Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/securego/gosec/v2 from 2.5.0 to 2.8.1 in /internal/tools #39

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 18, 2021

Bumps github.com/securego/gosec/v2 from 2.5.0 to 2.8.1.

Release notes

Sourced from github.com/securego/gosec/v2's releases.

v2.8.1

Changelog

3f800cc Fix the unit tests (#652) df10b65 Fix gosimple lint warning (#651) 731d0d5 Results must always be present in the SARIF report (#650) 3c230ac errors.go: add Hash.Write() to the white list. (#648) e72b1e5 Use of vars instead of func c81cff0 Update all dependencies (#646) 3ff0a2c Fixes #644 (#645) e3dffd6 Update renovate configuration aa35eb5 Delete renovate.json (#642) 3b1b77e add onboarding (#640) 03360ba Update renovate configuration 8a8dbec Tidy up the dependencies (#637) 3a4d09b Update all dependencies (#635) 6cde6b3 Disable cache in golangci job (#636) 1256f16 Fix lint and fail on error in the ci build dbb9811 Add crypto and lint to the tools modules 244adc6 Update the github ci action to use cache and matrix strategy df1249d Update install.sh with more installation options af27673 Update README.md

v2.8.0

Changelog

9fc8e20 Add favicon for HTML template (#628) 91dae7f Update the design of HTML report e72f54e Fix HTML template and display the gosec version c3f25b8 fix html report tag styling (#623) 433a674 show nosec in html report summary (#621) d040f07 Handle gosec version in SARIF report 51f7411 Add arm64 support (#618) e7ac882 Update go version to 1.16 (#616) 3a9a6ad Sarif provide Snippet with Issue.Code 1325319 Create dependabot.yml (#614) d8cfcd6 Allow the user to enable/disable colorisation of the text report in the stdout a8b633f Adding stdout and verbose flags and refactor how the report is saved 103c429 Enable golangcli and improve testing for formatters 4df7f1c Fix typos, Go Report link and Gofmt f4ea33d Update how the test coverage is generated c4f5932 Refactor : Replace Cwe with cwe.Weakness ddfa253 Define a report package with core and per format sub-packages cc83d4c Generate the SARIF types, handle taxonomies and separate responsibilities 0fa5d0b Fix the go modules after updating to get the tests passing (#605) 3763953 Migrate sonar types in a dedicated package (#604) b519743 chore(deps): update all dependencies (#599) 569328e Fix typos (#594) 0695fa0 Add -u to local install instructions (#595) 7f2308b Tidy up the moduels after updating (#593)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/securego/gosec/v2](https://github.com/securego/gosec) from 2.5.0 to 2.8.1.
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](securego/gosec@v2.5.0...v2.8.1)

---
updated-dependencies:
- dependency-name: github.com/securego/gosec/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 18, 2021
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Oct 15, 2021

Superseded by #65.

@dependabot dependabot bot closed this Oct 15, 2021
@dependabot dependabot bot deleted the dependabot/go_modules/internal/tools/github.com/securego/gosec/v2-2.8.1 branch October 15, 2021 20:21
mx-psi pushed a commit that referenced this pull request Oct 29, 2021
mx-psi pushed a commit that referenced this pull request Oct 29, 2021
* Initial commit

* Add CODEOWNERS file (#2)

* Add CODEOWNERS file

* Update CODEOWNERS

* Moved from github.com/observatorium/opentelemetry-collector-builder (#3)

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

* fixed panics (#6)

Signed-off-by: Joe Elliott <[email protected]>

* Replace master with main in CI and mergify files (#8)

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

* Bump to OpenTelemetry Collector 0.20.0 (#10)

Closes #9

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

* Explicitly enable Go modules in quickstart instructions (#13)

* Update to collector v0.21.0 (#17)

Fixes #16

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

* Update to collector v0.22.0 (#19)

* Download go modules before building (#20)

Fixes #14

* Add version command (#25)

Signed-off-by: Ashmita Bohara <[email protected]>

* Pass errors from cobra Execute back to main for correct exit code (#28)

* pass errors from cobra execute back to main

* print the error

* Update to collector v0.23.0 (#27)

* Generate a warning if the builder and collector base version mismatch (#30)

* Generate a warning if the builder and collector base version mismatch

* Show current default version in the warning message

* Update to OpenTelemetry Collector 0.24.0

* Don't use %w formatting with log.Fatal (#35)

* Update to OpenTelemetry Collector 0.25.0 (#36)

Signed-off-by: Serge Catudal <[email protected]>

* Update to 0.26.0 and update BuildInfo (#39)

