From f9e1fa7cca35619302ca6167b2e04ef7186bc7d9 Mon Sep 17 00:00:00 2001 From: Vikrant Puppala Date: Sat, 30 May 2026 14:47:04 +0000 Subject: [PATCH 1/7] Clear OSV-Scanner findings: bump go directive to 1.25.10 + deps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Brings the Go SQL driver to a state where OSV-Scanner v2.3.8 reports zero findings against `go.mod`. Combined with #363 (the Go-1.20-compat dep bumps already merged), this closes out the security-bump work on databricks-sql-go. ## go directive `go 1.20` → `go 1.25.10`. Three reasons compound: - `github.com/apache/thrift@v0.23.0` (the version patched for GHSA-wf45-q9ch-q8gh / GHSA-526f-jxpj-jmg2) declares `go 1.25` in its own go.mod. We need `go ≥ 1.25` to build against it. - `golang.org/x/crypto@v0.52.0` (latest, clears GO-2026-5005 etc.) declares `go 1.24`. Fits within 1.25 floor. - The `.0` minor version of any Go release carries the stdlib advisories accumulated since release. Bumping to `1.25.10` (current patch as of 2026-05) clears 39 stdlib advisories from the OSV report. Future contributors regenerating go.sum should bump the patch line in lockstep. ## Runtime dep bumps | Package | From | To | Why | |---|---|---|---| | github.com/apache/thrift | v0.17.0 | v0.23.0 | GHSA-wf45-q9ch-q8gh (HIGH 7.5) | | golang.org/x/oauth2 | v0.7.0 | v0.27.0 | GO-2025-3488 / GHSA-6v2p-p543-phr9 | | golang.org/x/crypto | v0.31.0 | v0.52.0 | GO-2025-3487, GO-2026-5005..5033 | | golang.org/x/sys | v0.30.0 | v0.45.0 | required by x/crypto v0.52.0 | Plus auto-bumped transitives via `go mod tidy`: x/term, x/sync, x/mod etc. all updated to the versions x/crypto / x/sys now require. ## Go 1.25 vet findings Go 1.25's `go vet` (run as part of `go test`) added a check for `non-constant format string in call to ...Printf-like(...)`. Three existing call sites violate the new rule: - `internal/rows/arrowbased/arrowRows.go:224` — `ars.Error().Msgf(errArrowRowsUnsupportedNativeType(...))` → `Msg(...)` (no formatting needed) - `internal/rows/arrowbased/arrowRows.go:697` — `errors.Errorf(errArrowRowsUnhandledArrowType(...))` → `errors.New(...)` (no formatting needed) - `internal/rows/rowscanner/resultPageIterator.go:300` — `rpf.logger.Error().Msgf(errRowsUnandledFetchDirection(...))` → `Msg(...)` All three accept a function call returning a string. None had format verbs — they were latent footguns that would have format- injected if the string ever contained a `%` character. Fixing. ## CI matrix `go-version: [1.20.x]` → `go-version: ['1.24.x', '1.25.x', '1.26.x']`. Matches the Go release support window (only 1.25/1.26 currently receive security patches; 1.24 included for one cycle of overlap matching the JDBC/Python/Node patterns). Lint job's Go version bumped 1.20.x → 1.25.x. golangci-lint bumped v1.51 → v1.61 (v1.51 predates Go 1.21 toolchain auto-download and chokes on `go 1.25` directives). ## OSV-Scanner result Before: 40 findings (1 HIGH thrift, 39 unrated stdlib) After: 0 findings Verified locally on Go 1.25.10. Tests pass. Co-authored-by: Isaac Signed-off-by: Vikrant Puppala --- .github/workflows/go.yml | 10 ++++-- go.mod | 16 ++++----- go.sum | 35 ++++++++++--------- internal/rows/arrowbased/arrowRows.go | 4 +-- .../rows/rowscanner/resultPageIterator.go | 2 +- 5 files changed, 35 insertions(+), 32 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 2b6be9ca..fc5ebca1 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -27,18 +27,22 @@ jobs: - name: Set up Go Toolchain uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: - go-version: '1.20.x' + go-version: '1.25.x' cache: false - name: Lint