a

[FuzzysTodd]

Fixes: #nnn
Related: Relevant tracking issues, for context
Merge before/after: Dependent or prerequisite PRs

Description

User facing changes (remove if N/A)

Follow-up Work (remove if N/A)

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[FuzzysTodd]

@copilot

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request primarily focuses on upgrading core dependencies and introducing new cryptographic features. It updates the Go language version and numerous libraries to their latest stable releases, ensuring the project benefits from recent improvements and security patches. A major part of the changes involves integrating advanced OpenPGP features, enhancing the security and robustness of cryptographic operations. Additionally, filesystem interaction utilities have been modernized for improved safety and reliability.

Highlights

• Go Version Update: The Go language version has been updated from 1.19/1.20 to 1.24.0 across various modules, including the main project, examples, and hack/tools.
• Dependency Updates: Numerous Go and Ruby dependencies have been updated to their latest versions, ensuring compatibility and incorporating the latest features and bug fixes. Key updates include google.golang.org/grpc to v1.77.0, github.com/moby/buildkit to v0.12.5, and github.com/stretchr/testify to v1.10.0.
• Cloud Spanner Metadata Client Enhancements: The cloud.google.com/go/compute/metadata client has been updated to v0.3.0, introducing context-aware functions for metadata retrieval and deprecating older non-context-aware methods. This improves API consistency and allows for better cancellation and timeouts.
• OpenPGP Crypto Refresh (V6 Keys & AEAD): Significant updates to the ProtonMail/go-crypto library introduce support for OpenPGP Crypto Refresh (V6 keys) and Authenticated Encryption with Associated Data (AEAD) for private key encryption. This includes new key algorithms (Ed25519, Ed448, X25519, X448), updated packet parsing, and enhanced security features like Argon2 S2K and non-deterministic signatures.
• Filepath SecureJoin Modernization: The cyphar/filepath-securejoin dependency has been updated, incorporating new APIs for safer filesystem operations on Linux. This includes MkdirAllHandle, OpenatInRoot, and Reopen functions, designed to mitigate symlink-related escape attacks and improve robustness against malicious filesystem modifications.
• Go-Git Library Improvements: The go-git library has received several enhancements, including support for partial clones with object filters, improved blame functionality, and a new Merge command with fast-forward strategy. Commit signing now supports a generic Signer interface, and various internal optimizations and bug fixes have been applied.
• New Circom Template: A new Circom template named RLN has been added, incorporating advanced cryptographic primitives like Poseidon hashing, Merkle Tree Inclusion Proofs, and Range Checks. This template is likely intended for zero-knowledge proof applications or privacy-preserving protocols.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• COBRA BITCOIN
  • Added a new Circom template named RLN for zero-knowledge proof applications.
• examples/grpc-e2e-tests/cloud-spanner-bootstrap/go.mod
  • Updated Go version to 1.24.0.
  • Updated google.golang.org/grpc to v1.77.0.
  • Updated various indirect dependencies.
• examples/grpc-e2e-tests/cloud-spanner-bootstrap/go.sum
  • Updated dependency checksums.
• examples/grpc-e2e-tests/service/go.mod
  • Updated Go version to 1.24.0.
  • Updated github.com/golang/protobuf to v1.5.4.
  • Updated google.golang.org/grpc to v1.77.0.
  • Updated various indirect dependencies.
• examples/grpc-e2e-tests/service/go.sum
  • Updated dependency checksums.
• examples/ruby/backend/Gemfile.lock
  • Updated nio4r to 2.7.5.
  • Updated puma to 5.6.9.
  • Updated rack to 2.2.20.
• go.mod
  • Updated Go version to 1.24.0.
  • Updated direct and indirect Go dependencies.
• go.sum
  • Updated dependency checksums.
• hack/tools/go.mod
  • Updated Go version to 1.24.0.
  • Removed github.com/golang/protobuf v1.2.0 // indirect.
