Bump github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0 #66
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.4.2 to 5.11.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.4.2...v5.11.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
the
dependencies
|
| GitGuardian id | Secret | Commit | Filename | |
|---|---|---|---|---|
| 9147235 | PGP Private Key | 08ebb1e | vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go | View secret |
| 9147236 | PGP Private Key | 08ebb1e | vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go | View secret |
| 9147237 | PGP Private Key | 08ebb1e | vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go | View secret |
| 9147238 | PGP Private Key | 08ebb1e | vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
|
@dependabot[bot] Thank you for your contribution. |
gardener-robot
added
the
size/m
|
Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below. |
gardener-robot
added
the
lifecycle/stale
Bumps github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0.
Release notes
Sourced from github.com/go-git/go-git/v5's releases.
... (truncated)
Commits
5d08d3bMerge pull request #958 from pjbgf/workval5bd1d8fbuild: Ensure checkout is the first operationb2c1982git: worktree, Align validation with upstream rulescec7da6Merge pull request #953 from pjbgf/alternates8b47cebstorage: filesystem, Add option to set a specific FS for alternates4f61489Merge pull request #941 from djmoch/filestats-renameae552ceMerge pull request #939 from dhoizner/fix-pull-after-shallowcc1895bMerge pull request #950 from aymanbagabas/validate-refde1d5a5git: validate reference namesd87110bMerge pull request #948 from go-git/dependabot/go_modules/cli/go-git/github.c...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.