search

Azure / tflint-ruleset-azurerm-ext

Mozilla Public License 2.0
2 stars 3 forks source link

Bump securego/gosec from 2.18.2 to 2.20.0 #65

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 4 months ago

Bumps securego/gosec from 2.18.2 to 2.20.0.

Release notes

Sourced from securego/gosec's releases.

v2.20.0

Changelog

  • 6fbd381 Catch os.ModePerm permissions in os.WriteFile
  • dc5e5a9 Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
  • 417a44c Add filepath.EvalSymlinks to clean functions in rule G304
  • d34f8b7 chore(deps): update all dependencies
  • 8658b8e Update Go to version 2.22.3 in CI and release
  • d3b2359 chore(deps): update module golang.org/x/text to v0.15.0
  • cf29d54 chore(deps): update all dependencies
  • 09d62bd chore(deps): update module github.com/onsi/gomega to v1.33.0
  • 3b23ec8 Update to go 1.22.2
  • 31009c3 chore(deps): update all dependencies
  • daf6f67 chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
  • e27f442 chore(deps): update all dependencies
  • 5513615 fix(helpers/goversion): get from go.mod
  • 43b8b75 chore: fix function name
  • accd7a1 chore(deps): update all dependencies
  • 48aa72e Format the imports using the gci tool
  • b6df69c Fixup: delete unused variable
  • ccb0a08 Fix test: update test to comply with the spec of generated sources
  • 3a0ea51 Refactor: use standard function to check if a file is generated
  • 11c3252 Fix lint warnings
  • be378e6 Add support for math/rand/v2 added in Go 1.22
  • 36878a9 Skip the G601 tests for Go version 1.22
  • 903c75b Update go version to 1.22.1 and 1.21.8
  • f25ccd9 Ignore 'implicit memory aliasing' rule for Go 1.22+
  • 582e91a chore(deps): update all dependencies
  • 198a40c chore(deps): update module golang.org/x/tools to v0.18.0
  • c824a5d fix(hardcoded): remove duplicated Stripe API Key
  • d13d7da Update gosec version to v2.19.0 in the Github action

v2.19.0

Changelog

  • 26e57d6 Update CI to go version 1.22
  • e60b8d8 chore(deps): update all dependencies
  • 1285eb7 chore(deps): update all dependencies
  • cf4ab3e chore(deps): update all dependencies
  • 277553c chore(deps): update all dependencies
  • 57ec76b chore(deps): update all dependencies
  • 8fa46c1 chore(deps): update dependency babel-standalone to v7.23.7
  • 53aa3f7 chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
  • 187adab chore(deps): update all dependencies
  • e1f27ba chore(deps): update actions/setup-go action to v5
  • 2aad3f0 Fix lint warnings by properly formatting the files
  • 0e2a618 chore: Refactor Sample Code to Separate Files
  • bc03d1c Update go version to 1.21.5 and 1.20.12 (#1084)
  • 79a6b47 chore(deps): update all dependencies (#1080)
  • eb256a7 Ignore the issues from generated files when using the analysis framework (#1079)
  • 43b7cbf Update README with upload-sarif v2 (#1078)
  • fece498 chore(deps): update dependency babel-standalone to v7.23.4

... (truncated)

Commits
  • 6fbd381 Catch os.ModePerm permissions in os.WriteFile
  • dc5e5a9 Add a unit test to detect the false negative in rule G306 for os.ModePerm per...
  • 417a44c Add filepath.EvalSymlinks to clean functions in rule G304
  • d34f8b7 chore(deps): update all dependencies
  • 8658b8e Update Go to version 2.22.3 in CI and release
  • d3b2359 chore(deps): update module golang.org/x/text to v0.15.0
  • cf29d54 chore(deps): update all dependencies
  • 09d62bd chore(deps): update module github.com/onsi/gomega to v1.33.0
  • 3b23ec8 Update to go 1.22.2
  • 31009c3 chore(deps): update all dependencies
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
lonegunmanb commented 3 months ago

@dependabot rebase

dependabot[bot] commented 1 week ago

Superseded by #104.