Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gosec for openSUSE:Factory checked in at 2026-02-27 17:13:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gosec (Old) and /work/SRC/openSUSE:Factory/.gosec.new.29461 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gosec" Fri Feb 27 17:13:21 2026 rev:31 rq:1335458 version:2.24.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gosec/gosec.changes 2026-02-24 15:40:01.021941366 +0100 +++ /work/SRC/openSUSE:Factory/.gosec.new.29461/gosec.changes 2026-02-27 17:14:26.351375916 +0100 @@ -1,0 +2,44 @@ +Fri Feb 27 13:44:59 UTC 2026 - Felix Niederwanger <[email protected]> + +- Update to version 2.24.0: + * fix: G704 false positive on const URL (#1551) + * fix(G705): eliminate false positive for non-HTTP io.Writer (#1550) + * G120: avoid false positive when MaxBytesReader is applied in middleware (#1547) + * Fix G602 regression coverage for issue #1545 and stabilize G117 TOML test dependency (#1546) + * taint: skip `context.Context` arguments during taint propagation to fix false positives (#1543) + * test: add missing rules to formatter report tests (#1540) + * chore(deps): update all dependencies (#1541) + * Regenrate the TLS config rule (#1539) + * Improve documentation (#1538) + * Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537) + * Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536) + * Add G707 taint analyzer for SMTP command/header injection (#1535) + * Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534) + * Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532) + * fix(G602): avoid false positives for range-over-array indexing (#1531) + * Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530) + * fix: taint analysis false positives with G703,G705 (#1522) + * Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529) + * Fix the G117 rule to take the JSON serialization into account (#1528) + * (docs) fix justification format (#1524) + * Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521) + * Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520) + * Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519) + * Fix G115 false positives and negatives (Issue #1501) (#1518) + * chore(deps): update all dependencies (#1517) + * Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516) + * Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515) + * Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#1513) + * Add more unit tests to improve coverage (#1512) + * Improve test coverage in various areas (#1511) + * Imprve the test coverage (#1510) + * Fix incorrect detection of fixed iv in G407 (#1509) + * Add support for go 1.26.x and removed support for go 1.24.x (#1508) + * Fix the sonar report to follow the latest schema (#1507) + * fix: broken taint analysis causing false positives (#1506) + * fix: panic on float constants in overflow analyzer (#1505) + * fix: panic when scanning multi-module repos from root (#1504) + * fix: G602 false positive for array element access (#1499) + * Update gosec to version v2.23.0 in the Github action (#1496) + +------------------------------------------------------------------- Old: ---- gosec-2.23.0.obscpio New: ---- gosec-2.24.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gosec.spec ++++++ --- /var/tmp/diff_new_pack.Oh1895/_old 2026-02-27 17:14:27.271413993 +0100 +++ /var/tmp/diff_new_pack.Oh1895/_new 2026-02-27 17:14:27.275414158 +0100 @@ -17,7 +17,7 @@ Name: gosec -Version: 2.23.0 +Version: 2.24.0 Release: 0 Summary: CLI tool to scan the Go AST and SSA code representations for security problems License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Oh1895/_old 2026-02-27 17:14:27.355417470 +0100 +++ /var/tmp/diff_new_pack.Oh1895/_new 2026-02-27 17:14:27.363417801 +0100 @@ -4,7 +4,7 @@ <param name="filename">gosec</param> <param name="url">https://github.com/securego/gosec.git</param> <param name="scm">git</param> - <param name="revision">v2.23.0</param> + <param name="revision">v2.24.0</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Oh1895/_old 2026-02-27 17:14:27.399419291 +0100 +++ /var/tmp/diff_new_pack.Oh1895/_new 2026-02-27 17:14:27.403419457 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/securego/gosec.git</param> - <param name="changesrevision">398ad549bbf1a51dc978fd966169f660c59774de</param></service></servicedata> + <param name="changesrevision">271492bcd930ef72dfb9d00e5bb9544b3b407fb5</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2025-02-13 15:25:36.000000000 +0100 @@ -0,0 +1,3 @@ +.osc +/gosec +/gosec-*.*.*.tar.xz ++++++ gosec-2.23.0.obscpio -> gosec-2.24.0.obscpio ++++++ ++++ 23945 lines of diff (skipped) ++++++ gosec.obsinfo ++++++ --- /var/tmp/diff_new_pack.Oh1895/_old 2026-02-27 17:14:27.979443296 +0100 +++ /var/tmp/diff_new_pack.Oh1895/_new 2026-02-27 17:14:27.991443793 +0100 @@ -1,5 +1,5 @@ name: gosec -version: 2.23.0 -mtime: 1770734831 -commit: 398ad549bbf1a51dc978fd966169f660c59774de +version: 2.24.0 +mtime: 1772189468 +commit: 271492bcd930ef72dfb9d00e5bb9544b3b407fb5 ++++++ vendor.tar.xz ++++++ ++++ 16611 lines of diff (skipped)
