Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gosec for openSUSE:Factory checked in at 2025-10-16 17:38:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gosec (Old) and /work/SRC/openSUSE:Factory/.gosec.new.18484 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gosec" Thu Oct 16 17:38:21 2025 rev:28 rq:1311478 version:2.22.10 Changes: -------- --- /work/SRC/openSUSE:Factory/gosec/gosec.changes 2025-09-22 19:29:42.642936502 +0200 +++ /work/SRC/openSUSE:Factory/.gosec.new.18484/gosec.changes 2025-10-16 17:38:37.072084630 +0200 @@ -1,0 +2,19 @@ +Wed Oct 15 09:47:09 UTC 2025 - Felix Niederwanger <[email protected]> + +- Update to version 2.22.10: + * Update go to version 1.25.3 and 1.24.9 in CI (#1404) + * chore(deps): update all dependencies (#1402) + * Update go to version 1.25.2 and 2.24.8 in CI (#1401) + * chore(deps): update all dependencies (#1399) + * check nil slices, partially check bounds (#1396) + * Remove unused target from the makefile + * Use the ginkgo command install by the dependencies + * Keep the go module at 1.24 version for compatibility reasons + * Remove manual test deps + * fix: text must be supplied when markdown is used + * fix: improve error message of CheckAnalyzers + * fix: log panic on SSA + * chore(deps): update all dependencies + * Update gosec to version v.22.9 in the github action + +------------------------------------------------------------------- Old: ---- gosec-2.22.9.obscpio New: ---- gosec-2.22.10.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gosec.spec ++++++ --- /var/tmp/diff_new_pack.MlBjwx/_old 2025-10-16 17:38:37.772113900 +0200 +++ /var/tmp/diff_new_pack.MlBjwx/_new 2025-10-16 17:38:37.776114067 +0200 @@ -17,7 +17,7 @@ Name: gosec -Version: 2.22.9 +Version: 2.22.10 Release: 0 Summary: CLI tool to scan the Go AST and SSA code representations for security problems License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.MlBjwx/_old 2025-10-16 17:38:37.820115907 +0200 +++ /var/tmp/diff_new_pack.MlBjwx/_new 2025-10-16 17:38:37.824116074 +0200 @@ -4,7 +4,7 @@ <param name="filename">gosec</param> <param name="url">https://github.com/securego/gosec.git</param> <param name="scm">git</param> - <param name="revision">v2.22.9</param> + <param name="revision">v2.22.10</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.MlBjwx/_old 2025-10-16 17:38:37.848117078 +0200 +++ /var/tmp/diff_new_pack.MlBjwx/_new 2025-10-16 17:38:37.848117078 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/securego/gosec.git</param> - <param name="changesrevision">15d5c61e866bc2e2e8389376a31f1e5e09bde7d8</param></service></servicedata> + <param name="changesrevision">6be2b51fd78feca86af91f5186b7964d76cb1256</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2025-02-13 15:25:36.000000000 +0100 @@ -0,0 +1,3 @@ +.osc +/gosec +/gosec-*.*.*.tar.xz ++++++ gosec-2.22.9.obscpio -> gosec-2.22.10.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/.github/workflows/ci.yml new/gosec-2.22.10/.github/workflows/ci.yml --- old/gosec-2.22.9/.github/workflows/ci.yml 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/.github/workflows/ci.yml 2025-10-14 14:54:01.000000000 +0200 @@ -11,9 +11,9 @@ strategy: matrix: version: - - go-version: "1.24.7" + - go-version: "1.24.9" golangci: "latest" - - go-version: "1.25.1" + - go-version: "1.25.3" golangci: "latest" runs-on: ubuntu-latest env: @@ -52,7 +52,7 @@ - name: Setup go uses: actions/setup-go@v6 with: - go-version: "1.25.1" + go-version: "1.25.3" - name: Checkout Source uses: actions/checkout@v5 - uses: actions/cache@v4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/.github/workflows/release.yml new/gosec-2.22.10/.github/workflows/release.yml --- old/gosec-2.22.9/.github/workflows/release.yml 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/.github/workflows/release.yml 2025-10-14 14:54:01.000000000 +0200 @@ -17,7 +17,7 @@ - name: Set up Go uses: actions/setup-go@v6 with: - go-version: "1.25.1" + go-version: "1.25.3" - name: Install Cosign uses: sigstore/cosign-installer@v3 with: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/.github/workflows/scan.yml