- a/go.sum +++ b/go.sum @@ -44,8 +44,8 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/bmatcuk/doublestar/v4 v4.7.1 h1:fdDeAqgT47acgwd9bd9HxJRDmc9UAmPpc+2m0CXv75Q= -github.com/bmatcuk/doublestar/v4 v4.7.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= +github.com/bmatcuk/doublestar/v4 v4.8.1 h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38= +github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= diff --git a/vendor/github.com/bmatcuk/doublestar/v4/README.md b/vendor/github.com/bmatcuk/doublestar/v4/README.md index 21929a95..b417a2c4 100644 --- a/vendor/github.com/bmatcuk/doublestar/v4/README.md +++ b/vendor/github.com/bmatcuk/doublestar/v4/README.md @@ -319,6 +319,9 @@ If SplitPattern cannot find somewhere to split the pattern (for example, `meta*/**`), it will return "." and the unaltered pattern (`meta*/**` in this example). +Note that SplitPattern will also unescape any meta characters in the returned +base string, so that it can be passed straight to os.DirFS(). + Of course, it is your responsibility to decide if the returned base path is "safe" in the context of your application. Perhaps you could use Match() to validate against a list of approved base directories? @@ -373,8 +376,9 @@ Character classes support the following: Class | Meaning ---------- | ------- -`[abc]` | matches any single character within the set -`[a-z]` | matches any single character in the range +`[abc123]` | matches any single character within the set +`[a-z0-9]` | matches any single character in the range a-z or 0-9 +`[125-79]` | matches any single character within the set 129, or the range 5-7 `[^class]` | matches any single character which does *not* match the class `[!class]` | same as `^`: negates the class @@ -414,8 +418,6 @@ ever since. In that time, it has grown into one of the most popular globbing libraries in the Go ecosystem. So, if **doublestar** is a useful library in your project, consider [sponsoring] my work! I'd really appreciate it! -[![MASV](../sponsors/MASV.png?raw=true)](https://massive.io/) - Thanks for sponsoring me! ## License diff --git a/vendor/github.com/bmatcuk/doublestar/v4/glob.go b/vendor/github.com/bmatcuk/doublestar/v4/glob.go index 519601b1..5d8b75ed 100644 --- a/vendor/github.com/bmatcuk/doublestar/v4/glob.go +++ b/vendor/github.com/bmatcuk/doublestar/v4/glob.go @@ -29,7 +29,6 @@ import ( // // Note: users should _not_ count on the returned error, // doublestar.ErrBadPattern, being equal to path.ErrBadPattern. -// func Glob(fsys fs.FS, pattern string, opts ...GlobOption) ([]string, error) { if !ValidatePattern(pattern) { return nil, ErrBadPattern @@ -107,7 +106,7 @@ func (g *glob) doGlob(fsys fs.FS, pattern string, m []string, firstSegment, befo // characters. They would be equal if they are both -1, which means `dir` // will be ".", and we know that doesn't have meta characters either. if splitIdx <= patternStart { - return g.globDir(fsys, dir, pattern, matches, firstSegment, beforeMeta) + return g.globDir(fsys, unescapeMeta(dir), pattern, matches, firstSegment, beforeMeta) } var dirs []string diff --git a/vendor/github.com/bmatcuk/doublestar/v4/globwalk.go b/vendor/github.com/bmatcuk/doublestar/v4/globwalk.go index 84e764f0..3c77c858 100644 --- a/vendor/github.com/bmatcuk/doublestar/v4/globwalk.go +++ b/vendor/github.com/bmatcuk/doublestar/v4/globwalk.go @@ -112,7 +112,7 @@ func (g *glob) doGlobWalk(fsys fs.FS, pattern string, firstSegment, beforeMeta b // characters. They would be equal if they are both -1, which means `dir` // will