Merge pull request #216 from smallstep/dependabot/go_modules/filippo.io/edwards25519-1.1.1

hslatman · web-flow · commit a7a505899d18 · 2026-02-23T13:55:48.000+01:00
Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1
diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 )
 
 require (
-	filippo.io/edwards25519 v1.1.0 // indirect
+	filippo.io/edwards25519 v1.1.1 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.4 // indirect
diff --git a/go.sum b/go.sum
@@ -1,5 +1,5 @@
-filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
-filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+filippo.io/edwards25519 v1.1.1 h1:YpjwWWlNmGIDyXOn8zLzqiD+9TyIlPhGFG96P39uBpw=
+filippo.io/edwards25519 v1.1.1/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
diff --git a/token/parse.go b/token/parse.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+
 	"go.step.sm/crypto/jose"
 )
 
@@ -52,7 +53,7 @@ type Payload struct {
 	Version                 interface{}       `json:"ver"`
 	XMSMirID                string            `json:"xms_mirid"`
 	K8sSANamespace          string            `json:"kubernetes.io/serviceaccount/namespace,omitempty"`
-	K8sSASecretName         string            `json:"kubernetes.io/serviceaccount/secret.name,omitempty"`
+	K8sSASecretName         string            `json:"kubernetes.io/serviceaccount/secret.name,omitempty"` // #nosec G117 -- property used for JSON (un)marshaling
 	K8sSAServiceAccountName string            `json:"kubernetes.io/serviceaccount/service-account.name,omitempty"`
 	K8sSAServiceAccountUID  string            `json:"kubernetes.io/serviceaccount/service-account.uid,omitempty"`
 	Google                  *GCPGooglePayload `json:"google"` // GCP token claims
diff --git a/ui/ui.go b/ui/ui.go
@@ -10,6 +10,7 @@ import (
 	"github.com/chzyer/readline"
 	"github.com/manifoldco/promptui"
 	"github.com/pkg/errors"
+
 	"go.step.sm/crypto/randutil"
 )
 
@@ -305,7 +306,7 @@ func preparePromptTerminal() (func(), error) {
 			tty.Close()
 		}
 
-		fd := int(tty.Fd())
+		fd := int(tty.Fd()) // #nosec G115 -- uintptr comes from file descriptor
 		state, err := readline.MakeRaw(fd)
 		if err != nil {
 			defer clean()
@@ -335,7 +336,7 @@ func prepareSelectTerminal() (func(), error) {
 			tty.Close()
 		}
 
-		fd := int(tty.Fd())
+		fd := int(tty.Fd()) // #nosec G115 -- uintptr comes from file descriptor
 		state, err := readline.MakeRaw(fd)
 		if err != nil {
 			defer clean()
diff --git a/usage/renderer.go b/usage/renderer.go
@@ -90,7 +90,7 @@ func (r *Renderer) write(b []byte) {
 }
 
 func (r *Renderer) printf(s string, a ...interface{}) {
-	fmt.Fprintf(r.out.w, s, a...)
+	fmt.Fprintf(r.out.w, s, a...) // #nosec G705 -- renders internal help content
 }
 
 func (r *Renderer) capture(mode RenderMode) {

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ require (`
`17`	`17`	`)`
`18`	`18`
`19`	`19`	`require (`
`20`		`- filippo.io/edwards25519 v1.1.0 // indirect`
	`20`	`+ filippo.io/edwards25519 v1.1.1 // indirect`
`21`	`21`	`github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect`
`22`	`22`	`github.com/davecgh/go-spew v1.1.1 // indirect`
`23`	`23`	`github.com/go-jose/go-jose/v3 v3.0.4 // indirect`
Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ func (r *Renderer) write(b []byte) {`
`90`	`90`	`}`
`91`	`91`
`92`	`92`	`func (r *Renderer) printf(s string, a ...interface{}) {`
`93`		`- fmt.Fprintf(r.out.w, s, a...)`
	`93`	`+ fmt.Fprintf(r.out.w, s, a...) // #nosec G705 -- renders internal help content`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`func (r *Renderer) capture(mode RenderMode) {`