new/gosec-2.22.10/.github/workflows/scan.yml --- old/gosec-2.22.9/.github/workflows/scan.yml 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/.github/workflows/scan.yml 2025-10-14 14:54:01.000000000 +0200 @@ -20,7 +20,7 @@ # we let the report trigger content trigger a failure using the GitHub Security features. args: '-no-fail -fmt sarif -out results.sarif ./...' - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: # Path to SARIF file relative to the root of the repository sarif_file: results.sarif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/Makefile new/gosec-2.22.10/Makefile --- old/gosec-2.22.9/Makefile 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/Makefile 2025-10-14 14:54:01.000000000 +0200 @@ -14,7 +14,6 @@ GOPATH ?= $(shell $(GO) env GOPATH) GOBIN ?= $(GOPATH)/bin GOSEC ?= $(GOBIN)/gosec -GINKGO ?= $(GOBIN)/ginkgo GO_MINOR_VERSION = $(shell $(GO) version | cut -c 14- | cut -d' ' -f1 | cut -d'.' -f2) GOVULN_MIN_VERSION = 17 GO_VERSION = 1.25 @@ -26,18 +25,13 @@ default: $(MAKE) build -install-test-deps: - go install github.com/onsi/ginkgo/v2/ginkgo@latest - go install golang.org/x/crypto/...@latest - go install github.com/lib/pq/...@latest - install-govulncheck: @if [ $(GO_MINOR_VERSION) -gt $(GOVULN_MIN_VERSION) ]; then \ go install golang.org/x/vuln/cmd/govulncheck@latest; \ fi -test: install-test-deps build-race fmt vet sec govulncheck - $(GINKGO) -v --fail-fast +test: build-race fmt vet sec govulncheck + go run github.com/onsi/ginkgo/v2/ginkgo -- --ginkgo.v --ginkgo.fail-fast fmt: @echo "FORMATTING" @@ -62,7 +56,7 @@ govulncheck ./...; \ fi -test-coverage: install-test-deps +test-coverage: go test -race -v -count=1 -coverprofile=coverage.out ./... build: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/action.yml new/gosec-2.22.10/action.yml --- old/gosec-2.22.9/action.yml 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/action.yml 2025-10-14 14:54:01.000000000 +0200 @@ -1,19 +1,19 @@ -name: 'Gosec Security Checker' -description: 'Runs the gosec security checker' -author: '@ccojocar' +name: "Gosec Security Checker" +description: "Runs the gosec security checker" +author: "@ccojocar" inputs: args: - description: 'Arguments for gosec' + description: "Arguments for gosec" required: true - default: '-h' + default: "-h" runs: - using: 'docker' - image: 'docker://securego/gosec:2.22.8' - args: - - ${{ inputs.args }} + using: "docker" + image: "docker://securego/gosec:2.22.9" + args: + - ${{ inputs.args }} branding: - icon: 'shield' - color: 'blue' + icon: "shield" + color: "blue" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/analyzer.go new/gosec-2.22.10/analyzer.go --- old/gosec-2.22.9/analyzer.go 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/analyzer.go 2025-10-14 14:54:01.000000000 +0200 @@ -28,6 +28,7 @@ "path/filepath" "reflect" "regexp" + "runtime/debug" "strconv" "strings" "sync" @@ -413,7 +414,17 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) { ssaResult, err := gosec.buildSSA(pkg) if err != nil || ssaResult == nil { - gosec.logger.Printf("Error building the SSA representation of the package %q: %s", pkg.Name, err) + errMessage := "Error building the SSA representation of the package " + pkg.Name + ": " + if err != nil { + errMessage += err.Error() + } + if ssaResult == nil { + if err != nil { + errMessage += ", " + } + errMessage += "no ssa result" + } + gosec.logger.Print(errMessage) return } @@ -485,7 +496,10 @@ func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) { defer func() { if r := recover(); r != nil { - gosec.logger.Printf("Panic when running SSA analyser on package: %s", pkg.Name) + gosec.logger.Printf( + "Panic when running SSA analyzer on package: %s. Panic: %v\nStack trace:\n%s", + pkg.Name, r, debug.Stack(), + ) } }() ssaPass := &analysis.Pass{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/analyzers/slice_bounds.go new/gosec-2.22.10/analyzers/slice_bounds.go --- old/gosec-2.22.9/analyzers/slice_bounds.go 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/analyzers/slice_bounds.go 2025-10-14 14:54:01.000000000 +0200 @@ -81,29 +81,64 @@ for _, s := range violations { switch s := s.