chore(deps): update dependency securego/gosec to v2.24.7#1034
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
chore(deps): update dependency securego/gosec to v2.24.7#1034renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1034 +/- ##
=======================================
Coverage 67.88% 67.88%
=======================================
Files 71 71
Lines 6480 6480
=======================================
Hits 4399 4399
Misses 1808 1808
Partials 273 273 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
2 times, most recently
from
7a41762 to
b00f272
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
b00f272 to
76d783f
Compare
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
76d783f to
34967a1
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
34967a1 to
24f5e32
Compare
renovate
bot
force-pushed
the
renovate/securego-gosec-2.x
branch
from
24f5e32 to
58a9e0f
Compare
renovate
bot
changed the title
Collaborator
|
Image doesn't seem to exist yet but securego/gosec:2.24.6 does 🤷♀️ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.22.11→2.24.7Release Notes
securego/gosec (securego/gosec)
v2.24.7Compare Source
Changelog
bb17e42Ignore nosec comments in action integration workflow to generate some warnings (#1573)e1502adAdd a workflow for action integration test (#1571)f8691bdfix(sarif): avoid invalid null relationships in SARIF output (#1569)ade1d0echore: migrate gosec container image references to GHCR (#1567)v2.24.6Compare Source
Changelog
88835e8Update gorelease to use the latest cosign bundle argument (#1565)v2.24.5Compare Source
v2.24.4Compare Source
v2.24.3Compare Source
v2.24.2Compare Source
v2.24.1Compare Source
v2.24.0Compare Source
Changelog
271492bfix: G704 false positive on const URL (#1551)1341aeafix(G705): eliminate false positive for non-HTTP io.Writer (#1550)f2262c8G120: avoid false positive when MaxBytesReader is applied in middleware (#1547)5b580c7Fix G602 regression coverage for issue #1545 and stabilize G117 TOML test dependency (#1546)eba2d15taint: skipcontext.Contextarguments during taint propagation to fix false positives (#1543)a6381c1test: add missing rules to formatter report tests (#1540)fea9725chore(deps): update all dependencies (#1541)f3e2facRegenrate the TLS config rule (#1539)200461fImprove documentation (#1538)078a62aExpand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537)ffdc620Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536)c13a486Add G707 taint analyzer for SMTP command/header injection (#1535)f61ed31Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534)b568aa1Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532)1735e5afix(G602): avoid false positives for range-over-array indexing (#1531)caf93d0Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530)bd11fbefix: taint analysis false positives with G703,G705 (#1522)e34e8ddExtend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529)b940702Fix the G117 rule to take the JSON serialization into account (#1528)4f84627(docs) fix justification format (#1524)36ba72bAdd G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521)238f982Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520)89cde27Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519)14fdd9cFix G115 false positives and negatives (Issue #1501) (#1518)cec54ecchore(deps): update all dependencies (#1517)2b2077eAdd G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516)a7666f3Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515)47f8b52Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#1513)4f1f362Add more unit tests to improve coverage (#1512)9344582Improve test coverage in various areas (#1511)8d1b2c6Imprve the test coverage (#1510)993c1c4Fix incorrect detection of fixed iv in G407 (#1509)8668b74Add support for go 1.26.x and removed support for go 1.24.x (#1508)514225cFix the sonar report to follow the latest schema (#1507)000384efix: broken taint analysis causing false positives (#1506)616192cfix: panic on float constants in overflow analyzer (#1505)79956a3fix: panic when scanning multi-module repos from root (#1504)5736e8bfix: G602 false positive for array element access (#1499)1b7e1e9Update gosec to version v2.23.0 in the Github action (#1496)v2.23.0Compare Source
Changelog
398ad54feat: Support for adding taint analysis engine (#1486)6eacd5cchore(deps): update all dependencies (#1494)181a7cbchore(deps): update all dependencies (#1494)e2fa6abchore(deps): update all dependencies (#1488)eb252baFix G602 analyzer panic that kills gosec process (#1491)20d71a0update go version to 1.25.7 (#1492)a631af8Fix URL regexp and remove redundant Google regex patterns (#1485)8968502feat: implement global cache usage in rules (#1480)04f729cchore(deps): update module google.golang.org/genai to v1.43.0 (#1484)ade0e8frefactor: optimize nosec parsing and reduce allocations (#1478)d24bbf7Fix SARIF artifactChanges null validation error (#1483)15cba7ffeat: optimize GetCallInfo with per-package sync.Pool caching (#1481)5288673feat: implement entropy pre-filtering to optimize secret detection (#1479)d9a9bcdfeat: ensure GoVersion is cached using sync.Once (#1477)516260aFix #1240: nosec comments now work with trailing open brackets (#1475)be0fd6dDebug Build Profiling Support: Code improvement suggestions for PR#1471 (#1476)b579523Update the go version to 1.25.6 and 1.24.12 (#1474)bd3c738G115: Enhance RangeAnalyzer with constant propagation and chained arithmetic support (#1470)6897b36chore(deps): update all dependencies (#1473)9f20212feat: support path-based rule exclusions via exclude-rules (#1465)726d847Optimize analyzer with parallel package processing (#1466)3150b28feat: add goanalysis package for nogo (#1449)7284e15Refactor Analyzers: Unify Range Logic & Optimize Allocations (#1464)7a4ccefOptimize G115, G602, G407 analyzers to reduce allocations and memory (#1463)833d791refactor(g115): improve coverage (#1462)0cc9e01Refine G407 to improve detection and coverage of hardcoded nonces (#1460)303f84dchore(deps): update all dependencies (#1461)7387d22Refactor rules to use callListRule base structure (#1458)52f5dbffeat(slice): enhance slice bounds analysis with dynamic bounds handling (#1457)649e2c8remove deprecated ast.Object (#1455)35a92b4feat(sql): enhance SQL injection detection with improved string concatenation checks (#1454)bc9d2bcfeat(rules): enhance subprocess variable checks (#1453)8a5404efeat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr (#1452)0f6f21cfeat: add secrets serialization G117 (#1451)717706efeat(rules): add support for detecting high entropy strings in composite literals (#1447)082deb6whitelist crypto/rand Read from error checks (#1446)095d529chore(deps): update all dependencies (#1443)c073629Improve slice bound check (#1442)538a05cdocs: add documentation for using gosec with private modules (#1441)2580437chore(deps): update all dependencies (#1440)872b331docs: add G116 rule description to README (#1439)dcf93a8Update GitHub action to gosec 2.22.11 (#1438)Configuration
📅 Schedule: Branch creation - Between 12:00 AM and 12:59 AM, on day 1 and 15 of the month ( * 0 1,15 * * ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.