search

flosell / iam-policy-json-to-terraform

Small tool to convert an IAM Policy in JSON format into a Terraform aws_iam_policy_document
https://flosell.github.io/iam-policy-json-to-terraform/
Apache License 2.0
765 stars 60 forks source link

Bump github.com/securego/gosec/v2 from 2.14.0 to 2.18.1 #89

Closed dependabot[bot] closed 9 months ago

dependabot[bot] commented 9 months ago

Bumps github.com/securego/gosec/v2 from 2.14.0 to 2.18.1.

Release notes

Sourced from github.com/securego/gosec/v2's releases.

v2.18.1

Changelog

  • 0ec6cd9 Refactor how ignored issues are tracked
  • f338a98 Restrict the maximum depth when tracking the slice bounds
  • 7e2d8d3 Handle empty ssa results
  • 074353a Handle gracefully any panic that occurs when building the SSA representation of a package
  • ec31a3a Fix typo
  • a11eb28 Handle new function when getting the call info in case is overriden
  • 5b7867d Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1037)
  • dd08f99 Update to Go 1.21.3 and 1.20.10 (#1035)
  • 616520f Update the list of unsafe functions detected by the unsafe rule (#1033)
  • 3952187 Update the action to use gosec version v2.18.0 (#1029)
  • 2b62dd1 Use a step ID in github release action to get the digest of the image (#1028)

v2.18.0

Changelog

  • 53fc0c3 Update to go version 1.21.2 and 1.20.9 (#1027)
  • 7f7c47f chore(deps): update all dependencies (#1026)
  • d864a91 Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
  • 09cf6ef Fix typos in struct fields, comments, and docs (#1023)
  • 665e87b chore(deps): update all dependencies
  • 4def3a4 Fix lint warning
  • 0d332a1 Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
  • 293d887 Fix lint warnings
  • ac482cb Update ginkgo to latest version
  • e02e2f6 Redesign and reimplement the slice out of bounds check using SSA code representation
  • e1278f9 docs: add reMarkable to users list
  • f6a6496 chore(deps): update all dependencies
  • aebe20c Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
  • 7a98537 Update to latest go version
  • b192f06 chore(deps): update all dependencies (#1011)
  • 6c93653 Fix hardcoded_credentials rule to only match on more specific patterns (#1009)
  • 325eb19 chore(deps): update all dependencies (#1008)
  • beef125 Exclude maps from slince bounce check rule (#1006)
  • 21d13c9 Ignore struct pointers in G601 (#1003)
  • 85005c4 Update gosec image version to 2.17.0 in the Github action (#1002)
  • 6a2c5e1 Update cosign to version v2.1.1 (#1000)

v2.17.0

Changelog

  • a89e9d5 Enable go 1.21.0 in the CI build (#998)
  • 4b458c4 chore(deps): update all dependencies (#997)
  • 7d51bfe Update to go version 1.20.7 and 1.19.12 (#993)
  • fc2f66b chore(deps): update all dependencies (#992)
  • 2cf2f96 chore(deps): update module github.com/onsi/gomega to v1.27.10 (#991)
  • bf7feda fix: correctly identify infixed concats as potential SQL injections (#987)
  • 2292ed5 chore(deps): update all dependencies (#989)
  • fc570b6 Add a new flag terse to show only the results and summary (#986)
  • 36f6933 Switch to a maintained fork of zxcvbn module (#984)

... (truncated)

Commits
  • 0ec6cd9 Refactor how ignored issues are tracked
  • f338a98 Restrict the maximum depth when tracking the slice bounds
  • 7e2d8d3 Handle empty ssa results
  • 074353a Handle gracefully any panic that occurs when building the SSA representation ...
  • ec31a3a Fix typo
  • a11eb28 Handle new function when getting the call info in case is overriden
  • 5b7867d Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1037)
  • dd08f99 Update to Go 1.21.3 and 1.20.10 (#1035)
  • 616520f Update the list of unsafe functions detected by the unsafe rule (#1033)
  • 3952187 Update the action to use gosec version v2.18.0 (#1029)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
flosell commented 9 months ago

@dependabot ignore this major version

dependabot[bot] commented 9 months ago

OK, I won't notify you about version 2.x.x again, unless you re-open this PR.

flosell commented 9 months ago

GopherJS doesn't support Go 1.20 at the moment but gosec v2 requires it