(type) { case *ssa.Slice: - issue := newIssue( + issues[s] = newIssue( pass.Analyzer.Name, "slice bounds out of range", pass.Fset, s.Pos(), issue.Low, issue.High) - issues[s] = issue case *ssa.IndexAddr: - issue := newIssue( + issues[s] = newIssue( pass.Analyzer.Name, "slice index out of range", pass.Fset, s.Pos(), issue.Low, issue.High) - issues[s] = issue } } } } } } + case *ssa.IndexAddr: + switch indexInstr := instr.X.(type) { + case *ssa.Const: + if indexInstr.Type().String()[:2] == "[]" { + if indexInstr.Value == nil { + issues[instr] = newIssue( + pass.Analyzer.Name, + "slice index out of range", + pass.Fset, + instr.Pos(), + issue.Low, + issue.High) + + break + } + } + case *ssa.Alloc: + if instr.Pos() > 0 { + typeStr := indexInstr.Type().String() + arrayLen, err := extractArrayAllocValue(typeStr) // preallocated array + if err != nil { + break + } + + _, err = extractIntValueIndexAddr(instr, arrayLen) + if err != nil { + break + } + issues[instr] = newIssue( + pass.Analyzer.Name, + "slice index out of range", + pass.Fset, + instr.Pos(), + issue.Low, + issue.High) + } + } } } } @@ -143,7 +178,7 @@ if err != nil { break } - if isSliceIndexInsideBounds(0, value, indexValue) { + if isSliceIndexInsideBounds(value, indexValue) { delete(issues, instr) } } @@ -161,8 +196,8 @@ } foundIssues := []*issue.Issue{} - for _, issue := range issues { - foundIssues = append(foundIssues, issue) + for _, v := range issues { + foundIssues = append(foundIssues, v) } if len(foundIssues) > 0 { return foundIssues, nil @@ -192,7 +227,11 @@ } case *ssa.IndexAddr: indexValue, err := extractIntValue(refinstr.Index.String()) - if err == nil && !isSliceIndexInsideBounds(0, sliceCap, indexValue) { + if err == nil && !isSliceIndexInsideBounds(sliceCap, indexValue) { + *violations = append(*violations, refinstr) + } + indexValue, err = extractIntValueIndexAddr(refinstr, sliceCap) + if err == nil && !isSliceIndexInsideBounds(sliceCap, indexValue) { *violations = append(*violations, refinstr) } case *ssa.Call: @@ -217,6 +256,32 @@ } } +func extractIntValueIndexAddr(refinstr *ssa.IndexAddr, sliceCap int) (int, error) { + var indexIncr, sliceIncr int + + for _, block := range refinstr.Block().Preds { + for _, instr := range block.Instrs { + switch instr := instr.(type) { + case *ssa.BinOp: + _, index, err := extractBinOpBound(instr) + if err != nil { + return 0, err + } + switch instr.Op { + case token.LSS: + indexIncr-- + } + + if !isSliceIndexInsideBounds(sliceCap+sliceIncr, index+indexIncr) { + return index, nil + } + } + } + } + + return 0, errors.New("no found") +} + func checkAllSlicesBounds(depth int, sliceCap int, slice *ssa.Slice, violations *[]ssa.Instruction, ifs map[ssa.If]*ssa.BinOp) { if depth == maxDepth { return @@ -303,9 +368,14 @@ } } +var errExtractBinOp = fmt.Errorf("unable to extract constant from binop") + func extractBinOpBound(binop *ssa.BinOp) (bound, int, error) { if binop.X != nil { if x, ok := binop.X.(*ssa.Const); ok { + if x.Value == nil { + return lowerUnbounded, 0, errExtractBinOp + } value, err := strconv.Atoi(x.Value.String()) if err != nil { return lowerUnbounded, value, err @@ -324,6 +394,9 @@ } if binop.Y != nil { if y, ok := binop.Y.(*ssa.Const); ok { + if y.Value == nil { + return lowerUnbounded, 0, errExtractBinOp + } value, err := strconv.Atoi(y.Value.String()) if err != nil { return lowerUnbounded, value, err @@ -340,11 +413,11 @@ } } } - return lowerUnbounded, 0, fmt.Errorf("unable to extract constant from binop") + return lowerUnbounded, 0, errExtractBinOp } -func isSliceIndexInsideBounds(l, h int, index int) bool { - return (l <= index && index < h) +func isSliceIndexInsideBounds(h int, index int) bool { + return (0 <= index && index < h) } func isSliceInsideBounds(l, h int, cl, ch int) bool { @@ -370,6 +443,10 @@ } func extractIntValue(value string) (int, error) { + if i, err := extractIntValuePhi(value); err == nil { + return i, nil + } + parts := strings.Split(value, ":") if len(parts) != 2 { return 0, fmt.Errorf("invalid value: %s", value) @@ -381,7 +458,7 @@ } func extractSliceCapFromAlloc(instr string) (int, error) { - re := regexp.MustCompile(`new \[(\d+)\]*`) + re := regexp.MustCompile(`new \[(\d+)\].