.github/workflows/build.yml

@@ -25,18 +25,7 @@ jobs:
           name: gomplate
           path: bin/gomplate
       - name: make test
-        run: |
-          [ -n "$CC_TEST_REPORTER_ID" ] && cc-test-reporter before-build
-          make test
-          EXIT_CODE=$?
-
-          if [ -n "$CC_TEST_REPORTER_ID" ]; then
-            # workaround from https://github.com/codeclimate/test-reporter/issues/378
-            export PREFIX=$(go list -m)
-            cc-test-reporter after-build -t gocov -p $PREFIX --exit-code $EXIT_CODE
-          fi
-        env:
-          CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
+        run: make test
       - run: make integration
   windows-build:
     runs-on: windows-latest

.github/workflows/image-scan.yml

@@ -14,7 +14,7 @@ jobs:
       DOCKER_BUILDKIT: 1
       DOCKER_CLI_EXPERIMENTAL: enabled
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Quick build (linux/alpine only)
       run: |
         docker build --target gomplate-alpine -t gomplate .
@@ -33,12 +33,17 @@ jobs:
         image-ref: gomplate
         format: sarif
         output: trivy-results.sarif
-        exit-code: 1
+        # exit-code: 1
         ignore-unfixed: true
         vuln-type: os,library
-        severity: CRITICAL,HIGH
+        # The SARIF format ignores severity and uploads all vulnerabilities for
+        # later triage. The table-format step above is used to fail the build if
+        # there are any critical or high vulnerabilities.
+        # See https://github.com/aquasecurity/trivy-action/issues/95
+        # severity: 'CRITICAL,HIGH'
+        trivyignores: .trivyignore
     - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: 'trivy-results.sarif'
       if: always() && github.repository == 'hairyhenderson/gomplate'

.golangci.yml

@@ -1,9 +1,6 @@
 linters-settings:
   govet:
-    check-shadowing: true
     enable-all: true
-  golint:
-    min-confidence: 0
   gocyclo:
     min-complexity: 10
   dupl:
@@ -15,7 +12,6 @@ linters-settings:
   lll:
     line-length: 140
   nolintlint:
-    allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space)
     allow-unused: false # report any unused nolint directives
     require-explanation: false # don't require an explanation for nolint directives
     require-specific: false # don't require nolint directives to be specific about which linter is being skipped

.trivyignore

@@ -1,4 +0,0 @@
-# Ignoring CVE-2022-0778 as it's mostly covered by Alpine 3.15.1, except for
-# libretls, which isn't used at all. Should be able to remove this when 3.15.2
-# is out.
-CVE-2022-0778

data/data_test.go

@@ -57,7 +57,7 @@ escaped: "\"\/\\\b\f\n\r\t\u221e"
 `))
 
 	obj := make(map[string]interface{})
-	_, err := unmarshalObj(obj, "SOMETHING", func(in []byte, out interface{}) error {
+	_, err := unmarshalObj(obj, "SOMETHING", func(_ []byte, _ interface{}) error {
 		return errors.New("fail")
 	})
 	assert.EqualError(t, err, "Unable to unmarshal object SOMETHING: fail")
@@ -139,20 +139,20 @@ this shouldn't be reached
 		actual)
 
 	obj := make([]interface{}, 1)
-	_, err = unmarshalArray(obj, "SOMETHING", func(in []byte, out interface{}) error {
+	_, err = unmarshalArray(obj, "SOMETHING", func(_ []byte, _ interface{}) error {
 		return errors.New("fail")
 	})
 	assert.EqualError(t, err, "Unable to unmarshal array SOMETHING: fail")
 }
 
 func TestMarshalObj(t *testing.T) {
 	expected := "foo"
-	actual, err := marshalObj(nil, func(in interface{}) ([]byte, error) {
+	actual, err := marshalObj(nil, func(_ interface{}) ([]byte, error) {
 		return []byte("foo"), nil
 	})
 	assert.NoError(t, err)
 	assert.Equal(t, expected, actual)
-	_, err = marshalObj(nil, func(in interface{}) ([]byte, error) {
+	_, err = marshalObj(nil, func(_ interface{}) ([]byte, error) {
 		return nil, errors.New("fail")
 	})
 	assert.Error(t, err)

data/datasource_http_test.go

@@ -33,7 +33,7 @@ func setupHTTP(code int, mimetype string, body string) (*httptest.Server, *http.
 
 	client := &http.Client{
 		Transport: &http.Transport{
-			Proxy: func(req *http.Request) (*url.URL, error) {
+			Proxy: func(_ *http.Request) (*url.URL, error) {
 				return url.Parse(server.URL)
 			},
 		},

funcs/file.go

@@ -70,7 +70,7 @@ func (f *FileFuncs) ReadDir(path interface{}) ([]string, error) {
 // Walk -
 func (f *FileFuncs) Walk(path interface{}) ([]string, error) {
 	files := make([]string, 0)
-	err := afero.Walk(f.fs, conv.ToString(path), func(subpath string, finfo os.FileInfo, err error) error {
+	err := afero.Walk(f.fs, conv.ToString(path), func(subpath string, _ os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}

go.mod

@@ -1,6 +1,8 @@
 module github.com/hairyhenderson/gomplate/v3
 
-go 1.19
+go 1.21
+
+toolchain go1.22.3
 
 require (
 	github.com/Masterminds/goutils v1.1.1
@@ -27,12 +29,12 @@ require (
 	github.com/stretchr/testify v1.8.4
 	github.com/ugorji/go/codec v1.2.7
 	github.com/zealic/xignore v0.3.3
-	go.etcd.io/bbolt v1.3.6
+	go.etcd.io/bbolt v1.3.10
 	gocloud.dev v0.25.1-0.20220408200107-09b10f7359f7
-	golang.org/x/crypto v0.18.0
-	golang.org/x/sys v0.16.0
-	golang.org/x/term v0.16.0
-	golang.org/x/text v0.14.0
+	golang.org/x/crypto v0.21.0
+	golang.org/x/sys v0.20.0
+	golang.org/x/term v0.20.0
+	golang.org/x/text v0.15.0
 	gotest.tools/v3 v3.5.1
 	inet.af/netaddr v0.0.0-20230525184311-b8eac61e914a
 	k8s.io/client-go v0.24.1
@@ -133,9 +135,9 @@ require (
 	go4.org/intern v0.0.0-20230205224052-192e9f60865c // indirect
 	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
 	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/oauth2 v0.11.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/sync v0.5.0 // indirect
 	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
@@ -145,7 +147,7 @@ require (
 	google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
 	google.golang.org/grpc v1.59.0 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect