chore(deps): update securego/gosec action to v2.22.9 #211
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
4a84231 to
de4fd8a
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
de4fd8a to
bb33c6e
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
bb33c6e to
e52e132
Compare
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
e52e132 to
0fffa9f
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
0fffa9f to
6a79008
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
2 times, most recently
from
e0c8712 to
7987d6d
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
7987d6d to
2d78d48
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
2d78d48 to
1afb04e
Compare
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.
This PR contains the following updates:
v2.21.4->v2.22.9Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
securego/gosec (securego/gosec)
v2.22.9Compare Source
Changelog
15d5c61Update cosign to v2.6.0 and go in the CI to latest version7b8713efix(autofix): unnecessary conversion64ebfc0feat(autofix): update gemini sdk and add anthropic claude506407efeat(G304): add os.Root remediation hint (Autofix) when Go >= 1.243ead143chore(deps): update all dependenciese81fba3refactor(G304): remove unused trackJoin helper; no functional changeab078dbstyle: gofmt rules/readfile.goe6218c8test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed)79f835drules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Consider safe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed40ac530rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #1309 report\n- Rules tests: 42 passed4be6b11chore(deps): update all dependencies5af1117chore(deps): update all dependencies287b46cchore(deps): update all dependenciescee0aeaUpdate gosec version to v2.22.8 in the Github actionv2.22.8Compare Source
Changelog
c945302Add support for go version 1.25.0ef7adabUpdate go version in CI to 1.24.6 and 1.23.12e201bb8chore(deps): update all dependenciesba592afchore(deps): update all dependencies2ef6017Update github action to release v2.22.7v2.22.7Compare Source
Changelog
32975f4Fix crash in hardcoded_nonce analyzer6ea6b35Update go action to use release v2.22.6v2.22.6Compare Source
Changelog
bc3f214Update go version to 1.24.5 and 1.23.11 in the CI925741bchore(deps): update module google.golang.org/api to v0.242.059ae7e9chore(deps): update all dependenciese7abd9echore(deps): update all dependencies35e7bc1chore(deps): update all dependencies2d1ed95chore(deps): update all dependencies4a8cb46Do not allow dashes in file namesbcc8afbUpdate gosec to version 2.22.5 in Github actionv2.22.5Compare Source
Changelog
d2d3ae6Switch back go.mod to minimum 1.23.01e7ed06Update dependencies1bef91aUpdate go version 1.24.4 and 1.23.10 in CI621702fchore(deps): update all dependencies017d1d6G201/G202: add checks for injection into sql.Conn methods67f63d4chore(deps): update module google.golang.org/api to v0.235.0b4eabb1chore(deps): update module google.golang.org/api to v0.234.052a80ffchore(deps): update module google.golang.org/api to v0.233.0e2a9506chore(deps): update module google.golang.org/api to v0.232.0v2.22.4Compare Source
Changelog
6decf96Update to go version 1.24.3 and 1.23.9d522338update: updated the build command to include version metadata270b5cechore(deps): update all dependencies6027926Update the AI provider API key value when provided as an argument65d2d9fchore(deps): update module google.golang.org/api to v0.230.0dc1c38bchore(deps): update module google.golang.org/api to v0.229.055dbf5achore(deps): update all dependencies2aaa9c4Comment the reason why the file can be nil when an issue is created700e9a9Handle nil file when creating a new issued514c42chore(deps): update all dependencies (#1333)1d458c5Update version in 'action.yml' to 2.22.3 (anticipating next version (#1332)v2.22.3Compare Source
Changelog
955a68dUpdate go version to 1.24.2 and 1.23.8 (#1331)1336dc6remove G113. It only affects old/unsupported versions of Go (#1328)5fd2a37chore(deps): update all dependencies (#1325)39e4477Add SSOJet (#1320)6141d10chore(deps): update all dependencies (#1319)9452efeUpdate the integrity sha for babel dependency in html report (#1316)57ec633Add support for//gosec:disabledirective (#1314)e5fee17chore(deps): update all dependencies (#1315)v2.22.2Compare Source
Changelog
136f6c0Update to go version 1.24.1 and 1.23.7 (#1313)047453achore(deps): update all dependencies (#1310)76ccee5chore(deps): update all dependencies (#1308)a9eb1c9Update gosec version in the GitHub action to v2.22.1 (#1307)89c5da3chore(deps): update module google.golang.org/api to v0.221.0 (#1305)v2.22.1Compare Source
Changelog
43fee88Update cosign to v2.4.2 (#1303)7723829Add support for go 1.24 and phased out support for go 1.22 (#1302)9552f03chore(deps): update all dependencies (#1300)f4d2576Update to go version 1.23.6 and 1.22.12 (#1299)2258e31chore(deps): update module google.golang.org/api to v0.219.0 (#1296)fbb0833chore(deps): update module google.golang.org/api to v0.218.0 (#1294)c66cb56Add test to conver unit parssing for G115 rule (#1293)59291a0Update to go version 1.23.5 and 1.22.11 (#1291)7466b7cchore(deps): update all dependencies (#1290)32dcc8aUpdate gosec in github action to 2.22.0 (#1286)v2.22.0Compare Source
Changelog
e0cca6fUpdate what message for G104 (#1282)534689bchore(deps): update module github.com/onsi/ginkgo/v2 to v2.22.2 (#1281)eb95db1chore(deps): update all dependencies (#1280)6c6da40chore(deps): update all dependencies (#1279)b12f51fSimplify sortIssues implementation (#1277)54c2185Enable testifylint and fix up lint issues (#1276)36c81edRefactor AppendError to check for build.NoGoError (#1273)9a2d74fchore(deps): update module golang.org/x/net to v0.33.0 [security] (#1275)4c5ad91Update README.md (#1274)e21b4d4Rule documentation updates (#1272)92de0eeReplace old golang.org links with new go.dev (#1271)4fda076Refactor AppendError to use strings.Contains (#1270)b01f49eSimplify Analyzer.ignore by reducing nesting (#1269)b62cc33Improve capitalization in AI API flags descriptions (#1267)bc77d16Remove unused golint dependency (#1266)ef1a35fSimplify tests by using GinkgoT().TempDir() (#1265)09b9143Documentation on adding new rules and analyzers (#1262)1bd92a8chore(deps): update all dependencies (#1268)ca55ecaUpdate to go 1.22.10 and 1.23.4 versions (#1264)329cad8chore(deps): update module golang.org/x/crypto to v0.31.0 [security] (#1263)08beb25chore(deps): update all dependencies (#1261)d566be2chore(deps): update module github.com/onsi/gomega to v1.36.0 (#1259)8c602d0fix: revive.redefines-builtin-id lint warnings (#1257)399e835Fix typos in comments and fields229cf63Remove the decryption funtions/methods from G407 check699cb55Upate go to version 1.23.3 and 1.22.99b13cd5Fix G115 false positive when going from parsed uint to larger int08ea2a5chore(deps): update all dependencies4415613chore(deps): update all dependencies3274716chore(deps): update all dependencies1fb6a46chore(deps): update all dependenciesd2c92edchore(deps): update all dependencies4fd9872Update go version to 1.23.2 and 1.22.81501618chore(deps): update module google.golang.org/api to v0.201.07d33bc1chore(deps): update all dependenciesbd8b4b4chore(deps): update all dependencies1216c9bFix the cosign step to authenticate with the container registry50d1b4achore(deps): update module google.golang.org/api to v0.199.0c0ba7c7Update the gosec to v2.21.4 in the Github actiona3299ceAdd the version into goreleaser configConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.