Accepting request 1322256 from devel:languages:go

- Update to version 2.22.11:
  * feature: add rule for trojan source (#1431)
  * feat(ai): add OpenAI and custom API provider support (#1424)
  * chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1437)
  * chore(deps): update module google.golang.org/genai to v1.37.0 (#1435)
  * refactor: simplify report functions in main.go (#1434)
  * Update go to 1.25.5 and 1.24.11 in CI (#1433)
  * chore(deps): update all dependencies (#1425)
  * feat(ai): add support for latest Claude models and update provider flags (#1423)
  * Bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#1427)
  * chore(deps): update module golang.org/x/crypto to v0.45.0 [security] (#1428)
  * fix: correct schema with temporary placeholder (#1418)
  * perf: skip SSA analysis if no analyzers are loaded (#1419)
  * test: add sarif validation (#1417)
  * chore(deps): update all dependencies (#1421)
  * Update go to version 1.25.4 and 1.24.10 in CI (#1415)
  * fix: build tag parsing. (#1413)
  * chore(deps): update all dependencies (#1411)
  * chore(deps): update all dependencies (#1409)
  * chore(deps): update all dependencies (#1408)
  * Update gosec to version v2.22.10 in the github action (#1405) (forwarded request 1322206 from ph03nix)

OBS-URL: https://build.opensuse.org/request/show/1322256
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gosec?expand=0&rev=29

_scmsync.obsinfo

@@ -0,0 +1,4 @@
+mtime: 1739456723
+commit: faf3e5d004e8c042a9eaed95f61a413dc329963cca77f1bd69d2a085cd0e90be
+url: https://src.opensuse.org/ph03nix/gosec
+revision: main

_service

@@ -4,7 +4,8 @@
     <param name="filename">gosec</param>
     <param name="url">https://github.com/securego/gosec.git</param>
     <param name="scm">git</param>
-    <param name="version">v2.22.0</param>
+	<param name="revision">v2.22.11</param>
+	<param name="match-tag">v*</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
@@ -17,6 +18,6 @@
     <param name="compression">xz</param>
   </service>
   <service name="go_modules" mode="manual">
-    <param name="compression">gz</param>
+    <param name="compression">xz</param>
   </service>
 </services>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/securego/gosec.git</param>
-              <param name="changesrevision">e0cca6fe95306b7e7790d6f1bf6a7bec6d622459</param></service></servicedata>
+              <param name="changesrevision">424fc4cd9c82ea0fd6bee9cd49c2db2c3cc0c93f</param></service></servicedata>

build.specials.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1defb3c4642786733b0412bb7939ff1268fde6cefd698bd537e7fc0ed80e7ea7
+size 280

gosec-2.22.0.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:61eded3f01013c104b35a0263e2a2ad328d88edd484d7c5975938577ac65d829
-size 777740

gosec-2.22.11.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:53fe2cd2ecdb3da46f3eb33a07d35b25c9e08233067eaee40850a13edb9057eb
+size 844300

