From 0b0ecc432472ffc8311e6b0844891565c0f9bcc0 Mon Sep 17 00:00:00 2001
From: Simon Sawert <simon@sawert.se>
Date: Wed, 21 Apr 2021 17:36:28 +0200
Subject: [PATCH 1/2] Update wsl to 3.3.0, sort config in example config

---
 .golangci.example.yml | 23 ++++++++---------------
 go.mod                |  2 +-
 go.sum                |  2 ++
 pkg/config/config.go  |  2 ++
 pkg/golinters/wsl.go  |  1 +
 5 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/.golangci.example.yml b/.golangci.example.yml
index 72bad4a60964..5194c4049777 100644
--- a/.golangci.example.yml
+++ b/.golangci.example.yml
@@ -518,26 +518,19 @@ linters-settings:
     multi-func: false # Enforces newlines (or comments) after every multi-line function signature
 
   wsl:
-    # If true append is only allowed to be cuddled if appending value is
-    # matching variables, fields or types on line above. Default is true.
-    strict-append: true
-    # Allow calls and assignments to be cuddled as long as the lines have any
-    # matching variables, fields or types. Default is true.
-    allow-assign-and-call: true
-    # Allow assignments to be cuddled with anything. Default is false.
+    # See https://github.com/bombsimon/wsl/blob/master/doc/configuration.md for
+    # documentation of available settings. These are the defaults for
+    # `golangci-lint`.
     allow-assign-and-anything: false
-    # Allow multiline assignments to be cuddled. Default is true.
-    allow-multiline-assign: true
-    # Allow declarations (var) to be cuddled.
+    allow-assign-and-call: true
     allow-cuddle-declarations: false
-    # Allow trailing comments in ending of blocks
+    allow-multiline-assign: true
+    allow-separated-leading-comment: false
     allow-trailing-comment: false
-    # Force newlines in end of case at this limit (0 = never).
     force-case-trailing-whitespace: 0
-    # Force cuddling of err checks with err var assignment
     force-err-cuddling: false
-    # Allow leading comments to be separated with empty lines
-    allow-separated-leading-comment: false
+    force-short-decl-cuddling: false
+    strict-append: true
 
   # The custom section can be used to define linter plugins to be loaded at runtime. See README doc
   #  for more info.
diff --git a/go.mod b/go.mod
index e4df46a8b36a..17467cfa6959 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/ashanbrown/forbidigo v1.1.0
 	github.com/ashanbrown/makezero v0.0.0-20210308000810-4155955488a0
 	github.com/bkielbasa/cyclop v1.2.0
-	github.com/bombsimon/wsl/v3 v3.2.0
+	github.com/bombsimon/wsl/v3 v3.3.0
 	github.com/charithe/durationcheck v0.0.6
 	github.com/daixiang0/gci v0.2.8
 	github.com/denis-tingajkin/go-header v0.4.2
diff --git a/go.sum b/go.sum
index da58aed60eda..9e61612bf4f3 100644
--- a/go.sum
+++ b/go.sum
@@ -82,6 +82,8 @@ github.com/bkielbasa/cyclop v1.2.0 h1:7Jmnh0yL2DjKfw28p86YTd/B4lRGcNuu12sKE35sM7
 github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
 github.com/bombsimon/wsl/v3 v3.2.0 h1:x3QUbwW7tPGcCNridvqmhSRthZMTALnkg5/1J+vaUas=
 github.com/bombsimon/wsl/v3 v3.2.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
+github.com/bombsimon/wsl/v3 v3.3.0 h1:Mka/+kRLoQJq7g2rggtgQsjuI/K5Efd87WX96EWFxjM=
+github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
diff --git a/pkg/config/config.go b/pkg/config/config.go
index f2091c6d1b56..d51619e14f57 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -360,6 +360,7 @@ type WSLSettings struct {
 	AllowTrailingComment             bool `mapstructure:"allow-trailing-comment"`
 	AllowSeparatedLeadingComment     bool `mapstructure:"allow-separated-leading-comment"`
 	ForceCuddleErrCheckAndAssign     bool `mapstructure:"force-err-cuddling"`
+	ForceExclusiveShortDeclarations  bool `mapstructure:"force-short-decl-cuddling"`
 	ForceCaseTrailingWhitespaceLimit int  `mapstructure:"force-case-trailing-whitespace"`
 }
 
@@ -523,6 +524,7 @@ var defaultLintersSettings = LintersSettings{
 		AllowTrailingComment:             false,
 		AllowSeparatedLeadingComment:     false,
 		ForceCuddleErrCheckAndAssign:     false,
+		ForceExclusiveShortDeclarations:  false,
 		ForceCaseTrailingWhitespaceLimit: 0,
 	},
 	NoLintLint: NoLintLintSettings{
diff --git a/pkg/golinters/wsl.go b/pkg/golinters/wsl.go
index e5b8233bc04c..29d00faea5ae 100644
--- a/pkg/golinters/wsl.go
+++ b/pkg/golinters/wsl.go
@@ -46,6 +46,7 @@ func NewWSL() *goanalysis.Linter {
 					AllowSeparatedLeadingComment:     linterCfg.AllowSeparatedLeadingComment,
 					ForceCuddleErrCheckAndAssign:     linterCfg.ForceCuddleErrCheckAndAssign,
 					ForceCaseTrailingWhitespaceLimit: linterCfg.ForceCaseTrailingWhitespaceLimit,
+					ForceExclusiveShortDeclarations:  linterCfg.ForceExclusiveShortDeclarations,
 					AllowCuddleWithCalls:             []string{"Lock", "RLock"},
 					AllowCuddleWithRHS:               []string{"Unlock", "RUnlock"},
 					ErrorVariableNames:               []string{"err"},

From e17cce0ca9fbdd9c561d16ca56257fad49a5d79c Mon Sep 17 00:00:00 2001
From: Fernandez Ludovic <ldez@users.noreply.github.com>
Date: Wed, 21 Apr 2021 18:24:10 +0200
Subject: [PATCH 2/2] chore: ignore CVE-2020-26160

---
 .nancy-ignore | 3 +++
 go.sum        | 1 +
 2 files changed, 4 insertions(+)

diff --git a/.nancy-ignore b/.nancy-ignore
index 49ca45165b83..08b33ca2192f 100644
--- a/.nancy-ignore
+++ b/.nancy-ignore
@@ -5,3 +5,6 @@ CVE-2020-15136
 
 # Skip for indirect dependency github.com/gogo/protobuf@1.3.1
 CVE-2021-3121
+
+# Skip for indirect dependency github.com/dgrijalva/jwt-go@3.2.0
+CVE-2020-26160
diff --git a/go.sum b/go.sum
index 9e61612bf4f3..ec0b5c653d06 100644
--- a/go.sum
+++ b/go.sum
@@ -123,6 +123,7 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denis-tingajkin/go-header v0.4.2 h1:jEeSF4sdv8/3cT/WY8AgDHUoItNSoEZ7qg9dX7pc218=
 github.com/denis-tingajkin/go-header v0.4.2/go.mod h1:eLRHAVXzE5atsKAnNRDB90WHCFFnBUn4RN0nRcs1LJA=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=