Comparing changes

….com-go-git-go-git-v5-vulnerability build: Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (releases/v5.x)

Signed-off-by: Paulo Gomes <[email protected]>

v5: Bump sha1cd and go-billy

Signed-off-by: Paulo Gomes <[email protected]>

Replace the per-iteration flag soup in (*Commit).Decode with a func-based stateFn loop that mirrors upstream Git's parsing posture. The new state machine encodes "where we are in the buffer" as the function being called rather than as a bag of mutable booleans. Conformance changes vs upstream commit.c: - tree must be the first header, missing tree errors with ErrMalformedCommit (matches the "bogus commit object" check at commit.c:508-510). - Parents are accepted only contiguously after tree; out-of-position parent lines are silently dropped (matches parse_commit_buffer's parent loop exiting at the first non-parent line and read_commit_extra_header_lines filtering parents from extras). - Author and committer are accepted only at their canonical positions (immediately after parents, immediately after author). Out-of-place occurrences are dropped, mirroring parse_commit_date silently returning 0 plus the standard_header_field filter. - Encoding/mergetag/gpgsig/gpgsig-sha256 follow first-wins; duplicate sig/mergetag continuation lines are discarded by a dedicated scanSkipCont state. - Continuation strip uses line[1:] (single space) instead of bytes.TrimLeft, mirroring upstream's `line + 1` at commit.c:1509. - Header/body boundary is the literal "\n" only, matching *line == '\n' at commit.c:1502. Tests: - TestDecodeRequiresTreeFirst covers the four hard-error inputs (missing tree, parent before tree, extra before tree, empty buffer). - TestDecodeFirstOccurrenceWins covers the lenient drop semantics for duplicate tree/author/committer/gpgsig/gpgsig-sha256, parents after author or interleaved with extras, missing committer, encoding between author and committer (drops the misplaced committer), and author at a non-canonical position (drops author and committer). - TestMalformedHeader is back to expecting NoError (lenient parsing of garbage author/committer values). The state machine lives in plumbing/object/commit_scanner.go. Assisted-by: Claude Opus 4.7 <[email protected]> Signed-off-by: Paulo Gomes <[email protected]>

Signed-off-by: Paulo Gomes <[email protected]>

Tag verification re-encoded from struct fields, so any non-canonical bytes the signature was computed over (duplicate headers, mutation-only fields like Signature/SignatureSHA256, etc.) were lost from the payload and signatures that were valid in upstream Git failed in go-git. Mirror the approach already used by Commit: retain a reference to the source plumbing.EncodedObject on Decode, add matchesSource() so EncodeWithoutSignature can stream the raw bytes (with the inline trailing PGP block truncated and gpgsig/gpgsig-sha256 headers stripped) when the struct still matches the source. Mutating struct fields still falls back to the struct-encoded payload. Assisted-by: Claude Opus 4.7 <[email protected]> Signed-off-by: Paulo Gomes <[email protected]>

Align Commit.Verify with upstream's parse_buffer_signed_by_header (commit.c:1186) and parse_gpg_output rejection (gpg-interface.c:257-269). The commit scanner now concatenates every gpgsig/gpgsig-sha256 header into a single signature buffer instead of first-wins, and Commit.Verify returns the new ErrMultipleSignatures when that buffer carries more than one armored block. Assisted-by: Claude Opus 4.7 <[email protected]> Signed-off-by: Paulo Gomes <[email protected]>

Signed-off-by: Paulo Gomes <[email protected]>

v5: Align object encoding with upstream

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Apr 18, 2026

Commits on Apr 20, 2026

Commits on May 6, 2026

This comparison is taking too long to generate.

Uh oh!