vmware-tanzu · joshuatcasey · Sep 10, 2024 · Sep 10, 2024 · Sep 10, 2024
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -43,7 +43,7 @@ linters:
     - whitespace
     - copyloopvar
     - intrange
-    - fatcontext
+    # - fatcontext Starting in go@1.23.1 and golangci-lint@1.61.0 this gave a lot of false positives
     # - canonicalheader Can't do this one since it alerts on valid headers such as X-XSS-Protection
     - spancheck
     - importas

diff --git a/Dockerfile b/Dockerfile
@@ -3,7 +3,7 @@
 # Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
-ARG BUILD_IMAGE=golang:1.23.0@sha256:1a6db32ea47a4910759d5bcbabeb8a8b42658e311bd8348ea4763735447c636c
+ARG BUILD_IMAGE=golang:1.23.1@sha256:4a3c2bcd243d3dbb7b15237eecb0792db3614900037998c2cd6a579c46888c1e
 ARG BASE_IMAGE=gcr.io/distroless/static:nonroot@sha256:8dd8d3ca2cf283383304fd45a5c9c74d5f2cd9da8d3b077d720e264880077c65
 
 # Prepare to cross-compile by always running the build stage in the build platform, not the target platform.

diff --git a/generated/1.30/apis/go.mod b/generated/1.30/apis/go.mod
diff --git a/generated/1.30/client/go.mod b/generated/1.30/client/go.mod
diff --git a/generated/1.31/apis/go.mod b/generated/1.31/apis/go.mod
diff --git a/generated/1.31/client/go.mod b/generated/1.31/client/go.mod
diff --git a/go.mod b/go.mod
@@ -2,7 +2,7 @@ module go.pinniped.dev
 
 go 1.22.0
 
-toolchain go1.23.0
+toolchain go1.23.1
 
 // This version taken from https://github.com/kubernetes/apiserver/blob/v0.31.0/go.mod#L14 to avoid compile failures.
 replace github.com/google/cel-go => github.com/google/cel-go v0.20.1
@@ -67,8 +67,8 @@ require (
 	github.com/tdewolff/minify/v2 v2.20.37
 	go.uber.org/mock v0.4.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/crypto v0.26.0
-	golang.org/x/net v0.28.0
+	golang.org/x/crypto v0.27.0
+	golang.org/x/net v0.29.0
 	golang.org/x/oauth2 v0.23.0
 	golang.org/x/sync v0.8.0
 	golang.org/x/term v0.24.0

diff --git a/go.sum b/go.sum
@@ -679,8 +679,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -765,8 +765,8 @@ golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
+golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

diff --git a/hack/Dockerfile_fips b/hack/Dockerfile_fips
@@ -16,7 +16,7 @@
 # See https://go.googlesource.com/go/+/dev.boringcrypto/README.boringcrypto.md
 # and https://kupczynski.info/posts/fips-golang/ for details.
 
-ARG BUILD_IMAGE=golang:1.23.0@sha256:1a6db32ea47a4910759d5bcbabeb8a8b42658e311bd8348ea4763735447c636c
+ARG BUILD_IMAGE=golang:1.23.1@sha256:4a3c2bcd243d3dbb7b15237eecb0792db3614900037998c2cd6a579c46888c1e
 ARG BASE_IMAGE=gcr.io/distroless/static:nonroot@sha256:8dd8d3ca2cf283383304fd45a5c9c74d5f2cd9da8d3b077d720e264880077c65
 
 # This is not currently using --platform to prepare to cross-compile because we use gcc below to build

diff --git a/hack/lib/lint-version.txt b/hack/lib/lint-version.txt
@@ -1 +1 @@
-1.60.3
+1.61.0
diff --git a/hack/update-go-mod/go.mod b/hack/update-go-mod/go.mod
@@ -2,6 +2,6 @@ module go.pinniped.dev/update-go-mod
 
 go 1.22.0
 
-toolchain go1.23.0
+toolchain go1.23.1
 
 require golang.org/x/mod v0.21.0
diff --git a/internal/net/phttp/warning.go b/internal/net/phttp/warning.go
@@ -40,7 +40,6 @@ func getWarningHandler() rest.WarningHandler {
 	// the client-go rest.WarningHandlers all log warnings with non-empty message and code=299, agent is ignored
 
 	// no deduplication or color output when running from a non-terminal such as a pod
-	//nolint:gosec // this is an int, cast to uintptr, cast back to int
 	if isTerm := term.IsTerminal(int(os.Stderr.Fd())); !isTerm {
 		return rest.WarningLogger{}
 	}

diff --git a/internal/upstreamoidc/upstreamoidc_test.go b/internal/upstreamoidc/upstreamoidc_test.go
@@ -1461,7 +1461,7 @@ func forceUserInfoWithClaims(subject string, claims string) *coreosoidc.UserInfo
 
 	// this is some dark magic to set a private field
 	claimsField := reflect.ValueOf(userInfo).Elem().FieldByName("claims")
-	claimsPointer := (*[]byte)(unsafe.Pointer(claimsField.UnsafeAddr())) //nolint:gosec // this is a test hack we are willing to live with
+	claimsPointer := (*[]byte)(unsafe.Pointer(claimsField.UnsafeAddr()))
 	*claimsPointer = []byte(claims)
 
 	return userInfo

diff --git a/pkg/oidcclient/login.go b/pkg/oidcclient/login.go
@@ -75,7 +75,7 @@
 )
 
 // stdin returns the file descriptor for stdin as an int.
-func stdin() int { return int(os.Stdin.Fd()) } //nolint:gosec // this is an int, cast to uintptr, cast back to int
+func stdin() int { return int(os.Stdin.Fd()) }
 
 type handlerState struct {
 	// Basic parameters.

diff --git a/test/integration/main_test.go b/test/integration/main_test.go
@@ -28,7 +28,7 @@ func TestMain(m *testing.M) {
 func splitIntegrationTestsIntoBuckets(m *testing.M) {
 	// this is some dark magic to set a private field
 	testsField := reflect.ValueOf(m).Elem().FieldByName("tests")
-	testsPointer := (*[]testing.InternalTest)(unsafe.Pointer(testsField.UnsafeAddr())) //nolint:gosec // this is a test hack we are willing to live with
+	testsPointer := (*[]testing.InternalTest)(unsafe.Pointer(testsField.UnsafeAddr()))
 
 	tests := *testsPointer