feat: [AH-2806]: fix vulnerabilities (#171)

* 58defe feat: [AH-2806]: fix vulnerabilities

Author: shivagowda

cmd/artifact/command/copy.go

@@ -10,6 +10,7 @@ import (
 	"github.com/harness/harness-cli/config"
 	v2client "github.com/harness/harness-cli/internal/api/ar_v2"
 	p "github.com/harness/harness-cli/util/common/progress"
+
 	"github.com/spf13/cobra"
 )
 

cmd/artifact/command/push_maven.go

@@ -23,6 +23,7 @@ import (
 	"github.com/harness/harness-cli/util/common/auth"
 	"github.com/harness/harness-cli/util/common/errors"
 	p "github.com/harness/harness-cli/util/common/progress"
+
 	"github.com/spf13/cobra"
 )
 

cmd/artifact/command/push_python.go

@@ -22,6 +22,7 @@ import (
 	"github.com/harness/harness-cli/util/common/auth"
 	"github.com/harness/harness-cli/util/common/errors"
 	p "github.com/harness/harness-cli/util/common/progress"
+
 	"github.com/spf13/cobra"
 )
 
@@ -99,7 +100,7 @@ func NewPushPythonCmd(c *cmdutils.Factory) *cobra.Command {
 
 		},
 	}
-	
+
 	cmd.Flags().StringVar(&pkgURL, "pkg-url", "", "Base URL for the Packages")
 	cmd.MarkFlagRequired("pkg-url")
 	return cmd

cmd/hc/main.go

@@ -10,10 +10,10 @@ import (
 	"runtime/pprof"
 	"time"
 
-	"github.com/harness/harness-cli/cmd/iacm"
 	"github.com/harness/harness-cli/cmd/artifact"
 	"github.com/harness/harness-cli/cmd/auth"
 	"github.com/harness/harness-cli/cmd/cmdutils"
+	"github.com/harness/harness-cli/cmd/iacm"
 	"github.com/harness/harness-cli/cmd/registry"
 	"github.com/harness/harness-cli/config"
 	"github.com/harness/harness-cli/util/templates"

cmd/iacm/command/plan.go

@@ -16,6 +16,7 @@ import (
 	"github.com/harness/harness-cli/config"
 	"github.com/harness/harness-cli/util/client/iacm"
 	"github.com/harness/harness-cli/util/common/progress"
+
 	"github.com/hashicorp/go-slug"
 	"github.com/spf13/cobra"
 	"gopkg.in/yaml.v3"
@@ -78,10 +79,10 @@ func getWorkspaceInfo(org, project, workspace, workingDirectory string) (*Worksp
 
 func NewPlanCmd() *cobra.Command {
 	var (
-		workspaceID string
-		orgID       string
-		projectID   string
-		targets     []string
+		workspaceID  string
+		orgID        string
+		projectID    string
+		targets      []string
 		replacements []string
 	)
 
@@ -126,7 +127,7 @@ streaming logs back to your terminal.`,
 
 			iacmClient := iacm.NewIacmClient(verbose)
 			logClient := iacm.NewLogClient()
-			
+
 			p := progress.NewConsoleReporter()
 
 			return executePlan(cmd.Context(), iacmClient, logClient, p, orgID, projectID, workspaceID, targets, replacements)
@@ -284,7 +285,7 @@ func getRepoRootFromWorkingDirectory(workingDirectory string, workspace *iacm.Wo
 
 	workingDirectory = filepath.Clean(workingDirectory)
 	repositoryPath := filepath.Clean(workspace.RepositoryPath)
-	
+
 	if strings.HasSuffix(workingDirectory, repositoryPath) {
 		repoRoot := strings.TrimSuffix(workingDirectory, workspace.RepositoryPath)
 		repoRoot = filepath.Clean(repoRoot)
@@ -332,7 +333,7 @@ func getStartingNodeID(ctx context.Context, iacmClient pipelineExecutionGetter,
 	ticker := time.NewTicker(500 * time.Millisecond)
 	defer ticker.Stop()
 	timer := time.After(5 * time.Second)
-	
+
 	for {
 		select {
 		case <-ctx.Done():
@@ -372,7 +373,7 @@ func walkExecutionGraph(ctx context.Context, iacmClient *iacm.IacmClient, logCli
 	defer ticker.Stop()
 	stageNodeID := startingNodeID
 	visited := map[string]struct{}{}
-	
+
 	for {
 		select {
 		case <-ctx.Done():
@@ -385,21 +386,21 @@ func walkExecutionGraph(ctx context.Context, iacmClient *iacm.IacmClient, logCli
 			if execution.PipelineExecutionSummary == nil || execution.ExecutionGraph == nil {
 				continue
 			}
-			
+
 			stageNode := getNextActiveStage(ctx, execution.PipelineExecutionSummary.LayoutNodeMap, stageNodeID)
 			if stageNode.NodeUuid == "" {
 				return nil
 			}
-			
+
 			_, ok := visited[stageNode.NodeUuid]
 			if ok {
 				continue
 			}
-			
+
 			visited[stageNode.NodeUuid] = struct{}{}
 			stageNodeID = stageNode.NodeUuid
 			fmt.Printf(startingStageMsg, stageNode.Name)
-			
+
 			err = walkStage(ctx, iacmClient, logClient, org, project, executionID, stageNodeID, execution.ExecutionGraph.RootNodeId)
 			if err != nil {
 				return err
@@ -422,7 +423,7 @@ func walkStage(ctx context.Context, iacmClient *iacm.IacmClient, logClient *iacm
 	defer ticker.Stop()
 	lastStepNodeID := rootNodeID
 	visited := map[string]struct{}{}
-	
+
 	for {
 		select {
 		case <-ctx.Done():
@@ -435,14 +436,14 @@ func walkStage(ctx context.Context, iacmClient *iacm.IacmClient, logClient *iacm
 			if execution.PipelineExecutionSummary == nil || execution.ExecutionGraph == nil {
 				continue
 			}
-			
+
 			if lastStepNodeID == "" {
 				lastStepNodeID = rootNodeID
 			}
-			
+
 			stageNode := execution.PipelineExecutionSummary.LayoutNodeMap[stageNodeID]
 			var stepNode iacm.ExecutionNode
-			
+
 			switch {
 			case isActiveStageNode(stageNode.Status):
 				stepNode = getNextActiveStep(*execution.ExecutionGraph, lastStepNodeID)
@@ -555,10 +556,10 @@ func isInactiveStageNode(status string) bool {
 }
 
