Switch gopkg.in/src-d/go-git.v4 to github.com/go-git/go-git/v5

pulumi / pulumi-kubernetes-operator

A Kubernetes Operator that automates the deployment of Pulumi Stacks

Apache License 2.0

214 stars 54 forks source link

Switch gopkg.in/src-d/go-git.v4 to github.com/go-git/go-git/v5 #546

Closed hectorj2f closed 5 months ago

hectorj2f commented 5 months ago

Proposed changes

This PR switches from an archived dependency such as gopkg.in/src-d/go-git.v4 to github.com/go-git/go-git/v5@v5.11.0. The old dependency gopkg.in/src-d/go-git.v4 also contained some vulnerable code as detailed here.

Related issues (optional)

github-actions[bot] commented 5 months ago

PR is now waiting for a maintainer to run the acceptance tests. This PR will only perform build and linting. Note for the maintainer: To run the acceptance tests, please comment /run-acceptance-tests on the PR

hectorj2f commented 5 months ago

Maybe @dirien could help us reviewing this PR 🙏🏻.

dirien commented 5 months ago

Hey @hectorj2f,

Let me ask @rquitales or @EronWright for their approval!

rquitales commented 5 months ago

/run-acceptance-tests

github-actions[bot] commented 5 months ago

Please view the PR build - https://github.com/pulumi/pulumi-kubernetes-operator/actions/runs/7716448093

hectorj2f commented 5 months ago

thanks for the help @dirien 🤩 !

rquitales commented 5 months ago

Tests are passing and looks like v5 is a drop-in replacement of v4 (ref: https://github.com/go-git/go-git/releases/tag/v5.0.0). Thanks for submitting this PR @hectorj2f!

hectorj2f commented 5 months ago

thanks @rquitales for the review 👏🏻 !