1.55.0 stops ignoring inline nosec

[Integralist]

Welcome

• [X] Yes, I'm using a binary release within 2 latest major releases. Only such installations are supported.
• [X] Yes, I've searched similar issues on GitHub and didn't find any.
• [X] Yes, I've read the typecheck section of the FAQ (https://golangci-lint.run/usage/faq/#why-do-you-have-typecheck-errors).
• [X] Yes, I've tried with the standalone linter if available (e.g., gocritic, go vet, etc.). (https://golangci-lint.run/usage/linters/)

Description of the problem

Using 1.54.2 the following line of code is ignored, but with 1.55.0 it is not...

Version of golangci-lint

```console $ golangci-lint --version golangci-lint has version 1.55.0 built with go1.21.3 from de1c3919 on 2023-10-20T11:28:00Z ```

Configuration

```console # https://golangci-lint.run/usage/configuration/ issues: max-per-linter: 0 max-same-issues: 0 run: allow-parallel-runners: true linters: disable-all: true enable: - bodyclose - durationcheck - errcheck - exhaustive - exportloopref - forcetypeassert - gocritic - godot - gofumpt - goimports - gosec - gosimple - govet - ineffassign - makezero - misspell - nilerr - predeclared - revive - staticcheck - tenv - typecheck - unconvert - unparam - unused - vet linters-settings: revive: enableAllRules: true rules: - name: "add-constant" severity: "warning" arguments: - maxLitCount: "10" allowInts: "0,1,2,3,4,5" disabled: true # most of the time it's fine, and the performance isn't a concern - name: "argument-limit" severity: "warning" arguments: [6] - name: "atomic" severity: "warning" - name: "bare-return" severity: "warning" - name: "bool-literal-in-expr" severity: "warning" - name: "confusing-naming" severity: "warning" - name: "confusing-results" severity: "warning" - name: "constant-logical-expr" severity: "error" - name: "context-as-argument" severity: "error" - name: "context-keys-type" severity: "error" - name: "deep-exit" severity: "warning" - name: "defer" severity: "warning" - name: "early-return" severity: "warning" - name: "empty-block" severity: "error" - name: "empty-lines" severity: "warning" - name: "error-naming" severity: "error" - name: "error-return" severity: "error" - name: "error-strings" severity: "error" - name: "errorf" severity: "warning" - name: "exported" severity: "error" - name: "flag-parameter" severity: "warning" - name: "function-result-limit" severity: "warning" arguments: [4] - name: "function-length" severity: "warning" arguments: [50, 0] - name: "get-return" severity: "error" - name: "identical-branches" severity: "error" - name: "if-return" severity: "warning" - name: "increment-decrement" severity: "error" - name: "indent-error-flow" severity: "warning" - name: "import-shadowing" severity: "warning" - name: "modifies-parameter" severity: "warning" - name: "modifies-value-receiver" severity: "warning" - name: "nested-structs" severity: "warning" - name: "optimize-operands-order" severity: "warning" - name: "package-comments" severity: "warning" - name: "range" severity: "warning" - name: "range-val-in-closure" severity: "warning" - name: "range-val-address" severity: "warning" - name: "receiver-naming" severity: "warning" - name: "redefines-builtin-id" severity: "error" - name: "string-of-int" severity: "warning" - name: "struct-tag" severity: "warning" - name: "superfluous-else" severity: "warning" - name: "time-equal" severity: "warning" - name: "time-naming" severity: "warning" - name: "var-declaration" severity: "warning" - name: "var-naming" severity: "warning" - name: "unconditional-recursion" severity: "error" - name: "unexported-naming" severity: "warning" - name: "unexported-return" severity: "error" - name: "unhandled-error" severity: "warning" arguments: - "fmt.Print" - "fmt.Printf" - "fmt.Println" - "fmt.Fprint" - "fmt.Fprintf" - "fmt.Fprintln" - name: "unnecessary-stmt" severity: "warning" - name: "unreachable-code" severity: "warning" - name: "unused-parameter" severity: "warning" - name: "unused-receiver" severity: "warning" disabled: true - name: "use-any" severity: "warning" - name: "useless-break" severity: "warning" - name: "waitgroup-by-value" severity: "warning" ```

Go environment

```console $ go version && go env go version go1.21.3 darwin/arm64 GO111MODULE='' GOARCH='arm64' GOBIN='' GOCACHE='/Users/integralist/Library/Caches/go-build' GOENV='/Users/integralist/Library/Application Support/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='arm64' GOHOSTOS='darwin' GOINSECURE='' GOMODCACHE='/Users/integralist/go/pkg/mod' GONOPROXY='github.com/fastly' GONOSUMDB='github.com/fastly' GOOS='darwin' GOPATH='/Users/integralist/go' GOPRIVATE='github.com/fastly' GOPROXY='https://proxy.golang.org,direct' GOROOT='/Users/integralist/.go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/Users/integralist/.go/pkg/tool/darwin_arm64' GOVCS='' GOVERSION='go1.21.3' GCCGO='gccgo' AR='ar' CC='clang' CXX='clang++' CGO_ENABLED='1' GOMOD='/Users/integralist/Code/terraform/terraform-provider-fastly-framework/go.mod' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/lj/y1tlk7nd5tgcz5z00fycytjr0000gp/T/go-build1283743495=/tmp/go-build -gno-record-gcc-switches -fno-common' ```

Verbose output of running

```console $ golangci-lint cache clean $ golangci-lint run -v INFO [config_reader] Config search paths: [./ /Users/integralist/Code/terraform/terraform-provider-fastly-framework /Users/integralist/Code/terraform /Users/integralist/Code /Users/integralist /Users /] INFO [config_reader] Used config file .golangci.yml INFO [lintersdb] Active 24 linters: [bodyclose durationcheck errcheck exhaustive exportloopref forcetypeassert gocritic godot gofumpt goimports gosec gosimple govet ineffassign makezero misspell nilerr predeclared revive staticcheck tenv unconvert unparam unused] INFO [loader] Go packages loading at mode 575 (compiled_files|deps|name|types_sizes|exports_file|files|imports) took 522.543208ms INFO [runner/filename_unadjuster] Pre-built 0 adjustments in 2.569333ms INFO [linters_context/goanalysis] analyzers took 23.732965901s with top 10 stages: buildir: 13.565756215s, exhaustive: 1.6804395s, fact_deprecated: 1.136443986s, the_only_name: 1.102046503s, buildssa: 1.065012706s, inspect: 986.243172ms, ctrlflow: 908.693328ms, printf: 737.338118ms, fact_purity: 636.398706ms, nilness: 535.077208ms INFO [runner] Issues before processing: 40, after processing: 1 INFO [runner] Processors filtering stat (out/in): diff: 1/1, max_from_linter: 1/1, source_code: 1/1, path_shortener: 1/1, filename_unadjuster: 40/40, path_prettifier: 40/40, exclude: 40/40, exclude-rules: 1/40, severity-rules: 1/1, autogenerated_exclude: 40/40, identifier_marker: 40/40, skip_dirs: 40/40, sort_results: 1/1, nolint: 1/1, uniq_by_line: 1/1, max_per_file_from_linter: 1/1, max_same_issues: 1/1, fixer: 1/1, path_prefixer: 1/1, cgo: 40/40, skip_files: 40/40 INFO [runner] processing took 2.439834ms with stages: path_prettifier: 875.417µs, autogenerated_exclude: 522.126µs, identifier_marker: 423.958µs, exclude-rules: 381.709µs, skip_dirs: 124.083µs, nolint: 68.833µs, source_code: 34.291µs, cgo: 3.958µs, uniq_by_line: 1.375µs, filename_unadjuster: 1.042µs, max_from_linter: 666ns, max_same_issues: 417ns, path_shortener: 333ns, max_per_file_from_linter: 292ns, fixer: 292ns, skip_files: 250ns, exclude: 250ns, sort_results: 250ns, severity-rules: 167ns, path_prefixer: 83ns, diff: 42ns INFO [runner] linters took 5.743615042s with stages: goanalysis_metalinter: 5.741093333s internal/helpers/client.go:16:7: G101: Potential hardcoded credentials (gosec) const APIKeyEnv = "FASTLY_API_TOKEN" // #nosec G101 ^ INFO File cache stats: 23 entries of total size 69.9KiB INFO Memory: 64 samples, avg is 727.3MB, max is 1402.0MB INFO Execution took 6.279629083s ```

A minimal reproducible example or link to a public repository

This PR introduced the change that shows the issue: https://github.com/Integralist/terraform-provider-fastly-framework/pull/59 I've since moved from using 'latest' to pinning to `1.54.2` to side-step the error for now until this reported issue can be reviewed/addressed.

Validation

• [X] Yes, I've included all information above (version, config, etc.).

[ldez]

Hello,

• [X] Yes, I've tried with the standalone linter if available (e.g., gocritic, go vet, etc.). (https://golangci-lint.run/usage/linters/)

It's a gosec issue: https://github.com/securego/gosec/issues/1046

The problem has been fixed by gosec, and the update has been done inside golangci-lint https://github.com/golangci/golangci-lint/pull/4153

The fix will be available in the next release of golangci-lint.

[Integralist]

Thanks @ldez

Apologies for opening this issue unnecessarily. I had run gosec locally and it didn't report any issue but clearly I must have not run it properly 🤦🏻