chore: Update dependency securego/gosec to v2.21.4 #534
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v2.20.0
->v2.21.4
Release Notes
securego/gosec (securego/gosec)
v2.21.4
Compare Source
Changelog
d4617f5
chore(deps): update module google.golang.org/api to v0.198.0 (#1233)1d23143
Prevent panic: unexpected constant value: (#1232)6741874
Fix running single analyzer which isn't a rule bug (#1231)a836898
Update gosec version to v2.21.3 in github action (#1227)v2.21.3
Compare Source
Changelog
be8bd6e
Populate the fixes only when autofix is not empty (#1226)3004932
chore(deps): update all dependencies (#1223)1f3bdd9
G115 Struct Attribute Checks (#1221)5f3194b
Update the github action to v2.21.2 (#1218)v2.21.2
Compare Source
Changelog
abfe8cf
Update the SARIF schema URL (#1217)0396179
Update go version to 1.23.1 and 1.22.7 (#1216)5e53c8b
chore(deps): update all dependencies (#1215)014751c
Update gosec version to v2.21.1 in github action (#1213)v2.21.1
Compare Source
Changelog
0ce4453
Rollback the SARIF version to 2.1 since github doesn't support 2.2 (#1210)ea26e84
Update gosec in github action to v2.21.0 (#1208)v2.21.0
Compare Source
Changelog
b278b40
Update cosign version to v2.4.0 in release github workflow (#1207)eaedce9
Improvement the int conversion overflow logic to handle bound checks (#1194)ea5b276
fix: G602 support for nested conditionals with bounds check (#1201)11d6903
Update go.mod to sue go 1.22.0 toolchain655527d
chore(deps): update all dependencies0898560
Make variable name more clearac67231
Make variable names more explicity and reduce duplicationse0414c4
Fix formattingc7003fc
Refactor to reduce some fuctions and variable names2401936
Pass the value argument directly since is an interfacef5d3128
Added suggested changesa14ca4a
Added another test case in order to increase code coveragea6dd589
Removed function parameter which is always the sameb4c7469
Formatting problems(CI was not passing)7f8f654
Updated analyzer to use new way of initializationa26215c
Migrated the rule to the analyzers folder3f6e1e7
Refractored code a little bit0eb8143
Added new rule G407(hardcoded IV/nonce)4ae73c8
Fix conversion overflow false positive when using ParseUintc52dc0e
Add a build step to measure the scan perfomancebcec04e
Fix conversion overflow false positives when they are checked or pre-determined71e397b
Update go.modaec45b0
chore(deps): update all dependenciesab3f6c1
Fix false positive in conversion overflow check from uint8/int8 typea39ec5a
Disable staticcheck SA1019 rulea1b2ab8
Update the golangci linters8467f01
Add more test to cover more use cases for G115 rule81cda2f
Allow excluding analyzers globally (#1180)18135b4
Update to Go 1.23.0 (#1183)91c708a
chore(deps): update all dependencies (#1182)92bac42
Read the AI API key also from an environment variable (#1181)56f943b
Add support to generate auto fixes using LLM (AI) (#1177)f33fd4b
chore(deps): update all dependencies55a47f3
chore(deps): update all dependenciesa5d9ef6
chore(deps): update all dependencies6842444
chore(deps): update dependency babel-standalone to v7.24.1008b94f9
Resolve underlying type to detect overflows in type aliases4487a0c
chore(deps): update dependency babel-standalone to v7.24.80076267
Fix multifile ignores2f1b81b
Add -enable-audit cli flag87fcb9b
Update to go 1.22.5 and 1.21.12466992f
chore(deps): update all dependencies9a4a741
Added more rules6382394
Fixed coverage workflow5666ea3
Fixed CI workflowfc0957f
Minor changes58e4fcc
Split the G401 rule into two separate ones2e71f37
Updated G401 corresponding CWE3edc633
chore(deps): update docker/build-push-action action to v62ae137a
Update to go versions to 1.21.11 and 1.22.430a8a9c
chore(deps): update all dependenciesac75d44
Fix nosec when applied to a blocked3f51e
Add more types to templates rulec3209fc
Map the G115 rule to an CWE ID45fbb27
chore(deps): update all dependencies43bef71
Update README with G115 rule description555fe44
Remove deprecated megacheck linter from golangci81b076f
Format importsf775eb1
Update .gitignore4bf5667
Add a new rule to detect integer overflow on integer types conversion5f0084e
feat: add env var to override the Go version detection75dd9d6
Use the proper logic when disabling the go module version1e1fc91
Update the README with some details related to Go version used by the rules9a03665
Add an environment varialbe which disables the parsing of Go version from module fileb633c4c
chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.340f29c8
Update docker image in action to v2.20.0Configuration
📅 Schedule: Branch creation - "* 0-4,22-23 * * 1-5,* * * * 0,6" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.