google · G-Rath · Aug 19, 2025
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -109,7 +109,6 @@ linters:
         - all
         - -QF1001 # apply De Morgan's law
         - -QF1003 # use tagged switch on prefix
-        - -QF1008 # remove embedded field from selector
   exclusions:
     generated: lax
     presets:

diff --git a/clients/clienttest/mock_http.go b/clients/clienttest/mock_http.go
@@ -42,7 +42,7 @@ func NewMockHTTPServer(t *testing.T) *MockHTTPServer {
 	t.Helper()
 	mock := &MockHTTPServer{response: make(map[string][]byte)}
 	mock.Server = httptest.NewServer(mock)
-	t.Cleanup(func() { mock.Server.Close() })
+	t.Cleanup(func() { mock.Close() })
 
 	return mock
 }

diff --git a/detector/govulncheck/binary/binary_test.go b/detector/govulncheck/binary/binary_test.go
@@ -87,14 +87,14 @@ func TestScan(t *testing.T) {
 	}
 
 	// Remove some fields that might change between govulncheck versions.
-	got.Vulnerability.SchemaVersion = ""
-	got.Vulnerability.Modified = time.Time{}
-	got.Vulnerability.Published = time.Time{}
-	got.Vulnerability.Withdrawn = time.Time{}
-	got.Vulnerability.Affected = []osvschema.Affected{got.Vulnerability.Affected[0]}
+	got.SchemaVersion = ""
+	got.Modified = time.Time{}
+	got.Published = time.Time{}
+	got.Withdrawn = time.Time{}
+	got.Affected = []osvschema.Affected{got.Affected[0]}
 	got.Vulnerability.Affected[0].Ranges = nil
 	got.Vulnerability.Affected[0].EcosystemSpecific = nil
-	got.Vulnerability.DatabaseSpecific = nil
+	got.DatabaseSpecific = nil
 
 	if diff := cmp.Diff(want, got); diff != "" {
 		t.Errorf("detector.Scan(%v): unexpected findings (-want +got):\n%s", px, diff)

diff --git a/detector/misc/dockersocket/dockersocket_test.go b/detector/misc/dockersocket/dockersocket_test.go
@@ -89,10 +89,10 @@ func (f fakeFile) Close() error {
 }
 
 func (f *fakeFile) Read(b []byte) (int, error) {
-	if f.offset >= len(f.MapFile.Data) {
+	if f.offset >= len(f.Data) {
 		return 0, io.EOF
 	}
-	n := copy(b, f.MapFile.Data[f.offset:])
+	n := copy(b, f.Data[f.offset:])
 	f.offset += n
 	return n, nil
 }

diff --git a/enricher/vulnmatch/osvdev/osvdev_test.go b/enricher/vulnmatch/osvdev/osvdev_test.go
@@ -445,8 +445,8 @@ func TestEnrich(t *testing.T) {
 			}
 
 			sortPkgVulns := cmpopts.SortSlices(func(a, b *inventory.PackageVuln) bool {
-				if a.Vulnerability.ID != b.Vulnerability.ID {
-					return a.Vulnerability.ID < b.Vulnerability.ID
+				if a.ID != b.ID {
+					return a.ID < b.ID
 				}
 				return a.Package.Name < b.Package.Name
 			})

diff --git a/guidedremediation/internal/manifest/maven/pomxml.go b/guidedremediation/internal/manifest/maven/pomxml.go
@@ -150,7 +150,7 @@ func (m *mavenManifest) Clone() manifest.Manifest {
 			Repositories:           slices.Clone(m.specific.Repositories),
 		},
 	}
-	clone.root.AttrSet = m.root.AttrSet.Clone()
+	clone.root.AttrSet = m.root.Clone()
 
 	return clone
 }
@@ -232,7 +232,7 @@ func (r readWriter) Read(path string, fsys scalibrfs.FS) (manifest.Manifest, err
 			VersionKey: resolve.VersionKey{
 				PackageKey: resolve.PackageKey{
 					System: resolve.Maven,
-					Name:   project.Parent.ProjectKey.Name(),
+					Name:   project.Parent.Name(),
 				},
 				// Parent version is a concrete version, but we model parent as dependency here.
 				VersionType: resolve.Requirement,
@@ -249,7 +249,7 @@ func (r readWriter) Read(path string, fsys scalibrfs.FS) (manifest.Manifest, err
 
