Add support for peeled tags (#1276)

Utilise the newly implemented (but not yet released) functionality from go-git/go-git#750 to favour the unpeeled tag's commit hash for repositories with annotated tags. Fixes: #1209
google · May 5, 2023 · 4db5ea6 · 4db5ea6
1 parent f783655
commit 4db5ea6
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 33 deletions.
diff --git a/vulnfeeds/git/repository.go b/vulnfeeds/git/repository.go
@@ -17,17 +17,23 @@ package git
 
 import (
 	"sort"
+	"strings"
 
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/storage/memory"
 
 	"golang.org/x/exp/maps"
+	"golang.org/x/exp/slices"
 
 	"github.com/google/osv/vulnfeeds/cves"
 )
 
+const (
+	peeledSuffix = "^{}"
+)
+
 // A GitTag holds a Git tag and corresponding commit hash.
 type Tag struct {
 	Tag    string // Git tag
@@ -55,7 +61,7 @@ type RepoTagsMap struct {
 // RepoTags acts as a cache for RepoTags results, keyed on the repo's URL.
 type RepoTagsCache map[string]RepoTagsMap
 
-// RepoTags returns an array of Tag being the tags and associated commits in repoURL.
+// RepoTags returns an array of Tag being the (unpeeled, if annotated) tags and associated commits in repoURL.
 // An optional repoTagsCache can be supplied to reduce repeated remote connections to the same repo.
 func RepoTags(repoURL string, repoTagsCache RepoTagsCache) (tags Tags, e error) {
 	if repoTagsCache != nil {
@@ -72,7 +78,7 @@ func RepoTags(repoURL string, repoTagsCache RepoTagsCache) (tags Tags, e error)
 		},
 	}
 	repo := git.NewRemote(memory.NewStorage(), remoteConfig)
-	refs, err := repo.List(&git.ListOptions{})
+	refs, err := repo.List(&git.ListOptions{PeelingOption: git.AppendPeeled})
 	if err != nil {
 		return tags, err
 	}
@@ -81,9 +87,25 @@ func RepoTags(repoURL string, repoTagsCache RepoTagsCache) (tags Tags, e error)
 		if !ref.Name().IsTag() {
 			continue
 		}
-		tags = append(tags, Tag{Tag: ref.Name().Short(), Commit: ref.Hash().String()})
+		// This is used for caching and direct lookup by tag name.
 		tagsMap[ref.Name().Short()] = Tag{Tag: ref.Name().Short(), Commit: ref.Hash().String()}
 	}
+	// Use the unpeeled tag commit where available.
+	for tagName, tagInfo := range tagsMap {
+		if _, ok := tagsMap[tagName+peeledSuffix]; ok {
+			// There exists an equivalent peeled tag, skip the unpeeled one.
+			continue
+		}
+		if strings.HasSuffix(tagName, peeledSuffix) {
+			// Use the peeled tag name, but the unpeeled tag's commit.
+			tags = append(tags, Tag{Tag: strings.TrimSuffix(tagInfo.Tag, peeledSuffix), Commit: tagInfo.Commit})
+			continue
+		}
+		// It's a lightweight tag, and if not already present (as an unpeeled tag, add it)
+		if !slices.Contains(tags, Tag{Tag: tagInfo.Tag, Commit: tagInfo.Commit}) {
+			tags = append(tags, Tag{Tag: tagInfo.Tag, Commit: tagInfo.Commit})
+		}
+	}
 	// Sort so that we get consistently ordered output for test validation purposes.
 	sort.Sort(tags)
 	if repoTagsCache != nil {

