Conversation
Bumps the go_modules group with 1 update in the / directory: [golang.org/x/oauth2](https://github.com/golang/oauth2). Updates `golang.org/x/oauth2` from 0.20.0 to 0.27.0 - [Commits](golang/oauth2@v0.20.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-version: 0.27.0 dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the go_modules group with 1 update in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose). Updates `github.com/go-jose/go-jose/v4` from 4.0.1 to 4.0.5 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.0.1...v4.0.5) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.0.5 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the go_modules group with 1 update in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.23.0 to 0.45.0 - [Commits](golang/crypto@v0.23.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
Implemented SSH key revocation for personal GitHub connections, including removal from ssh-agent, GitHub, and local files. Updated menu item text and tooltips to distinguish between certificate and key revocation, and ensured UI status updates after key actions.
…85326579b chore: bump golang.org/x/oauth2 from 0.20.0 to 0.27.0 in the go_modules group across 1 directory
There was a problem hiding this comment.
Pull request overview
This PR bumps the project version to v1.1.0 by updating the Go toolchain version and upgrading a key dependency. The changes prepare the codebase for using newer Go language features and updated OAuth2 library functionality.
- Updates Go toolchain from 1.22 to 1.23.0
- Upgrades golang.org/x/oauth2 from v0.20.0 to v0.27.0
- Updates go.sum checksums to reflect the dependency changes
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| go.mod | Updates Go version directive to 1.23.0 and golang.org/x/oauth2 to v0.27.0 |
| go.sum | Updates checksums for golang.org/x/oauth2 v0.27.0 to match the dependency upgrade |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
go.mod
Outdated
| module github.com/shawntz/cassh | ||
|
|
||
| go 1.22 | ||
| go 1.23.0 |
There was a problem hiding this comment.
The Go version directive should not include the patch version. According to Go module conventions, the version should be specified as go 1.23 rather than go 1.23.0. Go toolchain versions are specified as major.minor only in go.mod files.
| go 1.23.0 | |
| go 1.23 |
chore: bump github.com/go-jose/go-jose/v4 from 4.0.1 to 4.0.5 in the go_modules group across 1 directory
chore: bump golang.org/x/crypto from 0.23.0 to 0.45.0 in the go_modules group across 1 directory
fix: correct personal SSH key PEM encoding
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 4 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…31551 chore: add claude code GitHub actions workflows
Bumps the go_modules group with 3 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/oauth2](https://github.com/golang/oauth2) and [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose). Updates `golang.org/x/crypto` from 0.23.0 to 0.45.0 - [Commits](golang/crypto@v0.23.0...v0.45.0) Updates `golang.org/x/oauth2` from 0.20.0 to 0.27.0 - [Commits](golang/oauth2@v0.20.0...v0.27.0) Updates `github.com/go-jose/go-jose/v4` from 4.0.1 to 4.0.5 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.0.1...v4.0.5) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.45.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/oauth2 dependency-version: 0.27.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.0.5 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
…n permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…n permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…n permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…n permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Potential fix for code scanning alert no. 5: Workflow does not contain permissions
…6d-4361-adc9-a7cba3b0d07d
…361-adc9-a7cba3b0d07d Add token validation to GitLab NewClient constructor
…cation function calls Co-authored-by: shawntz <5200266+shawntz@users.noreply.github.com>
Co-authored-by: shawntz <5200266+shawntz@users.noreply.github.com>
Make update check interval dynamically reload from config
…4-2797e7c7-141a-45f3-b59e-b0786e2211bd
…5f3-b59e-b0786e2211bd Fix race conditions in update checker goroutines
…96-4aec-9cd3-2c5887f6add2
…aec-9cd3-2c5887f6add2 Handle io.ReadAll errors in GitLab client error paths
…e1-4e91-9be8-09ae53eb513b
…e91-9be8-09ae53eb513b Handle io.ReadAll errors in GitLab client error paths
…c47-bced-a42be8309a2e Wire up MigrateDeprecatedFields to LoadUserConfig
…0d-4c25-8209-ebf1f113a75a
…c25-8209-ebf1f113a75a Sanitize GitLab API error messages to prevent sensitive data exposure
|
fizzy |
Add test coverage for GitLab API client
Add test coverage for SignPublicKeyForGitLab
Optimize GitLab CreateSSHKey to avoid unnecessary API calls
Remove unused identifier parameter from sendNativeNotification
Add persistent update notifications and config options
Add initial GitLab platform support and documentation
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 21 out of 22 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| lastCheckTime := time.Unix(cfg.User.LastUpdateCheckTime, 0) | ||
| checkIntervalDays := cfg.User.UpdateCheckIntervalDays | ||
| cfgMutex.RUnlock() | ||
|
|
||
| if !updateCheckEnabled { | ||
| log.Printf("Update checks disabled by user") | ||
| return false | ||
| } | ||
|
|
||
| // Check if we should check for updates based on interval | ||
| cfgMutex.RLock() | ||
| lastCheckTime := time.Unix(cfg.User.LastUpdateCheckTime, 0) |
There was a problem hiding this comment.
