Skip to content

chore(deps): bump securego/gosec from 2.24.7 to 2.25.0 in the security-scanners group#158

Merged
bedatty merged 1 commit intodevelopfrom
dependabot/github_actions/develop/security-scanners-23951091f4
Mar 20, 2026
Merged

chore(deps): bump securego/gosec from 2.24.7 to 2.25.0 in the security-scanners group#158
bedatty merged 1 commit intodevelopfrom
dependabot/github_actions/develop/security-scanners-23951091f4

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 20, 2026

Bumps the security-scanners group with 1 update: securego/gosec.

Updates securego/gosec from 2.24.7 to 2.25.0

Release notes

Sourced from securego/gosec's releases.

v2.25.0

Changelog

  • 223e19b8856e00f02cc67804499a83f77e208f3c chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617)
  • b23a9e534822ec656207d6d33116b9c48fcde6c7 fix: allow barry action to access secrets on fork PRs (#1616)
  • 355cfa5a43916c57b7727eece120dd54665c1427 fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615)
  • 744bfb5ef06e24230087a2470dd1eda8cf5ac48a Add barry security scanner as a step in the CI (#1612)
  • 4fde15d2287caa7ba8480e14d3ccd49579d17f42 chore(deps): update all dependencies (#1611)
  • dec52c4101b534ac9bc8cf22ac051a65c90d75e0 fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610)
  • a0de8b6aab054e0fe97bec94d1f5e635dc5dc495 Add some skills for claude code to automate some tasks (#1609)
  • c2dfcec7f34bdbb3591c1dccd4aafde1d49c5bd6 Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606)
  • 8aec3f48a22ee5404185b01ac7667302ba73e51c fix: skip SSA analysis on ill-typed packages to prevent panic (#1607)
  • 1ced32df147e2dd7bb9400023c246235bb32be92 Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605)
  • befce8de5da965121ad143b3c1eba58b0c3941bb fix(G118): eliminate false positive for package-level cancel variables (#1602)
  • b7b2c7b668f3f2bef8a8ae04d72f0eb60492322c feat: add G124 rule for insecure HTTP cookie configuration (#1599)
  • 6e66a943db54eb8d235ac766fa2fd414d44e8821 feat: add G709 rule for unsafe deserialization of untrusted data (#1598)
  • e7ea2377aa2138d550e6d466ceef7a3164b4d7ea feat: add G708 rule for server-side template injection via text/template (#1597)
  • 889546214c90564feb348e14fd1bf526295e0b2d fix(G118): eliminate false positive when cancel is called via struct field in a closure (#1596)
  • 619ce2117e086b696f9357dc3422c18c2d0262bf Fix infinite recursion in interprocedural taint analysis (#1594)
  • 0e0eb1792f3ced1edfe332daa388f088d4bd2f08 Fix G118 false positive when cancel is stored in returned struct field (#1593)
  • 59a9da022f37d928b5c26c2b720e5f43f4a3e9b4 Fix G118 false positive on cancel called inside goroutine closure (#1592)
  • cbf46b8771cfe2f02d3f935469c7898198d901f4 fix(analyzer): per-package rule instantiation eliminates concurrent map crash (#1589)
  • c6c3ba865980cf3333c8bcaa93b4b9b7a4858bba chore(deps): update all dependencies (#1588)
  • c709ed8be30a01d52ef51a099f5da6fc23dd3e31 fix(G118): treat returned cancel func as called (fixes #1584) (#1585)
  • fa74dd7069d482a37b1207afbeffbfc7681a47f8 chore(go): update supported Go versions to 1.25.8 and 1.26.1 (#1583)
  • cd1f29ec710ed24a305edf5908f52240addb1811 Update the README with the correct version of the Github action for gosec (#1582)
  • 5887aee36f8b982ecb71885fde827ec0e84d98a2 chore(deps): update all dependencies (#1579)
  • 6641fcf966593bf52ed426aa262839b340d56375 Fix G115 false positives for guarded int64-to-byte conversions (#1578)
  • 3c9c3da6924bb1daeea428e28ec9ac5fa5a09c25 Update the container image migration notice (#1576)
  • 973e94e8fc181de08ab86b212e6475221e777069 chore(action): bump gosec to 2.24.7 (#1575)
Commits
  • 223e19b chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617)
  • b23a9e5 fix: allow barry action to access secrets on fork PRs (#1616)
  • 355cfa5 fix: reduce G117 false positives for custom marshalers and transformed values...
  • 744bfb5 Add barry security scanner as a step in the CI (#1612)
  • 4fde15d chore(deps): update all dependencies (#1611)
  • dec52c4 fix: prevent taint analysis hang on packages with many CHA call graph edges (...
  • a0de8b6 Add some skills for claude code to automate some tasks (#1609)
  • c2dfcec Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606)
  • 8aec3f4 fix: skip SSA analysis on ill-typed packages to prevent panic (#1607)
  • 1ced32d Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump securego/gosec in the security-scanners group
e715fc5 
Bumps the security-scanners group with 1 update: [securego/gosec](https://github.com/securego/gosec).


