diff --git a/.golangci.yaml b/.golangci.yaml index 17f6903bc..ebb6b2576 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -43,7 +43,7 @@ linters: - whitespace - copyloopvar - intrange - - fatcontext + # - fatcontext Starting in go@1.23.1 and golangci-lint@1.61.0 this gave a lot of false positives # - canonicalheader Can't do this one since it alerts on valid headers such as X-XSS-Protection - spancheck - importas diff --git a/Dockerfile b/Dockerfile index 8e85acbe9..0478583ec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -ARG BUILD_IMAGE=golang:1.23.0@sha256:1a6db32ea47a4910759d5bcbabeb8a8b42658e311bd8348ea4763735447c636c +ARG BUILD_IMAGE=golang:1.23.1@sha256:4a3c2bcd243d3dbb7b15237eecb0792db3614900037998c2cd6a579c46888c1e ARG BASE_IMAGE=gcr.io/distroless/static:nonroot@sha256:8dd8d3ca2cf283383304fd45a5c9c74d5f2cd9da8d3b077d720e264880077c65 # Prepare to cross-compile by always running the build stage in the build platform, not the target platform. diff --git a/generated/1.30/apis/go.mod b/generated/1.30/apis/go.mod index c7a671949..db9b18318 100644 --- a/generated/1.30/apis/go.mod +++ b/generated/1.30/apis/go.mod @@ -3,7 +3,7 @@ module go.pinniped.dev/generated/1.30/apis go 1.22.0 -toolchain go1.23.0 +toolchain go1.23.1 require ( k8s.io/api v0.30.4 diff --git a/generated/1.30/client/go.mod b/generated/1.30/client/go.mod index 77efe4db1..14ab8ba03 100644 --- a/generated/1.30/client/go.mod +++ b/generated/1.30/client/go.mod @@ -3,7 +3,7 @@ module go.pinniped.dev/generated/1.30/client go 1.22.0 -toolchain go1.23.0 +toolchain go1.23.1 replace go.pinniped.dev/generated/1.30/apis => ../apis diff --git a/generated/1.31/apis/go.mod b/generated/1.31/apis/go.mod index e242910a0..959dbd92b 100644 --- a/generated/1.31/apis/go.mod +++ b/generated/1.31/apis/go.mod @@ -3,7 +3,7 @@ module go.pinniped.dev/generated/1.31/apis go 1.22.0 -toolchain go1.23.0 +toolchain go1.23.1 require ( k8s.io/api v0.31.0 diff --git a/generated/1.31/client/go.mod b/generated/1.31/client/go.mod index d98351795..9b317a57a 100644 --- a/generated/1.31/client/go.mod +++ b/generated/1.31/client/go.mod @@ -3,7 +3,7 @@ module go.pinniped.dev/generated/1.31/client go 1.22.0 -toolchain go1.23.0 +toolchain go1.23.1 replace go.pinniped.dev/generated/1.31/apis => ../apis diff --git a/go.mod b/go.mod index abf19bc7e..8bb0c678f 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module go.pinniped.dev go 1.22.0 -toolchain go1.23.0 +toolchain go1.23.1 // This version taken from https://github.com/kubernetes/apiserver/blob/v0.31.0/go.mod#L14 to avoid compile failures. replace github.com/google/cel-go => github.com/google/cel-go v0.20.1 @@ -67,8 +67,8 @@ require ( github.com/tdewolff/minify/v2 v2.20.37 go.uber.org/mock v0.4.0 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.26.0 - golang.org/x/net v0.28.0 + golang.org/x/crypto v0.27.0 + golang.org/x/net v0.29.0 golang.org/x/oauth2 v0.23.0 golang.org/x/sync v0.8.0 golang.org/x/term v0.24.0 diff --git a/go.sum b/go.sum index c7035ddfa..fde44da0b 100644 --- a/go.sum +++ b/go.sum @@ -679,8 +679,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -765,8 +765,8 @@ golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/hack/Dockerfile_fips b/hack/Dockerfile_fips index 51e3c9f1d..d5a6c6563 100644 --- a/hack/Dockerfile_fips +++ b/hack/Dockerfile_fips @@ -16,7 +16,7 @@ # See https://go.googlesource.com/go/+/dev.boringcrypto/README.boringcrypto.md # and https://kupczynski.info/posts/fips-golang/ for details. -ARG BUILD_IMAGE=golang:1.23.0@sha256:1a6db32ea47a4910759d5bcbabeb8a8b42658e311bd8348ea4763735447c636c +ARG BUILD_IMAGE=golang:1.23.1@sha256:4a3c2bcd243d3dbb7b15237eecb0792db3614900037998c2cd6a579c46888c1e ARG BASE_IMAGE=gcr.io/distroless/static:nonroot@sha256:8dd8d3ca2cf283383304fd45a5c9c74d5f2cd9da8d3b077d720e264880077c65 # This is not currently using --platform to prepare to cross-compile because we use gcc below to build diff --git a/hack/lib/lint-version.txt b/hack/lib/lint-version.txt index 8f16209d1..91951fd8a 100644 --- a/hack/lib/lint-version.txt +++ b/hack/lib/lint-version.txt @@ -1 +1 @@ -1.60.3 +1.61.0 diff --git a/hack/update-go-mod/go.mod b/hack/update-go-mod/go.mod index 4d27e88ff..f5ec57ce6 100644 --- a/hack/update-go-mod/go.mod +++ b/hack/update-go-mod/go.mod @@ -2,6 +2,6 @@ module go.pinniped.dev/update-go-mod go 1.22.0 -toolchain go1.23.0 +toolchain go1.23.1 require golang.org/x/mod v0.21.0 diff --git a/internal/net/phttp/warning.go b/internal/net/phttp/warning.go index 5cde35102..a7c16f0c6 100644 --- a/internal/net/phttp/warning.go +++ b/internal/net/phttp/warning.go @@ -40,7 +40,6 @@ func getWarningHandler() rest.WarningHandler { // the client-go rest.WarningHandlers all log warnings with non-empty message and code=299, agent is ignored // no deduplication or color output when running from a non-terminal such as a pod - //nolint:gosec // this is an int, cast to uintptr, cast back to int if isTerm := term.IsTerminal(int(os.Stderr.Fd())); !isTerm { return rest.WarningLogger{} } diff --git a/internal/upstreamoidc/upstreamoidc_test.go b/internal/upstreamoidc/upstreamoidc_test.go index fbbe156bb..762e09de2 100644 --- a/internal/upstreamoidc/upstreamoidc_test.go +++ b/internal/upstreamoidc/upstreamoidc_test.go @@ -1461,7 +1461,7 @@ func forceUserInfoWithClaims(subject string, claims string) *coreosoidc.UserInfo // this is some dark magic to set a private field claimsField := reflect.ValueOf(userInfo).Elem().FieldByName("claims") - claimsPointer := (*[]byte)(unsafe.Pointer(claimsField.UnsafeAddr())) //nolint:gosec // this is a test hack we are willing to live with + claimsPointer := (*[]byte)(unsafe.Pointer(claimsField.UnsafeAddr())) *claimsPointer = []byte(claims) return userInfo diff --git a/pkg/oidcclient/login.go b/pkg/oidcclient/login.go index 53267d6c2..f1b7e6d71 100644 --- a/pkg/oidcclient/login.go +++ b/pkg/oidcclient/login.go @@ -75,7 +75,7 @@ const ( ) // stdin returns the file descriptor for stdin as an int. -func stdin() int { return int(os.Stdin.Fd()) } //nolint:gosec // this is an int, cast to uintptr, cast back to int +func stdin() int { return int(os.Stdin.Fd()) } type handlerState struct { // Basic parameters. diff --git a/test/integration/main_test.go b/test/integration/main_test.go index d28e3527b..f3b5992aa 100644 --- a/test/integration/main_test.go +++ b/test/integration/main_test.go @@ -28,7 +28,7 @@ func TestMain(m *testing.M) { func splitIntegrationTestsIntoBuckets(m *testing.M) { // this is some dark magic to set a private field testsField := reflect.ValueOf(m).Elem().FieldByName("tests") - testsPointer := (*[]testing.InternalTest)(unsafe.Pointer(testsField.UnsafeAddr())) //nolint:gosec // this is a test hack we are willing to live with + testsPointer := (*[]testing.InternalTest)(unsafe.Pointer(testsField.UnsafeAddr())) tests := *testsPointer