forbidigo config migration is incorrect #5602
Description
Welcome
- Yes, I'm using a binary release within 2 latest releases. Only such installations are supported.
- Yes, I've searched similar issues on GitHub and didn't find any.
- Yes, I've read the
typechecksection of the FAQ. - Yes, I've tried with the standalone linter if available (e.g., gocritic, go vet, etc.).
- I agree to follow this project's Code of Conduct
How did you install golangci-lint?
Nix
Description of the problem
Our old forbidigo configuration looked like https://github.com/sapcc/keppel/blob/f114af95e9030aee1c2be1c0adf81cd9663ad66a/.golangci.yaml#L42-L58
and the migration command turned it into:
forbidigo: forbid: - pattern: ^ioutil\..*$ - pattern: ^http\.DefaultServeMux$ - pattern: ^http\.Handle(?:Func)?$ - pattern: | p: null pkg: ^gopkg\.in/square/go-jose\.v2$ msg: gopk.in/square/go-jose is archived and has CVEs. Replace it with gopkg.in/go-jose/go-jose.v2 - pattern: | p: null pkg: ^github.com/coreos/go-oidc$ msg: github.com/coreos/go-oidc depends on gopkg.in/square/go-jose which has CVEs. Replace it with github.com/coreos/go-oidc/v3 - pattern: | p: null pkg: ^github.com/howeyc/gopass$ msg: github.com/howeyc/gopass is archived, use golang.org/x/term instead analyze-types: trueVersion of golangci-lint
$ golangci-lint --version golangci-lint has version 2.0.0 built with go1.24.1 from v2.0.0 on 19700101-00:00:00Configuration
linters-settings: forbidigo: analyze-types: true # required for pkg: forbid: # ioutil package has been deprecated: https://github.com/golang/go/issues/42026 - ^ioutil\..*$ # Using http.DefaultServeMux is discouraged because it's a global variable that some packages silently and magically add handlers to (esp. net/http/pprof). # Applications wishing to use http.ServeMux should obtain local instances through http.NewServeMux() instead of using the global default instance. - ^http\.DefaultServeMux$ - ^http\.Handle(?:Func)?$ # Forbid usage of old and archived square/go-jose - pkg: ^gopkg\.in/square/go-jose\.v2$ msg: "gopk.in/square/go-jose is archived and has CVEs. Replace it with gopkg.in/go-jose/go-jose.v2" - pkg: ^github.com/coreos/go-oidc$ msg: "github.com/coreos/go-oidc depends on gopkg.in/square/go-jose which has CVEs. Replace it with github.com/coreos/go-oidc/v3" - pkg: ^github.com/howeyc/gopass$ msg: "github.com/howeyc/gopass is archived, use golang.org/x/term instead"Go environment
$ go version && go env go version && go env go version go1.24.1 linux/amd64 AR='ar' CC='gcc' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_ENABLED='1' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' CXX='g++' GCCGO='gccgo' GO111MODULE='' GOAMD64='v1' GOARCH='amd64' GOAUTH='netrc' GOBIN='' GOCACHE='/home/sandro/.cache/go-build' GOCACHEPROG='' GODEBUG='' GOENV='/home/sandro/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFIPS140='off' GOFLAGS='' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2156862882=/tmp/go-build -gno-record-gcc-switches' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMOD='/home/sandro/src/github.com/sapcc/keppel/go.mod' GOMODCACHE='/home/sandro/.cache/go/pkg/mod' GONOPROXY='git.sr.ht,github.wdf.sap.corp' GONOSUMDB='git.sr.ht,github.wdf.sap.corp' GOOS='linux' GOPATH='/home/sandro/.cache/go' GOPRIVATE='git.sr.ht' GOPROXY='https://proxy.golang.org,direct' GOROOT='/nix/store/cfjhl0kn7xc65466pha9fkrvigw3g72n-go-1.24.1/share/go' GOSUMDB='sum.golang.org' GOTELEMETRY='local' GOTELEMETRYDIR='/home/sandro/.config/go/telemetry' GOTMPDIR='' GOTOOLCHAIN='local' GOTOOLDIR='/nix/store/cfjhl0kn7xc65466pha9fkrvigw3g72n-go-1.24.1/share/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.24.1' GOWORK='' PKG_CONFIG='pkg-config'Verbose output of running
$ golangci-lint cache clean $ golangci-lint run -v # paste output hereA minimal reproducible example or link to a public repository
// add your code hereValidation
- Yes, I've included all information above (version, config, etc.).
Supporter
- I am a sponsor/backer through GitHub or OpenCollective