diff --git a/vulnfeeds/git/repository_test.go b/vulnfeeds/git/repository_test.go
@@ -93,25 +93,25 @@ func TestRepoTags(t *testing.T) {
 				{Tag: "aide.0.14.rc2.release", Commit: "eaa4da81c202affa3000adca5757f2c9a5f81eeb"},
 				{Tag: "aide.0.14.rc3.release", Commit: "e82be89f5e0036cc9d171d260e9c53713bb31b39"},
 				{Tag: "aide.0.14.release", Commit: "727c5677d3c97d49e7b406eb3c3b51e6fc429f21"},
-				{Tag: "aide.0.15.1.release", Commit: "213165495c7cc7209b3aea786ea07e0501045d25"},
-				{Tag: "aide.0.15.rc1.release", Commit: "6e639e18f79ca840673709738fe2b5b7ba842980"},
-				{Tag: "aide.0.15.release", Commit: "95995531cdd9ce0cd043a3f48431ed1751f46cfc"},
+				{Tag: "aide.0.15.1.release", Commit: "3e41f1d1a96645fae661e3bd585d11a8bed0eb2e"},
+				{Tag: "aide.0.15.rc1.release", Commit: "1b7d73f1b689e673bc0fac3f54005db0e0a0b4ab"},
+				{Tag: "aide.0.15.release", Commit: "0d8f5df0e5d3f1047a286fab369ad02aafdc8857"},
 				{Tag: "cs.tut.fi.import", Commit: "2e84254676a6148acd6ab8e7ce1cd9749836a445"},
-				{Tag: "v0.16", Commit: "3730e8f503d94aa29f0128158e7c46986ec227cf"},
-				{Tag: "v0.16.1", Commit: "63331d10348428ae30a378a9399eaa6185de8ef2"},
-				{Tag: "v0.16.2", Commit: "463797d6164997f746b472f451e9cb4bbebf3a05"},
-				{Tag: "v0.16a1", Commit: "25e59edc12a3f8c19745eae04d77a94eb61207db"},
-				{Tag: "v0.16a2", Commit: "121fbe3633b586e0bd91bb7eaa4fecd4dd1b63ba"},
-				{Tag: "v0.16b1", Commit: "e0763affa46f85ab1d8b7ad88a876cf86dc813f7"},
-				{Tag: "v0.16rc1", Commit: "6de8660468429bcdc35d56597aeaa307033d127c"},
-				{Tag: "v0.17", Commit: "33c436580b35e83929e65d069e6ba138339f6cd7"},
-				{Tag: "v0.17.1", Commit: "920fd575144f247439f64debad4400240cefbd4a"},
-				{Tag: "v0.17.2", Commit: "4a3cbc9e25c63402f98172206b8492e34c733dd5"},
-				{Tag: "v0.17.3", Commit: "b1fda5bdd5e74ab7874f5c93fecb35457cc68f78"},
-				{Tag: "v0.17.4", Commit: "49e8faad5e2ed9ab2de54f6858ee223f918abac4"},
-				{Tag: "v0.18", Commit: "8ed48ad5ba180cd3ce30a3c41d42bad3779d9f26"},
-				{Tag: "v0.18.1", Commit: "5ee3529c3014b4238231885b1403faa3e1affb5c"},
-				{Tag: "v0.18.2", Commit: "d5499cbd3bf4ce6183f5ae3ce18e6e153e48ac9b"},
+				{Tag: "v0.16", Commit: "543c3f9f1af0414a52be20d35558f1490bcf559b"},
+				{Tag: "v0.16.1", Commit: "62cf11b455279f2fa4dcc7755f6145b48c1db0a4"},
+				{Tag: "v0.16.2", Commit: "a8a5d67f4abb230df850f7b327b1f373e7ec49cf"},
+				{Tag: "v0.16a1", Commit: "c52f1ca1d4d204ffef05c71e46a0b4195940fd79"},
+				{Tag: "v0.16a2", Commit: "7a460b9191c981134381b965798984580838c2c8"},
+				{Tag: "v0.16b1", Commit: "6be695a9b8b3b64a0d3d2f9a0c92e027f4c462f8"},
+				{Tag: "v0.16rc1", Commit: "7bf821b14d24711f559a8b213f68a5dfefe6345b"},
+				{Tag: "v0.17", Commit: "fcca55970940387efaccdfefd870fd9f4c958c9e"},
+				{Tag: "v0.17.1", Commit: "98322b8a6e00c189e4f9226269dd9d03c04ad610"},
+				{Tag: "v0.17.2", Commit: "35927ea48d3e43a146103733c6459dd66237f4dd"},
+				{Tag: "v0.17.3", Commit: "d4b80a9e5d48494e0003d22d9ce1a8133de0f15e"},
+				{Tag: "v0.17.4", Commit: "f57bbfdd5dad88187913a39c360cf1dd69c28819"},
+				{Tag: "v0.18", Commit: "73078765396b99ac1ce9004d35a1ee5db2fbb6e5"},
+				{Tag: "v0.18.1", Commit: "de5bb24b9b24df7598161a1ce19dc2ce15afa9c6"},
+				{Tag: "v0.18.2", Commit: "3d5b18b9e5e1c51533ac01d8acd3499b2f9fcc2e"},
 			},
 			expectedOk: true,
 		},

