chore: Update dependency securego/gosec to v2.21.1 #202
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v2.20.0->v2.21.1Release Notes
securego/gosec (securego/gosec)
v2.21.1Compare Source
Changelog
0ce4453Rollback the SARIF version to 2.1 since github doesn't support 2.2 (#1210)ea26e84Update gosec in github action to v2.21.0 (#1208)v2.21.0Compare Source
Changelog
b278b40Update cosign version to v2.4.0 in release github workflow (#1207)eaedce9Improvement the int conversion overflow logic to handle bound checks (#1194)ea5b276fix: G602 support for nested conditionals with bounds check (#1201)11d6903Update go.mod to sue go 1.22.0 toolchain655527dchore(deps): update all dependencies0898560Make variable name more clearac67231Make variable names more explicity and reduce duplicationse0414c4Fix formattingc7003fcRefactor to reduce some fuctions and variable names2401936Pass the value argument directly since is an interfacef5d3128Added suggested changesa14ca4aAdded another test case in order to increase code coveragea6dd589Removed function parameter which is always the sameb4c7469Formatting problems(CI was not passing)7f8f654Updated analyzer to use new way of initializationa26215cMigrated the rule to the analyzers folder3f6e1e7Refractored code a little bit0eb8143Added new rule G407(hardcoded IV/nonce)4ae73c8Fix conversion overflow false positive when using ParseUintc52dc0eAdd a build step to measure the scan perfomancebcec04eFix conversion overflow false positives when they are checked or pre-determined71e397bUpdate go.modaec45b0chore(deps): update all dependenciesab3f6c1Fix false positive in conversion overflow check from uint8/int8 typea39ec5aDisable staticcheck SA1019 rulea1b2ab8Update the golangci linters8467f01Add more test to cover more use cases for G115 rule81cda2fAllow excluding analyzers globally (#1180)18135b4Update to Go 1.23.0 (#1183)91c708achore(deps): update all dependencies (#1182)92bac42Read the AI API key also from an environment variable (#1181)56f943bAdd support to generate auto fixes using LLM (AI) (#1177)f33fd4bchore(deps): update all dependencies55a47f3chore(deps): update all dependenciesa5d9ef6chore(deps): update all dependencies6842444chore(deps): update dependency babel-standalone to v7.24.1008b94f9Resolve underlying type to detect overflows in type aliases4487a0cchore(deps): update dependency babel-standalone to v7.24.80076267Fix multifile ignores2f1b81bAdd -enable-audit cli flag87fcb9bUpdate to go 1.22.5 and 1.21.12466992fchore(deps): update all dependencies9a4a741Added more rules6382394Fixed coverage workflow5666ea3Fixed CI workflowfc0957fMinor changes58e4fccSplit the G401 rule into two separate ones2e71f37Updated G401 corresponding CWE3edc633chore(deps): update docker/build-push-action action to v62ae137aUpdate to go versions to 1.21.11 and 1.22.430a8a9cchore(deps): update all dependenciesac75d44Fix nosec when applied to a blocked3f51eAdd more types to templates rulec3209fcMap the G115 rule to an CWE ID45fbb27chore(deps): update all dependencies43bef71Update README with G115 rule description555fe44Remove deprecated megacheck linter from golangci81b076fFormat importsf775eb1Update .gitignore4bf5667Add a new rule to detect integer overflow on integer types conversion5f0084efeat: add env var to override the Go version detection75dd9d6Use the proper logic when disabling the go module version1e1fc91Update the README with some details related to Go version used by the rules9a03665Add an environment varialbe which disables the parsing of Go version from module fileb633c4cchore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.340f29c8Update docker image in action to v2.20.0Configuration
📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.