Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove redundant secureexec package #2847

Merged
merged 1 commit into from
Jul 30, 2023
Merged

Remove redundant secureexec package #2847

merged 1 commit into from
Jul 30, 2023

Conversation

jesseduffield
Copy link
Owner

@jesseduffield jesseduffield commented Jul 30, 2023

From the go 1.19 release notes:

Command and LookPath no longer allow results from a PATH search to be found relative to the current directory. This removes a common source of security problems but may also break existing programs that depend on using, say, exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in the current directory. See the os/exec package documentation for information about how best to update such programs.

  • PR Description

  • Please check if the PR fulfills these requirements

  • Cheatsheets are up-to-date (run go run scripts/cheatsheet/main.go generate)
  • Code has been formatted (see here)
  • Tests have been added/updated (see here for the integration test guide)
  • Text is internationalised (see here)
  • Docs (specifically docs/Config.md) have been updated if necessary
  • You've read through your own file changes for silly mistakes etc

@jesseduffield jesseduffield added the maintenance For refactorings, CI changes, tests, version bumping, etc label Jul 30, 2023
@jesseduffield jesseduffield changed the title Remove secureexec package Remove redundant secureexec package Jul 30, 2023
@jesseduffield jesseduffield force-pushed the secure-exec branch 7 times, most recently from 1d1b168 to 7891e4a Compare July 30, 2023 09:56
From the go 1.19 release notes:

Command and LookPath no longer allow results from a PATH search to be found relative to the current directory. This removes a common source of security problems but may also break existing programs that depend on using, say, exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in the current directory. See the os/exec package documentation for information about how best to update such programs.
@jesseduffield jesseduffield merged commit 7cfbfb7 into master Jul 30, 2023
12 checks passed
@jesseduffield jesseduffield deleted the secure-exec branch July 30, 2023 10:04
renovate bot referenced this pull request in scottames/dots Aug 5, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[GoogleContainerTools/skaffold](https://togithub.com/GoogleContainerTools/skaffold)
| patch | `v2.6.2` -> `v2.6.3` |
| [ajeetdsouza/zoxide](https://togithub.com/ajeetdsouza/zoxide) | patch
| `v0.9.1` -> `v0.9.2` |
| [aquaproj/aqua-registry](https://togithub.com/aquaproj/aqua-registry)
| patch | `v4.32.0` -> `v4.32.2` |
| [jesseduffield/lazygit](https://togithub.com/jesseduffield/lazygit) |
minor | `v0.39.4` -> `v0.40.0` |
| [weaveworks/eksctl](https://togithub.com/weaveworks/eksctl) | minor |
`v0.150.0` -> `v0.151.0` |

---

### Release Notes

<details>
<summary>GoogleContainerTools/skaffold
(GoogleContainerTools/skaffold)</summary>

###
[`v2.6.3`](https://togithub.com/GoogleContainerTools/skaffold/releases/tag/v2.6.3):
Release

[Compare
Source](https://togithub.com/GoogleContainerTools/skaffold/compare/v2.6.2...v2.6.3)

##### v2.6.3 Release - 2023-08-04

**Linux amd64**
`curl -Lo skaffold
https://storage.googleapis.com/skaffold/releases/v2.6.3/skaffold-linux-amd64
&& chmod +x skaffold && sudo mv skaffold /usr/local/bin`

**Linux arm64**
`curl -Lo skaffold
https://storage.googleapis.com/skaffold/releases/v2.6.3/skaffold-linux-arm64
&& chmod +x skaffold && sudo mv skaffold /usr/local/bin`

**macOS amd64**
`curl -Lo skaffold
https://storage.googleapis.com/skaffold/releases/v2.6.3/skaffold-darwin-amd64
&& chmod +x skaffold && sudo mv skaffold /usr/local/bin`

**macOS arm64**
`curl -Lo skaffold
https://storage.googleapis.com/skaffold/releases/v2.6.3/skaffold-darwin-arm64
&& chmod +x skaffold && sudo mv skaffold /usr/local/bin`

**Windows**

https://storage.googleapis.com/skaffold/releases/v2.6.3/skaffold-windows-amd64.exe

**Docker image**
`gcr.io/k8s-skaffold/skaffold:v2.6.3`

**Full Changelog**:
GoogleContainerTools/skaffold@v2.6.2...v2.6.3

</details>

<details>
<summary>ajeetdsouza/zoxide (ajeetdsouza/zoxide)</summary>

###
[`v0.9.2`](https://togithub.com/ajeetdsouza/zoxide/releases/tag/v0.9.2):
0.9.2

[Compare
Source](https://togithub.com/ajeetdsouza/zoxide/compare/v0.9.1...v0.9.2)

##### Added

-   Short option `-a` for `zoxide query --all`.

