Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Go: Bump github.com/securego/gosec/v2 from 2.12.0 to 2.14.0 #6249

Merged
merged 1 commit into from
Oct 24, 2022
Merged

Go: Bump github.com/securego/gosec/v2 from 2.12.0 to 2.14.0 #6249

merged 1 commit into from
Oct 24, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 23, 2022

Bumps github.com/securego/gosec/v2 from 2.12.0 to 2.14.0.

Release notes

Sourced from github.com/securego/gosec/v2's releases.

v2.14.0

Changelog

  • 1af1d5b Pin release build to Go version 1.19.2 (#882)
  • 0ae0174 Refactor to support duplicate imports with different aliases (#865)
  • a2719d3 chore(deps): update all dependencies (#881)
  • ed38681 go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)
  • 8466173 Update Go version to 1.19 in the makefile (#876)
  • f9ad0d8 chore(deps): update all dependencies (#875)
  • 6cd9e62 Add CWE-676 to cwe mapping (#874)
  • bb4a1e3 chore(deps): update all dependencies (#872)
  • 7ea37bb Add a way to use private repositories on GitHub (#869)
  • e244c81 chore(deps): update all dependencies (#868)
  • e9b2781 Check go version when installing govulncheck
  • 88c23de Check go version when running govulncheck
  • 84f6424 Add vulncheck to the test steps
  • 180fc23 chore(deps): update all dependencies
  • dfde579 Fix false positives for G404 with aliased packages
  • aaaf80c chore(deps): update all dependencies
  • ae58325 chore(deps): update all dependencies
  • a892be9 fix: add a CWE ID mapping to rule G114
  • a319b66 chore(deps): update golang.org/x/crypto digest to bc19a97

v2.13.1

Changelog

  • 19fa856 fix: make sure that nil Cwe pointer is handled when getting the CWE ID
  • 62fa4b4 test: remove white spaces from template
  • 074dc71 fix: handle nil CWE pointer in text template

v2.13.0

Changelog

  • 79a5b13 chore(deps): update dependency babel-standalone to v7
  • 97f03d9 chore: update module go to 1.19
  • 0ba05e1 chore: fix lint warnings
  • d3933f9 chore: add support for Go 1.19
  • 4e68fb5 fix: parsing of the Go version (#844)
  • 0c8e63e Detect use of net/http functions that have no support for setting timeouts (#842)
  • 6a26c23 Refactor SQL rules for better extensibility (#841)
  • 1b0873a chore(deps): update module golang.org/x/tools to v0.1.12 (#840)
  • 845483e Fix lint warning
  • 45bf9a6 Check the suppressed issues when generating the exit code
  • a5982fb Fix for G402. Check package path instead of package name (#838)
  • ea6d49d fix G204 bugs (#835)
  • 21fcd2f Phase out support for Go 1.16 since is not supported anymore by Go team (#837)
  • 3cda47a chore(deps): update all dependencies (#836)
  • 0212c83 chore(deps): update dependency highlight.js to v11.6.0 (#830)
  • 9a25f4e fix: filepaths with git anywhere in them being erroneously excluded (#828)
  • 602ced7 Fix wrong location for G109 (#829)
  • 7dd9ddd chore(deps): update golang.org/x/crypto digest to 0559593 (#826)
  • b0f3e78 fix ReadTimeout for G112 rule
  • 05f3ca8 Pin cosign-installer to v2 (#824)
Commits
  • 1af1d5b Pin release build to Go version 1.19.2 (#882)
  • 0ae0174 Refactor to support duplicate imports with different aliases (#865)
  • a2719d3 chore(deps): update all dependencies (#881)
  • ed38681 go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)
  • 8466173 Update Go version to 1.19 in the makefile (#876)
  • f9ad0d8 chore(deps): update all dependencies (#875)
  • 6cd9e62 Add CWE-676 to cwe mapping (#874)
  • bb4a1e3 chore(deps): update all dependencies (#872)
  • 7ea37bb Add a way to use private repositories on GitHub (#869)
  • e244c81 chore(deps): update all dependencies (#868)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Go: Bump github.com/securego/gosec/v2 from 2.12.0 to 2.14.0
186c92f 
Bumps [github.com/securego/gosec/v2](https://github.com/securego/gosec) from 2.12.0 to 2.14.0.
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](securego/gosec@v2.12.0...v2.14.0)

---
updated-dependencies:
- dependency-name: github.com/securego/gosec/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added area/dependency Issues or PRs related to dependency changes. This label is also used on all Dependabot PRs do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. Required by Prow. kind/task Issue is actionable task ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Oct 23, 2022
@dependabot dependabot bot requested a review from a team October 23, 2022 21:46
@openshift-ci openshift-ci bot requested review from feloy and rm3l October 23, 2022 21:46
@netlify
Copy link

netlify bot commented Oct 23, 2022
edited
Loading

Deploy Preview for odo-docusaurus-preview canceled.

Name Link
🔨 Latest commit 186c92f
🔍 Latest deploy log https://app.netlify.com/sites/odo-docusaurus-preview/deploys/6355b6459894ef00080f32c4

@openshift-ci
Copy link

openshift-ci bot commented Oct 23, 2022

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a redhat-developer member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@odo-robot
Copy link

odo-robot bot commented Oct 23, 2022

Unit Tests on commit finished successfully.
View logs: TXT HTML

@odo-robot
Copy link

odo-robot bot commented Oct 23, 2022

Validate Tests on commit finished successfully.
View logs: TXT HTML

@odo-robot
Copy link

odo-robot bot commented Oct 23, 2022

Windows Tests (OCP) on commit finished successfully.
View logs: TXT HTML

@odo-robot
Copy link

odo-robot bot commented Oct 23, 2022

Kubernetes Tests on commit finished successfully.
View logs: TXT HTML

@odo-robot
Copy link

odo-robot bot commented Oct 23, 2022

OpenShift Tests on commit finished successfully.
View logs: TXT HTML

rm3l
rm3l approved these changes Oct 24, 2022
View reviewed changes
Copy link
Member

@rm3l rm3l left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@rm3l rm3l removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. Required by Prow. label Oct 24, 2022
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. Required by Prow. label Oct 24, 2022
@openshift-ci
Copy link

openshift-ci bot commented Oct 24, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rm3l

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. Required by Prow. label Oct 24, 2022
@rm3l
Copy link
Member

rm3l commented Oct 24, 2022

/override NoCluster-Integration-tests/NoCluster-Integration-tests

Not applicable to this PR. This pipeline stage will make sense once #6242 is merged in.

@openshift-ci
Copy link

openshift-ci bot commented Oct 24, 2022

@rm3l: Overrode contexts on behalf of rm3l: NoCluster-Integration-tests/NoCluster-Integration-tests

In response to this:

/override NoCluster-Integration-tests/NoCluster-Integration-tests

Not applicable to this PR. This pipeline stage will make sense once #6242 is merged in.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-merge-robot openshift-merge-robot merged commit 5a41b26 into main Oct 24, 2022
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/securego/gosec/v2-2.14.0 branch October 24, 2022 10:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rm3l rm3l rm3l approved these changes

@feloy feloy Awaiting requested review from feloy

Assignees

@rm3l rm3l

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. Required by Prow. area/dependency Issues or PRs related to dependency changes. This label is also used on all Dependabot PRs kind/task Issue is actionable task lgtm Indicates that a PR is ready to be merged. Required by Prow. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rm3l @openshift-merge-robot