be ".", and we know that doesn't have meta characters either. if splitIdx <= patternStart { - return g.globDirWalk(fsys, dir, pattern, firstSegment, beforeMeta, fn) + return g.globDirWalk(fsys, unescapeMeta(dir), pattern, firstSegment, beforeMeta, fn) } return g.doGlobWalk(fsys, dir, false, beforeMeta, func(p string, d fs.DirEntry) error { diff --git a/vendor/github.com/bmatcuk/doublestar/v4/match.go b/vendor/github.com/bmatcuk/doublestar/v4/match.go index c0f20afa..a21259db 100644 --- a/vendor/github.com/bmatcuk/doublestar/v4/match.go +++ b/vendor/github.com/bmatcuk/doublestar/v4/match.go @@ -319,10 +319,10 @@ MATCH: // we've reached the end of `name`; we've successfully matched if we've also // reached the end of `pattern`, or if the rest of `pattern` can match a // zero-length string - return isZeroLengthPattern(pattern[patIdx:], separator) + return isZeroLengthPattern(pattern[patIdx:], separator, validate) } -func isZeroLengthPattern(pattern string, separator rune) (ret bool, err error) { +func isZeroLengthPattern(pattern string, separator rune, validate bool) (ret bool, err error) { // `/**`, `**/`, and `/**/` are special cases - a pattern such as `path/to/a/**` or `path/to/a/**/` // *should* match `path/to/a` because `a` might be a directory if pattern == "" || @@ -350,18 +350,18 @@ func isZeroLengthPattern(pattern string, separator rune) (ret bool, err error) { } commaIdx += patIdx - ret, err = isZeroLengthPattern(pattern[patIdx:commaIdx]+pattern[closingIdx+1:], separator) + ret, err = isZeroLengthPattern(pattern[patIdx:commaIdx]+pattern[closingIdx+1:], separator, validate) if ret || err != nil { return } patIdx = commaIdx + 1 } - return isZeroLengthPattern(pattern[patIdx:closingIdx]+pattern[closingIdx+1:], separator) + return isZeroLengthPattern(pattern[patIdx:closingIdx]+pattern[closingIdx+1:], separator, validate) } // no luck - validate the rest of the pattern - if !doValidatePattern(pattern, separator) { + if validate && !doValidatePattern(pattern, separator) { return false, ErrBadPattern } return false, nil diff --git a/vendor/github.com/bmatcuk/doublestar/v4/utils.go b/vendor/github.com/bmatcuk/doublestar/v4/utils.go index 6b8df9a3..7831e5c3 100644 --- a/vendor/github.com/bmatcuk/doublestar/v4/utils.go +++ b/vendor/github.com/bmatcuk/doublestar/v4/utils.go @@ -29,6 +29,9 @@ import ( // `meta*/**`), it will return "." and the unaltered pattern (`meta*/**` in // this example). // +// Note that SplitPattern will also unescape any meta characters in the +// returned base string, so that it can be passed straight to os.DirFS(). +// // Of course, it is your responsibility to decide if the returned base path is // "safe" in the context of your application. Perhaps you could use Match() to // validate against a list of approved base directories? @@ -52,7 +55,7 @@ func SplitPattern(p string) (base, pattern string) { if splitIdx == 0 { return "/", p[1:] } else if splitIdx > 0 { - return p[:splitIdx], p[splitIdx+1:] + return unescapeMeta(p[:splitIdx]), p[splitIdx+1:] } return diff --git a/vendor/modules.txt b/vendor/modules.txt index 689b4d6a..6e77cddf 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -32,7 +32,7 @@ github.com/ProtonMail/go-crypto/openpgp/packet github.com/ProtonMail/go-crypto/openpgp/s2k github.com/ProtonMail/go-crypto/openpgp/x25519 github.com/ProtonMail/go-crypto/openpgp/x448 -# github.com/bmatcuk/doublestar/v4 v4.7.1 +# github.com/bmatcuk/doublestar/v4 v4.8.1 ## explicit; go 1.16 github.com/bmatcuk/doublestar/v4 # github.com/cloudflare/circl v1.3.7