Package Release Info

gosec-2.9.6-bp154.1.22

Update Info: Base Release
Available in Package Hub : 15 SP4

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

gosec

Change Logs

* Fri Jan 21 2022 Felix Niederwanger <felix.niederwanger@suse.com>

* Update to version 2.9.6:
- Add db.Exec and db.Prepare to the sql rule (#763)
- chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764)
- Add os.Create to the readfile rule (#761)
- Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759)
- chore(deps): update dependency highlight.js to v11.4.0 (#758)
- Fix false negatives for SQL injection in multi-line queries
- Find G303 with filepath.Join'd temp dirs (#754)
- Find more tempdirs
- build(fmt): use [ instead of [[ (#751)
- Update to ginkgo v2 (#753)
- Fix #743 (#748)
- Handle nil when looking up a file by position into a package (#747)
- Add in the config file settings for exclude and include options
- chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745)
- Track both #nosec and #nosec rulelist for one violation (#741)
- Add the sponsors section in the README file (#740)
- Remove space between // and #nosec in examples and internal use

* Fri Jan 14 2022 Felix Niederwanger <felix.niederwanger@suse.com>

- Add position-independent executable to compiler flags

* Fri Jan 14 2022 Felix Niederwanger <felix.niederwanger@suse.com>

- Add version 2.9.5

Version: 2.15.0-bp155.1.7

* Mon Feb 06 2023 Felix Niederwanger <felix.niederwanger@suse.com>

* Update to version 2.15.0
- Fix dependencies after renovate update
- chore(deps): update all dependencies (#922)
- Update to Go 1.20 and fix unit tests (#923)
- Update Go to latest version (#920)
- Update hardcoded_credentials.go fix: adaper equal expr which const value at left (#917)
- Fix github latest URL (#918)
- Fix github release url (#916)
- chore(deps): update module github.com/onsi/ginkgo/v2 to v2.7.0 (#914)
- Update Go version in CI script (#913)
- Track back when a file path was sanitized with filepath.Clean (#912)
- Fix the TLS config rule when parsing the settings from a variable (#911)
- Fix build after updating the dependencies (#910)
- chore(deps): update all dependencies (#909)
- Fix dependencies after renovate update (#907)
- chore(deps): update all dependencies (#906)
- Update slack badge and link (#905)
- Auto-detect TLS MinVersion integer base (#903)
- Adding s390x support (#902)
- chore(deps): update all dependencies (#904)
- chore(deps): update all dependencies (#898)
- Additional types for bad defer check (#897)
- chore(deps): update all dependencies (#894)
- chore(deps): update all dependencies (#892)
- Update Go version in CI scripts (#889)
- chore(deps): update all dependencies (#888)
- Allow to override build date with SOURCE_DATE_EPOCH (#887)
- chore(deps): update all dependencies (#886)
- chore(deps): update all dependencies (#884)
- fileperms: bitwise permission comparison (#883)

* Mon Dec 12 2022 Felix Niederwanger <felix.niederwanger@suse.com>

- Switch OBS source service from tar_scm to obs_scm.
  * Embed version info with go build arg GIT_TAG="v%{version}"
  * _service obs_scm switch from tar_scm
  * _service obs_scm switch param revision (branch) to version (tag)
  * _service tar set to buildtime
  * _service recompress set to buildtime
  * _service recompress change tar compression from gz to xz

* Mon Oct 17 2022 Felix Niederwanger <felix.niederwanger@suse.com>

* Update to versin 2.14.0
- Pin release build to Go version 1.19.2 (#882)
- Refactor to support duplicate imports with different aliases (#865)
- chore(deps): update all dependencies (#881)
- go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)
- Update Go version to 1.19 in the makefile (#876)
- chore(deps): update all dependencies (#875)
- Add CWE-676 to cwe mapping (#874)
- chore(deps): update all dependencies (#872)
- Add a way to use private repositories on GitHub (#869)
- chore(deps): update all dependencies (#868)
- Check go version when installing govulncheck
- Check go version when running govulncheck
- Add vulncheck to the test steps
- chore(deps): update all dependencies
- Fix false positives for G404 with aliased packages
- chore(deps): update all dependencies
- chore(deps): update all dependencies
- fix: add a CWE ID mapping to rule G114
- chore(deps): update golang.org/x/crypto digest to bc19a97

* Mon Aug 22 2022 Felix Niederwanger <felix.niederwanger@suse.com>

* Update to version 2.13.1
- fix: make sure that nil Cwe pointer is handled when getting the CWE ID
- test: remove white spaces from template
- fix: handle nil CWE pointer in text template
  * Update to version 2.13.0
- chore(deps): update dependency babel-standalone to v7
- chore: update module go to 1.19
- chore: fix lint warnings
- chore: add support for Go 1.19
- fix: parsing of the Go version (#844)
- Detect use of net/http functions that have no support for setting timeouts (#842)
- Refactor SQL rules for better extensibility (#841)
- chore(deps): update module golang.org/x/tools to v0.1.12 (#840)
- Fix lint warning
- Check the suppressed issues when generating the exit code
- Fix for G402. Check package path instead of package name (#838)
- fix G204 bugs (#835)
- Phase out support for Go 1.16 since is not supported anymore by Go team (#837)
- chore(deps): update all dependencies (#836)
- chore(deps): update dependency highlight.js to v11.6.0 (#830)
- fix: filepaths with git anywhere in them being erroneously excluded (#828)
- Fix wrong location for G109 (#829)
- chore(deps): update golang.org/x/crypto digest to 0559593 (#826)
- fix ReadTimeout for G112 rule
- Pin cosign-installer to v2 (#824)
  * Update to version 2.12.0
- chore(deps): update all dependencies (#822)
- Add check for usage of Rat.SetString in math/big with an overflow error (#819)
- Remove additional --update for apk in Dockerfile (#818)
- Update x/tools to pick up fix for golang/go#51629 (#817)
- chore(deps): update all dependencies (#816)
- chore(deps): update all dependencies (#812)
- chore(deps): update all dependencies (#811)
- Add new rule for Slowloris Attack
- Fix the dependencies after renovate upate (#806)
- chore(deps): update all dependencies (#805)
- Update the description message of template rule (#803)
- Fix typo in ReadMe (#802)
- Fix build after renovate update (#800)
- Fix use rule IDs to retrieve the rule config
- chore(deps): update all dependencies (#796)

* Tue Mar 22 2022 Felix Niederwanger <felix.niederwanger@suse.com>

* Update to version 2.11.0
- Enable Go 1.18 in the ci and release workflows
- Fix the lint action after upgrade (#790)
- chore(deps): update all dependencies (#789)
- Add a recursive flag -r to skip specifying ./... path
- Adds directory traversal for Http.Dir("/")

* Wed Mar 02 2022 Felix Niederwanger <felix.niederwanger@suse.com>

* Update to version 2.10.0:
- Extend the release action to sign the docker image and binary files with cosign (#781)
- feat: add concurrency option to parallelize package loading (#778)
- chore(deps): update all dependencies
- Process the code snippet before adding it to the SARIF report
- Updated sponsor link in README.md
- chore(deps): update golang.org/x/crypto commit hash to 30dcbda
- chore(deps): update all dependencies
- Use the CWE name as a name in the SARIF report
- chore(deps): update all dependencies (#771)
- Resolve the TLS min version when is declarted in the same package but in a different file
- Add a test for tls min version defined in a different file
- chore(deps): update all dependencies (#765)