fix(deps): update module github.com/kevinburke/ssh_config to v1.5.0

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-13 08:01:19 +08:00 · 2026-02-14 13:34:36 +00:00
parent 09faf78441
commit de35ca847d
10 changed files with 201 additions and 33 deletions
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hugelgupf/p9 v0.3.1-0.20250420164440-abc96d20b308
 	github.com/json-iterator/go v1.1.12
-	github.com/kevinburke/ssh_config v1.4.0
+	github.com/kevinburke/ssh_config v1.5.0
 	github.com/klauspost/pgzip v1.2.6
 	github.com/linuxkit/virtsock v0.0.0-20241009230534-cb6a20cc0422
 	github.com/mattn/go-shellwords v1.0.12
--- a/go.sum
+++ b/go.sum
@@ -211,8 +211,8 @@ github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE
 github.com/joshdk/go-junit v1.0.0/go.mod h1:TiiV0PqkaNfFXjEiyjWM3XXrhVyCa1K4Zfga6W52ung=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/kevinburke/ssh_config v1.4.0 h1:6xxtP5bZ2E4NF5tuQulISpTO2z8XbtH8cg1PWkxoFkQ=
+github.com/kevinburke/ssh_config v1.5.0 h1:3cPZmE54xb5j3G5xQCjSvokqNwU2uW+3ry1+PRLSPpA=
-github.com/kevinburke/ssh_config v1.4.0/go.mod h1:q2RIzfka+BXARoNexmF9gkxEX7DmvbW9P4hIVx2Kg4M=
+github.com/kevinburke/ssh_config v1.5.0/go.mod h1:q2RIzfka+BXARoNexmF9gkxEX7DmvbW9P4hIVx2Kg4M=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.18.3 h1:9PJRvfbmTabkOX8moIpXPbMMbYN60bWImDDU7L+/6zw=
--- a/vendor/github.com/kevinburke/ssh_config/.gitignore
+++ b/vendor/github.com/kevinburke/ssh_config/.gitignore
@@ -0,0 +1 @@
 /coverage.out
--- a/vendor/github.com/kevinburke/ssh_config/AUTHORS.txt
+++ b/vendor/github.com/kevinburke/ssh_config/AUTHORS.txt
@@ -6,5 +6,6 @@ Mark Nevill <nev@improbable.io>
 Scott Lessans <slessans@gmail.com>
 Sergey Lukjanov <me@slukjanov.name>
 Simon Josefsson <simon@josefsson.org>
 sio2boss <sio2boss@users.noreply.github.com>
 Wayne Ashley Berry <wayneashleyberry@gmail.com>
 santosh653 <70637961+santosh653@users.noreply.github.com>
--- a/vendor/github.com/kevinburke/ssh_config/CHANGELOG.md
+++ b/vendor/github.com/kevinburke/ssh_config/CHANGELOG.md
@@ -1,20 +1,34 @@
 # Changes
-## Version 1.4 (released August 2025)
+## Unreleased
 - Implement Match support. Most of the Match spec is implemented, including
 `Match host`, `Match originalhost`, `Match user`, `Match localuser`, and `Match
 all`. `Match exec` is not yet implemented.
 - Add SECURITY.md
 - Add Dependabot configuration
 ## Version 1.4 (released August 19, 2025)
 - Remove .gitattributes file (which was used to test different line endings, and
-caused issues in some build environments).
+caused issues in some build environments). Store tests/dos-lines as CRLF in git
 directly instead.
-## Version 1.3 (released February 2025)
+## Version 1.3 (released February 20, 2025)
 - Add go.mod file (although this project has no dependencies).
 - Various updates to CI and build environment
 - config: add UserSettings.ConfigFinder
-## Version 1.2
+- Various updates to CI and build environment
 ## Version 1.2 (released March 31, 2022)
 - config: add DecodeBytes to directly read a byte array.
 - Strip trailing whitespace from Host declarations and key/value pairs.
 Previously, if a Host declaration or a value had trailing whitespace, that
 whitespace would have been included as part of the value. This led to unexpected
 consequences. For example:
@@ -30,3 +44,5 @@ unintuitive.
 Instead, we strip the trailing whitespace in the configuration, which leads to
 more intuitive behavior.
 - Add fuzz tests.
--- a/vendor/github.com/kevinburke/ssh_config/Makefile
+++ b/vendor/github.com/kevinburke/ssh_config/Makefile
@@ -12,6 +12,10 @@ test:
 race-test:
 	go test -timeout=500ms -race ./...
 coverage:
 	go test -trimpath -timeout=250ms -coverprofile=coverage.out -covermode=atomic ./...
 	go tool cover -func=coverage.out
 $(BUMP_VERSION):
 	go get -u github.com/kevinburke/bump_version
--- a/vendor/github.com/kevinburke/ssh_config/SECURITY.md
+++ b/vendor/github.com/kevinburke/ssh_config/SECURITY.md
@@ -0,0 +1,63 @@
 # ssh_config security policy
 ## Supported Versions
 As of September 2025, we're not aware of any security problems with ssh_config,
 past or present. That said, we recommend always using the latest version of
 ssh_config, and of the Go programming language, to ensure you have the most
 recent security fixes.
 ## Reporting a Vulnerability
 We take security vulnerabilities seriously. If you discover a security vulnerability in ssh_config, please report it responsibly by following these steps:
 ### How to Report
 Please follow the instructions outlined here to report a vulnerability
 privately: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability
 If these are insufficient - it is not hard to find Kevin's contact information
 on the Internet.
 ### What to Include
 When reporting a vulnerability, please include a clear description of the vulnerability, steps to reproduce the issue, the potential impact, as well as any fixes you might have.
 ### Response Timeline
 I'll try to acknowledge and patch the issue as quickly as possible.
 Security advisories for this project will be published through:
 - GitHub Security Advisories on this repository
 - an Issue on this repository
 - The project's release notes
 - Go vulnerability databases
 If you are using `ssh_config` and would like to be on a "pre-release"
 distribution list for coordinating releases, please contact Kevin directly.
 ### Security Considerations
 When using ssh_config, please be aware of these security considerations.
 #### File System Access
 This library reads SSH configuration files from the file system. Try to ensure
 proper file permissions on SSH config files (typically 600 or 644), and be
 cautious when parsing config files from untrusted sources.
 #### Input Validation
 The parser handles user-provided SSH configuration data. While we try our best
 to parse the data appropriately, malformed configuration files could potentially
 cause issues. Please try to validate and sanitize any configuration data from
 external sources.
 #### Dependencies
 This project does not have any third party dependencies. Please try to keep your
 Go version up to date.
 ## Acknowledgments
 We appreciate security researchers and users who responsibly disclose vulnerabilities. Contributors who report valid security issues will be acknowledged in our security advisories (unless they prefer to remain anonymous).
--- a/vendor/github.com/kevinburke/ssh_config/config.go
+++ b/vendor/github.com/kevinburke/ssh_config/config.go
@@ -24,9 +24,6 @@
 //
 //	// Write the cfg back to disk:
 //	fmt.Println(cfg.String())
 //
 // BUG: the Match directive is currently unsupported; parsing a config with
 // a Match directive will trigger an error.
 package ssh_config
 import (
@@ -43,7 +40,7 @@ import (
 	"sync"
 )
-const version = "1.4.0"
+const version = "1.5.0"
 var _ = version
@@ -388,9 +385,6 @@ func (c *Config) Get(alias, key string) (string, error) {
 			case *KV:
 				// "keys are case insensitive" per the spec
 				lkey := strings.ToLower(t.Key)
 				if lkey == "match" {
 					panic("can't handle Match directives")
 				}
 				if lkey == lowerKey {
 					return t.Value, nil
 				}
@@ -423,9 +417,6 @@ func (c *Config) GetAll(alias, key string) ([]string, error) {
 			case *KV:
 				// "keys are case insensitive" per the spec
 				lkey := strings.ToLower(t.Key)
 				if lkey == "match" {
 					panic("can't handle Match directives")
 				}
 				if lkey == lowerKey {
 					all = append(all, t.Value)
 				}
@@ -470,6 +461,9 @@ type Pattern struct {
 // String prints the string representation of the pattern.
 func (p Pattern) String() string {
 	if p.not {
 		return "!" + p.str
 	}
 	return p.str
 }
@@ -528,7 +522,7 @@ func NewPattern(s string) (*Pattern, error) {
 	return &Pattern{str: s, regex: r, not: negated}, nil
 }
-// Host describes a Host directive and the keywords that follow it.
+// Host describes a Host or Match directive and the keywords that follow it.
 type Host struct {
 	// A list of host patterns that should match this host.
 	Patterns []*Pattern
@@ -543,6 +537,11 @@ type Host struct {
 	leadingSpace int // TODO: handle spaces vs tabs here.
 	// The file starts with an implicit "Host *" declaration.
 	implicit bool
 	// isMatch is true if this block was created by a Match directive.
 	isMatch bool
 	// matchKeyword stores the original text after "Match" (e.g. "Host" or
 	// "all") so we can round-trip correctly.
