From 37a61ffc06588fb743137b7c14d2daf10b3fd3a6 Mon Sep 17 00:00:00 2001 From: Jason Lynch Date: Wed, 3 Jun 2026 12:23:03 -0400 Subject: [PATCH] chore: add replace directives for mergo in go.mod The domain registration for dario.cat has expired, which has broken our licenses check and breaks build anywhere that doesn't have this module cached. There's a potential security risk if the author does not re-register this domain because a malicious party could capture this domain and redirect to a modified copy of the module. Luckily, this is just a vanity URL, and the module is hosted on GitHub. This commit fixes the issue by adding `replace` directives to our go.mod file. Note that we will need to manually keep the replaced version in sync with our dependencies. --- NOTICE.txt | 2 +- go.mod | 2 ++ go.sum | 4 ++-- server/internal/resource/migrations/schematool/go.mod | 2 ++ server/internal/resource/migrations/schematool/go.sum | 4 ++-- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/NOTICE.txt b/NOTICE.txt index c49cbcff..7d0d6c6d 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -33,7 +33,7 @@ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND * Name: dario.cat/mergo * Version: v1.0.0 -* License: [BSD-3-Clause](https://github.com/imdario/mergo/blob/v1.0.0/LICENSE) +* License: [BSD-3-Clause](https://github.com/darccio/mergo/blob/v1.0.0/LICENSE) ``` Copyright (c) 2013 Dario Castañé. All rights reserved. diff --git a/go.mod b/go.mod index c68b3380..72757134 100644 --- a/go.mod +++ b/go.mod @@ -170,3 +170,5 @@ require ( sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) + +replace dario.cat/mergo => github.com/darccio/mergo v1.0.0 diff --git a/go.sum b/go.sum index dfa907b2..dc59ccb2 100644 --- a/go.sum +++ b/go.sum @@ -35,8 +35,6 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= -dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= @@ -88,6 +86,8 @@ github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cschleiden/go-workflows v0.19.0 h1:1QknNvYNr6ka4/8dynlyRfKlG4BS+bp8kjsdve5vmgA= github.com/cschleiden/go-workflows v0.19.0/go.mod h1:ks4nRGXcsCi7U6mM05IbegGgdH4+jAKI0+ia+BAudxw= +github.com/darccio/mergo v1.0.0 h1:9cSphKp/vo3csUpjKKLqx27JWJqapldVYmYVYqq5ZLQ= +github.com/darccio/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/server/internal/resource/migrations/schematool/go.mod b/server/internal/resource/migrations/schematool/go.mod index 44bb868e..b44c8b5d 100644 --- a/server/internal/resource/migrations/schematool/go.mod +++ b/server/internal/resource/migrations/schematool/go.mod @@ -28,3 +28,5 @@ require ( golang.org/x/sys v0.42.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect ) + +replace dario.cat/mergo => github.com/darccio/mergo v1.0.2 diff --git a/server/internal/resource/migrations/schematool/go.sum b/server/internal/resource/migrations/schematool/go.sum index 120da7a8..dc134951 100644 --- a/server/internal/resource/migrations/schematool/go.sum +++ b/server/internal/resource/migrations/schematool/go.sum @@ -1,5 +1,3 @@ -dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= -dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= @@ -13,6 +11,8 @@ github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4= github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE= github.com/cyphar/filepath-securejoin v0.6.1/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= +github.com/darccio/mergo v1.0.2 h1:LJqV0GD/o8kMWAWN4XCVj1g5A+b4Nxr845y7iRNK3iY= +github.com/darccio/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=