*`) var sliceCap int matches := re.FindAllStringSubmatch(instr, -1) if matches == nil { @@ -397,3 +474,39 @@ return 0, errors.New("no slice cap found") } + +func extractIntValuePhi(value string) (int, error) { + re := regexp.MustCompile(`phi \[.+: (\d+):.+, .*\].*`) + var sliceCap int + matches := re.FindAllStringSubmatch(value, -1) + if matches == nil { + return sliceCap, fmt.Errorf("invalid value: %s", value) + } + + if len(matches) > 0 { + m := matches[0] + if len(m) > 1 { + return strconv.Atoi(m[1]) + } + } + + return 0, fmt.Errorf("invalid value: %s", value) +} + +func extractArrayAllocValue(value string) (int, error) { + re := regexp.MustCompile(`.*\[(\d+)\].*`) + var sliceCap int + matches := re.FindAllStringSubmatch(value, -1) + if matches == nil { + return sliceCap, fmt.Errorf("invalid value: %s", value) + } + + if len(matches) > 0 { + m := matches[0] + if len(m) > 1 { + return strconv.Atoi(m[1]) + } + } + + return 0, fmt.Errorf("invalid value: %s", value) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/go.mod new/gosec-2.22.10/go.mod --- old/gosec-2.22.9/go.mod 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/go.mod 2025-10-14 14:54:01.000000000 +0200 @@ -1,19 +1,19 @@ module github.com/securego/gosec/v2 require ( - github.com/anthropics/anthropic-sdk-go v1.12.0 + github.com/anthropics/anthropic-sdk-go v1.13.0 github.com/ccojocar/zxcvbn-go v1.0.4 github.com/google/uuid v1.6.0 github.com/gookit/color v1.6.0 github.com/lib/pq v1.10.9 - github.com/mozilla/tls-observatory v0.0.0-20210609171429-7bc42856d2e5 - github.com/onsi/ginkgo/v2 v2.25.3 + github.com/mozilla/tls-observatory v0.0.0-20250923143331-eef96233227e + github.com/onsi/ginkgo/v2 v2.26.0 github.com/onsi/gomega v1.38.2 github.com/stretchr/testify v1.11.1 - golang.org/x/crypto v0.42.0 - golang.org/x/text v0.29.0 - golang.org/x/tools v0.37.0 - google.golang.org/genai v1.25.0 + golang.org/x/crypto v0.43.0 + golang.org/x/text v0.30.0 + golang.org/x/tools v0.38.0 + google.golang.org/genai v1.30.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -47,10 +47,10 @@ go.opentelemetry.io/otel/trace v1.37.0 // indirect go.uber.org/automaxprocs v1.6.0 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/mod v0.28.0 // indirect - golang.org/x/net v0.44.0 // indirect + golang.org/x/mod v0.29.0 // indirect + golang.org/x/net v0.46.0 // indirect golang.org/x/sync v0.17.0 // indirect - golang.org/x/sys v0.36.0 // indirect + golang.org/x/sys v0.37.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect google.golang.org/grpc v1.75.0 // indirect google.golang.org/protobuf v1.36.8 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/go.sum new/gosec-2.22.10/go.sum --- old/gosec-2.22.9/go.sum 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/go.sum 2025-10-14 14:54:01.000000000 +0200 @@ -52,8 +52,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/anthropics/anthropic-sdk-go v1.12.0 h1:xPqlGnq7rWrTiHazIvCiumA0u7mGQnwDQtvA1M82h9U= -github.com/anthropics/anthropic-sdk-go v1.12.0/go.mod h1:WTz31rIUHUHqai2UslPpw5CwXrQP3geYBioRV4WOLvE= +github.com/anthropics/anthropic-sdk-go v1.13.0 h1:Bhbe8sRoDPtipttg8bQYrMCKe2b79+q6rFW1vOKEUKI= +github.com/anthropics/anthropic-sdk-go v1.13.0/go.mod h1:WTz31rIUHUHqai2UslPpw5CwXrQP3geYBioRV4WOLvE= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= @@ -105,6 +105,12 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fullstorydev/grpcurl v1.6.0/go.mod h1:ZQ+ayqbKMJNhzLmbpCiurTVlaK2M/3nqZCxaQ2Ze/sM= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gkampitakis/ciinfo v0.3.2 h1:JcuOPk8ZU7nZQjdUhctuhQofk7BGHuIy0c9Ez8BNhXs= +github.com/gkampitakis/ciinfo v0.3.2/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo= +github.com/gkampitakis/go-diff v1.3.2 h1:Qyn0J9XJSDTgnsgHRdz9Zp24RaJeKMUHg2+PDZZdC4M= +github.com/gkampitakis/go-diff v1.3.2/go.mod h1:LLgOrpqleQe26cte8s36HTWcTmMEur6OPYerdAAS9tk= +github.com/gkampitakis/go-snaps v0.5.14 h1:3fAqdB6BCPKHDMHAKRwtPUwYexKtGrNuw8HX/T/4neo= +github.com/gkampitakis/go-snaps v0.5.14/go.mod