From 89da4fb5dba5387251a729a1b12df753acbebaa4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 09:27:57 -0500 Subject: [PATCH] chore(deps): Bump sigs.k8s.io/release-utils from 0.8.4 to 0.8.5 (#1622) * chore(deps): Bump sigs.k8s.io/release-utils from 0.8.4 to 0.8.5 Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.8.4 to 0.8.5. - [Release notes](https://github.com/kubernetes-sigs/release-utils/releases) - [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.8.4...v0.8.5) --- updated-dependencies: - dependency-name: sigs.k8s.io/release-utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * move to go 1.23 Signed-off-by: Bob Callaway * move to golangci-lint 1.61 Signed-off-by: Bob Callaway * fix lint errors Signed-off-by: Bob Callaway --------- Signed-off-by: dependabot[bot] Signed-off-by: Bob Callaway Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bob Callaway --- .github/workflows/tests.yaml | 2 +- Makefile | 2 +- cmd/api-docs/main.go | 2 +- go.mod | 6 ++++-- go.sum | 4 ++-- pkg/tuf/repo.go | 10 ++++++++-- pkg/webhook/validator.go | 2 +- 7 files changed, 18 insertions(+), 10 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 52a5e1b8e..b249cd95d 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -92,5 +92,5 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: - version: v1.59 + version: v1.61 args: --timeout=15m diff --git a/Makefile b/Makefile index 0436204c6..394a43d78 100644 --- a/Makefile +++ b/Makefile @@ -105,7 +105,7 @@ local-dev: golangci-lint: rm -f $(GOLANGCI_LINT_BIN) || : set -e ;\ - GOBIN=$(GOLANGCI_LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.59.1 ;\ + GOBIN=$(GOLANGCI_LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.61.0 ;\ lint: golangci-lint ## Run golangci-lint linter $(GOLANGCI_LINT_BIN) run -n diff --git a/cmd/api-docs/main.go b/cmd/api-docs/main.go index 2eefb7e79..6264777f5 100644 --- a/cmd/api-docs/main.go +++ b/cmd/api-docs/main.go @@ -165,7 +165,7 @@ func astFrom(filePath string) *doc.Package { } m[filePath] = f - apkg, _ := ast.NewPackage(fset, m, nil, nil) //nolint:errcheck + apkg, _ := ast.NewPackage(fset, m, nil, nil) //nolint:staticcheck return doc.New(apkg, "", 0) } diff --git a/go.mod b/go.mod index e232c8c15..04b1cd8e1 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module github.com/sigstore/policy-controller -go 1.22.6 +go 1.23 + +toolchain go1.23.1 require ( github.com/aws/aws-sdk-go v1.55.5 @@ -47,7 +49,7 @@ require ( k8s.io/code-generator v0.31.0 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 knative.dev/hack v0.0.0-20240111013919-e89096d74d85 - sigs.k8s.io/release-utils v0.8.4 + sigs.k8s.io/release-utils v0.8.5 sigs.k8s.io/yaml v1.4.0 ) diff --git a/go.sum b/go.sum index 1c7db62c8..ccf1d7586 100644 --- a/go.sum +++ b/go.sum @@ -1333,8 +1333,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/release-utils v0.8.4 h1:4QVr3UgbyY/d9p74LBhg0njSVQofUsAZqYOzVZBhdBw= -sigs.k8s.io/release-utils v0.8.4/go.mod h1:m1bHfscTemQp+z+pLCZnkXih9n0+WukIUU70n6nFnU0= +sigs.k8s.io/release-utils v0.8.5 h1:FUtFqEAN621gSXv0L7kHyWruBeS7TUU9aWf76olX7uQ= +sigs.k8s.io/release-utils v0.8.5/go.mod h1:qsm5bdxdgoHkD8HsXpgme2/c3mdsNaiV53Sz2HmKeJA= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/pkg/tuf/repo.go b/pkg/tuf/repo.go index 6fb029642..0b31c49d3 100644 --- a/pkg/tuf/repo.go +++ b/pkg/tuf/repo.go @@ -129,7 +129,10 @@ func Uncompress(src io.Reader, dst string) error { } // Write out files case tar.TypeReg: - fileToWrite, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode)) + if header.Mode < 0 && int64(uint32(header.Mode)) != header.Mode { //nolint:gosec // disable G115 + return errors.New("invalid mode value in tar header") + } + fileToWrite, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode)) //nolint:gosec // disable G115 if err != nil { return err } @@ -213,9 +216,12 @@ func UncompressMemFS(src io.Reader, stripPrefix string) (fs.FS, error) { if err != nil && err != io.EOF { return nil, fmt.Errorf("reading file %s : %w", header.Name, err) } + if header.Mode < 0 && int64(uint32(header.Mode)) != header.Mode { //nolint:gosec // disable G115 + return nil, errors.New("invalid mode value in tar header") + } testFS[target] = &fstest.MapFile{ Data: data, - Mode: os.FileMode(header.Mode), + Mode: os.FileMode(header.Mode), //nolint:gosec // disable G115 ModTime: header.ModTime, } } diff --git a/pkg/webhook/validator.go b/pkg/webhook/validator.go index 02a46b6c3..73cd6999d 100644 --- a/pkg/webhook/validator.go +++ b/pkg/webhook/validator.go @@ -517,7 +517,7 @@ func ValidatePolicy(ctx context.Context, namespace string, ref name.Reference, c switch { case authority.Static != nil: if authority.Static.Action == "fail" { - result.err = cosign.NewVerificationError("disallowed by static policy: " + authority.Static.Message) + result.err = cosign.NewVerificationError("disallowed by static policy: %s", authority.Static.Message) results <- result return }