Go: Bump github.com/zalando/go-keyring from 0.2.1 to 0.2.3 (#7006)

Bumps [github.com/zalando/go-keyring](https://github.com/zalando/go-keyring) from 0.2.1 to 0.2.3.
- [Release notes](https://github.com/zalando/go-keyring/releases)
- [Commits](https://github.com/zalando/go-keyring/compare/v0.2.1...v0.2.3)

---
updated-dependencies:
- dependency-name: github.com/zalando/go-keyring
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

go.mod

@@ -48,7 +48,7 @@ require (
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/tidwall/gjson v1.14.4
-	github.com/zalando/go-keyring v0.2.1
+	github.com/zalando/go-keyring v0.2.3
 	golang.org/x/sync v0.3.0
 	golang.org/x/sys v0.10.0
 	golang.org/x/term v0.9.0
@@ -93,7 +93,7 @@ require (
 	github.com/containerd/containerd v1.6.20 // indirect
 	github.com/containerd/typeurl v1.0.2 // indirect
 	github.com/creack/pty v1.1.18 // indirect
-	github.com/danieljoos/wincred v1.1.2 // indirect
+	github.com/danieljoos/wincred v1.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684 // indirect
 	github.com/docker/cli v23.0.0-rc.1+incompatible // indirect
@@ -117,7 +117,7 @@ require (
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
-	github.com/godbus/dbus/v5 v5.0.6 // indirect
+	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect

go.sum

@@ -348,8 +348,8 @@ github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW
 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
 github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
 github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
-github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
+github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
-github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
+github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec=
 github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU=
 github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ=
 github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg=
@@ -559,8 +559,8 @@ github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblf
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
 github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro=
+github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
-github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
 github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
@@ -1269,8 +1269,8 @@ github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50 h1:hlE8//ciYMzt
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
-github.com/zalando/go-keyring v0.2.1 h1:MBRN/Z8H4U5wEKXiD67YbDAr5cj/DOStmSga70/2qKc=
+github.com/zalando/go-keyring v0.2.3 h1:v9CUu9phlABObO4LPWycf+zwMG7nlbb3t/B5wa97yms=
-github.com/zalando/go-keyring v0.2.1/go.mod h1:g63M2PPn0w5vjmEbwAX3ib5I+41zdm4esSETOn9Y6Dw=
+github.com/zalando/go-keyring v0.2.3/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
@@ -1634,7 +1634,6 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

vendor/github.com/danieljoos/wincred/README.md

@@ -4,7 +4,7 @@ wincred
 Go wrapper around the Windows Credential Manager API functions.
 
 [![GitHub release](https://img.shields.io/github/release/danieljoos/wincred.svg?style=flat-square)](https://github.com/danieljoos/wincred/releases/latest)
-[![Test Status](https://img.shields.io/github/workflow/status/danieljoos/wincred/test?label=test&logo=github&style=flat-square)](https://github.com/danieljoos/wincred/actions?query=workflow%3Atest)
+[![Test Status](https://img.shields.io/github/actions/workflow/status/danieljoos/wincred/test.yml?label=test&logo=github&style=flat-square)](https://github.com/danieljoos/wincred/actions?query=workflow%3Atest)
 [![Go Report Card](https://goreportcard.com/badge/github.com/danieljoos/wincred)](https://goreportcard.com/report/github.com/danieljoos/wincred)
 [![Codecov](https://img.shields.io/codecov/c/github/danieljoos/wincred?logo=codecov&style=flat-square)](https://codecov.io/gh/danieljoos/wincred)
 [![PkgGoDev](https://img.shields.io/badge/go.dev-docs-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/danieljoos/wincred)

vendor/github.com/danieljoos/wincred/sys.go

@@ -1,21 +1,23 @@
+//go:build windows
 // +build windows
 
 package wincred
 
 import (
 	"reflect"
+	"syscall"
 	"unsafe"
 
-	syscall "golang.org/x/sys/windows"
+	"golang.org/x/sys/windows"
 )
 
 var (
-	modadvapi32            = syscall.NewLazyDLL("advapi32.dll")
+	modadvapi32            = windows.NewLazySystemDLL("advapi32.dll")
-	procCredRead      proc = modadvapi32.NewProc("CredReadW")
+	procCredRead           = modadvapi32.NewProc("CredReadW")
 	procCredWrite     proc = modadvapi32.NewProc("CredWriteW")
 	procCredDelete    proc = modadvapi32.NewProc("CredDeleteW")
 	procCredFree      proc = modadvapi32.NewProc("CredFree")
-	procCredEnumerate proc = modadvapi32.NewProc("CredEnumerateW")
+	procCredEnumerate      = modadvapi32.NewProc("CredEnumerateW")
 )
 
