TheDiveO

Any news about fixing this? I've got bitten when trying to upgrade the dependencies of a project and now this repo reshuffle blocks this as an indirect dependency stopping `go...

Depending on your product build requirements you cannot simply update go just because some module decided to break its import path, and this change has already propagated into other modules...

I highly appreciate the pointers to other linting projects! After looking more into them, here are my impressions: - semgrep has IMHO several disadvantages: it requires a lot of Python...

I'll look into SA4017 ... albeit the irony is that the final call in an assertion is returning a mostly pointless bool that normally gets ignored 🤷🏼

To give an example: CodeQL finds "Incorrect conversion of an integer with architecture-dependent bit size from to a lower bit size type int32 without an upper bound check."

No more ideas at the moment, the CWE-681 is one that seems to be quite fond of me, unfortunately, when working on system-level Go tools.

+CWE-190

* trying to `go get github.com/wagoodman/dive@master` fails, too. * cloning the module and then running `go install .` inside the repository works, though.

Bump^2 ... still need to `git clone` and then `go install .`.

bump: please make the Docker REST API endpoint configurable on CLI, so that dive can also be directly used with other engines, such as podman that support the Docker REST...