Skip to content

Commit 4bac71e

Browse files
mbpavanmbpavan
committed
fix issue with patch
1 parent 28ca00d commit 4bac71e

File tree

1 file changed

+37
-4
lines changed

1 file changed

+37
-4
lines changed

.konflux/patches/fix-oauth2-vulnerability-ghsa-6v2p-p543-phr9.patch

Lines changed: 37 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
1-
diff --git a/upstream/image/git-init/go.mod b/upstream/image/git-init/go.mod
1+
diff --git a/image/git-init/go.mod b/image/git-init/go.mod
22
index 918df2b..22a4ba9 100644
3-
--- a/upstream/image/git-init/go.mod
4-
+++ b/upstream/image/git-init/go.mod
3+
--- a/image/git-init/go.mod
4+
+++ b/image/git-init/go.mod
55
@@ -55,7 +55,7 @@ require (
66
go.uber.org/multierr v1.11.0 // indirect
77
golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect
@@ -11,4 +11,37 @@ index 918df2b..22a4ba9 100644
1111
golang.org/x/sync v0.11.0 // indirect
1212
golang.org/x/sys v0.30.0 // indirect
1313
golang.org/x/term v0.29.0 // indirect
14-
14+
diff --git a/image/git-init/go.sum b/image/git-init/go.sum
15+
index e790e1b..550768c 100644
16+
--- a/image/git-init/go.sum
17+
+++ b/image/git-init/go.sum
18+
@@ -435,6 +435,8 @@ golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ
19+
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
20+
21+
golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
22+
golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
23+
+golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
24+
+golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
25+
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
26+
diff --git a/image/git-init/vendor/golang.org/x/oauth2/pkce.go b/image/git-init/vendor/golang.org/x/oauth2/pkce.go
27+
index 50593b6..6a95da9 100644
28+
--- a/image/git-init/vendor/golang.org/x/oauth2/pkce.go
29+
+++ b/image/git-init/vendor/golang.org/x/oauth2/pkce.go
30+
@@ -21,7 +21,7 @@ const (
31+
//
32+
// A fresh verifier should be generated for each authorization.
33+
// S256ChallengeOption(verifier) should then be passed to Config.AuthCodeURL
34+
-// (or Config.DeviceAccess) and VerifierOption(verifier) to Config.Exchange
35+
+// (or Config.DeviceAuth) and VerifierOption(verifier) to Config.Exchange
36+
// (or Config.DeviceAccessToken).
37+
func GenerateVerifier() string {
38+
// "RECOMMENDED that the output of a suitable random number generator be
39+
@@ -51,7 +51,7 @@ func S256ChallengeFromVerifier(verifier string) string {
40+
}
41+
42+
// S256ChallengeOption derives a PKCE code challenge derived from verifier with
43+
-// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAccess
44+
+// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAuth
45+
// only.
46+
func S256ChallengeOption(verifier string) AuthCodeOption {
47+
return challengeOption{

0 commit comments

Comments
 (0)