 // Interface for syscall.Proc: helps testing
@@ -29,7 +31,7 @@ type sysCREDENTIAL struct {
 	Type               uint32
 	TargetName         *uint16
 	Comment            *uint16
-	LastWritten        syscall.Filetime
+	LastWritten        windows.Filetime
 	CredentialBlobSize uint32
 	CredentialBlob     uintptr
 	Persist            uint32
@@ -59,15 +61,16 @@ const (
 	sysCRED_TYPE_DOMAIN_EXTENDED         sysCRED_TYPE = 0x6
 
 	// https://docs.microsoft.com/en-us/windows/desktop/Debug/system-error-codes
-	sysERROR_NOT_FOUND         = syscall.Errno(1168)
+	sysERROR_NOT_FOUND         = windows.Errno(1168)
-	sysERROR_INVALID_PARAMETER = syscall.Errno(87)
+	sysERROR_INVALID_PARAMETER = windows.Errno(87)
 )
 
 // https://docs.microsoft.com/en-us/windows/desktop/api/wincred/nf-wincred-credreadw
 func sysCredRead(targetName string, typ sysCRED_TYPE) (*Credential, error) {
 	var pcred *sysCREDENTIAL
-	targetNamePtr, _ := syscall.UTF16PtrFromString(targetName)
+	targetNamePtr, _ := windows.UTF16PtrFromString(targetName)
-	ret, _, err := procCredRead.Call(
+	ret, _, err := syscall.SyscallN(
+		procCredRead.Addr(),
 		uintptr(unsafe.Pointer(targetNamePtr)),
 		uintptr(typ),
 		0,
@@ -98,7 +101,7 @@ func sysCredWrite(cred *Credential, typ sysCRED_TYPE) error {
 
 // https://docs.microsoft.com/en-us/windows/desktop/api/wincred/nf-wincred-creddeletew
 func sysCredDelete(cred *Credential, typ sysCRED_TYPE) error {
-	targetNamePtr, _ := syscall.UTF16PtrFromString(cred.TargetName)
+	targetNamePtr, _ := windows.UTF16PtrFromString(cred.TargetName)
 	ret, _, err := procCredDelete.Call(
 		uintptr(unsafe.Pointer(targetNamePtr)),
 		uintptr(typ),
@@ -117,9 +120,10 @@ func sysCredEnumerate(filter string, all bool) ([]*Credential, error) {
 	var pcreds uintptr
 	var filterPtr *uint16
 	if !all {
-		filterPtr, _ = syscall.UTF16PtrFromString(filter)
+		filterPtr, _ = windows.UTF16PtrFromString(filter)
 	}
-	ret, _, err := procCredEnumerate.Call(
+	ret, _, err := syscall.SyscallN(
+		procCredEnumerate.Addr(),
 		uintptr(unsafe.Pointer(filterPtr)),
 		0,
 		uintptr(unsafe.Pointer(&count)),

vendor/github.com/godbus/dbus/v5/auth.go

@@ -176,9 +176,10 @@ func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, boo
 					return err, false
 				}
 				state = waitingForReject
+			} else {
+				conn.uuid = string(s[1])
+				return nil, true
 			}
-			conn.uuid = string(s[1])
-			return nil, true
 		case state == waitingForData:
 			err = authWriteLine(conn.transport, []byte("ERROR"))
 			if err != nil {
@@ -191,9 +192,10 @@ func (conn *Conn) tryAuth(m Auth, state authState, in *bufio.Reader) (error, boo
 					return err, false
 				}
 				state = waitingForReject
+			} else {
+				conn.uuid = string(s[1])
+				return nil, true
 			}
-			conn.uuid = string(s[1])
-			return nil, true
 		case state == waitingForOk && string(s[0]) == "DATA":
 			err = authWriteLine(conn.transport, []byte("DATA"))
 			if err != nil {

vendor/github.com/godbus/dbus/v5/conn.go

@@ -169,7 +169,7 @@ func Connect(address string, opts ...ConnOption) (*Conn, error) {
 
 // SystemBusPrivate returns a new private connection to the system bus.
 // Note: this connection is not ready to use. One must perform Auth and Hello
-// on the connection before it is useable.
+// on the connection before it is usable.
 func SystemBusPrivate(opts ...ConnOption) (*Conn, error) {
 	return Dial(getSystemBusPlatformAddress(), opts...)
 }
@@ -284,10 +284,6 @@ func newConn(tr transport, opts ...ConnOption) (*Conn, error) {
 		conn.ctx = context.Background()
 	}
 	conn.ctx, conn.cancelCtx = context.WithCancel(conn.ctx)
-	go func() {
-		<-conn.ctx.Done()
-		conn.Close()
-	}()
 
 	conn.calls = newCallTracker()
 	if conn.handler == nil {
@@ -302,6 +298,11 @@ func newConn(tr transport, opts ...ConnOption) (*Conn, error) {
 	conn.outHandler = &outputHandler{conn: conn}
 	conn.names = newNameTracker()
 	conn.busObj = conn.Object("org.freedesktop.DBus", "/org/freedesktop/DBus")
+
+	go func() {
+		<-conn.ctx.Done()
+		conn.Close()
+	}()
 	return conn, nil
 }
 
