🧹 Update go-atlassian to v2.11.0 and add nil safety guards

[tas50]

Summary

• Update go-atlassian from v1 to v2.11.0 (latest)
• Add nil guards for all pointer fields in the v2 library (Creator, AvatarURLs, Project, Status, IssueType, Created) to prevent nil pointer panics
• Rebase onto main (cnquery→mql v13 rename)

Test plan

• Build the atlassian provider: make providers/build/atlassian
• Verify Jira issues query works with valid credentials
• Verify no panic when issue fields are nil (e.g., issues without a creator)

[github-actions]

Test Results

5 397 tests  ±0   5 393 ✅ ±0   2m 20s ⏱️ -1s
  411 suites ±0       4 💤 ±0 
   31 files   ±0       0 ❌ ±0 

Results for commit 06addbd. ± Comparison against base commit e92d14d.

♻️ This comment has been updated with latest results.

[Copilot]

Pull request overview

This PR updates the Atlassian provider to use the latest go-atlassian v2 module and adapts the provider implementation to breaking API changes, primarily around import paths, field names, and Jira date handling.

Changes:

• Bumped github.com/ctreminiom/go-atlassian dependency to github.com/ctreminiom/go-atlassian/v2 v2.9.0 and updated all Atlassian connection packages to use the new v2 import paths.
• Adjusted Jira resource code to use the new AvatarURLs field and the new typed Created field (no longer parsing a string timestamp, but converting from the library’s time type), removing the now-unused JIRA_TIME_FORMAT constant.
• Cleaned up the Atlassian LR manifest by removing empty fields: {} entries and refreshed go.sum for updated transitive dependencies (e.g., gjson, go-containerregistry, go-querystring).

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
providers/atlassian/resources/atlassian_jira.go	Updates Jira resource logic to match the v2 client: switches to AvatarURLs fields and converts the new typed Created value to time.Time, removing the obsolete time format constant.
providers/atlassian/resources/atlassian.lr.manifest.yaml	Removes redundant empty fields: {} entries for the root atlassian resource and atlassian.admin.user.products, leaving the rest of the manifest unchanged.
providers/atlassian/go.mod	Switches to github.com/ctreminiom/go-atlassian/v2 v2.9.0 and adds/updates indirect dependencies required by the new version.
providers/atlassian/go.sum	Regenerates dependency checksums to reflect the new go-atlassian v2 module and updated transitive libraries (e.g., gjson, go-containerregistry, go-querystring).
providers/atlassian/connection/scim/connection.go	Updates SCIM connection to use github.com/ctreminiom/go-atlassian/v2/admin while keeping authentication and validation logic the same.
providers/atlassian/connection/jira/connection.go	Updates Jira connection to use github.com/ctreminiom/go-atlassian/v2/jira/v2 while preserving host/user/token handling and the auth check.
providers/atlassian/connection/confluence/connection.go	Updates Confluence connection to import github.com/ctreminiom/go-atlassian/v2/confluence with unchanged client setup.
providers/atlassian/connection/admin/connection.go	Updates Admin connection to import github.com/ctreminiom/go-atlassian/v2/admin with existing token-based auth and validation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Superseded by new review

[mondoo-code-review]

Atlassian provider library upgrade may panic on nil Creator field

[mondoo-code-review]

Atlassian provider library upgrade from v1 to v2 with adapted field access patterns.

Additional findings (file/line not in diff):

• 🟡 providers/atlassian/resources/atlassian_jira.go:243 — issue.Fields.Project, issue.Fields.Status, and issue.Fields.IssueType are accessed without nil checks (lines 243-249). If the v2 library changed these to pointer types (as it did with Created and potentially Creator), these will panic on nil dereference. Verify whether these are value types or pointers in the v2 API.

[mondoo-code-review]

Library upgrade adds nil-safety for issues but misses it for the users endpoint, risking a panic.

[mondoo-code-review]

🔴 critical — user.AvatarURLs is accessed without a nil check here, but the same struct's field is nil-checked in the issues path (line 234). If the v2 library made AvatarURLs a pointer (which the nil check in the issues code suggests), this will panic on users without an avatar.

var picture string
if user.AvatarURLs != nil {
    picture = user.AvatarURLs.One6X16
}

Then use llx.StringData(picture).