##### Fixed

-   PowerShell: use `global` scope for variables / functions.

</details>

<details>
<summary>aquaproj/aqua-registry (aquaproj/aqua-registry)</summary>

###
[`v4.32.2`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.32.2)

[Compare
Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.32.1...v4.32.2)


[Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.32.2)
| [Pull
Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.32.2)
| aquaproj/aqua-registry@v4.32.1...v4.32.2

##### Fixes


[#&#8203;14327](https://togithub.com/aquaproj/aqua-registry/issues/14327)
Rename kyleconroy/sqlc to sqlc-dev/sqlc as of repository migration
[@&#8203;ichizero](https://togithub.com/ichizero)

[#&#8203;14339](https://togithub.com/aquaproj/aqua-registry/issues/14339)
sqlc-dev/sqlc: Support old versions

###
[`v4.32.1`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.32.1)

[Compare
Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.32.0...v4.32.1)


[Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.32.1)
| [Pull
Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.32.1)
| aquaproj/aqua-registry@v4.32.0...v4.32.1

#### Fixes


[#&#8203;14275](https://togithub.com/aquaproj/aqua-registry/issues/14275)
[#&#8203;14276](https://togithub.com/aquaproj/aqua-registry/issues/14276)
[#&#8203;14277](https://togithub.com/aquaproj/aqua-registry/issues/14277)
[#&#8203;14278](https://togithub.com/aquaproj/aqua-registry/issues/14278)
[domoritz/arrow-tools/{csv2arrow,csv2parquet,json2arrow,json2parquet}](https://togithub.com/domoritz/arrow-tools):
Follow up changes of asset names

</details>

<details>
<summary>jesseduffield/lazygit (jesseduffield/lazygit)</summary>

###
[`v0.40.0`](https://togithub.com/jesseduffield/lazygit/releases/tag/v0.40.0)

[Compare
Source](https://togithub.com/jesseduffield/lazygit/compare/v0.39.4...v0.40.0)

<!-- Release notes generated using configuration in .github/release.yml
at v0.40.0 -->

### 🎉  LAZYGIT FIVE YEAR ANNIVERSARY EDITION 🎉

Holy moly, has it really been 5 years since Lazygit's birth? Time flies
when you're having fun.

I've written a post celebrating the anniversary
[here](https://jesseduffield.com/Lazygit-5-Years-On).

As for this release, we've got some great features here.

##### Worktrees

We now have a worktrees view so you can easily create worktrees and
switch to them and so on. I'm not a big worktrees user myself so please
raise an issue if you can think of places to improve the UX.


![worktree_create_from_branches-compressed](https://togithub.com/jesseduffield/lazygit/assets/8456633/3ef0b085-e9d0-42de-af58-16cbae581d34)

##### Rebase --onto

Rebasing onto a marked base commit is a very useful feature that we've
been sorely lacking for a while
(demo coming soon)

##### Auto-refresh on window focus

Auto-refresh on window activation is a complete game-changer. No more
having to manually press shift+R when you come back from your editor.

##### Nuking the worktree

We also have a fun enhancement in this release: showing an explosion
animation when you nuke the working tree.


![nuke-gif](https://togithub.com/jesseduffield/lazygit/assets/8456633/32b3f91c-fea3-474d-8997-1de2f5e4f5d4)

You'll also notice in the readme we've got some updated demo gifs to
showoff Lazygit's features. More of those to come.