@@ -550,6 +551,11 @@ func (conn *Conn) send(ctx context.Context, msg *Message, ch chan *Call) *Call {
 		call.ctx = ctx
 		call.ctxCanceler = canceler
 		conn.calls.track(msg.serial, call)
+		if ctx.Err() != nil {
+			// short path: don't even send the message if context already cancelled
+			conn.calls.handleSendError(msg, ctx.Err())
+			return call
+		}
 		go func() {
 			<-ctx.Done()
 			conn.calls.handleSendError(msg, ctx.Err())
@@ -649,7 +655,9 @@ func (conn *Conn) RemoveMatchSignalContext(ctx context.Context, options ...Match
 
 // Signal registers the given channel to be passed all received signal messages.
 //
-// Multiple of these channels can be registered at the same time.
+// Multiple of these channels can be registered at the same time. The channel is
+// closed if the Conn is closed; it should not be closed by the caller before
+// RemoveSignal was called on it.
 //
 // These channels are "overwritten" by Eavesdrop; i.e., if there currently is a
 // channel for eavesdropped messages, this channel receives all signals, and
@@ -765,7 +773,12 @@ func getKey(s, key string) string {
 	for _, keyEqualsValue := range strings.Split(s, ",") {
 		keyValue := strings.SplitN(keyEqualsValue, "=", 2)
 		if len(keyValue) == 2 && keyValue[0] == key {
-			return keyValue[1]
+			val, err := UnescapeBusAddressValue(keyValue[1])
+			if err != nil {
+				// No way to return an error.
+				return ""
+			}
+			return val
 		}
 	}
 	return ""

vendor/github.com/godbus/dbus/v5/conn_other.go

@@ -54,7 +54,7 @@ func tryDiscoverDbusSessionBusAddress() string {
 		if runUserBusFile := path.Join(runtimeDirectory, "bus"); fileExists(runUserBusFile) {
 			// if /run/user/<uid>/bus exists, that file itself
 			// *is* the unix socket, so return its path
-			return fmt.Sprintf("unix:path=%s", runUserBusFile)
+			return fmt.Sprintf("unix:path=%s", EscapeBusAddressValue(runUserBusFile))
 		}
 		if runUserSessionDbusFile := path.Join(runtimeDirectory, "dbus-session"); fileExists(runUserSessionDbusFile) {
 			// if /run/user/<uid>/dbus-session exists, it's a
@@ -85,9 +85,6 @@ func getRuntimeDirectory() (string, error) {
 }
 
 func fileExists(filename string) bool {
-	if _, err := os.Stat(filename); !os.IsNotExist(err) {
+	_, err := os.Stat(filename)
-		return true
+	return !os.IsNotExist(err)
-	} else {
-		return false
-	}
 }

vendor/github.com/godbus/dbus/v5/dbus.go

@@ -122,8 +122,11 @@ func isConvertibleTo(dest, src reflect.Type) bool {
 	case dest.Kind() == reflect.Slice:
 		return src.Kind() == reflect.Slice &&
 			isConvertibleTo(dest.Elem(), src.Elem())
+	case dest.Kind() == reflect.Ptr:
+		dest = dest.Elem()
+		return isConvertibleTo(dest, src)
 	case dest.Kind() == reflect.Struct:
-		return src == interfacesType
+		return src == interfacesType || dest.Kind() == src.Kind()
 	default:
 		return src.ConvertibleTo(dest)
 	}
@@ -274,13 +277,8 @@ func storeSliceIntoInterface(dest, src reflect.Value) error {
 func storeSliceIntoSlice(dest, src reflect.Value) error {
 	if dest.IsNil() || dest.Len() < src.Len() {
 		dest.Set(reflect.MakeSlice(dest.Type(), src.Len(), src.Cap()))
-	}
+	} else if dest.Len() > src.Len() {
-	if dest.Len() != src.Len() {
+		dest.Set(dest.Slice(0, src.Len()))
-		return fmt.Errorf(
-			"dbus.Store: type mismatch: "+
-				"slices are different lengths "+
-				"need: %d have: %d",
-			src.Len(), dest.Len())
 	}
 	for i := 0; i < src.Len(); i++ {
 		err := store(dest.Index(i), getVariantValue(src.Index(i)))

vendor/github.com/godbus/dbus/v5/doc.go

@@ -10,8 +10,10 @@ value.
 Conversion Rules
 
 For outgoing messages, Go types are automatically converted to the
-corresponding D-Bus types. The following types are directly encoded as their
+corresponding D-Bus types. See the official specification at
-respective D-Bus equivalents:
+https://dbus.freedesktop.org/doc/dbus-specification.html#type-system for more
+information on the D-Bus type system. The following types are directly encoded
+as their respective D-Bus equivalents:
 
      Go type     | D-Bus type
      ------------+-----------
@@ -39,8 +41,8 @@ Maps encode as DICTs, provided that their key type can be used as a key for
 a DICT.
 
