From b6894eb6a6f08b4be3b85283e19c1d6aa9201d97 Mon Sep 17 00:00:00 2001
From: Tim Mwangi <44785807+tim-mwangi@users.noreply.github.com>
Date: Thu, 19 Sep 2024 16:06:30 -0700
Subject: [PATCH] chore: upgrade ci lint version (#136)

* chore: upgrade ci lint version

* remove unused skip-pkg-cache option

* golangci lint v1.61.0

* nosec on integer overflow
---
 .github/workflows/ci.yml                       | 6 ++----
 .github/workflows/publish-main.yml             | 2 +-
 .github/workflows/release.yml                  | 2 +-
 processors/ratelimiter/ratelimiterprocessor.go | 4 +++-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 652a70d..0c5bbfd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -31,9 +31,7 @@ jobs:
         name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
-          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
-          version: v1.59.0
-          skip-pkg-cache: true
+          version: v1.61.0
           only-new-issues: true
       - name: Run unit tests
         run: make test
@@ -52,7 +50,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Build and push image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           # this workflow runs on PRs, it only tests if the image can be built
           push: false
diff --git a/.github/workflows/publish-main.yml b/.github/workflows/publish-main.yml
index a3d3f25..39f3e83 100644
--- a/.github/workflows/publish-main.yml
+++ b/.github/workflows/publish-main.yml
@@ -19,7 +19,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_PUBLISH_TOKEN }}
 
       - name: Build and push image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           push: true
           context: .
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8537296..23edea4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,7 +26,7 @@ jobs:
         run: echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
 
       - name: Build and push image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           push: true
           context: .
diff --git a/processors/ratelimiter/ratelimiterprocessor.go b/processors/ratelimiter/ratelimiterprocessor.go
index 5ddec13..fb83831 100644
--- a/processors/ratelimiter/ratelimiterprocessor.go
+++ b/processors/ratelimiter/ratelimiterprocessor.go
@@ -71,7 +71,9 @@ func (p *rateLimiterProcessor) ConsumeTraces(ctx context.Context, traces ptrace.
 	}
 	ctx, _ = tag.New(ctx,
 		tag.Insert(tagTenantID, tenantId))
-	spanCount := uint32(traces.SpanCount())
+	// G115 (CWE-190): integer overflow conversion int -> uint32 (Confidence: MEDIUM, Severity: HIGH)
+	// This is a false positive we can ignore.
+	spanCount := uint32(traces.SpanCount()) // #nosec G115
 	stats.Record(ctx, rateLimitServiceCallsCount.M(int64(1)))
 	response, err := p.rateLimitServiceClient.ShouldRateLimit(
 		ctx,