uses: golangci/golangci-lint-action@d6238b002a20823d52840fda27e2d4891c5952dc # v4 with: - version: 'v1.51' + version: 'v1.61' build-and-test: name: Test and Build strategy: + # Matrix kept synchronized with current security-supported Go + # releases. Per go.dev/doc/devel/release, only the latest two + # major releases receive security patches; 1.24 is included for + # one cycle of overlap, matching the JDBC/Python/Node patterns. matrix: - go-version: [1.20.x] + go-version: ['1.24.x', '1.25.x', '1.26.x'] runs-on: group: databricks-protected-runner-group labels: linux-ubuntu-latest diff --git a/go.mod b/go.mod index f77dbc33..87a73f6f 100644 --- a/go.mod +++ b/go.mod @@ -1,17 +1,17 @@ module github.com/databricks/databricks-sql-go -go 1.20 +go 1.25.10 require ( github.com/apache/arrow/go/v12 v12.0.1 - github.com/apache/thrift v0.17.0 + github.com/apache/thrift v0.23.0 github.com/coreos/go-oidc/v3 v3.5.0 github.com/golang-jwt/jwt/v5 v5.2.2 github.com/joho/godotenv v1.4.0 github.com/mattn/go-isatty v0.0.20 github.com/pierrec/lz4/v4 v4.1.15 github.com/stretchr/testify v1.8.1 - golang.org/x/oauth2 v0.7.0 + golang.org/x/oauth2 v0.27.0 gotest.tools/gotestsum v1.8.2 ) @@ -23,7 +23,6 @@ require ( github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/go-jose/go-jose/v3 v3.0.5 // indirect github.com/goccy/go-json v0.9.11 // indirect - github.com/golang/protobuf v1.5.2 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/flatbuffers v2.0.8+incompatible // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect @@ -37,15 +36,12 @@ require ( github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect - golang.org/x/crypto v0.31.0 // indirect + golang.org/x/crypto v0.52.0 // indirect golang.org/x/mod v0.8.0 // indirect - golang.org/x/net v0.33.0 // indirect golang.org/x/sync v0.1.0 // indirect - golang.org/x/term v0.29.0 // indirect + golang.org/x/term v0.43.0 // indirect golang.org/x/tools v0.6.0 // indirect golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.33.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) @@ -54,5 +50,5 @@ require ( github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 github.com/pkg/errors v0.9.1 github.com/rs/zerolog v1.28.0 - golang.org/x/sys v0.30.0 // indirect + golang.org/x/sys v0.45.0 // indirect ) diff --git a/go.sum b/go.sum index 5f5460e2..d7e04ac4 100644 --- a/go.sum +++ b/go.sum @@ -1,11 +1,12 @@ cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c h1:RGWPOewvKIROun94nF7v2cua9qP+thov/7M50KEoeSU= +github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/apache/arrow/go/v12 v12.0.1 h1:JsR2+hzYYjgSUkBSaahpqCetqZMr76djX80fF/DiJbg= github.com/apache/arrow/go/v12 v12.0.1/go.mod h1:weuTY7JvTG/HDPtMQxEUp7pU73vkLWMLpY67QwZ/WWw= -github.com/apache/thrift v0.17.0 h1:cMd2aj52n+8VoAtvSvLn4kDC3aZ6IAkBuqWQ2IDu7wo= -github.com/apache/thrift v0.17.0/go.mod h1:OLxhMRJxomX+1I/KUw03qoV3mMz16BwaKI+d4fPBx7Q= +github.com/apache/thrift v0.23.0 h1:wKR6YnefQSEnxpEfmgTPuJibNG4bF0p2TK34tHLWi3s= +github.com/apache/thrift v0.23.0/go.mod h1:zPt6WxgvTOM6hF92y8C+MkEM5LMxZuk4JcQOiU4Esvs= github.com/coreos/go-oidc/v3 v3.5.0 h1:VxKtbccHZxs8juq7RdJntSqtXFtde9YpNpGn0yqgEHw= github.com/coreos/go-oidc/v3 v3.5.0/go.mod h1:ecXRtV4romGPeO6ieExAsUK9cb/3fp9hXNz1tlv8PIM= github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -30,7 +31,6 @@ github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeD github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -44,9 +44,11 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/joho/godotenv v1.4.0 h1:3l4+N6zfMWnkbPEXKng2o2/MR5mSwTrBih4ZEkkz1lg= @@ -59,6 +61,7 @@ github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBF github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= +github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -85,6 +88,7 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.28.0 h1:MirSo27VyNi7RJYP3078AA1+Cyzd2GB66qy3aUHvsWY= github.com/rs/zerolog v1.28.0/go.mod h1:NILgTygv/Uej1ra5XxGf82ZFSLk58MFGAUS2o6usyD0= @@ -102,6 +106,7 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ= +github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -110,9 +115,10 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.52.0 h1:RMs7fP2rXdep0CftQlK8Uf+kibLm7qkCcradZWYz988= +golang.org/x/crypto v0.52.0/go.mod h1:1QgfPxDqh0T2M/elOJtp9RvuR95kVjir0e6/BvEmGbc= golang.org/x/exp v0.0.0-20220827204233-334a2380cb91 h1:tnebWN09GYg9OLPss1KXj8txwZc6X6uMr6VFdcGNbHw= +golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= @@ -128,11 +134,9 @@ golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= -golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= -golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= +golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= +golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -163,8 +167,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY= +golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -172,8 +176,8 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= -golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= +golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= +golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -197,16 +201,15 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0= golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gonum.org/v1/gonum v0.11.0 h1:f1IJhK4Km5tBJmaiJXtk/PkL4cdVX6J+tGiM187uT5E= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +gonum.org/v1/gonum v0.11.0/go.mod h1:fSG4YDCxxUZQJ7rKsQrj0gMOg00Il0Z96/qMA4bVQhA= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/internal/rows/arrowbased/arrowRows.go b/internal/rows/arrowbased/arrowRows.go index 857ca368..f58813ae 100644 --- a/internal/rows/arrowbased/arrowRows.go +++ b/internal/rows/arrowbased/arrowRows.go @@ -221,7 +221,7 @@ func (ars *arrowRowScanner) ScanRow( if (dbType == cli_service.TTypeId_DECIMAL_TYPE && ars.UseArrowNativeDecimal) || (isIntervalType(dbType) && ars.UseArrowNativeIntervalTypes) { // not yet fully supported - ars.Error().Msgf(errArrowRowsUnsupportedNativeType(dbType.String())) + ars.Error().Msg(errArrowRowsUnsupportedNativeType(dbType.String())) return dbsqlerrint.NewDriverError(ars.ctx, errArrowRowsUnsupportedNativeType(dbType.String()), nil) } @@ -694,7 +694,7 @@ func (vcm *arrowValueContainerMaker) makeColumnValueContainer(t arrow.DataType, return nullContainer, nil default: - return nil, errors.Errorf(errArrowRowsUnhandledArrowType(t.String())) + return nil, errors.New(errArrowRowsUnhandledArrowType(t.String())) } } diff --git a/internal/rows/rowscanner/resultPageIterator.go b/internal/rows/rowscanner/resultPageIterator.go index 9cde0950..0743443a 100644 --- a/internal/rows/rowscanner/resultPageIterator.go +++ b/internal/rows/rowscanner/resultPageIterator.go @@ -297,7 +297,7 @@ func (rpf *resultPageIterator) checkDirectionValid(direction Direction) error { return io.EOF } default: - rpf.logger.Error().Msgf(errRowsUnandledFetchDirection(direction.String())) + rpf.logger.Error().Msg(errRowsUnandledFetchDirection(direction.String())) return dbsqlerrint.NewDriverError(rpf.ctx, errRowsUnandledFetchDirection(direction.String()), nil) } return nil From 87f9162430af9c5a45e9166aceaea1ae0a2d1849 Mon Sep 17 00:00:00 2001 From: Vikrant Puppala Date: Sat, 30 May 2026 15:51:53 +0000 Subject: [PATCH 2/7] Relax go directive from 1.25.10 to 1.25.