#### What's Changed

##### Features ✨

- Add worktrees view by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) (with help
from [@&#8203;kadaan](https://togithub.com/kadaan)) in
[https://github.com/jesseduffield/lazygit/pull/2147](https://togithub.com/jesseduffield/lazygit/pull/2147)
- Rebase onto branch from a marked base commit by
[@&#8203;stefanhaller](https://togithub.com/stefanhaller) in
[https://github.com/jesseduffield/lazygit/pull/2835](https://togithub.com/jesseduffield/lazygit/pull/2835)
- Auto-refresh on window activation by
[@&#8203;stefanhaller](https://togithub.com/stefanhaller) in
[https://github.com/jesseduffield/lazygit/pull/2854](https://togithub.com/jesseduffield/lazygit/pull/2854)

##### Enhancements 🔥

- Faster refresh by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2841](https://togithub.com/jesseduffield/lazygit/pull/2841)
- feat: add os.copyToClipboardCmd to allow for a custom command
[#&#8203;1055](https://togithub.com/jesseduffield/lazygit/issues/1055)
by [@&#8203;redstreet](https://togithub.com/redstreet) in
[https://github.com/jesseduffield/lazygit/pull/2784](https://togithub.com/jesseduffield/lazygit/pull/2784)
- Add bisect menu entry that lets you choose bisect terms by
[@&#8203;stefanhaller](https://togithub.com/stefanhaller) in
[https://github.com/jesseduffield/lazygit/pull/2838](https://togithub.com/jesseduffield/lazygit/pull/2838)
- When bisecting, always mark the current commit as good/bad, not the
selected by [@&#8203;stefanhaller](https://togithub.com/stefanhaller) in
[https://github.com/jesseduffield/lazygit/pull/2837](https://togithub.com/jesseduffield/lazygit/pull/2837)
- Visualize local branch heads in commits panel, 2nd approach by
[@&#8203;stefanhaller](https://togithub.com/stefanhaller) in
[https://github.com/jesseduffield/lazygit/pull/2775](https://togithub.com/jesseduffield/lazygit/pull/2775)
- Allow force-tagging if tag exists by
[@&#8203;stefanhaller](https://togithub.com/stefanhaller) in
[https://github.com/jesseduffield/lazygit/pull/2827](https://togithub.com/jesseduffield/lazygit/pull/2827)
- Save IgnoreWhitespaceInDiffView in state.yml by
[@&#8203;stefanhaller](https://togithub.com/stefanhaller) in
[https://github.com/jesseduffield/lazygit/pull/2830](https://togithub.com/jesseduffield/lazygit/pull/2830)
- Show loader when rebasing by
[@&#8203;KarlHeitmann](https://togithub.com/KarlHeitmann) in
[https://github.com/jesseduffield/lazygit/pull/2851](https://togithub.com/jesseduffield/lazygit/pull/2851)
- Internationalise logging of commands by
[@&#8203;KarlHeitmann](https://togithub.com/KarlHeitmann) in
[https://github.com/jesseduffield/lazygit/pull/2852](https://togithub.com/jesseduffield/lazygit/pull/2852)
- Show visual explosion effect when nuking worktree by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2861](https://togithub.com/jesseduffield/lazygit/pull/2861)

##### Fixes 🔧

- Fix issue where using `null` to un-map a keybinding was ignored by
[@&#8203;hatredholder](https://togithub.com/hatredholder) in
[https://github.com/jesseduffield/lazygit/pull/2832](https://togithub.com/jesseduffield/lazygit/pull/2832)
- Show error when trying to open patch menu with an empty patch by
[@&#8203;stefanhaller](https://togithub.com/stefanhaller) in
[https://github.com/jesseduffield/lazygit/pull/2829](https://togithub.com/jesseduffield/lazygit/pull/2829)
- Fix merge status for update-ref command by
[@&#8203;stefanhaller](https://togithub.com/stefanhaller) in
[https://github.com/jesseduffield/lazygit/pull/2845](https://togithub.com/jesseduffield/lazygit/pull/2845)
- Stop worktrees view from stealing the window by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2863](https://togithub.com/jesseduffield/lazygit/pull/2863)
- Fix confirmation view sizing by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2879](https://togithub.com/jesseduffield/lazygit/pull/2879)

