Skip to content

Fix gosec breakage #1021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
4 tasks done
kim-tsao opened this issue Feb 6, 2023 · 3 comments
Closed
4 tasks done

Fix gosec breakage #1021

kim-tsao opened this issue Feb 6, 2023 · 3 comments
Assignees
@michael-valdron @kim-tsao

Comments

@kim-tsao
Copy link
Contributor

kim-tsao commented Feb 6, 2023
edited by michael-valdron
Loading

Which area/kind this issue is related to?

/area ci

Issue Description

Pulling the latest gosec package breaks our CI. It looks like we may need to update to go 1.19 to fix this or if moving up poses a problem, lock it down to v2.14.0 package until we're ready to move up.

Run export PATH=$PATH:$(go env GOPATH)/bin
go: downloading github.com/securego/gosec v0.0.0-20200401082031-e946c8c39989
go: downloading github.com/securego/gosec/v2 v2.15.0
go: downloading golang.org/x/tools v0.5.0
go: downloading github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354
go: downloading github.com/google/uuid v1.3.0
go: downloading github.com/gookit/color v1.5.2
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading golang.org/x/sys v0.4.0
go: downloading github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778
go: downloading golang.org/x/mod v0.7.0
# github.com/securego/gosec/v2/rules
Error: ../../../go/pkg/mod/github.com/securego/gosec/[email protected]/rules/readfile.go:29:17: undefined: any
Error: ../../../go/pkg/mod/github.com/securego/gosec/[email protected]/rules/readfile.go:63:11: assignment mismatch: 2 variables but 1 value
Error: ../../../go/pkg/mod/github.com/securego/gosec/[email protected]/rules/readfile.go:135:19: undefined: any
note: module requires Go 1.19
Error: Process completed with exit code 2.

Affected repos:

  • api
  • library
  • registry-support
  • registry-operator

Target Odo version

Target Odo version:

Target Date: 03-03-2023
@michael-valdron
Copy link
Member

devfile/registry-support has the fix for this issue (#1020), other repositories need this fix.

@kim-tsao kim-tsao mentioned this issue Feb 13, 2023
Merged
5 tasks
This was referenced Feb 14, 2023
Merged
Merged
@michael-valdron
Copy link
Member

blocked by #1036

@michael-valdron
Copy link
Member

All gosec fixes have been merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michael-valdron michael-valdron

@kim-tsao kim-tsao

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michael-valdron @kim-tsao