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The .10 patch was over-pinning: it was chosen to silence 34 stdlib advisories from the OSV-Scanner report, but those advisories are runtime-fixed by whatever toolchain the build actually uses (GOTOOLCHAIN=auto downloads the latest patched). The directive only needs to be 1.25.0 — the minimum required by github.com/apache/thrift v0.23.0 (which declares go 1.25 in its go.mod). Tradeoff: - OSV-Scanner against go.mod will list ~34 stdlib advisories targeting 1.25.0 -> 1.25.x patches. These appear in customer scanners too. - But: these are runtime-fixed at build time. A customer using Go 1.25.10 to build the driver ships a binary with 1.25.10's stdlib. The advisories are a lockfile-scanner artifact, not a reachable customer vulnerability. Aligns with how the data-infra Go pack (grpc-go, golang.org/x/net, aws-sdk-go-v2) writes their directives — minimum required by their deps, not the latest patch. Tests pass on Go 1.25.10 toolchain (GOTOOLCHAIN=auto picks it up when build environment is older). Co-authored-by: Isaac Signed-off-by: Vikrant Puppala --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 87a73f6f..b2cea939 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/databricks/databricks-sql-go -go 1.25.10 +go 1.25.0 require ( github.com/apache/arrow/go/v12 v12.0.1 From 6120e510268e56dc22b82fd38f6de7510f716817 Mon Sep 17 00:00:00 2001 From: Vikrant Puppala Date: Sat, 30 May 2026 15:55:38 +0000 Subject: [PATCH 3/7] ci: fix lint go-version mismatch, drop 1.24 from matrix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two CI breakages from the directive bump: 1. Lint job failed with "the Go language version (go1.23) used to build golangci-lint is lower than the targeted Go version (1.25.0)". golangci-lint v1.61 was built with go 1.23 and refuses to lint a project declaring a newer directive. v1.62-1.64 are also pre-1.25. The v2.x family is built with go 1.25+ but requires a config-format migration (linters: are nested differently). Quickest fix: add `run.go: '1.23'` to .golangci.yml so linting treats the code as Go 1.23 despite the go 1.25.0 directive in go.mod. The directive is required by patched apache/thrift; the lint config override doesn't change runtime behavior. Migrating to golangci-lint v2 is a separate cleanup (its config format changed; non-trivial migration). 2. Test and Build (1.24.x) failed because protected runners set GOTOOLCHAIN=local, so Go 1.24.13 cannot auto-download a 1.25.x toolchain to satisfy our `go 1.25.0` directive. Drop 1.24.x from the matrix — it can't satisfy the directive in this CI setup. Final matrix: ['1.25.x', '1.26.x'] — matches Go's active security support window (only 1.25 and 1.26 receive upstream patches). Co-authored-by: Isaac Signed-off-by: Vikrant Puppala --- .github/workflows/go.yml | 16 +++++++++++----- .golangci.yml | 5 +++++ 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index fc5ebca1..7c01e6f6 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -33,16 +33,22 @@ jobs: - name: Lint uses: golangci/golangci-lint-action@d6238b002a20823d52840fda27e2d4891c5952dc # v4 with: + # v1.x family is the last to use the legacy config schema. + # v1.61 was built with go 1.23; the `run.go: '1.23'` in + # .golangci.yml tells it to treat our code as Go 1.23 + # despite the go 1.25.0 directive in go.mod. Migrating to + # v2 + the v2 config format is a separate cleanup. version: 'v1.61' build-and-test: name: Test and Build