Open
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 🚀 New features to boost your workflow:
|
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
from
ca4489a to
bc7d82d
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
from
bc7d82d to
b33e0d4
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
6 times, most recently
from
452df29 to
0257e92
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
2 times, most recently
from
28fd0ab to
6c561be
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
2 times, most recently
from
17a0925 to
d5be166
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
2 times, most recently
from
d083627 to
efdf2ea
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
5 times, most recently
from
56af019 to
3570570
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
5 times, most recently
from
7ae2779 to
f9eaad9
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
3 times, most recently
from
f948e35 to
c93e00c
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
7 times, most recently
from
7c1c7e5 to
ba0645b
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
from
ba0645b to
3b644bc
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v5.0.0→v5.0.1v5.5.0→v5.6.00.33.1→v0.35.00.11.0→0.12.4v5.5.1→v5.5.4v2.22.10→v2.25.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
actions/checkout (actions/checkout)
v5.0.1Compare Source
What's Changed
Full Changelog: actions/checkout@v5...v5.0.1
actions/setup-go (actions/setup-go)
v5.6.0Compare Source
What's Changed
Full Changelog: actions/setup-go@v5...v5.6.0
aquasecurity/trivy-action (aquasecurity/trivy-action)
v0.35.0: Release: v0.35.0Compare Source
This release is a duplicate of 0.35.0 which was not compromised.
As part of our response to the recent supply chain attack, we have migrated all tags to use the
vprefix (e.g.,v0.35.0instead of0.35.0). Going forward, all new releases will use thevprefix convention.We have intentionally kept the
0.35.0tag intact to avoid breaking existing workflows that depend on it.If you are currently using
0.35.0, your workflows are safe — no action is required.v0.35.0Compare Source
What's Changed
Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0
v0.34.0Compare Source
projectcapsule/capsule (capsule)
v0.12.4Compare Source
Changelog
🐛 Bug fixes
a42d910: fix(controller): template concurrency (#1802) (@oliverbaehler)🛠 Dependency updates
8eea907: fix(deps): update k8s.io/utils digest to61b37f7(#1801) (@renovate[bot])Full Changelog: projectcapsule/capsule@v0.12.3...v0.12.4
Check out what's new in this release
Docker Images
ghcr.io/projectcapsule/capsule:0.12.4ghcr.io/projectcapsule/capsule:latestHelm Chart
View this release on Artifact Hub or use the OCI helm chart:
ghcr.io/projectcapsule/charts/capsule:0.12.4Review the Major Changes section first before upgrading to a new version
Thanks to all the contributors! 🚀 🦄
v0.12.3Compare Source
Changelog
🐛 Bug fixes
e19575b: fix(controller): allow no spaces in template references (#1789) (@oliverbaehler)Full Changelog: projectcapsule/capsule@v0.12.2...v0.12.3
Check out what's new in this release
Docker Images
ghcr.io/projectcapsule/capsule:0.12.3ghcr.io/projectcapsule/capsule:latestHelm Chart
View this release on Artifact Hub or use the OCI helm chart:
ghcr.io/projectcapsule/charts/capsule:0.12.3Review the Major Changes section first before upgrading to a new version
Thanks to all the contributors! 🚀 🦄
v0.12.2Compare Source
Changelog
🐛 Bug fixes
c06f54a: fix(controller): decode old object for delete requests (#1787) (@oliverbaehler)🛠 Dependency updates
c832f56: fix(deps): update module golang.org/x/sync to v0.19.0 (#1774) (@renovate[bot])cd5e2a8: fix(deps): update module k8s.io/apiextensions-apiserver to v0.34.3 (#1785) (@renovate[bot])2583215: fix(deps): update module k8s.io/dynamic-resource-allocation to v0.34.3 (#1786) (@renovate[bot])Full Changelog: projectcapsule/capsule@v0.12.1...v0.12.2
Check out what's new in this release
Docker Images
ghcr.io/projectcapsule/capsule:0.12.2ghcr.io/projectcapsule/capsule:latestHelm Chart
View this release on Artifact Hub or use the OCI helm chart:
ghcr.io/projectcapsule/charts/capsule:0.12.2Review the Major Changes section first before upgrading to a new version
