From 9cc58076546934f5236efd67b9784d1e94c29375 Mon Sep 17 00:00:00 2001 From: Kartikay Jainwal Date: Tue, 10 Mar 2026 20:18:16 +0000 Subject: [PATCH 1/5] fix: use QueryEscape for URI params and run CI only on PRs (#107) --- .github/workflows/ci.yml | 2 -- pkg/obsidian/uri.go | 4 ++-- pkg/obsidian/uri_test.go | 4 ++++ 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4ef7223e..bcb5a072 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,6 @@ name: CI on: - push: - branches: [main] pull_request: branches: [main] diff --git a/pkg/obsidian/uri.go b/pkg/obsidian/uri.go index 9e86f1d8..1800f3de 100644 --- a/pkg/obsidian/uri.go +++ b/pkg/obsidian/uri.go @@ -19,9 +19,9 @@ func (u *Uri) Construct(baseUri string, params map[string]string) string { for key, value := range params { if value != "" && value != "false" { if uri == baseUri { - uri += "?" + key + "=" + url.PathEscape(value) + uri += "?" + key + "=" + url.QueryEscape(value) } else { - uri += "&" + key + "=" + url.PathEscape(value) + uri += "&" + key + "=" + url.QueryEscape(value) } } } diff --git a/pkg/obsidian/uri_test.go b/pkg/obsidian/uri_test.go index bb832747..9a466823 100644 --- a/pkg/obsidian/uri_test.go +++ b/pkg/obsidian/uri_test.go @@ -22,6 +22,10 @@ func TestUriConstruct(t *testing.T) { {"Two keys", map[string]string{"key1": "value1", "key2": "value2"}, map[string]string{"key1": "value1", "key2": "value2"}}, {"Empty value", map[string]string{"key": ""}, nil}, {"Mix of empty and non-empty values", map[string]string{"key1": "value1", "key2": ""}, map[string]string{"key1": "value1"}}, + {"Value with ampersand", map[string]string{"file": "R&D Notes"}, map[string]string{"file": "R&D Notes"}}, + {"Value with hash", map[string]string{"file": "section#heading"}, map[string]string{"file": "section#heading"}}, + {"Value with equals", map[string]string{"file": "a=b"}, map[string]string{"file": "a=b"}}, + {"Value with spaces and special chars", map[string]string{"file": "my notes & ideas", "vault": "test#vault"}, map[string]string{"file": "my notes & ideas", "vault": "test#vault"}}, } for _, test := range tests { From c0460d2ab8179d64b2cfe9794254d5636ec6233e Mon Sep 17 00:00:00 2001 From: Kartikay Jainwal Date: Tue, 10 Mar 2026 20:26:24 +0000 Subject: [PATCH 2/5] fix: resolve lint errors and allow govulncheck to warn without failing --- .github/workflows/ci.yml | 2 +- pkg/actions/search_content.go | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bcb5a072..cf0c81d4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,7 +54,7 @@ jobs: - name: Install govulncheck run: go install golang.org/x/vuln/cmd/govulncheck@latest - name: Run govulncheck - run: govulncheck ./... + run: govulncheck ./... || echo "::warning::govulncheck found vulnerabilities (see above)" - name: Install gosec # Pin to a specific version — update manually or watch https://github.com/securego/gosec/releases run: go install github.com/securego/gosec/v2/cmd/gosec@v2.21.4 diff --git a/pkg/actions/search_content.go b/pkg/actions/search_content.go index cf46984c..8e7310d0 100644 --- a/pkg/actions/search_content.go +++ b/pkg/actions/search_content.go @@ -88,12 +88,12 @@ func SearchNotesContentWithOptions(vault obsidian.VaultManager, note obsidian.No } if len(matches) == 0 { - fmt.Fprintf(output, "No notes found containing '%s'\n", searchTerm) + _, _ = fmt.Fprintf(output, "No notes found containing '%s'\n", searchTerm) return nil } if len(matches) == 1 { - fmt.Fprintf(output, "Opening note: %s\n", matches[0].FilePath) + _, _ = fmt.Fprintf(output, "Opening note: %s\n", matches[0].FilePath) if useEditor { filePath := filepath.Join(vaultPath, matches[0].FilePath) return obsidian.OpenInEditor(filePath) @@ -117,7 +117,7 @@ func SearchNotesContentWithOptions(vault obsidian.VaultManager, note obsidian.No selectedMatch := matches[index] if useEditor { filePath := filepath.Join(vaultPath, selectedMatch.FilePath) - fmt.Fprintf(output, "Opening note: %s\n", selectedMatch.FilePath) + _, _ = fmt.Fprintf(output, "Opening note: %s\n", selectedMatch.FilePath) return obsidian.OpenInEditor(filePath) } obsidianUri := uri.Construct(ObsOpenUrl, map[string]string{ @@ -159,7 +159,7 @@ func printMatches(matches []obsidian.NoteMatch, searchTerm string, format string return nil } for _, match := range matches { - fmt.Fprintln(output, formatMatchForList(match)) + _, _ = fmt.Fprintln(output, formatMatchForList(match)) } return nil case searchContentFormatJSON: From 9262584aee11a4bbedc186da93d696fda74c666b Mon Sep 17 00:00:00 2001 From: Kartikay Jainwal Date: Tue, 10 Mar 2026 20:29:17 +0000 Subject: [PATCH 3/5] fix: bump Go to 1.25 to resolve stdlib vulnerability GO-2026-4602 --- .github/workflows/ci.yml | 2 +- go.mod | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cf0c81d4..bcb5a072 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -54,7 +54,7 @@ jobs: - name: Install govulncheck run: go install golang.org/x/vuln/cmd/govulncheck@latest - name: Run govulncheck - run: govulncheck ./... || echo "::warning::govulncheck found vulnerabilities (see above)" + run: govulncheck ./... - name: Install gosec # Pin to a specific version — update manually or watch https://github.com/securego/gosec/releases run: go install github.com/securego/gosec/v2/cmd/gosec@v2.21.4 diff --git a/go.mod b/go.mod index 2888ab1d..8a6b170b 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/Yakitrak/notesmd-cli -go 1.24 +go 1.25 require ( github.com/adrg/frontmatter v0.2.0 @@ -8,6 +8,7 @@ require ( github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 github.com/spf13/cobra v1.10.2 github.com/stretchr/testify v1.11.1 + golang.org/x/term v0.31.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -26,7 +27,6 @@ require ( github.com/rivo/uniseg v0.4.7 // indirect github.com/spf13/pflag v1.0.9 // indirect golang.org/x/sys v0.32.0 // indirect - golang.org/x/term v0.31.0 // indirect golang.org/x/text v0.24.0 // indirect gopkg.in/yaml.v2 v2.3.0 // indirect ) From 6d92f867ffbfe3c20aed3b31b40cf6904be84053 Mon Sep 17 00:00:00 2001 From: Kartikay Jainwal Date: Tue, 10 Mar 2026 20:32:20 +0000 Subject: [PATCH 4/5] fix: pin Go to 1.25.8 to ensure stdlib vuln fix is used in CI --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 8a6b170b..2d802290 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/Yakitrak/notesmd-cli -go 1.25 +go 1.25.8 require ( github.com/adrg/frontmatter v0.2.0 From 0a919134e076d0bc5b9c98086ce4a324823eb28a Mon Sep 17 00:00:00 2001 From: Kartikay Jainwal Date: Tue, 10 Mar 2026 20:34:47 +0000 Subject: [PATCH 5/5] fix: bump gosec to v2.22.11 for Go 1.25 compatibility --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bcb5a072..83192d0a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -57,7 +57,7 @@ jobs: run: govulncheck ./... - name: Install gosec # Pin to a specific version — update manually or watch https://github.com/securego/gosec/releases - run: go install github.com/securego/gosec/v2/cmd/gosec@v2.21.4 + run: go install github.com/securego/gosec/v2/cmd/gosec@v2.22.11 - name: Run gosec run: gosec -severity medium -confidence medium -exclude=G204,G301,G302,G304,G306 ./...