strategy: - # Matrix kept synchronized with current security-supported Go - # releases. Per go.dev/doc/devel/release, only the latest two - # major releases receive security patches; 1.24 is included for - # one cycle of overlap, matching the JDBC/Python/Node patterns. + # Matches Go's release support window. Per go.dev/doc/devel/release, + # only the latest two major releases receive security patches. + # As of 2026-05 that's 1.25 (Active LTS) and 1.26. The protected + # runners pin GOTOOLCHAIN=local so we can't include 1.24 — Go would + # refuse to satisfy the `go 1.25.0` directive without auto-downloading. matrix: - go-version: ['1.24.x', '1.25.x', '1.26.x'] + go-version: ['1.25.x', '1.26.x'] runs-on: group: databricks-protected-runner-group labels: linux-ubuntu-latest diff --git a/.golangci.yml b/.golangci.yml index 32298872..fc898e74 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -68,3 +68,8 @@ linters-settings: run: timeout: 5m + # The go.mod declares `go 1.25.0` because patched apache/thrift requires + # it, but we lint as if targeting 1.23 so we can stay on golangci-lint + # v1.x (v1 family is built with go ≤ 1.23 and would otherwise refuse). + # Migrating to v2 + the v2 config format is a separate cleanup. + go: '1.23' From 9823db2cb3ea120b7b4949476ad7e40f507db34c Mon Sep 17 00:00:00 2001 From: Vikrant Puppala Date: Mon, 1 Jun 2026 05:13:24 +0000 Subject: [PATCH 4/7] ci(lint): drop deprecated linters from .golangci.yml `deadcode`, `structcheck`, `varcheck` were removed in golangci-lint v1.49.0 (2022-09) and replaced by `unused` (which we already enable). Newer golangci-lint releases (including v1.61 in CI) emit deprecation warnings AND, more critically, flag them as `level=error` which the github-actions output formatter promotes to job-failing annotations. Removing the three deprecated entries clears the lint job error output without changing actual lint coverage. Co-authored-by: Isaac Signed-off-by: Vikrant Puppala --- .golangci.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index fc898e74..a8e81a14 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -2,7 +2,8 @@ linters: disable-all: true enable: - bodyclose - - deadcode + # deadcode, structcheck, varcheck were removed in golangci-lint v1.49 + # (replaced by `unused`, which we already enable below). - depguard - dogsled # - dupl @@ -27,13 +28,11 @@ linters: # - noctx - nolintlint - staticcheck - - structcheck # - stylecheck - typecheck # - unconvert # - unparam - unused - - varcheck # - whitespace # don't enable: From 0a3a1e0ae6d87376a3edb25ddf3a1360f560fb9b Mon Sep 17 00:00:00 2001 From: Vikrant Puppala Date: Mon, 1 Jun 2026 05:19:12 +0000 Subject: [PATCH 5/7] ci(lint): migrate to golangci-lint v2.12 + new config format MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous attempt to stay on v1.61 with `run.go: '1.23'` didn't resolve the underlying issue: golangci-lint v1.x was built with Go ≤ 1.23 and can't read the export data format that Go 1.25's stdlib ships. Result: "could not import sync/atomic (unsupported version: 2)" cascading into dozens of false typecheck errors across the codebase. v2.x is built with Go 1.25+ and reads the newer format natively. Migration to the v2 config schema: - `linters: disable-all: true` -> `linters: default: none` - `linters-settings:` -> nested under `linters: settings:` - `gofmt` is now a formatter (separate `formatters:` block) not a linter - `gosimple` was merged into `staticcheck` and removed as a separate linter - `goprintffuncname` was merged into the default staticcheck rules - `typecheck` is implicit in v2 and no