gosec.changes

@@ -1,3 +1,169 @@
+-------------------------------------------------------------------
+Thu Dec 11 12:38:36 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
+
+- Update to version 2.22.11:
+  * feature: add rule for trojan source (#1431)
+  * feat(ai): add OpenAI and custom API provider support (#1424)
+  * chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1437)
+  * chore(deps): update module google.golang.org/genai to v1.37.0 (#1435)
+  * refactor: simplify report functions in main.go (#1434)
+  * Update go to 1.25.5 and 1.24.11 in CI (#1433)
+  * chore(deps): update all dependencies (#1425)
+  * feat(ai): add support for latest Claude models and update provider flags (#1423)
+  * Bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#1427)
+  * chore(deps): update module golang.org/x/crypto to v0.45.0 [security] (#1428)
+  * fix: correct schema with temporary placeholder (#1418)
+  * perf: skip SSA analysis if no analyzers are loaded (#1419)
+  * test: add sarif validation (#1417)
+  * chore(deps): update all dependencies (#1421)
+  * Update go to version 1.25.4 and 1.24.10 in CI (#1415)
+  * fix: build tag parsing. (#1413)
+  * chore(deps): update all dependencies (#1411)
+  * chore(deps): update all dependencies (#1409)
+  * chore(deps): update all dependencies (#1408)
+  * Update gosec to version v2.22.10 in the github action (#1405)
+
+-------------------------------------------------------------------
+Wed Oct 15 09:47:09 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
+
+- Update to version 2.22.10:
+  * Update go to version 1.25.3 and 1.24.9 in CI (#1404)
+  * chore(deps): update all dependencies (#1402)
+  * Update go to version 1.25.2 and 2.24.8 in CI (#1401)
+  * chore(deps): update all dependencies (#1399)
+  * check nil slices, partially check bounds (#1396)
+  * Remove unused target from the makefile
+  * Use the ginkgo command install by the dependencies
+  * Keep the go module at 1.24 version for compatibility reasons
+  * Remove manual test deps
+  * fix: text must be supplied when markdown is used
+  * fix: improve error message of CheckAnalyzers
+  * fix: log panic on SSA
+  * chore(deps): update all dependencies
+  * Update gosec to version v.22.9 in the github action
+
+-------------------------------------------------------------------
+Mon Sep 22 12:36:33 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
+
+- Update to version 2.22.9:
+  * Update cosign to v2.6.0 and go in the CI to latest version
+  * fix(autofix): unnecessary conversion
+  * feat(autofix): update gemini sdk and add anthropic claude
+  * feat(G304): add os.Root remediation hint (Autofix) when Go >= 1.24
+  * chore(deps): update all dependencies
+  * refactor(G304): remove unused trackJoin helper; no functional change
+  * style: gofmt rules/readfile.go
+  * test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed)
+  * rules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Consider safe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed
+  * rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #1309 report\n- Rules tests: 42 passed
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * Update gosec version to v2.22.8 in the Github action
+
+-------------------------------------------------------------------
+Mon Aug 18 08:29:42 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
+
+- Update to version 2.22.8:
+  * Add support for go version 1.25.0
+  * Update go version in CI to 1.24.6 and 1.23.12
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * Update github action to release v2.22.7
+
+-------------------------------------------------------------------
+Tue Jul 29 07:04:07 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
+
+- Update to version 2.22.7:
+  * Fix crash in hardcoded_nonce analyzer
+  * Update go action to use release v2.22.6
+  * Update go version to 1.24.5 and 1.23.11 in the CI
+  * chore(deps): update module google.golang.org/api to v0.242.0
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * chore(deps): update all dependencies
+  * Do not allow dashes in file names
+  * Update gosec to version 2.22.5 in Github action
+
+-------------------------------------------------------------------
+Mon Jun 16 14:06:09 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
+
+- Update to version 2.22.5:
+  * Switch back go.mod to minimum 1.23.0
+  * Update dependencies
+  * Update go version 1.24.4 and 1.23.10 in CI
+  * chore(deps): update all dependencies
