From 9f3040283e7b1b1442b2700bf7a08157e67d805e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 15:45:53 +0000 Subject: [PATCH 1/2] Bump step-security/harden-runner from 2.15.0 to 2.15.1 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.15.0 to 2.15.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...58077d3c7e43986b6b15fba718e8ea69e387dfcc) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.15.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/compliance.yml | 6 +++--- .github/workflows/dependency-review.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/security.yml | 6 +++--- .github/workflows/test.yml | 8 ++++---- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8875bb3..008281c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -64,7 +64,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml index b2d8dd5..7acffc3 100644 --- a/.github/workflows/compliance.yml +++ b/.github/workflows/compliance.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit @@ -46,7 +46,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit @@ -122,7 +122,7 @@ jobs: pull-requests: read steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 6a7b4e6..1b76a2a 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 30ab0ff..71860dc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit @@ -59,7 +59,7 @@ jobs: hashBase64File: ${{ steps.hashes.outputs.handle }} steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 721072a..850656e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index c4c2595..d239291 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -22,7 +22,7 @@ jobs: security-events: write steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit @@ -49,7 +49,7 @@ jobs: security-events: write steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit @@ -77,7 +77,7 @@ jobs: security-events: write steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3aebadd..33d979c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit @@ -68,7 +68,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 + uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 with: egress-policy: audit @@ -106,7 +106,7 @@ jobs: # runs-on: ubuntu-latest # steps: # - name: Harden Runner -# uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0 +# uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 # with: # egress-policy: audit # From 6d29dc777eeb054153a0f8aa37f32cc4983bd2a7 Mon Sep 17 00:00:00 2001 From: Alexander Adam Date: Thu, 12 Mar 2026 21:50:21 +0100 Subject: [PATCH 2/2] Refactor code to remove unnecessary `//nolint:gosec` comments, update variable names for clarity, and adjust linter configurations. Signed-off-by: Alexander Adam --- .golangci.yaml | 8 ++++++-- examples/logo_embed/main_test.go | 1 + examples/logo_file/main_test.go | 1 + examples/logo_owndata/main_test.go | 1 + examples/logo_simple/main_test.go | 1 + geany.go | 2 +- geany_test.go | 18 ++++++++++-------- 7 files changed, 21 insertions(+), 11 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 37a0d92..683a232 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -15,11 +15,9 @@ linters: disable: - exhaustruct - - forbidigo - noinlineerr - nonamedreturns - wsl - - wsl_v5 exclusions: warn-unused: true @@ -94,6 +92,12 @@ linters: multi-if: true multi-func: true + wsl_v5: + disable: + - decl + - err + - leading-whitespace + issues: max-issues-per-linter: 0 max-same-issues: 0 \ No newline at end of file diff --git a/examples/logo_embed/main_test.go b/examples/logo_embed/main_test.go index c5c0339..e3a3057 100644 --- a/examples/logo_embed/main_test.go +++ b/examples/logo_embed/main_test.go @@ -10,5 +10,6 @@ import ( func TestMainGood( /* t */ *testing.T) { os.Args = []string{"main"} + main() } diff --git a/examples/logo_file/main_test.go b/examples/logo_file/main_test.go index c5c0339..e3a3057 100644 --- a/examples/logo_file/main_test.go +++ b/examples/logo_file/main_test.go @@ -10,5 +10,6 @@ import ( func TestMainGood( /* t */ *testing.T) { os.Args = []string{"main"} + main() } diff --git a/examples/logo_owndata/main_test.go b/examples/logo_owndata/main_test.go index c5c0339..e3a3057 100644 --- a/examples/logo_owndata/main_test.go +++ b/examples/logo_owndata/main_test.go @@ -10,5 +10,6 @@ import ( func TestMainGood( /* t */ *testing.T) { os.Args = []string{"main"} + main() } diff --git a/examples/logo_simple/main_test.go b/examples/logo_simple/main_test.go index c5c0339..e3a3057 100644 --- a/examples/logo_simple/main_test.go +++ b/examples/logo_simple/main_test.go @@ -10,5 +10,6 @@ import ( func TestMainGood( /* t */ *testing.T) { os.Args = []string{"main"} + main() } diff --git a/geany.go b/geany.go index 3e8d4ee..6ccb1d1 100644 --- a/geany.go +++ b/geany.go @@ -82,7 +82,7 @@ func PrintSimpleWriter(writer io.Writer, values any) error { // normally we have the program's name given as the first argument if len(os.Args) > 0 && os.Args[0] != "" { - if _, err := fmt.Fprintf(writer, "%s\n", os.Args[0]); err != nil { //nolint:gosec // nothing wrong here + if _, err := fmt.Fprintf(writer, "%s\n", os.Args[0]); err != nil { return fmt.Errorf("could not write program name: %w", err) } } diff --git a/geany_test.go b/geany_test.go index 6dcec69..d143ce8 100644 --- a/geany_test.go +++ b/geany_test.go @@ -21,7 +21,7 @@ func TestPrintLogo(t *testing.T) { require.NoError(t, fErr) - defer func() { assert.NoError(t, os.Remove(tempFile.Name())) }() //nolint:gosec + defer func() { assert.NoError(t, os.Remove(tempFile.Name())) }() save := os.Stdout os.Stdout = tempFile @@ -38,7 +38,7 @@ func TestPrintLogo(t *testing.T) { assert.True(t, ok, "build info not found in debug.ReadBuildInfo") - target, targetErr := os.ReadFile(tempFile.Name()) //nolint:gosec + target, targetErr := os.ReadFile(tempFile.Name()) require.NoError(t, targetErr) assert.Equal(t, string(target), "Logo "+buildInfo.GoVersion+"\n", "Logo does not contain go version") @@ -50,7 +50,7 @@ func TestPrintSimple(t *testing.T) { require.NoError(t, fErr) - defer func() { assert.NoError(t, os.Remove(tempFile.Name())) }() //nolint:gosec + defer func() { assert.NoError(t, os.Remove(tempFile.Name())) }() save := os.Stdout os.Stdout = tempFile @@ -64,7 +64,7 @@ func TestPrintSimple(t *testing.T) { assert.True(t, ok, "build info not found in debug.ReadBuildInfo") - target, targetErr := os.ReadFile(tempFile.Name()) //nolint:gosec + target, targetErr := os.ReadFile(tempFile.Name()) require.NoError(t, targetErr) assert.Contains(t, string(target), `"GoVersion": "`+buildInfo.GoVersion+`"`) @@ -79,7 +79,7 @@ type BrokenNIO struct { To int } -func (b *BrokenNIO) Read(in []byte) (n int, err error) { +func (b *BrokenNIO) Read(input []byte) (n int, err error) { if (b.cnt >= b.From || b.From == 0) && (b.cnt < b.To || b.To == 0) { @@ -87,12 +87,13 @@ func (b *BrokenNIO) Read(in []byte) (n int, err error) { return 0, errors.New("broken reader") } + b.cnt++ - return len(in), nil + return len(input), nil } -func (b *BrokenNIO) Write(in []byte) (n int, err error) { +func (b *BrokenNIO) Write(input []byte) (n int, err error) { if (b.cnt >= b.From || b.From == 0) && (b.cnt < b.To || b.To == 0) { @@ -100,9 +101,10 @@ func (b *BrokenNIO) Write(in []byte) (n int, err error) { return 0, errors.New("broken writer") } + b.cnt++ - return len(in), nil + return len(input), nil } func TestBrokenLogoWriter(t *testing.T) {