Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: Update dependency securego/gosec to v2.21.1 (#298)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [securego/gosec](https://redirect.github.com/securego/gosec) | minor | `v2.20.0` -> `v2.21.1` | --- ### Release Notes <details> <summary>securego/gosec (securego/gosec)</summary> ### [`v2.21.1`](https://redirect.github.com/securego/gosec/releases/tag/v2.21.1) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.21.0...v2.21.1) #### Changelog - [`0ce4453`](https://redirect.github.com/securego/gosec/commit/0ce4453ddd8cca1291d2056cf903b545baad95a0) Rollback the SARIF version to 2.1 since github doesn't support 2.2 ([#​1210](https://redirect.github.com/securego/gosec/issues/1210)) - [`ea26e84`](https://redirect.github.com/securego/gosec/commit/ea26e8431f53a5d229b1c07ffe3529008a01c25e) Update gosec in github action to v2.21.0 ([#​1208](https://redirect.github.com/securego/gosec/issues/1208)) ### [`v2.21.0`](https://redirect.github.com/securego/gosec/releases/tag/v2.21.0) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.20.0...v2.21.0) #### Changelog - [`b278b40`](https://redirect.github.com/securego/gosec/commit/b278b40c5266eb2b52f41c57d9e6509d9360a2a6) Update cosign version to v2.4.0 in release github workflow ([#​1207](https://redirect.github.com/securego/gosec/issues/1207)) - [`eaedce9`](https://redirect.github.com/securego/gosec/commit/eaedce9a8b64ce207e25553232bcc7541e0044e7) Improvement the int conversion overflow logic to handle bound checks ([#​1194](https://redirect.github.com/securego/gosec/issues/1194)) - [`ea5b276`](https://redirect.github.com/securego/gosec/commit/ea5b2766bb1abd38e13375c0e2d789f8ab2b789c) fix: G602 support for nested conditionals with bounds check ([#​1201](https://redirect.github.com/securego/gosec/issues/1201)) - [`11d6903`](https://redirect.github.com/securego/gosec/commit/11d69032b0856c96afd4c493967ab7a30e20ff5e) Update go.mod to sue go 1.22.0 toolchain - [`655527d`](https://redirect.github.com/securego/gosec/commit/655527dfb4df16091cbdc0a10bd89c2d5d9312a5) chore(deps): update all dependencies - [`0898560`](https://redirect.github.com/securego/gosec/commit/08985601695d7b6eb13330521c80859adc9d72aa) Make variable name more clear - [`ac67231`](https://redirect.github.com/securego/gosec/commit/ac67231ec5a73f1525942d5ef482d1152e61ac3f) Make variable names more explicity and reduce duplications - [`e0414c4`](https://redirect.github.com/securego/gosec/commit/e0414c46402de6813677e1868b6c0f82270fdb80) Fix formatting - [`c7003fc`](https://redirect.github.com/securego/gosec/commit/c7003fc7e5e7f05783097793d4410d50896e06d4) Refactor to reduce some fuctions and variable names - [`2401936`](https://redirect.github.com/securego/gosec/commit/2401936458ea4c80b8c83a3500d9354ca3914605) Pass the value argument directly since is an interface - [`f5d3128`](https://redirect.github.com/securego/gosec/commit/f5d312825f753d7c598fcd5e80e2c9c6f9cb1776) Added suggested changes - [`a14ca4a`](https://redirect.github.com/securego/gosec/commit/a14ca4ac59d9b519d1b195afe6098ff13d574d32) Added another test case in order to increase code coverage - [`a6dd589`](https://redirect.github.com/securego/gosec/commit/a6dd589bae11a5eb18408a4a75e63e46833a01a3) Removed function parameter which is always the same - [`b4c7469`](https://redirect.github.com/securego/gosec/commit/b4c746962f33c83ec64ce337e546bd0cc6529cd1) Formatting problems(CI was not passing) - [`7f8f654`](https://redirect.github.com/securego/gosec/commit/7f8f654235b42704bab6c65c3459a2824bccadd3) Updated analyzer to use new way of initialization - [`a26215c`](https://redirect.github.com/securego/gosec/commit/a26215cf23be85d473f6d5a1e059a02406ea5d55) Migrated the rule to the analyzers folder - [`3f6e1e7`](https://redirect.github.com/securego/gosec/commit/3f6e1e7326fe7849aaaaf35698907a1a7c504997) Refractored code a little bit - [`0eb8143`](https://redirect.github.com/securego/gosec/commit/0eb8143c23b649a345370fd169baff6525c34bd9) Added new rule G407(hardcoded IV/nonce) - [`4ae73c8`](https://redirect.github.com/securego/gosec/commit/4ae73c8ba3a6b38e3c1bafad75f59cb4910e389f) Fix conversion overflow false positive when using ParseUint - [`c52dc0e`](https://redirect.github.com/securego/gosec/commit/c52dc0ea4e0fed5898f6b1d1f1028bd20ac0fa86) Add a build step to measure the scan perfomance - [`bcec04e`](https://redirect.github.com/securego/gosec/commit/bcec04e784830d45797201cb889246bf266cd941) Fix conversion overflow false positives when they are checked or pre-determined - [`71e397b`](https://redirect.github.com/securego/gosec/commit/71e397b9944c50b3f8f9e0e3e1904047c7b3967e) Update go.mod - [`aec45b0`](https://redirect.github.com/securego/gosec/commit/aec45b0b7dd15c03d89d67e16b93f41df8ece85b) chore(deps): update all dependencies - [`ab3f6c1`](https://redirect.github.com/securego/gosec/commit/ab3f6c1c83a0c80fcb8c95838de10cc3cf0d8ba2) Fix false positive in conversion overflow check from uint8/int8 type - [`a39ec5a`](https://redirect.github.com/securego/gosec/commit/a39ec5a16bca81f2442050ce3d2d442911ace4cc) Disable staticcheck SA1019 rule - [`a1b2ab8`](https://redirect.github.com/securego/gosec/commit/a1b2ab80af682c279271a7d3e3cf939e0e5c2847) Update the golangci linters - [`8467f01`](https://redirect.github.com/securego/gosec/commit/8467f012e0d6238433e299fd0499ee29342000c3) Add more test to cover more use cases for G115 rule - [`81cda2f`](https://redirect.github.com/securego/gosec/commit/81cda2f91fbe1bf4735feb55febcae03e697a92b) Allow excluding analyzers globally ([#​1180](https://redirect.github.com/securego/gosec/issues/1180)) - [`18135b4`](https://redirect.github.com/securego/gosec/commit/18135b439cbafc52ac712528099193a0d6b18a33) Update to Go 1.23.0 ([#​1183](https://redirect.github.com/securego/gosec/issues/1183)) - [`91c708a`](https://redirect.github.com/securego/gosec/commit/91c708a62031dd4b92ae057c8835b975bf80c134) chore(deps): update all dependencies ([#​1182](https://redirect.github.com/securego/gosec/issues/1182)) - [`92bac42`](https://redirect.github.com/securego/gosec/commit/92bac42afce8fee2756fb7d7f491328bd069ebec) Read the AI API key also from an environment variable ([#​1181](https://redirect.github.com/securego/gosec/issues/1181)) - [`56f943b`](https://redirect.github.com/securego/gosec/commit/56f943b802579b69d96f0999a7943c588e600ae7) Add support to generate auto fixes using LLM (AI) ([#​1177](https://redirect.github.com/securego/gosec/issues/1177)) - [`f33fd4b`](https://redirect.github.com/securego/gosec/commit/f33fd4bf29722188b24b4a55b512d12adcd8b216) chore(deps): update all dependencies - [`55a47f3`](https://redirect.github.com/securego/gosec/commit/55a47f37740ea50048d4396051e2a60c794bec1d) chore(deps): update all dependencies - [`a5d9ef6`](https://redirect.github.com/securego/gosec/commit/a5d9ef67e2c945ab409da174596ee8be564633fe) chore(deps): update all dependencies - [`6842444`](https://redirect.github.com/securego/gosec/commit/68424445af83e15ed94b4d9b26ee00089d2a87d6) chore(deps): update dependency babel-standalone to v7.24.10 - [`08b94f9`](https://redirect.github.com/securego/gosec/commit/08b94f9392935d370dfa208af1c526477865cdf6) Resolve underlying type to detect overflows in type aliases - [`4487a0c`](https://redirect.github.com/securego/gosec/commit/4487a0c5a233e90ed46450fee36bad20cf9dcebe) chore(deps): update dependency babel-standalone to v7.24.8 - [`0076267`](https://redirect.github.com/securego/gosec/commit/007626773c6c47884c59b02f49f91de8ba168917) Fix multifile ignores - [`2f1b81b`](https://redirect.github.com/securego/gosec/commit/2f1b81b8894fa2d69a6257d4c968a8f17d7e7fd4) Add -enable-audit cli flag - [`87fcb9b`](https://redirect.github.com/securego/gosec/commit/87fcb9b95baf7ce007b5db1dd92405351dca6dcc) Update to go 1.22.5 and 1.21.12 - [`466992f`](https://redirect.github.com/securego/gosec/commit/466992feca6e21a9a8f9bbcf69f65914ffacfcfe) chore(deps): update all dependencies - [`9a4a741`](https://redirect.github.com/securego/gosec/commit/9a4a741e6b3757a6063bbb52e1d139b193a33398) Added more rules - [`6382394`](https://redirect.github.com/securego/gosec/commit/6382394ce8fe66c4b3b5051891254792004e95ff) Fixed coverage workflow - [`5666ea3`](https://redirect.github.com/securego/gosec/commit/5666ea35bafdcdbf6550f4b118ce5d0504447782) Fixed CI workflow - [`fc0957f`](https://redirect.github.com/securego/gosec/commit/fc0957f6a3b0d1c0db43ea72266daab41143c4d9) Minor changes - [`58e4fcc`](https://redirect.github.com/securego/gosec/commit/58e4fccc1382194f682ee8f97860f5b9c7aa491a) Split the G401 rule into two separate ones - [`2e71f37`](https://redirect.github.com/securego/gosec/commit/2e71f37efda759fa68989fa3ece93623ff762945) Updated G401 corresponding CWE - [`3edc633`](https://redirect.github.com/securego/gosec/commit/3edc633c241a32da17c6b2fcbb092192a583ee4e) chore(deps): update docker/build-push-action action to v6 - [`2ae137a`](https://redirect.github.com/securego/gosec/commit/2ae137abcf405533ad6e549e9363e58e4f6e8b7d) Update to go versions to 1.21.11 and 1.22.4 - [`30a8a9c`](https://redirect.github.com/securego/gosec/commit/30a8a9c8c303c881a56c7bc0fb1c06e237779d49) chore(deps): update all dependencies - [`ac75d44`](https://redirect.github.com/securego/gosec/commit/ac75d44f5635e83e6e91347f7350f1b3c87ee5af) Fix nosec when applied to a block - [`ed3f51e`](https://redirect.github.com/securego/gosec/commit/ed3f51e66358b0b4beea512a4edabc6116e972ff) Add more types to templates rule - [`c3209fc`](https://redirect.github.com/securego/gosec/commit/c3209fcaac0b14cc2dcb057dcebb60fa35e274e2) Map the G115 rule to an CWE ID - [`45fbb27`](https://redirect.github.com/securego/gosec/commit/45fbb27d87864c1cf2f9c71896ab1660eab47a91) chore(deps): update all dependencies - [`43bef71`](https://redirect.github.com/securego/gosec/commit/43bef719b47ff8de56265f54dc0d0a9c4afe13c9) Update README with G115 rule description - [`555fe44`](https://redirect.github.com/securego/gosec/commit/555fe448dd8931e33a6d8cb3a534d8190938fa61) Remove deprecated megacheck linter from golangci - [`81b076f`](https://redirect.github.com/securego/gosec/commit/81b076f53d65314e4c73473c012e7ce94bed11aa) Format imports - [`f775eb1`](https://redirect.github.com/securego/gosec/commit/f775eb19c51d9b80b53eeca466007516a2d8b5f0) Update .gitignore - [`4bf5667`](https://redirect.github.com/securego/gosec/commit/4bf5667f6673c43d356235086ecfe41f5bb5ca7b) Add a new rule to detect integer overflow on integer types conversion - [`5f0084e`](https://redirect.github.com/securego/gosec/commit/5f0084eb01a99a1ef3718afcb2f4078e8d07326f) feat: add env var to override the Go version detection - [`75dd9d6`](https://redirect.github.com/securego/gosec/commit/75dd9d61ff96be391e3410fee384c87fdf7566d5) Use the proper logic when disabling the go module version - [`1e1fc91`](https://redirect.github.com/securego/gosec/commit/1e1fc91d158706e3bca507a749c72070c361aade) Update the README with some details related to Go version used by the rules - [`9a03665`](https://redirect.github.com/securego/gosec/commit/9a036658b7b1eab8f226171e72319ec2e9e84176) Add an environment varialbe which disables the parsing of Go version from module file - [`b633c4c`](https://redirect.github.com/securego/gosec/commit/b633c4c0ec489dfc2f4930bb96237371058cb199) chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3 - [`40f29c8`](https://redirect.github.com/securego/gosec/commit/40f29c8d4abf59af475a79f6aa0268c296319501) Update docker image in action to v2.20.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/nobl9/terraform-provider-nobl9). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIiwicmVub3ZhdGUiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- Loading branch information