search

grafana / synthetic-monitoring-agent

Synthetic Monitoring Agent
https://grafana.com/docs/grafana-cloud/how-do-i/synthetic-monitoring/
Apache License 2.0
155 stars 20 forks source link

Update module github.com/securego/gosec to v2 #763

Closed grafanarenovatebot[bot] closed 3 days ago

grafanarenovatebot[bot] commented 5 days ago

This PR contains the following updates:

Package Type Update Change
github.com/securego/gosec require major v0.0.0-20200401082031-e946c8c39989 -> v2.20.0

Release Notes

securego/gosec (github.com/securego/gosec) ### [`v2.20.0`](https://togithub.com/securego/gosec/releases/tag/v2.20.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.19.0...v2.20.0) #### Changelog - [`6fbd381`](https://togithub.com/securego/gosec/commit/6fbd381) Catch os.ModePerm permissions in os.WriteFile - [`dc5e5a9`](https://togithub.com/securego/gosec/commit/dc5e5a9) Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions - [`417a44c`](https://togithub.com/securego/gosec/commit/417a44c) Add filepath.EvalSymlinks to clean functions in rule G304 - [`d34f8b7`](https://togithub.com/securego/gosec/commit/d34f8b7) chore(deps): update all dependencies - [`8658b8e`](https://togithub.com/securego/gosec/commit/8658b8e) Update Go to version 2.22.3 in CI and release - [`d3b2359`](https://togithub.com/securego/gosec/commit/d3b2359) chore(deps): update module golang.org/x/text to v0.15.0 - [`cf29d54`](https://togithub.com/securego/gosec/commit/cf29d54) chore(deps): update all dependencies - [`09d62bd`](https://togithub.com/securego/gosec/commit/09d62bd) chore(deps): update module github.com/onsi/gomega to v1.33.0 - [`3b23ec8`](https://togithub.com/securego/gosec/commit/3b23ec8) Update to go 1.22.2 - [`31009c3`](https://togithub.com/securego/gosec/commit/31009c3) chore(deps): update all dependencies - [`daf6f67`](https://togithub.com/securego/gosec/commit/daf6f67) chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1 - [`e27f442`](https://togithub.com/securego/gosec/commit/e27f442) chore(deps): update all dependencies - [`5513615`](https://togithub.com/securego/gosec/commit/5513615) fix(helpers/goversion): get from go.mod - [`43b8b75`](https://togithub.com/securego/gosec/commit/43b8b75) chore: fix function name - [`accd7a1`](https://togithub.com/securego/gosec/commit/accd7a1) chore(deps): update all dependencies - [`48aa72e`](https://togithub.com/securego/gosec/commit/48aa72e) Format the imports using the gci tool - [`b6df69c`](https://togithub.com/securego/gosec/commit/b6df69c) Fixup: delete unused variable - [`ccb0a08`](https://togithub.com/securego/gosec/commit/ccb0a08) Fix test: update test to comply with the spec of generated sources - [`3a0ea51`](https://togithub.com/securego/gosec/commit/3a0ea51) Refactor: use standard function to check if a file is generated - [`11c3252`](https://togithub.com/securego/gosec/commit/11c3252) Fix lint warnings - [`be378e6`](https://togithub.com/securego/gosec/commit/be378e6) Add support for math/rand/v2 added in Go 1.22 - [`36878a9`](https://togithub.com/securego/gosec/commit/36878a9) Skip the G601 tests for Go version 1.22 - [`903c75b`](https://togithub.com/securego/gosec/commit/903c75b) Update go version to 1.22.1 and 1.21.8 - [`f25ccd9`](https://togithub.com/securego/gosec/commit/f25ccd9) Ignore 'implicit memory aliasing' rule for Go 1.22+ - [`582e91a`](https://togithub.com/securego/gosec/commit/582e91a) chore(deps): update all dependencies - [`198a40c`](https://togithub.com/securego/gosec/commit/198a40c) chore(deps): update module golang.org/x/tools to v0.18.0 - [`c824a5d`](https://togithub.com/securego/gosec/commit/c824a5d) fix(hardcoded): remove duplicated `Stripe API Key` - [`d13d7da`](https://togithub.com/securego/gosec/commit/d13d7da) Update gosec version to v2.19.0 in the Github action ### [`v2.19.0`](https://togithub.com/securego/gosec/releases/tag/v2.19.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.18.2...v2.19.0) #### Changelog - [`26e57d6`](https://togithub.com/securego/gosec/commit/26e57d6) Update CI to go version 1.22 - [`e60b8d8`](https://togithub.com/securego/gosec/commit/e60b8d8) chore(deps): update all dependencies - [`1285eb7`](https://togithub.com/securego/gosec/commit/1285eb7) chore(deps): update all dependencies - [`cf4ab3e`](https://togithub.com/securego/gosec/commit/cf4ab3e) chore(deps): update all dependencies - [`277553c`](https://togithub.com/securego/gosec/commit/277553c) chore(deps): update all dependencies - [`57ec76b`](https://togithub.com/securego/gosec/commit/57ec76b) chore(deps): update all dependencies - [`8fa46c1`](https://togithub.com/securego/gosec/commit/8fa46c1) chore(deps): update dependency babel-standalone to v7.23.7 - [`53aa3f7`](https://togithub.com/securego/gosec/commit/53aa3f7) chore(deps): update module golang.org/x/crypto to v0.17.0 \[security] - [`187adab`](https://togithub.com/securego/gosec/commit/187adab) chore(deps): update all dependencies - [`e1f27ba`](https://togithub.com/securego/gosec/commit/e1f27ba) chore(deps): update actions/setup-go action to v5 - [`2aad3f0`](https://togithub.com/securego/gosec/commit/2aad3f0) Fix lint warnings by properly formatting the files - [`0e2a618`](https://togithub.com/securego/gosec/commit/0e2a618) chore: Refactor Sample Code to Separate Files - [`bc03d1c`](https://togithub.com/securego/gosec/commit/bc03d1c) Update go version to 1.21.5 and 1.20.12 ([#​1084](https://togithub.com/securego/gosec/issues/1084)) - [`79a6b47`](https://togithub.com/securego/gosec/commit/79a6b47) chore(deps): update all dependencies ([#​1080](https://togithub.com/securego/gosec/issues/1080)) - [`eb256a7`](https://togithub.com/securego/gosec/commit/eb256a7) Ignore the issues from generated files when using the analysis framework ([#​1079](https://togithub.com/securego/gosec/issues/1079)) - [`43b7cbf`](https://togithub.com/securego/gosec/commit/43b7cbf) Update README with upload-sarif v2 ([#​1078](https://togithub.com/securego/gosec/issues/1078)) - [`fece498`](https://togithub.com/securego/gosec/commit/fece498) chore(deps): update dependency babel-standalone to v7.23.4 - [`24c614b`](https://togithub.com/securego/gosec/commit/24c614b) Added ppc64le support - [`c736581`](https://togithub.com/securego/gosec/commit/c736581) chore(deps): update all dependencies - [`3188e3f`](https://togithub.com/securego/gosec/commit/3188e3f) Ensure ignores are handled properly for multi-line issues - [`6d56592`](https://togithub.com/securego/gosec/commit/6d56592) Update Go to version 1.21.4 and 1.20.11 - [`870103b`](https://togithub.com/securego/gosec/commit/870103b) chore(deps): update module golang.org/x/text to v0.14.0 - [`b50e493`](https://togithub.com/securego/gosec/commit/b50e493) chore(deps): update all dependencies - [`2f9965b`](https://togithub.com/securego/gosec/commit/2f9965b) Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM - [`fa1b74d`](https://togithub.com/securego/gosec/commit/fa1b74d) Avoid allocations with `(*regexp.Regexp).MatchString` - [`64bbe90`](https://togithub.com/securego/gosec/commit/64bbe90) Fix some typos - [`d9071e3`](https://togithub.com/securego/gosec/commit/d9071e3) Update local installation instructions by removing the details for Go 1.16 - [`5d837bc`](https://togithub.com/securego/gosec/commit/5d837bc) Update gosec version to 2.18.2 in the action ### [`v2.18.2`](https://togithub.com/securego/gosec/releases/tag/v2.18.2) [Compare Source](https://togithub.com/securego/gosec/compare/v2.18.1...v2.18.2) #### Changelog - [`55d7949`](https://togithub.com/securego/gosec/commit/55d7949) Disable dot-imports in revive linter - [`4656817`](https://togithub.com/securego/gosec/commit/4656817) chore(deps): update module github.com/onsi/gomega to v1.28.1 - [`5567ac4`](https://togithub.com/securego/gosec/commit/5567ac4) Run the gosec with data race detector active during tests - [`a239758`](https://togithub.com/securego/gosec/commit/a239758) Fix data race in the analyzer - [`c06903a`](https://togithub.com/securego/gosec/commit/c06903a) Fix test that checks the overriden nosec directive - [`bde2619`](https://togithub.com/securego/gosec/commit/bde2619) Clean global state in flgs tests - [`e108c56`](https://togithub.com/securego/gosec/commit/e108c56) Format the file - [`e298388`](https://togithub.com/securego/gosec/commit/e298388) Update README with details which describe the current behaviour of #nosec - [`d8a6d35`](https://togithub.com/securego/gosec/commit/d8a6d35) Ensure the ignores are parsed before analysing the package - [`7846db0`](https://togithub.com/securego/gosec/commit/7846db0) chore(deps): update all dependencies - [`8e0cf8c`](https://togithub.com/securego/gosec/commit/8e0cf8c) Update gosec to version 2.18.1 in the action - [`6b12a71`](https://togithub.com/securego/gosec/commit/6b12a71) Update cosign version to v2.2.0 ### [`v2.18.1`](https://togithub.com/securego/gosec/releases/tag/v2.18.1) [Compare Source](https://togithub.com/securego/gosec/compare/v2.18.0...v2.18.1) #### Changelog - [`0ec6cd9`](https://togithub.com/securego/gosec/commit/0ec6cd9) Refactor how ignored issues are tracked - [`f338a98`](https://togithub.com/securego/gosec/commit/f338a98) Restrict the maximum depth when tracking the slice bounds - [`7e2d8d3`](https://togithub.com/securego/gosec/commit/7e2d8d3) Handle empty ssa results - [`074353a`](https://togithub.com/securego/gosec/commit/074353a) Handle gracefully any panic that occurs when building the SSA representation of a package - [`ec31a3a`](https://togithub.com/securego/gosec/commit/ec31a3a) Fix typo - [`a11eb28`](https://togithub.com/securego/gosec/commit/a11eb28) Handle new function when getting the call info in case is overriden - [`5b7867d`](https://togithub.com/securego/gosec/commit/5b7867d) Bump golang.org/x/net from 0.16.0 to 0.17.0 ([#​1037](https://togithub.com/securego/gosec/issues/1037)) - [`dd08f99`](https://togithub.com/securego/gosec/commit/dd08f99) Update to Go 1.21.3 and 1.20.10 ([#​1035](https://togithub.com/securego/gosec/issues/1035)) - [`616520f`](https://togithub.com/securego/gosec/commit/616520f) Update the list of unsafe functions detected by the unsafe rule ([#​1033](https://togithub.com/securego/gosec/issues/1033)) - [`3952187`](https://togithub.com/securego/gosec/commit/3952187) Update the action to use gosec version v2.18.0 ([#​1029](https://togithub.com/securego/gosec/issues/1029)) - [`2b62dd1`](https://togithub.com/securego/gosec/commit/2b62dd1) Use a step ID in github release action to get the digest of the image ([#​1028](https://togithub.com/securego/gosec/issues/1028)) ### [`v2.18.0`](https://togithub.com/securego/gosec/releases/tag/v2.18.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.17.0...v2.18.0) #### Changelog - [`53fc0c3`](https://togithub.com/securego/gosec/commit/53fc0c3) Update to go version 1.21.2 and 1.20.9 ([#​1027](https://togithub.com/securego/gosec/issues/1027)) - [`7f7c47f`](https://togithub.com/securego/gosec/commit/7f7c47f) chore(deps): update all dependencies ([#​1026](https://togithub.com/securego/gosec/issues/1026)) - [`d864a91`](https://togithub.com/securego/gosec/commit/d864a91) Enable gochecknoinits; fix lint issues; use consts for some vars ([#​1022](https://togithub.com/securego/gosec/issues/1022)) - [`09cf6ef`](https://togithub.com/securego/gosec/commit/09cf6ef) Fix typos in struct fields, comments, and docs ([#​1023](https://togithub.com/securego/gosec/issues/1023)) - [`665e87b`](https://togithub.com/securego/gosec/commit/665e87b) chore(deps): update all dependencies - [`4def3a4`](https://togithub.com/securego/gosec/commit/4def3a4) Fix lint warning - [`0d332a1`](https://togithub.com/securego/gosec/commit/0d332a1) Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666 - [`293d887`](https://togithub.com/securego/gosec/commit/293d887) Fix lint warnings - [`ac482cb`](https://togithub.com/securego/gosec/commit/ac482cb) Update ginkgo to latest version - [`e02e2f6`](https://togithub.com/securego/gosec/commit/e02e2f6) Redesign and reimplement the slice out of bounds check using SSA code representation - [`e1278f9`](https://togithub.com/securego/gosec/commit/e1278f9) docs: add reMarkable to users list - [`f6a6496`](https://togithub.com/securego/gosec/commit/f6a6496) chore(deps): update all dependencies - [`aebe20c`](https://togithub.com/securego/gosec/commit/aebe20c) Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it - [`7a98537`](https://togithub.com/securego/gosec/commit/7a98537) Update to latest go version - [`b192f06`](https://togithub.com/securego/gosec/commit/b192f06) chore(deps): update all dependencies ([#​1011](https://togithub.com/securego/gosec/issues/1011)) - [`6c93653`](https://togithub.com/securego/gosec/commit/6c93653) Fix hardcoded_credentials rule to only match on more specific patterns ([#​1009](https://togithub.com/securego/gosec/issues/1009)) - [`325eb19`](https://togithub.com/securego/gosec/commit/325eb19) chore(deps): update all dependencies ([#​1008](https://togithub.com/securego/gosec/issues/1008)) - [`beef125`](https://togithub.com/securego/gosec/commit/beef125) Exclude maps from slince bounce check rule ([#​1006](https://togithub.com/securego/gosec/issues/1006)) - [`21d13c9`](https://togithub.com/securego/gosec/commit/21d13c9) Ignore struct pointers in G601 ([#​1003](https://togithub.com/securego/gosec/issues/1003)) - [`85005c4`](https://togithub.com/securego/gosec/commit/85005c4) Update gosec image version to 2.17.0 in the Github action ([#​1002](https://togithub.com/securego/gosec/issues/1002)) - [`6a2c5e1`](https://togithub.com/securego/gosec/commit/6a2c5e1) Update cosign to version v2.1.1 ([#​1000](https://togithub.com/securego/gosec/issues/1000)) ### [`v2.17.0`](https://togithub.com/securego/gosec/releases/tag/v2.17.