Skip to content

chore(deps): update module github.com/securego/gosec/v2 to v2.22.10 #7511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

chore(deps): update module github.com/securego/gosec/v2 to v2.22.10 #7511

wants to merge 2 commits into from
+19 −19

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 15, 2025

This PR contains the following updates:

Package Change Age Confidence
github.com/securego/gosec/v2 v2.22.8 -> v2.22.10 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

securego/gosec (github.com/securego/gosec/v2)

v2.22.10

Compare Source

Changelog

  • 6be2b51 Update go to version 1.25.3 and 1.24.9 in CI (#​1404)
  • fddb942 chore(deps): update all dependencies (#​1402)
  • f676031 Update go to version 1.25.2 and 2.24.8 in CI (#​1401)
  • 35f7ec2 chore(deps): update all dependencies (#​1399)
  • 01029f0 check nil slices, partially check bounds (#​1396)
  • 34db3de Remove unused target from the makefile
  • f5a3b7a Use the ginkgo command install by the dependencies
  • 761fcbc Keep the go module at 1.24 version for compatibility reasons
  • 2238079 Remove manual test deps
  • bb08aa3 fix: text must be supplied when markdown is used
  • 23597d2 fix: improve error message of CheckAnalyzers
  • 8d7e9d5 fix: log panic on SSA
  • 0d8255e chore(deps): update all dependencies
  • f9c52aa Update gosec to version v.22.9 in the github action

v2.22.9

Compare Source

Changelog

  • 15d5c61 Update cosign to v2.6.0 and go in the CI to latest version
  • 7b8713e fix(autofix): unnecessary conversion
  • 64ebfc0 feat(autofix): update gemini sdk and add anthropic claude
  • 506407e feat(G304): add os.Root remediation hint (Autofix) when Go >= 1.24
  • 3ead143 chore(deps): update all dependencies
  • e81fba3 refactor(G304): remove unused trackJoin helper; no functional change
  • ab078db style: gofmt rules/readfile.go
  • e6218c8 test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed)
  • 79f835d rules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Consider safe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed
  • 40ac530 rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #​1309 report\n- Rules tests: 42 passed
  • 4be6b11 chore(deps): update all dependencies
  • 5af1117 chore(deps): update all dependencies
  • 287b46c chore(deps): update all dependencies
  • cee0aea Update gosec version to v2.22.8 in the Github action

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from MrAlias as a code owner October 15, 2025 09:09
@renovate renovate bot added dependencies Pull requests that update a dependency file Skip Changelog PRs that do not require a CHANGELOG.md entry labels Oct 15, 2025
@renovate
Copy link
Contributor Author

renovate bot commented Oct 15, 2025

ℹ Artifact update notice

File name: internal/tools/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 3 additional dependencies were updated

Details:

Package Change
golang.org/x/tools v0.37.0 -> v0.38.0
golang.org/x/net v0.45.0 -> v0.46.0
golang.org/x/telemetry v0.0.0-20251008162818-ca0c2a905e73 -> v0.0.0-20251008203120-078029d740a8

@codecov
Copy link

codecov bot commented Oct 15, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.2%. Comparing base (9dea78c) to head (b0a5990).

Additional details and impacted files

Impacted file tree graph

@@          Coverage Diff          @@
##            main   #7511   +/-   ##
=====================================
  Coverage   86.2%   86.2%           
=====================================
  Files        295     295           
  Lines      25864   25864           
=====================================
  Hits       22307   22307           
  Misses      3184    3184           
  Partials     373     373
Files with missing lines Coverage Δ
propagation/trace_context.go 96.6% <100.0%> (ø)

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@renovate renovate bot force-pushed the renovate/github.com-securego-gosec-v2-2.x branch from c8d90e4 to 7037f1d Compare October 15, 2025 09:30
@dmathieu
Copy link
Member

dmathieu commented Oct 15, 2025

This appears to introduce the same issue as #7482

@dmathieu dmathieu closed this Oct 15, 2025
@dmathieu dmathieu deleted the renovate/github.com-securego-gosec-v2-2.x branch October 15, 2025 09:40
@renovate
Copy link
Contributor Author

renovate bot commented Oct 15, 2025

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v2.22.10). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MrAlias MrAlias Awaiting requested review from MrAlias MrAlias is a code owner

@XSAM XSAM Awaiting requested review from XSAM XSAM is a code owner

@dashpole dashpole Awaiting requested review from dashpole dashpole is a code owner

@pellared pellared Awaiting requested review from pellared pellared is a code owner

@dmathieu dmathieu Awaiting requested review from dmathieu dmathieu is a code owner

@flc1125 flc1125 Awaiting requested review from flc1125 flc1125 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file Skip Changelog PRs that do not require a CHANGELOG.md entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dmathieu