chore(deps): update tools to latest versions (#3205)

* chore(deps): update tools to latest versions Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: disable gosec(G115) A change to the rule gosec(G115) made a large amount of FP for gosec appear when updating to the latest golang-ci linter. securego/gosec#1185 securego/gosec#1149 We're going to ignore this rule for the time being while waiting for gosec to get updates so that bound checking and example snippets of `valid` code is added for this rule Signed-off-by: Christopher Phillips <[email protected]> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Christopher Phillips <[email protected]> Co-authored-by: spiffcs <[email protected]>
anchore · Sep 13, 2024 · 58100fe · 58100fe
1 parent 834027e
commit 58100fe
Show file tree

Hide file tree

Showing 9 changed files with 20 additions and 17 deletions.
diff --git a/.binny.yaml b/.binny.yaml
@@ -26,7 +26,7 @@ tools:
   # used for linting
   - name: golangci-lint
     version:
-      want: v1.60.3
+      want: v1.61.0
     method: github-release
     with:
       repo: golangci/golangci-lint
@@ -58,7 +58,7 @@ tools:
   # used to release all artifacts
   - name: goreleaser
     version:
-      want: v2.2.0
+      want: v2.3.0
     method: github-release
     with:
       repo: goreleaser/goreleaser
@@ -103,15 +103,15 @@ tools:
   # used for running all local and CI tasks
   - name: task
     version:
-      want: v3.38.0
+      want: v3.39.0
     method: github-release
     with:
       repo: go-task/task
 
   # used for triggering a release
   - name: gh
     version:
-      want: v2.55.0
+      want: v2.56.0
     method: github-release
     with:
       repo: cli/cli
@@ -130,4 +130,4 @@ tools:
       want: v4.44.3
     method: github-release
     with:
-      repo: mikefarah/yq
+      repo: mikefarah/yq
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -57,6 +57,9 @@ linters-settings:
     settings:
       ruleguard:
         rules: "test/rules/rules.go"
+  gosec:
+    excludes:
+      - G115
 output:
   uniq-by-line: false
 run:

diff --git a/internal/file/zip_read_closer.go b/internal/file/zip_read_closer.go
@@ -56,7 +56,7 @@ func OpenZip(filepath string) (*ZipReadCloser, error) {
 	if offset > math.MaxInt64 {
 		return nil, fmt.Errorf("archive start offset too large: %v", offset)
 	}
-	offset64 := int64(offset) //nolint:gosec // lint bug, checked above: https://github.com/securego/gosec/issues/1187
+	offset64 := int64(offset)
 
 	size := fi.Size() - offset64
 
@@ -183,7 +183,7 @@ func findDirectory64End(r io.ReaderAt, directoryEndOffset int64) (int64, error)
 	if b.uint32() != 1 { // total number of disks
 		return -1, nil // the file is not a valid zip64-file
 	}
-	return int64(p), nil //nolint:gosec
+	return int64(p), nil
 }
 
 // readDirectory64End reads the zip64 directory end and updates the

diff --git a/syft/file/cataloger/executable/elf.go b/syft/file/cataloger/executable/elf.go
@@ -175,7 +175,7 @@ func hasElfDynTag(f *elf.File, tag elf.DynTag) bool {
 			t = elf.DynTag(f.ByteOrder.Uint32(d[0:4]))
 			d = d[8:]
 		case elf.ELFCLASS64:
-			t = elf.DynTag(f.ByteOrder.Uint64(d[0:8])) //nolint:gosec
+			t = elf.DynTag(f.ByteOrder.Uint64(d[0:8]))
 			d = d[16:]
 		}
 		if t == tag {

diff --git a/syft/format/syftjson/to_syft_model.go b/syft/format/syftjson/to_syft_model.go
@@ -146,7 +146,7 @@ func safeFileModeConvert(val int) (fs.FileMode, error) {
 	if err != nil {
 		return 0, err
 	}
-	return os.FileMode(mode), nil //nolint:gosec
+	return os.FileMode(mode), nil
 }
 