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.16.0...v2.17.0) #### Changelog - [`a89e9d5`](https://togithub.com/securego/gosec/commit/a89e9d5) Enable go 1.21.0 in the CI build ([#​998](https://togithub.com/securego/gosec/issues/998)) - [`4b458c4`](https://togithub.com/securego/gosec/commit/4b458c4) chore(deps): update all dependencies ([#​997](https://togithub.com/securego/gosec/issues/997)) - [`7d51bfe`](https://togithub.com/securego/gosec/commit/7d51bfe) Update to go version 1.20.7 and 1.19.12 ([#​993](https://togithub.com/securego/gosec/issues/993)) - [`fc2f66b`](https://togithub.com/securego/gosec/commit/fc2f66b) chore(deps): update all dependencies ([#​992](https://togithub.com/securego/gosec/issues/992)) - [`2cf2f96`](https://togithub.com/securego/gosec/commit/2cf2f96) chore(deps): update module github.com/onsi/gomega to v1.27.10 ([#​991](https://togithub.com/securego/gosec/issues/991)) - [`bf7feda`](https://togithub.com/securego/gosec/commit/bf7feda) fix: correctly identify infixed concats as potential SQL injections ([#​987](https://togithub.com/securego/gosec/issues/987)) - [`2292ed5`](https://togithub.com/securego/gosec/commit/2292ed5) chore(deps): update all dependencies ([#​989](https://togithub.com/securego/gosec/issues/989)) - [`fc570b6`](https://togithub.com/securego/gosec/commit/fc570b6) Add a new flag terse to show only the results and summary ([#​986](https://togithub.com/securego/gosec/issues/986)) - [`36f6933`](https://togithub.com/securego/gosec/commit/36f6933) Switch to a maintained fork of zxcvbn module ([#​984](https://togithub.com/securego/gosec/issues/984)) - [`ed7b334`](https://togithub.com/securego/gosec/commit/ed7b334) Fix dependencies after bot update ([#​983](https://togithub.com/securego/gosec/issues/983)) - [`e76ad70`](https://togithub.com/securego/gosec/commit/e76ad70) chore(deps): update all dependencies ([#​982](https://togithub.com/securego/gosec/issues/982)) - [`3a6fd99`](https://togithub.com/securego/gosec/commit/3a6fd99) Update to Go version 1.19.11 and 1.20.6 ([#​981](https://togithub.com/securego/gosec/issues/981)) - [`ea39309`](https://togithub.com/securego/gosec/commit/ea39309) Fix and tidy the dependencies ([#​977](https://togithub.com/securego/gosec/issues/977)) - [`ef8f560`](https://togithub.com/securego/gosec/commit/ef8f560) chore(deps): update all dependencies ([#​976](https://togithub.com/securego/gosec/issues/976)) - [`17b7d31`](https://togithub.com/securego/gosec/commit/17b7d31) Update README file with new rule ([#​975](https://togithub.com/securego/gosec/issues/975)) - [`a018cf0`](https://togithub.com/securego/gosec/commit/a018cf0) Feature: G602 Slice Bound Checking ([#​973](https://togithub.com/securego/gosec/issues/973)) - [`82364a7`](https://togithub.com/securego/gosec/commit/82364a7) chore(deps): update all dependencies ([#​974](https://togithub.com/securego/gosec/issues/974)) - [`abeab10`](https://togithub.com/securego/gosec/commit/abeab10) Feature: G101 match variable values and names ([#​971](https://togithub.com/securego/gosec/issues/971)) - [`b824c10`](https://togithub.com/securego/gosec/commit/b824c10) Update build script to go version 1.20.5 - [`022584d`](https://togithub.com/securego/gosec/commit/022584d) chore(deps): update all dependencies - [`bd58600`](https://togithub.com/securego/gosec/commit/bd58600) Recognize struct field in G601 - [`1457921`](https://togithub.com/securego/gosec/commit/1457921) Remove the depguard from the list of enabled linters - [`1f68996`](https://togithub.com/securego/gosec/commit/1f68996) Fix typos in comments, vars and tests - [`e148465`](https://togithub.com/securego/gosec/commit/e148465) chore(deps): update all dependencies - [`9120883`](https://togithub.com/securego/gosec/commit/9120883) Fix no-sec alternative tag ([#​962](https://togithub.com/securego/gosec/issues/962)) - [`87cc45e`](https://togithub.com/securego/gosec/commit/87cc45e) Use image digest instead of tag when signing the released image with cosign ([#​960](https://togithub.com/securego/gosec/issues/960)) - [`6df05bd`](https://togithub.com/securego/gosec/commit/6df05bd) Update gosec image version to 2.16.0 in the Github action ([#​959](https://togithub.com/securego/gosec/issues/959)) ### [`v2.16.0`](https://togithub.com/securego/gosec/releases/tag/v2.16.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.15.0...v2.16.0) #### Changelog - [`c5ea1b7`](https://togithub.com/securego/gosec/commit/c5ea1b7) Update cosign to latest version in release Github action ([#​958](https://togithub.com/securego/gosec/issues/958)) - [`8632a8c`](https://togithub.com/securego/gosec/commit/8632a8c) chore(deps): update all dependencies ([#​956](https://togithub.com/securego/gosec/issues/956)) - [`ae3c2f7`](https://togithub.com/securego/gosec/commit/ae3c2f7) Update go version in build and release scripts ([#​957](https://togithub.com/securego/gosec/issues/957)) - [`970cc29`](https://togithub.com/securego/gosec/commit/970cc29) chore(deps): update all dependencies ([#​955](https://togithub.com/securego/gosec/issues/955)) - [`47bfd4e`](https://togithub.com/securego/gosec/commit/47bfd4e) Update Go version to 1.20.3 ([#​953](https://togithub.com/securego/gosec/issues/953)) - [`440141a`](https://togithub.com/securego/gosec/commit/440141a) chore(deps): update all dependencies ([#​952](https://togithub.com/securego/gosec/issues/952)) - [`7df7baa`](https://togithub.com/securego/gosec/commit/7df7baa) Fix for Dockerfile smell DL3059 ([#​951](https://togithub.com/securego/gosec/issues/951)) - [`2ee3213`](https://togithub.com/securego/gosec/commit/2ee3213) README: upgrade GitHub action in examples ([#​950](https://togithub.com/securego/gosec/issues/950)) - [`68b5201`](https://togithub.com/securego/gosec/commit/68b5201) enable ginkgolinter linter ([#​948](https://togithub.com/securego/gosec/issues/948)) - [`780ebd0`](https://togithub.com/securego/gosec/commit/780ebd0) chore(deps): update all dependencies ([#​947](https://togithub.com/securego/gosec/issues/947)) - [`d6aeaad`](https://togithub.com/securego/gosec/commit/d6aeaad) correct gci linter ([#​946](https://togithub.com/securego/gosec/issues/946)) - [`73f0efc`](https://togithub.com/securego/gosec/commit/73f0efc) remove deprecated linters - [`aef69b3`](https://togithub.com/securego/gosec/commit/aef69b3) increase timeout to 5m - [`6bad723`](https://togithub.com/securego/gosec/commit/6bad723) chore(deps): update all dependencies - [`96bb741`](https://togithub.com/securego/gosec/commit/96bb741) Use the latest version - [`6a73248`](https://togithub.com/securego/gosec/commit/6a73248) Fix some linting warnings - [`83fc5e6`](https://togithub.com/securego/gosec/commit/83fc5e6) Fix lint warning - [`8e7cf4b`](https://togithub.com/securego/gosec/commit/8e7cf4b) Bump the go versions and golanci - [`e7bfcd1`](https://togithub.com/securego/gosec/commit/e7bfcd1) chore(deps): update all dependencies ([#​942](https://togithub.com/securego/gosec/issues/942)) - [`f823a7e`](https://togithub.com/securego/gosec/commit/f823a7e) Check nil pointer when variable is declared in a different file - [`cdd3476`](https://togithub.com/securego/gosec/commit/cdd3476) fix dead link to issue.go in README.md ([#​936](https://togithub.com/securego/gosec/issues/936)) - [`d5a9c73`](https://togithub.com/securego/gosec/commit/d5a9c73) Remove rule G307 which checks when an error is not handled when a file or socket connection is closed ([#​935](https://togithub.com/securego/gosec/issues/935)) - [`27bf0e4`](https://togithub.com/securego/gosec/commit/27bf0e4) Fix rule index reference into sarif report ([#​934](https://togithub.com/securego/gosec/issues/934)) - [`e7b896f`](https://togithub.com/securego/gosec/commit/e7b896f) Bump golang.org/x/net from 0.6.0 to 0.7.0 - [`4340efa`](https://togithub.com/securego/gosec/commit/4340efa) Format file - [`f850069`](https://togithub.com/securego/gosec/commit/f850069) Use