chore: fix dependabot alerts (#4048)

* chore: fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: fix dependabot alerts Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: fix golangci-lint findings from CI Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: fix golangci-lint gosec warnings Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update code to use slices package and address gosec linting issues Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * build: fix makefile target Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update tests to use context in HTTP requests and add gosec annotations Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update tests to use context in HTTP requests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update tests to use context in HTTP requests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update tests to use context in HTTP requests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update tests to use context in HTTP requests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: bump zui version Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: update test helpers and improve security settings in tests Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> * chore: add gosec linting directive for test path construction Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com> --------- Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
2026-06-19 05:57:57 +08:00 · 2026-05-10 23:29:05 -07:00
parent 9757f7cf41
commit 9aff5b8d08
60 changed files with 2320 additions and 3008 deletions
@@ -64,7 +64,7 @@ func (onDemand *BaseOnDemand) SyncImage(ctx context.Context, repo, reference str

 	defer onDemand.requestStore.Delete(req)

-	go onDemand.syncImage(repo, reference, syncResult)
+	go onDemand.syncImage(ctx, repo, reference, syncResult)

 	err := <-syncResult

@@ -95,14 +95,14 @@ func (onDemand *BaseOnDemand) SyncReferrers(ctx context.Context, repo string,

 	defer onDemand.requestStore.Delete(req)

-	go onDemand.syncReferrers(repo, subjectDigestStr, referenceTypes, syncResult)
+	go onDemand.syncReferrers(ctx, repo, subjectDigestStr, referenceTypes, syncResult)

 	err := <-syncResult

 	return err
 }

-func (onDemand *BaseOnDemand) syncReferrers(repo, subjectDigestStr string,
+func (onDemand *BaseOnDemand) syncReferrers(ctx context.Context, repo, subjectDigestStr string,
 	referenceTypes []string, syncResult chan error,
 ) {
 	defer close(syncResult)
@@ -121,7 +121,7 @@ func (onDemand *BaseOnDemand) syncReferrers(repo, subjectDigestStr string,

 		// Create a detached context with timeout to ensure sync completes even if HTTP client disconnects.
 		// This prevents Kubernetes timeout/retries from aborting in-progress referrer downloads.
-		syncCtx, cancel := context.WithTimeout(context.Background(), timeout)
+		syncCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), timeout)
 		err = service.SyncReferrers(syncCtx, repo, subjectDigestStr, referenceTypes)

 		cancel()
@@ -164,7 +164,7 @@ func (onDemand *BaseOnDemand) syncReferrers(repo, subjectDigestStr string,
 						Msg("sync routine: starting routine to copy image, because of error")

 					// Use detached context with timeout for background retry
-					retryCtx, cancel := context.WithTimeout(context.Background(), serviceTimeout)
+					retryCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), serviceTimeout)
 					defer cancel()

 					err := service.SyncReferrers(retryCtx, repo, subjectDigestStr, referenceTypes)
@@ -182,7 +182,7 @@ func (onDemand *BaseOnDemand) syncReferrers(repo, subjectDigestStr string,
 	syncResult <- err
 }

-func (onDemand *BaseOnDemand) syncImage(repo, reference string, syncResult chan error) {
+func (onDemand *BaseOnDemand) syncImage(ctx context.Context, repo, reference string, syncResult chan error) {
 	defer close(syncResult)

 	var err error
@@ -199,7 +199,7 @@ func (onDemand *BaseOnDemand) syncImage(repo, reference string, syncResult chan

 		// Create a detached context with timeout to ensure sync completes even if HTTP client disconnects.
 		// This prevents Kubernetes timeout/retries from aborting in-progress image downloads.
-		syncCtx, cancel := context.WithTimeout(context.Background(), timeout)
+		syncCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), timeout)
 		err = service.SyncImage(syncCtx, repo, reference)

 		cancel()
@@ -242,7 +242,7 @@ func (onDemand *BaseOnDemand) syncImage(repo, reference string, syncResult chan
 						Msg("sync routine: starting routine to retry copy image due to error")

 					// Use detached context with timeout for background retry
-					retryCtx, cancel := context.WithTimeout(context.Background(), serviceTimeout)
+					retryCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), serviceTimeout)
 					defer cancel()

 					err := service.SyncImage(retryCtx, repo, reference)
@@ -2640,15 +2640,15 @@ func TestTLS(t *testing.T) {
 			t.Fatalf("Failed to read CA cert: %v", err)
 		}

-		err = os.WriteFile(destClientCertPath, clientCertData, 0o600)
+		err = os.WriteFile(destClientCertPath, clientCertData, 0o600) //nolint:gosec // test path is tempdir-scoped
 		if err != nil {
 			t.Fatalf("Failed to write client cert: %v", err)
 		}
-		err = os.WriteFile(destClientKeyPath, clientKeyData, 0o600)
+		err = os.WriteFile(destClientKeyPath, clientKeyData, 0o600) //nolint:gosec // test path is tempdir-scoped
 		if err != nil {
 			t.Fatalf("Failed to write client key: %v", err)
 		}
-		err = os.WriteFile(destCACertPath, caCertData, 0o600)
+		err = os.WriteFile(destCACertPath, caCertData, 0o600) //nolint:gosec // test path is tempdir-scoped
 		if err != nil {
 			t.Fatalf("Failed to write CA cert: %v", err)
 		}