 Structs other than Variant and Signature encode as a STRUCT containing their
-exported fields. Fields whose tags contain `dbus:"-"` and unexported fields will
+exported fields in order. Fields whose tags contain `dbus:"-"` and unexported
-be skipped.
+fields will be skipped.
 
 Pointers encode as the value they're pointed to.
 

vendor/github.com/godbus/dbus/v5/escape.go

@@ -0,0 +1,84 @@
+package dbus
+
+import "net/url"
+
+// EscapeBusAddressValue implements a requirement to escape the values
+// in D-Bus server addresses, as defined by the D-Bus specification at
+// https://dbus.freedesktop.org/doc/dbus-specification.html#addresses.
+func EscapeBusAddressValue(val string) string {
+	toEsc := strNeedsEscape(val)
+	if toEsc == 0 {
+		// Avoid unneeded allocation/copying.
+		return val
+	}
+
+	// Avoid allocation for short paths.
+	var buf [64]byte
+	var out []byte
+	// Every to-be-escaped byte needs 2 extra bytes.
+	required := len(val) + 2*toEsc
+	if required <= len(buf) {
+		out = buf[:required]
+	} else {
+		out = make([]byte, required)
+	}
+
+	j := 0
+	for i := 0; i < len(val); i++ {
+		if ch := val[i]; needsEscape(ch) {
+			// Convert ch to %xx, where xx is hex value.
+			out[j] = '%'
+			out[j+1] = hexchar(ch >> 4)
+			out[j+2] = hexchar(ch & 0x0F)
+			j += 3
+		} else {
+			out[j] = ch
+			j++
+		}
+	}
+
+	return string(out)
+}
+
+// UnescapeBusAddressValue unescapes values in D-Bus server addresses,
+// as defined by the D-Bus specification at
+// https://dbus.freedesktop.org/doc/dbus-specification.html#addresses.
+func UnescapeBusAddressValue(val string) (string, error) {
+	// Looks like url.PathUnescape does exactly what is required.
+	return url.PathUnescape(val)
+}
+
+// hexchar returns an octal representation of a n, where n < 16.
+// For invalid values of n, the function panics.
+func hexchar(n byte) byte {
+	const hex = "0123456789abcdef"
+
+	// For n >= len(hex), runtime will panic.
+	return hex[n]
+}
+
+// needsEscape tells if a byte is NOT one of optionally-escaped bytes.
+func needsEscape(c byte) bool {
+	if 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z' || '0' <= c && c <= '9' {
+		return false
+	}
+	switch c {
+	case '-', '_', '/', '\\', '.', '*':
+		return false
+	}
+
+	return true
+}
+
+// strNeedsEscape tells how many bytes in the string need escaping.
+func strNeedsEscape(val string) int {
+	count := 0
+
+	for i := 0; i < len(val); i++ {
+		if needsEscape(val[i]) {
+			count++
+		}
+	}
+
+	return count
+}

vendor/github.com/godbus/dbus/v5/export.go

@@ -3,6 +3,7 @@ package dbus
 import (
 	"errors"
 	"fmt"
+	"os"
 	"reflect"
 	"strings"
 )
@@ -209,28 +210,23 @@ func (conn *Conn) handleCall(msg *Message) {
 		}
 		reply.Headers[FieldSignature] = MakeVariant(SignatureOf(reply.Body...))
 
-		conn.sendMessageAndIfClosed(reply, nil)
+		if err := reply.IsValid(); err != nil {
+			fmt.Fprintf(os.Stderr, "dbus: dropping invalid reply to %s.%s on obj %s: %s\n", ifaceName, name, path, err)
+		} else {
+			conn.sendMessageAndIfClosed(reply, nil)
+		}
 	}
 }
 
 // Emit emits the given signal on the message bus. The name parameter must be
 // formatted as "interface.member", e.g., "org.freedesktop.DBus.NameLost".
 func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) error {
-	if !path.IsValid() {
-		return errors.New("dbus: invalid object path")
-	}
 	i := strings.LastIndex(name, ".")
 	if i == -1 {
 		return errors.New("dbus: invalid method name")
 	}
 	iface := name[:i]
 	member := name[i+1:]
-	if !isValidMember(member) {
-		return errors.New("dbus: invalid method name")
-	}
-	if !isValidInterface(iface) {
-		return errors.New("dbus: invalid interface name")
-	}
 	msg := new(Message)
 	msg.Type = TypeSignal
 	msg.Headers = make(map[HeaderField]Variant)
@@ -241,6 +237,9 @@ func (conn *Conn) Emit(path ObjectPath, name string, values ...interface{}) erro
 	if len(values) > 0 {
 		msg.Headers[FieldSignature] = MakeVariant(SignatureOf(values...))
 	}
+	if err := msg.IsValid(); err != nil {
+		return err
+	}
 
 	var closed bool
 	conn.sendMessageAndIfClosed(msg, func() {

vendor/github.com/godbus/dbus/v5/homedir.go

@@ -2,27 +2,24 @@ package dbus
 
 import (
 	"os"
-	"sync"
+	"os/user"
-)
-
-var (
-	homeDir     string
-	homeDirLock sync.Mutex
 )
 
