From ce196d78a53e6230998517efda5d7a59cd118520 Mon Sep 17 00:00:00 2001 From: per1234 Date: Wed, 5 Mar 2025 00:23:13 -0800 Subject: [PATCH 1/3] Update project Go version to 1.24.1 --- DistTasks.yml | 2 +- Taskfile.yml | 2 +- docsgen/go.mod | 2 +- go.mod | 2 +- ruledocsgen/go.mod | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/DistTasks.yml b/DistTasks.yml index eb967164..4f5dd516 100644 --- a/DistTasks.yml +++ b/DistTasks.yml @@ -19,7 +19,7 @@ version: "3" vars: CONTAINER: "docker.elastic.co/beats-dev/golang-crossbuild" - GO_VERSION: "1.22.9" + GO_VERSION: "1.24.0" tasks: Windows_32bit: diff --git a/Taskfile.yml b/Taskfile.yml index 3302894e..fcd6d7b1 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -323,7 +323,7 @@ tasks: desc: Refresh dependency metadata dir: "{{default .DEFAULT_GO_MODULE_PATH .GO_MODULE_PATH}}" vars: - GO_VERSION: 1.17 + GO_VERSION: 1.24.0 cmds: - go mod tidy -compat={{.GO_VERSION}} diff --git a/docsgen/go.mod b/docsgen/go.mod index dc576577..b61a95df 100644 --- a/docsgen/go.mod +++ b/docsgen/go.mod @@ -1,7 +1,7 @@ // Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/cobra/docsgen/go.mod module github.com/arduino/arduino-lint/docsgen -go 1.22.9 +go 1.24.0 replace github.com/arduino/arduino-lint => ../ diff --git a/go.mod b/go.mod index 6d3cea08..95af555d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/arduino/arduino-lint -go 1.22.9 +go 1.24.0 replace github.com/jandelgado/gcov2lcov => github.com/jandelgado/gcov2lcov v1.0.5 // v1.0.4 causes Dependabot updates to fail due to checksum mismatch (likely a moved tag). This is an unused transitive dependency, so version is irrelevant. diff --git a/ruledocsgen/go.mod b/ruledocsgen/go.mod index cc16901b..82d6cd57 100644 --- a/ruledocsgen/go.mod +++ b/ruledocsgen/go.mod @@ -1,6 +1,6 @@ module github.com/arduino/arduino-lint/ruledocsgen -go 1.22.9 +go 1.24.0 replace github.com/arduino/arduino-lint => ../ From 3f52ba14640d3b01cbfb70e858a0c3c74acc5a5d Mon Sep 17 00:00:00 2001 From: per1234 Date: Wed, 5 Mar 2025 00:31:24 -0800 Subject: [PATCH 2/3] Update dependency license metadata cache for Go bump --- .../go/golang.org/x/crypto/hkdf.dep.yml | 63 +++++++++++++++++++ .../go/golang.org/x/crypto/hkdf.dep.yml | 63 +++++++++++++++++++ .../go/golang.org/x/crypto/hkdf.dep.yml | 63 +++++++++++++++++++ 3 files changed, 189 insertions(+) create mode 100644 .licenses/arduino-lint/go/golang.org/x/crypto/hkdf.dep.yml create mode 100644 .licenses/docsgen/go/golang.org/x/crypto/hkdf.dep.yml create mode 100644 .licenses/ruledocsgen/go/golang.org/x/crypto/hkdf.dep.yml diff --git a/.licenses/arduino-lint/go/golang.org/x/crypto/hkdf.dep.yml b/.licenses/arduino-lint/go/golang.org/x/crypto/hkdf.dep.yml new file mode 100644 index 00000000..330663cc --- /dev/null +++ b/.licenses/arduino-lint/go/golang.org/x/crypto/hkdf.dep.yml @@ -0,0 +1,63 @@ +--- +name: golang.org/x/crypto/hkdf +version: v0.32.0 +type: go +summary: Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation + Function (HKDF) as defined in RFC 5869. +homepage: https://pkg.go.dev/golang.org/x/crypto/hkdf +license: other +licenses: +- sources: crypto@v0.32.0/LICENSE + text: | + Copyright 2009 The Go Authors. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + * Neither the name of Google LLC nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- sources: crypto@v0.32.0/PATENTS + text: | + Additional IP Rights Grant (Patents) + + "This implementation" means the copyrightable works distributed by + Google as part of the Go project. + + Google hereby grants to You a perpetual, worldwide, non-exclusive, + no-charge, royalty-free, irrevocable (except as stated in this section) + patent license to make, have made, use, offer to sell, sell, import, + transfer and otherwise run, modify and propagate the contents of this + implementation of Go, where such license