  • Updated indirect dependencies.
• hack/tools/go.sum
  • Updated dependency checksums.
• integration/examples/grpc-e2e-tests/cloud-spanner-bootstrap/go.mod
  • Updated Go version and dependencies.
• integration/examples/grpc-e2e-tests/cloud-spanner-bootstrap/go.sum
  • Updated dependency checksums.
• integration/examples/grpc-e2e-tests/service/go.mod
  • Updated Go version and dependencies.
• integration/examples/grpc-e2e-tests/service/go.sum
  • Updated dependency checksums.
• integration/examples/ruby/backend/Gemfile.lock
  • Updated Ruby gem versions.
• vendor/cloud.google.com/go/compute/metadata/CHANGES.md
  • Added changelog entry for v0.3.0, detailing context-aware functions.
• vendor/cloud.google.com/go/compute/metadata/metadata.go
  • Refactored metadata retrieval functions to be context-aware.
  • Deprecated non-context-aware Get and Subscribe functions.
  • Updated io/ioutil to io for file operations.
• vendor/cloud.google.com/go/compute/metadata/retry.go
  • Modified syscallRetryable function signature.
• vendor/github.com/ProtonMail/go-crypto/ocb/ocb.go
  • Reordered imports and optimized Ktop variable declaration.
• vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go
  • Removed CRC24 checksum validation logic and updated related comments.
• vendor/github.com/ProtonMail/go-crypto/openpgp/armor/encode.go
  • Added CRC24 checksum calculation and EncodeWithChecksumOption for flexible checksum inclusion.
• vendor/github.com/ProtonMail/go-crypto/openpgp/canonical_text.go
  • Added error handling for cw.Write calls.
• vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/ecdh.go
  • Removed fingerprint length restriction in KDF parameter building.
• vendor/github.com/ProtonMail/go-crypto/openpgp/ed25519/ed25519.go
  • Added new file implementing Ed25519 signature algorithm for OpenPGP.
• vendor/github.com/ProtonMail/go-crypto/openpgp/ed448/ed448.go
  • Added new file implementing Ed448 signature algorithm for OpenPGP.
• vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
  • Introduced new error types for decryption, signature, and packet handling.
  • Added HandleSensitiveParsingError for oracle attack mitigation.
• vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go
  • Updated KeySize function to include TripleDES with AES192.
• vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve_info.go
  • Added Curve25519GenName constant and updated curve definitions.
• vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go
  • Improved getEd25519Sk to handle private key capacity and public key appending.
• vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed448.go
  • Improved getEd448Sk to handle private key capacity and public key appending.
• vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
  • Added error handling for generateKeyPairBytes in Encaps.
• vendor/github.com/ProtonMail/go-crypto/openpgp/key_generation.go
  • Integrated new key types (Ed25519, Ed448, X25519, X448) for key generation.
  • Added V6 key support and compatibility checks for deprecated OIDs.
• vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go
  • Enhanced Entity structure with SelfSignature and Signatures for V6 keys.
  • Updated key lookup and serialization logic to support V6 direct key signatures.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_crypter.go
  • Refined AEAD decryption logic to handle empty cipher chunks and improved error handling for tag verification.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/compressed.go
  • Introduced decompressionReader to ensure full consumption of compressed packets.
  • Updated decompression logic for flate, zlib, and bzip2.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
  • Added extensive configuration options for V6 keys, algorithm rejection, and signature randomization.
  • Introduced V5Disabled flag and accessor methods for new configuration fields.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config_v5.go
  • Added new file to disable V5 parsing by default.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/encrypted_key.go
  • Extended EncryptedKey to support V6 PKESK packets, X25519/X448 algorithms, and AEAD encryption.