+// Get returns the home directory of the current user, which is usually the
+// value of HOME environment variable. In case it is not set or empty, os/user
+// package is used.
+//
+// If linking statically with cgo enabled against glibc, make sure the
+// osusergo build tag is used.
+//
+// If needing to do nss lookups, do not disable cgo or set osusergo.
 func getHomeDir() string {
-	homeDirLock.Lock()
+	homeDir := os.Getenv("HOME")
-	defer homeDirLock.Unlock()
-
 	if homeDir != "" {
 		return homeDir
 	}
-
+	if u, err := user.Current(); err == nil {
-	homeDir = os.Getenv("HOME")
+		return u.HomeDir
-	if homeDir != "" {
-		return homeDir
 	}
-
+	return "/"
-	homeDir = lookupHomeDir()
-	return homeDir
 }

vendor/github.com/godbus/dbus/v5/homedir_dynamic.go

@@ -1,15 +0,0 @@
-// +build !static_build
-
-package dbus
-
-import (
-	"os/user"
-)
-
-func lookupHomeDir() string {
-	u, err := user.Current()
-	if err != nil {
-		return "/"
-	}
-	return u.HomeDir
-}

vendor/github.com/godbus/dbus/v5/homedir_static.go

@@ -1,45 +0,0 @@
-// +build static_build
-
-package dbus
-
-import (
-	"bufio"
-	"os"
-	"strconv"
-	"strings"
-)
-
-func lookupHomeDir() string {
-	myUid := os.Getuid()
-
-	f, err := os.Open("/etc/passwd")
-	if err != nil {
-		return "/"
-	}
-	defer f.Close()
-
-	s := bufio.NewScanner(f)
-
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			break
-		}
-
-		line := strings.TrimSpace(s.Text())
-		if line == "" {
-			continue
-		}
-
-		parts := strings.Split(line, ":")
-
-		if len(parts) >= 6 {
-			uid, err := strconv.Atoi(parts[2])
-			if err == nil && uid == myUid {
-				return parts[5]
-			}
-		}
-	}
-
-	// Default to / if we can't get a better value
-	return "/"
-}

vendor/github.com/godbus/dbus/v5/message.go

@@ -208,7 +208,7 @@ func DecodeMessageWithFDs(rd io.Reader, fds []int) (msg *Message, err error) {
 // The possibly returned error can be an error of the underlying reader, an
 // InvalidMessageError or a FormatError.
 func DecodeMessage(rd io.Reader) (msg *Message, err error) {
-	return DecodeMessageWithFDs(rd, make([]int, 0));
+	return DecodeMessageWithFDs(rd, make([]int, 0))
 }
 
 type nullwriter struct{}
@@ -227,8 +227,8 @@ func (msg *Message) CountFds() (int, error) {
 }
 
 func (msg *Message) EncodeToWithFDs(out io.Writer, order binary.ByteOrder) (fds []int, err error) {
-	if err := msg.IsValid(); err != nil {
+	if err := msg.validateHeader(); err != nil {
-		return make([]int, 0), err
+		return nil, err
 	}
 	var vs [7]interface{}
 	switch order {
@@ -237,7 +237,7 @@ func (msg *Message) EncodeToWithFDs(out io.Writer, order binary.ByteOrder) (fds
 	case binary.BigEndian:
 		vs[0] = byte('B')
 	default:
-		return make([]int, 0), errors.New("dbus: invalid byte order")
+		return nil, errors.New("dbus: invalid byte order")
 	}
 	body := new(bytes.Buffer)
 	fds = make([]int, 0)
@@ -284,8 +284,13 @@ func (msg *Message) EncodeTo(out io.Writer, order binary.ByteOrder) (err error)
 }
 