Thanks to all the contributors! 🚀 🦄
v0.12.1Compare Source
Changelog
🐛 Bug fixes
936a152: fix(controller): make device and gateway class optional (#1775) (@oliverbaehler)711cef9: fix(e2e): resourcepool condition (#1773) (@CorentinPtrl)Full Changelog: projectcapsule/capsule@v0.12.0...v0.12.1
Check out what's new in this release
Docker Images
ghcr.io/projectcapsule/capsule:0.12.1ghcr.io/projectcapsule/capsule:latestHelm Chart
View this release on Artifact Hub or use the OCI helm chart:
ghcr.io/projectcapsule/charts/capsule:0.12.1Review the Major Changes section first before upgrading to a new version
Thanks to all the contributors! 🚀 🦄
v0.12.0Compare Source
Changelog
✨ New Features
584d372: feat(config): add combined users property as successor for usergroups (#1767) (@oliverbaehler)7e7d9d0: feat(config): administrators get delete privileges for tenant namespaces (#1749) (@oliverbaehler)581a8fe: feat(controller): administration persona (#1739) (@oliverbaehler)dd39e1a: feat(dra): support dra device classes (#1759) (@Svarrogh1337)5899e6d: feat(tenant): add available classes as status fields (#1751) (@oliverbaehler)d812a0c: feat(tenant): add dedicated tenantowner crd (#1764) (@oliverbaehler)6e8405d: feat: refactor core webhooks (#1756) (@oliverbaehler)🐛 Bug fixes
a270d67: fix(admission): consistently inspect ownerreferences for namespace validations (#1758) (@oliverbaehler)🛠 Dependency updates
866c69f: fix(deps): update module github.com/onsi/ginkgo/v2 to v2.27.2 (#1725) (@renovate[bot])550f3cc: fix(deps): update module go.uber.org/zap to v1.27.1 (#1748) (@renovate[bot])92d73ae: fix(deps): update module golang.org/x/sync to v0.18.0 (#1734) (@renovate[bot])9e73320: fix(deps): update module sigs.k8s.io/cluster-api to v1.11.3 (#1732) (@renovate[bot])3c5708a: fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.4 (#1731) (@renovate[bot])007cea9: fix(deps): update module sigs.k8s.io/gateway-api to v1.4.1 (#1770) (@renovate[bot])Full Changelog: projectcapsule/capsule@v0.11.1...v0.12.0
Check out what's new in this release
Docker Images
ghcr.io/projectcapsule/capsule:0.12.0ghcr.io/projectcapsule/capsule:latestHelm Chart
View this release on Artifact Hub or use the OCI helm chart:
ghcr.io/projectcapsule/charts/capsule:0.12.0Review the Major Changes section first before upgrading to a new version
Thanks to all the contributors! 🚀 🦄
v0.11.2Compare Source
v0.11.1Compare Source
Changelog
✨ New Features
9537c06: feat(charts/capsule): added extra manifests in values file (#1653) (@Llyth)634ed49: feat(controller): add controller concurrency (#1722) (@oliverbaehler)🐛 Bug fixes
63eb807: fix(controller): change log levels for debug logs (#1716) (@oliverbaehler)🛠 Dependency updates
009b34b: fix(deps): update module github.com/onsi/ginkgo/v2 to v2.27.1 (#1714) (@renovate[bot])Full Changelog: projectcapsule/capsule@v0.11.0...v0.11.1
Docker Images
ghcr.io/projectcapsule/capsule:0.11.1ghcr.io/projectcapsule/capsule:latestHelm Chart
View this release on Artifact Hub or use the OCI helm chart:
ghcr.io/projectcapsule/charts/capsule:0.11.1Review the Major Changes section first before upgrading to a new version
Thanks to all the contributors! 🚀 🦄
codecov/codecov-action (codecov/codecov-action)
v5.5.4Compare Source
This is a mirror of
v5.5.2.v6will be released which requiresnode24What's Changed
Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4
v5.5.3Compare Source
What's Changed
Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3
v5.5.2Compare Source
What's Changed
Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2
securego/gosec (securego/gosec)
v2.25.0Compare Source
Changelog
