Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package golangci-lint for openSUSE:Factory
checked in at 2023-10-26 17:13:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/golangci-lint (Old)
and /work/SRC/openSUSE:Factory/.golangci-lint.new.24901 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "golangci-lint"
Thu Oct 26 17:13:34 2023 rev:9 rq:1120331 version:1.55.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/golangci-lint/golangci-lint.changes
2023-10-20 23:22:13.970485278 +0200
+++ /work/SRC/openSUSE:Factory/.golangci-lint.new.24901/golangci-lint.changes
2023-10-26 17:14:21.816146827 +0200
@@ -1,0 +2,11 @@
+Wed Oct 25 14:19:00 UTC 2023 - Jeff Kowalczyk <jkowalc...@suse.com>
+
+- Update to version 1.55.1:
+ * output: convert backslashes to forward slashes for GitHub Action
annotations printer (#4149)
+ * build(deps): bump actions/setup-node from 3 to 4 (#4155)
+ * build(deps): bump github.com/golangci/revgrep from v0.5.0 to v0.5.2 (#4154)
+ * build(deps): bump github.com/securego/gosec/v2 from 2.18.1 to 2.18.2
(#4153)
+ * docs: Update documentation and assets
+ * docs: Update documentation and assets
+
+-------------------------------------------------------------------
Old:
----
golangci-lint-1.55.0.tar.xz
New:
----
golangci-lint-1.55.1.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ golangci-lint.spec ++++++
--- /var/tmp/diff_new_pack.tCQOL5/_old 2023-10-26 17:14:23.512209118 +0200
+++ /var/tmp/diff_new_pack.tCQOL5/_new 2023-10-26 17:14:23.528209706 +0200
@@ -21,7 +21,7 @@
# timemstap can be obtained by doing an rpm query
Name: golangci-lint
-Version: 1.55.0
+Version: 1.55.1
Release: 0
Summary: A fast Go linters runner
License: GPL-3.0-only
++++++ _service ++++++
--- /var/tmp/diff_new_pack.tCQOL5/_old 2023-10-26 17:14:23.816220283 +0200
+++ /var/tmp/diff_new_pack.tCQOL5/_new 2023-10-26 17:14:23.848221458 +0200
@@ -3,7 +3,7 @@
<param name="scm">git</param>
<param name="url">https://github.com/golangci/golangci-lint.git</param>
<param name="exclude">.git</param>
- <param name="revision">v1.55.0</param>
+ <param name="revision">v1.55.1</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="filename">golangci-lint</param>
<param name="versionrewrite-pattern">v(.*)</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.tCQOL5/_old 2023-10-26 17:14:24.020227776 +0200
+++ /var/tmp/diff_new_pack.tCQOL5/_new 2023-10-26 17:14:24.060229245 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/golangci/golangci-lint.git</param>
- <param
name="changesrevision">de1c391922f0e3792c862f7e8c653bbf3f198d16</param></service></servicedata>
+ <param
name="changesrevision">9b20d49dc234cae4819cea4cfd64d0cc507310c4</param></service></servicedata>
(No newline at EOF)
++++++ golangci-lint-1.55.0.tar.xz -> golangci-lint-1.55.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/golangci-lint/golangci-lint-1.55.0.tar.xz
/work/SRC/openSUSE:Factory/.golangci-lint.new.24901/golangci-lint-1.55.1.tar.xz
differ: char 15, line 1
++++++ vendor.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/golangci/revgrep/revgrep.go
new/vendor/github.com/golangci/revgrep/revgrep.go
--- old/vendor/github.com/golangci/revgrep/revgrep.go 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/golangci/revgrep/revgrep.go 2023-10-25
16:19:15.000000000 +0200
@@ -340,8 +340,6 @@
// If revisionFrom is set but revisionTo is not, untracked files will be
included, to exclude untracked files set revisionTo to HEAD~.
// It's incorrect to specify revisionTo without a revisionFrom.
func GitPatch(revisionFrom, revisionTo string) (io.Reader, []string, error) {
- var patch bytes.Buffer
-
// check if git repo exists
if err := exec.Command("git", "status", "--porcelain").Run(); err !=
nil {
// don't return an error, we assume the error is not repo exists
@@ -365,8 +363,9 @@
newFiles = append(newFiles, string(file))
}
+ var patch bytes.Buffer
if revisionFrom != "" {
- cmd := exec.Command("git", "diff", "--color=never",
"--no-ext-diff", "--default-prefix", "--relative", revisionFrom)
+ cmd := gitDiff(revisionFrom)
if revisionTo != "" {
cmd.Args = append(cmd.Args, revisionTo)
}
@@ -380,11 +379,12 @@
if revisionTo == "" {
return &patch, newFiles, nil
}
+
return &patch, nil, nil
}
// make a patch for unstaged changes
- cmd := exec.Command("git", "diff", "--color=never", "--no-ext-diff",
"--default-prefix", "--relative", "--")
+ cmd := gitDiff("--")
cmd.Stdout = &patch
if err := cmd.Run(); err != nil {
return nil, nil, fmt.Errorf("error executing git diff: %w", err)
@@ -399,7 +399,7 @@
// check for changes in recent commit
- cmd = exec.Command("git", "diff", "--color=never", "--no-ext-diff",
"--default-prefix", "--relative", "HEAD~", "--")
+ cmd = gitDiff("HEAD~", "--")
cmd.Stdout = &patch
if err := cmd.Run(); err != nil {
return nil, nil, fmt.Errorf("error executing git diff HEAD~:
%w", err)
@@ -407,3 +407,55 @@
return &patch, nil, nil
}
+
+func gitDiff(extraArgs ...string) *exec.Cmd {
+ cmd := exec.Command("git", "diff", "--color=never", "--no-ext-diff")
+
+ if isSupportedByGit(2, 41, 0) {
+ cmd.Args = append(cmd.Args, "--default-prefix")
+ }
+
+ cmd.Args = append(cmd.Args, "--relative")
+ cmd.Args = append(cmd.Args, extraArgs...)