 // IsValid checks whether msg is a valid message and returns an
-// InvalidMessageError if it is not.
+// InvalidMessageError or FormatError if it is not.
 func (msg *Message) IsValid() error {
+	var b bytes.Buffer
+	return msg.EncodeTo(&b, nativeEndian)
+}
+
+func (msg *Message) validateHeader() error {
 	if msg.Flags & ^(FlagNoAutoStart|FlagNoReplyExpected|FlagAllowInteractiveAuthorization) != 0 {
 		return InvalidMessageError("invalid flags")
 	}
@@ -330,6 +335,7 @@ func (msg *Message) IsValid() error {
 			return InvalidMessageError("missing signature")
 		}
 	}
+
 	return nil
 }
 

vendor/github.com/godbus/dbus/v5/server_interfaces.go

@@ -63,7 +63,7 @@ type Method interface {
 // any other decoding scheme.
 type ArgumentDecoder interface {
 	// To decode the arguments of a method the sender and message are
-	// provided incase the semantics of the implementer provides access
+	// provided in case the semantics of the implementer provides access
 	// to these as part of the method invocation.
 	DecodeArguments(conn *Conn, sender string, msg *Message, args []interface{}) ([]interface{}, error)
 }

vendor/github.com/godbus/dbus/v5/sig.go

@@ -102,7 +102,7 @@ func getSignature(t reflect.Type, depth *depthCounter) (sig string) {
 			}
 		}
 		if len(s) == 0 {
-			panic("empty struct")
+			panic(InvalidTypeError{t})
 		}
 		return "(" + s + ")"
 	case reflect.Array, reflect.Slice:

vendor/github.com/godbus/dbus/v5/transport_unix.go

@@ -154,17 +154,15 @@ func (t *unixTransport) ReadMessage() (*Message, error) {
 		// substitute the values in the message body (which are indices for the
 		// array receiver via OOB) with the actual values
 		for i, v := range msg.Body {
-			switch v.(type) {
+			switch index := v.(type) {
 			case UnixFDIndex:
-				j := v.(UnixFDIndex)
+				if uint32(index) >= unixfds {
-				if uint32(j) >= unixfds {
 					return nil, InvalidMessageError("invalid index for unix fd")
 				}
-				msg.Body[i] = UnixFD(fds[j])
+				msg.Body[i] = UnixFD(fds[index])
 			case []UnixFDIndex:
-				idxArray := v.([]UnixFDIndex)
+				fdArray := make([]UnixFD, len(index))
-				fdArray := make([]UnixFD, len(idxArray))
+				for k, j := range index {
-				for k, j := range idxArray {
 					if uint32(j) >= unixfds {
 						return nil, InvalidMessageError("invalid index for unix fd")
 					}

vendor/github.com/godbus/dbus/v5/transport_zos.go

@@ -0,0 +1,6 @@
+package dbus
+
+func (t *unixTransport) SendNullByte() error {
+	_, err := t.Write([]byte{0})
+	return err
+}

vendor/github.com/godbus/dbus/v5/variant.go

@@ -49,7 +49,7 @@ func ParseVariant(s string, sig Signature) (Variant, error) {
 }
 
 // format returns a formatted version of v and whether this string can be parsed
-// unambigously.
+// unambiguously.
 func (v Variant) format() (string, bool) {
 	switch v.sig.str[0] {
 	case 'b', 'i':

vendor/github.com/zalando/go-keyring/.gitignore

@@ -0,0 +1,23 @@
+# https://github.com/github/gitignore
+
+######################### Go ###################################################
+# https://raw.githubusercontent.com/github/gitignore/master/Go.gitignore
+################################################################################
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+vendor/
+
+# Go workspace file
+go.work

vendor/github.com/zalando/go-keyring/README.md

@@ -1,6 +1,4 @@
 # Go Keyring library
-[![Build Status](https://travis-ci.org/zalando/go-keyring.svg?branch=master)](https://travis-ci.org/zalando/go-keyring)
-[![Build status](https://ci.appveyor.com/api/projects/status/l8hdbqng769sc2c5/branch/master?svg=true)](https://ci.appveyor.com/project/mikkeloscar/go-keyring/branch/master)
 [![Go Report Card](https://goreportcard.com/badge/github.com/zalando/go-keyring)](https://goreportcard.com/report/github.com/zalando/go-keyring)
 [![GoDoc](https://godoc.org/github.com/zalando/go-keyring?status.svg)](https://godoc.org/github.com/zalando/go-keyring)
 

vendor/github.com/zalando/go-keyring/appveyor.yml

@@ -1,11 +0,0 @@
-version: "{build}"
-clone_folder: c:\gopath\src\github.com\zalando\go-keyring
-environment:
-  GOPATH: c:\gopath
-install:
-  - go version
-  - go get -t -v ./...
-build_script:
-  - go build
-test_script:
-  - go test -v

vendor/github.com/zalando/go-keyring/keyring.go

@@ -1,15 +1,20 @@
 package keyring
 
-import "fmt"
+import "errors"
 
 // provider set in the init function by the relevant os file e.g.:
-// keyring_linux.go
+// keyring_unix.go
 var provider Keyring = fallbackServiceProvider{}
 
 var (
 	// ErrNotFound is the expected error if the secret isn't found in the
 	// keyring.
-	ErrNotFound = fmt.Errorf("secret not found in keyring")
+	ErrNotFound = errors.New("secret not found in keyring")
+	// ErrSetDataTooBig is returned if `Set` was called with too much data.
+	// On MacOS: The combination of service, username & password should not exceed ~3000 bytes
+	// On Windows: The service is limited to 32KiB while the password is limited to 2560 bytes
+	// On Linux/Unix: There is no theoretical limit but performance suffers with big values (>100KiB)
+	ErrSetDataTooBig = errors.New("data passed to Set was too big")
 )
 
 // Keyring provides a simple set/get interface for a keyring service.

vendor/github.com/zalando/go-keyring/keyring_darwin.go

@@ -15,6 +15,7 @@
 package keyring
 
 import (
+	"encoding/base64"
 	"encoding/hex"
 	"fmt"
 	"io"
@@ -28,7 +29,8 @@ const (
 	execPathKeychain = "/usr/bin/security"
 
 	// encodingPrefix is a well-known prefix added to strings encoded by Set.
-	encodingPrefix = "go-keyring-encoded:"
+	encodingPrefix       = "go-keyring-encoded:"
+	base64EncodingPrefix = "go-keyring-base64:"
 )
 
 type macOSXKeychain struct{}
@@ -37,8 +39,7 @@ type macOSXKeychain struct{}
 // 	return exec.Command(execPathKeychain).Run() != exec.ErrNotFound
 // }
 
-// Set stores stores user and pass in the keyring under the defined service
+// Get password from macos keyring given service and user name.
-// name.
 func (k macOSXKeychain) Get(service, username string) (string, error) {
 	out, err := exec.Command(
 		execPathKeychain,
@@ -46,7 +47,7 @@ func (k macOSXKeychain) Get(service, username string) (string, error) {
 		"-s", service,
 		"-wa", username).CombinedOutput()
 	if err != nil {
-		if strings.Contains(fmt.Sprintf("%s", out), "could not be found") {
+		if strings.Contains(string(out), "could not be found") {
 			err = ErrNotFound
 		}
 		return "", err
@@ -57,17 +58,20 @@ func (k macOSXKeychain) Get(service, username string) (string, error) {
 	if strings.HasPrefix(trimStr, encodingPrefix) {
 		dec, err := hex.DecodeString(trimStr[len(encodingPrefix):])
 		return string(dec), err
+	} else if strings.HasPrefix(trimStr, base64EncodingPrefix) {
+		dec, err := base64.StdEncoding.DecodeString(trimStr[len(base64EncodingPrefix):])
+		return string(dec), err
 	}
 
 	return trimStr, nil
 }
 
-// Set stores a secret in the keyring given a service name and a user.
+// Set stores a secret in the macos keyring given a service name and a user.
 func (k macOSXKeychain) Set(service, username, password string) error {
 	// if the added secret has multiple lines or some non ascii,
 	// osx will hex encode it on return. To avoid getting garbage, we
 	// encode all passwords
-	password = encodingPrefix + hex.EncodeToString([]byte(password))
+	password = base64EncodingPrefix + base64.StdEncoding.EncodeToString([]byte(password))
 
 	cmd := exec.Command(execPathKeychain, "-i")
 	stdIn, err := cmd.StdinPipe()
@@ -80,6 +84,10 @@ func (k macOSXKeychain) Set(service, username, password string) error {
 	}
 
 	command := fmt.Sprintf("add-generic-password -U -s %s -a %s -w %s\n", shellescape.Quote(service), shellescape.Quote(username), shellescape.Quote(password))
+	if len(command) > 4096 {
+		return ErrSetDataTooBig
+	}
+
 	if _, err := io.WriteString(stdIn, command); err != nil {
 		return err
 	}
@@ -99,7 +107,7 @@ func (k macOSXKeychain) Delete(service, username string) error {
 		"delete-generic-password",
 		"-s", service,
 		"-a", username).CombinedOutput()
-	if strings.Contains(fmt.Sprintf("%s", out), "could not be found") {
+	if strings.Contains(string(out), "could not be found") {
 		err = ErrNotFound
 	}
 	return err

vendor/github.com/zalando/go-keyring/keyring_fallback.go

@@ -6,7 +6,7 @@ import (
 )
 
 // All of the following methods error out on unsupported platforms
-var ErrUnsupportedPlatform = errors.New("Unsupported platform: " + runtime.GOOS)
+var ErrUnsupportedPlatform = errors.New("unsupported platform: " + runtime.GOOS)
 
 type fallbackServiceProvider struct{}
 

vendor/github.com/zalando/go-keyring/keyring_mock.go

@@ -2,11 +2,15 @@ package keyring
 
 type mockProvider struct {
 	mockStore map[string]map[string]string
+	mockError error
 }
 
 // Set stores user and pass in the keyring under the defined service
 // name.
 func (m *mockProvider) Set(service, user, pass string) error {
+	if m.mockError != nil {
+		return m.mockError
+	}
 	if m.mockStore == nil {
 		m.mockStore = make(map[string]map[string]string)
 	}
@@ -19,6 +23,9 @@ func (m *mockProvider) Set(service, user, pass string) error {
 