  • Deprecated old SerializeEncryptedKey functions.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/literal.go
  • Adjusted default format for SerializeLiteral.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/marker.go
  • Added new file implementing the OpenPGP Marker packet.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/one_pass_signature.go
  • Updated OnePassSignature to support V6 OPS packets, including salt and key fingerprint fields.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go
  • Updated OpaquePacket parsing to use io.ReadAll.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet.go
  • Introduced new packet types (Marker, Trust, Padding) and updated Read function.
  • Added ReadWithCheck for strict packet sequence validation.
  • Expanded PublicKeyAlgorithm and SignatureType constants.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_sequence.go
  • Added new file implementing a pushdown automata for OpenPGP packet sequence verification.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_unsupported.go
  • Added new file defining UnsupportedPacket struct.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/padding.go
  • Added new file implementing the OpenPGP Padding packet.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go
  • Extended PrivateKey to support V6 keys, AEAD S2K, and new key algorithms (X25519, X448, Ed25519, Ed448).
  • Implemented HKDF for key derivation in AEAD S2K.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
  • Updated PublicKey to support V6 keys and new key algorithms (X25519, X448, Ed25519, Ed448).
  • Enhanced signature verification with VerifyHashTag and V6 compatibility checks.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/recipient.go
  • Added new file implementing the Intended Recipient Fingerprint subpacket.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
  • Updated Signature to support V6 signatures, including salt and new key algorithms (Ed25519, Ed448).
  • Added PrepareSign, SetSalt, PrepareVerify methods for robust signature handling.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go
  • Updated SymmetricKeyEncrypted to support V5/V6 SKESK packets and AEAD mode.
  • Implemented HKDF for key derivation in AEAD S2K.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
  • Updated SerializeSymmetricallyEncrypted to support SEIPDv2 with AEAD.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
  • Improved AEAD parsing and decryption with error handling for invalid ciphers and session key lengths.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_mdc.go
  • Changed MDC error type to ErrMDCHashMismatch and updated serializeSymmetricallyEncryptedMdc to use io.ReadFull.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go
  • Updated UserAttribute parsing to use io.ReadAll.
• vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userid.go
  • Updated UserId parsing to use io.ReadAll.
• vendor/github.com/ProtonMail/go-crypto/openpgp/read.go
  • Added SignedByFingerprint to MessageDetails.
  • Updated FindKey to include X25519/X448 algorithms.
  • Enhanced error handling for sensitive parsing and signature verification.
• vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go
  • Updated encodeMemory comment and Generate function for S2K parameters.
  • Added Mode method to Params and validateArgon2Params function.
• vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_cache.go
  • Updated comment for GetOrComputeDerivedKey.
• vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_config.go
  • Updated comments for Argon2Config.Memory and EncodedMemory.
• vendor/github.com/ProtonMail/go-crypto/openpgp/write.go
  • Modified detachSign to use sig.PrepareSign and wrapHashForSignature.
  • Updated writeAndSign to handle V6 OPS packets.
  • Modified encrypt to use aeadCipherSuite.Cipher.KeySize() and packet.SerializeEncryptedKeyAEAD.
• vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go
  • Added new file implementing X25519 key exchange for OpenPGP.
• vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go
  • Added new file implementing X448 key exchange for OpenPGP.
• vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
  • Corrected comment in twistCurve.
• vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
  • Added turbo parameter to KeccakF1600 for 12-round variant.
• vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
  • Added turbo field to State and IsAbsorbing method.
• vendor/github.com/cloudflare/circl/internal/sha3/shake.go
  • Added TurboSHAKE functions (NewTurboShake128, NewTurboShake256, TurboShakeSum128, TurboShakeSum256, SwitchDS).
• vendor/github.com/cloudflare/circl/math/primes.go
  • Added new file with IsSafePrime and SafePrime functions.
• vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
  • Corrected comment in package documentation.
• vendor/github.com/cyphar/filepath-securejoin/.golangci.yml
  • Added new file for golangci-lint configuration.
• vendor/github.com/cyphar/filepath-securejoin/CHANGELOG.md
  • Added new file containing changelog entries.