 	// TODO(#473): there may be properties in repo.Releases.Enabled and repo.Snapshots.Enabled
 	for _, repo := range project.Repositories {
-		if err := r.MavenRegistryAPIClient.AddRegistry(datasource.MavenRegistry{
+		if err := r.AddRegistry(datasource.MavenRegistry{
 			URL:              string(repo.URL),
 			ID:               string(repo.ID),
 			ReleasesEnabled:  repo.Releases.Enabled.Boolean(),
@@ -406,7 +406,7 @@ func buildOriginalRequirements(project maven.Project, originPrefix string) []Dep
 		for _, d := range plugin.Dependencies {
 			dependencies = append(dependencies, DependencyWithOrigin{
 				Dependency: d,
-				Origin:     mavenOrigin(originPrefix, mavenutil.OriginPlugin, plugin.ProjectKey.Name()),
+				Origin:     mavenOrigin(originPrefix, mavenutil.OriginPlugin, plugin.Name()),
 			})
 		}
 	}
@@ -999,7 +999,7 @@ func writeProject(w io.Writer, enc *forkedxml.Encoder, raw, prefix, id string, p
 				if err := dec.DecodeElement(&rawPlugin, &tt); err != nil {
 					return err
 				}
-				if err := writeProject(w, enc, "<plugin>"+rawPlugin.InnerXML+"</plugin>", mavenutil.OriginPlugin, rawPlugin.ProjectKey.Name(), patches, properties, updated); err != nil {
+				if err := writeProject(w, enc, "<plugin>"+rawPlugin.InnerXML+"</plugin>", mavenutil.OriginPlugin, rawPlugin.Name(), patches, properties, updated); err != nil {
 					return fmt.Errorf("updating profile: %w", err)
 				}
 

diff --git a/guidedremediation/internal/manifest/npm/packagejson.go b/guidedremediation/internal/manifest/npm/packagejson.go
@@ -113,7 +113,7 @@ func (m *npmManifest) Clone() manifest.Manifest {
 		requirements: slices.Clone(m.requirements),
 		groups:       maps.Clone(m.groups),
 	}
-	clone.root.AttrSet = m.root.AttrSet.Clone()
+	clone.root.AttrSet = m.root.Clone()
 	clone.localManifests = make([]*npmManifest, len(m.localManifests))
 	for i, local := range m.localManifests {
 		clone.localManifests[i] = local.Clone().(*npmManifest)

diff --git a/guidedremediation/internal/manifest/python/poetry.go b/guidedremediation/internal/manifest/python/poetry.go
@@ -134,7 +134,7 @@ func (r poetryReadWriter) Read(path string, fsys scalibrfs.FS) (manifest.Manifes
 		groupReqs := parseDependencies(deps, true)
 		allReqs = append(allReqs, groupReqs...)
 		for _, r := range groupReqs {
-			key := manifest.RequirementKey(r.VersionKey.PackageKey)
+			key := manifest.RequirementKey(r.PackageKey)
 			groups[key] = append(groups[key], groupName)
 		}
 	}

diff --git a/guidedremediation/internal/manifest/python/python.go b/guidedremediation/internal/manifest/python/python.go
@@ -90,7 +90,7 @@ func (m *pythonManifest) Clone() manifest.Manifest {
 		root:         m.root,
 		requirements: slices.Clone(m.requirements),
 	}
-	clone.root.AttrSet = m.root.AttrSet.Clone()
+	clone.root.AttrSet = m.root.Clone()
 