+  * G201/G202: add checks for injection into sql.Conn methods
+  * chore(deps): update module google.golang.org/api to v0.235.0
+  * chore(deps): update module google.golang.org/api to v0.234.0
+  * chore(deps): update module google.golang.org/api to v0.233.0
+  * chore(deps): update module google.golang.org/api to v0.232.0
+
+-------------------------------------------------------------------
+Thu May 22 08:30:48 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
+
+- Switch vendor from gz to xz for consistency
+
+-------------------------------------------------------------------
+Thu May 22 08:27:49 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
+
+- Switch from version to revision in _service
+
+-------------------------------------------------------------------
+Thu May 08 13:40:23 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
+
+- Update to version 2.22.4:
+  * Update to go version 1.24.3 and 1.23.9
+  * update: updated the build command to include version metadata
+  * chore(deps): update all dependencies
+  * Update the AI provider API key value when provided as an argument
+  * chore(deps): update module google.golang.org/api to v0.230.0
+  * chore(deps): update module google.golang.org/api to v0.229.0
+  * chore(deps): update all dependencies
+  * Comment the reason why the file can be nil when an issue is created
+  * Handle nil file when creating a new issue
+  * chore(deps): update all dependencies (#1333)
+
+-------------------------------------------------------------------
+Mon Apr 07 08:46:06 UTC 2025 - Felix Niederwanger <felix.niederwanger@suse.de>
+
+- Update to version 2.22.3:
+  * Update version in 'action.yml' to 2.22.3 (anticipating next version (#1332)
+  * Update go version to 1.24.2 and 1.23.8 (#1331)
+  * remove G113. It only affects old/unsupported versions of Go (#1328)
+  * chore(deps): update all dependencies (#1325)
+  * Add SSOJet (#1320)
+  * chore(deps): update all dependencies (#1319)
+  * Update the integrity sha for babel dependency in html report (#1316)
+  * Add support for `//gosec:disable` directive (#1314)
+  * chore(deps): update all dependencies (#1315)
+
+-------------------------------------------------------------------
+Thu Mar 06 16:20:12 UTC 2025 - felix.niederwanger@suse.de
+
+- Update to version 2.22.2:
+  * Update to go version 1.24.1 and 1.23.7 (#1313)
+  * chore(deps): update all dependencies (#1310)
+  * chore(deps): update all dependencies (#1308)
+  * Update gosec version in the GitHub action to v2.22.1 (#1307)
+  * chore(deps): update module google.golang.org/api to v0.221.0 (#1305)
+
+-------------------------------------------------------------------
+Thu Feb 13 14:18:59 UTC 2025 - felix.niederwanger@suse.de
+
+- Update to version 2.22.1:
+  * Update cosign to v2.4.2 (#1303)
+  * Add support for go 1.24 and phased out support for go 1.22 (#1302)
+  * chore(deps): update all dependencies (#1300)
+  * Update to go version 1.23.6 and 1.22.12 (#1299)
+  * chore(deps): update module google.golang.org/api to v0.219.0 (#1296)
+  * chore(deps): update module google.golang.org/api to v0.218.0 (#1294)
+  * Add test to conver unit parssing for G115 rule (#1293)
+  * Update to go version 1.23.5 and 1.22.11 (#1291)
+  * chore(deps): update all dependencies (#1290)
+  * Update gosec in github action to 2.22.0 (#1286)
+
 -------------------------------------------------------------------
 Thu Jan 09 12:31:07 UTC 2025 - felix.niederwanger@suse.de
 

gosec.obsinfo

@@ -1,4 +1,4 @@
 name: gosec
-version: 2.22.0
-mtime: 1736174493
-commit: e0cca6fe95306b7e7790d6f1bf6a7bec6d622459
+version: 2.22.11
+mtime: 1765444469
+commit: 424fc4cd9c82ea0fd6bee9cd49c2db2c3cc0c93f

gosec.spec

@@ -17,14 +17,14 @@
 
 
 Name:           gosec
-Version:        2.22.0
+Version:        2.22.11
 Release:        0
 Summary:        CLI tool to scan the Go AST and SSA code representations for security problems
 License:        Apache-2.0
 Group:          Development/Languages/Go
 URL:            https://github.com/securego/gosec
 Source:         gosec-%{version}.tar.xz
-Source1:        vendor.tar.gz
+Source1:        vendor.tar.xz
 BuildRequires:  golang(API) >= 1.20
 
 %description

vendor.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c36af65a141bd42d150d10d9b52b34954315b9d2f4a4ea7487ec358ae9d10a90
-size 6748815

vendor.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:35de6e3ce9149e066586b6aa05336a49b0a4a9bdc3fc0f1b1f128eac385fe958
+size 3918860