gosec/gosec.changes

-------------------------------------------------------------------
Tue Jun 21 03:00:17 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com>

- Enable _service tar_scm changelog automation
- Commit _servicedata to support tar_scm changelog automation

-------------------------------------------------------------------
Wed Jun 15 06:40:28 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>

- Update to version 2.12.0:
  * chore(deps): update all dependencies (#822)
  * Add check for usage of Rat.SetString in math/big with an overflow error (#819)
  * Remove additional `--update` for apk in Dockerfile (#818)
  * Update x/tools to pick up fix for golang/go#51629 (#817)
  * chore(deps): update all dependencies (#816)
  * chore(deps): update all dependencies (#812)
  * chore(deps): update all dependencies (#811)
  * Add new rule for Slowloris Attack
  * Fix the dependencies after renovate upate (#806)
  * chore(deps): update all dependencies (#805)
  * Update the description message of template rule (#803)
  * Fix typo in ReadMe (#802)
  * Fix build after renovate update (#800)
  * Fix use rule IDs to retrieve the rule config
  * chore(deps): update all dependencies (#796)

-------------------------------------------------------------------
Tue Mar 22 08:10:13 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>

* Update to version 2.11.0

- Enable Go 1.18 in the ci and release workflows
- Fix the lint action after upgrade (#790)
- chore(deps): update all dependencies (#789)
- Add a recursive flag -r to skip specifying ./... path
- Adds directory traversal for Http.Dir("/")

-------------------------------------------------------------------
Wed Mar  2 07:35:25 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>

* Update to version 2.10.0:

- Extend the release action to sign the docker image and binary files with cosign (#781)
- feat: add concurrency option to parallelize package loading (#778)
- chore(deps): update all dependencies
- Process the code snippet before adding it to the SARIF report
- Updated sponsor link in README.md
- chore(deps): update golang.org/x/crypto commit hash to 30dcbda
- chore(deps): update all dependencies
- Use the CWE name as a name in the SARIF report
- chore(deps): update all dependencies (#771)
- Resolve the TLS min version when is declarted in the same package but in a different file
- Add a test for tls min version defined in a different file
- chore(deps): update all dependencies (#765)

-------------------------------------------------------------------
Fri Jan 21 07:49:30 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>

* Update to version 2.9.6:

- Add db.Exec and db.Prepare to the sql rule (#763)
- chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764)
- Add os.Create to the readfile rule (#761)
- Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759)
- chore(deps): update dependency highlight.js to v11.4.0 (#758)
- Fix false negatives for SQL injection in multi-line queries
- Find G303 with filepath.Join'd temp dirs (#754)
- Find more tempdirs
- build(fmt): use [ instead of [[ (#751)
- Update to ginkgo v2 (#753)
- Fix #743 (#748)
- Handle nil when looking up a file by position into a package (#747)
- Add in the config file settings for exclude and include options
- chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745)
- Track both #nosec and #nosec rulelist for one violation (#741)
- Add the sponsors section in the README file (#740)
- Remove space between // and #nosec in examples and internal use

-------------------------------------------------------------------
Fri Jan 14 09:33:28 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>

- Add position-independent executable to compiler flags

-------------------------------------------------------------------
Fri Jan 14 09:15:56 UTC 2022 - Felix Niederwanger <felix.niederwanger@suse.com>

- Add version 2.9.5