build(deps): bump github.com/securego/gosec/v2 from 2.6.1 to 2.14.0 #120

dependabot · 2022-10-24T03:09:49Z

Bumps github.com/securego/gosec/v2 from 2.6.1 to 2.14.0.

Release notes

Sourced from github.com/securego/gosec/v2's releases.

v2.14.0

Changelog

1af1d5b Pin release build to Go version 1.19.2 (#882)

0ae0174 Refactor to support duplicate imports with different aliases (#865)

a2719d3 chore(deps): update all dependencies (#881)

ed38681 go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)

8466173 Update Go version to 1.19 in the makefile (#876)

f9ad0d8 chore(deps): update all dependencies (#875)

6cd9e62 Add CWE-676 to cwe mapping (#874)

bb4a1e3 chore(deps): update all dependencies (#872)

7ea37bb Add a way to use private repositories on GitHub (#869)

e244c81 chore(deps): update all dependencies (#868)

e9b2781 Check go version when installing govulncheck

88c23de Check go version when running govulncheck

84f6424 Add vulncheck to the test steps

180fc23 chore(deps): update all dependencies

dfde579 Fix false positives for G404 with aliased packages

aaaf80c chore(deps): update all dependencies

ae58325 chore(deps): update all dependencies

a892be9 fix: add a CWE ID mapping to rule G114

a319b66 chore(deps): update golang.org/x/crypto digest to bc19a97

v2.13.1

Changelog

19fa856 fix: make sure that nil Cwe pointer is handled when getting the CWE ID

62fa4b4 test: remove white spaces from template

074dc71 fix: handle nil CWE pointer in text template

v2.13.0

Changelog

79a5b13 chore(deps): update dependency babel-standalone to v7

97f03d9 chore: update module go to 1.19

0ba05e1 chore: fix lint warnings

d3933f9 chore: add support for Go 1.19

4e68fb5 fix: parsing of the Go version (#844)

0c8e63e Detect use of net/http functions that have no support for setting timeouts (#842)

6a26c23 Refactor SQL rules for better extensibility (#841)

1b0873a chore(deps): update module golang.org/x/tools to v0.1.12 (#840)

845483e Fix lint warning

45bf9a6 Check the suppressed issues when generating the exit code

a5982fb Fix for G402. Check package path instead of package name (#838)

ea6d49d fix G204 bugs (#835)

21fcd2f Phase out support for Go 1.16 since is not supported anymore by Go team (#837)

3cda47a chore(deps): update all dependencies (#836)

0212c83 chore(deps): update dependency highlight.js to v11.6.0 (#830)

9a25f4e fix: filepaths with git anywhere in them being erroneously excluded (#828)

602ced7 Fix wrong location for G109 (#829)

7dd9ddd chore(deps): update golang.org/x/crypto digest to 0559593 (#826)

b0f3e78 fix ReadTimeout for G112 rule

05f3ca8 Pin cosign-installer to v2 (#824)

... (truncated)

Commits

1af1d5b Pin release build to Go version 1.19.2 (#882)
0ae0174 Refactor to support duplicate imports with different aliases (#865)
a2719d3 chore(deps): update all dependencies (#881)
ed38681 go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)
8466173 Update Go version to 1.19 in the makefile (#876)
f9ad0d8 chore(deps): update all dependencies (#875)
6cd9e62 Add CWE-676 to cwe mapping (#874)
bb4a1e3 chore(deps): update all dependencies (#872)
7ea37bb Add a way to use private repositories on GitHub (#869)
e244c81 chore(deps): update all dependencies (#868)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/securego/gosec/v2](https://github.com/securego/gosec) from 2.6.1 to 2.14.0. - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](securego/gosec@v2.6.1...v2.14.0) --- updated-dependencies: - dependency-name: github.com/securego/gosec/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 24, 2022

dependabot bot mentioned this pull request Oct 24, 2022

build(deps): bump github.com/securego/gosec/v2 from 2.6.1 to 2.13.1 #108

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump github.com/securego/gosec/v2 from 2.6.1 to 2.14.0 #120

build(deps): bump github.com/securego/gosec/v2 from 2.6.1 to 2.14.0 #120

dependabot bot commented on behalf of github Oct 24, 2022

build(deps): bump github.com/securego/gosec/v2 from 2.6.1 to 2.14.0 #120

Are you sure you want to change the base?

build(deps): bump github.com/securego/gosec/v2 from 2.6.1 to 2.14.0 #120

Conversation

dependabot bot commented on behalf of github Oct 24, 2022

v2.14.0

Changelog

v2.13.1

Changelog

v2.13.0

Changelog