compliance-operator icon indicating copy to clipboard operation
compliance-operator copied to clipboard

Published 20 hours ago verified publisher icon ComplianceAsCode

Update module github.com/securego/gosec/v2 to v2.20.0

Open renovate[bot] opened this issue 1 year ago • 8 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/securego/gosec/v2 v2.17.0 -> v2.20.0 age adoption passing confidence

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

securego/gosec (github.com/securego/gosec/v2)

v2.20.0

Compare Source

Changelog

  • 6fbd381 Catch os.ModePerm permissions in os.WriteFile
  • dc5e5a9 Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
  • 417a44c Add filepath.EvalSymlinks to clean functions in rule G304
  • d34f8b7 chore(deps): update all dependencies
  • 8658b8e Update Go to version 2.22.3 in CI and release
  • d3b2359 chore(deps): update module golang.org/x/text to v0.15.0
  • cf29d54 chore(deps): update all dependencies
  • 09d62bd chore(deps): update module github.com/onsi/gomega to v1.33.0
  • 3b23ec8 Update to go 1.22.2
  • 31009c3 chore(deps): update all dependencies
  • daf6f67 chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
  • e27f442 chore(deps): update all dependencies
  • 5513615 fix(helpers/goversion): get from go.mod
  • 43b8b75 chore: fix function name
  • accd7a1 chore(deps): update all dependencies
  • 48aa72e Format the imports using the gci tool
  • b6df69c Fixup: delete unused variable
  • ccb0a08 Fix test: update test to comply with the spec of generated sources
  • 3a0ea51 Refactor: use standard function to check if a file is generated
  • 11c3252 Fix lint warnings
  • be378e6 Add support for math/rand/v2 added in Go 1.22
  • 36878a9 Skip the G601 tests for Go version 1.22
  • 903c75b Update go version to 1.22.1 and 1.21.8
  • f25ccd9 Ignore 'implicit memory aliasing' rule for Go 1.22+
  • 582e91a chore(deps): update all dependencies
  • 198a40c chore(deps): update module golang.org/x/tools to v0.18.0
  • c824a5d fix(hardcoded): remove duplicated Stripe API Key
  • d13d7da Update gosec version to v2.19.0 in the Github action

v2.19.0

Compare Source

Changelog

  • 26e57d6 Update CI to go version 1.22
  • e60b8d8 chore(deps): update all dependencies
  • 1285eb7 chore(deps): update all dependencies
  • cf4ab3e chore(deps): update all dependencies
  • 277553c chore(deps): update all dependencies
  • 57ec76b chore(deps): update all dependencies
  • 8fa46c1 chore(deps): update dependency babel-standalone to v7.23.7
  • 53aa3f7 chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
  • 187adab chore(deps): update all dependencies
  • e1f27ba chore(deps): update actions/setup-go action to v5
  • 2aad3f0 Fix lint warnings by properly formatting the files
  • 0e2a618 chore: Refactor Sample Code to Separate Files
  • bc03d1c Update go version to 1.21.5 and 1.20.12 (#​1084)
  • 79a6b47 chore(deps): update all dependencies (#​1080)
  • eb256a7 Ignore the issues from generated files when using the analysis framework (#​1079)
  • 43b7cbf Update README with upload-sarif v2 (#​1078)
  • fece498 chore(deps): update dependency babel-standalone to v7.23.4
  • 24c614b Added ppc64le support
  • c736581 chore(deps): update all dependencies
  • 3188e3f Ensure ignores are handled properly for multi-line issues
  • 6d56592 Update Go to version 1.21.4 and 1.20.11
  • 870103b chore(deps): update module golang.org/x/text to v0.14.0
  • b50e493 chore(deps): update all dependencies
  • 2f9965b Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
  • fa1b74d Avoid allocations with (*regexp.Regexp).MatchString
  • 64bbe90 Fix some typos
  • d9071e3 Update local installation instructions by removing the details for Go 1.16
  • 5d837bc Update gosec version to 2.18.2 in the action

v2.18.2

Compare Source

Changelog

  • 55d7949 Disable dot-imports in revive linter
  • 4656817 chore(deps): update module github.com/onsi/gomega to v1.28.1
  • 5567ac4 Run the gosec with data race detector active during tests
  • a239758 Fix data race in the analyzer
  • c06903a Fix test that checks the overriden nosec directive
  • bde2619 Clean global state in flgs tests
  • e108c56 Format the file
  • e298388 Update README with details which describe the current behaviour of #nosec
  • d8a6d35 Ensure the ignores are parsed before analysing the package
  • 7846db0 chore(deps): update all dependencies
  • 8e0cf8c Update gosec to version 2.18.1 in the action
  • 6b12a71 Update cosign version to v2.2.0

v2.18.1

Compare Source

Changelog

  • 0ec6cd9 Refactor how ignored issues are tracked
  • f338a98 Restrict the maximum depth when tracking the slice bounds
  • 7e2d8d3 Handle empty ssa results
  • 074353a Handle gracefully any panic that occurs when building the SSA representation of a package
  • ec31a3a Fix typo
  • a11eb28 Handle new function when getting the call info in case is overriden
  • 5b7867d Bump golang.org/x/net from 0.16.0 to 0.17.0 (#​1037)
  • dd08f99 Update to Go 1.21.3 and 1.20.10 (#​1035)
  • 616520f Update the list of unsafe functions detected by the unsafe rule (#​1033)
  • 3952187 Update the action to use gosec version v2.18.0 (#​1029)
  • 2b62dd1 Use a step ID in github release action to get the digest of the image (#​1028)

v2.18.0

Compare Source

Changelog

  • 53fc0c3 Update to go version 1.21.2 and 1.20.9 (#​1027)
  • 7f7c47f chore(deps): update all dependencies (#​1026)
  • d864a91 Enable gochecknoinits; fix lint issues; use consts for some vars (#​1022)
  • 09cf6ef Fix typos in struct fields, comments, and docs (#​1023)
  • 665e87b chore(deps): update all dependencies
  • 4def3a4 Fix lint warning
  • 0d332a1 Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
  • 293d887 Fix lint warnings
  • ac482cb Update ginkgo to latest version
  • e02e2f6 Redesign and reimplement the slice out of bounds check using SSA code representation
  • e1278f9 docs: add reMarkable to users list
  • f6a6496 chore(deps): update all dependencies
  • aebe20c Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
  • 7a98537 Update to latest go version
  • b192f06 chore(deps): update all dependencies (#​1011)
  • 6c93653 Fix hardcoded_credentials rule to only match on more specific patterns (#​1009)
  • 325eb19 chore(deps): update all dependencies (#​1008)
  • beef125 Exclude maps from slince bounce check rule (#​1006)
  • 21d13c9 Ignore struct pointers in G601 (#​1003)
  • 85005c4 Update gosec image version to 2.17.0 in the Github action (#​1002)
  • 6a2c5e1 Update cosign to version v2.1.1 (#​1000)

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Oct 14 '23 04:10 renovate[bot]