* Sync build and CI Go versions at latest 1.16 (#34)

* Sync build and CI Go versions at latest 1.16

* Run go mod tidy

* Set go binary to use in the compilation phase in tests

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

Co-authored-by: Juraci Paixão Kröhling <[email protected]>

* Add option to generate go code only (no compile) (#40)

* Issue#24 Add option to generate go code only (no compile)

* Update cmd/root.go logging

Suggested by @jpkkrohling

Co-authored-by: Juraci Paixão Kröhling <[email protected]>

* remove verbose help .. created by corba

* suggestion by jpkrohling to keep generateandcompile

* lint error: remove unused var

* reword cmd option and add back help message for default

Co-authored-by: Juraci Paixão Kröhling <[email protected]>

* Don't reuse exec.Cmd (#42)

* Update to OpenTelemetry Collector 0.27.0 (#43)

* Add CI Badge (#47)

* Update to Collector v0.28.0 (#49)

* Update to Collector v0.28.0

Closes #48

Addresses the breaking API change in
open-telemetry#3163,
besides the usual version number changes.

Signed-off-by: Fangyi Zhou <[email protected]>

* Use `go mod tidy` instead of `go mod download`

It appears that this magically resolves the go.mod file issue.
https://stackoverflow.com/questions/67203641/missing-go-sum-entry-for-module-providing-package-package-name

Signed-off-by: Fangyi Zhou <[email protected]>

* Account for go mod download in go1.17 not updating go.sum (#50)

* Update to collector v0.29.0 (#54)

* Update replaces.builder.yaml

* Update nocore.builder.yaml

* Update config.go

* Update README.md

* Update main.go

* Update to collector v0.30.0 (#57)

* cmd: fix module flag default value to github.com/open-telemetry (#58)

Signed-off-by: Koichi Shiraishi <[email protected]>

* Update to collector v0.31.0 (#60)

* Update to v0.33.0 (#62)

Signed-off-by: Anthony J Mirabella <[email protected]>

* Add excludes support to generated go.mod (#63)

Signed-off-by: Anthony J Mirabella <[email protected]>

Co-authored-by: Juraci Paixão Kröhling <[email protected]>

* Small cleanup for the builder files (#64)

Signed-off-by: Bogdan Drutu <[email protected]>

* Support building with Go 1.17 (#66)

* Support building with Go 1.17
Fixes #65

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

* Update workflows to use Go 1.17

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

* Add gosec exceptions for exec.Command

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

* Update to OpenTelemetry core 0.34.0 (#68)

Fixes #67

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

* Upgrade to OpenTelemetry Collector 0.35.0 (#70)

Signed-off-by: Fangyi Zhou <[email protected]>

* Upgrade to OpenTelemetry Collector 0.36.0 (#76)

* Generate custom service code for Windows (#75)

* update main to include windows service code

* use main version from tag 0.35.0

* update main function

* align with upstream v0.36.0 tag

* dummy change to trigger build

* Revert "dummy change to trigger build"

This reverts commit 629d499461da2d2c240bf1e495b5fe0558e3547f.

* Remove Core from Module type (#77)

Fixes #15

Signed-off-by: yugo-horie <[email protected]>

* release 0.37.0 (#78)

* release 0.37.0

* update use of NewCommand

* Move builder to subdirectory

Signed-off-by: Juraci Paixão Kröhling <[email protected]>

Co-authored-by: Bogdan Drutu <[email protected]>
Co-authored-by: Bogdan Drutu <[email protected]>
Co-authored-by: Joe Elliott <[email protected]>
Co-authored-by: Eric Yang <[email protected]>
Co-authored-by: Brian Gibbins <[email protected]>
Co-authored-by: Ashmita <[email protected]>
Co-authored-by: Fangyi Zhou <[email protected]>
Co-authored-by: Shaun Creary <[email protected]>
Co-authored-by: Patryk Małek <[email protected]>
Co-authored-by: Serge Catudal <[email protected]>
Co-authored-by: Aaron Stone <[email protected]>
Co-authored-by: Patryk Małek <[email protected]>
Co-authored-by: Aaron Stone <[email protected]>
Co-authored-by: Kelvin Lo <[email protected]>
Co-authored-by: Himanshu <[email protected]>
Co-authored-by: Y.Horie <[email protected]>
Co-authored-by: Koichi Shiraishi <[email protected]>
Co-authored-by: Anthony Mirabella <[email protected]>
Co-authored-by: Cal Loomis <[email protected]>
Co-authored-by: alrex <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants