Describe the bug
Multiple http.Get() calls use default HTTP client with no timeout, potentially causing indefinite hangs if GitHub API is slow or unresponsive.
To reproduce
- Examine main.go line 2756 (checkForUpdatesCmd):
const api = "https://api.github.com/repos/floatpane/matcha/releases/latest"
resp, err := http.Get(api) // No timeout
- Examine main.go line 3000 (runUpdate):
resp, err := http.Get(api) // No timeout
- Examine main.go line 3138 (runUpdate asset download):
respAsset, err := http.Get(assetURL) // No timeout
- Network hang or slow GitHub API could block indefinitely
Expected behavior
HTTP requests should have reasonable timeout. Use custom http.Client with timeout.
Additional context
- Good first issue: straightforward HTTP client improvement
- Affects update checking and automatic updates
- Default http.Client has no timeout - can hang forever
- Best practice: 10-30 second timeout for external API calls
Suggested fix:
client := &http.Client{
Timeout: 30 * time.Second,
}
resp, err := client.Get(api)Or define once at package level:
var httpClient = &http.Client{
Timeout: 30 * time.Second,
}OS
All platforms
Describe the bug
Multiple http.Get() calls use default HTTP client with no timeout, potentially causing indefinite hangs if GitHub API is slow or unresponsive.
To reproduce
Expected behavior
HTTP requests should have reasonable timeout. Use custom http.Client with timeout.
Additional context
Suggested fix:
Or define once at package level:
OS
All platforms