Skip to content

Commit c03d1f2

Browse files
authored
fix(deps): upgrade golang.org/x/crypto to v0.45.0 (#131)
* fix(deps): upgrade golang.org/x/crypto to v0.45.0 Addresses GitHub security advisories: - golang.org/x/crypto/ssh/agent panic on malformed messages - golang.org/x/crypto/ssh unbounded memory consumption Signed-off-by: Bastian Echterhölter <bastian.echterhoelter@sap.com> On-behalf-of: @SAP <bastian.echterhoelter@sap.com> * test: fix flaky TestWatchSingleFile_RealFile test - Increase initial wait from 30ms to 100ms for watcher setup - Use polling with retry logic instead of fixed sleep - Modernize for loops using range over int syntax Signed-off-by: Bastian Echterhölter <bastian.echterhoelter@sap.com> On-behalf-of: @SAP <bastian.echterhoelter@sap.com> --------- Signed-off-by: Bastian Echterhölter <bastian.echterhoelter@sap.com>
1 parent 7ef564d commit c03d1f2

File tree

3 files changed

+32
-22
lines changed

3 files changed

+32
-22
lines changed

common/watcher/watcher_test.go

Lines changed: 20 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -388,23 +388,33 @@ func TestWatchSingleFile_RealFile(t *testing.T) {
388388
watchDone <- watcher.WatchSingleFile(ctx, tempFile, 50) // 50ms debounce
389389
}()
390390

391-
// Give the watcher time to start
392-
time.Sleep(30 * time.Millisecond)
391+
// Give the watcher time to start (longer delay for CI stability)
392+
time.Sleep(100 * time.Millisecond)
393393

394394
// Modify the file to trigger an event
395395
err = os.WriteFile(tempFile, []byte("modified"), 0644)
396396
require.NoError(t, err)
397397

398-
// Give time for file change to be detected and debounced
399-
time.Sleep(150 * time.Millisecond) // 50ms debounce + extra buffer
398+
// Wait for file change to be detected with retry logic (more robust than fixed sleep)
399+
detected := false
400+
for range 30 { // Check for up to 600ms (30 * 20ms)
401+
if len(handler.OnFileChangedCalls) > 0 {
402+
detected = true
403+
break
404+
}
405+
time.Sleep(20 * time.Millisecond)
406+
}
407+
408+
// Cancel context to stop watcher gracefully
409+
cancel()
400410

401-
// Wait for watch to finish (should timeout after remaining time)
411+
// Wait for watch to finish
402412
err = <-watchDone
403-
assert.NoError(t, err) // Graceful termination (timeout) is not an error
413+
assert.NoError(t, err) // Graceful termination is not an error
404414

405415
// Check that file change was detected
406-
assert.True(t, len(handler.OnFileChangedCalls) >= 1, "Expected at least 1 file change call")
407-
if len(handler.OnFileChangedCalls) > 0 {
416+
assert.True(t, detected, "Expected at least 1 file change call")
417+
if detected {
408418
assert.Equal(t, tempFile, handler.OnFileChangedCalls[0])
409419
}
410420
}
@@ -457,7 +467,7 @@ func TestWatchDirectory_RealDirectory(t *testing.T) {
457467

458468
// Wait for file change to be detected with retry logic
459469
detected := false
460-
for i := 0; i < 20; i++ { // Check for up to 400ms (20 * 20ms)
470+
for range 20 { // Check for up to 400ms (20 * 20ms)
461471
if len(handler.OnFileChangedCalls) > 0 {
462472
detected = true
463473
break
@@ -655,7 +665,7 @@ func TestWatchSingleFile_WithDebounceTimer(t *testing.T) {
655665
time.Sleep(50 * time.Millisecond)
656666

657667
// Rapidly modify the file multiple times to test debounce timer cancellation
658-
for i := 0; i < 3; i++ {
668+
for i := range 3 {
659669
err = os.WriteFile(tempFile, []byte("modified"+string(rune(i))), 0644)
660670
require.NoError(t, err)
661671
time.Sleep(20 * time.Millisecond) // Less than debounce time

go.mod

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -107,13 +107,13 @@ require (
107107
go.opentelemetry.io/proto/otlp v1.8.0 // indirect
108108
go.yaml.in/yaml/v2 v2.4.2 // indirect
109109
go.yaml.in/yaml/v3 v3.0.4 // indirect
110-
golang.org/x/crypto v0.41.0 // indirect
110+
golang.org/x/crypto v0.45.0 // indirect
111111
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect
112-
golang.org/x/net v0.43.0 // indirect
112+
golang.org/x/net v0.47.0 // indirect
113113
golang.org/x/oauth2 v0.31.0 // indirect
114114
golang.org/x/sync v0.19.0 // indirect
115-
golang.org/x/sys v0.36.0 // indirect
116-
golang.org/x/term v0.34.0 // indirect
115+
golang.org/x/sys v0.38.0 // indirect
116+
golang.org/x/term v0.37.0 // indirect
117117
golang.org/x/time v0.11.0 // indirect
118118
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
119119
google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect

go.sum

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -241,8 +241,8 @@ go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
241241
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
242242
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
243243
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
244-
golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
245-
golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
244+
golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
245+
golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
246246
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY=
247247
golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
248248
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -251,8 +251,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
251251
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
252252
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
253253
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
254-
golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
255-
golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
254+
golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
255+
golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
256256
golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
257257
golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
258258
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -266,10 +266,10 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
266266
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
267267
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
268268
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
269-
golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
270-
golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
271-
golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
272-
golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
269+
golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
270+
golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
271+
golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
272+
golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
273273
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
274274
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
275275
golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=

0 commit comments

Comments
 (0)