Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go get github.com/securego/gosec/cmd/gosec: no matching versions for query "upgrade" #458

Closed
Aisuko opened this issue Apr 8, 2020 · 4 comments
Closed

go get github.com/securego/gosec/cmd/gosec: no matching versions for query "upgrade" #458

Aisuko opened this issue Apr 8, 2020 · 4 comments

Comments

@Aisuko
Copy link

Aisuko commented Apr 8, 2020
edited
Loading

Summary

Thanks for you guys developed the so useful project.
But I hit the issue with the gosec when I use the command below. In fact, I hit the issue suddenly, and the issue (golang/go#34539) may helpful for the current situation.

The useful log please check below:

The command was executed under the local machine

 ✘  ~/go   GO111MODULE=on go get -v github.com/securego/gosec/cmd/gosec
go get github.com/securego/gosec/cmd/gosec: no matching versions for query "upgrade"
 ✘  ~/go  GO111MODULE=off go get -v github.com/securego/gosec/cmd/gosec
get "golang.org/x/tools/go/packages": found meta tag get.metaImport{Prefix:"golang.org/x/tools", VCS:"git", RepoRoot:"https://go.googlesource.com/tools"} at //golang.org/x/tools/go/packages?go-get=1
get "golang.org/x/tools/go/packages": verifying non-authoritative meta tag
golang.org/x/tools (download)
get "golang.org/x/xerrors": found meta tag get.metaImport{Prefix:"golang.org/x/xerrors", VCS:"git", RepoRoot:"https://go.googlesource.com/xerrors"} at //golang.org/x/xerrors?go-get=1
golang.org/x/xerrors (download)
golang.org/x/xerrors/internal
github.com/nbutton23/zxcvbn-go/match
github.com/nbutton23/zxcvbn-go/utils/math
golang.org/x/tools/internal/telemetry/event
golang.org/x/xerrors
gopkg.in/yaml.v2
golang.org/x/tools/go/internal/gcimporter
github.com/nbutton23/zxcvbn-go/data
golang.org/x/tools/internal/gocommand
golang.org/x/tools/go/internal/packagesdriver
golang.org/x/tools/internal/packagesinternal
github.com/nbutton23/zxcvbn-go/adjacency
github.com/nbutton23/zxcvbn-go/frequency
github.com/nbutton23/zxcvbn-go/entropy
github.com/nbutton23/zxcvbn-go/scoring
github.com/nbutton23/zxcvbn-go/matching
github.com/nbutton23/zxcvbn-go
golang.org/x/tools/go/gcexportdata
golang.org/x/tools/go/packages
github.com/securego/gosec
github.com/securego/gosec/output
github.com/securego/gosec/rules
github.com/securego/gosec/cmd/gosec
 ~/go  GO111MODULE=off go get -v github.com/securego/gosec/cmd/gosec;

Steps to reproduce the behavior

 GO111MODULE=on go get -v github.com/securego/gosec/cmd/gosec

gosec version

To be honest, I'm not sure the version which I used. So, the version of gosec version should follow go get command

Go version (output of 'go version')

 ~/go  go version
go version go1.14.1 darwin/amd64

Operating system / Environment

  • local machine
macos 10.15.beta

But I believe the CI config will more helpful

sec_check:
    name: Security check
    runs-on: ubuntu-latest
    steps:
    - name: Check out code
      uses: actions/checkout@master
      with:
        fetch-depth: 1
    - name: Setup Go
      uses: actions/setup-go@v1
      with:
        go-version: ${{ secrets.GO_VERSION }}
    - run: GOPROXY=direct GOSUMDB=off GO111MODULE=on go get -u github.com/securego/gosec/cmd/gosec; /home/runner/go/bin/gosec ./... # https://github.com/securego/gosec

Expected behavior

The tool works fine

Actual behavior

Got issue message with no matching versions for query "upgrade"
@Aisuko Aisuko mentioned this issue Apr 8, 2020
Closed
@ccojocar
Copy link
Member

ccojocar commented Apr 8, 2020

Thanks for reporting this issue. I am trying to reproduce it with Go 1.14.1 but I don't get the error:

$ go version
go version go1.14.1 darwin/amd64
$go get -v github.com/securego/gosec/cmd/gosec
go: found github.com/securego/gosec/cmd/gosec in github.com/securego/gosec v0.0.0-20200401082031-e946c8c39989
github.com/securego/gosec/cmd/gosec
$ go get -u github.com/securego/gosec/cmd/gosec
go: found github.com/securego/gosec/cmd/gosec in github.com/securego/gosec v0.0.0-20200401082031-e946c8c39989
go: gopkg.in/yaml.v2 upgrade => v2.2.8
go: golang.org/x/tools upgrade => v0.0.0-20200408032209-46bd65c8538f
go: downloading golang.org/x/tools v0.0.0-20200408032209-46bd65c8538f
go: golang.org/x/xerrors upgrade => v0.0.0-20191204190536-9bdfabe68543

We have also created a GitHub action to run gosec. See https://github.com/securego/gosec#github-action. You can give it a try. Thanks

@ccojocar
Copy link
Member

ccojocar commented Apr 8, 2020

We merged recently this change to fix the v2 module. This might be related to it c6e10af.

@Aisuko
Copy link
Author

Aisuko commented Apr 8, 2020

@ccojocar Thanks for your quick reply. gosec Github Action is useful for me. But I have a consideration of the command situation. So, feel free to close the issue.

Screen Shot 2020-04-08 at 8 55 21 PM

@ccojocar
Copy link
Member

ccojocar commented Apr 8, 2020

You're welcome. If you can provide more details how to reproduce this issue, I am happy to look into it. I'll close this for now. Please feel free to open it again when you have more info. Thanks

@ccojocar ccojocar closed this as completed Apr 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ccojocar @Aisuko