• vendor/github.com/cyphar/filepath-securejoin/COPYING.md
  • Added new file containing licensing information.
• vendor/github.com/cyphar/filepath-securejoin/LICENSE.BSD
  • Updated copyright year.
• vendor/github.com/cyphar/filepath-securejoin/LICENSE.MPL-2.0
  • Added new file containing MPL-2.0 license text.
• vendor/github.com/cyphar/filepath-securejoin/README.md
  • Updated README to reflect new API, deprecation of old API, and licensing information.
• vendor/github.com/cyphar/filepath-securejoin/VERSION
  • Updated version to 0.5.1.
• vendor/github.com/cyphar/filepath-securejoin/codecov.yml
  • Added new file for Codecov configuration.
• vendor/github.com/cyphar/filepath-securejoin/deprecated_linux.go
  • Added new file with deprecated wrappers for pathrs-lite functions.
• vendor/github.com/cyphar/filepath-securejoin/doc.go
  • Added new file with package documentation.
• vendor/github.com/cyphar/filepath-securejoin/internal/consts/consts.go
  • Added new file defining MaxSymlinkLimit.
• vendor/github.com/cyphar/filepath-securejoin/join.go
  • Modified SecureJoinVFS to check for unsafe root paths and handle Windows volume names.
  • Updated comments for SecureJoinVFS.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md
  • Added new file with README for pathrs-lite.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go
  • Added new file with package documentation.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert/assert.go
  • Added new file with assertion helpers.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors_linux.go
  • Added new file defining internal error types.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/at_linux.go
  • Added new file with Fd-based wrappers for unix.Openat, unix.Fstatat, unix.Faccessat, unix.Readlinkat, and unix.Statx.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd.go
  • Added new file defining Fd interface and NopCloser function.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd_linux.go
  • Added new file with Fd-based wrappers for unix.Fstat, unix.Fstatfs, Dup, DupWithName, and IsDeadInode.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/mount_linux.go
  • Added new file with Fd-based wrappers for unix.Fsopen, unix.Fsmount, and unix.OpenTree.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go
  • Added new file with Fd-based wrapper for unix.Openat2.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/README.md
  • Added new file with README for gocompat.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/doc.go
  • Added new file with package documentation.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_go120.go
  • Added new file with WrapBaseError for Go 1.20+.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_unsupported.go
  • Added new file with WrapBaseError for pre-Go 1.20.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_go121.go
  • Added new file with Go 1.21+ generic compatibility shims.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_unsupported.go
  • Added new file with pre-Go 1.21 generic compatibility shims.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion/kernel_linux.go
  • Added new file with kernel version parsing and comparison utilities.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/doc.go
  • Added new file with package documentation.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/mount_linux.go
  • Added new file with HasNewMountAPI function.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go
  • Added new file with HasOpenat2 function.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_linux.go
  • Added new file with safe procfs API.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_lookup_linux.go
  • Added new file with procfs lookup logic.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/lookup_linux.go
  • Added new file with lookup functions.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_linux.go
  • Added new file with MkdirAllHandle and MkdirAll functions.
• vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_linux.go
  • Added new file with OpenatInRoot, OpenInRoot, and Reopen functions.
• vendor/github.com/go-git/go-billy/v5/Makefile
  • Added WASIRUN_WRAPPER and wasitest target.
• vendor/github.com/go-git/go-billy/v5/fs.go
  • Added io.WriterAt TODO comment.
• vendor/github.com/go-git/go-billy/v5/memfs/memory.go
  • Modified New to create root directory.
  • Modified OpenFile to handle symlink resolution.
  • Modified ReadDir to handle symlink resolution and non-existent paths.
  • Modified Symlink to use Lstat and errors.Is.
  • Modified file.Read to use errors.Is.
  • Added file.WriteAt function.
  • Modified file.Write to call WriteAt.
• vendor/github.com/go-git/go-billy/v5/memfs/storage.go
  • Used strings.HasPrefix in Rename.