diff --git a/vulnfeeds/git/versions_test.go b/vulnfeeds/git/versions_test.go
@@ -21,15 +21,15 @@ func TestVersionToCommit(t *testing.T) {
 			inputRepoURL:   "https://github.com/ARMmbed/mbedtls",
 			cache:          cache,
 			inputVersion:   "3.0.0",
-			expectedResult: "ecf535f6cb70c97beb7c44dceadc14423086ca0d",
+			expectedResult: "8df2f8e7b9c7bb9390ac74bb7bace27edca81a2b",
 			expectedOk:     true,
 		},
 		{
 			description:    "A fuzzy version match",
 			inputRepoURL:   "https://gitlab.com/gitlab-org/gitlab",
 			cache:          cache,
 			inputVersion:   "12.0",
-			expectedResult: "1d73db751369085d05d939c798e7da086646696c",
+			expectedResult: "3b13818e8330f68625d80d9bf5d8049c41fbe197",
 			expectedOk:     true,
 		},
 		{

diff --git a/vulnfeeds/go.mod b/vulnfeeds/go.mod
@@ -5,7 +5,7 @@ go 1.19
 require (
 	cloud.google.com/go/logging v1.7.0
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
-	github.com/go-git/go-git/v5 v5.6.1
+	github.com/go-git/go-git/v5 v5.6.2-0.20230503073907-19b39e150071
 	github.com/google/go-cmp v0.5.9
 	github.com/knqyf263/go-cpe v0.0.0-20201213041631-54f6ab28673f
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29
@@ -18,18 +18,18 @@ require (
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/longrunning v0.3.0 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230417170513-8ee5748c52b5 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
 	github.com/cloudflare/circl v1.1.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/go-git/gcfg v1.5.0 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.4.1 // indirect
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
@@ -39,14 +39,14 @@ require (
 	github.com/skeema/knownhosts v1.1.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.6.0 // indirect
-	golang.org/x/mod v0.7.0 // indirect
-	golang.org/x/net v0.7.0 // indirect
+	golang.org/x/crypto v0.8.0 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/net v0.9.0 // indirect
 	golang.org/x/oauth2 v0.5.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
-	golang.org/x/tools v0.5.0 // indirect
+	golang.org/x/sys v0.7.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/api v0.110.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect

diff --git a/vulnfeeds/go.sum b/vulnfeeds/go.sum
@@ -16,6 +16,8 @@ github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2y
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
+github.com/ProtonMail/go-crypto v0.0.0-20230417170513-8ee5748c52b5 h1:QXMwHM/lB4ZQhdEF7JUTNgYOJR/gWoFbgQ/2Aj1h3Dk=
+github.com/ProtonMail/go-crypto v0.0.0-20230417170513-8ee5748c52b5/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
 github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
@@ -47,13 +49,18 @@ github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
 github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4=
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
 github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
 github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
 github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg=
 github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ=
 github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
+github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo=
 github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
 github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8=
+github.com/go-git/go-git/v5 v5.6.2-0.20230503073907-19b39e150071 h1:gLRpEG4M6ImI5gxDZAVeXZbSb7h4l/6EcDftugTfuFg=
+github.com/go-git/go-git/v5 v5.6.2-0.20230503073907-19b39e150071/go.mod h1:BPUv2yur6Kql8SCeGz/wQc0tkqpvCtEBHix8DrutlAw=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -87,6 +94,8 @@ github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1Yu
 github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
+github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
+github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
@@ -152,6 +161,9 @@ golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
+golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
@@ -162,6 +174,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -178,6 +192,9 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s=
 golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
@@ -208,12 +225,18 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -222,6 +245,9 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -232,6 +258,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
 golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4=
 golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
+golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=