Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump github.com/securego/gosec/v2 from 5f0084eb01a9 to 81cda2f91fbe #4927

Merged
merged 4 commits into from
Aug 20, 2024
Merged

build(deps): bump github.com/securego/gosec/v2 from 5f0084eb01a9 to 81cda2f91fbe #4927

merged 4 commits into from
Aug 20, 2024

Conversation

ldez
Copy link
Member

@ldez ldez commented Aug 20, 2024
edited
Loading

This PR is related to #4906 (and #4904), the analyzers (G602, G115) can be filtered now.

The rules G115, G405, G406, G506, and G507 are added (kind of side effect of the update).

securego/gosec@5f0084e...81cda2f

The update is done by hand because gosec is not released yet and we already use a pseudo version because of #4748.

Note: exclusions are defined inside the configuration due to the compatibility requirements with the previous version of golangci-lint inside our tests.

@ldez ldez added dependencies Relates to an upstream dependency linter: update version Update version of linter go Pull requests that update Go code labels Aug 20, 2024
@ldez ldez added this to the next milestone Aug 20, 2024
@ldez ldez requested a review from bombsimon August 20, 2024 15:17
@ldez
Copy link
Member Author

ldez commented Aug 20, 2024

I will merge this PR to avoid regressions related to G602.

@ldez ldez merged commit f338f3e into golangci:master Aug 20, 2024
16 checks passed
@ldez ldez deleted the fix/gosec-filter branch August 20, 2024 20:01
@ldez ldez modified the milestones: next, v1.60 Aug 20, 2024
@ldemailly
Copy link

ldemailly commented Aug 20, 2024
edited
Loading

my CI started failing (despited pinned action
golangci/golangci-lint-action@aaa42aa )
with fun stuff like

 G115: integer overflow conversion uint8 -> int64 (gosec)
		return object.Integer{Value: int64(str[idx])}
		                                  ^

how is uint8 overflowing an int64 !?

filled at securego/gosec#1185

@ldez
Copy link
Member Author

ldez commented Aug 20, 2024

This update was required to be able to disable G602 and G115 inside the configuration.

I know that technically this update adds new rules but this was required to fix a bug.
The bug was that G602 and G115 could not be enabled/disabled but they were documented inside golangci-lint.

The rule is from gosec, so it's better to discuss it with gosec.

You can also just disable this rule:

linters-settings:
  gosec:
    excludes:
      - G115

@ldemailly
Copy link

ldemailly commented Aug 20, 2024
edited
Loading

I did file the issue with them( securego/gosec#1185 ), so I guess I should add

with:
  version: v1.60.1

(or whichever version) to the action to avoid it being latest ?

thx

This was referenced Aug 21, 2024
Closed
Closed
@palsivertsen palsivertsen mentioned this pull request Aug 26, 2024
Closed
uudashr pushed a commit to uudashr/golangci-lint that referenced this pull request Sep 18, 2024
@ldez @uudashr
build(deps): bump github.com/securego/gosec/v2 from 5f0084eb01a9 to 8…
0588031 
…1cda2f91fbe (golangci#4927)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bombsimon bombsimon Awaiting requested review from bombsimon

Assignees
No one assigned
Labels
dependencies Relates to an upstream dependency go Pull requests that update Go code linter: update version Update version of linter
Projects
None yet
Milestone
v1.60
Development

Successfully merging this pull request may close these issues.
2 participants
@ldez @ldemailly