Update golangci-lint and Markdown linter (#4440)

Also fix new Markdown linter errors

Signed-off-by: Ryan Turner <turner@uber.com>
Co-authored-by: Marcos Yacob <marcos.yacob@hpe.com>

CONTRIBUTING.md

@@ -244,4 +244,4 @@ $ ln -s .githooks/pre-commit .git/hooks/pre-commit
 
 ## Reporting security vulnerabilities
 
-If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at security@spiffe.io. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
+If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at <security@spiffe.io>. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.

Makefile

@@ -138,12 +138,12 @@ endif
 
 go_path := PATH="$(go_bin_dir):$(PATH)"
 
-golangci_lint_version = v1.53.3
+golangci_lint_version = v1.54.1
 golangci_lint_dir = $(build_dir)/golangci_lint/$(golangci_lint_version)
 golangci_lint_bin = $(golangci_lint_dir)/golangci-lint
 golangci_lint_cache = $(golangci_lint_dir)/cache
 
-markdown_lint_version = v0.33.0
+markdown_lint_version = v0.35.0
 markdown_lint_image = ghcr.io/igorshubovych/markdownlint-cli:$(markdown_lint_version)
 
 protoc_version = 3.20.1

README.md

@@ -68,6 +68,6 @@ A third party security firm ([Cure53](https://cure53.de/)) completed a security
 
 ### Reporting Security Vulnerabilities
 
-If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at security@spiffe.io. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
+If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at <security@spiffe.io>. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
 
 <!-- markdownlint-configure-file { "MD041": false } -->

SECURITY.md

@@ -6,4 +6,4 @@ The project supports security releases for the current minor release series and
 
 ## Reporting a Vulnerability
 
-If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at security@spiffe.io. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
+If you've found a vulnerability or a potential vulnerability in SPIRE please let us know at <security@spiffe.io>. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.

doc/plugin_agent_workloadattestor_k8s.md

@@ -118,11 +118,11 @@ Sigstore enabled selectors (available when configured to use sigstore)
 
 | Selector                                           | Value                                                                                                                                                                                                                                                      |
 |----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| k8s:${containerID}:image-signature-content         | A containerID is an unique alphanumeric number for each container. The value of the signature itself in a hash (eg. "k8s:000000:image-signature-content:MEUCIQCyem8Gcr0sPFMP7fTXazCN57NcN5+MjxJw9Oo0x2eM+AIgdgBP96BO1Te/NdbjHbUeb0BUye6deRgVtQEv5No5smA=") |
-| k8s:${containerID}:image-signature-subject         | OIDC principal that signed it​ (eg. "k8s:000000:image-signature-subject:spirex@example.com")                                                                                                                                                               |
-| k8s:${containerID}:image-signature-logid           | A unique LogID for the Rekor transparency log​ (eg. "k8s:000000:image-signature-logid:samplelogID")                                                                                                                                                        |
-| k8s:${containerID}:image-signature-integrated-time | The time (in Unix timestamp format) when the image signature was integrated into the signature transparency log​ (eg. "k8s:000000:image-signature-integrated-time:12345")                                                                                  |
-| k8s:sigstore-validation                            | The confirmation if the signature is valid, has value of "passed" (eg. "k8s:sigstore-validation:passed")                                                                                                                                                   |
+| k8s:${containerID}:image-signature-content         | A containerID is an unique alphanumeric number for each container. The value of the signature itself in a hash (eg. `k8s:000000:image-signature-content:MEUCIQCyem8Gcr0sPFMP7fTXazCN57NcN5+MjxJw9Oo0x2eM+AIgdgBP96BO1Te/NdbjHbUeb0BUye6deRgVtQEv5No5smA=`) |
+| k8s:${containerID}:image-signature-subject         | OIDC principal that signed it​ (eg. `k8s:000000:image-signature-subject:spirex@example.com`)                                                                                                                                                               |
+| k8s:${containerID}:image-signature-logid           | A unique LogID for the Rekor transparency log​ (eg. `k8s:000000:image-signature-logid:samplelogID`)                                                                                                                                                        |
+| k8s:${containerID}:image-signature-integrated-time | The time (in Unix timestamp format) when the image signature was integrated into the signature transparency log​ (eg. `k8s:000000:image-signature-integrated-time:12345`)                                                                                  |
+| k8s:sigstore-validation                            | The confirmation if the signature is valid, has value of "passed" (eg. `k8s:sigstore-validation:passed`)                                                                                                                                                   |
 > **Note** `container-image` will ONLY match against the specific container in the pod that is contacting SPIRE on behalf of
 > the pod, whereas `pod-image` and `pod-init-image` will match against ANY container or init container in the Pod,
 > respectively.

support/oidc-discovery-provider/README.md

@@ -31,27 +31,27 @@ The provider has the following command line flags:
 The configuration file is **required** by the provider. It contains
 [HCL](https://github.com/hashicorp/hcl) encoded configurables.
 
-| Key                     | Type    | Required?      | Description                                                            | Default  |
-|-------------------------|---------|----------------|------------------------------------------------------------------------|----------|
-| `acme`                  | section | required[1]    | Provides the ACME configuration.                                       |          |
-| `serving_cert_file`     | section | required[1][4] | Provides the serving certificate configuration.                        |          |
-| `allow_insecure_scheme` | string  | optional[3]    | Serves OIDC configuration response with HTTP url.                      | `false`  |
-| `domains`               | strings | required       | One or more domains the provider is being served from.                 |          |
-| `experimental`          | section | optional       | The experimental options that are subject to change or removal.        |          |
-| `insecure_addr`         | string  | optional[3]    | Exposes the service on http.                                           |          |
-| `set_key_use`           | bool    | optional       | If true, the `use` parameter on JWKs will be set to `sig`.             | `false`  |
-| `listen_socket_path`    | string  | required[1][3] | Path on disk to listen with a Unix Domain Socket. Unix platforms only. |          |
-| `log_format`            | string  | optional       | Format of the logs (either `"TEXT"` or `"JSON"`)                       | `""`     |
-| `log_level`             | string  | required       | Log level (one of `"error"`,`"warn"`,`"info"`,`"debug"`)               | `"info"` |
-| `log_path`              | string  | optional       | Path on disk to write the log.                                         |          |
-| `log_requests`          | bool    | optional       | If true, all HTTP requests are logged at the debug level               | `false`  |
-| `server_api`            | section | required[2]    | Provides SPIRE Server API details.                                     |          |
-| `workload_api`          | section | required[2]    | Provides Workload API details.                                         |          |
-| `health_checks`         | section | optional       | Enable and configure health check endpoints                            |          |
-
-| experimental             | Type   | Required?      | Description                                          | Default |
-|--------------------------|--------|----------------|------------------------------------------------------|---------|
-| `listen_named_pipe_name` | string | required[1][3] | Pipe name to listen with a named pipe. Windows only. |         |
+| Key                     | Type    | Required?          | Description                                                            | Default  |
+|-------------------------|---------|--------------------|------------------------------------------------------------------------|----------|
+| `acme`                  | section | required[1]        | Provides the ACME configuration.                                       |          |
+| `serving_cert_file`     | section | required\[1\]\[4\] | Provides the serving certificate configuration.                        |          |
+| `allow_insecure_scheme` | string  | optional\[3\]      | Serves OIDC configuration response with HTTP url.                      | `false`  |
+| `domains`               | strings | required           | One or more domains the provider is being served from.                 |          |
+| `experimental`          | section | optional           | The experimental options that are subject to change or removal.        |          |
+| `insecure_addr`         | string  | optional\[3\]      | Exposes the service on http.                                           |          |
+| `set_key_use`           | bool    | optional           | If true, the `use` parameter on JWKs will be set to `sig`.             | `false`  |
+| `listen_socket_path`    | string  | required\[1\]\[3\] | Path on disk to listen with a Unix Domain Socket. Unix platforms only. |          |
+| `log_format`            | string  | optional           | Format of the logs (either `"TEXT"` or `"JSON"`)                       | `""`     |
+| `log_level`             | string  | required           | Log level (one of `"error"`,`"warn"`,`"info"`,`"debug"`)               | `"info"` |
+| `log_path`              | string  | optional           | Path on disk to write the log.                                         |          |
+| `log_requests`          | bool    | optional           | If true, all HTTP requests are logged at the debug level               | `false`  |
+| `server_api`            | section | required\[2\]      | Provides SPIRE Server API details.                                     |          |
+| `workload_api`          | section | required\[2\]      | Provides Workload API details.                                         |          |
+| `health_checks`         | section | optional           | Enable and configure health check endpoints                            |          |
+
+| experimental             | Type   | Required?          | Description                                          | Default |
+|--------------------------|--------|--------------------|------------------------------------------------------|---------|
+| `listen_named_pipe_name` | string | required\[1\]\[3\] | Pipe name to listen with a named pipe. Windows only. |         |
 
 <!-- markdownlint-configure-file { "MD053": false } -->