[SECENG] Update dependencies and config (#125)

* updated linter, test tool version
* updated linter configuration
* replace slices.Sort with sort.Slice
* updated go deps
* replace sort with slices for SortFunc
* removed x/exp package

.circleci/config.yml

@@ -6,7 +6,7 @@ orbs:
 executors:
   go:
     docker:
-      - image: cimg/go:1.20.12
+      - image: cimg/go:1.23.1
     environment:
       CGO_ENABLED: 0
 
@@ -15,7 +15,7 @@ jobs:
     executor: go
     steps:
       - checkout
-      - run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.2
+      - run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.60.3
       - run: golangci-lint run -c .golangci.yml
       - run:
           name: check go.mod
@@ -25,7 +25,7 @@ jobs:
     executor: go
     steps:
       - checkout
-      - run: go install gotest.tools/gotestsum@v1.8.1
+      - run: go install gotest.tools/gotestsum@v1.12.0
       - run: mkdir -p /tmp/test-results
       - run: CGO_ENABLED=1 gotestsum --junitfile="{{.RESULTS_DIR}}"/results.xml ./... -race -count=1
       - run:
@@ -54,56 +54,11 @@ jobs:
             git tag -a "v0.0.$CIRCLE_BUILD_NUM" -m "Release v0.0.$CIRCLE_BUILD_NUM"
             git push origin "v0.0.$CIRCLE_BUILD_NUM"
 
-  vulnerability-scan:
-    executor: go
-    steps:
-      - checkout
-      - run:
-          name: Setup Scanning
-          command: |
-              git config --global url."https://$GITHUB_USER:[email protected]/circleci/".insteadOf "https://github.com/circleci/"
-      - when:
-          condition:
-              or:
-                - equal: [ main, << pipeline.git.branch >> ]
-          steps:
-              - run:
-                  name: Launching Snyk Orb Scanning
-                  command: echo "Running snyk/scan on main; uploading the results"
-              - run:
-                  name: Cleanup RemoteRepoURL
-                  command: echo 'export REMOTE_REPO_URL="${CIRCLE_REPOSITORY_URL%".git"}"' >> "$BASH_ENV"
-              - snyk/scan:
-                  organization: "circleci-public"
-                  fail-on-issues: true
-                  severity-threshold: high
-                  monitor-on-build: true
-                  additional-arguments: "--all-projects --remote-repo-url=${REMOTE_REPO_URL} -d"
-      - unless:
-          condition:
-              or:
-                - equal: [ main, << pipeline.git.branch >> ]
-          steps:
-              - run:
-                  name: Launching Snyk Orb Scanning
-                  command: echo "Running snyk/scan on branch; not uploading the results"
-              - snyk/scan:
-                  organization: "circleci-public"
-                  fail-on-issues: true
-                  severity-threshold: high
-                  monitor-on-build: false
-                  additional-arguments: "--all-projects -d"
-
 workflows:
   main:
     jobs:
       - lint
       - test
-      - vulnerability-scan:
-          context: org-global-employees
-          requires:
-            - lint
-            - test
       - publish:
           requires:
             - lint

.golangci.yml

@@ -12,22 +12,6 @@ linters-settings:
     min-complexity: 15
   maligned:
     suggest-new: true
-  depguard:
-    list-type: blacklist
-    include-go-root: true
-    packages:
-      - log
-      - github.com/davecgh/go-spew
-    packages-with-error-message:
-      - github.com/cenkalti/backof[f]: use github.com/cenkalti/backoff/v4 instead
-      - gotest.tools/assert: use gotest.tools/v3/assert instead
-      - gotest.tools/assert/cmp: use gotest.tools/v3/assert/cmp instead
-      - gotest.tools/env: use gotest.tools/v3/env instead
-      - gotest.tools/fs: use gotest.tools/v3/fs instead
-      - gotest.tools/golden: use gotest.tools/v3/golden instead
-      - gotest.tools/icmd: use gotest.tools/v3/icmd instead
-      - gotest.tools/poll: use gotest.tools/v3/poll instead
-      - gotest.tools/skip: use gotest.tools/v3/skip instead
   dupl:
     threshold: 100
   goconst:
@@ -113,8 +97,6 @@ issues:
 linters:
   disable-all: true
   enable:
-    - deadcode
-    - depguard
     - errcheck
     - goconst
     - gofmt
@@ -126,4 +108,3 @@ linters:
     - prealloc
     - typecheck
     - unconvert
-    - varcheck

cpa/parsing.go

@@ -6,8 +6,9 @@ import (
 	"regexp"
 	"strings"
 
+	"slices"
+
 	"github.com/open-policy-agent/opa/ast"
-	"golang.org/x/exp/slices"
 
 	"github.com/CircleCI-Public/circle-policy-agent/internal/helpers"
 )

cpa/policy_test.go

@@ -4,12 +4,12 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"reflect"
 	"sort"
 	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/require"
-	"golang.org/x/exp/maps"
 )
 
 func TestParsePolicy(t *testing.T) {
@@ -433,8 +433,8 @@ func TestGetSource(t *testing.T) {
 	for _, tc := range testcases {
 		t.Run(tc.Name, func(t *testing.T) {
 			policy, err := ParseBundle(tc.Bundle)
-			sourceKeys := maps.Keys(policy.Source())
-			modulesKeys := maps.Keys(policy.Modules())
+			sourceKeys := getMapKeys(policy.Source())
+			modulesKeys := getMapKeys(policy.Modules())
 			sort.Strings(sourceKeys)
 			sort.Strings(modulesKeys)
 
@@ -470,12 +470,28 @@ func TestBundleLinksHelpers(t *testing.T) {
 		"circleci/rego/utils/utils.rego",
 		"orbs",
 	}
-	modules := maps.Keys(policy.Modules())
+
+	modules := getMapKeys(policy.Modules())
 	sort.Strings(modules)
 
 	require.EqualValues(t, expectedModules, modules)
 }
 
+// getMapKeys function to extract keys from a map using reflect package
+func getMapKeys(m interface{}) []string {
+	v := reflect.ValueOf(m)
+	if v.Kind() != reflect.Map {
+		return nil
+	}
+
+	keys := v.MapKeys()
+	strKeys := make([]string, len(keys))
+	for i, key := range keys {
+		strKeys[i] = key.String()
+	}
+	return strKeys
+}
+
 func TestHttpBlocked(t *testing.T) {
 	policy, err := ParseBundle(map[string]string{
 		"policy.rego": `

cpa/tester/runner.go

@@ -1,20 +1,21 @@
 package tester
 
 import (
+	"cmp"
 	"context"
 	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
 	"regexp"
+	"slices"
 	"strings"
 	"time"
 
 	"github.com/CircleCI-Public/circle-policy-agent/cpa"
 	"github.com/CircleCI-Public/circle-policy-agent/internal"
 	"github.com/open-policy-agent/opa/tester"
 	"github.com/pmezard/go-difflib/difflib"
-	"golang.org/x/exp/slices"
 	"gopkg.in/yaml.v3"
 )
 
@@ -161,7 +162,9 @@ func (runner *Runner) runFolder(folder string, results chan<- Result) {
 		return
 	}
 
-	slices.SortFunc(namedTests, func(a, b NamedTest) bool { return a.Name < b.Name })
+	slices.SortFunc(namedTests, func(a, b NamedTest) int {
+		return cmp.Compare(a.Name, b.Name)
+	})
 
 	for _, t := range namedTests {
 		runner.runTest(policy, results, t, folder, ParentTestContext{})

cpa/tester/test.go

@@ -1,13 +1,14 @@
 package tester
 
 import (
+	"cmp"
 	"io/fs"
 	"os"
 	"path/filepath"
+	"slices"
 	"strings"
 
 	"github.com/CircleCI-Public/circle-policy-agent/internal"
-	"golang.org/x/exp/slices"
 	"gopkg.in/yaml.v2"
 )
 
@@ -25,7 +26,10 @@ func (t Test) NamedCases() []NamedTest {
 	for name, test := range t.Cases {
 		result = append(result, NamedTest{name, test})
 	}
-	slices.SortFunc(result, func(a, b NamedTest) bool { return a.Name < b.Name })
+	slices.SortFunc(result, func(a, b NamedTest) int {
+		return cmp.Compare(a.Name, b.Name)
+	})
+
 	return result
 }
 

go.mod

@@ -1,57 +1,53 @@
 module github.com/CircleCI-Public/circle-policy-agent
 
-go 1.20
+go 1.23.1
 
 require (
-	github.com/open-policy-agent/opa v0.54.0
-	github.com/pmezard/go-difflib v1.0.0
-	github.com/stretchr/testify v1.8.3
-	golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1
+	github.com/open-policy-agent/opa v0.70.0
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
+	github.com/stretchr/testify v1.10.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
-	github.com/agnivade/levenshtein v1.1.1 // indirect
+	github.com/agnivade/levenshtein v1.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/dgraph-io/ristretto v1.0.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
-	github.com/golang/glog v1.1.1 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/flatbuffers v23.5.26+incompatible // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/klauspost/compress v1.16.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
-	github.com/prometheus/client_golang v1.16.0 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.44.0 // indirect
-	github.com/prometheus/procfs v0.11.0 // indirect
+	github.com/google/flatbuffers v24.3.25+incompatible // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/klauspost/compress v1.17.10 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/prometheus/client_golang v1.20.5 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.61.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
-	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0 // indirect
-	go.opentelemetry.io/otel v1.16.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0 // indirect
-	go.opentelemetry.io/otel/metric v1.16.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
-	go.opentelemetry.io/otel/trace v1.16.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
-	golang.org/x/net v0.12.0 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230724170836-66ad5b6ff146 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230724170836-66ad5b6ff146 // indirect
-	google.golang.org/grpc v1.56.2 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect
+	go.opentelemetry.io/otel v1.32.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.30.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.30.0 // indirect
+	go.opentelemetry.io/otel/metric v1.32.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.32.0 // indirect
+	go.opentelemetry.io/otel/trace v1.32.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/tools v0.25.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 // indirect
+	google.golang.org/protobuf v1.35.2 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )