From 05548857feb642bc1282dd9aeef67fdafac95bd5 Mon Sep 17 00:00:00 2001 From: Jamie Magee Date: Mon, 9 Feb 2026 15:59:50 -0800 Subject: [PATCH] Close HTTP response bodies to fix bodyclose lint Two spots were missing resp.Body.Close() calls: - update_test.go: the http.Post response was discarded. Now we capture it and close the body before returning. - run.go (checkCredAccess): the response from the GitHub API token-scope check was never closed. Added a defer. --- cmd/dependabot/internal/cmd/update_test.go | 3 ++- internal/infra/run.go | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/dependabot/internal/cmd/update_test.go b/cmd/dependabot/internal/cmd/update_test.go index d691b60c..94c092d6 100644 --- a/cmd/dependabot/internal/cmd/update_test.go +++ b/cmd/dependabot/internal/cmd/update_test.go @@ -295,10 +295,11 @@ func Test_extractInput(t *testing.T) { // Retry the calls in case the server takes a bit to start up. for i := 0; i < 10; i++ { body := strings.NewReader(`{"job":{"package-manager":"go_modules"}}`) - _, err := http.Post("http://127.0.0.1:8080", "application/json", body) + resp, err := http.Post("http://127.0.0.1:8080", "application/json", body) if err != nil { time.Sleep(10 * time.Millisecond) } else { + resp.Body.Close() return } } diff --git a/internal/infra/run.go b/internal/infra/run.go index dcca7583..0c6142ca 100644 --- a/internal/infra/run.go +++ b/internal/infra/run.go @@ -255,6 +255,7 @@ func checkCredAccess(ctx context.Context, job *model.Job, creds []model.Credenti if err != nil { return fmt.Errorf("failed making request: %w", err) } + defer resp.Body.Close() if resp.StatusCode != http.StatusOK { return fmt.Errorf("failed request to GitHub API to check access: %s", resp.Status) }