the gosec issue in the go analysers - [`b1fd948`](https://togithub.com/securego/gosec/commit/b1fd948) Fix file formatting - [`2071786`](https://togithub.com/securego/gosec/commit/2071786) Update Go version in CI builds - [`1915717`](https://togithub.com/securego/gosec/commit/1915717) Fix method name in the comment - [`de2c6a3`](https://togithub.com/securego/gosec/commit/de2c6a3) Extract the issue in its own package - [`31e6327`](https://togithub.com/securego/gosec/commit/31e6327) Add support for Go analysis framework and SSA code representation - [`e795d75`](https://togithub.com/securego/gosec/commit/e795d75) chore(deps): update all dependencies ([#​931](https://togithub.com/securego/gosec/issues/931)) - [`8aa00db`](https://togithub.com/securego/gosec/commit/8aa00db) Remove the version form ci github action - [`392e53c`](https://togithub.com/securego/gosec/commit/392e53c) Pin github action to latest release version 2.15.0 - [`ffe254e`](https://togithub.com/securego/gosec/commit/ffe254e) Revert the image tag in github action until a working solution is found - [`a0eddfb`](https://togithub.com/securego/gosec/commit/a0eddfb) Fix version interpolation in github action image - [`d22a7b6`](https://togithub.com/securego/gosec/commit/d22a7b6) Add gosec version as an input parameter to GitHub action ([#​927](https://togithub.com/securego/gosec/issues/927)) - [`2d6b0a5`](https://togithub.com/securego/gosec/commit/2d6b0a5) Update release build script ([#​924](https://togithub.com/securego/gosec/issues/924)) ### [`v2.15.0`](https://togithub.com/securego/gosec/releases/tag/v2.15.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.14.0...v2.15.0) #### Changelog - [`a459eb0`](https://togithub.com/securego/gosec/commit/a459eb0) Fix dependencies after renovate update - [`54f56c7`](https://togithub.com/securego/gosec/commit/54f56c7) chore(deps): update all dependencies ([#​922](https://togithub.com/securego/gosec/issues/922)) - [`df14837`](https://togithub.com/securego/gosec/commit/df14837) Update to Go 1.20 and fix unit tests ([#​923](https://togithub.com/securego/gosec/issues/923)) - [`b4270dd`](https://togithub.com/securego/gosec/commit/b4270dd) Update Go to latest version ([#​920](https://togithub.com/securego/gosec/issues/920)) - [`a624254`](https://togithub.com/securego/gosec/commit/a624254) Update hardcoded_credentials.go fix: adaper equal expr which const value at left ([#​917](https://togithub.com/securego/gosec/issues/917)) - [`9432e67`](https://togithub.com/securego/gosec/commit/9432e67) Fix github latest URL ([#​918](https://togithub.com/securego/gosec/issues/918)) - [`e85e1a7`](https://togithub.com/securego/gosec/commit/e85e1a7) Fix github release url ([#​916](https://togithub.com/securego/gosec/issues/916)) - [`7dcb8c7`](https://togithub.com/securego/gosec/commit/7dcb8c7) chore(deps): update module github.com/onsi/ginkgo/v2 to v2.7.0 ([#​914](https://togithub.com/securego/gosec/issues/914)) - [`c5d217d`](https://togithub.com/securego/gosec/commit/c5d217d) Update Go version in CI script ([#​913](https://togithub.com/securego/gosec/issues/913)) - [`5874e63`](https://togithub.com/securego/gosec/commit/5874e63) Track back when a file path was sanitized with filepath.Clean ([#​912](https://togithub.com/securego/gosec/issues/912)) - [`fd28036`](https://togithub.com/securego/gosec/commit/fd28036) Fix the TLS config rule when parsing the settings from a variable ([#​911](https://togithub.com/securego/gosec/issues/911)) - [`a522ae6`](https://togithub.com/securego/gosec/commit/a522ae6) Fix build after updating the dependencies ([#​910](https://togithub.com/securego/gosec/issues/910)) - [`4cc97ad`](https://togithub.com/securego/gosec/commit/4cc97ad) chore(deps): update all dependencies ([#​909](https://togithub.com/securego/gosec/issues/909)) - [`05a7bc5`](https://togithub.com/securego/gosec/commit/05a7bc5) Fix dependencies after renovate update ([#​907](https://togithub.com/securego/gosec/issues/907)) - [`11898d5`](https://togithub.com/securego/gosec/commit/11898d5) chore(deps): update all dependencies ([#​906](https://togithub.com/securego/gosec/issues/906)) - [`f9a8bf0`](https://togithub.com/securego/gosec/commit/f9a8bf0) Update slack badge and link ([#​905](https://togithub.com/securego/gosec/issues/905)) - [`dabc7dc`](https://togithub.com/securego/gosec/commit/dabc7dc) Auto-detect TLS MinVersion integer base ([#​903](https://togithub.com/securego/gosec/issues/903)) - [`c39bcdb`](https://togithub.com/securego/gosec/commit/c39bcdb) Adding s390x support ([#​902](https://togithub.com/securego/gosec/issues/902)) - [`e06bbf9`](https://togithub.com/securego/gosec/commit/e06bbf9) chore(deps): update all dependencies ([#​904](https://togithub.com/securego/gosec/issues/904)) - [`f79c584`](https://togithub.com/securego/gosec/commit/f79c584) chore(deps): update all dependencies ([#​898](https://togithub.com/securego/gosec/issues/898)) - [`44f484f`](https://togithub.com/securego/gosec/commit/44f484f) Additional types for bad defer check ([#​897](https://togithub.com/securego/gosec/issues/897)) - [`2fe6c5b`](https://togithub.com/securego/gosec/commit/2fe6c5b) chore(deps): update all dependencies ([#​894](https://togithub.com/securego/gosec/issues/894)) - [`a0b7ebb`](https://togithub.com/securego/gosec/commit/a0b7ebb) chore(deps): update all dependencies ([#​892](https://togithub.com/securego/gosec/issues/892)) - [`0acfbb4`](https://togithub.com/securego/gosec/commit/0acfbb4) Update Go version in CI scripts ([#​889](https://togithub.com/securego/gosec/issues/889)) - [`6a964b2`](https://togithub.com/securego/gosec/commit/6a964b2) chore(deps): update all dependencies ([#​888](https://togithub.com/securego/gosec/issues/888)) - [`a7ad827`](https://togithub.com/securego/gosec/commit/a7ad827) Allow to override build date with SOURCE_DATE_EPOCH ([#​887](https://togithub.com/securego/gosec/issues/887)) - [`26f0389`](https://togithub.com/securego/gosec/commit/26f0389) chore(deps): update all dependencies ([#​886](https://togithub.com/securego/gosec/issues/886)) - [`7f91d85`](https://togithub.com/securego/gosec/commit/7f91d85) chore(deps): update all dependencies ([#​884](https://togithub.com/securego/gosec/issues/884)) - [`cf63541`](https://togithub.com/securego/gosec/commit/cf63541) fileperms: bitwise permission comparison ([#​883](https://togithub.com/securego/gosec/issues/883)) ### [`v2.14.0`](https://togithub.com/securego/gosec/releases/tag/v2.14.