From 05452679338304064949429e2fe3535d5d252ac5 Mon Sep 17 00:00:00 2001 From: Michael Guarino Date: Sun, 3 May 2026 03:49:16 +0000 Subject: [PATCH] Remove git-urls dependency by inlining URL parsing functionality This change eliminates the external git-urls dependency by replacing its usage with Go's standard library net/url package. The git-urls package was only used for two simple URL parsing operations: 1. Extracting the path component from HTTP(S) git URLs 2. Extracting the username from various git URL formats (SCP-style, SSH, HTTPS) Changes: - Replaced giturls.Parse() calls with url.Parse() from standard library - Updated getGitUsername() to handle URL parsing with proper fallback logic - Removed github.com/whilp/git-urls from go.mod and go.sum - All existing tests pass with the new implementation This reduces the dependency footprint and eliminates a potential security vulnerability vector. --- go.mod | 1 - go.sum | 2 -- pkg/up/context.go | 26 +++++++++++++++++--------- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 2e4e8cd7..31c37538 100644 --- a/go.mod +++ b/go.mod @@ -50,7 +50,6 @@ require ( github.com/posthog/posthog-go v1.4.10 github.com/samber/lo v1.52.0 github.com/urfave/cli v1.22.16 - github.com/whilp/git-urls v1.0.0 github.com/yuin/gopher-lua v1.1.1 gitlab.com/gitlab-org/api/client-go v0.128.0 golang.org/x/crypto v0.48.0 diff --git a/go.sum b/go.sum index 31496a62..1fccb76b 100644 --- a/go.sum +++ b/go.sum @@ -740,8 +740,6 @@ github.com/vmihailenco/msgpack/v4 v4.3.13 h1:A2wsiTbvp63ilDaWmsk2wjx6xZdxQOvpiNl github.com/vmihailenco/msgpack/v4 v4.3.13/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.2 h1:gnjoVuB/kljJ5wICEEOpx98oXMWPLj22G67Vbd1qPqc= github.com/vmihailenco/tagparser v0.1.2/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= -github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= -github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= diff --git a/pkg/up/context.go b/pkg/up/context.go index bf32f61b..2cef3913 100644 --- a/pkg/up/context.go +++ b/pkg/up/context.go @@ -2,6 +2,7 @@ package up import ( "fmt" + "net/url" "os" "path/filepath" "regexp" @@ -18,7 +19,6 @@ import ( "github.com/pluralsh/plural-cli/pkg/utils/git" "github.com/mitchellh/go-homedir" - giturls "github.com/whilp/git-urls" ) type Context struct { @@ -48,7 +48,7 @@ func (c *Context) identifier() string { } if strings.HasPrefix(c.RepoUrl, "http") { - parsed, err := giturls.Parse(c.RepoUrl) + parsed, err := url.Parse(c.RepoUrl) if err == nil { return strings.TrimSuffix(strings.TrimPrefix(parsed.Path, "/"), ".git") } @@ -274,18 +274,26 @@ var ( scpSyntax = regexp.MustCompile(`^([a-zA-Z0-9-._~]+@)?([a-zA-Z0-9._-]+):([a-zA-Z0-9./._-]+)(?:\?||$)(.*)$`) ) -func getGitUsername(url string) string { - match := scpSyntax.FindAllStringSubmatch(url, -1) +func getGitUsername(gitURL string) string { + // Try SCP-like syntax first (e.g., git@github.com:user/repo.git) + match := scpSyntax.FindAllStringSubmatch(gitURL, -1) if len(match) > 0 { if match[0][1] != "" { return strings.TrimRight(match[0][1], "@") } } - uname := "git" - parsedUrl, err := giturls.Parse(url) - if err == nil { - uname = parsedUrl.User.Username() + // Try parsing as a standard URL (HTTP/HTTPS/SSH) + parsedURL, err := url.Parse(gitURL) + if err == nil && parsedURL.User != nil { + return parsedURL.User.Username() } - return uname + + // For ssh:// URLs without explicit user or unparseable URLs, default to "git" + if err == nil && parsedURL.Scheme == "ssh" { + return "git" + } + + // For other URLs (HTTPS without user), return empty string + return "" }