------------------------------------------------------------------- Tue Jun 21 03:00:17 UTC 2022 - Jeff Kowalczyk - Enable _service tar_scm changelog automation - Commit _servicedata to support tar_scm changelog automation ------------------------------------------------------------------- Wed Jun 15 06:40:28 UTC 2022 - Felix Niederwanger - Update to version 2.12.0: * chore(deps): update all dependencies (#822) * Add check for usage of Rat.SetString in math/big with an overflow error (#819) * Remove additional `--update` for apk in Dockerfile (#818) * Update x/tools to pick up fix for golang/go#51629 (#817) * chore(deps): update all dependencies (#816) * chore(deps): update all dependencies (#812) * chore(deps): update all dependencies (#811) * Add new rule for Slowloris Attack * Fix the dependencies after renovate upate (#806) * chore(deps): update all dependencies (#805) * Update the description message of template rule (#803) * Fix typo in ReadMe (#802) * Fix build after renovate update (#800) * Fix use rule IDs to retrieve the rule config * chore(deps): update all dependencies (#796) ------------------------------------------------------------------- Tue Mar 22 08:10:13 UTC 2022 - Felix Niederwanger * Update to version 2.11.0 - Enable Go 1.18 in the ci and release workflows - Fix the lint action after upgrade (#790) - chore(deps): update all dependencies (#789) - Add a recursive flag -r to skip specifying ./... path - Adds directory traversal for Http.Dir("/") ------------------------------------------------------------------- Wed Mar 2 07:35:25 UTC 2022 - Felix Niederwanger * Update to version 2.10.0: - Extend the release action to sign the docker image and binary files with cosign (#781) - feat: add concurrency option to parallelize package loading (#778) - chore(deps): update all dependencies - Process the code snippet before adding it to the SARIF report - Updated sponsor link in README.md - chore(deps): update golang.org/x/crypto commit hash to 30dcbda - chore(deps): update all dependencies - Use the CWE name as a name in the SARIF report - chore(deps): update all dependencies (#771) - Resolve the TLS min version when is declarted in the same package but in a different file - Add a test for tls min version defined in a different file - chore(deps): update all dependencies (#765) ------------------------------------------------------------------- Fri Jan 21 07:49:30 UTC 2022 - Felix Niederwanger * Update to version 2.9.6: - Add db.Exec and db.Prepare to the sql rule (#763) - chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764) - Add os.Create to the readfile rule (#761) - Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759) - chore(deps): update dependency highlight.js to v11.4.0 (#758) - Fix false negatives for SQL injection in multi-line queries - Find G303 with filepath.Join'd temp dirs (#754) - Find more tempdirs - build(fmt): use [ instead of [[ (#751) - Update to ginkgo v2 (#753) - Fix #743 (#748) - Handle nil when looking up a file by position into a package (#747) - Add in the config file settings for exclude and include options - chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745) - Track both #nosec and #nosec rulelist for one violation (#741) - Add the sponsors section in the README file (#740) - Remove space between // and #nosec in examples and internal use ------------------------------------------------------------------- Fri Jan 14 09:33:28 UTC 2022 - Felix Niederwanger - Add position-independent executable to compiler flags ------------------------------------------------------------------- Fri Jan 14 09:15:56 UTC 2022 - Felix Niederwanger - Add version 2.9.5