Accepting request 1116472 from home:jfkw:branches:devel:languages:go

- Update to version 2.18.0:
  * Update the action to use gosec version v2.18.0 (#1029)
  * Use a step ID in github release action to get the digest of the image (#1028)
  * Update to go version 1.21.2 and 1.20.9 (#1027)
  * chore(deps): update all dependencies (#1026)
  * Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
  * Fix typos in struct fields, comments, and docs (#1023)
  * chore(deps): update all dependencies
  * Fix lint warning
  * Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
  * Fix lint warnings
  * Update ginkgo to latest version
  * Redesign and reimplement the slice out of bounds check using SSA code representation
  * docs: add reMarkable to users list
  * chore(deps): update all dependencies
  * Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
  * Update to latest go version
  * chore(deps): update all dependencies (#1011)
  * Fix hardcoded_credentials rule to only match on more specific patterns (#1009)
  * chore(deps): update all dependencies (#1008)
  * Exclude maps from slince bounce check rule (#1006)
  * Ignore struct pointers in G601 (#1003)
  * Update gosec image version to 2.17.0 in the Github action (#1002)
- Packaging improvements:
  * Use BuildRequires: golang(API) >= 1.20 instead of go >= 1.20.
    The go metapackage points to a single go version that
    increments at a date TBD after each go1.x major release. The
    expression golang(API) is available immediately upon each go1.x
    major release and is stable for expressing the minimum version
    or a temporarily pinned version.
  * Summary and Description clarify the purpose of this CLI tool
  * Use Group: Development/Languages/Go instead of Other
  * Drop BuildRequires: golang-packaging. The recommended Go
    toolchain dependency is BuildRequires: golang(API) >= 1.x or
    optionally the metapackage BuildRequires: go
  * Drop Requires: golang-packaging. The original macros for file
    movements into GOPATH are obsolete with Go modules. Macro
    go_nostrip is no longer needed with current binutils and Go.
  * Remove %%{go_nostrip} macro which is no longer recommended

OBS-URL: https://build.opensuse.org/request/show/1116472
OBS-URL: https://build.opensuse.org/package/show/devel:languages:go/gosec?expand=0&rev=23

gosec.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Mon Oct  9 13:23:33 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- Packaging improvements:
+  * Summary and Description clarify the purpose of this CLI tool
+  * Use Group: Development/Languages/Go instead of Other
+  * Drop BuildRequires: golang-packaging. The recommended Go
+    toolchain dependency is BuildRequires: golang(API) >= 1.x or
+    optionally the metapackage BuildRequires: go
+  * Drop Requires: golang-packaging. The original macros for file
+    movements into GOPATH are obsolete with Go modules. Macro
+    go_nostrip is no longer needed with current binutils and Go.
+  * Remove %%{go_nostrip} macro which is no longer recommended
+
 -------------------------------------------------------------------
 Mon Oct 09 09:02:02 UTC 2023 - felix.niederwanger@suse.com
 
@@ -24,6 +38,13 @@ Mon Oct 09 09:02:02 UTC 2023 - felix.niederwanger@suse.com
   * Exclude maps from slince bounce check rule (#1006)
   * Ignore struct pointers in G601 (#1003)
   * Update gosec image version to 2.17.0 in the Github action (#1002)
+- Packaging improvements:
+  * Use BuildRequires: golang(API) >= 1.20 instead of go >= 1.20.
+    The go metapackage points to a single go version that
+    increments at a date TBD after each go1.x major release. The
+    expression golang(API) is available immediately upon each go1.x
+    major release and is stable for expressing the minimum version
+    or a temporarily pinned version.
 
 -------------------------------------------------------------------
 Thu Aug 17 12:57:28 UTC 2023 - Felix Niederwanger felix.niederwanger@suse.com

gosec.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package gosec
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,18 +19,18 @@
 Name:           gosec
 Version:        2.18.0
 Release:        0
-Summary:        Golang security checker
+Summary:        CLI tool to scan the Go AST and SSA code representations for security problems
 License:        Apache-2.0
-Group:          Development/Languages/Other
+Group:          Development/Languages/Go
 URL:            https://github.com/securego/gosec
 Source:         gosec-%{version}.tar.xz
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) >= 1.20
-BuildRequires:  golang-packaging
-%{go_nostrip}
 
 %description
-Inspects source code for security problems by scanning the go abstract syntax tree.
+CLI tool to inspect Go source code for security problems by scanning the
+abstract syntax tree (AST) and static single-assignment (SSA) code
+representations.
 
 %prep
 %autosetup -D -a 1