Update module github.com/securego/gosec/v2 to v2.20.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/securego/gosec/v2	v2.17.0 -> v2.20.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

securego/gosec (github.com/securego/gosec/v2)

v2.20.0

Compare Source

Changelog

• 6fbd381 Catch os.ModePerm permissions in os.WriteFile
• dc5e5a9 Add a unit test to detect the false negative in rule G306 for os.ModePerm permissions
• 417a44c Add filepath.EvalSymlinks to clean functions in rule G304
• d34f8b7 chore(deps): update all dependencies
• 8658b8e Update Go to version 2.22.3 in CI and release
• d3b2359 chore(deps): update module golang.org/x/text to v0.15.0
• cf29d54 chore(deps): update all dependencies
• 09d62bd chore(deps): update module github.com/onsi/gomega to v1.33.0
• 3b23ec8 Update to go 1.22.2
• 31009c3 chore(deps): update all dependencies
• daf6f67 chore(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1
• e27f442 chore(deps): update all dependencies
• 5513615 fix(helpers/goversion): get from go.mod
• 43b8b75 chore: fix function name
• accd7a1 chore(deps): update all dependencies
• 48aa72e Format the imports using the gci tool
• b6df69c Fixup: delete unused variable
• ccb0a08 Fix test: update test to comply with the spec of generated sources
• 3a0ea51 Refactor: use standard function to check if a file is generated
• 11c3252 Fix lint warnings
• be378e6 Add support for math/rand/v2 added in Go 1.22
• 36878a9 Skip the G601 tests for Go version 1.22
• 903c75b Update go version to 1.22.1 and 1.21.8
• f25ccd9 Ignore 'implicit memory aliasing' rule for Go 1.22+
• 582e91a chore(deps): update all dependencies
• 198a40c chore(deps): update module golang.org/x/tools to v0.18.0
• c824a5d fix(hardcoded): remove duplicated Stripe API Key
• d13d7da Update gosec version to v2.19.0 in the Github action

v2.19.0

Compare Source

Changelog

• 26e57d6 Update CI to go version 1.22
• e60b8d8 chore(deps): update all dependencies
• 1285eb7 chore(deps): update all dependencies
• cf4ab3e chore(deps): update all dependencies
• 277553c chore(deps): update all dependencies
• 57ec76b chore(deps): update all dependencies
• 8fa46c1 chore(deps): update dependency babel-standalone to v7.23.7
• 53aa3f7 chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
• 187adab chore(deps): update all dependencies
• e1f27ba chore(deps): update actions/setup-go action to v5
• 2aad3f0 Fix lint warnings by properly formatting the files
• 0e2a618 chore: Refactor Sample Code to Separate Files
• bc03d1c Update go version to 1.21.5 and 1.20.12 (#​1084)
• 79a6b47 chore(deps): update all dependencies (#​1080)
• eb256a7 Ignore the issues from generated files when using the analysis framework (#​1079)
• 43b7cbf Update README with upload-sarif v2 (#​1078)
• fece498 chore(deps): update dependency babel-standalone to v7.23.4
• 24c614b Added ppc64le support
• c736581 chore(deps): update all dependencies
• 3188e3f Ensure ignores are handled properly for multi-line issues
• 6d56592 Update Go to version 1.21.4 and 1.20.11
• 870103b chore(deps): update module golang.org/x/text to v0.14.0
• b50e493 chore(deps): update all dependencies
• 2f9965b Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
• fa1b74d Avoid allocations with (*regexp.Regexp).MatchString
• 64bbe90 Fix some typos
• d9071e3 Update local installation instructions by removing the details for Go 1.16
• 5d837bc Update gosec version to 2.18.2 in the action

v2.18.2

Compare Source

Changelog

• 55d7949 Disable dot-imports in revive linter
• 4656817 chore(deps): update module github.com/onsi/gomega to v1.28.1
• 5567ac4 Run the gosec with data race detector active during tests
• a239758 Fix data race in the analyzer
• c06903a Fix test that checks the overriden nosec directive
• bde2619 Clean global state in flgs tests
• e108c56 Format the file
• e298388 Update README with details which describe the current behaviour of #nosec
• d8a6d35 Ensure the ignores are parsed before analysing the package
• 7846db0 chore(deps): update all dependencies
• 8e0cf8c Update gosec to version 2.18.1 in the action
• 6b12a71 Update cosign version to v2.2.0

v2.18.1

Compare Source

Changelog

• 0ec6cd9 Refactor how ignored issues are tracked
• f338a98 Restrict the maximum depth when tracking the slice bounds
• 7e2d8d3 Handle empty ssa results
• 074353a Handle gracefully any panic that occurs when building the SSA representation of a package
• ec31a3a Fix typo
• a11eb28 Handle new function when getting the call info in case is overriden
• 5b7867d Bump golang.org/x/net from 0.16.0 to 0.17.0 (#​1037)
• dd08f99 Update to Go 1.21.3 and 1.20.10 (#​1035)
• 616520f Update the list of unsafe functions detected by the unsafe rule (#​1033)
• 3952187 Update the action to use gosec version v2.18.0 (#​1029)
• 2b62dd1 Use a step ID in github release action to get the digest of the image (#​1028)

v2.18.0

Compare Source

Changelog

• 53fc0c3 Update to go version 1.21.2 and 1.20.9 (#​1027)
• 7f7c47f chore(deps): update all dependencies (#​1026)
• d864a91 Enable gochecknoinits; fix lint issues; use consts for some vars (#​1022)
• 09cf6ef Fix typos in struct fields, comments, and docs (#​1023)
• 665e87b chore(deps): update all dependencies
• 4def3a4 Fix lint warning
• 0d332a1 Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
• 293d887 Fix lint warnings
• ac482cb Update ginkgo to latest version
• e02e2f6 Redesign and reimplement the slice out of bounds check using SSA code representation
• e1278f9 docs: add reMarkable to users list
• f6a6496 chore(deps): update all dependencies
• aebe20c Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
• 7a98537 Update to latest go version
• b192f06 chore(deps): update all dependencies (#​1011)
• 6c93653 Fix hardcoded_credentials rule to only match on more specific patterns (#​1009)
• 325eb19 chore(deps): update all dependencies (#​1008)
• beef125 Exclude maps from slince bounce check rule (#​1006)
• 21d13c9 Ignore struct pointers in G601 (#​1003)
• 85005c4 Update gosec image version to 2.17.0 in the Github action (#​1002)
• 6a2c5e1 Update cosign to version v2.1.1 (#​1000)

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[openshift-ci]

Hi @renovate[bot]. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[rhmdnd]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: renovate[bot], rhmdnd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [rhmdnd]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

New changes are detected. LGTM label has been removed.

[github-actions]

🤖 To deploy this PR, run the following command:

make catalog-deploy CATALOG_IMG=ghcr.io/complianceascode/compliance-operator-catalog:444

[rhmdnd]

/retest-required

Serial tests should be unblocked now.

[rhmdnd]

This is failing verify because we're using an older version of golang that doesn't support an ast function that gosec is expecting.

We need to be using https://pkg.go.dev/go/ast@go1.21.0#IsGenerated at least.

[rhmdnd]

Need to land #491 before this will start passing.

[openshift-ci]

@renovate[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	d436ff9	link	true	/test verify

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.