Merge pull request #1190 from smallstep/dependabot/go_modules/github.com/slackhq/nebula-1.9.3

Bump github.com/slackhq/nebula from 1.8.2 to 1.9.3

Author: github-actions[bot]

command/ca/renew.go

@@ -472,7 +472,7 @@ func (r *renewer) Renew(outFile string) (resp *api.SignResponse, err error) {
 		return nil, errors.Wrap(err, "error renewing certificate")
 	}
 
-	if resp.CertChainPEM == nil || len(resp.CertChainPEM) == 0 {
+	if len(resp.CertChainPEM) == 0 {
 		resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM}
 	}
 	var data []byte
@@ -503,7 +503,7 @@ func (r *renewer) Rekey(priv interface{}, outCert, outKey string, writePrivateKe
 	if err != nil {
 		return nil, errors.Wrap(err, "error rekeying certificate")
 	}
-	if resp.CertChainPEM == nil || len(resp.CertChainPEM) == 0 {
+	if len(resp.CertChainPEM) == 0 {
 		resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM}
 	}
 	var data []byte

go.mod

@@ -1,6 +1,6 @@
 module github.com/smallstep/cli
 
-go 1.21
+go 1.22.0
 
 require (
 	github.com/Microsoft/go-winio v0.6.2
@@ -14,7 +14,7 @@ require (
 	github.com/manifoldco/promptui v0.9.0
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
-	github.com/slackhq/nebula v1.8.2
+	github.com/slackhq/nebula v1.9.3
 	github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262
 	github.com/smallstep/certificates v0.27.2
 	github.com/smallstep/certinfo v1.12.2

go.sum

@@ -320,8 +320,8 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5I
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/slackhq/nebula v1.8.2 h1:9lpJlivzjBPWxs9Y2tQqmJ1cP6hq+3kIodw021t3LrQ=
-github.com/slackhq/nebula v1.8.2/go.mod h1:SVVwnlGdmLg387U0XQMOSHRrD3VlJeXqd2/x/w/vxPs=
+github.com/slackhq/nebula v1.9.3 h1:WK5Oipy4NsVfNm41pywGmdy048F8RRkfSRG+lPHxcJQ=
+github.com/slackhq/nebula v1.9.3/go.mod h1:PMJer5rZe0H/O+kUiKOL9AJ/pL9+ryzNXtSN7ABfjfM=
 github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY=
 github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc=
 github.com/smallstep/certificates v0.27.2 h1:MrSJvJviS9pCUtGYYguYyB1VQzZBmkL6ngLQZfVwRqU=

internal/crlutil/crl_extensions.go

@@ -85,106 +85,110 @@ func (d distributionPoint) FullNames() []string {
 type Extension struct {
 	Name    string   `json:"-"`
 	Details []string `json:"-"`
-	json    map[string]interface{}
+	json    map[string]any
 }
 
 func (e *Extension) MarshalJSON() ([]byte, error) {
 	return json.Marshal(e.json)
 }
 
-func (e *Extension) AddDetailf(format string, args ...interface{}) {
+func (e *Extension) AddDetailf(format string, args ...any) {
 	e.Details = append(e.Details, fmt.Sprintf(format, args...))
 }
 
+func (e *Extension) AddDetail(detail string) {
+	e.Details = append(e.Details, detail)
+}
+
 func newExtension(e pkix.Extension) Extension {
 	var ext Extension
 	switch {
 	case e.Id.Equal(oidExtensionReasonCode):
 		ext.Name = "X509v3 CRL Reason Code:"
 		value := parseReasonCode(e.Value)
-		ext.AddDetailf(value)
-		ext.json = map[string]interface{}{
+		ext.AddDetail(value)
+		ext.json = map[string]any{
 			"crl_reason_code": value,
 		}
 
 	case e.Id.Equal(oidExtensionCRLNumber):
 		ext.Name = "X509v3 CRL Number:"
 		var n *big.Int
 		if _, err := asn1.Unmarshal(e.Value, &n); err == nil {
-			ext.AddDetailf(n.String())
-			ext.json = map[string]interface{}{
+			ext.AddDetail(n.String())
+			ext.json = map[string]any{
 				"crl_number": n.String(),
 			}
 		} else {
-			ext.AddDetailf(sanitizeBytes(e.Value))
-			ext.json = map[string]interface{}{
+			ext.AddDetail(sanitizeBytes(e.Value))
+			ext.json = map[string]any{
 				"crl_number": e.Value,
 			}
 		}
 