+
+ return cmd
+}
+
+func isSupportedByGit(major, minor, patch int) bool {
+ output, err := exec.Command("git", "version").CombinedOutput()
+ if err != nil {
+ return false
+ }
+
+ parts := bytes.Split(bytes.TrimSpace(output), []byte(" "))
+ if len(parts) < 3 {
+ return false
+ }
+
+ v := string(parts[2])
+ if v == "" {
+ return false
+ }
+
+ vp :=
regexp.MustCompile(`^(\d+)\.(\d+)(?:\.(\d+))?.*$`).FindStringSubmatch(v)
+ if len(vp) < 4 {
+ return false
+ }
+
+ currentMajor, err := strconv.Atoi(vp[1])
+ if err != nil {
+ return false
+ }
+
+ currentMinor, err := strconv.Atoi(vp[2])
+ if err != nil {
+ return false
+ }
+
+ currentPatch, err := strconv.Atoi(vp[3])
+ if err != nil {
+ return false
+ }
+
+ return
currentMajor*1_000_000_000+currentMinor*1_000_000+currentPatch*1_000 >=
major*1_000_000_000+minor*1_000_000+patch*1_000
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/google/go-cmp/cmp/compare.go
new/vendor/github.com/google/go-cmp/cmp/compare.go
--- old/vendor/github.com/google/go-cmp/cmp/compare.go 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/google/go-cmp/cmp/compare.go 2023-10-25
16:19:15.000000000 +0200
@@ -5,7 +5,7 @@
// Package cmp determines equality of values.
//
// This package is intended to be a more powerful and safer alternative to
-// reflect.DeepEqual for comparing whether two values are semantically equal.
+// [reflect.DeepEqual] for comparing whether two values are semantically equal.
// It is intended to only be used in tests, as performance is not a goal and
// it may panic if it cannot compare the values. Its propensity towards
// panicking means that its unsuitable for production environments where a
@@ -18,16 +18,17 @@
// For example, an equality function may report floats as equal so long as
// they are within some tolerance of each other.
//
-// - Types with an Equal method may use that method to determine equality.
-// This allows package authors to determine the equality operation
-// for the types that they define.
+// - Types with an Equal method (e.g., [time.Time.Equal]) may use that method
+// to determine equality. This allows package authors to determine
+// the equality operation for the types that they define.
//
// - If no custom equality functions are used and no Equal method is defined,
// equality is determined by recursively comparing the primitive kinds on
-// both values, much like reflect.DeepEqual. Unlike reflect.DeepEqual,
+// both values, much like [reflect.DeepEqual]. Unlike [reflect.DeepEqual],
// unexported fields are not compared by default; they result in panics
-// unless suppressed by using an Ignore option (see
cmpopts.IgnoreUnexported)
-// or explicitly compared using the Exporter option.
+// unless suppressed by using an [Ignore] option
+// (see [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported])
+// or explicitly compared using the [Exporter] option.
package cmp
import (
@@ -45,14 +46,14 @@
// Equal reports whether x and y are equal by recursively applying the
// following rules in the given order to x and y and all of their sub-values:
//
-// - Let S be the set of all Ignore, Transformer, and Comparer options that
+// - Let S be the set of all [Ignore], [Transformer], and [Comparer] options
that
// remain after applying all path filters, value filters, and type filters.
-// If at least one Ignore exists in S, then the comparison is ignored.
-// If the number of Transformer and Comparer options in S is non-zero,
+// If at least one [Ignore] exists in S, then the comparison is ignored.
+// If the number of [Transformer] and [Comparer] options in S is non-zero,
// then Equal panics because it is ambiguous which option to use.
-// If S contains a single Transformer, then use that to transform
+// If S contains a single [Transformer], then use that to transform
// the current values and recursively call Equal on the output values.
-// If S contains a single Comparer, then use that to compare the current
values.
+// If S contains a single [Comparer], then use that to compare the current
values.
// Otherwise, evaluation proceeds to the next rule.
//
// - If the values have an Equal method of the form "(T) Equal(T) bool" or
@@ -66,21 +67,22 @@
// Functions are only equal if they are both nil, otherwise they are
unequal.
//
// Structs are equal if recursively calling Equal on all fields report equal.
-// If a struct contains unexported fields, Equal panics unless an Ignore option
-// (e.g., cmpopts.IgnoreUnexported) ignores that field or the Exporter option
-// explicitly permits comparing the unexported field.
+// If a struct contains unexported fields, Equal panics unless an [Ignore]
option
+// (e.g., [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported]) ignores
that field
+// or the [Exporter] option explicitly permits comparing the unexported field.
//
// Slices are equal if they are both nil or both non-nil, where recursively
// calling Equal on all non-ignored slice or array elements report equal.
// Empty non-nil slices and nil slices are not equal; to equate empty slices,
-// consider using cmpopts.EquateEmpty.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.EquateEmpty].
//
// Maps are equal if they are both nil or both non-nil, where recursively
// calling Equal on all non-ignored map entries report equal.
// Map keys are equal according to the == operator.
-// To use custom comparisons for map keys, consider using cmpopts.SortMaps.
+// To use custom comparisons for map keys, consider using
+// [github.com/google/go-cmp/cmp/cmpopts.SortMaps].
// Empty non-nil maps and nil maps are not equal; to equate empty maps,
-// consider using cmpopts.EquateEmpty.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.EquateEmpty].
//
// Pointers and interfaces are equal if they are both nil or both non-nil,
// where they have the same underlying concrete type and recursively
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/google/go-cmp/cmp/export.go
new/vendor/github.com/google/go-cmp/cmp/export.go
--- old/vendor/github.com/google/go-cmp/cmp/export.go 1970-01-01
01:00:00.000000000 +0100
+++ new/vendor/github.com/google/go-cmp/cmp/export.go 2023-10-25
16:19:15.000000000 +0200
@@ -0,0 +1,31 @@
+// Copyright 2017, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cmp
+
+import (
+ "reflect"
+ "unsafe"
+)
+
+// retrieveUnexportedField uses unsafe to forcibly retrieve any field from
+// a struct such that the value has read-write permissions.
