Open
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. 🚀 New features to boost your workflow:
|
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
2 times, most recently
from
f3d82dd to
6ab5c3f
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
5 times, most recently
from
0195034 to
fc7c3c7
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
3 times, most recently
from
deeace0 to
a51396e
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
2 times, most recently
from
cd9bd80 to
184aa23
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
2 times, most recently
from
82523ef to
a4942d4
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
from
a4942d4 to
f79a9d6
Compare
renovate
Bot
force-pushed
the
renovate/all-ci-dependencies
branch
from
f79a9d6 to
d4c9bd7
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v6.3.0→v6.4.0v5.5.2→v5.5.40.25.6→0.27.2v2.23.0→v2.25.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
actions/setup-go (actions/setup-go)
v6.4.0Compare Source
What's Changed
Enhancement
Dependency update
Documentation update
New Contributors
Full Changelog: actions/setup-go@v6...v6.4.0
codecov/codecov-action (codecov/codecov-action)
v5.5.4Compare Source
This is a mirror of
v5.5.2.v6will be released which requiresnode24What's Changed
Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4
v5.5.3Compare Source
What's Changed
Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3
openbao/openbao-helm (openbao)
v0.27.2Compare Source
v0.27.1Compare Source
v0.27.0Compare Source
v0.26.3Compare Source
runtimeDefaultSeccomp profilev0.26.2Compare Source
v0.26.1Compare Source
v0.26.0Compare Source
v0.25.7Compare Source
securego/gosec (securego/gosec)
v2.25.0Compare Source
Changelog
223e19bchore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617)b23a9e5fix: allow barry action to access secrets on fork PRs (#1616)355cfa5fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615)744bfb5Add barry security scanner as a step in the CI (#1612)4fde15dchore(deps): update all dependencies (#1611)dec52c4fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610)a0de8b6Add some skills for claude code to automate some tasks (#1609)c2dfcecAdd G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606)8aec3f4fix: skip SSA analysis on ill-typed packages to prevent panic (#1607)1ced32dPort G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605)befce8dfix(G118): eliminate false positive for package-level cancel variables (#1602)b7b2c7bfeat: add G124 rule for insecure HTTP cookie configuration (#1599)6e66a94feat: add G709 rule for unsafe deserialization of untrusted data (#1598)e7ea237feat: add G708 rule for server-side template injection via text/template (#1597)8895462fix(G118): eliminate false positive when cancel is called via struct field in a closure (#1596)619ce21Fix infinite recursion in interprocedural taint analysis (#1594)0e0eb17Fix G118 false positive when cancel is stored in returned struct field (#1593)59a9da0Fix G118 false positive on cancel called inside goroutine closure (#1592)cbf46b8fix(analyzer): per-package rule instantiation eliminates concurrent map crash (#1589)c6c3ba8chore(deps): update all dependencies (#1588)c709ed8fix(G118): treat returned cancel func as called (fixes #1584) (#1585)fa74dd7chore(go): update supported Go versions to 1.25.8 and 1.26.1 (#1583)cd1f29eUpdate the README with the correct version of the Github action for gosec (#1582)5887aeechore(deps): update all dependencies (#1579)6641fcfFix G115 false positives for guarded int64-to-byte conversions (#1578)3c9c3daUpdate the container image migration notice (#1576)973e94echore(action): bump gosec to 2.24.7 (#1575)v2.24.7Compare Source
Changelog
bb17e42Ignore nosec comments in action integration workflow to generate some warnings (#1573)e1502adAdd a workflow for action integration test (#1571)f8691bdfix(sarif): avoid invalid null relationships in SARIF output (#1569)ade1d0echore: migrate gosec container image references to GHCR (#1567)v2.24.6Compare Source
Changelog
88835e8Update gorelease to use the latest cosign bundle argument (#1565)v2.24.5Compare Source
v2.24.4Compare Source
v2.24.3Compare Source
v2.24.2Compare Source
v2.24.1Compare Source
v2.24.0Compare Source
Changelog
271492bfix: G704 false positive on const URL (#1551)1341aeafix(G705): eliminate false positive for non-HTTP io.Writer (#1550)f2262c8G120: avoid false positive when MaxBytesReader is applied in middleware (#1547)5b580c7Fix G602 regression coverage for issue #1545 and stabilize G117 TOML test dependency (#1546)eba2d15taint: skipcontext.Contextarguments during taint propagation to fix false positives (#1543)a6381c1test: add missing rules to formatter report tests (#1540)fea9725chore(deps): update all dependencies (#1541)f3e2facRegenrate the TLS config rule (#1539)200461fImprove documentation (#1538)078a62aExpand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537)ffdc620Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536)c13a486Add G707 taint analyzer for SMTP command/header injection (#1535)f61ed31Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534)b568aa1Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532)1735e5afix(G602): avoid false positives for range-over-array indexing (#1531)caf93d0Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530)bd11fbefix: taint analysis false positives with G703,G705 (#1522)e34e8ddExtend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529)b940702Fix the G117 rule to take the JSON serialization into account (#1528)4f84627(docs) fix justification format (#1524)36ba72bAdd G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521)238f982Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520)89cde27Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519)14fdd9cFix G115 false positives and negatives (Issue #1501) (#1518)cec54ecchore(deps): update all dependencies (#1517)2b2077eAdd G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516)a7666f3Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515)47f8b52Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#1513)4f1f362Add more unit tests to improve coverage (#1512)9344582Improve test coverage in various areas (#1511)8d1b2c6Imprve the test coverage (#1510)993c1c4Fix incorrect detection of fixed iv in G407 (#1509)8668b74Add support for go 1.26.x and removed support for go 1.24.x (#1508)514225cFix the sonar report to follow the latest schema (#1507)000384efix: broken taint analysis causing false positives (#1506)616192cfix: panic on float constants in overflow analyzer (#1505)79956a3fix: panic when scanning multi-module repos from root (#1504)5736e8bfix: G602 false positive for array element access (#1499)1b7e1e9Update gosec to version v2.23.0 in the Github action (#1496)Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.