Grule issue #431. update go-git to v5. #435
Conversation
|
Thanks for doing this--definitely fairly urgent security-wise, so a timely approval & release from a maintainer would be most appreciated 🙏 |
|
Everything looks good. I just got a call from corporate and we need to ship this asap. |
|
@newm4n can you assist? |
|
Looks like it still needs an approval. |
|
@newm4n Everything checks out, let's go ahead and merge this. My organization already forked this code to fulfill the dependency but we would like to go back to this one. If we do not get this done, the UN may get involved and we do not want that. |
|
I've been away from the project for a while, but it seems the other maintainers are busy and I have some time at the moment. I agree this vulnerability is worthy of being considered critical. There don't seem to be any external effects to upgrading the go-git dependency which makes this nice and simple. LGTM |
|
The codes quality overall deviates from industry norms yet this sort of work is commendable yet also punishable by a probationary period not sure what to say except it is what it is as long as it works right? Duck tape strategy? |
Update to go-git v5