+//
+// The parent struct, v, must be addressable, while f must be a StructField
+// describing the field to retrieve. If addr is false,
+// then the returned value will be shallowed copied to be non-addressable.
+func retrieveUnexportedField(v reflect.Value, f reflect.StructField, addr
bool) reflect.Value {
+ ve := reflect.NewAt(f.Type,
unsafe.Pointer(uintptr(unsafe.Pointer(v.UnsafeAddr()))+f.Offset)).Elem()
+ if !addr {
+ // A field is addressable if and only if the struct is
addressable.
+ // If the original parent value was not addressable, shallow
copy the
+ // value to make it non-addressable to avoid leaking an
implementation
+ // detail of how forcibly exporting a field works.
+ if ve.Kind() == reflect.Interface && ve.IsNil() {
+ return reflect.Zero(f.Type)
+ }
+ return reflect.ValueOf(ve.Interface()).Convert(f.Type)
+ }
+ return ve
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/google/go-cmp/cmp/export_panic.go
new/vendor/github.com/google/go-cmp/cmp/export_panic.go
--- old/vendor/github.com/google/go-cmp/cmp/export_panic.go 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/google/go-cmp/cmp/export_panic.go 1970-01-01
01:00:00.000000000 +0100
@@ -1,16 +0,0 @@
-// Copyright 2017, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego
-// +build purego
-
-package cmp
-
-import "reflect"
-
-const supportExporters = false
-
-func retrieveUnexportedField(reflect.Value, reflect.StructField, bool)
reflect.Value {
- panic("no support for forcibly accessing unexported fields")
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
new/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
--- old/vendor/github.com/google/go-cmp/cmp/export_unsafe.go 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/google/go-cmp/cmp/export_unsafe.go 1970-01-01
01:00:00.000000000 +0100
@@ -1,36 +0,0 @@
-// Copyright 2017, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !purego
-// +build !purego
-
-package cmp
-
-import (
- "reflect"
- "unsafe"
-)
-
-const supportExporters = true
-
-// retrieveUnexportedField uses unsafe to forcibly retrieve any field from
-// a struct such that the value has read-write permissions.
-//
-// The parent struct, v, must be addressable, while f must be a StructField
-// describing the field to retrieve. If addr is false,
-// then the returned value will be shallowed copied to be non-addressable.
-func retrieveUnexportedField(v reflect.Value, f reflect.StructField, addr
bool) reflect.Value {
- ve := reflect.NewAt(f.Type,
unsafe.Pointer(uintptr(unsafe.Pointer(v.UnsafeAddr()))+f.Offset)).Elem()
- if !addr {
- // A field is addressable if and only if the struct is
addressable.
- // If the original parent value was not addressable, shallow
copy the
- // value to make it non-addressable to avoid leaking an
implementation
- // detail of how forcibly exporting a field works.
- if ve.Kind() == reflect.Interface && ve.IsNil() {
- return reflect.Zero(f.Type)
- }
- return reflect.ValueOf(ve.Interface()).Convert(f.Type)
- }
- return ve
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
new/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
--- old/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
1970-01-01 01:00:00.000000000 +0100
+++ new/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
2023-10-25 16:19:15.000000000 +0200
@@ -0,0 +1,34 @@
+// Copyright 2018, The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package value
+
+import (
+ "reflect"
+ "unsafe"
+)
+
+// Pointer is an opaque typed pointer and is guaranteed to be comparable.
+type Pointer struct {
+ p unsafe.Pointer
+ t reflect.Type
+}
+
+// PointerOf returns a Pointer from v, which must be a
+// reflect.Ptr, reflect.Slice, or reflect.Map.
+func PointerOf(v reflect.Value) Pointer {
+ // The proper representation of a pointer is unsafe.Pointer,
+ // which is necessary if the GC ever uses a moving collector.
+ return Pointer{unsafe.Pointer(v.Pointer()), v.Type()}
+}
+
+// IsNil reports whether the pointer is nil.
+func (p Pointer) IsNil() bool {
+ return p.p == nil
+}
+
+// Uintptr returns the pointer as a uintptr.
+func (p Pointer) Uintptr() uintptr {
+ return uintptr(p.p)
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
new/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
--- old/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
2023-10-20 14:02:51.000000000 +0200
+++ new/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
1970-01-01 01:00:00.000000000 +0100
@@ -1,34 +0,0 @@
-// Copyright 2018, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego
-// +build purego
-
-package value
-
-import "reflect"
-
-// Pointer is an opaque typed pointer and is guaranteed to be comparable.
-type Pointer struct {
- p uintptr
- t reflect.Type
-}
-
-// PointerOf returns a Pointer from v, which must be a
-// reflect.Ptr, reflect.Slice, or reflect.Map.
-func PointerOf(v reflect.Value) Pointer {
- // NOTE: Storing a pointer as an uintptr is technically incorrect as it
- // assumes that the GC implementation does not use a moving collector.
- return Pointer{v.Pointer(), v.Type()}
-}
-
-// IsNil reports whether the pointer is nil.
-func (p Pointer) IsNil() bool {
- return p.p == 0
-}
-
-// Uintptr returns the pointer as a uintptr.
-func (p Pointer) Uintptr() uintptr {
- return p.p
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
new/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
--- old/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
2023-10-20 14:02:51.000000000 +0200
+++ new/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
1970-01-01 01:00:00.000000000 +0100
@@ -1,37 +0,0 @@
-// Copyright 2018, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !purego
-// +build !purego
-
-package value
-
-import (
- "reflect"
- "unsafe"
-)
-
-// Pointer is an opaque typed pointer and is guaranteed to be comparable.
-type Pointer struct {
- p unsafe.Pointer
- t reflect.Type
-}
-
-// PointerOf returns a Pointer from v, which must be a
-// reflect.Ptr, reflect.Slice, or reflect.Map.
-func PointerOf(v reflect.Value) Pointer {
- // The proper representation of a pointer is unsafe.Pointer,
- // which is necessary if the GC ever uses a moving collector.
- return Pointer{unsafe.Pointer(v.Pointer()), v.Type()}
-}
-
-// IsNil reports whether the pointer is nil.
-func (p Pointer) IsNil() bool {
- return p.p == nil
-}
-
-// Uintptr returns the pointer as a uintptr.
-func (p Pointer) Uintptr() uintptr {
- return uintptr(p.p)
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/google/go-cmp/cmp/options.go
new/vendor/github.com/google/go-cmp/cmp/options.go
--- old/vendor/github.com/google/go-cmp/cmp/options.go 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/google/go-cmp/cmp/options.go 2023-10-25
16:19:15.000000000 +0200
@@ -13,15 +13,15 @@
"github.com/google/go-cmp/cmp/internal/function"
)
-// Option configures for specific behavior of Equal and Diff. In particular,
-// the fundamental Option functions (Ignore, Transformer, and Comparer),
+// Option configures for specific behavior of [Equal] and [Diff]. In
particular,
+// the fundamental Option functions ([Ignore], [Transformer], and [Comparer]),
// configure how equality is determined.
//
-// The fundamental options may be composed with filters (FilterPath and
-// FilterValues) to control the scope over which they are applied.
+// The fundamental options may be composed with filters ([FilterPath] and
+// [FilterValues]) to control the scope over which they are applied.
//
-// The cmp/cmpopts package provides helper functions for creating options that
-// may be used with Equal and Diff.
+// The [github.com/google/go-cmp/cmp/cmpopts] package provides helper functions
+// for creating options that may be used with [Equal] and [Diff].
type Option interface {
// filter applies all filters and returns the option that remains.
// Each option may only read s.curPath and call s.callTTBFunc.
@@ -56,9 +56,9 @@
func (core) isCore() {}
-// Options is a list of Option values that also satisfies the Option interface.
+// Options is a list of [Option] values that also satisfies the [Option]
interface.
// Helper comparison packages may return an Options value when packing multiple
-// Option values into a single Option. When this package processes an Options,
+// [Option] values into a single [Option]. When this package processes an
Options,
// it will be implicitly expanded into a flat list.
//
// Applying a filter on an Options is equivalent to applying that same filter
@@ -105,16 +105,16 @@
return fmt.Sprintf("Options{%s}", strings.Join(ss, ", "))
}
-// FilterPath returns a new Option where opt is only evaluated if filter f
-// returns true for the current Path in the value tree.
+// FilterPath returns a new [Option] where opt is only evaluated if filter f
+// returns true for the current [Path] in the value tree.
//
// This filter is called even if a slice element or map entry is missing and
// provides an opportunity to ignore such cases. The filter function must be
// symmetric such that the filter result is identical regardless of whether the
// missing value is from x or y.
//
-// The option passed in may be an Ignore, Transformer, Comparer, Options, or
-// a previously filtered Option.
+// The option passed in may be an [Ignore], [Transformer], [Comparer],
[Options], or
+// a previously filtered [Option].
func FilterPath(f func(Path) bool, opt Option) Option {
if f == nil {
panic("invalid path filter function")
@@ -142,7 +142,7 @@
return fmt.Sprintf("FilterPath(%s, %v)",
function.NameOf(reflect.ValueOf(f.fnc)), f.opt)
}
-// FilterValues returns a new Option where opt is only evaluated if filter f,
+// FilterValues returns a new [Option] where opt is only evaluated if filter f,
// which is a function of the form "func(T, T) bool", returns true for the
// current pair of values being compared. If either value is invalid or
// the type of the values is not assignable to T, then this filter implicitly
@@ -154,8 +154,8 @@
// If T is an interface, it is possible that f is called with two values with
// different concrete types that both implement T.
//
-// The option passed in may be an Ignore, Transformer, Comparer, Options, or
-// a previously filtered Option.
+// The option passed in may be an [Ignore], [Transformer], [Comparer],
[Options], or
+// a previously filtered [Option].
func FilterValues(f interface{}, opt Option) Option {
v := reflect.ValueOf(f)
if !function.IsType(v.Type(), function.ValueFilter) || v.IsNil() {
@@ -192,9 +192,9 @@
return fmt.Sprintf("FilterValues(%s, %v)", function.NameOf(f.fnc),
f.opt)
}
-// Ignore is an Option that causes all comparisons to be ignored.
-// This value is intended to be combined with FilterPath or FilterValues.
-// It is an error to pass an unfiltered Ignore option to Equal.
+// Ignore is an [Option] that causes all comparisons to be ignored.
+// This value is intended to be combined with [FilterPath] or [FilterValues].
+// It is an error to pass an unfiltered Ignore option to [Equal].
func Ignore() Option { return ignore{} }
type ignore struct{ core }
@@ -234,6 +234,8 @@
name = fmt.Sprintf("%q.%v", t.PkgPath(), t.Name()) //
e.g., "path/to/package".MyType
if _, ok := reflect.New(t).Interface().(error); ok {
help = "consider using cmpopts.EquateErrors to
compare error values"
+ } else if t.Comparable() {
+ help = "consider using cmpopts.EquateComparable
to compare comparable Go types"
}
} else {
// Unnamed type with unexported fields. Derive PkgPath
from field.
@@ -254,7 +256,7 @@
var identsRx = regexp.MustCompile(`^` + identRx + `(\.` + identRx + `)*$`)
-// Transformer returns an Option that applies a transformation function that
+// Transformer returns an [Option] that applies a transformation function that
// converts values of a certain type into that of another.
//
// The transformer f must be a function "func(T) R" that converts values of
@@ -265,13 +267,14 @@
// same transform to the output of itself (e.g., in the case where the
// input and output types are the same), an implicit filter is added such that
// a transformer is applicable only if that exact transformer is not already
-// in the tail of the Path since the last non-Transform step.
+// in the tail of the [Path] since the last non-[Transform] step.
// For situations where the implicit filter is still insufficient,
-// consider using cmpopts.AcyclicTransformer, which adds a filter
-// to prevent the transformer from being recursively applied upon itself.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.AcyclicTransformer],
+// which adds a filter to prevent the transformer from
+// being recursively applied upon itself.
//
-// The name is a user provided label that is used as the Transform.Name in the
-// transformation PathStep (and eventually shown in the Diff output).
+// The name is a user provided label that is used as the [Transform.Name] in
the
+// transformation [PathStep] (and eventually shown in the [Diff] output).
// The name must be a valid identifier or qualified identifier in Go syntax.
// If empty, an arbitrary name is used.
func Transformer(name string, f interface{}) Option {
@@ -329,7 +332,7 @@
return fmt.Sprintf("Transformer(%s, %s)", tr.name,
function.NameOf(tr.fnc))
}
-// Comparer returns an Option that determines whether two values are equal
+// Comparer returns an [Option] that determines whether two values are equal
// to each other.
//
// The comparer f must be a function "func(T, T) bool" and is implicitly
@@ -377,35 +380,32 @@
return fmt.Sprintf("Comparer(%s)", function.NameOf(cm.fnc))
}
-// Exporter returns an Option that specifies whether Equal is allowed to
+// Exporter returns an [Option] that specifies whether [Equal] is allowed to
// introspect into the unexported fields of certain struct types.
//
// Users of this option must understand that comparing on unexported fields
// from external packages is not safe since changes in the internal
-// implementation of some external package may cause the result of Equal
+// implementation of some external package may cause the result of [Equal]
// to unexpectedly change. However, it may be valid to use this option on types
// defined in an internal package where the semantic meaning of an unexported
// field is in the control of the user.
//
-// In many cases, a custom Comparer should be used instead that defines
+// In many cases, a custom [Comparer] should be used instead that defines
// equality as a function of the public API of a type rather than the
underlying
// unexported implementation.
//
-// For example, the reflect.Type documentation defines equality to be
determined
+// For example, the [reflect.Type] documentation defines equality to be
determined
// by the == operator on the interface (essentially performing a shallow
pointer
-// comparison) and most attempts to compare *regexp.Regexp types are interested
+// comparison) and most attempts to compare *[regexp.Regexp] types are
interested
// in only checking that the regular expression strings are equal.
-// Both of these are accomplished using Comparers:
+// Both of these are accomplished using [Comparer] options:
//
// Comparer(func(x, y reflect.Type) bool { return x == y })
// Comparer(func(x, y *regexp.Regexp) bool { return x.String() ==
y.String() })
//
-// In other cases, the cmpopts.IgnoreUnexported option can be used to ignore
-// all unexported fields on specified struct types.
+// In other cases, the [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported]
+// option can be used to ignore all unexported fields on specified struct
types.
func Exporter(f func(reflect.Type) bool) Option {
- if !supportExporters {
- panic("Exporter is not supported on purego builds")
- }
return exporter(f)
}
@@ -415,10 +415,10 @@
panic("not implemented")
}
-// AllowUnexported returns an Options that allows Equal to forcibly introspect
+// AllowUnexported returns an [Option] that allows [Equal] to forcibly
introspect
// unexported fields of the specified struct types.
//
-// See Exporter for the proper use of this option.
+// See [Exporter] for the proper use of this option.
func AllowUnexported(types ...interface{}) Option {
m := make(map[reflect.Type]bool)
for _, typ := range types {
@@ -432,7 +432,7 @@
}
// Result represents the comparison result for a single node and
-// is provided by cmp when calling Report (see Reporter).
+// is provided by cmp when calling Report (see [Reporter]).
type Result struct {
_ [0]func() // Make Result incomparable
flags resultFlags
@@ -445,7 +445,7 @@
}
// ByIgnore reports whether the node is equal because it was ignored.
-// This never reports true if Equal reports false.
+// This never reports true if [Result.Equal] reports false.
func (r Result) ByIgnore() bool {
return r.flags&reportByIgnore != 0
}
@@ -455,7 +455,7 @@
return r.flags&reportByMethod != 0
}
-// ByFunc reports whether a Comparer function determined equality.
+// ByFunc reports whether a [Comparer] function determined equality.
func (r Result) ByFunc() bool {
return r.flags&reportByFunc != 0
}
@@ -478,7 +478,7 @@
reportByCycle
)
-// Reporter is an Option that can be passed to Equal. When Equal traverses
+// Reporter is an [Option] that can be passed to [Equal]. When [Equal]
traverses
// the value trees, it calls PushStep as it descends into each node in the
// tree and PopStep as it ascend out of the node. The leaves of the tree are
// either compared (determined to be equal or not equal) or ignored and
reported
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/google/go-cmp/cmp/path.go
new/vendor/github.com/google/go-cmp/cmp/path.go
--- old/vendor/github.com/google/go-cmp/cmp/path.go 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/google/go-cmp/cmp/path.go 2023-10-25
16:19:15.000000000 +0200
@@ -14,9 +14,9 @@
"github.com/google/go-cmp/cmp/internal/value"
)
-// Path is a list of PathSteps describing the sequence of operations to get
+// Path is a list of [PathStep] describing the sequence of operations to get
// from some root type to the current position in the value tree.
-// The first Path element is always an operation-less PathStep that exists
+// The first Path element is always an operation-less [PathStep] that exists
// simply to identify the initial type.
//
// When traversing structs with embedded structs, the embedded struct will
@@ -29,8 +29,13 @@
// a value's tree structure. Users of this package never need to implement
// these types as values of this type will be returned by this package.
//
-// Implementations of this interface are
-// StructField, SliceIndex, MapIndex, Indirect, TypeAssertion, and Transform.
+// Implementations of this interface:
+// - [StructField]
+// - [SliceIndex]
+// - [MapIndex]
+// - [Indirect]
+// - [TypeAssertion]
+// - [Transform]
type PathStep interface {
String() string
@@ -70,8 +75,9 @@
*pa = (*pa)[:len(*pa)-1]
}
-// Last returns the last PathStep in the Path.
