Releases: securego/gosec
Releases · securego/gosec
v2.22.4
Changelog
- 6decf96 Update to go version 1.24.3 and 1.23.9
- d522338 update: updated the build command to include version metadata
- 270b5ce chore(deps): update all dependencies
- 6027926 Update the AI provider API key value when provided as an argument
- 65d2d9f chore(deps): update module google.golang.org/api to v0.230.0
- dc1c38b chore(deps): update module google.golang.org/api to v0.229.0
- 55dbf5a chore(deps): update all dependencies
- 2aaa9c4 Comment the reason why the file can be nil when an issue is created
- 700e9a9 Handle nil file when creating a new issue
- d514c42 chore(deps): update all dependencies (#1333)
- 1d458c5 Update version in 'action.yml' to 2.22.3 (anticipating next version (#1332)
v2.22.3
Changelog
- 955a68d Update go version to 1.24.2 and 1.23.8 (#1331)
- 1336dc6 remove G113. It only affects old/unsupported versions of Go (#1328)
- 5fd2a37 chore(deps): update all dependencies (#1325)
- 39e4477 Add SSOJet (#1320)
- 6141d10 chore(deps): update all dependencies (#1319)
- 9452efe Update the integrity sha for babel dependency in html report (#1316)
- 57ec633 Add support for
//gosec:disabledirective (#1314) - e5fee17 chore(deps): update all dependencies (#1315)
v2.22.2
Changelog
- 136f6c0 Update to go version 1.24.1 and 1.23.7 (#1313)
- 047453a chore(deps): update all dependencies (#1310)
- 76ccee5 chore(deps): update all dependencies (#1308)
- a9eb1c9 Update gosec version in the GitHub action to v2.22.1 (#1307)
- 89c5da3 chore(deps): update module google.golang.org/api to v0.221.0 (#1305)
v2.22.1
Changelog
- 43fee88 Update cosign to v2.4.2 (#1303)
- 7723829 Add support for go 1.24 and phased out support for go 1.22 (#1302)
- 9552f03 chore(deps): update all dependencies (#1300)
- f4d2576 Update to go version 1.23.6 and 1.22.12 (#1299)
- 2258e31 chore(deps): update module google.golang.org/api to v0.219.0 (#1296)
- fbb0833 chore(deps): update module google.golang.org/api to v0.218.0 (#1294)
- c66cb56 Add test to conver unit parssing for G115 rule (#1293)
- 59291a0 Update to go version 1.23.5 and 1.22.11 (#1291)
- 7466b7c chore(deps): update all dependencies (#1290)
- 32dcc8a Update gosec in github action to 2.22.0 (#1286)
v2.22.0
Changelog
- e0cca6f Update what message for G104 (#1282)
- 534689b chore(deps): update module github.com/onsi/ginkgo/v2 to v2.22.2 (#1281)
- eb95db1 chore(deps): update all dependencies (#1280)
- 6c6da40 chore(deps): update all dependencies (#1279)
- b12f51f Simplify sortIssues implementation (#1277)
- 54c2185 Enable testifylint and fix up lint issues (#1276)
- 36c81ed Refactor AppendError to check for build.NoGoError (#1273)
- 9a2d74f chore(deps): update module golang.org/x/net to v0.33.0 [security] (#1275)
- 4c5ad91 Update README.md (#1274)
- e21b4d4 Rule documentation updates (#1272)
- 92de0ee Replace old golang.org links with new go.dev (#1271)
- 4fda076 Refactor AppendError to use strings.Contains (#1270)
- b01f49e Simplify Analyzer.ignore by reducing nesting (#1269)
- b62cc33 Improve capitalization in AI API flags descriptions (#1267)
- bc77d16 Remove unused golint dependency (#1266)
- ef1a35f Simplify tests by using GinkgoT().TempDir() (#1265)
- 09b9143 Documentation on adding new rules and analyzers (#1262)
- 1bd92a8 chore(deps): update all dependencies (#1268)
- ca55eca Update to go 1.22.10 and 1.23.4 versions (#1264)
- 329cad8 chore(deps): update module golang.org/x/crypto to v0.31.0 [security] (#1263)
- 08beb25 chore(deps): update all dependencies (#1261)
- d566be2 chore(deps): update module github.com/onsi/gomega to v1.36.0 (#1259)
- 8c602d0 fix: revive.redefines-builtin-id lint warnings (#1257)
- 399e835 Fix typos in comments and fields
- 229cf63 Remove the decryption funtions/methods from G407 check
- 699cb55 Upate go to version 1.23.3 and 1.22.9
- 9b13cd5 Fix G115 false positive when going from parsed uint to larger int
- 08ea2a5 chore(deps): update all dependencies
- 4415613 chore(deps): update all dependencies
- 3274716 chore(deps): update all dependencies
- 1fb6a46 chore(deps): update all dependencies
- d2c92ed chore(deps): update all dependencies
- 4fd9872 Update go version to 1.23.2 and 1.22.8
- 1501618 chore(deps): update module google.golang.org/api to v0.201.0
- 7d33bc1 chore(deps): update all dependencies
- bd8b4b4 chore(deps): update all dependencies
- 1216c9b Fix the cosign step to authenticate with the container registry
- 50d1b4a chore(deps): update module google.golang.org/api to v0.199.0
- c0ba7c7 Update the gosec to v2.21.4 in the Github action
- a3299ce Add the version into goreleaser config
v2.21.4
v2.21.3
v2.21.2
v2.21.1
v2.21.0
Changelog
- b278b40 Update cosign version to v2.4.0 in release github workflow (#1207)
- eaedce9 Improvement the int conversion overflow logic to handle bound checks (#1194)
- ea5b276 fix: G602 support for nested conditionals with bounds check (#1201)
- 11d6903 Update go.mod to sue go 1.22.0 toolchain
- 655527d chore(deps): update all dependencies
- 0898560 Make variable name more clear
- ac67231 Make variable names more explicity and reduce duplications
- e0414c4 Fix formatting
- c7003fc Refactor to reduce some fuctions and variable names
- 2401936 Pass the value argument directly since is an interface
- f5d3128 Added suggested changes
- a14ca4a Added another test case in order to increase code coverage
- a6dd589 Removed function parameter which is always the same
- b4c7469 Formatting problems(CI was not passing)
- 7f8f654 Updated analyzer to use new way of initialization
- a26215c Migrated the rule to the analyzers folder
- 3f6e1e7 Refractored code a little bit
- 0eb8143 Added new rule G407(hardcoded IV/nonce)
- 4ae73c8 Fix conversion overflow false positive when using ParseUint
- c52dc0e Add a build step to measure the scan perfomance
- bcec04e Fix conversion overflow false positives when they are checked or pre-determined
- 71e397b Update go.mod
- aec45b0 chore(deps): update all dependencies
- ab3f6c1 Fix false positive in conversion overflow check from uint8/int8 type
- a39ec5a Disable staticcheck SA1019 rule
- a1b2ab8 Update the golangci linters
- 8467f01 Add more test to cover more use cases for G115 rule
- 81cda2f Allow excluding analyzers globally (#1180)
- 18135b4 Update to Go 1.23.0 (#1183)
- 91c708a chore(deps): update all dependencies (#1182)
- 92bac42 Read the AI API key also from an environment variable (#1181)
- 56f943b Add support to generate auto fixes using LLM (AI) (#1177)
- f33fd4b chore(deps): update all dependencies
- 55a47f3 chore(deps): update all dependencies
- a5d9ef6 chore(deps): update all dependencies
- 6842444 chore(deps): update dependency babel-standalone to v7.24.10
- 08b94f9 Resolve underlying type to detect overflows in type aliases
- 4487a0c chore(deps): update dependency babel-standalone to v7.24.8
- 0076267 Fix multifile ignores
- 2f1b81b Add -enable-audit cli flag
- 87fcb9b Update to go 1.22.5 and 1.21.12
- 466992f chore(deps): update all dependencies
- 9a4a741 Added more rules
- 6382394 Fixed coverage workflow
- 5666ea3 Fixed CI workflow
- fc0957f Minor changes
- 58e4fcc Split the G401 rule into two separate ones
- 2e71f37 Updated G401 corresponding CWE
- 3edc633 chore(deps): update docker/build-push-action action to v6
- 2ae137a Update to go versions to 1.21.11 and 1.22.4
- 30a8a9c chore(deps): update all dependencies
- ac75d44 Fix nosec when applied to a block
- ed3f51e Add more types to templates rule
- c3209fc Map the G115 rule to an CWE ID
- 45fbb27 chore(deps): update all dependencies
- 43bef71 Update README with G115 rule description
- 555fe44 Remove deprecated megacheck linter from golangci
- 81b076f Format imports
- f775eb1 Update .gitignore
- 4bf5667 Add a new rule to detect integer overflow on integer types conversion
- 5f0084e feat: add env var to override the Go version detection
- 75dd9d6 Use the proper logic when disabling the go module version
- 1e1fc91 Update the README with some details related to Go version used by the rules
- 9a03665 Add an environment varialbe which disables the parsing of Go version from module file
- b633c4c chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3
- 40f29c8 Update docker image in action to v2.20.0