223e19bchore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617)b23a9e5fix: allow barry action to access secrets on fork PRs (#1616)355cfa5fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615)744bfb5Add barry security scanner as a step in the CI (#1612)4fde15dchore(deps): update all dependencies (#1611)dec52c4fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610)a0de8b6Add some skills for claude code to automate some tasks (#1609)c2dfcecAdd G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606)8aec3f4fix: skip SSA analysis on ill-typed packages to prevent panic (#1607)1ced32dPort G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605)befce8dfix(G118): eliminate false positive for package-level cancel variables (#1602)b7b2c7bfeat: add G124 rule for insecure HTTP cookie configuration (#1599)6e66a94feat: add G709 rule for unsafe deserialization of untrusted data (#1598)e7ea237feat: add G708 rule for server-side template injection via text/template (#1597)8895462fix(G118): eliminate false positive when cancel is called via struct field in a closure (#1596)619ce21Fix infinite recursion in interprocedural taint analysis (#1594)0e0eb17Fix G118 false positive when cancel is stored in returned struct field (#1593)59a9da0Fix G118 false positive on cancel called inside goroutine closure (#1592)cbf46b8fix(analyzer): per-package rule instantiation eliminates concurrent map crash (#1589)c6c3ba8chore(deps): update all dependencies (#1588)c709ed8fix(G118): treat returned cancel func as called (fixes #1584) (#1585)fa74dd7chore(go): update supported Go versions to 1.25.8 and 1.26.1 (#1583)cd1f29eUpdate the README with the correct version of the Github action for gosec (#1582)5887aeechore(deps): update all dependencies (#1579)6641fcfFix G115 false positives for guarded int64-to-byte conversions (#1578)3c9c3daUpdate the container image migration notice (#1576)973e94echore(action): bump gosec to 2.24.7 (#1575)v2.24.7Compare Source
Changelog
bb17e42Ignore nosec comments in action integration workflow to generate some warnings (#1573)e1502adAdd a workflow for action integration test (#1571)f8691bdfix(sarif): avoid invalid null relationships in SARIF output (#1569)ade1d0echore: migrate gosec container image references to GHCR (#1567)v2.24.6Compare Source
Changelog
88835e8Update gorelease to use the latest cosign bundle argument (#1565)v2.24.5Compare Source
v2.24.4Compare Source
v2.24.3Compare Source
v2.24.2Compare Source
v2.24.1Compare Source
v2.24.0Compare Source
Changelog
271492bfix: G704 false positive on const URL (#1551)1341aeafix(G705): eliminate false positive for non-HTTP io.Writer (#1550)f2262c8G120: avoid false positive when MaxBytesReader is applied in middleware (#1547)5b580c7Fix G602 regression coverage for issue #1545 and stabilize G117 TOML test dependency (#1546)eba2d15taint: skipcontext.Contextarguments during taint propagation to fix false positives (#1543)a6381c1test: add missing rules to formatter report tests (#1540)fea9725chore(deps): update all dependencies (#1541)f3e2facRegenrate the TLS config rule (#1539)200461fImprove documentation (#1538)078a62aExpand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537)ffdc620Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536)c13a486Add G707 taint analyzer for SMTP command/header injection (#1535)f61ed31Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534)b568aa1Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532)1735e5afix(G602): avoid false positives for range-over-array indexing (#1531)caf93d0Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530)bd11fbefix: taint analysis false positives with G703,G705 (#1522)e34e8ddExtend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529)b940702Fix the G117 rule to take the JSON serialization into account (#1528)4f84627(docs) fix justification format (#1524)36ba72bAdd G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521)238f982Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520)89cde27Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519)14fdd9cFix G115 false positives and negatives (Issue #1501) (#1518)cec54ecchore(deps): update all dependencies (#1517)2b2077eAdd G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516)a7666f3Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515)47f8b52Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#1513)4f1f362Add more unit tests to improve coverage (#1512)9344582Improve test coverage in various areas (#1511)8d1b2c6Imprve the test coverage (#1510)993c1c4Fix incorrect detection of fixed iv in G407 (#1509)8668b74Add support for go 1.26.x and removed support for go 1.24.x (#1508)514225cFix the sonar report to follow the latest schema (#1507)000384efix: broken taint analysis causing false positives (#1506)616192cfix: panic on float constants in overflow analyzer (#1505)79956a3fix: panic when scanning multi-module repos from root (#1504)5736e8bfix: G602 false positive for array element access (#1499)1b7e1e9Update gosec to version v2.23.0 in the Github action (#1496)v2.23.0Compare Source