-// If the path is empty, this returns a non-nil PathStep that reports a nil
Type.
+// Last returns the last [PathStep] in the Path.
+// If the path is empty, this returns a non-nil [PathStep]
+// that reports a nil [PathStep.Type].
func (pa Path) Last() PathStep {
return pa.Index(-1)
}
@@ -79,7 +85,8 @@
// Index returns the ith step in the Path and supports negative indexing.
// A negative index starts counting from the tail of the Path such that -1
// refers to the last step, -2 refers to the second-to-last step, and so on.
-// If index is invalid, this returns a non-nil PathStep that reports a nil
Type.
+// If index is invalid, this returns a non-nil [PathStep]
+// that reports a nil [PathStep.Type].
func (pa Path) Index(i int) PathStep {
if i < 0 {
i = len(pa) + i
@@ -168,7 +175,8 @@
return fmt.Sprintf("{%s}", s)
}
-// StructField represents a struct field access on a field called Name.
+// StructField is a [PathStep] that represents a struct field access
+// on a field called [StructField.Name].
type StructField struct{ *structField }
type structField struct {
pathStep
@@ -204,10 +212,11 @@
func (sf StructField) Name() string { return sf.name }
// Index is the index of the field in the parent struct type.
-// See reflect.Type.Field.
+// See [reflect.Type.Field].
func (sf StructField) Index() int { return sf.idx }
-// SliceIndex is an index operation on a slice or array at some index Key.
+// SliceIndex is a [PathStep] that represents an index operation on
+// a slice or array at some index [SliceIndex.Key].
type SliceIndex struct{ *sliceIndex }
type sliceIndex struct {
pathStep
@@ -247,12 +256,12 @@
// all of the indexes to be shifted. If an index is -1, then that
// indicates that the element does not exist in the associated slice.
//
-// Key is guaranteed to return -1 if and only if the indexes returned
-// by SplitKeys are not the same. SplitKeys will never return -1 for
+// [SliceIndex.Key] is guaranteed to return -1 if and only if the indexes
+// returned by SplitKeys are not the same. SplitKeys will never return -1 for
// both indexes.
func (si SliceIndex) SplitKeys() (ix, iy int) { return si.xkey, si.ykey }
-// MapIndex is an index operation on a map at some index Key.
+// MapIndex is a [PathStep] that represents an index operation on a map at
some index Key.
type MapIndex struct{ *mapIndex }
type mapIndex struct {
pathStep
@@ -266,7 +275,7 @@
// Key is the value of the map key.
func (mi MapIndex) Key() reflect.Value { return mi.key }
-// Indirect represents pointer indirection on the parent type.
+// Indirect is a [PathStep] that represents pointer indirection on the parent
type.
type Indirect struct{ *indirect }
type indirect struct {
pathStep
@@ -276,7 +285,7 @@
func (in Indirect) Values() (vx, vy reflect.Value) { return in.vx, in.vy }
func (in Indirect) String() string { return "*" }
-// TypeAssertion represents a type assertion on an interface.
+// TypeAssertion is a [PathStep] that represents a type assertion on an
interface.
type TypeAssertion struct{ *typeAssertion }
type typeAssertion struct {
pathStep
@@ -286,7 +295,8 @@
func (ta TypeAssertion) Values() (vx, vy reflect.Value) { return ta.vx, ta.vy }
func (ta TypeAssertion) String() string { return
fmt.Sprintf(".(%v)", value.TypeString(ta.typ, false)) }
-// Transform is a transformation from the parent type to the current type.
+// Transform is a [PathStep] that represents a transformation
+// from the parent type to the current type.
type Transform struct{ *transform }
type transform struct {
pathStep
@@ -297,13 +307,13 @@
func (tf Transform) Values() (vx, vy reflect.Value) { return tf.vx, tf.vy }
func (tf Transform) String() string { return
fmt.Sprintf("%s()", tf.trans.name) }
-// Name is the name of the Transformer.
+// Name is the name of the [Transformer].
func (tf Transform) Name() string { return tf.trans.name }
// Func is the function pointer to the transformer function.
func (tf Transform) Func() reflect.Value { return tf.trans.fnc }
-// Option returns the originally constructed Transformer option.
+// Option returns the originally constructed [Transformer] option.
// The == operator can be used to detect the exact option used.
func (tf Transform) Option() Option { return tf.trans }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/vendor/github.com/google/go-cmp/cmp/report_reflect.go
new/vendor/github.com/google/go-cmp/cmp/report_reflect.go
--- old/vendor/github.com/google/go-cmp/cmp/report_reflect.go 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/google/go-cmp/cmp/report_reflect.go 2023-10-25
16:19:15.000000000 +0200
@@ -199,7 +199,7 @@
break
}
sf := t.Field(i)
- if supportExporters && !isExported(sf.Name) {
+ if !isExported(sf.Name) {
vv = retrieveUnexportedField(v, sf, true)
}
s := opts.WithTypeMode(autoType).FormatValue(vv,
t.Kind(), ptrs)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/securego/gosec/v2/.golangci.yml
new/vendor/github.com/securego/gosec/v2/.golangci.yml
--- old/vendor/github.com/securego/gosec/v2/.golangci.yml 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/securego/gosec/v2/.golangci.yml 2023-10-25
16:19:16.000000000 +0200
@@ -36,6 +36,10 @@
- standard
- default
- prefix(github.com/securego)
+ revive:
+ rules:
+ - name: dot-imports
+ disabled: true
run:
timeout: 5m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/securego/gosec/v2/Makefile
new/vendor/github.com/securego/gosec/v2/Makefile
--- old/vendor/github.com/securego/gosec/v2/Makefile 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/securego/gosec/v2/Makefile 2023-10-25
16:19:16.000000000 +0200
@@ -32,7 +32,7 @@
go install golang.org/x/vuln/cmd/govulncheck@latest; \
fi
-test: install-test-deps build fmt vet sec govulncheck
+test: install-test-deps build-race fmt vet sec govulncheck
$(GINKGO) -v --fail-fast
fmt:
@@ -64,6 +64,9 @@
build:
go build -o $(BIN) ./cmd/gosec/
+build-race:
+ go build -race -o $(BIN) ./cmd/gosec/
+
clean:
rm -rf build vendor dist coverage.txt
rm -f release image $(BIN)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/securego/gosec/v2/README.md
new/vendor/github.com/securego/gosec/v2/README.md
--- old/vendor/github.com/securego/gosec/v2/README.md 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/securego/gosec/v2/README.md 2023-10-25
16:19:16.000000000 +0200
@@ -274,31 +274,33 @@
### Annotating code
-As with all automated detection tools, there will be cases of false positives.