##### Maintenance ⚙️

- Standardise on using lo for slice functions by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2846](https://togithub.com/jesseduffield/lazygit/pull/2846)
- Remove redundant secureexec package by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2847](https://togithub.com/jesseduffield/lazygit/pull/2847)
- Add automated demo recordings by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2853](https://togithub.com/jesseduffield/lazygit/pull/2853)
- Remove file watcher code by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2865](https://togithub.com/jesseduffield/lazygit/pull/2865)
- Add more demos to the README by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2866](https://togithub.com/jesseduffield/lazygit/pull/2866)
- Move features to top of readme by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2867](https://togithub.com/jesseduffield/lazygit/pull/2867)
- Add more demos by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2874](https://togithub.com/jesseduffield/lazygit/pull/2874)

##### Other Changes

- Create demo output dir if it doesn't already exist by
[@&#8203;jesseduffield](https://togithub.com/jesseduffield) in
[https://github.com/jesseduffield/lazygit/pull/2857](https://togithub.com/jesseduffield/lazygit/pull/2857)

#### New Contributors

- [@&#8203;hatredholder](https://togithub.com/hatredholder) made their
first contribution in
[https://github.com/jesseduffield/lazygit/pull/2832](https://togithub.com/jesseduffield/lazygit/pull/2832)
- [@&#8203;redstreet](https://togithub.com/redstreet) made their first
contribution in
[https://github.com/jesseduffield/lazygit/pull/2784](https://togithub.com/jesseduffield/lazygit/pull/2784)
- [@&#8203;kadaan](https://togithub.com/kadaan) made their first
contribution in
[https://github.com/jesseduffield/lazygit/pull/2147](https://togithub.com/jesseduffield/lazygit/pull/2147)
- [@&#8203;KarlHeitmann](https://togithub.com/KarlHeitmann) made their
first contribution in
[https://github.com/jesseduffield/lazygit/pull/2851](https://togithub.com/jesseduffield/lazygit/pull/2851)

**Full Changelog**:
jesseduffield/lazygit@v0.39.4...v0.40.0

</details>

<details>
<summary>weaveworks/eksctl (weaveworks/eksctl)</summary>

###
[`v0.151.0`](https://togithub.com/eksctl-io/eksctl/releases/tag/v0.151.0):
eksctl 0.151.0 (permalink)

[Compare
Source](https://togithub.com/weaveworks/eksctl/compare/0.150.0...0.151.0)

### Release v0.151.0

#### 🚀 Features

- Support custom AMIs for self-managed Windows nodegroups
([#&#8203;6804](https://togithub.com/weaveworks/eksctl/issues/6804))
- Support custom Ubuntu AMIs for EKS-managed nodegroups
([#&#8203;6850](https://togithub.com/weaveworks/eksctl/issues/6850))

#### 🎯 Improvements

- Remove support for EKS 1.22
([#&#8203;6704](https://togithub.com/weaveworks/eksctl/issues/6704))

#### 🐛 Bug Fixes

- Fix error with tar in `Post Cache go-build and mod` step
([#&#8203;6840](https://togithub.com/weaveworks/eksctl/issues/6840))
- Fix setting link-time variables for release version
([#&#8203;6841](https://togithub.com/weaveworks/eksctl/issues/6841))
- Select one subnet for AZs where multiple are present and no VPC config
provided
([#&#8203;6814](https://togithub.com/weaveworks/eksctl/issues/6814))
- Paginate instance type offerings response
([#&#8203;6832](https://togithub.com/weaveworks/eksctl/issues/6832))

#### 🧰 Maintenance

- Bump dependencies
([#&#8203;6852](https://togithub.com/weaveworks/eksctl/issues/6852),
[#&#8203;6859](https://togithub.com/weaveworks/eksctl/issues/6859))
- Cleanup Flux Integration
([#&#8203;6836](https://togithub.com/weaveworks/eksctl/issues/6836))

#### Acknowledgments

Weaveworks would like to sincerely thank:
[@&#8203;watany-dev](https://togithub.com/watany-dev)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 4pm on thursday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/scottames/dots).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yNy4xIiwidXBkYXRlZEluVmVyIjoiMzYuMjcuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
maintenance For refactorings, CI changes, tests, version bumping, etc
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant