Skip to content

chore(deps): bump securego/gosec from 2.22.9 to 2.26.1#9664

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/securego/gosec-2.26.1
Closed

chore(deps): bump securego/gosec from 2.22.9 to 2.26.1#9664
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/securego/gosec-2.26.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Bumps securego/gosec from 2.22.9 to 2.26.1.

Release notes

Sourced from securego/gosec's releases.

v2.26.1

Changelog

  • 4a3bd8af174872c778439083ded7adbf3747e770 Update cosign to v3.0.6 (#1659)

v2.25.0

Changelog

  • 223e19b8856e00f02cc67804499a83f77e208f3c chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617)
  • b23a9e534822ec656207d6d33116b9c48fcde6c7 fix: allow barry action to access secrets on fork PRs (#1616)
  • 355cfa5a43916c57b7727eece120dd54665c1427 fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615)
  • 744bfb5ef06e24230087a2470dd1eda8cf5ac48a Add barry security scanner as a step in the CI (#1612)
  • 4fde15d2287caa7ba8480e14d3ccd49579d17f42 chore(deps): update all dependencies (#1611)
  • dec52c4101b534ac9bc8cf22ac051a65c90d75e0 fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610)
  • a0de8b6aab054e0fe97bec94d1f5e635dc5dc495 Add some skills for claude code to automate some tasks (#1609)
  • c2dfcec7f34bdbb3591c1dccd4aafde1d49c5bd6 Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606)
  • 8aec3f48a22ee5404185b01ac7667302ba73e51c fix: skip SSA analysis on ill-typed packages to prevent panic (#1607)
  • 1ced32df147e2dd7bb9400023c246235bb32be92 Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605)
  • befce8de5da965121ad143b3c1eba58b0c3941bb fix(G118): eliminate false positive for package-level cancel variables (#1602)
  • b7b2c7b668f3f2bef8a8ae04d72f0eb60492322c feat: add G124 rule for insecure HTTP cookie configuration (#1599)
  • 6e66a943db54eb8d235ac766fa2fd414d44e8821 feat: add G709 rule for unsafe deserialization of untrusted data (#1598)
  • e7ea2377aa2138d550e6d466ceef7a3164b4d7ea feat: add G708 rule for server-side template injection via text/template (#1597)
  • 889546214c90564feb348e14fd1bf526295e0b2d fix(G118): eliminate false positive when cancel is called via struct field in a closure (#1596)
  • 619ce2117e086b696f9357dc3422c18c2d0262bf Fix infinite recursion in interprocedural taint analysis (#1594)
  • 0e0eb1792f3ced1edfe332daa388f088d4bd2f08 Fix G118 false positive when cancel is stored in returned struct field (#1593)
  • 59a9da022f37d928b5c26c2b720e5f43f4a3e9b4 Fix G118 false positive on cancel called inside goroutine closure (#1592)
  • cbf46b8771cfe2f02d3f935469c7898198d901f4 fix(analyzer): per-package rule instantiation eliminates concurrent map crash (#1589)
  • c6c3ba865980cf3333c8bcaa93b4b9b7a4858bba chore(deps): update all dependencies (#1588)
  • c709ed8be30a01d52ef51a099f5da6fc23dd3e31 fix(G118): treat returned cancel func as called (fixes #1584) (#1585)
  • fa74dd7069d482a37b1207afbeffbfc7681a47f8 chore(go): update supported Go versions to 1.25.8 and 1.26.1 (#1583)
  • cd1f29ec710ed24a305edf5908f52240addb1811 Update the README with the correct version of the Github action for gosec (#1582)
  • 5887aee36f8b982ecb71885fde827ec0e84d98a2 chore(deps): update all dependencies (#1579)
  • 6641fcf966593bf52ed426aa262839b340d56375 Fix G115 false positives for guarded int64-to-byte conversions (#1578)
  • 3c9c3da6924bb1daeea428e28ec9ac5fa5a09c25 Update the container image migration notice (#1576)
  • 973e94e8fc181de08ab86b212e6475221e777069 chore(action): bump gosec to 2.24.7 (#1575)

v2.24.7

Changelog

  • bb17e422fc34bf4c0a2e5cab9d07dc45a68c040c Ignore nosec comments in action integration workflow to generate some warnings (#1573)
  • e1502ad21653d1c6717e33f1221c3ce2d5c8581f Add a workflow for action integration test (#1571)
  • f8691bd77bab5430ccb538e6f253275e82577afc fix(sarif): avoid invalid null relationships in SARIF output (#1569)
  • ade1d0e0a04ec8ae98da98614d42524621d40df2 chore: migrate gosec container image references to GHCR (#1567)

v2.24.6

Changelog

  • 88835e86bba381290c2f60a1c73610995b1502eb Update gorelease to use the latest cosign bundle argument (#1565)

v2.24.0

Changelog

  • 271492bcd930ef72dfb9d00e5bb9544b3b407fb5 fix: G704 false positive on const URL (#1551)
  • 1341aeadb4c334014c4834c745344edb9dcf85b0 fix(G705): eliminate false positive for non-HTTP io.Writer (#1550)
  • f2262c88ffdfc9eb7be8444db19caa17cc71810f G120: avoid false positive when MaxBytesReader is applied in middleware (#1547)

... (truncated)

Commits
  • 4a3bd8a Update cosign to v3.0.6 (#1659)
  • 553d8a5 Sync taint rule docs and add missing CWE mappings for G113/G307 (#1658)
  • bf0ccd3 Update all dependencies (#1657)
  • 4ead098 Add G710 rule for open redirect via taint analysis (#1654)
  • 8ff985f Fix formatting
  • a1aad0c Update the default models use by autofix and phase out the older models
  • 74bdf7f Format and clean-up the README
  • 74dc989 Add HTTP file-serving function to the skins of pathtraversal analyzer (#1647)
  • 7020111 Skip flaging the TLS min version for go 1.18+ (#1646)
  • d5869fc chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0 (#1645)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies github_actions Pull requests that update GitHub Actions code labels May 4, 2026
@dependabot
chore(deps): bump securego/gosec from 2.22.9 to 2.26.1
1dbac7c 
Bumps [securego/gosec](https://github.com/securego/gosec) from 2.22.9 to 2.26.1.
- [Release notes](https://github.com/securego/gosec/releases)
- [Commits](securego/gosec@v2.22.9...v2.26.1)

---
updated-dependencies:
- dependency-name: securego/gosec
  dependency-version: 2.26.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/securego/gosec-2.26.1 branch from 79c0b1c to 1dbac7c Compare May 5, 2026 13:38
@mudler mudler closed this May 5, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 5, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/github_actions/securego/gosec-2.26.1 branch May 5, 2026 22:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mudler