------------------------------------------------------------------- Mon Oct 17 13:45:23 UTC 2022 - Felix Niederwanger * Update to versin 2.14.0 - Pin release build to Go version 1.19.2 (#882) - Refactor to support duplicate imports with different aliases (#865) - chore(deps): update all dependencies (#881) - go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880) - Update Go version to 1.19 in the makefile (#876) - chore(deps): update all dependencies (#875) - Add CWE-676 to cwe mapping (#874) - chore(deps): update all dependencies (#872) - Add a way to use private repositories on GitHub (#869) - chore(deps): update all dependencies (#868) - Check go version when installing govulncheck - Check go version when running govulncheck - Add vulncheck to the test steps - chore(deps): update all dependencies - Fix false positives for G404 with aliased packages - chore(deps): update all dependencies - chore(deps): update all dependencies - fix: add a CWE ID mapping to rule G114 - chore(deps): update golang.org/x/crypto digest to bc19a97 ------------------------------------------------------------------- Mon Aug 22 08:47:01 UTC 2022 - Felix Niederwanger * Update to version 2.13.1 - fix: make sure that nil Cwe pointer is handled when getting the CWE ID - test: remove white spaces from template - fix: handle nil CWE pointer in text template * Update to version 2.13.0 - chore(deps): update dependency babel-standalone to v7 - chore: update module go to 1.19 - chore: fix lint warnings - chore: add support for Go 1.19 - fix: parsing of the Go version (#844) - Detect use of net/http functions that have no support for setting timeouts (#842) - Refactor SQL rules for better extensibility (#841) - chore(deps): update module golang.org/x/tools to v0.1.12 (#840) - Fix lint warning - Check the suppressed issues when generating the exit code - Fix for G402. Check package path instead of package name (#838) - fix G204 bugs (#835) - Phase out support for Go 1.16 since is not supported anymore by Go team (#837) - chore(deps): update all dependencies (#836) - chore(deps): update dependency highlight.js to v11.6.0 (#830) - fix: filepaths with git anywhere in them being erroneously excluded (#828) - Fix wrong location for G109 (#829) - chore(deps): update golang.org/x/crypto digest to 0559593 (#826) - fix ReadTimeout for G112 rule - Pin cosign-installer to v2 (#824) * Update to version 2.12.0 - chore(deps): update all dependencies (#822) - Add check for usage of Rat.SetString in math/big with an overflow error (#819) - Remove additional --update for apk in Dockerfile (#818) - Update x/tools to pick up fix for golang/go#51629 (#817) - chore(deps): update all dependencies (#816) - chore(deps): update all dependencies (#812) - chore(deps): update all dependencies (#811) - Add new rule for Slowloris Attack - Fix the dependencies after renovate upate (#806) - chore(deps): update all dependencies (#805) - Update the description message of template rule (#803) - Fix typo in ReadMe (#802) - Fix build after renovate update (#800) - Fix use rule IDs to retrieve the rule config - chore(deps): update all dependencies (#796) ------------------------------------------------------------------- Tue Mar 22 08:10:13 UTC 2022 - Felix Niederwanger * Update to version 2.11.0 - Enable Go 1.18 in the ci and release workflows - Fix the lint action after upgrade (#790) - chore(deps): update all dependencies (#789) - Add a recursive flag -r to skip specifying ./... path - Adds directory traversal for Http.Dir("/") ------------------------------------------------------------------- Wed Mar 2 07:35:25 UTC 2022 - Felix Niederwanger * Update to version 2.10.0: - Extend the release action to sign the docker image and binary files with cosign (#781) - feat: add concurrency option to parallelize package loading (#778) - chore(deps): update all dependencies - Process the code snippet before adding it to the SARIF report - Updated sponsor link in README.md - chore(deps): update golang.org/x/crypto commit hash to 30dcbda - chore(deps): update all dependencies - Use the CWE name as a name in the SARIF report - chore(deps): update all dependencies (#771) - Resolve the TLS min version when is declarted in the same package but in a different file - Add a test for tls min version defined in a different file - chore(deps): update all dependencies (#765) ------------------------------------------------------------------- Fri Jan 21 07:49:30 UTC 2022 - Felix Niederwanger * Update to version 2.9.6: - Add db.Exec and db.Prepare to the sql rule (#763) - chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764) - Add os.Create to the readfile rule (#761) - Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759) - chore(deps): update dependency highlight.js to v11.4.0 (#758) - Fix false negatives for SQL injection in multi-line queries - Find G303 with filepath.Join'd temp dirs (#754) - Find more tempdirs - build(fmt): use [ instead of [[ (#751) - Update to ginkgo v2 (#753) - Fix #743 (#748) - Handle nil when looking up a file by position into a package (#747) - Add in the config file settings for exclude and include options - chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745) - Track both #nosec and #nosec rulelist for one violation (#741) - Add the sponsors section in the README file (#740) - Remove space between // and #nosec in examples and internal use ------------------------------------------------------------------- Fri Jan 14 09:33:28 UTC 2022 - Felix Niederwanger - Add position-independent executable to compiler flags ------------------------------------------------------------------- Fri Jan 14 09:15:56 UTC 2022 - Felix Niederwanger - Add version 2.9.5