 func toSyftLicenses(m []model.License) (p []pkg.License) {

diff --git a/syft/pkg/cataloger/debian/parse_dpkg_db.go b/syft/pkg/cataloger/debian/parse_dpkg_db.go
@@ -230,7 +230,7 @@ func handleNewKeyValue(line string) (key string, val interface{}, err error) {
 			if err != nil {
 				return "", nil, fmt.Errorf("bad installed-size value=%q: %w", val, err)
 			}
-			return key, int(s), nil //nolint:gosec
+			return key, int(s), nil
 		default:
 			return key, val, nil
 		}

diff --git a/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go b/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go
@@ -268,7 +268,7 @@ func newPE(filename string, r io.ReaderAt) (nativeImage, error) {
 	}
 	exportSymbolsOffset := uint64(exportSymbolsDataDirectory.VirtualAddress)
 	exports := make([]byte, exportSymbolsDataDirectory.Size)
-	_, err = r.ReadAt(exports, int64(exportSymbolsOffset)) //nolint:gosec
+	_, err = r.ReadAt(exports, int64(exportSymbolsOffset))
 	if err != nil {
 		return fileError(filename, fmt.Errorf("could not read the exported symbols data directory: %w", err))
 	}
@@ -412,7 +412,7 @@ func (ni nativeImagePE) fetchExportAttribute(i int) (uint32, error) {
 func (ni nativeImagePE) fetchExportFunctionPointer(functionsBase uint32, i uint32) (uint32, error) {
 	var pointer uint32
 
-	n := uint32(len(ni.exports)) //nolint:gosec
+	n := uint32(len(ni.exports))
 	sz := uint32(unsafe.Sizeof(ni.t.functionPointer))
 	j := functionsBase + i*sz
 	if j+sz >= n {
@@ -457,7 +457,7 @@ func (ni nativeImagePE) fetchSbomSymbols(content *exportContentPE) {
 	sbomBytes := []byte(nativeImageSbomSymbol + "\x00")
 	sbomLengthBytes := []byte(nativeImageSbomLengthSymbol + "\x00")
 	svmVersionInfoBytes := []byte(nativeImageSbomVersionSymbol + "\x00")
-	n := uint32(len(ni.exports)) //nolint:gosec
+	n := uint32(len(ni.exports))
 
 	// Find SBOM, SBOM Length, and SVM Version Symbol
 	for i := uint32(0); i < content.numberOfNames; i++ {

diff --git a/syft/pkg/cataloger/php/parse_pecl_serialized.go b/syft/pkg/cataloger/php/parse_pecl_serialized.go
@@ -60,10 +60,10 @@ func readStruct(metadata any, fields ...string) string {
 	if len(fields) > 0 {
 		value, ok := metadata.(map[any]any)
 		if !ok {
-			log.Tracef("unable to read '%s' from: %v", fields[0], metadata) //nolint:gosec
+			log.Tracef("unable to read '%s' from: %v", fields[0], metadata)
 			return ""
 		}
-		return readStruct(value[fields[0]], fields[1:]...) //nolint:gosec
+		return readStruct(value[fields[0]], fields[1:]...)
 	}
 	value, ok := metadata.(string)
 	if !ok {

diff --git a/syft/pkg/cataloger/redhat/parse_rpm_archive.go b/syft/pkg/cataloger/redhat/parse_rpm_archive.go
@@ -88,12 +88,12 @@ func mapFiles(files []rpmutils.FileInfo, digestAlgorithm string) []pkg.RpmFileRe
 		}
 		out = append(out, pkg.RpmFileRecord{
 			Path:      f.Name(),
-			Mode:      pkg.RpmFileMode(f.Mode()), //nolint:gosec
+			Mode:      pkg.RpmFileMode(f.Mode()),
 			Size:      int(f.Size()),
 			Digest:    digest,
 			UserName:  f.UserName(),
 			GroupName: f.GroupName(),
-			Flags:     rpmdb.FileFlags(f.Flags()).String(), //nolint:gosec
+			Flags:     rpmdb.FileFlags(f.Flags()).String(),
 		})
 	}
 	return out