 	return clone
 }

diff --git a/guidedremediation/internal/strategy/inplace/inplace.go b/guidedremediation/internal/strategy/inplace/inplace.go
@@ -42,7 +42,7 @@ func ComputePatches(ctx context.Context, cl resolve.Client, graph remediation.Re
 	if len(graph.Graph.Nodes) == 0 {
 		return nil, nil
 	}
-	sys := graph.Graph.Nodes[0].Version.System.Semver()
+	sys := graph.Graph.Nodes[0].Version.Semver()
 	requiredVersions := computeAllVersionConstraints(graph.Vulns, sys)
 	type patch struct {
 		vk    resolve.VersionKey
@@ -219,7 +219,7 @@ func findLatestMatching(ctx context.Context, cl resolve.Client, graph remediatio
 	requiredVersions map[resolve.VersionKey]semver.Set,
 	opts *options.RemediationOptions) (bool, resolve.VersionKey) {
 	vk := sg.Nodes[sg.Dependency].Version
-	sys := vk.System.Semver()
+	sys := vk.Semver()
 	vers, err := cl.Versions(ctx, vk.PackageKey)
 	if err != nil {
 		log.Errorf("failed to get versions for package %s: %v", vk.PackageKey, err)

diff --git a/guidedremediation/internal/strategy/override/override.go b/guidedremediation/internal/strategy/override/override.go
@@ -168,7 +168,7 @@ func getVersionsGreater(ctx context.Context, cl resolve.Client, vk resolve.Versi
 		return nil, err
 	}
 	semvers := make(map[resolve.VersionKey]*semver.Version)
-	sv := vk.System.Semver()
+	sv := vk.Semver()
 	for _, ver := range versions {
 		parsed, err := sv.Parse(ver.Version)
 		if err != nil {

diff --git a/guidedremediation/internal/strategy/relax/relax.go b/guidedremediation/internal/strategy/relax/relax.go
@@ -61,7 +61,7 @@ func patchVulns(ctx context.Context, cl resolve.Client, vm matcher.Vulnerability
 	toRelax := reqsToRelax(ctx, cl, resolved, vulnIDs, opts)
 	for len(toRelax) > 0 {
 		for _, req := range toRelax {
-			if opts.UpgradeConfig.Get(req.VersionKey.Name) == upgrade.None {
+			if opts.UpgradeConfig.Get(req.Name) == upgrade.None {
 				return nil, common.ErrPatchImpossible
 			}
 			newVer, ok := reqRelaxer.Relax(ctx, cl, req, opts.UpgradeConfig)
@@ -118,7 +118,7 @@ func reqsToRelax(ctx context.Context, cl resolve.Client, resolved *remediation.R
 	}
 
 	cmpFn := func(a, b resolve.RequirementVersion) int {
-		if cmp := a.VersionKey.Compare(b.VersionKey); cmp != 0 {
+		if cmp := a.Compare(b.VersionKey); cmp != 0 {
 			return cmp
 		}
 		return a.Type.Compare(b.Type)

diff --git a/guidedremediation/internal/tui/components/in_place_info.go b/guidedremediation/internal/tui/components/in_place_info.go
@@ -140,7 +140,7 @@ func (ip *inPlaceInfo) Update(msg tea.Msg) (ViewModel, tea.Cmd) {
 		case key.Matches(msg, Keys.Quit):
 			return ip, CloseViewModel
 		case key.Matches(msg, Keys.Select):
-			vID := ip.Model.Rows()[ip.Model.Cursor()][2]
+			vID := ip.Rows()[ip.Cursor()][2]
 			vIdx := slices.IndexFunc(ip.vulns, func(v resolution.Vulnerability) bool { return v.OSV.ID == vID })
 			if vIdx == -1 {
 				// something went wrong, just ignore this.

diff --git a/guidedremediation/internal/tui/components/vuln_list.go b/guidedremediation/internal/tui/components/vuln_list.go
@@ -138,7 +138,7 @@ func (v *vulnList) Update(msg tea.Msg) (ViewModel, tea.Cmd) {
 		case key.Matches(msg, Keys.Quit):
 			return v, CloseViewModel
 		case key.Matches(msg, Keys.Select):
-			vuln := v.Model.SelectedItem().(vulnListItem)
+			vuln := v.SelectedItem().(vulnListItem)
 			v.currVulnInfo = NewVulnInfo(vuln.Vulnerability, v.detailsRenderer)
 			v.currVulnInfo.Resize(v.Width(), v.Height())