thinkgos / goup-rs Goto Github PK

Please complete the following tasks

• I have searched the open and closed issues

goup version

v0.6.2

Describe your use issue

Improve debug log message, When an error occurs, the log message is not detailed enough.

Now, we have support go install tip, but if I want install a latest release beta version, It feels a bit troublesome. we should first got the version, but how to got it?, then go install [stable|nightly] can resolve this.

Please complete the following tasks

• #51

goup version

v0.5.0

Describe your use case

goup downloads show show all cache archive file
goup downloads clean clean all cache archive

Describe the solution you'd like

Add downloads subcommand

Alternatives, if applicable

No response

Additional Context

No response

implement goup install tip

An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the
generation of reset frames on the victim endpoint.
By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion,
resulting in Out Of Memory (OOM) and high CPU usage.

This fix is corrected in hyperium/h2#737, which limits the total number of
internal error resets emitted by default before the connection is closed.

The libgit2 project fixed three security issues in the 1.7.2 release. These issues are:

• The git_revparse_single function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the git2 crate via the Repository::revparse_single method.
• The git_index_add function may cause heap corruption and possibly lead to arbitrary code execution. This function is exposed in the git2 crate via the Index::add method.
• The smart transport negotiation may experience an out-of-bounds read when a remote server did not advertise capabilities.

The libgit2-sys crate bundles libgit2, or optionally links to a system libgit2 library. In either case, versions of the libgit2 library less than 1.7.2 are vulnerable. The 0.16.2 release of libgit2-sys bundles the fixed version of 1.7.2, and requires a system libgit2 version of at least 1.7.2.

It is recommended that all users upgrade.

we use git command on search, install ... , We depend on the environment git. remove this dependence may be much better.

git crate for git.

• gitoxide: pure rust implementation of Git
• git2-rs: libgit2 bindings for Rust

RT.

An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the
generation of reset frames on the victim endpoint.
By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion,
resulting in Out Of Memory (OOM) and high CPU usage.

This fix is corrected in hyperium/h2#737, which limits the total number of
internal error resets emitted by default before the connection is closed.

we must forbid remove current active version.