• vendor/github.com/go-git/go-billy/v5/osfs/os_bound.go
  • Modified insideBaseDirEval to handle root directory and return os.ErrNotExist.
• vendor/github.com/go-git/go-billy/v5/osfs/os_posix.go
  • Updated build tags to include !wasm.
• vendor/github.com/go-git/go-billy/v5/osfs/os_wasip1.go
  • Added new file with WASI-specific OS functions.
• vendor/github.com/go-git/go-billy/v5/util/util.go
  • Modified removeAll to use errors.Is.
  • Modified WriteFile to use errors.Is and defer f.Close().
  • Modified TempFile and TempDir to use errors.Is.
  • Modified ReadFile to use errors.Is.
• vendor/github.com/go-git/go-git/v5/COMPATIBILITY.md
  • Updated clone SSH example, added sparse-checkout, and updated merge status.
• vendor/github.com/go-git/go-git/v5/CONTRIBUTING.md
  • Added "Branches" section.
• vendor/github.com/go-git/go-git/v5/Makefile
  • Added test-sha256 target.
• vendor/github.com/go-git/go-git/v5/blame.go
  • Simplified if finished == true to if finished, and updated switch statements.
• vendor/github.com/go-git/go-git/v5/config/config.go
  • Added pushurlKey constant and included pushurlKey in RemoteConfig.URLs.
• vendor/github.com/go-git/go-git/v5/internal/revision/scanner.go
  • Added maxRevisionLength constant and used io.LimitReader in newScanner.
• vendor/github.com/go-git/go-git/v5/options.go
  • Added MergeOptions and MergeStrategy structs/constants.
  • Updated CheckoutOptions comment for Hash.
  • Added Prune field to FetchOptions.
  • Added Files field to ResetOptions.
  • Added SkipStatus field to AddOptions.
  • Added Signer field to CommitOptions.
  • Added RestoreOptions struct and ErrNoRestorePaths variable.
• vendor/github.com/go-git/go-git/v5/plumbing/format/gitignore/dir.go
  • Added logic to skip adding patterns for ignored directories in ReadPatterns.
  • Updated comment for LoadGlobalPatterns and LoadSystemPatterns.
• vendor/github.com/go-git/go-git/v5/plumbing/format/index/decoder.go
  • Updated ErrUnknownExtension message.
  • Modified NewDecoder to use bufio.NewReader.
  • Modified readExtensions to use d.buf.Peek and d.readExtension.
  • Modified readExtension to handle optional extensions and unknown extension types.
  • Modified readChecksum to remove alreadyRead parameter.
• vendor/github.com/go-git/go-git/v5/plumbing/format/index/encoder.go
  • Updated EncodeVersionSupported to 4.
  • Modified Encode to call encode with footer parameter.
  • Added encode function.
  • Modified encodeEntries to call encodeEntry with idx parameter.
  • Modified encodeEntry to use idx.Version for encoding entry name.
  • Added encodeEntryNameV4 function.
  • Added encodeRawExtension function.
  • Modified padEntry to handle idx.Version.
• vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/delta_index.go
  • Simplified findMatch logic.
• vendor/github.com/go-git/go-git/v5/plumbing/format/packfile/patch_delta.go
  • Added maxPatchPreemptionSize and minDeltaSize constants.
  • Modified PatchDelta to check len(src) and len(delta).
  • Modified patchDelta to use min and maxPatchPreemptionSize for dst.Grow.
  • Modified decodeLEB128 to handle empty input.
• vendor/github.com/go-git/go-git/v5/plumbing/format/pktline/scanner.go
  • Added case b >= 'A' && b <= 'F' to asciiHexToByte.
• vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go
  • Updated defaultUtf8CommitMesageEncoding to defaultUtf8CommitMessageEncoding and used it consistently.
• vendor/github.com/go-git/go-git/v5/plumbing/object/commit_walker_path.go
  • Added parentTree and currentTree declarations, and updated hasFileChange logic.