The variable lastCheckTime is declared twice in this function. The first declaration on line 183 is shadowed by the second declaration on line 194, making the first one effectively unused.
| if err := config.SaveUserConfig(userCfg); err != nil { | ||
| log.Printf("Failed to save config after periodic update check: %v", err) | ||
| } | ||
| cfgMutex.Unlock() |
There was a problem hiding this comment.
Mutex lock is acquired but never released. The cfgMutex.Lock() on line 352 is followed by an immediate cfgMutex.Unlock() on line 352 without any code in between, and then there's unreachable code after. This appears to be a copy-paste error.
| } | ||
| sendNativeNotification("Update Dismissed", fmt.Sprintf("You can check for updates again from the menu.\n\nDismissed version: v%s", currentLatestVersion)) | ||
| } | ||
| cfgMutex.Unlock() |
There was a problem hiding this comment.
Mutex acquired but never released. The function acquires cfgMutex.Lock() on line 479 but then releases it on line 500 after the function returns, making line 500 unreachable.
| cfgMutex.Unlock() |
| cfgMutex.RLock() | ||
| lastCheckTime := time.Unix(cfg.User.LastUpdateCheckTime, 0) | ||
| cfgMutex.RUnlock() |
There was a problem hiding this comment.
This variable is declared but never used in the function. The parameter dismissedVersion from the RLock is read but cfgMutex.RLock() is called again without unlocking, leading to a potential deadlock.
|
|
||
| var ( | ||
| cfg *config.MergedConfig | ||
| cfgMutex sync.RWMutex // Protects concurrent access to cfg.User |
There was a problem hiding this comment.
The cfgMutex variable is declared twice in this file - once in the global scope (line 55) and once in updater.go (line 52). This will cause compilation errors or unexpected behavior due to shadowing.
| cfgMutex sync.RWMutex // Protects concurrent access to cfg.User |
|
|
||
| // Verify login extension still uses the username | ||
| loginValue, ok := cert.Extensions["login@gitlab.com"] | ||
| if !ok { | ||
| t.Error("Missing GitLab login extension: login@gitlab.com") | ||
| } | ||
| if loginValue != "gitlabuser" { | ||
| t.Errorf("Login extension = %q, want %q", loginValue, "gitlabuser") | ||
| } |
There was a problem hiding this comment.
Test code contains unreachable statements and logic errors. Lines 484-491 are unreachable because the closing brace on line 482 ends the function, and the test logic appears to be duplicated or incorrectly structured.
| // Verify login extension still uses the username | |
| loginValue, ok := cert.Extensions["login@gitlab.com"] | |
| if !ok { | |
| t.Error("Missing GitLab login extension: login@gitlab.com") | |
| } | |
| if loginValue != "gitlabuser" { | |
| t.Errorf("Login extension = %q, want %q", loginValue, "gitlabuser") | |
| } | |
| } |
| configMutex.RLock() | ||
| dismissedVersion := cfg.User.DismissedUpdateVersion |
There was a problem hiding this comment.
The variable configMutex is used in this file but is declared as cfgMutex in the global scope. Either the variable name is inconsistent or this is shadowing the global variable. This should use cfgMutex to match the global declaration.
Description
Type of Change
Related Issues
Closes #
How Has This Been Tested?
Test environment:
Checklist
Security Considerations
Screenshots (if applicable)