search

konflux-ci / qe-tools

Contains various useful commands for processing test data
Apache License 2.0
0 stars 9 forks source link

feat(deps): bump github.com/securego/gosec/v2 from 2.17.0 to 2.18.2 #3

Closed dependabot[bot] closed 10 months ago

dependabot[bot] commented 10 months ago

Bumps github.com/securego/gosec/v2 from 2.17.0 to 2.18.2.

Release notes

Sourced from github.com/securego/gosec/v2's releases.

v2.18.2

Changelog

  • 55d7949 Disable dot-imports in revive linter
  • 4656817 chore(deps): update module github.com/onsi/gomega to v1.28.1
  • 5567ac4 Run the gosec with data race detector active during tests
  • a239758 Fix data race in the analyzer
  • c06903a Fix test that checks the overriden nosec directive
  • bde2619 Clean global state in flgs tests
  • e108c56 Format the file
  • e298388 Update README with details which describe the current behaviour of #nosec
  • d8a6d35 Ensure the ignores are parsed before analysing the package
  • 7846db0 chore(deps): update all dependencies
  • 8e0cf8c Update gosec to version 2.18.1 in the action
  • 6b12a71 Update cosign version to v2.2.0

v2.18.1

Changelog

  • 0ec6cd9 Refactor how ignored issues are tracked
  • f338a98 Restrict the maximum depth when tracking the slice bounds
  • 7e2d8d3 Handle empty ssa results
  • 074353a Handle gracefully any panic that occurs when building the SSA representation of a package
  • ec31a3a Fix typo
  • a11eb28 Handle new function when getting the call info in case is overriden
  • 5b7867d Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1037)
  • dd08f99 Update to Go 1.21.3 and 1.20.10 (#1035)
  • 616520f Update the list of unsafe functions detected by the unsafe rule (#1033)
  • 3952187 Update the action to use gosec version v2.18.0 (#1029)
  • 2b62dd1 Use a step ID in github release action to get the digest of the image (#1028)

v2.18.0

Changelog

  • 53fc0c3 Update to go version 1.21.2 and 1.20.9 (#1027)
  • 7f7c47f chore(deps): update all dependencies (#1026)
  • d864a91 Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
  • 09cf6ef Fix typos in struct fields, comments, and docs (#1023)
  • 665e87b chore(deps): update all dependencies
  • 4def3a4 Fix lint warning
  • 0d332a1 Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
  • 293d887 Fix lint warnings
  • ac482cb Update ginkgo to latest version
  • e02e2f6 Redesign and reimplement the slice out of bounds check using SSA code representation
  • e1278f9 docs: add reMarkable to users list
  • f6a6496 chore(deps): update all dependencies
  • aebe20c Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
  • 7a98537 Update to latest go version
  • b192f06 chore(deps): update all dependencies (#1011)
  • 6c93653 Fix hardcoded_credentials rule to only match on more specific patterns (#1009)
  • 325eb19 chore(deps): update all dependencies (#1008)

... (truncated)

Commits
  • 55d7949 Disable dot-imports in revive linter
  • 4656817 chore(deps): update module github.com/onsi/gomega to v1.28.1
  • 5567ac4 Run the gosec with data race detector active during tests
  • a239758 Fix data race in the analyzer
  • c06903a Fix test that checks the overriden nosec directive
  • bde2619 Clean global state in flgs tests
  • e108c56 Format the file
  • e298388 Update README with details which describe the current behaviour of #nosec
  • d8a6d35 Ensure the ignores are parsed before analysing the package
  • 7846db0 chore(deps): update all dependencies
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 10 months ago

The following labels could not be found: dependencies.