 // Get gets a secret from the keyring given a service name and a user.
 func (m *mockProvider) Get(service, user string) (string, error) {
+	if m.mockError != nil {
+		return "", m.mockError
+	}
 	if b, ok := m.mockStore[service]; ok {
 		if v, ok := b[user]; ok {
 			return v, nil
@@ -29,6 +36,9 @@ func (m *mockProvider) Get(service, user string) (string, error) {
 
 // Delete deletes a secret, identified by service & user, from the keyring.
 func (m *mockProvider) Delete(service, user string) error {
+	if m.mockError != nil {
+		return m.mockError
+	}
 	if m.mockStore != nil {
 		if _, ok := m.mockStore[service]; ok {
 			if _, ok := m.mockStore[service][user]; ok {
@@ -44,3 +54,9 @@ func (m *mockProvider) Delete(service, user string) error {
 func MockInit() {
 	provider = &mockProvider{}
 }
+
+// MockInitWithError sets the provider to a mocked memory store
+// that returns the given error on all operations
+func MockInitWithError(err error) {
+	provider = &mockProvider{mockError: err}
+}

vendor/github.com/zalando/go-keyring/keyring_windows.go

@@ -1,8 +1,9 @@
 package keyring
 
 import (
-	"github.com/danieljoos/wincred"
 	"syscall"
+
+	"github.com/danieljoos/wincred"
 )
 
 type windowsKeychain struct{}
@@ -23,6 +24,22 @@ func (k windowsKeychain) Get(service, username string) (string, error) {
 // Set stores stores user and pass in the keyring under the defined service
 // name.
 func (k windowsKeychain) Set(service, username, password string) error {
+	// password may not exceed 2560 bytes (https://github.com/jaraco/keyring/issues/540#issuecomment-968329967)
+	if len(password) > 2560 {
+		return ErrSetDataTooBig
+	}
+
+	// service may not exceed 512 bytes (might need more testing)
+	if len(service) >= 512 {
+		return ErrSetDataTooBig
+	}
+
+	// service may not exceed 32k but problems occur before that
+	// so we limit it to 30k
+	if len(service) > 1024*30 {
+		return ErrSetDataTooBig
+	}
+
 	cred := wincred.NewGenericCredential(k.credName(service, username))
 	cred.UserName = username
 	cred.CredentialBlob = []byte(password)

vendor/github.com/zalando/go-keyring/secret_service/secret_service.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"errors"
+
 	dbus "github.com/godbus/dbus/v5"
 )
 
@@ -190,6 +191,17 @@ func (s *SecretService) handlePrompt(prompt dbus.ObjectPath) (bool, dbus.Variant
 			return false, dbus.MakeVariant(""), err
 		}
 
+		err = s.AddMatchSignal(dbus.WithMatchObjectPath(prompt),
+			dbus.WithMatchInterface(promptInterface),
+		)
+		if err != nil {
+			return false, dbus.MakeVariant(""), err
+		}
+
+		defer func(s *SecretService, options ...dbus.MatchOption) {
+			_ = s.RemoveMatchSignal(options...)
+		}(s, dbus.WithMatchObjectPath(prompt), dbus.WithMatchInterface(promptInterface))
+
 		promptSignal := make(chan *dbus.Signal, 1)
 		s.Signal(promptSignal)
 

vendor/modules.txt

@@ -133,8 +133,8 @@ github.com/containerd/typeurl
 # github.com/creack/pty v1.1.18
 ## explicit; go 1.13
 github.com/creack/pty
-# github.com/danieljoos/wincred v1.1.2
+# github.com/danieljoos/wincred v1.2.0
-## explicit; go 1.13
+## explicit; go 1.18
 github.com/danieljoos/wincred
 # github.com/davecgh/go-spew v1.1.1
 ## explicit
@@ -381,7 +381,7 @@ github.com/gobwas/glob/syntax/ast
 github.com/gobwas/glob/syntax/lexer
 github.com/gobwas/glob/util/runes
 github.com/gobwas/glob/util/strings
-# github.com/godbus/dbus/v5 v5.0.6
+# github.com/godbus/dbus/v5 v5.1.0
 ## explicit; go 1.12
 github.com/godbus/dbus/v5
 # github.com/gogo/protobuf v1.3.2
@@ -842,8 +842,8 @@ github.com/xlab/treeprint
 # github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778
 ## explicit; go 1.15
 github.com/xo/terminfo
-# github.com/zalando/go-keyring v0.2.1
+# github.com/zalando/go-keyring v0.2.3
-## explicit; go 1.13
+## explicit; go 1.18
 github.com/zalando/go-keyring
 github.com/zalando/go-keyring/secret_service
 # go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5