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.13.1...v2.14.0) #### Changelog - [`1af1d5b`](https://togithub.com/securego/gosec/commit/1af1d5b) Pin release build to Go version 1.19.2 ([#​882](https://togithub.com/securego/gosec/issues/882)) - [`0ae0174`](https://togithub.com/securego/gosec/commit/0ae0174) Refactor to support duplicate imports with different aliases ([#​865](https://togithub.com/securego/gosec/issues/865)) - [`a2719d3`](https://togithub.com/securego/gosec/commit/a2719d3) chore(deps): update all dependencies ([#​881](https://togithub.com/securego/gosec/issues/881)) - [`ed38681`](https://togithub.com/securego/gosec/commit/ed38681) go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions ([#​880](https://togithub.com/securego/gosec/issues/880)) - [`8466173`](https://togithub.com/securego/gosec/commit/8466173) Update Go version to 1.19 in the makefile ([#​876](https://togithub.com/securego/gosec/issues/876)) - [`f9ad0d8`](https://togithub.com/securego/gosec/commit/f9ad0d8) chore(deps): update all dependencies ([#​875](https://togithub.com/securego/gosec/issues/875)) - [`6cd9e62`](https://togithub.com/securego/gosec/commit/6cd9e62) Add CWE-676 to cwe mapping ([#​874](https://togithub.com/securego/gosec/issues/874)) - [`bb4a1e3`](https://togithub.com/securego/gosec/commit/bb4a1e3) chore(deps): update all dependencies ([#​872](https://togithub.com/securego/gosec/issues/872)) - [`7ea37bb`](https://togithub.com/securego/gosec/commit/7ea37bb) Add a way to use private repositories on GitHub ([#​869](https://togithub.com/securego/gosec/issues/869)) - [`e244c81`](https://togithub.com/securego/gosec/commit/e244c81) chore(deps): update all dependencies ([#​868](https://togithub.com/securego/gosec/issues/868)) - [`e9b2781`](https://togithub.com/securego/gosec/commit/e9b2781) Check go version when installing govulncheck - [`88c23de`](https://togithub.com/securego/gosec/commit/88c23de) Check go version when running govulncheck - [`84f6424`](https://togithub.com/securego/gosec/commit/84f6424) Add vulncheck to the test steps - [`180fc23`](https://togithub.com/securego/gosec/commit/180fc23) chore(deps): update all dependencies - [`dfde579`](https://togithub.com/securego/gosec/commit/dfde579) Fix false positives for G404 with aliased packages - [`aaaf80c`](https://togithub.com/securego/gosec/commit/aaaf80c) chore(deps): update all dependencies - [`ae58325`](https://togithub.com/securego/gosec/commit/ae58325) chore(deps): update all dependencies - [`a892be9`](https://togithub.com/securego/gosec/commit/a892be9) fix: add a CWE ID mapping to rule G114 - [`a319b66`](https://togithub.com/securego/gosec/commit/a319b66) chore(deps): update golang.org/x/crypto digest to [`bc19a97`](https://togithub.com/securego/gosec/commit/bc19a97) ### [`v2.13.1`](https://togithub.com/securego/gosec/releases/tag/v2.13.1) [Compare Source](https://togithub.com/securego/gosec/compare/v2.13.0...v2.13.1) #### Changelog - [`19fa856`](https://togithub.com/securego/gosec/commit/19fa856) fix: make sure that nil Cwe pointer is handled when getting the CWE ID - [`62fa4b4`](https://togithub.com/securego/gosec/commit/62fa4b4) test: remove white spaces from template - [`074dc71`](https://togithub.com/securego/gosec/commit/074dc71) fix: handle nil CWE pointer in text template ### [`v2.13.0`](https://togithub.com/securego/gosec/releases/tag/v2.13.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.12.0...v2.13.0) #### Changelog - [`79a5b13`](https://togithub.com/securego/gosec/commit/79a5b13) chore(deps): update dependency babel-standalone to v7 - [`97f03d9`](https://togithub.com/securego/gosec/commit/97f03d9) chore: update module go to 1.19 - [`0ba05e1`](https://togithub.com/securego/gosec/commit/0ba05e1) chore: fix lint warnings - [`d3933f9`](https://togithub.com/securego/gosec/commit/d3933f9) chore: add support for Go 1.19 - [`4e68fb5`](https://togithub.com/securego/gosec/commit/4e68fb5) fix: parsing of the Go version ([#​844](https://togithub.com/securego/gosec/issues/844)) - [`0c8e63e`](https://togithub.com/securego/gosec/commit/0c8e63e) Detect use of net/http functions that have no support for setting timeouts ([#​842](https://togithub.com/securego/gosec/issues/842)) - [`6a26c23`](https://togithub.com/securego/gosec/commit/6a26c23) Refactor SQL rules for better extensibility ([#​841](https://togithub.com/securego/gosec/issues/841)) - [`1b0873a`](https://togithub.com/securego/gosec/commit/1b0873a) chore(deps): update module golang.org/x/tools to v0.1.12 ([#​840](https://togithub.com/securego/gosec/issues/840)) - [`845483e`](https://togithub.com/securego/gosec/commit/845483e) Fix lint warning - [`45bf9a6`](https://togithub.com/securego/gosec/commit/45bf9a6) Check the suppressed issues when generating the exit code - [`a5982fb`](https://togithub.com/securego/gosec/commit/a5982fb) Fix for G402. Check package path instead of package name ([#​838](https://togithub.com/securego/gosec/issues/838)) - [`ea6d49d`](https://togithub.com/securego/gosec/commit/ea6d49d) fix G204 bugs ([#​835](https://togithub.com/securego/gosec/issues/835)) - [`21fcd2f`](https://togithub.com/securego/gosec/commit/21fcd2f) Phase out support for Go 1.16 since is not supported anymore by Go team ([#​837](https://togithub.com/securego/gosec/issues/837)) - [`3cda47a`](https://togithub.com/securego/gosec/commit/3cda47a) chore(deps): update all dependencies ([#​836](https://togithub.com/securego/gosec/issues/836)) - [`0212c83`](https://togithub.com/securego/gosec/commit/0212c83) chore(deps): update dependency highlight.js to v11.6.0 ([#​830](https://togithub.com/securego/gosec/issues/830)) - [`9a25f4e`](https://togithub.com/securego/gosec/commit/9a25f4e) fix: filepaths with git anywhere in them being erroneously excluded ([#​828](https://togithub.com/securego/gosec/issues/828)) - [`602ced7`](https://togithub.com/securego/gosec/commit/602ced7) Fix wrong location for G109 ([#​829](https://togithub.com/securego/gosec/issues/829)) - [`7dd9ddd`](https://togithub.com/securego/gosec/commit/7dd9ddd) chore(deps): update golang.org/x/crypto digest to [`0559593`](https://togithub.com/securego/gosec/commit/0559593) ([#​826](https://togithub.com/securego/gosec/issues/826)) - [`b0f3e78`](https://togithub.com/securego/gosec/commit/b0f3e78) fix ReadTimeout for G112 rule - [`05f3ca8`](https://togithub.com/securego/gosec/commit/05f3ca8) Pin cosign-installer to `v2` ([#​824](https://togithub.com/securego/gosec/issues/824)) ### [`v2.12.0`](https://togithub.com/securego/gosec/releases/tag/v2.12.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.11.0...v2.12.0) #### Changelog - [`a9b0ef0`](https://togithub.com/securego/gosec/commit/a9b0ef0) chore(deps): update all dependencies ([#​822](https://togithub.com/securego/gosec/issues/822)) - [`9c19cb6`](https://togithub.com/securego/gosec/commit/9c19cb6) Add check for usage of Rat.SetString in math/big with an overflow error ([#​819](https://togithub.com/securego/gosec/issues/819)) - [`fb587c1`](https://togithub.com/securego/gosec/commit/fb587c1) Remove additional `--update` for apk in Dockerfile ([#​818](https://togithub.com/securego/gosec/issues/818)) - [`c3ede62`](https://togithub.com/securego/gosec/commit/c3ede62) Update x/tools to pick up fix for [golang/go#51629](https://togithub.com/golang/go/issues/51629) ([#​817](https://togithub.com/securego/gosec/issues/817)) - [`0a929c7`](https://togithub.com/securego/gosec/commit/0a929c7) chore(deps): update all dependencies ([#​816](https://togithub.com/securego/gosec/issues/816)) - [`12be148`](https://togithub.com/securego/gosec/commit/12be148) chore(deps): update all dependencies ([#​812](https://togithub.com/securego/gosec/issues/812)) - [`0dcc336`](https://togithub.com/securego/gosec/commit/0dcc336) chore(deps): update all dependencies ([#​811](https://togithub.com/securego/gosec/issues/811)) - [`34d144b`](https://togithub.com/securego/gosec/commit/34d144b) Add new rule for Slowloris Attack - [`a64cde5`](https://togithub.com/securego/gosec/commit/a64cde5) Fix the dependencies after renovate upate ([#​806](https://togithub.com/securego/gosec/issues/806)) - [`b69c3d4`](https://togithub.com/securego/gosec/commit/b69c3d4) chore(deps): update all dependencies ([#​805](https://togithub.com/securego/gosec/issues/805)) - [`89dfdc0`](https://togithub.com/securego/gosec/commit/89dfdc0) Update the description message of template rule ([#​803](https://togithub.com/securego/gosec/issues/803)) - [`0791d31`](https://togithub.com/securego/gosec/commit/0791d31) Fix typo in ReadMe ([#​802](https://togithub.com/securego/gosec/issues/802)) - [`2ef1d9a`](https://togithub.com/securego/gosec/commit/2ef1d9a) Fix build after renovate update ([#​800](https://togithub.com/securego/gosec/issues/800)) - [`afc9903`](https://togithub.com/securego/gosec/commit/afc9903) Fix use rule IDs to retrieve the rule config - [`82eaa12`](https://togithub.com/securego/gosec/commit/82eaa12) chore(deps): update all dependencies ([#​796](https://togithub.com/securego/gosec/issues/796)) ### [`v2.11.0`](https://togithub.com/securego/gosec/releases/tag/v2.11.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.10.0...v2.11.0) #### Changelog - [`607d607`](https://togithub.com/securego/gosec/commit/607d607) Enable Go 1.18 in the ci and release workflows - [`b99b5f7`](https://togithub.com/securego/gosec/commit/b99b5f7) Fix the lint action after upgrade ([#​790](https://togithub.com/securego/gosec/issues/790)) - [`8af0af7`](https://togithub.com/securego/gosec/commit/8af0af7) chore(deps): update all dependencies ([#​789](https://togithub.com/securego/gosec/issues/789)) - [`ea5d31f`](https://togithub.com/securego/gosec/commit/ea5d31f) Add a recursive flag -r to skip specifying ./... path - [`48bbf96`](https://togithub.com/securego/gosec/commit/48bbf96) Adds directory traversal for Http.Dir("/") ### [`v2.10.0`](https://togithub.com/securego/gosec/releases/tag/v2.10.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.6...v2.10.0) #### Changelog - [`26f10e0`](https://togithub.com/securego/gosec/commit/26f10e0) Extend the release action to sign the docker image and binary files with cosign ([#​781](https://togithub.com/securego/gosec/issues/781)) - [`7d539ed`](https://togithub.com/securego/gosec/commit/7d539ed) feat: add concurrency option to parallelize package loading ([#​778](https://togithub.com/securego/gosec/issues/778)) - [`43577ce`](https://togithub.com/securego/gosec/commit/43577ce) chore(deps): update all dependencies - [`c0680bb`](https://togithub.com/securego/gosec/commit/c0680bb) Process the code snippet before adding it to the SARIF report - [`db8d98b`](https://togithub.com/securego/gosec/commit/db8d98b) Updated sponsor link in README.md - [`507f847`](https://togithub.com/securego/gosec/commit/507f847) chore(deps): update golang.org/x/crypto commit hash to [`30dcbda`](https://togithub.com/securego/gosec/commit/30dcbda) - [`853e1d5`](https://togithub.com/securego/gosec/commit/853e1d5) chore(deps): update all dependencies - [`09a2941`](https://togithub.com/securego/gosec/commit/09a2941) Use the CWE name as a name in the SARIF report - [`9399e7b`](https://togithub.com/securego/gosec/commit/9399e7b) chore(deps): update all dependencies ([#​771](https://togithub.com/securego/gosec/issues/771)) - [`2fad8a4`](https://togithub.com/securego/gosec/commit/2fad8a4) Resolve the TLS min version when is declarted in the same package but in a different file - [`1fbcf10`](https://togithub.com/securego/gosec/commit/1fbcf10) Add a test for tls min version defined in a different file - [`b12c0f6`](https://togithub.com/securego/gosec/commit/b12c0f6) chore(deps): update all dependencies ([#​765](https://togithub.com/securego/gosec/issues/765)) ### [`v2.9.6`](https://togithub.com/securego/gosec/releases/tag/v2.9.6) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.5...v2.9.6) #### Changelog - [`1d909e2`](https://togithub.com/securego/gosec/commit/1d909e2) Add db.Exec and db.Prepare to the sql rule ([#​763](https://togithub.com/securego/gosec/issues/763)) - [`742aa84`](https://togithub.com/securego/gosec/commit/742aa84) chore(deps): update golang.org/x/crypto commit hash to [`5e0467b`](https://togithub.com/securego/gosec/commit/5e0467b) ([#​764](https://togithub.com/securego/gosec/issues/764)) - [`7be6d4e`](https://togithub.com/securego/gosec/commit/7be6d4e) Add os.Create to the readfile rule ([#​761](https://togithub.com/securego/gosec/issues/761)) - [`75cc7dc`](https://togithub.com/securego/gosec/commit/75cc7dc) Fix false negative for SQL injection when using DB.QueryRow.Scan() ([#​759](https://togithub.com/securego/gosec/issues/759)) - [`58058af`](https://togithub.com/securego/gosec/commit/58058af) chore(deps): update dependency highlight.js to v11.4.0 ([#​758](https://togithub.com/securego/gosec/issues/758)) - [`9d66b0d`](https://togithub.com/securego/gosec/commit/9d66b0d) Fix false negatives for SQL injection in multi-line queries - [`4c1afaa`](https://togithub.com/securego/gosec/commit/4c1afaa) Find G303 with filepath.Join'd temp dirs ([#​754](https://togithub.com/securego/gosec/issues/754)) - [`19bda8d`](https://togithub.com/securego/gosec/commit/19bda8d) Find more tempdirs - [`827fca9`](https://togithub.com/securego/gosec/commit/827fca9) build(fmt): use `[` instead of `[[` ([#​751](https://togithub.com/securego/gosec/issues/751)) - [`ad5d74d`](https://togithub.com/securego/gosec/commit/ad5d74d) Update to ginkgo v2 ([#​753](https://togithub.com/securego/gosec/issues/753)) - [`72f1145`](https://togithub.com/securego/gosec/commit/72f1145) Fix [#​743](https://togithub.com/securego/gosec/issues/743) ([#​748](https://togithub.com/securego/gosec/issues/748)) - [`63a8e78`](https://togithub.com/securego/gosec/commit/63a8e78) Handle nil when looking up a file by position into a package ([#​747](https://togithub.com/securego/gosec/issues/747)) - [`3038a30`](https://togithub.com/securego/gosec/commit/3038a30) Add in the config file settings for exclude and include options - [`bf0dd2f`](https://togithub.com/securego/gosec/commit/bf0dd2f) chore(deps): update golang.org/x/crypto commit hash to [`e495a2d`](https://togithub.com/securego/gosec/commit/e495a2d) ([#​745](https://togithub.com/securego/gosec/issues/745)) - [`2d1c1a6`](https://togithub.com/securego/gosec/commit/2d1c1a6) Track both #nosec and #nosec rulelist for one violation ([#​741](https://togithub.com/securego/gosec/issues/741)) - [`e0f354a`](https://togithub.com/securego/gosec/commit/e0f354a) Add the sponsors section in the README file ([#​740](https://togithub.com/securego/gosec/issues/740)) - [`d23ab2d`](https://togithub.com/securego/gosec/commit/d23ab2d) Remove space between `//` and `#nosec` in examples and internal use ### [`v2.9.5`](https://togithub.com/securego/gosec/releases/tag/v2.9.5) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.4...v2.9.5) #### Changelog - [`35af340`](https://togithub.com/securego/gosec/commit/35af340) Fix [#​736](https://togithub.com/securego/gosec/issues/736) ([#​738](https://togithub.com/securego/gosec/issues/738)) - [`6c0b344`](https://togithub.com/securego/gosec/commit/6c0b344) chore(deps): update golang.org/x/crypto commit hash to [`4570a08`](https://togithub.com/securego/gosec/commit/4570a08) ([#​737](https://togithub.com/securego/gosec/issues/737)) ### [`v2.9.4`](https://togithub.com/securego/gosec/releases/tag/v2.9.4) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.3...v2.9.4) #### Changelog - [`b45f95f`](https://togithub.com/securego/gosec/commit/b45f95f) Add support for suppressing the findings - [`040327f`](https://togithub.com/securego/gosec/commit/040327f) chore(deps): update all dependencies ([#​734](https://togithub.com/securego/gosec/issues/734)) ### [`v2.9.3`](https://togithub.com/securego/gosec/releases/tag/v2.9.3) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.2...v2.9.3) #### Changelog [`6a41fb9`](https://togithub.com/securego/gosec/commit/6a41fb9) Fix [https://github.com/securego/gosec/issues/714](https://togithub.com/securego/gosec/issues/714) ([#​733](https://togithub.com/securego/gosec/issues/733)) [`c95e9c2`](https://togithub.com/securego/gosec/commit/c95e9c2) chore(deps): update all dependencies ([#​731](https://togithub.com/securego/gosec/issues/731)) ### [`v2.9.2`](https://togithub.com/securego/gosec/releases/tag/v2.9.2) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.1...v2.9.2) #### Changelog [`e57efa8`](https://togithub.com/securego/gosec/commit/e57efa8) Fix a panic in suproc rule when the declaration of the variable is not available in the AST ([#​728](https://togithub.com/securego/gosec/issues/728)) [`ff17c30`](https://togithub.com/securego/gosec/commit/ff17c30) Use go embed for templates ([#​725](https://togithub.com/securego/gosec/issues/725)) [`3eba7b8`](https://togithub.com/securego/gosec/commit/3eba7b8) add openssh to docker image ([#​719](https://togithub.com/securego/gosec/issues/719)) [`55c6cea`](https://togithub.com/securego/gosec/commit/55c6cea) Fix crash when parsing the TLS min version value ([#​724](https://togithub.com/securego/gosec/issues/724)) [`40fa36d`](https://togithub.com/securego/gosec/commit/40fa36d) G303: catch with os.WriteFile, add os.Create test case ([#​718](https://togithub.com/securego/gosec/issues/718)) [`873ac24`](https://togithub.com/securego/gosec/commit/873ac24) chore(deps): update all dependencies ([#​722](https://togithub.com/securego/gosec/issues/722)) [`f1f0056`](https://togithub.com/securego/gosec/commit/f1f0056) Spelling fixes ([#​717](https://togithub.com/securego/gosec/issues/717)) [`0680c75`](https://togithub.com/securego/gosec/commit/0680c75) chore(deps): update all dependencies ([#​716](https://togithub.com/securego/gosec/issues/716)) [`79c8b79`](https://togithub.com/securego/gosec/commit/79c8b79) use a better naming for the variable ([#​715](https://togithub.com/securego/gosec/issues/715)) ### [`v2.9.1`](https://togithub.com/securego/gosec/releases/tag/v2.9.1) [Compare Source](https://togithub.com/securego/gosec/compare/v2.9.0...v2.9.1) #### Changelog [`6921395`](https://togithub.com/securego/gosec/commit/6921395) Fix the SBOM generation step in the release action ([#​712](https://togithub.com/securego/gosec/issues/712)) [`5a3a27a`](https://togithub.com/securego/gosec/commit/5a3a27a) Phase out support for go version 1.15 because current ginko is not backward compatible ([#​710](https://togithub.com/securego/gosec/issues/710)) ### [`v2.9.0`](https://togithub.com/securego/gosec/compare/v2.8.1...v2.9.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.8.1...v2.9.0) ### [`v2.8.1`](https://togithub.com/securego/gosec/releases/tag/v2.8.1) [Compare Source](https://togithub.com/securego/gosec/compare/v2.8.0...v2.8.1) #### Changelog [`3f800cc`](https://togithub.com/securego/gosec/commit/3f800cc) Fix the unit tests ([#​652](https://togithub.com/securego/gosec/issues/652)) [`df10b65`](https://togithub.com/securego/gosec/commit/df10b65) Fix gosimple lint warning ([#​651](https://togithub.com/securego/gosec/issues/651)) [`731d0d5`](https://togithub.com/securego/gosec/commit/731d0d5) Results must always be present in the SARIF report ([#​650](https://togithub.com/securego/gosec/issues/650)) [`3c230ac`](https://togithub.com/securego/gosec/commit/3c230ac) errors.go: add Hash.Write() to the white list. ([#​648](https://togithub.com/securego/gosec/issues/648)) [`e72b1e5`](https://togithub.com/securego/gosec/commit/e72b1e5) Use of vars instead of func [`c81cff0`](https://togithub.com/securego/gosec/commit/c81cff0) Update all dependencies ([#​646](https://togithub.com/securego/gosec/issues/646)) [`3ff0a2c`](https://togithub.com/securego/gosec/commit/3ff0a2c) Fixes [#​644](https://togithub.com/securego/gosec/issues/644) ([#​645](https://togithub.com/securego/gosec/issues/645)) [`e3dffd6`](https://togithub.com/securego/gosec/commit/e3dffd6) Update renovate configuration [`aa35eb5`](https://togithub.com/securego/gosec/commit/aa35eb5) Delete renovate.json ([#​642](https://togithub.com/securego/gosec/issues/642)) [`3b1b77e`](https://togithub.com/securego/gosec/commit/3b1b77e) add onboarding ([#​640](https://togithub.com/securego/gosec/issues/640)) [`03360ba`](https://togithub.com/securego/gosec/commit/03360ba) Update renovate configuration [`8a8dbec`](https://togithub.com/securego/gosec/commit/8a8dbec) Tidy up the dependencies ([#​637](https://togithub.com/securego/gosec/issues/637)) [`3a4d09b`](https://togithub.com/securego/gosec/commit/3a4d09b) Update all dependencies ([#​635](https://togithub.com/securego/gosec/issues/635)) [`6cde6b3`](https://togithub.com/securego/gosec/commit/6cde6b3) Disable cache in golangci job ([#​636](https://togithub.com/securego/gosec/issues/636)) [`1256f16`](https://togithub.com/securego/gosec/commit/1256f16) Fix lint and fail on error in the ci build [`dbb9811`](https://togithub.com/securego/gosec/commit/dbb9811) Add crypto and lint to the tools modules [`244adc6`](https://togithub.com/securego/gosec/commit/244adc6) Update the github ci action to use cache and matrix strategy [`df1249d`](https://togithub.com/securego/gosec/commit/df1249d) Update install.sh with more installation options [`af27673`](https://togithub.com/securego/gosec/commit/af27673) Update README.md ### [`v2.8.0`](https://togithub.com/securego/gosec/releases/tag/v2.8.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.7.0...v2.8.0) #### Changelog [`9fc8e20`](https://togithub.com/securego/gosec/commit/9fc8e20) Add favicon for HTML template ([#​628](https://togithub.com/securego/gosec/issues/628)) [`91dae7f`](https://togithub.com/securego/gosec/commit/91dae7f) Update the design of HTML report [`e72f54e`](https://togithub.com/securego/gosec/commit/e72f54e) Fix HTML template and display the gosec version [`c3f25b8`](https://togithub.com/securego/gosec/commit/c3f25b8) fix html report tag styling ([#​623](https://togithub.com/securego/gosec/issues/623)) [`433a674`](https://togithub.com/securego/gosec/commit/433a674) show nosec in html report summary ([#​621](https://togithub.com/securego/gosec/issues/621)) [`d040f07`](https://togithub.com/securego/gosec/commit/d040f07) Handle gosec version in SARIF report [`51f7411`](https://togithub.com/securego/gosec/commit/51f7411) Add arm64 support ([#​618](https://togithub.com/securego/gosec/issues/618)) [`e7ac882`](https://togithub.com/securego/gosec/commit/e7ac882) Update go version to 1.16 ([#​616](https://togithub.com/securego/gosec/issues/616)) [`3a9a6ad`](https://togithub.com/securego/gosec/commit/3a9a6ad) Sarif provide Snippet with Issue.Code [`1325319`](https://togithub.com/securego/gosec/commit/1325319) Create dependabot.yml ([#​614](https://togithub.com/securego/gosec/issues/614)) [`d8cfcd6`](https://togithub.com/securego/gosec/commit/d8cfcd6) Allow the user to enable/disable colorisation of the text report in the stdout [`a8b633f`](https://togithub.com/securego/gosec/commit/a8b633f) Adding stdout and verbose flags and refactor how the report is saved [`103c429`](https://togithub.com/securego/gosec/commit/103c429) Enable golangcli and improve testing for formatters [`4df7f1c`](https://togithub.com/securego/gosec/commit/4df7f1c) Fix typos, Go Report link and Gofmt [`f4ea33d`](https://togithub.com/securego/gosec/commit/f4ea33d) Update how the test coverage is generated [`c4f5932`](https://togithub.com/securego/gosec/commit/c4f5932) Refactor : Replace Cwe with cwe.Weakness [`ddfa253`](https://togithub.com/securego/gosec/commit/ddfa253) Define a report package with core and per format sub-packages [`cc83d4c`](https://togithub.com/securego/gosec/commit/cc83d4c) Generate the SARIF types, handle taxonomies and separate responsibilities [`0fa5d0b`](https://togithub.com/securego/gosec/commit/0fa5d0b) Fix the go modules after updating to get the tests passing ([#​605](https://togithub.com/securego/gosec/issues/605)) [`3763953`](https://togithub.com/securego/gosec/commit/3763953) Migrate sonar types in a dedicated package ([#​604](https://togithub.com/securego/gosec/issues/604)) [`b519743`](https://togithub.com/securego/gosec/commit/b519743) chore(deps): update all dependencies ([#​599](https://togithub.com/securego/gosec/issues/599)) [`569328e`](https://togithub.com/securego/gosec/commit/569328e) Fix typos ([#​594](https://togithub.com/securego/gosec/issues/594)) [`0695fa0`](https://togithub.com/securego/gosec/commit/0695fa0) Add `-u` to local install instructions ([#​595](https://togithub.com/securego/gosec/issues/595)) [`7f2308b`](https://togithub.com/securego/gosec/commit/7f2308b) Tidy up the moduels after updating ([#​593](https://togithub.com/securego/gosec/issues/593)) [`f21b0b8`](https://togithub.com/securego/gosec/commit/f21b0b8) chore(deps): update all dependencies ([#​592](https://togithub.com/securego/gosec/issues/592)) [`148e608`](https://togithub.com/securego/gosec/commit/148e608) Adding KICS to USERS.md ([#​590](https://togithub.com/securego/gosec/issues/590)) ### [`v2.7.0`](https://togithub.com/securego/gosec/releases/tag/v2.7.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.6.1...v2.7.0) #### Changelog [`27a5ffb`](https://togithub.com/securego/gosec/commit/27a5ffb) Quiet warnings about integer truncation ([#​586](https://togithub.com/securego/gosec/issues/586)) [`bf2cd23`](https://togithub.com/securego/gosec/commit/bf2cd23) Update all dependencies ([#​585](https://togithub.com/securego/gosec/issues/585)) [`01ee764`](https://togithub.com/securego/gosec/commit/01ee764) Fix typo in USERS.md ([#​583](https://togithub.com/securego/gosec/issues/583)) [`9c047e3`](https://togithub.com/securego/gosec/commit/9c047e3) Add support for Go 1.16 in the CI and release workflows ([#​581](https://togithub.com/securego/gosec/issues/581)) [`1fce461`](https://togithub.com/securego/gosec/commit/1fce461) fix: WriteParams rule to work also with golang 1.16 ([#​577](https://togithub.com/securego/gosec/issues/577)) [`dcbcc4d`](https://togithub.com/securego/gosec/commit/dcbcc4d) Use a more generic path for sonarqube import path ([#​573](https://togithub.com/securego/gosec/issues/573)) [`2777e50`](https://togithub.com/securego/gosec/commit/2777e50) Update README with a note which describes how to import a SonarQube report ([#​572](https://togithub.com/securego/gosec/issues/572)) [`897c203`](https://togithub.com/securego/gosec/commit/897c203) Reset the state of TLS rule after each version check ([#​570](https://togithub.com/securego/gosec/issues/570)) [`6c57ae1`](https://togithub.com/securego/gosec/commit/6c57ae1) Fix sarif formatting issues ([#​565](https://togithub.com/securego/gosec/issues/565)) [`b6524ce`](https://togithub.com/securego/gosec/commit/b6524ce) Update all dependencies ### [`v2.6.1`](https://togithub.com/securego/gosec/releases/tag/v2.6.1) [Compare Source](https://togithub.com/securego/gosec/compare/v2.6.0...v2.6.1) #### Changelog [`00bbbd8`](https://togithub.com/securego/gosec/commit/00bbbd8) Fix the release workflow to allow unsecure commands ### [`v2.6.0`](https://togithub.com/securego/gosec/compare/v2.5.0...v2.6.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.5.0...v2.6.0) ### [`v2.5.0`](https://togithub.com/securego/gosec/releases/tag/v2.5.0) [Compare Source](https://togithub.com/securego/gosec/compare/v2.4.0...v2.5.0) #### Changelog [`a4746e1`](https://togithub.com/securego/gosec/commit/a4746e1) Update all dependencies ([#​533](https://togithub.com/securego/gosec/issues/533)) [`6bd6e4b`](https://togithub.com/securego/gosec/commit/6bd6e4b) Use $(go env GOPATH) that works even when GOPATH is not set [`aef335a`](https://togithub.com/securego/gosec/commit/aef335a) Fix typo in README.md [`0ce48a5`](https://togithub.com/securego/gosec/commit/0ce48a5) Reproducible junit report ([#​529](https://togithub.com/securego/gosec/issues/529)) [`868556b`](https://togithub.com/securego/gosec/commit/868556b) Update README with the correct path to tlsconfig command [`13519fd`](https://togithub.com/securego/gosec/commit/13519fd) Update the tls configuration generate to handle also the NSS alternative names [`e351067`](https://togithub.com/securego/gosec/commit/e351067) Update all dependencies [`166e4f5`](https://togithub.com/securego/gosec/commit/166e4f5) Update README file with some more details required to run successfully a scan with the docker image [`f5cc32a`](https://togithub.com/securego/gosec/commit/f5cc32a) Update the Go version to 1.15 in the Makefile [`ea0fa28`](https://togithub.com/securego/gosec/commit/ea0fa28) Update the Github go action version to 1.6.0 [`feea8bb`](https://togithub.com/securego/gosec/commit/feea8bb) Fix the action tag [`6688a97`](https://togithub.com/securego/gosec/commit/6688a97) Fix the github action for Go 1.15 [`7234349`](https://togithub.com/securego/gosec/commit/7234349) Add Go 1.15 to the supported version and phase out the Go 1.12 [`a3895d5`](https://togithub.com/securego/gosec/commit/a3895d5) Fix typo in README file [`17c9555`](https://togithub.com/securego/gosec/commit/17c9555) Incorrect local installation instructions for v2 [`f13b8bc`](https://togithub.com/securego/gosec/commit/f13b8bc) Add also filepath.Rel as a sanitization method for input argument in the G304 ru

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

grafanarenovatebot[bot] commented 5 days ago

ℹ Artifact update notice

File name: scripts/go/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

Details:

Package Change
github.com/ccojocar/zxcvbn-go v1.0.1 -> v1.0.2
golang.org/x/mod v0.14.0 -> v0.17.0
golang.org/x/sync v0.5.0 -> v0.7.0
golang.org/x/sys v0.14.0 -> v0.20.0
golang.org/x/text v0.14.0 -> v0.15.0
golang.org/x/tools v0.15.0 -> v0.21.0