1 年之前 · e23be1cc51
--- a/vendor.mod
+++ b/vendor.mod
@@ -106,7 +106,7 @@ require (
 
				 	github.com/containerd/go-runc v1.0.0 // indirect
			
 
				 	github.com/containerd/stargz-snapshotter/estargz v0.11.3 // indirect
			
 
				 	github.com/containerd/ttrpc v1.1.2 // indirect
			
 
				-	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
			
 
				+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
			
 
				 	github.com/dustin/go-humanize v1.0.0 // indirect
			
 
				 	github.com/felixge/httpsnoop v1.0.2 // indirect
			
 
				 	github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee // indirect
			
--- a/vendor.sum
+++ b/vendor.sum
@@ -333,8 +333,9 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 
				 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
			
 
				 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
			
 
				 github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
			
 
				-github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
			
 
				 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
			
 
				+github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
			
 
				+github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
			
 
				 github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ=
			
 
				 github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
			
 
				 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
			
--- a/vendor/github.com/cyphar/filepath-securejoin/.travis.yml
+++ b/vendor/github.com/cyphar/filepath-securejoin/.travis.yml
@@ -1,21 +0,0 @@
 
				-# Copyright (C) 2017 SUSE LLC. All rights reserved.
			
 
				-# Use of this source code is governed by a BSD-style
			
 
				-# license that can be found in the LICENSE file.
			
 
				-
			
 
				-language: go
			
 
				-go:
			
 
				-    - 1.13.x
			
 
				-    - 1.16.x
			
 
				-    - tip
			
 
				-arch:
			
 
				-    - AMD64
			
 
				-    - ppc64le
			
 
				-os:
			
 
				-    - linux
			
 
				-    - osx
			
 
				-
			
 
				-script:
			
 
				-    - go test -cover -v ./...
			
 
				-
			
 
				-notifications:
			
 
				-    email: false
			
--- a/vendor/github.com/cyphar/filepath-securejoin/README.md
+++ b/vendor/github.com/cyphar/filepath-securejoin/README.md
@@ -1,6 +1,6 @@
 
				 ## `filepath-securejoin` ##
			
 
				 
			
 
				-[![Build Status](https://travis-ci.org/cyphar/filepath-securejoin.svg?branch=master)](https://travis-ci.org/cyphar/filepath-securejoin)
			
 
				+[![Build Status](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml/badge.svg)](https://github.com/cyphar/filepath-securejoin/actions/workflows/ci.yml)
			
 
				 
			
 
				 An implementation of `SecureJoin`, a [candidate for inclusion in the Go
			
 
				 standard library][go#20126]. The purpose of this function is to be a "secure"
			
--- a/vendor/github.com/cyphar/filepath-securejoin/VERSION
+++ b/vendor/github.com/cyphar/filepath-securejoin/VERSION
@@ -1 +1 @@
 
				-0.2.3
			
 
				+0.2.4
			
--- a/vendor/github.com/cyphar/filepath-securejoin/join.go
+++ b/vendor/github.com/cyphar/filepath-securejoin/join.go
@@ -39,17 +39,27 @@ func IsNotExist(err error) bool {
 
				 // components in the returned string are not modified (in other words are not
			
 
				 // replaced with symlinks on the filesystem) after this function has returned.
			
 
				 // Such a symlink race is necessarily out-of-scope of SecureJoin.
			
 
				+//
			
 
				+// Volume names in unsafePath are always discarded, regardless if they are
			
 
				+// provided via direct input or when evaluating symlinks. Therefore:
			
 
				+//
			
 
				+// "C:\Temp" + "D:\path\to\file.txt" results in "C:\Temp\path\to\file.txt"
			
 
				 func SecureJoinVFS(root, unsafePath string, vfs VFS) (string, error) {
			
 
				 	// Use the os.* VFS implementation if none was specified.
			
 
				 	if vfs == nil {
			
 
				 		vfs = osVFS{}
			
 
				 	}
			
 
				 
			
 
				+	unsafePath = filepath.FromSlash(unsafePath)
			
 
				 	var path bytes.Buffer
			
 
				 	n := 0
			
 
				 	for unsafePath != "" {
			
 
				 		if n > 255 {
			
 
				-			return "", &os.PathError{Op: "SecureJoin", Path: root + "/" + unsafePath, Err: syscall.ELOOP}
			
 
				+			return "", &os.PathError{Op: "SecureJoin", Path: root + string(filepath.Separator) + unsafePath, Err: syscall.ELOOP}
			
 
				+		}
			
 
				+
			
 
				+		if v := filepath.VolumeName(unsafePath); v != "" {
			
 
				+			unsafePath = unsafePath[len(v):]
			
 
				 		}
			
 
				 
			
 
				 		// Next path component, p.
			
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -274,7 +274,7 @@ github.com/coreos/go-systemd/v22/journal
 
				 # github.com/creack/pty v1.1.11
			
 
				 ## explicit; go 1.13
			
 
				 github.com/creack/pty
			
 
				-# github.com/cyphar/filepath-securejoin v0.2.3
			
 
				+# github.com/cyphar/filepath-securejoin v0.2.4
			
 
				 ## explicit; go 1.13
			
 
				 github.com/cyphar/filepath-securejoin
			
 
				 # github.com/deckarep/golang-set v0.0.0-20141123011944-ef32fa3046d9
@@ -1 +1 @@
 				-0.2.3
 				+0.2.4