Skip to content

Commit

Permalink
Merge pull request #430 from fxamacker/fxamacker/bump-golangci-lint-t…
Browse files Browse the repository at this point in the history
…o-1.53.3

Update CI and README
  • Loading branch information
fxamacker authored Oct 16, 2023
2 parents f8bac85 + ec73092 commit 86b6599
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 22 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/ci-go-cover.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v4
with:
go-version: 1.19
go-version: 1.21
check-latest: true
- name: Install x448/float16
run: go get github.com/x448/float16@v0.8.4
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
strategy:
matrix:
os: [macos-latest, ubuntu-latest, windows-latest]
go-version: [1.17, 1.18, 1.19]
go-version: [1.17, 1.19, '1.20', 1.21]
steps:
- name: Install Go
uses: actions/setup-go@v4
Expand All @@ -35,7 +35,7 @@ jobs:
check-latest: true

- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 1

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/govulncheck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,15 +33,15 @@ jobs:
contents: read
steps:
- name: Checkout source
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.20.x
go-version: 1.21.x
check-latest: true
- name: Install latest from golang.org
run: go install golang.org/x/vuln/cmd/govulncheck@f69de671333b611ab6b6f21f8ff0ab53f6d96c61 # v1.0.0
run: go install golang.org/x/vuln/cmd/govulncheck@da4b74a5408a0116e9a2dde953659a7b0956dc56 # v1.0.1
- name: Run govulncheck
run: govulncheck -show=traces ./...
18 changes: 8 additions & 10 deletions .github/workflows/safer-golangci-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,11 @@
# 1. GOLINTERS_VERSION
# 2. GOLINTERS_TGZ_DGST
#
# Release v1.52.2 (May 14, 2023)
# - Bump Go to 1.20
# - Bump actions/setup-go to v4
# - Bump golangci-lint to 1.52.2
# - Hash of golangci-lint-1.52.2-linux-amd64.tar.gz
# - SHA-256: c9cf72d12058a131746edd409ed94ccd578fbd178899d1ed41ceae3ce5f54501
# This SHA-256 digest matches golangci-lint-1.52.2-checksums.txt at
# Release v1.53.3 (June 25, 2023)
# - Bump golangci-lint to 1.53.3
# - Hash of golangci-lint-1.53.3-linux-amd64.tar.gz
# - SHA-256: 4f62007ca96372ccba54760e2ed39c2446b40ec24d9a90c21aad9f2fdf6cf0da
# This SHA-256 digest matches golangci-lint-1.53.3-checksums.txt at
# https://github.com/golangci/golangci-lint/releases
#
name: linters
Expand All @@ -49,9 +47,9 @@ on:

env:
GO_VERSION: '1.20'
GOLINTERS_VERSION: 1.52.2
GOLINTERS_VERSION: 1.53.3
GOLINTERS_ARCH: linux-amd64
GOLINTERS_TGZ_DGST: c9cf72d12058a131746edd409ed94ccd578fbd178899d1ed41ceae3ce5f54501
GOLINTERS_TGZ_DGST: 4f62007ca96372ccba54760e2ed39c2446b40ec24d9a90c21aad9f2fdf6cf0da
GOLINTERS_TIMEOUT: 15m
OPENSSL_DGST_CMD: openssl dgst -sha256 -r
CURL_CMD: curl --proto =https --tlsv1.2 --location --silent --show-error --fail
Expand All @@ -64,7 +62,7 @@ jobs:
contents: read
steps:
- name: Checkout source
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
fetch-depth: 1

Expand Down
4 changes: 0 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -523,10 +523,6 @@ geomean 2.782

`fxamacker/cbor` is used in projects by Arm Ltd., Berlin Institute of Health at Charité, Chainlink, Cisco, Confidential Computing Consortium, ConsenSys, Dapper Labs, EdgeX Foundry, F5, Fraunhofer‑AISEC, Linux Foundation, Microsoft, Mozilla, National Cybersecurity Agency of France (govt), Netherlands (govt), Oasis Protocol, Smallstep, Tailscale, Taurus SA, Teleport, TIBCO, and others.

GitHub reports `fxamacker/cbor` is "Used by":
-    220+ [repositories that depend on v1.x](https://github.com/fxamacker/cbor/network/dependents) (old version). Shown by default.
- 2,450+ [repositories that depend on v2.x](https://github.com/fxamacker/cbor/network/dependents?package_id=UGFja2FnZS0yMjcwNDY1OTQ4) (current version).

`fxamacker/cbor` passed multiple confidential security assessments. A [nonconfidential security assessment](https://github.com/veraison/go-cose/blob/v1.0.0-rc.1/reports/NCC_Microsoft-go-cose-Report_2022-05-26_v1.0.pdf) (prepared by NCC Group for Microsoft Corporation) includes a subset of fxamacker/cbor v2.4.0 in its scope.

## Standards
Expand Down

0 comments on commit 86b6599

Please sign in to comment.