Skip to content

deps(deps): bump securego/gosec from 2.22.8 to 2.23.0 in /.github/workflows #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: release
Choose a base branch
from
Open

deps(deps): bump securego/gosec from 2.22.8 to 2.23.0 in /.github/workflows #70

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 12, 2026

Bumps securego/gosec from 2.22.8 to 2.23.0.

Release notes

Sourced from securego/gosec's releases.

v2.23.0

Changelog

  • 398ad549bbf1a51dc978fd966169f660c59774de feat: Support for adding taint analysis engine (#1486)
  • 6eacd5c058e929180e2c0ec9fbe082de28f4315c chore(deps): update all dependencies (#1494)
  • 181a7cb0729c8a7c98a7728ba8d4b3ef035a98ab chore(deps): update all dependencies (#1494)
  • e2fa6ab0ba09771b9205dd0cafa997a2f730f582 chore(deps): update all dependencies (#1488)
  • eb252ba8d7359d599064283465f7f734f4c92171 Fix G602 analyzer panic that kills gosec process (#1491)
  • 20d71a0cc140e43b344c37da33bb841a52f6edcd update go version to 1.25.7 (#1492)
  • a631af86ec6d2557e40dac102293f15209794a75 Fix URL regexp and remove redundant Google regex patterns (#1485)
  • 89685023f949d40cd8b86e6fde63e2d8c82bd860 feat: implement global cache usage in rules (#1480)
  • 04f729ce53e715e228022751c40482ac98db60a5 chore(deps): update module google.golang.org/genai to v1.43.0 (#1484)
  • ade0e8f43211688a78923300c495e4f42f156608 refactor: optimize nosec parsing and reduce allocations (#1478)
  • d24bbf7d14cead8c469093165b19e320f7b61955 Fix SARIF artifactChanges null validation error (#1483)
  • 15cba7fae1b53a2dc6bb4092232f9a84033d121a feat: optimize GetCallInfo with per-package sync.Pool caching (#1481)
  • 5288673473e8ff116915e2f440190030f33ce22d feat: implement entropy pre-filtering to optimize secret detection (#1479)
  • d9a9bcd45ca91ba1a6f539397eddef0487e4b9f1 feat: ensure GoVersion is cached using sync.Once (#1477)
  • 516260af4e7c8fd9a86905d83ddfafde5454c070 Fix #1240: nosec comments now work with trailing open brackets (#1475)
  • be0fd6dcfd8716291bc769f9a21a55ede2576cbd Debug Build Profiling Support: Code improvement suggestions for PR#1471 (#1476)
  • b579523bf6dbd3baf523a778c1a5d1f5c66e97fd Update the go version to 1.25.6 and 1.24.12 (#1474)
  • bd3c738bf0a8e570b93e4c65bac0d49d0267f5a9 G115: Enhance RangeAnalyzer with constant propagation and chained arithmetic support (#1470)
  • 6897b3661cdd347788be81437db09c5edf754284 chore(deps): update all dependencies (#1473)
  • 9f202122a731425dfa2ee978fd0e4ba2d9d8e1dc feat: support path-based rule exclusions via exclude-rules (#1465)
  • 726d847c79d4ea7582376aec0ad94fcbec11fa50 Optimize analyzer with parallel package processing (#1466)
  • 3150b28fc404263fd89ab466247b2bf0235be619 feat: add goanalysis package for nogo (#1449)
  • 7284e15230ad0bc56e2fdd518ce5f2c5b6610ce2 Refactor Analyzers: Unify Range Logic & Optimize Allocations (#1464)
  • 7a4ccefd8880ecced95e2947fb7a4088d66a221c Optimize G115, G602, G407 analyzers to reduce allocations and memory (#1463)
  • 833d7919e0f1eaf793b5cc4e97050435faee92d1 refactor(g115): improve coverage (#1462)
  • 0cc9e01a9d6b650d90c9ad6a5ffa73ba30ca99c8 Refine G407 to improve detection and coverage of hardcoded nonces (#1460)
  • 303f84d11141cecd48eeb3a01cd8c6de982c0f29 chore(deps): update all dependencies (#1461)
  • 7387d225921a2efbcf1613bdb32f490285f9af65 Refactor rules to use callListRule base structure (#1458)
  • 52f5dbf4d42f41d4eb6e83e2b408a227eb61cf40 feat(slice): enhance slice bounds analysis with dynamic bounds handling (#1457)
  • 649e2c8da416b29f67a6119dc5ee2149b514872f remove deprecated ast.Object (#1455)
  • 35a92b49d5b5c963b8acb81944e56bb66a444680 feat(sql): enhance SQL injection detection with improved string concatenation checks (#1454)
  • bc9d2bc879d1e246d48cf4b9e18a975c67e1712b feat(rules): enhance subprocess variable checks (#1453)
  • 8a5404eabf56aa8ca2fb9e4e8eb526da0a5a8c48 feat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr (#1452)
  • 0f6f21cb3fc1d640b7e0f8b47b48f367beb1eddc feat: add secrets serialization G117 (#1451)
  • 717706e8159c4124c2576a0defc0078493655936 feat(rules): add support for detecting high entropy strings in composite literals (#1447)
  • 082deb6cee063d5b8ce740fbee614460d2c2211b whitelist crypto/rand Read from error checks (#1446)
  • 095d529a906cabaf1adbea5e85fc13acce092a53 chore(deps): update all dependencies (#1443)
  • c073629009897d89e03229bc81232c7375892086 Improve slice bound check (#1442)
  • 538a05cc5d6eb7bb41624e48f6e5019cccb1a2b8 docs: add documentation for using gosec with private modules (#1441)
  • 25804378cd3eb8715e79649ea5266b811713b6ee chore(deps): update all dependencies (#1440)
  • 872b33106ce4ba9253328009b63c4157b48d6867 docs: add G116 rule description to README (#1439)
  • dcf93a8b8ba2a90270e0ce35291cca8f7a4a90be Update GitHub action to gosec 2.22.11 (#1438)

v2.22.11

Changelog

  • 424fc4cd9c82ea0fd6bee9cd49c2db2c3cc0c93f feature: add rule for trojan source (#1431)
  • aa2e2fb1bdc12e985c9c1b93a15200baf61350d1 feat(ai): add OpenAI and custom API provider support (#1424)
  • b6eea26df883bbf98351d68bf92fa247a232ac20 chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#1437)

... (truncated)

Commits
  • 398ad54 feat: Support for adding taint analysis engine (#1486)
  • 6eacd5c chore(deps): update all dependencies (#1494)
  • 181a7cb chore(deps): update all dependencies (#1494)
  • e2fa6ab chore(deps): update all dependencies (#1488)
  • eb252ba Fix G602 analyzer panic that kills gosec process (#1491)
  • 20d71a0 update go version to 1.25.7 (#1492)
  • a631af8 Fix URL regexp and remove redundant Google regex patterns (#1485)
  • 8968502 feat: implement global cache usage in rules (#1480)
  • 04f729c chore(deps): update module google.golang.org/genai to v1.43.0 (#1484)
  • ade0e8f refactor: optimize nosec parsing and reduce allocations (#1478)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
deps(deps): bump securego/gosec in /.github/workflows
6b3789a 
Bumps [securego/gosec](https://github.com/securego/gosec) from 2.22.8 to 2.23.0.
- [Release notes](https://github.com/securego/gosec/releases)
- [Commits](securego/gosec@v2.22.8...v2.23.0)

---
updated-dependencies:
- dependency-name: securego/gosec
  dependency-version: 2.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot mentioned this pull request Feb 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

github-actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants