actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-06 03:55:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
823 commits 2 branches 41 tags 20 MiB
Commit graph

115 commits

Author SHA1 Message Date
Cosmin Cojocar
05a7bc585d
Fix dependencies after renovate update (#907) 2023-01-02 17:43:42 +01:00
renovate[bot]
e06bbf9175
chore(deps): update all dependencies (#904) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-12-12 08:46:48 +01:00
renovate[bot]
f79c584dbb
chore(deps): update all dependencies (#898) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-12-05 09:23:50 +01:00
renovate[bot]
2fe6c5b64a
chore(deps): update all dependencies (#894) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-27 17:44:24 +01:00
renovate[bot]
a0b7ebb312
chore(deps): update all dependencies (#892) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-14 09:16:07 +01:00
renovate[bot]
6a964b2a86
chore(deps): update all dependencies (#888) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-08 09:37:54 +01:00
renovate[bot]
26f038913f
chore(deps): update all dependencies (#886) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-10-31 09:23:49 +01:00
renovate[bot]
7f91d85b65
chore(deps): update all dependencies (#884) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-10-24 09:20:26 +02:00
renovate[bot]
a2719d3248
chore(deps): update all dependencies (#881) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-10-17 10:14:22 +02:00
Sebastiaan van Stijn
ed386818fd
go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880) 
* gha: remove go1.17, temporarily force 1.18.7, 1.19.2

The  security scanner is flagging the code to have a vulnerability, but it's
detecting that we're running go1.18.6, not "latest" (go1.18.7 at time of writing).

Temporarily pinning to go1.18.7 to force installing the latest version:

    Vulnerability #1: GO-2022-1039
      Programs which compile regular expressions from untrusted
      sources may be vulnerable to memory exhaustion or denial of
      service. The parsed regexp representation is linear in the size
      of the input, but in some cases the constant factor can be as
      high as 40,000, making relatively small regexps consume much
      larger amounts of memory. After fix, each regexp being parsed is
      limited to a 256 MB memory footprint. Regular expressions whose
      representation would use more space than that are rejected.
      Normal use of regular expressions is unaffected.

      Call stacks in your code:
      Error:       helpers.go:463:26: github.com/securego/gosec/v2.ExcludedDirsRegExp calls regexp.MustCompile, which eventually calls regexp/syntax.Parse

      Found in: regexp/syntax@go1.18.6
      Fixed in: regexp/syntax@go1.19.2
      More info: https://pkg.go.dev/vuln/GO-2022-1039

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

* go.mod: github.com/onsi/ginkgo/v2 v2.3.1

CI was failing because of a mismatch:

    /home/runner/go/bin/ginkgo -v --fail-fast
    Ginkgo detected a version mismatch between the Ginkgo CLI and the version of Ginkgo imported by your packages:
      Ginkgo CLI Version:
        2.3.1
      Mismatched package versions found:
       2.2.0 used by gosec

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

* go.mod: golang.org/x/text v0.3.8

to address GO-2022-1059

    The vulnerabilities below are in packages that you import, but your code
    doesn't appear to call any vulnerable functions. You may not need to take any
    action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
    for details.

    Vulnerability #1: GO-2022-1059
      An attacker may cause a denial of service by crafting an Accept-Language
      header which ParseAcceptLanguage will take significant time to parse.

      Found in: golang.org/x/text/language@v0.3.7
      Fixed in: golang.org/x/text/language@v0.3.8
      More info: https://pkg.go.dev/vuln/GO-2022-1059

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-10-17 10:05:13 +02:00
renovate[bot]
f9ad0d88a1
chore(deps): update all dependencies (#875) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-10-10 09:27:01 +02:00
renovate[bot]
bb4a1e3544
chore(deps): update all dependencies (#872) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-10-04 09:23:21 +02:00
renovate[bot]
e244c811ea
chore(deps): update all dependencies (#868) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-09-22 11:18:20 +02:00
renovate[bot]
180fc23b72 chore(deps): update all dependencies 2022-09-12 09:35:57 +02:00
renovate[bot]
aaaf80c9a7 chore(deps): update all dependencies 2022-09-05 09:42:37 +02:00
renovate[bot]
ae58325bfe chore(deps): update all dependencies 2022-08-29 10:21:47 +02:00
renovate[bot]
a319b668cd chore(deps): update golang.org/x/crypto digest to bc19a97 2022-08-22 09:57:21 +02:00
renovate[bot]
1b0873a235
chore(deps): update module golang.org/x/tools to v0.1.12 (#840) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-08-02 08:08:23 +02:00
renovate[bot]
3cda47a9b8
chore(deps): update all dependencies (#836) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-07-26 10:57:36 +02:00
renovate[bot]
7dd9ddd583
chore(deps): update golang.org/x/crypto digest to 0559593 (#826) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-07-06 06:34:31 +02:00
renovate[bot]
a9b0ef0a11
chore(deps): update all dependencies (#822) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-06-13 19:48:12 +02:00
Thomas Gorham
c3ede62822
Update x/tools to pick up fix for golang/go#51629 (#817) 2022-05-29 17:41:10 +02:00
renovate[bot]
0a929c7b6c
chore(deps): update all dependencies (#816) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-05-29 17:36:29 +02:00
renovate[bot]
12be14859b
chore(deps): update all dependencies (#812) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-05-09 12:02:57 +02:00
renovate[bot]
0dcc3362ae
chore(deps): update all dependencies (#811) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-05-02 21:00:33 +02:00
Cosmin Cojocar
a64cde55a4
Fix the dependencies after renovate upate (#806) 2022-04-11 20:21:09 +02:00
Cosmin Cojocar
2ef1d9a037
Fix build after renovate update (#800) 2022-03-28 20:38:14 +02:00
renovate[bot]
8af0af7611
chore(deps): update all dependencies (#789) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-03-14 14:10:28 +01:00
Renovate Bot
43577cebb7 chore(deps): update all dependencies 2022-02-16 12:21:25 +01:00
Renovate Bot
507f8472ca chore(deps): update golang.org/x/crypto commit hash to 30dcbda 2022-02-07 10:34:16 +01:00
Renovate Bot
853e1d5034 chore(deps): update all dependencies 2022-01-31 18:58:38 +01:00
renovate[bot]
9399e7bed7
chore(deps): update all dependencies (#771) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-01-27 11:26:33 +10:00
renovate[bot]
b12c0f6e4e
chore(deps): update all dependencies (#765) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-01-26 11:10:11 +01:00
renovate[bot]
742aa848f9
chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2022-01-17 12:42:54 +01:00
Cosmin Cojocar
ad5d74d5a1
Update to ginkgo v2 (#753) 2022-01-03 18:11:35 +01:00
renovate[bot]
bf0dd2fdd3
chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-20 23:36:02 +01:00
renovate[bot]
6c0b34426c
chore(deps): update golang.org/x/crypto commit hash to 4570a08 (#737) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-13 17:44:29 +01:00
renovate[bot]
040327f7d7
chore(deps): update all dependencies (#734) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-12-07 15:49:48 +01:00
renovate[bot]
c95e9c21e7
chore(deps): update all dependencies (#731) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-11-22 14:04:48 +01:00
renovate[bot]
873ac243ea
chore(deps): update all dependencies (#722) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-11-09 21:05:07 +01:00
renovate[bot]
0680c75f99
chore(deps): update all dependencies (#716) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-11-01 20:56:57 +01:00
renovate[bot]
e73248cc12
chore(deps): update all dependencies (#701) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-10-05 19:29:19 +02:00
renovate[bot]
cb89567f99
chore(deps): update module github.com/lib/pq to v1.10.3 (#695) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-09-13 09:39:36 +02:00
renovate[bot]
1978a52ff4
Update all dependencies (#690) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-08-23 08:04:46 +02:00
renovate[bot]
83355dc837
Update all dependencies (#683) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-08-16 11:28:27 +02:00
renovate[bot]
2d4133d7a1
Update module github.com/onsi/gomega to v1.15.0 (#679) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-08-09 17:29:21 +02:00
renovate[bot]
b869720342
Update module golang.org/x/tools to v0.1.5 (#668) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-07-19 11:26:21 +02:00
renovate[bot]
a484c77736
Update all dependencies (#663) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-07-13 18:43:09 +02:00
renovate[bot]
e936c84a90
Update all dependencies (#658) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-06-28 16:09:51 +02:00
renovate[bot]
8c43b96d54
Update golang.org/x/crypto commit hash to 5ff15b2 (#656) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2021-06-21 10:51:01 +02:00