Accepting request 1116475 from devel:languages:go

- Update to version 2.18.0:
  * Update the action to use gosec version v2.18.0 (#1029)
  * Use a step ID in github release action to get the digest of the image (#1028)
  * Update to go version 1.21.2 and 1.20.9 (#1027)
  * chore(deps): update all dependencies (#1026)
  * Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
  * Fix typos in struct fields, comments, and docs (#1023)
  * chore(deps): update all dependencies
  * Fix lint warning
  * Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
  * Fix lint warnings
  * Update ginkgo to latest version
  * Redesign and reimplement the slice out of bounds check using SSA code representation
  * docs: add reMarkable to users list
  * chore(deps): update all dependencies
  * Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
  * Update to latest go version
  * chore(deps): update all dependencies (#1011)
  * Fix hardcoded_credentials rule to only match on more specific patterns (#1009)
  * chore(deps): update all dependencies (#1008)
  * Exclude maps from slince bounce check rule (#1006)
  * Ignore struct pointers in G601 (#1003)
  * Update gosec image version to 2.17.0 in the Github action (#1002)
- Packaging improvements:
  * Use BuildRequires: golang(API) >= 1.20 instead of go >= 1.20.
    The go metapackage points to a single go version that
    increments at a date TBD after each go1.x major release. The
    expression golang(API) is available immediately upon each go1.x
    major release and is stable for expressing the minimum version
    or a temporarily pinned version.
  * Summary and Description clarify the purpose of this CLI tool
  * Use Group: Development/Languages/Go instead of Other
  * Drop BuildRequires: golang-packaging. The recommended Go
    toolchain dependency is BuildRequires: golang(API) >= 1.x or
    optionally the metapackage BuildRequires: go
  * Drop Requires: golang-packaging. The original macros for file
    movements into GOPATH are obsolete with Go modules. Macro
    go_nostrip is no longer needed with current binutils and Go.
  * Remove %%{go_nostrip} macro which is no longer recommended (forwarded request 1116472 from jfkw)

OBS-URL: https://build.opensuse.org/request/show/1116475
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gosec?expand=0&rev=11

_service

@@ -3,7 +3,7 @@
     <param name="filename">gosec</param>
     <param name="url">https://github.com/securego/gosec.git</param>
     <param name="scm">git</param>
-    <param name="version">v2.17.0</param>
+    <param name="version">v2.18.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>

gosec-2.17.0.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d77c44272d39551d622d4bc05fe361ba8221b6fe1af46ca2a3207388391ebbeb
-size 623628

gosec-2.18.0.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:707983ecdee6ebfd8f602388245627bfeaa19ba660598246a26dd10326391b5f
+size 625676

gosec.changes

@@ -1,3 +1,51 @@
+-------------------------------------------------------------------
+Mon Oct  9 13:23:33 UTC 2023 - Jeff Kowalczyk <jkowalczyk@suse.com>
+
+- Packaging improvements:
+  * Summary and Description clarify the purpose of this CLI tool
+  * Use Group: Development/Languages/Go instead of Other
+  * Drop BuildRequires: golang-packaging. The recommended Go
+    toolchain dependency is BuildRequires: golang(API) >= 1.x or
+    optionally the metapackage BuildRequires: go
+  * Drop Requires: golang-packaging. The original macros for file
+    movements into GOPATH are obsolete with Go modules. Macro
+    go_nostrip is no longer needed with current binutils and Go.
+  * Remove %%{go_nostrip} macro which is no longer recommended
+
+-------------------------------------------------------------------
+Mon Oct 09 09:02:02 UTC 2023 - felix.niederwanger@suse.com
+
+- Update to version 2.18.0:
+  * Update the action to use gosec version v2.18.0 (#1029)
+  * Use a step ID in github release action to get the digest of the image (#1028)
+  * Update to go version 1.21.2 and 1.20.9 (#1027)
+  * chore(deps): update all dependencies (#1026)
+  * Enable gochecknoinits; fix lint issues; use consts for some vars (#1022)
+  * Fix typos in struct fields, comments, and docs (#1023)
+  * chore(deps): update all dependencies
+  * Fix lint warning
+  * Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
+  * Fix lint warnings
+  * Update ginkgo to latest version
+  * Redesign and reimplement the slice out of bounds check using SSA code representation
+  * docs: add reMarkable to users list
+  * chore(deps): update all dependencies
+  * Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
+  * Update to latest go version
+  * chore(deps): update all dependencies (#1011)
+  * Fix hardcoded_credentials rule to only match on more specific patterns (#1009)
+  * chore(deps): update all dependencies (#1008)
+  * Exclude maps from slince bounce check rule (#1006)
+  * Ignore struct pointers in G601 (#1003)
+  * Update gosec image version to 2.17.0 in the Github action (#1002)
+- Packaging improvements:
+  * Use BuildRequires: golang(API) >= 1.20 instead of go >= 1.20.
+    The go metapackage points to a single go version that
+    increments at a date TBD after each go1.x major release. The
+    expression golang(API) is available immediately upon each go1.x
+    major release and is stable for expressing the minimum version
+    or a temporarily pinned version.
+
 -------------------------------------------------------------------
 Thu Aug 17 12:57:28 UTC 2023 - Felix Niederwanger felix.niederwanger@suse.com
 

gosec.obsinfo

@@ -1,4 +1,4 @@
 name: gosec
-version: 2.17.0
-mtime: 1692258781
-commit: 6a2c5e16a1ffeee4e64cfe2fe830f8e9d1d09c98
+version: 2.18.0
+mtime: 1696840672
+commit: 3952187ea76579f7b405e90336a90a56114a4119

gosec.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package gosec
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,20 +17,20 @@
 
 
 Name:           gosec
-Version:        2.17.0
+Version:        2.18.0
 Release:        0
-Summary:        Golang security checker
+Summary:        CLI tool to scan the Go AST and SSA code representations for security problems
 License:        Apache-2.0
-Group:          Development/Languages/Other
+Group:          Development/Languages/Go
 URL:            https://github.com/securego/gosec
 Source:         gosec-%{version}.tar.xz
 Source1:        vendor.tar.gz
-BuildRequires:  go >= 1.20
-BuildRequires:  golang-packaging
-%{go_nostrip}
+BuildRequires:  golang(API) >= 1.20
 
 %description
-Inspects source code for security problems by scanning the go abstract syntax tree.
+CLI tool to inspect Go source code for security problems by scanning the
+abstract syntax tree (AST) and static single-assignment (SSA) code
+representations.
 
 %prep
 %autosetup -D -a 1

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3f4451ec22c33000809f08b7b542a8bc2101477706454e127356cdd36c59d019
-size 4180998
+oid sha256:f33061501a2579ae2390a12f31ca332a5a6c73662f1261f1e9028b69e82ad95d
+size 4180913