• vendor/github.com/go-git/go-git/v5/plumbing/object/patch.go
  • Updated printStat to use uint for calculations and strconv.Itoa for string conversion.
• vendor/github.com/go-git/go-git/v5/plumbing/object/signature.go
  • Added x509SignatureFormat for -----BEGIN SIGNED MESSAGE-----.
• vendor/github.com/go-git/go-git/v5/plumbing/object/tree.go
  • Added sort import.
  • Added ErrEntriesNotSorted variable.
  • Added TreeEntrySorter type and its methods.
  • Modified Encode to check if entries are sorted and handle null bytes in filenames.
  • Modified newChildNode to store file.Size() and file.Mode().
  • Added calculateHash method to node.
  • Modified doCalculateHashForRegular and doCalculateHashForSymlink to use n.size and n.path.
• vendor/github.com/go-git/go-git/v5/plumbing/object/treenoder.go
  • Modified Children to store and return t.children.
• vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/filter.go
  • Added new file defining Filter types for partial clone.
• vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/sideband/demux.go
  • Changed return nil, nil to return nil, io.EOF for empty content.
• vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/srvresp.go
  • Added check for sp+41 > len(line) in decodeACKLine.
• vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/ulreq.go
  • Added Filter field to UploadRequest.
• vendor/github.com/go-git/go-git/v5/plumbing/protocol/packp/ulreq_encode.go
  • Added encodeFilter state function to encode Filter in upload request.
• vendor/github.com/go-git/go-git/v5/plumbing/reference.go
  • Modified Validate to check strings.HasPrefix(part, "-") only for i == 2.
• vendor/github.com/go-git/go-git/v5/plumbing/transport/common.go
  • Used filepath.Abs in parseFile.
• vendor/github.com/go-git/go-git/v5/plumbing/transport/file/client.go
  • Added runtime import and adjustPathForWindows function to handle Windows paths.
• vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go
  • Renamed c to client and m to mutex in client struct, and used them consistently.
• vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go
  • Renamed c.m to c.mutex in addTransport, removeTransport, and fetchTransport.
• vendor/github.com/go-git/go-git/v5/plumbing/transport/server/loader.go
  • Modified Load to check for bare repository or .git directory.
• vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go
  • Modified NewKnownHostsCallback to use newKnownHostsDb and knownhosts.NewDB.
• vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go
  • Removed knownhosts import. Modified Command to check for error from setAuth. Modified connect to use newKnownHostsDb and db.HostKeyCallback()/db.HostKeyAlgorithms().
• vendor/github.com/go-git/go-git/v5/remote.go
  • Modified PushContext to use r.c.URLs[len(r.c.URLs)-1] for o.RemoteURL.
  • Added pruneRemotes function.
  • Modified fetch to call pruneRemotes and check updatedPrune.
  • Modified getHavesFromRef to ignore error if not a commit.
  • Modified isFastForward comment.
• vendor/github.com/go-git/go-git/v5/repository.go
  • Added ErrUnsupportedMergeStrategy and ErrFastForwardMergeNotPossible variables.
  • Added Merge function.
  • Modified createNewObjectPack comment.
• vendor/github.com/go-git/go-git/v5/signer.go
  • Added new file defining Signer interface and signObject function.
• vendor/github.com/go-git/go-git/v5/status.go
  • Added ErrUnsupportedStatusStrategy variable.
  • Added StatusOptions struct.
  • Modified Status to call StatusWithOptions.
  • Added StatusWithOptions function.
  • Modified status to use ss.new(w).
  • Added StatusStrategy type and constants.
  • Added preloadStatus function.
• vendor/github.com/go-git/go-git/v5/storage/filesystem/dotgit/dotgit.go
  • Added ErrEmptyRefFile variable.
  • Modified objectPacks comment.
  • Modified checkReferenceAndTruncate to handle ErrEmptyRefFile and packedRef.
