-
Notifications
You must be signed in to change notification settings - Fork 883
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update go version to 1.18 #1363
Conversation
Signed-off-by: Jauder Ho <[email protected]>
Signed-off-by: Jauder Ho <[email protected]>
Codecov Report
@@ Coverage Diff @@
## main #1363 +/- ##
=======================================
Coverage 64.71% 64.71%
=======================================
Files 23 23
Lines 2293 2293
=======================================
Hits 1484 1484
Misses 712 712
Partials 97 97
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
using go 1.18, the `go get` command does no longer install golint. but since it's deprecated anyway, let's replace it with staticcheck
internal/actions/mocks/progress.go: - ineffective break statement. Did you mean to break out of the outer loop? (SA4011) - redundant break statement (S1023) pkg/container/client.go: - should omit comparison to bool constant, can be simplified to execInspect.Running (S1002) - error strings should not be capitalized (ST1005) pkg/container/errors.go: - var errorNoExposedPorts is unused (U1000) pkg/registry/auth/auth.go: - argument err is overwritten before first use (SA4009) - the argument is already a string, there's no need to use fmt.Sprintf (S1025) pkg/registry/trust.go: - error strings should not be capitalized (ST1005)
I am limiting this to only be the update to go v1.18, as it had some cascading consequences and dependabot already has a PR for the prometheus dependency: #1365 |
Code coverage is low in lint-fixed areas, not something this PR should address. Force merging. |
While scanning a locally built copy of watchtower using Trivy, the container showed
CVE-2022-21698
as being flagged as an issue. Upon investigation, this turns out to begithub.aaakk.us.kg/prometheus/client_golang
not being v1.11 or newer.I also noticed that go.mod is set to 1.12 so bumped that up to the lowest current supported version: 1.18 using
go get -u all && go mod tidy
This resulted in the following modules versions being updated:
I have built a test image which can be pulled using
docker pull jauderho/watchtower:git
. My initial testing does not show any issues.