Skip to content

Fix format string errors after golang.org/x/term upgrade to 0.39.0#114

Merged
MrJeffLarry merged 2 commits intodependabot/go_modules/golang.org/x/term-0.39.0from
copilot/sub-pr-113
Jan 21, 2026
Merged

Fix format string errors after golang.org/x/term upgrade to 0.39.0#114
MrJeffLarry merged 2 commits intodependabot/go_modules/golang.org/x/term-0.39.0from
copilot/sub-pr-113

Conversation

Copy link
Contributor

Copilot AI commented Jan 21, 2026
edited
Loading

The dependency upgrade exposed format string vulnerabilities where error messages were passed directly as format strings to print functions, triggering Go's non-constant format string checker.

Changes

  • internal/print/print.go: Changed Debug() to use Sprint() instead of Sprintf() when format string has no variadic arguments
  • internal/editor/editor.go: Added "%s" format specifier to 9 error print calls
  • internal/cmd/auth/login.go: Added "%s" format specifier to 6 error/info print calls
  • internal/cmd/issue/*.go: Added "%s" format specifier to 13 error print calls across create.go, edit.go, and note.go

Example

// Before - vulnerable to format string injection
print.Error(err.Error())

// After - safe with explicit format specifier
print.Error("%s", err.Error())

Security

No vulnerabilities found in golang.org/x/term v0.39.0 via GitHub Advisory Database.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI mentioned this pull request Jan 21, 2026
Merged
@MrJeffLarry
Fix non-constant format string errors in all affected files
e5f9907 
Co-authored-by: MrJeffLarry <369605+MrJeffLarry@users.noreply.github.com>
Copilot AI changed the title [WIP] Bump golang.org/x/term from 0.32.0 to 0.39.0 Fix format string errors after golang.org/x/term upgrade to 0.39.0 Jan 21, 2026
Copilot AI requested a review from MrJeffLarry January 21, 2026 21:48
@MrJeffLarry MrJeffLarry marked this pull request as ready for review January 21, 2026 21:53
@MrJeffLarry MrJeffLarry merged commit 5f7c3f5 into dependabot/go_modules/golang.org/x/term-0.39.0 Jan 21, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@MrJeffLarry MrJeffLarry MrJeffLarry approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@MrJeffLarry MrJeffLarry

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MrJeffLarry