applies only to those patent + claims, both currently owned or controlled by Google and acquired in + the future, licensable by Google that are necessarily infringed by this + implementation of Go. This grant does not include claims that would be + infringed only as a consequence of further modification of this + implementation. If you or your agent or exclusive licensee institute or + order or agree to the institution of patent litigation against any + entity (including a cross-claim or counterclaim in a lawsuit) alleging + that this implementation of Go or any code incorporated within this + implementation of Go constitutes direct or contributory patent + infringement, or inducement of patent infringement, then any patent + rights granted to you under this License for this implementation of Go + shall terminate as of the date such litigation is filed. +notices: [] diff --git a/.licenses/docsgen/go/golang.org/x/crypto/hkdf.dep.yml b/.licenses/docsgen/go/golang.org/x/crypto/hkdf.dep.yml new file mode 100644 index 00000000..330663cc --- /dev/null +++ b/.licenses/docsgen/go/golang.org/x/crypto/hkdf.dep.yml @@ -0,0 +1,63 @@ +--- +name: golang.org/x/crypto/hkdf +version: v0.32.0 +type: go +summary: Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation + Function (HKDF) as defined in RFC 5869. +homepage: https://pkg.go.dev/golang.org/x/crypto/hkdf +license: other +licenses: +- sources: crypto@v0.32.0/LICENSE + text: | + Copyright 2009 The Go Authors. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + * Neither the name of Google LLC nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- sources: crypto@v0.32.0/PATENTS + text: | + Additional IP Rights Grant (Patents) + + "This implementation" means the copyrightable works distributed by + Google as part of the Go project. + + Google hereby grants to You a perpetual, worldwide, non-exclusive, + no-charge, royalty-free, irrevocable (except as stated in this section) + patent license to make, have made, use, offer to sell, sell, import, + transfer and otherwise run, modify and propagate the contents of this + implementation of Go, where such license applies only to those patent + claims, both currently owned or controlled by Google and acquired in + the future, licensable by Google that are necessarily infringed by this + implementation of Go. This grant does not include claims that would be + infringed only as a consequence of further modification of this + implementation. If you or your agent or exclusive licensee institute or + order or agree to the institution of patent litigation against any + entity (including a cross-claim or counterclaim in a lawsuit) alleging + that this implementation of Go or any code incorporated within this + implementation of Go constitutes direct or contributory patent + infringement, or inducement of patent infringement, then any patent + rights granted to you under this License for this implementation of Go + shall terminate as of the date such litigation is filed. +notices: [] diff --git a/.licenses/ruledocsgen/go/golang.org/x/crypto/hkdf.dep.yml b/.licenses/ruledocsgen/go/golang.org/x/crypto/hkdf.dep.yml new file mode 100644 index 00000000..330663cc --- /dev/null +++ b/.licenses/ruledocsgen/go/golang.org/x/crypto/hkdf.dep.yml @@ -0,0 +1,63 @@ +--- +name: golang.org/x/crypto/hkdf +version: v0.32.0 +type: go +summary: Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation + Function (HKDF) as defined in RFC 5869. +homepage: https://pkg.go.dev/golang.org/x/crypto/hkdf +license: other +licenses: +- sources: crypto@v0.32.0/LICENSE + text: | + Copyright 2009 The Go Authors. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + * Neither the name of Google LLC nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- sources: crypto@v0.32.0/PATENTS + text: | + Additional IP Rights Grant (Patents) + + "This implementation" means the copyrightable works distributed by + Google as part of the Go project. + + Google hereby grants to You a perpetual, worldwide, non-exclusive, + no-charge, royalty-free, irrevocable (except as stated in this section) + patent license to make, have made, use, offer to sell, sell, import, + transfer and otherwise run, modify and propagate the contents of this + implementation of Go, where such license applies only to those patent + claims, both currently owned or controlled by Google and acquired in + the future, licensable by Google that are necessarily infringed by this + implementation of Go. This grant does not include claims that would be + infringed only as a consequence of further modification of this + implementation. If you or your agent or exclusive licensee institute or + order or agree to the institution of patent litigation against any + entity (including a cross-claim or counterclaim in a lawsuit) alleging + that this implementation of Go or any code incorporated within this + implementation of Go constitutes direct or contributory patent + infringement, or inducement of patent infringement, then any patent + rights granted to you under this License for this implementation of Go + shall terminate as of the date such litigation is filed. +notices: [] From 024884f3033fb39f659d158025076458022d9e7f Mon Sep 17 00:00:00 2001 From: per1234 Date: Wed, 5 Mar 2025 00:33:27 -0800 Subject: [PATCH 3/3] Manually define dependency license metadata that was not detected The "Licensed" dependency license checker tool uses the licensee tool to automatically determine the license type based on metadata provided by the dependency author. This must be in a standardized format without any modifications. In cases where that wasn't done, it is necessary to determine the license type and update the dependency license metadata cache in the `.licenses` folder manually. The Licensed tool will check this data whenever the dependency version is updated to make sure the license hasn't changed. --- .licenses/arduino-lint/go/golang.org/x/crypto/hkdf.dep.yml | 2 +- .licenses/docsgen/go/golang.org/x/crypto/hkdf.dep.yml | 2 +- .licenses/ruledocsgen/go/golang.org/x/crypto/hkdf.dep.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.licenses/arduino-lint/go/golang.org/x/crypto/hkdf.dep.yml b/.licenses/arduino-lint/go/golang.org/x/crypto/hkdf.dep.yml index 330663cc..f46b5c38 100644 --- a/.licenses/arduino-lint/go/golang.org/x/crypto/hkdf.dep.yml +++ b/.licenses/arduino-lint/go/golang.org/x/crypto/hkdf.dep.yml @@ -5,7 +5,7 @@ type: go summary: Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869. homepage: https://pkg.go.dev/golang.org/x/crypto/hkdf -license: other +license: bsd-3-clause licenses: - sources: crypto@v0.32.0/LICENSE text: | diff --git a/.licenses/docsgen/go/golang.org/x/crypto/hkdf.dep.yml b/.licenses/docsgen/go/golang.org/x/crypto/hkdf.dep.yml index 330663cc..f46b5c38 100644 --- a/.licenses/docsgen/go/golang.org/x/crypto/hkdf.dep.yml +++ b/.licenses/docsgen/go/golang.org/x/crypto/hkdf.dep.yml @@ -5,7 +5,7 @@ type: go summary: Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869. homepage: https://pkg.go.dev/golang.org/x/crypto/hkdf -license: other +license: bsd-3-clause licenses: - sources: crypto@v0.32.0/LICENSE text: | diff --git a/.licenses/ruledocsgen/go/golang.org/x/crypto/hkdf.dep.yml b/.licenses/ruledocsgen/go/golang.org/x/crypto/hkdf.dep.yml index 330663cc..f46b5c38 100644 --- a/.licenses/ruledocsgen/go/golang.org/x/crypto/hkdf.dep.yml +++ b/.licenses/ruledocsgen/go/golang.org/x/crypto/hkdf.dep.yml @@ -5,7 +5,7 @@ type: go summary: Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869. homepage: https://pkg.go.dev/golang.org/x/crypto/hkdf -license: other +license: bsd-3-clause licenses: - sources: crypto@v0.32.0/LICENSE text: |