In cases where gosec reports a failure that has been manually verified as being
safe,
+As with all automated detection tools, there will be cases of false positives.
+In cases where gosec reports a failure that has been manually verified as
being safe,
it is possible to annotate the code with a comment that starts with `#nosec`.
+
The `#nosec` comment should have the format `#nosec [RuleList] [--
Justification]`.
-The annotation causes gosec to stop processing any further nodes within the
-AST so can apply to a whole block or more granularly to a single expression.
+The `#nosec` comment needs to be placed on the line where the warning is
reported.
```go
-
-import "md5" //#nosec
-
-
-func main(){
-
- /* #nosec */
- if x > y {
- h := md5.New() // this will also be ignored
- }
-
+func main() {
+ tr := &http.Transport{
+ TLSClientConfig: &tls.Config{
+ InsecureSkipVerify: true, // #nosec G402
+ },
+ }
+
+ client := &http.Client{Transport: tr}
+ _, err := client.Get("https://golang.org/";)
+ if err != nil {
+ fmt.Println(err)
+ }
}
-
```
-When a specific false positive has been identified and verified as safe, you
may wish to suppress only that single rule (or a specific set of rules)
-within a section of code, while continuing to scan for other problems. To do
this, you can list the rule(s) to be suppressed within
+When a specific false positive has been identified and verified as safe, you
may
+wish to suppress only that single rule (or a specific set of rules) within a
section of code,
+while continuing to scan for other problems. To do this, you can list the
rule(s) to be suppressed within
the `#nosec` annotation, e.g: `/* #nosec G401 */` or `//#nosec G201 G202 G203`
You could put the description or justification text for the annotation. The
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/securego/gosec/v2/action.yml
new/vendor/github.com/securego/gosec/v2/action.yml
--- old/vendor/github.com/securego/gosec/v2/action.yml 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/securego/gosec/v2/action.yml 2023-10-25
16:19:16.000000000 +0200
@@ -10,7 +10,7 @@
runs:
using: 'docker'
- image: 'docker://securego/gosec:2.18.0'
+ image: 'docker://securego/gosec:2.18.1'
args:
- ${{ inputs.args }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/github.com/securego/gosec/v2/analyzer.go
new/vendor/github.com/securego/gosec/v2/analyzer.go
--- old/vendor/github.com/securego/gosec/v2/analyzer.go 2023-10-20
14:02:51.000000000 +0200
+++ new/vendor/github.com/securego/gosec/v2/analyzer.go 2023-10-25
16:19:16.000000000 +0200
@@ -57,10 +57,78 @@
var generatedCodePattern = regexp.MustCompile(`^// Code generated .* DO NOT
EDIT\.$`)
-// ignoreLocation keeps the location of an ignored rule
-type ignoreLocation struct {
- file string
- line string
+type ignore struct {
+ start int
+ end int
+ suppressions map[string][]issue.SuppressionInfo
+}
+
+type ignores map[string][]ignore
+
+func newIgnores() ignores {
+ return make(map[string][]ignore)
+}
+
+func (i ignores) parseLine(line string) (int, int) {
+ parts := strings.Split(line, "-")
+ start, err := strconv.Atoi(parts[0])
+ if err != nil {
+ start = 0
+ }
+ end := start
+ if len(parts) > 1 {
+ if e, err := strconv.Atoi(parts[1]); err == nil {
+ end = e
+ }
+ }
+ return start, end
+}
+
+func (i ignores) add(file string, line string, suppressions
map[string]issue.SuppressionInfo) {
+ is := []ignore{}
+ if _, ok := i[file]; ok {
+ is = i[file]
+ }
+ found := false
+ start, end := i.parseLine(line)
+ for _, ig := range is {
+ if ig.start <= start && ig.end >= end {
+ found = true
+ for r, s := range suppressions {
+ ss, ok := ig.suppressions[r]
+ if !ok {
+ ss = []issue.SuppressionInfo{}
+ }
+ ss = append(ss, s)
+ ig.suppressions[r] = ss
+ }
+ break
+ }
+ }
+ if !found {
+ ig := ignore{
+ start: start,
+ end: end,
+ suppressions: map[string][]issue.SuppressionInfo{},
+ }
+ for r, s := range suppressions {
+ ig.suppressions[r] = []issue.SuppressionInfo{s}
+ }
+ is = append(is, ig)
+ }
+ i[file] = is
+}
+
+func (i ignores) get(file string, line string)
map[string][]issue.SuppressionInfo {
+ start, end := i.parseLine(line)
+ if is, ok := i[file]; ok {
+ for _, i := range is {
+ if i.start <= start && i.end >= end {
+ return i.suppressions
+ }
+ }
+ }
+ return map[string][]issue.SuppressionInfo{}
}
// The Context is populated with data parsed from the source code as it is
scanned.
@@ -75,7 +143,7 @@
Root *ast.File
Imports *ImportTracker
Config Config
- Ignores map[ignoreLocation]map[string][]issue.SuppressionInfo
+ Ignores ignores
PassedValues map[string]interface{}
}
@@ -116,6 +184,7 @@
trackSuppressions bool
concurrency int
analyzerList []*analysis.Analyzer
+ mu sync.Mutex
}
// NewAnalyzer builds a new analyzer.
@@ -256,7 +325,9 @@
// step 1/3 create build context.
buildD := build.Default
// step 2/3: add build tags to get env dependent files into basePackage.
+ gosec.mu.Lock()
buildD.BuildTags = conf.BuildFlags
+ gosec.mu.Unlock()
basePackage, err := buildD.ImportDir(pkgPath, build.ImportComment)
if err != nil {
return []*packages.Package{}, fmt.Errorf("importing dir %q:
%w", pkgPath, err)
@@ -280,7 +351,9 @@
}
// step 3/3 remove build tags from conf to proceed build correctly.
+ gosec.mu.Lock()
conf.BuildFlags = nil
+ defer gosec.mu.Unlock()
pkgs, err := packages.Load(conf, packageFiles...)
if err != nil {
return []*packages.Package{}, fmt.Errorf("loading files from
package %q: %w", pkgPath, err)
@@ -318,6 +391,8 @@
gosec.context.PkgFiles = pkg.Syntax
gosec.context.Imports = NewImportTracker()
gosec.context.PassedValues = make(map[string]interface{})
+ gosec.context.Ignores = newIgnores()
+ gosec.updateIgnores()
ast.Walk(gosec, file)
gosec.stats.NumFiles++
gosec.stats.NumLines += pkg.Fset.File(file.Pos()).LineCount()
@@ -467,7 +542,12 @@
if groups, ok := gosec.context.Comments[n]; ok && !gosec.ignoreNosec {
// Checks if an alternative for #nosec is set and, if not, uses
the default.
- noSecDefaultTag := NoSecTag(string(Nosec))
+ noSecDefaultTag, err := gosec.config.GetGlobal(Nosec)
+ if err != nil {
+ noSecDefaultTag = NoSecTag(string(Nosec))
+ } else {
+ noSecDefaultTag = NoSecTag(noSecDefaultTag)
+ }
noSecAlternativeTag, err :=
gosec.config.GetGlobal(NoSecAlternative)
if err != nil {
noSecAlternativeTag = noSecDefaultTag
@@ -527,9 +607,6 @@
// Visit runs the gosec visitor logic over an AST created by parsing go code.
// Rule methods added with AddRule will be invoked as necessary.
func (gosec *Analyzer) Visit(n ast.Node) ast.Visitor {
- // Update any potentially ignored rules at the node location
- gosec.updateIgnoredRules(n)
-
// Using ast.File instead of ast.ImportSpec, so that we can track all
imports at once.
switch i := n.(type) {
case *ast.File:
@@ -548,40 +625,33 @@
return gosec
}
-func (gosec *Analyzer) updateIgnoredRules(n ast.Node) {
+func (gosec *Analyzer) updateIgnores() {
+ for n := range gosec.context.Comments {
+ gosec.updateIgnoredRulesForNode(n)
+ }
+}
+
+func (gosec *Analyzer) updateIgnoredRulesForNode(n ast.Node) {
ignoredRules := gosec.ignore(n)
if len(ignoredRules) > 0 {
if gosec.context.Ignores == nil {
- gosec.context.Ignores =
make(map[ignoreLocation]map[string][]issue.SuppressionInfo)
+ gosec.context.Ignores = newIgnores()
}
line := issue.GetLine(gosec.context.FileSet.File(n.Pos()), n)
- ignoreLocation := ignoreLocation{
- file: gosec.context.FileSet.File(n.Pos()).Name(),
- line: line,
- }
- current, ok := gosec.context.Ignores[ignoreLocation]
- if !ok {
- current = map[string][]issue.SuppressionInfo{}
- }
- for r, s := range ignoredRules {
- if current[r] == nil {
- current[r] = []issue.SuppressionInfo{}
- }
- current[r] = append(current[r], s)
- }
- gosec.context.Ignores[ignoreLocation] = current
+ gosec.context.Ignores.add(
+ gosec.context.FileSet.File(n.Pos()).Name(),
+ line,
+ ignoredRules,
+ )
}
}
func (gosec *Analyzer) getSuppressionsAtLineInFile(file string, line string,
id string) ([]issue.SuppressionInfo, bool) {
- ignores, ok := gosec.context.Ignores[ignoreLocation{file: file, line:
line}]
- if !ok {
- ignores = make(map[string][]issue.SuppressionInfo)
- }
+ ignoredRules := gosec.context.Ignores.get(file, line)
// Check if the rule was specifically suppressed at this location.
- generalSuppressions, generalIgnored := ignores[aliasOfAllRules]
- ruleSuppressions, ruleIgnored := ignores[id]
+ generalSuppressions, generalIgnored := ignoredRules[aliasOfAllRules]
+ ruleSuppressions, ruleIgnored := ignoredRules[id]
ignored := generalIgnored || ruleIgnored
suppressions := append(generalSuppressions, ruleSuppressions...)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor/modules.txt new/vendor/modules.txt
--- old/vendor/modules.txt 2023-10-20 14:02:51.000000000 +0200
+++ new/vendor/modules.txt 2023-10-25 16:19:16.000000000 +0200
@@ -239,13 +239,13 @@
# github.com/golangci/misspell v0.4.1
## explicit; go 1.19
github.com/golangci/misspell
-# github.com/golangci/revgrep v0.5.0
+# github.com/golangci/revgrep v0.5.2
## explicit; go 1.19
github.com/golangci/revgrep
# github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4
## explicit
github.com/golangci/unconvert
-# github.com/google/go-cmp v0.5.9
+# github.com/google/go-cmp v0.6.0
## explicit; go 1.13
github.com/google/go-cmp/cmp
github.com/google/go-cmp/cmp/internal/diff
@@ -504,7 +504,7 @@
## explicit; go 1.20
github.com/sashamelentyev/usestdlibvars/pkg/analyzer
github.com/sashamelentyev/usestdlibvars/pkg/analyzer/internal/mapping
-# github.com/securego/gosec/v2 v2.18.1
+# github.com/securego/gosec/v2 v2.18.2
## explicit; go 1.20
github.com/securego/gosec/v2
github.com/securego/gosec/v2/analyzers