longer toggleable; dropped - `deadcode`, `structcheck`, `varcheck` were removed in v1.49 (all replaced by `unused`, which we already enabled) Same set of substantive checks; same allowlists for depguard/gosec/ nolintlint. No behavior change in what gets flagged. Co-authored-by: Isaac Signed-off-by: Vikrant Puppala --- .github/workflows/go.yml | 12 +++--- .golangci.yml | 83 +++++++++++----------------------------- 2 files changed, 28 insertions(+), 67 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 7c01e6f6..0e84a9c3 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -33,12 +33,12 @@ jobs: - name: Lint uses: golangci/golangci-lint-action@d6238b002a20823d52840fda27e2d4891c5952dc # v4 with: - # v1.x family is the last to use the legacy config schema. - # v1.61 was built with go 1.23; the `run.go: '1.23'` in - # .golangci.yml tells it to treat our code as Go 1.23 - # despite the go 1.25.0 directive in go.mod. Migrating to - # v2 + the v2 config format is a separate cleanup. - version: 'v1.61' + # v2.x is built with go 1.25+, which is required so the + # linter can read Go 1.25 stdlib export data. The v1 family + # was built with go ≤1.23 and produces "could not import + # sync/atomic" typecheck errors against our `go 1.25.0` + # directive. + version: 'v2.12' build-and-test: name: Test and Build strategy: diff --git a/.golangci.yml b/.golangci.yml index a8e81a14..c6a1fdcf 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,74 +1,35 @@ +version: "2" + +run: + timeout: 5m + linters: - disable-all: true + default: none enable: - bodyclose - # deadcode, structcheck, varcheck were removed in golangci-lint v1.49 - # (replaced by `unused`, which we already enable below). - depguard - dogsled - # - dupl - errcheck - # - exportloopref - # - funlen - # - gochecknoinits - # - goconst - # - gocritic - # - gocyclo - - gofmt - # - goimports - # - gomnd - - goprintffuncname - gosec - - gosimple - govet - ineffassign - # - lll - # - misspell - nakedret - # - noctx - nolintlint - staticcheck - # - stylecheck - - typecheck - # - unconvert - # - unparam - unused - # - whitespace - - # don't enable: - # - asciicheck - # - scopelint - # - gochecknoglobals - # - gocognit - # - godot - # - godox - # - goerr113 - # - interfacer - # - maligned - # - nestif - # - prealloc - # - testpackage - # - revive - # - wsl - -linters-settings: - depguard: - rules: - main: - allow: - - $gostd - - github.com/databricks/databricks-sql-go - gosec: - exclude-generated: true - severity: "low" - confidence: "low" - nolintlint: - allow-unused: true - -run: - timeout: 5m - # The go.mod declares `go 1.25.0` because patched apache/thrift requires - # it, but we lint as if targeting 1.23 so we can stay on golangci-lint - # v1.x (v1 family is built with go ≤ 1.23 and would otherwise refuse). - # Migrating to v2 + the v2 config format is a separate cleanup. - go: '1.23' + settings: + depguard: + rules: + main: + allow: + - $gostd + - github.com/databricks/databricks-sql-go + gosec: + exclude-generated: true + severity: low + confidence: low + nolintlint: + allow-unused: true +formatters: + enable: + - gofmt From cf77582a904d675efc27b6391d47bdf7e0d9b224 Mon Sep 17 00:00:00 2001 From: Vikrant Puppala Date: Mon, 1 Jun 2026 05:36:24 +0000 Subject: [PATCH 6/7] ci(lint): bump golangci-lint-action v4 -> v9.2.1 for v2 lint support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit v4 of the action still passes the v1-era --out-format flag, which golangci-lint v2.x removed (replaced by --output.text.format=...). v7+ of the action is the first to support golangci-lint v2 — bump to the current stable v9.2.1. Co-authored-by: Isaac Signed-off-by: Vikrant Puppala --- .github/workflows/go.