You've already forked opentelemetry-go
mirror of
https://github.com/open-telemetry/opentelemetry-go.git
synced 2026-06-03 18:35:08 +02:00
chore(deps): update module github.com/securego/gosec/v2 to v2.25.0 (#8084)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/securego/gosec/v2](https://redirect.github.com/securego/gosec) | `v2.24.8-0.20260316110558-744bfb5ef06e` → `v2.25.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/5322) for more information. --- ### Release Notes <details> <summary>securego/gosec (github.com/securego/gosec/v2)</summary> ### [`v2.25.0`](https://redirect.github.com/securego/gosec/releases/tag/v2.25.0) [Compare Source](https://redirect.github.com/securego/gosec/compare/v2.24.7...v2.25.0) #### Changelog - [`223e19b`](https://redirect.github.com/securego/gosec/commit/223e19b8856e00f02cc67804499a83f77e208f3c) chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 ([#​1617](https://redirect.github.com/securego/gosec/issues/1617)) - [`b23a9e5`](https://redirect.github.com/securego/gosec/commit/b23a9e534822ec656207d6d33116b9c48fcde6c7) fix: allow barry action to access secrets on fork PRs ([#​1616](https://redirect.github.com/securego/gosec/issues/1616)) - [`355cfa5`](https://redirect.github.com/securego/gosec/commit/355cfa5a43916c57b7727eece120dd54665c1427) fix: reduce G117 false positives for custom marshalers and transformed values ([#​1614](https://redirect.github.com/securego/gosec/issues/1614)) ([#​1615](https://redirect.github.com/securego/gosec/issues/1615)) - [`744bfb5`](https://redirect.github.com/securego/gosec/commit/744bfb5ef06e24230087a2470dd1eda8cf5ac48a) Add barry security scanner as a step in the CI ([#​1612](https://redirect.github.com/securego/gosec/issues/1612)) - [`4fde15d`](https://redirect.github.com/securego/gosec/commit/4fde15d2287caa7ba8480e14d3ccd49579d17f42) chore(deps): update all dependencies ([#​1611](https://redirect.github.com/securego/gosec/issues/1611)) - [`dec52c4`](https://redirect.github.com/securego/gosec/commit/dec52c4101b534ac9bc8cf22ac051a65c90d75e0) fix: prevent taint analysis hang on packages with many CHA call graph edges ([#​1608](https://redirect.github.com/securego/gosec/issues/1608)) ([#​1610](https://redirect.github.com/securego/gosec/issues/1610)) - [`a0de8b6`](https://redirect.github.com/securego/gosec/commit/a0de8b6aab054e0fe97bec94d1f5e635dc5dc495) Add some skills for claude code to automate some tasks ([#​1609](https://redirect.github.com/securego/gosec/issues/1609)) - [`c2dfcec`](https://redirect.github.com/securego/gosec/commit/c2dfcec7f34bdbb3591c1dccd4aafde1d49c5bd6) Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries ([#​1606](https://redirect.github.com/securego/gosec/issues/1606)) - [`8aec3f4`](https://redirect.github.com/securego/gosec/commit/8aec3f48a22ee5404185b01ac7667302ba73e51c) fix: skip SSA analysis on ill-typed packages to prevent panic ([#​1607](https://redirect.github.com/securego/gosec/issues/1607)) - [`1ced32d`](https://redirect.github.com/securego/gosec/commit/1ced32df147e2dd7bb9400023c246235bb32be92) Port G120 from SSA-based to taint analysis (fixes [#​1600](https://redirect.github.com/securego/gosec/issues/1600), [#​1603](https://redirect.github.com/securego/gosec/issues/1603)) ([#​1605](https://redirect.github.com/securego/gosec/issues/1605)) - [`befce8d`](https://redirect.github.com/securego/gosec/commit/befce8de5da965121ad143b3c1eba58b0c3941bb) fix(G118): eliminate false positive for package-level cancel variables ([#​1602](https://redirect.github.com/securego/gosec/issues/1602)) - [`b7b2c7b`](https://redirect.github.com/securego/gosec/commit/b7b2c7b668f3f2bef8a8ae04d72f0eb60492322c) feat: add G124 rule for insecure HTTP cookie configuration ([#​1599](https://redirect.github.com/securego/gosec/issues/1599)) - [`6e66a94`](https://redirect.github.com/securego/gosec/commit/6e66a943db54eb8d235ac766fa2fd414d44e8821) feat: add G709 rule for unsafe deserialization of untrusted data ([#​1598](https://redirect.github.com/securego/gosec/issues/1598)) - [`e7ea237`](https://redirect.github.com/securego/gosec/commit/e7ea2377aa2138d550e6d466ceef7a3164b4d7ea) feat: add G708 rule for server-side template injection via text/template ([#​1597](https://redirect.github.com/securego/gosec/issues/1597)) - [`8895462`](https://redirect.github.com/securego/gosec/commit/889546214c90564feb348e14fd1bf526295e0b2d) fix(G118): eliminate false positive when cancel is called via struct field in a closure ([#​1596](https://redirect.github.com/securego/gosec/issues/1596)) - [`619ce21`](https://redirect.github.com/securego/gosec/commit/619ce2117e086b696f9357dc3422c18c2d0262bf) Fix infinite recursion in interprocedural taint analysis ([#​1594](https://redirect.github.com/securego/gosec/issues/1594)) - [`0e0eb17`](https://redirect.github.com/securego/gosec/commit/0e0eb1792f3ced1edfe332daa388f088d4bd2f08) Fix G118 false positive when cancel is stored in returned struct field ([#​1593](https://redirect.github.com/securego/gosec/issues/1593)) - [`59a9da0`](https://redirect.github.com/securego/gosec/commit/59a9da022f37d928b5c26c2b720e5f43f4a3e9b4) Fix G118 false positive on cancel called inside goroutine closure ([#​1592](https://redirect.github.com/securego/gosec/issues/1592)) - [`cbf46b8`](https://redirect.github.com/securego/gosec/commit/cbf46b8771cfe2f02d3f935469c7898198d901f4) fix(analyzer): per-package rule instantiation eliminates concurrent map crash ([#​1589](https://redirect.github.com/securego/gosec/issues/1589)) - [`c6c3ba8`](https://redirect.github.com/securego/gosec/commit/c6c3ba865980cf3333c8bcaa93b4b9b7a4858bba) chore(deps): update all dependencies ([#​1588](https://redirect.github.com/securego/gosec/issues/1588)) - [`c709ed8`](https://redirect.github.com/securego/gosec/commit/c709ed8be30a01d52ef51a099f5da6fc23dd3e31) fix(G118): treat returned cancel func as called (fixes [#​1584](https://redirect.github.com/securego/gosec/issues/1584)) ([#​1585](https://redirect.github.com/securego/gosec/issues/1585)) - [`fa74dd7`](https://redirect.github.com/securego/gosec/commit/fa74dd7069d482a37b1207afbeffbfc7681a47f8) chore(go): update supported Go versions to 1.25.8 and 1.26.1 ([#​1583](https://redirect.github.com/securego/gosec/issues/1583)) - [`cd1f29e`](https://redirect.github.com/securego/gosec/commit/cd1f29ec710ed24a305edf5908f52240addb1811) Update the README with the correct version of the Github action for gosec ([#​1582](https://redirect.github.com/securego/gosec/issues/1582)) - [`5887aee`](https://redirect.github.com/securego/gosec/commit/5887aee36f8b982ecb71885fde827ec0e84d98a2) chore(deps): update all dependencies ([#​1579](https://redirect.github.com/securego/gosec/issues/1579)) - [`6641fcf`](https://redirect.github.com/securego/gosec/commit/6641fcf966593bf52ed426aa262839b340d56375) Fix G115 false positives for guarded int64-to-byte conversions ([#​1578](https://redirect.github.com/securego/gosec/issues/1578)) - [`3c9c3da`](https://redirect.github.com/securego/gosec/commit/3c9c3da6924bb1daeea428e28ec9ac5fa5a09c25) Update the container image migration notice ([#​1576](https://redirect.github.com/securego/gosec/issues/1576)) - [`973e94e`](https://redirect.github.com/securego/gosec/commit/973e94e8fc181de08ab86b212e6475221e777069) chore(action): bump gosec to 2.24.7 ([#​1575](https://redirect.github.com/securego/gosec/issues/1575)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiU2tpcCBDaGFuZ2Vsb2ciLCJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
renovate[bot]
GitHub
@@ -186,7 +186,7 @@ require (
|
||||
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
|
||||
github.com/sashamelentyev/interfacebloat v1.1.0 // indirect
|
||||
github.com/sashamelentyev/usestdlibvars v1.29.0 // indirect
|
||||
github.com/securego/gosec/v2 v2.24.8-0.20260316110558-744bfb5ef06e // indirect
|
||||
github.com/securego/gosec/v2 v2.25.0 // indirect
|
||||
github.com/sergi/go-diff v1.4.0 // indirect
|
||||
github.com/sirupsen/logrus v1.9.4 // indirect
|
||||
github.com/sivchari/containedctx v1.0.3 // indirect
|
||||
|
||||
@@ -423,8 +423,8 @@ github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tM
|
||||
github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ=
|
||||
github.com/sashamelentyev/usestdlibvars v1.29.0 h1:8J0MoRrw4/NAXtjQqTHrbW9NN+3iMf7Knkq057v4XOQ=
|
||||
github.com/sashamelentyev/usestdlibvars v1.29.0/go.mod h1:8PpnjHMk5VdeWlVb4wCdrB8PNbLqZ3wBZTZWkrpZZL8=
|
||||
github.com/securego/gosec/v2 v2.24.8-0.20260316110558-744bfb5ef06e h1:M6y0Qs4E1uGbWieIUpYOoi5tSzom8VjK82fZ+zrDBV0=
|
||||
github.com/securego/gosec/v2 v2.24.8-0.20260316110558-744bfb5ef06e/go.mod h1:Df9epVWULQnN5Fc8eGXL9rLJ3a1/yuy7CL38zBfUQms=
|
||||
github.com/securego/gosec/v2 v2.25.0 h1:8fN1/16qO0aA3ktgU9nDW5PdrCPd4vgpgaPM8ZE+aEA=
|
||||
github.com/securego/gosec/v2 v2.25.0/go.mod h1:JjqD2HhHtH1GQYb2r2iYdqBihiA3wo5be9BED8+Uv5c=
|
||||
github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
|
||||
github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
|
||||
github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
|
||||
|
||||
Reference in New Issue
Block a user