Updates `securego/gosec` from 2.24.7 to 2.25.0
- [Release notes](https://github.com/securego/gosec/releases)
- [Commits](securego/gosec@v2.24.7...v2.25.0)

---
updated-dependencies:
- dependency-name: securego/gosec
  dependency-version: 2.25.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-scanners
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Dependency updates (usually opened by Dependabot) label Mar 20, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 20, 2026

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from a team as a code owner March 20, 2026 17:59
@lerian-studio lerian-studio added the size/XS PR changes < 50 lines label Mar 20, 2026
@github-actions github-actions bot added workflow Changes to one or more reusable workflow files golang Changes to Go-related workflows and removed dependencies Dependency updates (usually opened by Dependabot) labels Mar 20, 2026
@lerian-studio
Copy link

lerian-studio commented Mar 20, 2026

🔍 Lint Analysis

Check Files Scanned Status
YAML Lint 1 file(s) ❌ failure
Action Lint 1 file(s) ❌ failure
Pinned Actions 1 file(s) ✅ success
Markdown Link Check no changes ⏭️ skipped
Spelling Check 1 file(s) ✅ success
Shell Check 1 file(s) ❌ failure
README Check 1 file(s) ✅ success
Composite Schema no changes ⏭️ skipped
❌ Failures (3)

YAML Lint

.github

  • .github (line 66) — Process completed with exit code 1.

Action Lint

.github/workflows/go-pr-analysis.yml

  • .github/workflows/go-pr-analysis.yml (line 314) — shellcheck reported issue in this script: SC2086:info:7:30: Double quote to prevent globbing and word splitting
  • .github/workflows/go-pr-analysis.yml (line 314) — shellcheck reported issue in this script: SC2086:info:4:29: Double quote to prevent globbing and word splitting
  • .github/workflows/go-pr-analysis.yml (line 314) — shellcheck reported issue in this script: SC2086:info:11:28: Double quote to prevent globbing and word splitting
  • .github/workflows/go-pr-analysis.yml (line 258) — shellcheck reported issue in this script: SC2086:info:7:30: Double quote to prevent globbing and word splitting
  • .github/workflows/go-pr-analysis.yml (line 258) — shellcheck reported issue in this script: SC2086:info:4:29: Double quote to prevent globbing and word splitting
  • .github/workflows/go-pr-analysis.yml (line 258) — shellcheck reported issue in this script: SC2086:info:11:28: Double quote to prevent globbing and word splitting
  • .github/workflows/go-pr-analysis.yml (line 251) — shellcheck reported issue in this script: SC2086:info:2:32: Double quote to prevent globbing and word splitting
  • .github/workflows/go-pr-analysis.yml (line 251) — shellcheck reported issue in this script: SC2046:warning:1:101: Quote this to prevent word splitting
  • .github/workflows/go-pr-analysis.yml (line 112) — shellcheck reported issue in this script: SC2181:style:9:9: Check exit code directly with e.g. 'if mycmd;', not indirectly with $?
  • .github/workflows/go-pr-analysis.yml (line 112) — shellcheck reported issue in this script: SC2086:info:10:34: Double quote to prevent globbing and word splitting

Shell Check

.github

  • .github (line 131) — Process completed with exit code 1.
  • .github (line 130) — Found 1 shellcheck error(s) in run: blocks.

🔍 View full scan logs

@bedatty bedatty self-assigned this Mar 20, 2026
bedatty
bedatty approved these changes Mar 20, 2026
View reviewed changes
Copy link
Contributor

@bedatty bedatty left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency update reviewed. Minor bump (2.24.7 → 2.25.0) with bug fixes and new security rules. No breaking changes identified. Auto-approved.

@bedatty bedatty merged commit b6eee46 into develop Mar 20, 2026
18 of 21 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/develop/security-scanners-23951091f4 branch March 20, 2026 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bedatty bedatty bedatty approved these changes

Assignees

@bedatty bedatty

Labels

golang Changes to Go-related workflows size/XS PR changes < 50 lines workflow Changes to one or more reusable workflow files

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lerian-studio @bedatty