 func shouldIgnoreStepType(stepType string) bool {
-	return stepType == "IACMIntegrationStageStepPMS" || 
-		   stepType == "IntegrationStageStepPMS" || 
-		   stepType == "NG_EXECUTION" || 
-		   stepType == "IACMPrepareExecution"
+	return stepType == "IACMIntegrationStageStepPMS" ||
+		stepType == "IntegrationStageStepPMS" ||
+		stepType == "NG_EXECUTION" ||
+		stepType == "IACMPrepareExecution"
 }
 
 func getLogKeyFromStepNode(stepNode iacm.ExecutionNode) string {

cmd/iacm/command/plan_test.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/harness/harness-cli/util/client/iacm"
+
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/yaml.v3"
 )
@@ -163,7 +164,7 @@ func TestGetNextActiveStage(t *testing.T) {
 func TestGetNextActiveStep(t *testing.T) {
 	tt := map[string]struct {
 		expectedActiveStage string
-		startingNodeID       string
+		startingNodeID      string
 		layoutNodeMap       map[string]iacm.GraphLayoutNode
 	}{
 		"finds the next active stage": {
@@ -222,7 +223,6 @@ func TestGetNextActiveStep(t *testing.T) {
 	}
 }
 
-
 func TestGetStartingNodeID(t *testing.T) {
 	t.Run("successfully retrieve starting node", func(t *testing.T) {
 		expectedStartingNodeID := "StartingNodeId"

cmd/iacm/root.go

@@ -19,4 +19,4 @@ executing on Harness servers while streaming logs back to your CLI.`,
 	rootCmd.AddCommand(command.NewPlanCmd())
 
 	return rootCmd
-}
+}

cmd/registry/command/fw_explain.go

@@ -8,15 +8,15 @@ import (
 	"strings"
 	"time"
 
-	"github.com/google/uuid"
 	"github.com/harness/harness-cli/cmd/cmdutils"
 	"github.com/harness/harness-cli/config"
 	ar_v3 "github.com/harness/harness-cli/internal/api/ar_v3"
 	client2 "github.com/harness/harness-cli/util/client"
 	"github.com/harness/harness-cli/util/common/printer"
 	"github.com/harness/harness-cli/util/common/progress"
-	"github.com/rs/zerolog/log"
 
+	"github.com/google/uuid"
+	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 )
 

go.mod

@@ -22,9 +22,9 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/tmaxmax/go-sse v0.11.0
 	github.com/zhyee/zipstream v0.0.0-20230625125559-133d8d1afaa0
-	golang.org/x/crypto v0.42.0
-	golang.org/x/net v0.44.0
-	golang.org/x/term v0.35.0
+	golang.org/x/crypto v0.43.0
+	golang.org/x/net v0.45.0
+	golang.org/x/term v0.36.0
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.18.4
 )
@@ -34,7 +34,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.3.0 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/containerd/containerd v1.7.27 // indirect
+	github.com/containerd/containerd v1.7.29 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/platforms v0.2.1 // indirect
@@ -131,7 +131,7 @@ require (
 	github.com/vbatts/tar-split v0.12.1 // indirect
 	golang.org/x/mod v0.28.0
 	golang.org/x/sync v0.17.0 // indirect
-	golang.org/x/sys v0.36.0 // indirect
-	golang.org/x/text v0.29.0 // indirect
+	golang.org/x/sys v0.37.0 // indirect
+	golang.org/x/text v0.30.0 // indirect
 	gopkg.in/ini.v1 v1.67.0
 )

go.sum

@@ -46,8 +46,8 @@ github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNS
 github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
 github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw=
 github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
-github.com/containerd/containerd v1.7.27 h1:yFyEyojddO3MIGVER2xJLWoCIn+Up4GaHFquP7hsFII=
-github.com/containerd/containerd v1.7.27/go.mod h1:xZmPnl75Vc+BLGt4MIfu6bp+fy03gdHAn9bz+FreFR0=
+github.com/containerd/containerd v1.7.29 h1:90fWABQsaN9mJhGkoVnuzEY+o1XDPbg9BTC9QTAHnuE=
+github.com/containerd/containerd v1.7.29/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
@@ -388,8 +388,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
-golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
+golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -405,8 +405,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
-golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/net v0.45.0 h1:RLBg5JKixCy82FtLJpeNlVM0nrSqpCRYzVU1n8kj0tM=
+golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
 golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
 golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -433,22 +433,22 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
-golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
-golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
+golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q=
+golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
-golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
+golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
 golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
 golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -457,8 +457,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
-golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
+golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE=
+golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=