 	matchKeyword string
 }
 // Matches returns true if the Host matches for the given alias. For
@@ -574,17 +573,36 @@ func (h *Host) String() string {
 	//lint:ignore S1002 I prefer to write it this way
 	if h.implicit == false {
 		buf.WriteString(strings.Repeat(" ", int(h.leadingSpace)))
-		buf.WriteString("Host")
+		if h.isMatch {
-		if h.hasEquals {
+			buf.WriteString("Match")
-			buf.WriteString(" = ")
+			if h.hasEquals {
-		} else {
+				buf.WriteString(" = ")
-			buf.WriteString(" ")
+			} else {
 		}
 		for i, pat := range h.Patterns {
 			buf.WriteString(pat.String())
 			if i < len(h.Patterns)-1 {
 				buf.WriteString(" ")
 			}
 			buf.WriteString(h.matchKeyword)
 			if !strings.EqualFold(h.matchKeyword, "all") {
 				buf.WriteString(" ")
 				for i, pat := range h.Patterns {
 					buf.WriteString(pat.String())
 					if i < len(h.Patterns)-1 {
 						buf.WriteString(" ")
 					}
 				}
 			}
 		} else {
 			buf.WriteString("Host")
 			if h.hasEquals {
 				buf.WriteString(" = ")
 			} else {
 				buf.WriteString(" ")
 			}
 			for i, pat := range h.Patterns {
 				buf.WriteString(pat.String())
 				if i < len(h.Patterns)-1 {
 					buf.WriteString(" ")
 				}
 			}
 		}
 		buf.WriteString(h.spaceBeforeComment)
 		if h.EOLComment != "" {
--- a/vendor/github.com/kevinburke/ssh_config/parser.go
+++ b/vendor/github.com/kevinburke/ssh_config/parser.go
@@ -105,9 +105,7 @@ func (p *sshParser) parseKV() sshParserStateFn {
 		comment = tok.val
 	}
 	if strings.ToLower(key.val) == "match" {
-		// https://github.com/kevinburke/ssh_config/issues/6
+		return p.parseMatch(val, hasEquals, comment)
 		p.raiseErrorf(val, "ssh_config: Match directive parsing is unsupported")
 		return nil
 	}
 	if strings.ToLower(key.val) == "host" {
 		strPatterns := strings.Split(val.val, " ")
@@ -165,6 +163,73 @@ func (p *sshParser) parseKV() sshParserStateFn {
 	return p.parseStart
 }
 func (p *sshParser) parseMatch(val *token, hasEquals bool, comment string) sshParserStateFn {
 	// val.val contains everything after "Match ", e.g. "Host *.example.com"
 	// or "all".
 	trimmed := strings.TrimRightFunc(val.val, unicode.IsSpace)
 	spaceBeforeComment := val.val[len(trimmed):]
 	fields := strings.Fields(trimmed)
 	if len(fields) == 0 {
 		p.raiseErrorf(val, "ssh_config: Match directive requires at least one criterion")
 		return nil
 	}
 	criterion := strings.ToLower(fields[0])
 	switch criterion {
 	case "all":
 		// "Match all" is equivalent to "Host *" — matches everything.
 		p.config.Hosts = append(p.config.Hosts, &Host{
 			Patterns:           []*Pattern{matchAll},
 			Nodes:              make([]Node, 0),
 			EOLComment:         comment,
 			spaceBeforeComment: spaceBeforeComment,
 			hasEquals:          hasEquals,
 			isMatch:            true,
 			matchKeyword:       fields[0], // preserve original case
 		})
 		return p.parseStart
 	case "host":
 		patterns := make([]*Pattern, 0)
 		for _, s := range fields[1:] {
 			if s == "" {
 				continue
 			}
 			pat, err := NewPattern(s)
 			if err != nil {
 				p.raiseErrorf(val, fmt.Sprintf("Invalid host pattern: %v", err))
 				return nil
 			}
 			patterns = append(patterns, pat)
 		}
 		if len(patterns) == 0 {
 			p.raiseErrorf(val, "ssh_config: Match Host requires at least one pattern")
 			return nil
 		}
 		p.config.Hosts = append(p.config.Hosts, &Host{
 			Patterns:           patterns,
 			Nodes:              make([]Node, 0),
 			EOLComment:         comment,
 			spaceBeforeComment: spaceBeforeComment,
 			hasEquals:          hasEquals,
 			isMatch:            true,
 			matchKeyword:       fields[0], // preserve original case
 		})
 		return p.parseStart
 	case "exec":
 		// Match Exec runs arbitrary commands. Supporting it would allow
 		// untrusted SSH config files to execute code on the parsing
 		// machine. Reject it explicitly.
 		p.raiseErrorf(val, "ssh_config: Match Exec is not supported")
 		return nil
 	default:
 		p.raiseErrorf(val, fmt.Sprintf("ssh_config: unsupported Match criterion %q", criterion))
 		return nil
 	}
 }
 func (p *sshParser) parseComment() sshParserStateFn {
 	comment := p.getToken()
 	lastHost := p.config.Hosts[len(p.config.Hosts)-1]
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -389,7 +389,7 @@ github.com/jinzhu/copier
 # github.com/json-iterator/go v1.1.12
 ## explicit; go 1.12
 github.com/json-iterator/go
-# github.com/kevinburke/ssh_config v1.4.0
+# github.com/kevinburke/ssh_config v1.5.0
 ## explicit; go 1.18
 github.com/kevinburke/ssh_config
 # github.com/klauspost/compress v1.18.3