Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package gosec for openSUSE:Factory checked
in at 2024-09-10 21:13:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gosec (Old)
and /work/SRC/openSUSE:Factory/.gosec.new.17570 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gosec"
Tue Sep 10 21:13:58 2024 rev:16 rq:1199817 version:2.21.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/gosec/gosec.changes 2024-05-17
20:06:48.990967652 +0200
+++ /work/SRC/openSUSE:Factory/.gosec.new.17570/gosec.changes 2024-09-10
21:15:27.335592852 +0200
@@ -1,0 +2,77 @@
+Tue Sep 10 07:42:28 UTC 2024 - felix.niederwan...@suse.de
+
+- Update to version 2.21.2:
+ * Update the github action to v2.21.2 (#1218)
+ * Update the SARIF schema URL (#1217)
+ * Update go version to 1.23.1 and 1.22.7 (#1216)
+ * chore(deps): update all dependencies (#1215)
+ * Update gosec version to v2.21.1 in github action (#1213)
+ * Rollback the SARIF version to 2.1 since github doesn't support 2.2 (#1210)
+ * Update gosec in github action to v2.21.0 (#1208)
+ * Update cosign version to v2.4.0 in release github workflow (#1207)
+ * Improvement the int conversion overflow logic to handle bound checks
(#1194)
+ * fix: G602 support for nested conditionals with bounds check (#1201)
+ * Update go.mod to sue go 1.22.0 toolchain
+ * chore(deps): update all dependencies
+ * Make variable name more clear
+ * Make variable names more explicity and reduce duplications
+ * Fix formatting
+ * Refactor to reduce some fuctions and variable names
+ * Pass the value argument directly since is an interface
+ * Added suggested changes
+ * Added another test case in order to increase code coverage
+ * Removed function parameter which is always the same
+ * Formatting problems(CI was not passing)
+ * Updated analyzer to use new way of initialization
+ * Migrated the rule to the analyzers folder
+ * Refractored code a little bit
+ * Added new rule G407(hardcoded IV/nonce)
+ * Fix conversion overflow false positive when using ParseUint
+ * Add a build step to measure the scan perfomance
+ * Fix conversion overflow false positives when they are checked or
pre-determined
+ * Update go.mod
+ * chore(deps): update all dependencies
+ * Fix false positive in conversion overflow check from uint8/int8 type
+ * Disable staticcheck SA1019 rule
+ * Update the golangci linters
+ * Add more test to cover more use cases for G115 rule
+ * Allow excluding analyzers globally (#1180)
+ * Update to Go 1.23.0 (#1183)
+ * chore(deps): update all dependencies (#1182)
+ * Read the AI API key also from an environment variable (#1181)
+ * Add support to generate auto fixes using LLM (AI) (#1177)
+ * chore(deps): update all dependencies
+ * chore(deps): update all dependencies
+ * chore(deps): update all dependencies
+ * chore(deps): update dependency babel-standalone to v7.24.10
+ * Resolve underlying type to detect overflows in type aliases
+ * chore(deps): update dependency babel-standalone to v7.24.8
+ * Fix multifile ignores
+ * Add -enable-audit cli flag
+ * Update to go 1.22.5 and 1.21.12
+ * chore(deps): update all dependencies
+ * Added more rules
+ * Fixed coverage workflow
+ * Fixed CI workflow
+ * Minor changes
+ * Split the G401 rule into two separate ones
+ * Updated G401 corresponding CWE
+ * chore(deps): update docker/build-push-action action to v6
+ * Update to go versions to 1.21.11 and 1.22.4
+ * chore(deps): update all dependencies
+ * Fix nosec when applied to a block
+ * Add more types to templates rule
+ * Map the G115 rule to an CWE ID
+ * chore(deps): update all dependencies
+ * Update README with G115 rule description
+ * Remove deprecated megacheck linter from golangci
+ * Format imports
+ * Update .gitignore
+ * Add a new rule to detect integer overflow on integer types conversion
+ * feat: add env var to override the Go version detection
+ * Use the proper logic when disabling the go module version
+ * Update the README with some details related to Go version used by the rules
+ * Add an environment varialbe which disables the parsing of Go version from
module file
+ * chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3
+
+-------------------------------------------------------------------
Old:
----
gosec-2.20.0.obscpio
New:
----
gosec-2.21.2.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gosec.spec ++++++
--- /var/tmp/diff_new_pack.iO050A/_old 2024-09-10 21:15:28.019621350 +0200
+++ /var/tmp/diff_new_pack.iO050A/_new 2024-09-10 21:15:28.019621350 +0200
@@ -17,7 +17,7 @@
Name: gosec
-Version: 2.20.0
+Version: 2.21.2
Release: 0
Summary: CLI tool to scan the Go AST and SSA code representations for
security problems
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.iO050A/_old 2024-09-10 21:15:28.071623518 +0200
+++ /var/tmp/diff_new_pack.iO050A/_new 2024-09-10 21:15:28.075623685 +0200
@@ -4,7 +4,7 @@
<param name="filename">gosec</param>
<param name="url">https://github.com/securego/gosec.git</param>
<param name="scm">git</param>
- <param name="version">v2.20</param>
+ <param name="version">v2.21.2</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.iO050A/_old 2024-09-10 21:15:28.095624518 +0200
+++ /var/tmp/diff_new_pack.iO050A/_new 2024-09-10 21:15:28.099624685 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/securego/gosec.git</param>
- <param
name="changesrevision">40f29c8d4abf59af475a79f6aa0268c296319501</param></service></servicedata>
+ <param
name="changesrevision">5f3194b581979e508b0ba1ee22f1f1f85a314e16</param></service></servicedata>
(No newline at EOF)
++++++ gosec-2.20.0.obscpio -> gosec-2.21.2.obscpio ++++++
++++ 5608 lines of diff (skipped)
++++++ gosec.obsinfo ++++++
--- /var/tmp/diff_new_pack.iO050A/_old 2024-09-10 21:15:28.315633686 +0200
+++ /var/tmp/diff_new_pack.iO050A/_new 2024-09-10 21:15:28.319633852 +0200
@@ -1,5 +1,5 @@
name: gosec
-version: 2.20.0
-mtime: 1715695036
-commit: 40f29c8d4abf59af475a79f6aa0268c296319501
+version: 2.21.2
+mtime: 1725891657
+commit: 5f3194b581979e508b0ba1ee22f1f1f85a314e16
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/gosec/vendor.tar.gz
/work/SRC/openSUSE:Factory/.gosec.new.17570/vendor.tar.gz differ: char 5, line 1
