Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump github.com/securego/gosec/v2 from 5f0084eb01a9 to 81cda2f91fbe #4927

Merged
merged 4 commits into from
Aug 20, 2024

Conversation

ldez
Copy link
Member

@ldez ldez commented Aug 20, 2024

This PR is related to #4906 (and #4904), the analyzers (G602, G115) can be filtered now.

The rules G115, G405, G406, G506, and G507 are added (kind of side effect of the update).

securego/gosec@5f0084e...81cda2f

The update is done by hand because gosec is not released yet and we already use a pseudo version because of #4748.

Note: exclusions are defined inside the configuration due to the compatibility requirements with the previous version of golangci-lint inside our tests.

@ldez ldez added dependencies Relates to an upstream dependency linter: update version Update version of linter go Pull requests that update Go code labels Aug 20, 2024
@ldez ldez added this to the next milestone Aug 20, 2024
@ldez ldez requested a review from bombsimon August 20, 2024 15:17
@ldez ldez force-pushed the fix/gosec-filter branch from 7f050ac to 6c4ec4f Compare August 20, 2024 15:38
@ldez
Copy link
Member Author

ldez commented Aug 20, 2024

I will merge this PR to avoid regressions related to G602.

@ldez ldez merged commit f338f3e into golangci:master Aug 20, 2024
16 checks passed
@ldez ldez deleted the fix/gosec-filter branch August 20, 2024 20:01
@ldez ldez modified the milestones: next, v1.60 Aug 20, 2024
@ldemailly
Copy link

ldemailly commented Aug 20, 2024

my CI started failing (despited pinned action
golangci/golangci-lint-action@aaa42aa )
with fun stuff like

 G115: integer overflow conversion uint8 -> int64 (gosec)
		return object.Integer{Value: int64(str[idx])}
		                                  ^

how is uint8 overflowing an int64 !?

filled at securego/gosec#1185

@ldez
Copy link
Member Author

ldez commented Aug 20, 2024

This update was required to be able to disable G602 and G115 inside the configuration.

I know that technically this update adds new rules but this was required to fix a bug.
The bug was that G602 and G115 could not be enabled/disabled but they were documented inside golangci-lint.

The rule is from gosec, so it's better to discuss it with gosec.

You can also just disable this rule:

linters-settings:
  gosec:
    excludes:
      - G115

@ldemailly
Copy link

ldemailly commented Aug 20, 2024

I did file the issue with them( securego/gosec#1185 ), so I guess I should add

with:
  version: v1.60.1

(or whichever version) to the action to avoid it being latest ?

thx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Relates to an upstream dependency go Pull requests that update Go code linter: update version Update version of linter
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants