Skip to content

fix(conda): memory leak by adding closure method for package.json file #9349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 20, 2025
Merged

fix(conda): memory leak by adding closure method for package.json file #9349

merged 2 commits into from
Aug 20, 2025

Conversation

@Szulock
Copy link
Contributor

@Szulock Szulock commented Aug 18, 2025
edited
Loading

Description

fix memory leak by defer file.Close()

Related issues

Checklist

  • [+] I've read the guidelines for contributing to this repository.
  • [+] I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@CLAassistant
Copy link

CLAassistant commented Aug 18, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

DmitriyLewen
DmitriyLewen approved these changes Aug 19, 2025
View reviewed changes
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@Szulock can you sign CLA?

UPD:
And fix linter error please (mage lint:fix should help with this)

@DmitriyLewen DmitriyLewen changed the title fix memory leak by adding closure method for file fix(conda): memory leak by adding closure method for package.json file Aug 19, 2025
@Szulock
Copy link
Contributor Author

Szulock commented Aug 19, 2025

Sorry, but the linter fixes involve too many changes for just fixing a small memory leak.
If you want, feel free to take my PR and improve it as needed.
Thank you!

@nikpivkin
Copy link
Contributor

nikpivkin commented Aug 20, 2025

Sorry, but the linter fixes involve too many changes for just fixing a small memory leak.

The linter found only 1 issue:

Error: pkg/fanal/analyzer/language/conda/environment/environment.go:98:4: deferInLoop: Possible resource leak, 'defer' is called in the 'for' loop (gocritic)
  			defer file.Close()

@DmitriyLewen DmitriyLewen requested a review from nikpivkin August 20, 2025 05:40
@nikpivkin nikpivkin added this pull request to the merge queue Aug 20, 2025
Merged via the queue into aquasecurity:main with commit 03d039f Aug 20, 2025
23 of 24 checks passed
@aqua-bot aqua-bot mentioned this pull request Aug 18, 2025
Merged
yutatokoi pushed a commit to yutatokoi/trivy that referenced this pull request Aug 24, 2025
@Szulock @DmitriyLewen @yutatokoi
fix(conda): memory leak by adding closure method for package.json f…
0aedd76 
…ile (aquasecurity#9349)

Co-authored-by: DmitriyLewen <[email protected]>
alexlebens pushed a commit to alexlebens/infrastructure that referenced this pull request Sep 3, 2025
@alexlebens
Update mirror.gcr.io/aquasec/trivy Docker tag to v0.66.0 (#1367)
83ecc05 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [mirror.gcr.io/aquasec/trivy](https://www.aquasec.com/products/trivy/) ([source](https://github.com/aquasecurity/trivy)) | minor | `0.65.0` -> `0.66.0` |

---

### Release Notes

<details>
<summary>aquasecurity/trivy (mirror.gcr.io/aquasec/trivy)</summary>

### [`v0.66.0`](https://github.com/aquasecurity/trivy/blob/HEAD/CHANGELOG.md#0660-2025-09-02)

[Compare Source](aquasecurity/trivy@v0.65.0...v0.66.0)

##### Features

- add timeout handling for cache database operations ([#&#8203;9307](aquasecurity/trivy#9307)) ([235c24e](aquasecurity/trivy@235c24e))
- **misconf:** added audit config attribute ([#&#8203;9249](aquasecurity/trivy#9249)) ([4d4a244](aquasecurity/trivy@4d4a244))
- **secret:** implement streaming secret scanner with byte offset tracking ([#&#8203;9264](aquasecurity/trivy#9264)) ([5a5e097](aquasecurity/trivy@5a5e097))
- **terraform:** use .terraform cache for remote modules in plan scanning ([#&#8203;9277](aquasecurity/trivy#9277)) ([298a994](aquasecurity/trivy@298a994))

##### Bug Fixes

- **conda:** memory leak by adding closure method for `package.json` file ([#&#8203;9349](aquasecurity/trivy#9349)) ([03d039f](aquasecurity/trivy@03d039f))
- create temp file under composite fs dir ([#&#8203;9387](aquasecurity/trivy#9387)) ([ce22f54](aquasecurity/trivy@ce22f54))
- **cyclonedx:** handle multiple license types ([#&#8203;9378](aquasecurity/trivy#9378)) ([46ab76a](aquasecurity/trivy@46ab76a))
- **fs:** avoid shadowing errors in file.glob ([#&#8203;9286](aquasecurity/trivy#9286)) ([b51c789](aquasecurity/trivy@b51c789))
- **image:** use standardized HTTP client for ECR authentication ([#&#8203;9322](aquasecurity/trivy#9322)) ([84fbf86](aquasecurity/trivy@84fbf86))
- **misconf:** ensure ignore rules respect subdirectory chart paths ([#&#8203;9324](aquasecurity/trivy#9324)) ([d3cd101](aquasecurity/trivy@d3cd101))
- **misconf:** ensure module source is known ([#&#8203;9404](aquasecurity/trivy#9404)) ([81d9425](aquasecurity/trivy@81d9425))
- **misconf:** preserve original paths of remote submodules from .terraform ([#&#8203;9294](aquasecurity/trivy#9294)) ([1319d8d](aquasecurity/trivy@1319d8d))
- **misconf:** use correct field log\_bucket instead of target\_bucket in gcp bucket ([#&#8203;9296](aquasecurity/trivy#9296)) ([04ad0c4](aquasecurity/trivy@04ad0c4))
- persistent flag option typo ([#&#8203;9374](aquasecurity/trivy#9374)) ([6e99dd3](aquasecurity/trivy@6e99dd3))
- **plugin:** don't remove plugins when updating index.yaml file ([#&#8203;9358](aquasecurity/trivy#9358)) ([5f067ac](aquasecurity/trivy@5f067ac))
- **python:** impove package name normalization  ([#&#8203;9290](aquasecurity/trivy#9290)) ([1473e88](aquasecurity/trivy@1473e88))
- **repo:** preserve RepoMetadata on FS cache hit ([#&#8203;9389](aquasecurity/trivy#9389)) ([4f2a44e](aquasecurity/trivy@4f2a44e))
- **repo:** sanitize git repo URL before inserting into report metadata ([#&#8203;9391](aquasecurity/trivy#9391)) ([1ac9b1f](aquasecurity/trivy@1ac9b1f))
- **sbom:** add support for `file` component type of `CycloneDX` ([#&#8203;9372](aquasecurity/trivy#9372)) ([aa7cf43](aquasecurity/trivy@aa7cf43))
- suppress debug log for context cancellation errors ([#&#8203;9298](aquasecurity/trivy#9298)) ([2458d5e](aquasecurity/trivy@2458d5e))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4zNS4xIiwidXBkYXRlZEluVmVyIjoiNDEuMzUuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/1367
Co-authored-by: Renovate Bot <[email protected]>
Co-committed-by: Renovate Bot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DmitriyLewen DmitriyLewen DmitriyLewen approved these changes

@nikpivkin nikpivkin nikpivkin approved these changes

@knqyf263 knqyf263 Awaiting requested review from knqyf263 knqyf263 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Szulock @CLAassistant @nikpivkin @DmitriyLewen