chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.35.0 (#683)

* chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.35.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.31.0 to 0.35.0.
- [Commits](golang/crypto@v0.31.0...v0.35.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.35.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Run go mod tidy

Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>

* Do not pin the toolchain version

Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>

* Fix the linting failure bumping golangci-lint

Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Radoslav Dimitrov <radoslav@stacklok.com>

Author: dependabot[bot]

.github/workflows/linting.yml

@@ -43,10 +43,10 @@ jobs:
           cache: true
 
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
+        uses: golangci/golangci-lint-action@1481404843c368bc19ca9406f87d6e0fc97bdcfd # v7.0.0
         with:
           # Require: The version of golangci-lint to use.
           # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version.
           # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit.
-          version: v1.54
+          version: v2.1.1
           args: --timeout 5m --verbose

.golangci.yml

@@ -1,31 +1,20 @@
-#
-# Copyright 2024 The Update Framework Authors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-#
-# SPDX-License-Identifier: Apache-2.0
-
-run:
-  linters:
-  enable:
-    - gofmt
-    - bodyclose
-    - contextcheck
-    - errname
-    - gocyclo
-    - godot
-    - godox
-    - misspell
-    - stylecheck
-    - whitespace
-    - gocritic
+version: "2"
+linters:
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

examples/client/client_example.go

@@ -79,7 +79,7 @@ func InitEnvironment() (string, error) {
 	if !generateRandomFolder {
 		tmpDir = filepath.Join(cwd, "tmp")
 		// create a temporary folder for storing the demo artifacts
-		os.Mkdir(tmpDir, 0750)
+		_ = os.Mkdir(tmpDir, 0750)
 	} else {
 		// create a temporary folder for storing the demo artifacts
 		tmpDir, err = os.MkdirTemp(cwd, "tmp")
@@ -89,7 +89,7 @@ func InitEnvironment() (string, error) {
 	}
 
 	// create a destination folder for storing the downloaded target
-	os.Mkdir(filepath.Join(tmpDir, "download"), 0750)
+	_ = os.Mkdir(filepath.Join(tmpDir, "download"), 0750)
 	return tmpDir, nil
 }
 

go.mod

@@ -1,6 +1,6 @@
 module github.com/theupdateframework/go-tuf/v2
 
-go 1.22
+go 1.23.0
 
 require (
 	github.com/go-logr/stdr v1.2.2
@@ -21,9 +21,9 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
-	golang.org/x/crypto v0.31.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
 	google.golang.org/grpc v1.56.3 // indirect
 	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

go.sum

@@ -63,12 +63,12 @@ go.opentelemetry.io/otel v1.15.0 h1:NIl24d4eiLJPM0vKn4HjLYM+UZf6gSfi9Z+NmCxkWbk=
 go.opentelemetry.io/otel v1.15.0/go.mod h1:qfwLEbWhLPk5gyWrne4XnF0lC8wtywbuJbgfAE3zbek=
 go.opentelemetry.io/otel/trace v1.15.0 h1:5Fwje4O2ooOxkfyqI/kJwxWotggDLix4BSAvpE1wlpo=
 go.opentelemetry.io/otel/trace v1.15.0/go.mod h1:CUsmE2Ht1CRkvE8OsMESvraoZrrcgD1J2W8GV1ev0Y4=
-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
 google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=

internal/testutils/signer/signer.go

@@ -154,7 +154,7 @@ func loadSigner(k, s string) (signature.Signer, error) {
 		var pssOpt = rsa.PSSOptions{Hash: crypto.SHA256}
 		opts = append(opts, options.WithRSAPSS(&pssOpt))
 	default:
-		return nil, fmt.Errorf("unsupported key scheme %s\n", s)
+		return nil, fmt.Errorf("unsupported key scheme %s", s)
 	}
 
 	return signature.LoadSignerWithOpts(pk, opts...)

internal/testutils/simulator/repository_simulator.go

@@ -427,13 +427,14 @@ func (rs *RepositorySimulator) FetchMetadata(role string, version *int) ([]byte,
 	}
 
 	// Sign and serialize the requested metadata
-	if role == metadata.TIMESTAMP {
+	switch role {
+	case metadata.TIMESTAMP:
 		return signMetadata(role, rs.MDTimestamp, rs)
-	} else if role == metadata.SNAPSHOT {
+	case metadata.SNAPSHOT:
 		return signMetadata(role, rs.MDSnapshot, rs)
-	} else if role == metadata.TARGETS {
+	case metadata.TARGETS:
 		return signMetadata(role, rs.MDTargets, rs)
-	} else {
+	default:
 		md, ok := rs.MDDelegates[role]
 		if !ok {
 			slog.Error("Unknown role", "role", role)