The way to detect the Go version has been changed since gosec v2.20.0, this has an impact on performances inside golangci-lint.
v1.58.2
$ golangci-lint run --print-issued-lines=false --enable-only gosec
Time (mean ± σ): 3.185 s ± 0.047 s [User: 8.912 s, System: 6.396 s]
Range (min … max): 3.112 s … 3.288 s 10 runs
v1.58.1
$ golangci-lint run --print-issued-lines=false --enable-only gosec
Time (mean ± σ): 606.8 ms ± 18.7 ms [User: 2388.6 ms, System: 1018.3 ms]
Range (min … max): 584.4 ms … 648.8 ms 10 runs
```console
$ go version
go version go1.22.3 linux/amd64
```
Verbose output of running
```console
$ golangci-lint cache clean
$ golangci-lint run -v --enable-only gosec
INFO [config_reader] Config search paths: [./ /home/ldez/sources/go/src/github.com/golangci/golangci-lint /home/ldez/sources/go/src/github.com/golangci /home/ldez/sources/go/src/github.com /home/ldez/sources/go/src /home/ldez/sources/go /home/ldez/sources /home/ldez /home /]
INFO [config_reader] Used config file .golangci.yml
WARN [config_reader] The configuration option `linters.errcheck.ignore` is deprecated, please use `linters.errcheck.exclude-functions`.
INFO [lintersdb] Active 1 linters: [gosec]
INFO [loader] Go packages loading at mode 575 (types_sizes|compiled_files|exports_file|files|imports|deps|name) took 276.209269ms
INFO [runner/filename_unadjuster] Pre-built 0 adjustments in 10.74175ms
INFO [linters_context/goanalysis] analyzers took 13.796849767s with top 10 stages: gosec: 13.792391088s, typecheck: 4.458679ms
INFO [runner/skip_dirs] Skipped 1 issues from dir internal/robustio by pattern internal/robustio
INFO [runner/skip_dirs] Skipped 7 issues from dir internal/renameio by pattern internal/renameio
INFO [runner/skip_dirs] Skipped 30 issues from dir internal/cache by pattern internal/cache
INFO [runner] Issues before processing: 84, after processing: 0
INFO [runner] Processors filtering stat (out/in): autogenerated_exclude: 46/46, identifier_marker: 46/46, exclude: 46/46, skip_files: 84/84, skip_dirs: 46/84, exclude-rules: 7/46, nolint: 0/7, invalid_issue: 84/84, path_prettifier: 84/84, cgo: 84/84, filename_unadjuster: 84/84
INFO [runner] processing took 2.523228ms with stages: nolint: 863.927µs, exclude-rules: 520.538µs, path_prettifier: 440.397µs, identifier_marker: 356.908µs, autogenerated_exclude: 178.835µs, skip_dirs: 129.274µs, cgo: 22.382µs, invalid_issue: 5.406µs, filename_unadjuster: 2.21µs, max_same_issues: 679ns, uniq_by_line: 345ns, fixer: 313ns, skip_files: 294ns, source_code: 263ns, max_from_linter: 255ns, exclude: 255ns, path_shortener: 248ns, diff: 214ns, sort_results: 213ns, severity-rules: 94ns, max_per_file_from_linter: 90ns, path_prefixer: 88ns
INFO [runner] linters took 2.995897903s with stages: goanalysis_metalinter: 2.993321711s
INFO File cache stats: 0 entries of total size 0B
INFO Memory: 34 samples, avg is 153.0MB, max is 182.6MB
INFO Execution took 3.286362057s
```
A minimal reproducible example or link to a public repository
https://github.com/golangci/golangci-lint
Validation
[X] Yes, I've included all information above (version, config, etc.).
Welcome
Description of the problem
The way to detect the Go version has been changed since gosec v2.20.0, this has an impact on performances inside golangci-lint.
v1.58.2
v1.58.1
Related to #4724 Related to https://github.com/securego/gosec/pull/1119
Workaround:
Version of golangci-lint
Configuration
Go environment
Verbose output of running
A minimal reproducible example or link to a public repository
Validation