Stick on gosec v2.16.0 (#456)

* Stick on gosec v2.16.0 The now latest version v2.17.0 will cause error as below: Golang errors in file: []: > [line 0 : column 0] - error obtaining VCS status: exit status 128 Use -buildvcs=false to disable VCS stamping. > [line 0 : column 0] - error obtaining VCS status: exit status 128 Use -buildvcs=false to disable VCS stamping. > [line 0 : column 0] - error obtaining VCS status: exit status 128 Use -buildvcs=false to disable VCS stamping. > [line 0 : column 0] - error obtaining VCS status: exit status 128 Use -buildvcs=false to disable VCS stamping. This probably due to the fact that 2.17.0 updated its Go version, which might conflicts with the github action OS installed version. * fix lint warnings
Azure · Sep 25, 2023 · eb789a4 · eb789a4
1 parent b3500d6
commit eb789a4
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -25,7 +25,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
+        uses: securego/gosec@v2.16.0
         with:
           args: './...'
 

diff --git a/auth_oidc.go b/auth_oidc.go
@@ -96,6 +96,7 @@ func (w *OidcCredential) getAssertion(ctx context.Context) (string, error) {
 		return "", fmt.Errorf("getAssertion: cannot request token: %v", err)
 	}
 
+	// #nosec G307
 	defer resp.Body.Close()
 	body, err := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
 	if err != nil {