chore(deps): update tools to latest versions (#3205)

* chore(deps): update tools to latest versions Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * chore: disable gosec(G115) A change to the rule gosec(G115) made a large amount of FP for gosec appear when updating to the latest golang-ci linter. https://github.com/securego/gosec/issues/1185 https://github.com/securego/gosec/pull/1149 We're going to ignore this rule for the time being while waiting for gosec to get updates so that bound checking and example snippets of `valid` code is added for this rule Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> --------- Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com> Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
2024-09-19 21:51:56 +00:00 · 2024-09-13 15:05:50 -04:00 · 2024-09-13 15:05:50 -04:00 · 58100fec9f
commit 58100fec9f
parent 834027e32d
9 changed files with 20 additions and 17 deletions
--- a/.binny.yaml
+++ b/.binny.yaml
@ -26,7 +26,7 @@ tools:
  # used for linting
  - name: golangci-lint
    version:
-      want: v1.60.3
+      want: v1.61.0
    method: github-release
    with:
      repo: golangci/golangci-lint
@ -58,7 +58,7 @@ tools:
  # used to release all artifacts
  - name: goreleaser
    version:
-      want: v2.2.0
+      want: v2.3.0
    method: github-release
    with:
      repo: goreleaser/goreleaser
@ -103,7 +103,7 @@ tools:
  # used for running all local and CI tasks
  - name: task
    version:
-      want: v3.38.0
+      want: v3.39.0
    method: github-release
    with:
      repo: go-task/task
@ -111,7 +111,7 @@ tools:
  # used for triggering a release
  - name: gh
    version:
-      want: v2.55.0
+      want: v2.56.0
    method: github-release
    with:
      repo: cli/cli
@ -130,4 +130,4 @@ tools:
      want: v4.44.3
    method: github-release
    with:
-      repo: mikefarah/yq
+      repo: mikefarah/yq
--- a/.golangci.yaml
+++ b/.golangci.yaml
@ -57,6 +57,9 @@ linters-settings:
    settings:
      ruleguard:
        rules: "test/rules/rules.go"
+  gosec:
+    excludes:
+      - G115
 output:
  uniq-by-line: false
 run:
--- a/internal/file/zip_read_closer.go
+++ b/internal/file/zip_read_closer.go
@ -56,7 +56,7 @@ func OpenZip(filepath string) (*ZipReadCloser, error) {
 	if offset > math.MaxInt64 {
 		return nil, fmt.Errorf("archive start offset too large: %v", offset)
 	}
-	offset64 := int64(offset) //nolint:gosec // lint bug, checked above: https://github.com/securego/gosec/issues/1187
+	offset64 := int64(offset)

 	size := fi.Size() - offset64

@ -183,7 +183,7 @@ func findDirectory64End(r io.ReaderAt, directoryEndOffset int64) (int64, error)
 	if b.uint32() != 1 { // total number of disks
 		return -1, nil // the file is not a valid zip64-file
 	}
-	return int64(p), nil //nolint:gosec
+	return int64(p), nil
 }

 // readDirectory64End reads the zip64 directory end and updates the
--- a/syft/file/cataloger/executable/elf.go
+++ b/syft/file/cataloger/executable/elf.go
@ -175,7 +175,7 @@ func hasElfDynTag(f *elf.File, tag elf.DynTag) bool {
 			t = elf.DynTag(f.ByteOrder.Uint32(d[0:4]))
 			d = d[8:]
 		case elf.ELFCLASS64:
-			t = elf.DynTag(f.ByteOrder.Uint64(d[0:8])) //nolint:gosec
+			t = elf.DynTag(f.ByteOrder.Uint64(d[0:8]))
 			d = d[16:]
 		}
 		if t == tag {
--- a/syft/format/syftjson/to_syft_model.go
+++ b/syft/format/syftjson/to_syft_model.go
@ -146,7 +146,7 @@ func safeFileModeConvert(val int) (fs.FileMode, error) {
 	if err != nil {
 		return 0, err
 	}
-	return os.FileMode(mode), nil //nolint:gosec
+	return os.FileMode(mode), nil
 }