  • Modified Refs to call addRefFromHEAD first.
• vendor/github.com/go-git/go-git/v5/storage/filesystem/index.go
  • Modified Index to use index.NewDecoder(f).
• vendor/github.com/go-git/go-git/v5/storage/filesystem/object.go
  • Modified getFromUnpacked to put obj into cache after io.CopyBuffer.
• vendor/github.com/go-git/go-git/v5/submodule.go
  • Modified update and doRecursiveUpdate to accept ctx context.Context.
• vendor/github.com/go-git/go-git/v5/utils/merkletrie/change.go
  • Added ErrEmptyFileName variable and checked for it in addRecursive.
• vendor/github.com/go-git/go-git/v5/utils/merkletrie/difftree.go
  • Corrected comment from "bellow" to "below".
• vendor/github.com/go-git/go-git/v5/utils/merkletrie/filesystem/node.go
  • Added mode and size fields to node struct.
  • Added calculateHash method to node.
  • Modified newChildNode to store file.Size() and file.Mode().
  • Modified doCalculateHashForRegular and doCalculateHashForSymlink to use n.size and n.path.
• vendor/github.com/go-git/go-git/v5/utils/sync/bufio.go
  • Updated comment for GetBufioReader.
• vendor/github.com/go-git/go-git/v5/utils/sync/bytes.go
  • Updated comment for GetBytesBuffer.
• vendor/github.com/go-git/go-git/v5/utils/sync/zlib.go
  • Updated comments for GetZlibReader and GetZlibWriter.
• vendor/github.com/go-git/go-git/v5/worktree.go
  • Added ErrRestoreWorktreeOnlyNotSupported variable.
  • Modified PullContext and updateSubmodules to accept ctx context.Context.
  • Modified getCommitFromCheckoutOptions to handle opts.Hash and b.Name().IsTag().
  • Modified ResetSparsely to call resetIndex and resetWorktree with opts.Files.
  • Added Restore function.
  • Modified resetIndex to use files parameter and inFiles.
  • Added inFiles function.
  • Modified resetWorktree to use files parameter.
  • Modified validPath to check len(parts) == 0.
  • Modified checkoutChangeRegularFile to call addIndexFromFile with f.Mode.
  • Modified addIndexFromFile to accept mode filemode.FileMode.
• vendor/github.com/go-git/go-git/v5/worktree_commit.go
  • Added invalidCharactersRe variable.
  • Modified Commit to handle opts.Amend and opts.Parents.
  • Modified buildCommitObject to sanitize Author and Committer and use signer.
  • Added sanitize function.
  • Removed buildCommitSignature function.
  • Added gpgSigner struct and its Sign method.
  • Modified BuildTree to remove empty commit check.
• vendor/github.com/go-git/go-git/v5/worktree_linux.go
  • Added go:build linux tag and removed isSymlinkWindowsNonAdmin function.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request primarily consists of a large number of dependency updates across various go.mod and go.sum files, as well as a Gemfile.lock. The Go version is also bumped to 1.24.0.
Beyond dependency management, there are significant updates to vendored libraries, notably github.com/ProtonMail/go-crypto and github.com/go-git/go-git.
The changes in go-crypto introduce support for modern cryptographic algorithms and OpenPGP v6 keys, including new formats for encrypted keys and signatures. This involves substantial refactoring to accommodate these new features, such as making CRC checksums optional in armored data and adding context propagation.
The updates to go-git include correctness fixes, performance optimizations, and new features like git restore functionality, improved worktree status strategies, and support for partial clones via filters. There are also several security and robustness improvements, such as sanitizing author information in commits and more careful handling of file paths and system calls.
A significant addition is the pathrs-lite package within the vendored filepath-securejoin library, which provides safer, race-free alternatives for filesystem operations on Linux, inspired by libpathrs.
Overall, the changes appear to be a mix of routine maintenance, feature enhancements, and correctness/security improvements. The new features are substantial and seem to be implemented correctly.