Changelog
398ad54feat: Support for adding taint analysis engine (#1486)6eacd5cchore(deps): update all dependencies (#1494)181a7cbchore(deps): update all dependencies (#1494)e2fa6abchore(deps): update all dependencies (#1488)eb252baFix G602 analyzer panic that kills gosec process (#1491)20d71a0update go version to 1.25.7 (#1492)a631af8Fix URL regexp and remove redundant Google regex patterns (#1485)8968502feat: implement global cache usage in rules (#1480)04f729cchore(deps): update module google.golang.org/genai to v1.43.0 (#1484)ade0e8frefactor: optimize nosec parsing and reduce allocations (#1478)d24bbf7Fix SARIF artifactChanges null validation error (#1483)15cba7ffeat: optimize GetCallInfo with per-package sync.Pool caching (#1481)5288673feat: implement entropy pre-filtering to optimize secret detection (#1479)d9a9bcdfeat: ensure GoVersion is cached using sync.Once (#1477)516260aFix #1240: nosec comments now work with trailing open brackets (#1475)be0fd6dDebug Build Profiling Support: Code improvement suggestions for PR#1471 (#1476)b579523Update the go version to 1.25.6 and 1.24.12 (#1474)bd3c738G115: Enhance RangeAnalyzer with constant propagation and chained arithmetic support (#1470)6897b36chore(deps): update all dependencies (#1473)9f20212feat: support path-based rule exclusions via exclude-rules (#1465)726d847Optimize analyzer with parallel package processing (#1466)3150b28feat: add goanalysis package for nogo (#1449)7284e15Refactor Analyzers: Unify Range Logic & Optimize Allocations (#1464)7a4ccefOptimize G115, G602, G407 analyzers to reduce allocations and memory (#1463)833d791refactor(g115): improve coverage (#1462)0cc9e01Refine G407 to improve detection and coverage of hardcoded nonces (#1460)303f84dchore(deps): update all dependencies (#1461)7387d22Refactor rules to use callListRule base structure (#1458)52f5dbffeat(slice): enhance slice bounds analysis with dynamic bounds handling (#1457)649e2c8remove deprecated ast.Object (#1455)35a92b4feat(sql): enhance SQL injection detection with improved string concatenation checks (#1454)bc9d2bcfeat(rules): enhance subprocess variable checks (#1453)8a5404efeat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr (#1452)0f6f21cfeat: add secrets serialization G117 (#1451)717706efeat(rules): add support for detecting high entropy strings in composite literals (#1447)082deb6whitelist crypto/rand Read from error checks (#1446)095d529chore(deps): update all dependencies (#1443)c073629Improve slice bound check (#1442)538a05cdocs: add documentation for using gosec with private modules (#1441)2580437chore(deps): update all dependencies (#1440)872b331docs: add G116 rule description to README (#1439)dcf93a8Update GitHub action to gosec 2.22.11 (#1438)v2.22.11Compare Source
Changelog
424fc4cfeature: add rule for trojan source (#1431)aa2e2fbfeat(ai): add OpenAI and custom API provider support (#1424)b6eea26chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1437)41f28e2chore(deps): update module google.golang.org/genai to v1.37.0 (#1435)daccba6refactor: simplify report functions in main.go (#1434)d4be287Update go to 1.25.5 and 1.24.11 in CI (#1433)fde7515chore(deps): update all dependencies (#1425)20c9506feat(ai): add support for latest Claude models and update provider flags (#1423)bd9e372Bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#1427)7aa7e93chore(deps): update module golang.org/x/crypto to v0.45.0 [security] (#1428)a58917ffix: correct schema with temporary placeholder (#1418)8b0d0b8perf: skip SSA analysis if no analyzers are loaded (#1419)8a5d01atest: add sarif validation (#1417)a8fefd1chore(deps): update all dependencies (#1421)c34cbbfUpdate go to version 1.25.4 and 1.24.10 in CI (#1415)10cf58afix: build tag parsing. (#1413)d2d7348chore(deps): update all dependencies (#1411)afa853echore(deps): update all dependencies (#1409)6b2e6e4chore(deps): update all dependencies (#1408)0adab9dUpdate gosec to version v2.22.10 in the github action (#1405)Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.