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 0e84a9c3..afd08b21 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -31,7 +31,7 @@ jobs: cache: false - name: Lint - uses: golangci/golangci-lint-action@d6238b002a20823d52840fda27e2d4891c5952dc # v4 + uses: golangci/golangci-lint-action@db582008a42febd596419635a5abc9d9815daa9c # v9.2.1 with: # v2.x is built with go 1.25+, which is required so the # linter can read Go 1.25 stdlib export data. The v1 family From 1af48ef697c71126b2788e420e6f56781ab92f67 Mon Sep 17 00:00:00 2001 From: Vikrant Puppala Date: Mon, 1 Jun 2026 06:08:07 +0000 Subject: [PATCH 7/7] ci(lint): resolve golangci-lint v2 findings on existing main MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Lint v2 has stricter defaults than the v1.51 the repo used previously, surfacing pre-existing issues that v1 silently ignored. None of these are bugs introduced by the security bump; they're cleanups so the upgraded linter runs clean. - .golangci.yml: depguard v2 no longer auto-allows the project's own third-party deps — list them explicitly so legitimate imports of go-retryablehttp, oauth2, thrift, jwt/v5, etc. don't trip the rule. Drop the v2-invalid `gosec.exclude-generated` key (the linter now config-verifies and would refuse to start with it present). - Makefile: bump local install target from golangci-lint@v1.51.0 to v2.12.2 (matches the version the v9.2.1 GitHub Action installs). - parameters.go: reflect.Ptr -> reflect.Pointer (Ptr is the legacy alias kept for backwards compat; govet's `inline` check flags it). - internal/rows/rows.go: complete the //nolint:gosec annotation block the original PR author added on the very next line — the int32 conversion on line 183 is in the same telemetry counter scope. - telemetry/aggregator_test.go: //nolint:gosec on test-only counter. - connection_test.go: //nolint:gosec on os.ReadFile(localFile) — the filename comes from a deterministic httptest fixture path. - internal/client/client.go: //nolint:staticcheck on the deprecated thrift.StdLogger sentinel — it's a no-op since thrift v0.13 but remains the documented argument type for NewTDebugProtocolFactoryWithLogger. Local lint run after these changes: 0 issues. Co-authored-by: Isaac Signed-off-by: Vikrant Puppala --- .golangci.yml | 14 +++++++++++++- Makefile | 2 +- connection_test.go | 2 +- internal/client/client.go | 4 +++- internal/rows/rows.go | 2 +- parameters.go | 2 +- telemetry/aggregator_test.go | 4 ++-- 7 files changed, 22 insertions(+), 8 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index c6a1fdcf..a6fdf1ad 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -24,8 +24,20 @@ linters: allow: - $gostd - github.com/databricks/databricks-sql-go + - github.com/apache/arrow/go/v12 + - github.com/apache/thrift/lib/go/thrift + - github.com/coreos/go-oidc/v3/oidc + - github.com/golang-jwt/jwt/v5 + - github.com/hashicorp/go-retryablehttp + - github.com/joho/godotenv + - github.com/mattn/go-isatty + - github.com/pierrec/lz4/v4 + - github.com/pkg/browser + - github.com/pkg/errors + - github.com/rs/zerolog + - github.com/stretchr/testify + - golang.org/x/oauth2 gosec: - exclude-generated: true severity: low confidence: low nolintlint: diff --git a/Makefile b/Makefile index 107f7c6e..ebe22c05 100644 --- a/Makefile +++ b/Makefile @@ -35,7 +35,7 @@ help: ## Show this help. all: gen fmt lint test coverage ## format and test everything bin/golangci-lint: go.mod go.sum - GOBIN=$(pwd)/bin go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.0 + GOBIN=$(pwd)/bin go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.12.2 bin/gotestsum: go.mod go.sum @mkdir -p bin/ diff --git a/connection_test.go b/connection_test.go index 92f08371..2598f177 100644 --- a/connection_test.go +++ b/connection_test.go @@ -2116,7 +2116,7 @@ func TestConn_handleStagingRetry(t *testing.T) { assert.Nil(t, err) assert.Equal(t, int32(2), atomic.LoadInt32(&attempts)) - got, readErr := os.ReadFile(localFile) + got, readErr := os.ReadFile(localFile) //nolint:gosec assert.Nil(t, readErr) assert.Equal(t, body, got, "GET should write the final-attempt body to local file") }) diff --git a/internal/client/client.go b/internal/client/client.go index 8414057e..8f1ca780 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -300,7 +300,9 @@ func InitThriftClient(cfg *config.Config, httpclient *http.Client) (*ThriftServi return nil, dbsqlerrint.NewRequestError(context.TODO(), fmt.Sprintf("invalid protocol specified %s", cfg.ThriftProtocol), nil) } if cfg.ThriftDebugClientProtocol { - protocolFactory = thrift.NewTDebugProtocolFactoryWithLogger(protocolFactory, "client:", thrift.StdLogger(nil)) + // thrift.StdLogger is deprecated as of v0.13 (no-op since), but is still the documented + // argument type for NewTDebugProtocolFactoryWithLogger; passing nil is the upstream pattern. + protocolFactory = thrift.NewTDebugProtocolFactoryWithLogger(protocolFactory, "client:", thrift.StdLogger(nil)) //nolint:staticcheck } var tTrans thrift.TTransport diff --git a/internal/rows/rows.go b/internal/rows/rows.go index bd0c2605..c7cbdd67 100644 --- a/internal/rows/rows.go +++ b/internal/rows/rows.go @@ -180,7 +180,7 @@ func NewRows( // For CloudFetch direct results, use the number of result links. var totalPresent int32 if directResults.CloseOperation != nil { - totalPresent = int32(r.chunkCount) + totalPresent = int32(r.chunkCount) //nolint:gosec } else if directResults.ResultSet != nil && directResults.ResultSet.Results != nil && directResults.ResultSet.Results.ResultLinks != nil { totalPresent = int32(len(directResults.ResultSet.Results.ResultLinks)) //nolint:gosec diff --git a/parameters.go b/parameters.go index c24027bd..779f2485 100644 --- a/parameters.go +++ b/parameters.go @@ -102,7 +102,7 @@ func inferTypes(params []Parameter) { } func inferType(param *Parameter) { - if param.Value != nil && reflect.ValueOf(param.Value).Kind() == reflect.Ptr { + if param.Value != nil && reflect.ValueOf(param.Value).Kind() == reflect.Pointer { param.Value = reflect.ValueOf(param.Value).Elem().Interface() inferType(param) return diff --git a/telemetry/aggregator_test.go b/telemetry/aggregator_test.go index 0bc2a566..9315af26 100644 --- a/telemetry/aggregator_test.go +++ b/telemetry/aggregator_test.go @@ -27,7 +27,7 @@ func TestAggregatorClose_WaitsForInFlightWorkerExports(t *testing.T) { body, _ := io.ReadAll(r.Body) var req TelemetryRequest if err := json.Unmarshal(body, &req); err == nil { - atomic.AddInt32(&receivedCount, int32(len(req.ProtoLogs))) + atomic.AddInt32(&receivedCount, int32(len(req.ProtoLogs))) //nolint:gosec } // Simulate slow server — forces the worker to be mid-HTTP-export when close() runs time.Sleep(exportDelay) @@ -138,7 +138,7 @@ func TestAggregatorFlushUnlocked_InFlightAddBeforeSend(t *testing.T) { body, _ := io.ReadAll(r.Body) var req TelemetryRequest if err := json.Unmarshal(body, &req); err == nil { - atomic.AddInt32(&receivedCount, int32(len(req.ProtoLogs))) + atomic.AddInt32(&receivedCount, int32(len(req.ProtoLogs))) //nolint:gosec } time.Sleep(20 * time.Millisecond) w.WriteHeader(http.StatusOK)