 func toSyftLicenses(m []model.License) (p []pkg.License) {
--- a/syft/pkg/cataloger/debian/parse_dpkg_db.go
+++ b/syft/pkg/cataloger/debian/parse_dpkg_db.go
@ -230,7 +230,7 @@ func handleNewKeyValue(line string) (key string, val interface{}, err error) {
 			if err != nil {
 				return "", nil, fmt.Errorf("bad installed-size value=%q: %w", val, err)
 			}
-			return key, int(s), nil //nolint:gosec
+			return key, int(s), nil
 		default:
 			return key, val, nil
 		}
--- a/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go
+++ b/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go
@ -268,7 +268,7 @@ func newPE(filename string, r io.ReaderAt) (nativeImage, error) {
 	}
 	exportSymbolsOffset := uint64(exportSymbolsDataDirectory.VirtualAddress)
 	exports := make([]byte, exportSymbolsDataDirectory.Size)
-	_, err = r.ReadAt(exports, int64(exportSymbolsOffset)) //nolint:gosec
+	_, err = r.ReadAt(exports, int64(exportSymbolsOffset))
 	if err != nil {
 		return fileError(filename, fmt.Errorf("could not read the exported symbols data directory: %w", err))
 	}
@ -412,7 +412,7 @@ func (ni nativeImagePE) fetchExportAttribute(i int) (uint32, error) {
 func (ni nativeImagePE) fetchExportFunctionPointer(functionsBase uint32, i uint32) (uint32, error) {
 	var pointer uint32

-	n := uint32(len(ni.exports)) //nolint:gosec
+	n := uint32(len(ni.exports))
 	sz := uint32(unsafe.Sizeof(ni.t.functionPointer))
 	j := functionsBase + i*sz
 	if j+sz >= n {
@ -457,7 +457,7 @@ func (ni nativeImagePE) fetchSbomSymbols(content *exportContentPE) {
 	sbomBytes := []byte(nativeImageSbomSymbol + "\x00")
 	sbomLengthBytes := []byte(nativeImageSbomLengthSymbol + "\x00")
 	svmVersionInfoBytes := []byte(nativeImageSbomVersionSymbol + "\x00")
-	n := uint32(len(ni.exports)) //nolint:gosec
+	n := uint32(len(ni.exports))

 	// Find SBOM, SBOM Length, and SVM Version Symbol
 	for i := uint32(0); i < content.numberOfNames; i++ {
--- a/syft/pkg/cataloger/php/parse_pecl_serialized.go
+++ b/syft/pkg/cataloger/php/parse_pecl_serialized.go
@ -60,10 +60,10 @@ func readStruct(metadata any, fields ...string) string {
 	if len(fields) > 0 {
 		value, ok := metadata.(map[any]any)
 		if !ok {
-			log.Tracef("unable to read '%s' from: %v", fields[0], metadata) //nolint:gosec
+			log.Tracef("unable to read '%s' from: %v", fields[0], metadata)
 			return ""
 		}
-		return readStruct(value[fields[0]], fields[1:]...) //nolint:gosec
+		return readStruct(value[fields[0]], fields[1:]...)
 	}
 	value, ok := metadata.(string)
 	if !ok {
--- a/syft/pkg/cataloger/redhat/parse_rpm_archive.go
+++ b/syft/pkg/cataloger/redhat/parse_rpm_archive.go
@ -88,12 +88,12 @@ func mapFiles(files []rpmutils.FileInfo, digestAlgorithm string) []pkg.RpmFileRe
 		}
 		out = append(out, pkg.RpmFileRecord{
 			Path:      f.Name(),
-			Mode:      pkg.RpmFileMode(f.Mode()), //nolint:gosec
+			Mode:      pkg.RpmFileMode(f.Mode()),
 			Size:      int(f.Size()),
 			Digest:    digest,
 			UserName:  f.UserName(),
 			GroupName: f.GroupName(),
-			Flags:     rpmdb.FileFlags(f.Flags()).String(), //nolint:gosec
+			Flags:     rpmdb.FileFlags(f.Flags()).String(),
 		})
 	}
 	return out