 	case e.Id.Equal(oidExtensionAuthorityKeyID):
 		var v authorityKeyID
 		ext.Name = "X509v3 Authority Key Identifier:"
-		ext.json = map[string]interface{}{
+		ext.json = map[string]any{
 			"authority_key_id": hex.EncodeToString(e.Value),
 		}
 		if _, err := asn1.Unmarshal(e.Value, &v); err == nil {
 			var s string
 			for _, b := range v.ID {
 				s += fmt.Sprintf(":%02X", b)
 			}
-			ext.AddDetailf("keyid" + s)
+			ext.AddDetail("keyid" + s)
 		} else {
-			ext.AddDetailf(sanitizeBytes(e.Value))
+			ext.AddDetail(sanitizeBytes(e.Value))
 		}
 	case e.Id.Equal(oidExtensionIssuingDistributionPoint):
 		ext.Name = "X509v3 Issuing Distribution Point:"
 
 		var v distributionPoint
 		if _, err := asn1.Unmarshal(e.Value, &v); err != nil {
-			ext.AddDetailf(sanitizeBytes(e.Value))
-			ext.json = map[string]interface{}{
+			ext.AddDetail(sanitizeBytes(e.Value))
+			ext.json = map[string]any{
 				"issuing_distribution_point": e.Value,
 			}
 		} else {
 			names := v.FullNames()
 			if len(names) > 0 {
-				ext.AddDetailf("Full Name:")
+				ext.AddDetail("Full Name:")
 				for _, n := range names {
-					ext.AddDetailf("    " + n)
+					ext.AddDetail("    " + n)
 				}
 			}
-			js := map[string]interface{}{
+			js := map[string]any{
 				"full_names": names,
 			}
 
 			// Only one of this should be set to true. But for inspect we
 			// will allow more than one.
 			if v.OnlyContainsUserCerts {
-				ext.AddDetailf("Only User Certificates")
+				ext.AddDetail("Only User Certificates")
 				js["only_user_certificates"] = true
 			}
 			if v.OnlyContainsCACerts {
-				ext.AddDetailf("Only CA Certificates")
+				ext.AddDetail("Only CA Certificates")
 				js["only_ca_certificates"] = true
 			}
 			if v.OnlyContainsAttributeCerts {
-				ext.AddDetailf("Only Attribute Certificates")
+				ext.AddDetail("Only Attribute Certificates")
 				js["only_attribute_certificates"] = true
 			}
 			if len(v.OnlySomeReasons.Bytes) > 0 {
 				ext.AddDetailf("Reasons: %x", v.OnlySomeReasons.Bytes)
 				js["only_some_reasons"] = v.OnlySomeReasons.Bytes
 			}
 
-			ext.json = map[string]interface{}{
+			ext.json = map[string]any{
 				"issuing_distribution_point": js,
 			}
 		}
 	default:
 		ext.Name = e.Id.String()
-		ext.AddDetailf(sanitizeBytes(e.Value))
-		ext.json = map[string]interface{}{
+		ext.AddDetail(sanitizeBytes(e.Value))
+		ext.json = map[string]any{
 			ext.Name: e.Value,
 		}
 	}

internal/sshutil/sshutil.go

@@ -2,8 +2,7 @@ package sshutil
 
 import (
 	"crypto"
-	//nolint:staticcheck // Maintain support for deprecated algorithms.
-	"crypto/dsa"
+	"crypto/dsa" // Maintain support for deprecated algorithms.
 	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/elliptic"
@@ -202,7 +201,6 @@ func parseECDSA(in []byte) (*ecdsa.PublicKey, error) {
 		return nil, errors.Errorf("unsupported curve %s", w.Curve)
 	}
 
-	//nolint:staticcheck // ignore this deprecation warning - golang will fix
 	key.X, key.Y = elliptic.Unmarshal(key.Curve, w.KeyBytes)
 	if key.X == nil || key.Y == nil {
 		return nil, errors.New("invalid curve point")

utils/cautils/certificate_flow.go

@@ -262,7 +262,7 @@ func (f *CertificateFlow) Sign(ctx *cli.Context, tok string, csr api.Certificate
 		return err
 	}
 
-	if resp.CertChainPEM == nil || len(resp.CertChainPEM) == 0 {
+	if len(resp.CertChainPEM) == 0 {
 		resp.CertChainPEM = []api.Certificate{resp.ServerPEM, resp.CaPEM}
 	}
 	var data []byte

utils/cautils/client.go

@@ -184,7 +184,7 @@ func NewAdminClient(ctx *cli.Context, opts ...ca.ClientOption) (*ca.AdminClient,
 		if err != nil {
 			return nil, err
 		}
-		if signResponse.CertChainPEM == nil || len(signResponse.CertChainPEM) == 0 {
+		if len(signResponse.CertChainPEM) == 0 {
 			signResponse.CertChainPEM = []api.Certificate{signResponse.ServerPEM, signResponse.CaPEM}
 		}
 		adminCert = make([]*x509.Certificate, len(signResponse.CertChainPEM))