[CORE-797] Update to go v1.18.10 to fix net-package vulnerability (#116)

oredavids · web-flow · commit 03d385819890 · 2023-04-20T12:43:25.000-06:00
* Update to go v1.18.10 to fix net-package vulnerability

* Update to latest go-commons
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,6 +1,6 @@
 defaults: &defaults
   docker:
-    - image: 087285199408.dkr.ecr.us-east-1.amazonaws.com/circle-ci-test-image-base:go1.16-go111module
+    - image: 087285199408.dkr.ecr.us-east-1.amazonaws.com/circle-ci-test-image-base:go1.18-tf1.4-tg39.1-pck1.8-ci50.7
 
 version: 2
 jobs:
diff --git a/checksum.go b/checksum.go
@@ -13,7 +13,7 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-func verifyChecksumOfReleaseAsset(logger *logrus.Logger, assetPath string, checksumMap map[string]bool, algorithm string) *FetchError {
+func verifyChecksumOfReleaseAsset(logger *logrus.Entry, assetPath string, checksumMap map[string]bool, algorithm string) *FetchError {
 	computedChecksum, err := computeChecksum(assetPath, algorithm)
 	if err != nil {
 		return newError(errorWhileComputingChecksum, err.Error())
diff --git a/file.go b/file.go
@@ -16,7 +16,7 @@ import (
 // Download the zip file at the given URL to a temporary local directory.
 // Returns the absolute path to the downloaded zip file.
 // IMPORTANT: You must call "defer os.RemoveAll(dir)" in the calling function when done with the downloaded zip file!
-func downloadGithubZipFile(logger *logrus.Logger, gitHubCommit GitHubCommit, gitHubToken string, instance GitHubInstance) (string, *FetchError) {
+func downloadGithubZipFile(logger *logrus.Entry, gitHubCommit GitHubCommit, gitHubToken string, instance GitHubInstance) (string, *FetchError) {
 
 	var zipFilePath string
 
diff --git a/github.go b/github.go
@@ -76,7 +76,7 @@ type GitHubReleaseAsset struct {
 	Name string
 }
 
-func ParseUrlIntoGithubInstance(logger *logrus.Logger, repoUrl string, apiv string) (GitHubInstance, *FetchError) {
+func ParseUrlIntoGithubInstance(logger *logrus.Entry, repoUrl string, apiv string) (GitHubInstance, *FetchError) {
 	var instance GitHubInstance
 
 	u, err := url.Parse(repoUrl)
@@ -216,7 +216,6 @@ var nextLinkRegex = regexp.MustCompile(`<(.+?)>;\s*rel="next"`)
 // empty string. The link header is expected to be of the form:
 //
 // <url>; rel="next", <url>; rel="last"
-//
 func getNextUrl(links string) string {
 	if len(links) == 0 {
 		return ""
diff --git a/go.mod b/go.mod
@@ -1,21 +1,20 @@
 module github.com/gruntwork-io/fetch
 
-go 1.14
+go 1.18
 
 require (
-	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dustin/go-humanize v1.0.0
-	github.com/gruntwork-io/go-commons v0.9.2
+	github.com/gruntwork-io/go-commons v0.16.1
 	github.com/hashicorp/go-version v1.3.0
-	github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect
-	github.com/kr/pretty v0.2.1 // indirect
-	github.com/kr/text v0.2.0 // indirect
-	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/sirupsen/logrus v1.8.1
-	github.com/stretchr/testify v1.7.0
-	golang.org/x/sys v0.0.0-20210629170331-7dc0b73dc9fb // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	github.com/stretchr/testify v1.8.0
 	gopkg.in/urfave/cli.v1 v1.20.0
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	golang.org/x/sys v0.1.0 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
diff --git a/logger.go b/logger.go
@@ -10,13 +10,13 @@ import (
 const DEFAULT_LOG_LEVEL = logrus.InfoLevel
 
 // GetProjectLogger returns a logging instance for this project
-func GetProjectLogger() *logrus.Logger {
-	return logging.GetLogger("fetch")
+func GetProjectLogger() *logrus.Entry {
+	return logging.GetLogger("fetch", "")
 }
 
 // GetProjectLoggerWithWriter creates a logger around the given output stream
-func GetProjectLoggerWithWriter(writer io.Writer) *logrus.Logger {
+func GetProjectLoggerWithWriter(writer io.Writer) *logrus.Entry {
 	logger := GetProjectLogger()
-	logger.SetOutput(writer)
+	logger.Logger.Out = writer
 	return logger
 }
diff --git a/main.go b/main.go
@@ -36,7 +36,7 @@ type FetchOptions struct {
 	WithProgress             bool
 
 	// Project logger
-	Logger *logrus.Logger
+	Logger *logrus.Entry
 }
 
 type AssetDownloadResult struct {
@@ -176,7 +176,7 @@ func runFetchWrapper(c *cli.Context) {
 }
 
 // Run the fetch program
-func runFetch(c *cli.Context, logger *logrus.Logger) error {
+func runFetch(c *cli.Context, logger *logrus.Entry) error {
 	options := parseOptions(c, logger)
 	if err := validateOptions(options); err != nil {
 		return err
@@ -278,7 +278,7 @@ func runFetch(c *cli.Context, logger *logrus.Logger) error {
 	return nil
 }
 
-func parseOptions(c *cli.Context, logger *logrus.Logger) FetchOptions {
+func parseOptions(c *cli.Context, logger *logrus.Entry) FetchOptions {
 	localDownloadPath := c.Args().First()
 	sourcePaths := c.StringSlice(optionSourcePath)
 	assetChecksums := c.StringSlice(optionReleaseAssetChecksum)
@@ -340,7 +340,7 @@ func validateOptions(options FetchOptions) error {
 }
 
 // Download the specified source files from the given repo
-func downloadSourcePaths(logger *logrus.Logger, sourcePaths []string, destPath string, githubRepo GitHubRepo, latestTag string, branchName string, commitSha string, instance GitHubInstance) error {
+func downloadSourcePaths(logger *logrus.Entry, sourcePaths []string, destPath string, githubRepo GitHubRepo, latestTag string, branchName string, commitSha string, instance GitHubInstance) error {
 	if len(sourcePaths) == 0 {
 		return nil
 	}
@@ -406,7 +406,7 @@ func downloadSourcePaths(logger *logrus.Logger, sourcePaths []string, destPath s
 // were downloaded. For those that succeeded, the path they were downloaded to will be passed back
 // along with the error.
 // Returns the paths where the release assets were downloaded.
-func downloadReleaseAssets(logger *logrus.Logger, assetRegex string, destPath string, githubRepo GitHubRepo, tag string, withProgress bool) ([]string, error) {
+func downloadReleaseAssets(logger *logrus.Entry, assetRegex string, destPath string, githubRepo GitHubRepo, tag string, withProgress bool) ([]string, error) {
 	var err error
 	var assetPaths []string
 

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ import (`
`13`	`13`	`"github.com/sirupsen/logrus"`
`14`	`14`	`)`
`15`	`15`
`16`		`-func verifyChecksumOfReleaseAsset(logger logrus.Logger, assetPath string, checksumMap map[string]bool, algorithm string) FetchError {`
	`16`	`+func verifyChecksumOfReleaseAsset(logger logrus.Entry, assetPath string, checksumMap map[string]bool, algorithm string) FetchError {`
`17`	`17`	`computedChecksum, err := computeChecksum(assetPath, algorithm)`
`18`	`18`	`if err != nil {`
`19`	`19`	`return newError(errorWhileComputingChecksum, err.Error())`