h1:HNpx/9GoKisdhw9AFOBT1N7DBs9DiHo/hGheFGBZ+mc= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -122,6 +128,8 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw= +github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= @@ -226,6 +234,8 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= +github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE= +github.com/joshdk/go-junit v1.0.0/go.mod h1:TiiV0PqkaNfFXjEiyjWM3XXrhVyCa1K4Zfga6W52ung= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -254,6 +264,8 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= +github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= @@ -265,6 +277,8 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= +github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= github.com/miekg/dns v1.1.35/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -279,8 +293,8 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= github.com/mozilla/scribe v0.0.0-20180711195314-fb71baf557c1/go.mod h1:FIczTrinKo8VaLxe6PWTPEXRXDIHz2QAwiaBaP5/4a8= -github.com/mozilla/tls-observatory v0.0.0-20210609171429-7bc42856d2e5 h1:0KqC6/sLy7fDpBdybhVkkv4Yz+PmB7c9Dz9z3dLW804= -github.com/mozilla/tls-observatory v0.0.0-20210609171429-7bc42856d2e5/go.mod h1:FUqVoUPHSEdDR0MnFM3Dh8AU0pZHLXUD127SAJGER/s= +github.com/mozilla/tls-observatory v0.0.0-20250923143331-eef96233227e h1:gOlpekCwR+xjqedQsHo1c7aUSixaQUIe3sAcEeDCMLc= +github.com/mozilla/tls-observatory v0.0.0-20250923143331-eef96233227e/go.mod h1:FUqVoUPHSEdDR0MnFM3Dh8AU0pZHLXUD127SAJGER/s= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= @@ -290,8 +304,8 @@ github.com/olekukonko/tablewriter v0.0.2/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2fSBUmeGDbRWPxyQ= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo/v2 v2.25.3 h1:Ty8+Yi/ayDAGtk4XxmmfUy4GabvM+MegeB4cDLRi6nw= -github.com/onsi/ginkgo/v2 v2.25.3/go.mod h1:43uiyQC4Ed2tkOzLsEYm7hnrb7UJTWHYNsuy3bG/snE= +github.com/onsi/ginkgo/v2 v2.26.0 h1:1J4Wut1IlYZNEAWIV3ALrT9NfiaGW2cDCJQSFQMs/gE= +github.com/onsi/ginkgo/v2 v2.26.0/go.mod h1:qhEywmzWTBUY88kfO0BRvX4py7scov9yR+Az2oavUzw= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= @@ -427,8 +441,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI= -golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8= +golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= +golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -462,8 +476,8 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= -golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -496,8 +510,8 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= -golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= +golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= +golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -554,18 +568,18 @@ golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= -golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= +golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= -golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ= -golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA= +golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= +golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk= -golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4= +golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= +golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -617,8 +631,8 @@ golang.org/x/tools v0.0.0-20200626171337-aa94e735be7f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200630154851-b2d8b0336632/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200706234117-b22de6825cf7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= -golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -647,8 +661,8 @@ google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genai v1.25.0 h1:Cpyh2nmEoOS1eM3mT9XKuA/qWTEDoktfP2gsN3EduPE= -google.golang.org/genai v1.25.0/go.mod h1:OClfdf+r5aaD+sCd4aUSkPzJItmg2wD/WON9lQnRPaY= +google.golang.org/genai v1.30.0 h1:7021aneIvl24nEBLbtQFEWleHsMbjzpcQvkT4WcJ1dc= +google.golang.org/genai v1.30.0/go.mod h1:7pAilaICJlQBonjKKJNhftDFv3SREhZcTe9F6nRcjbg= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/report/sarif/builder.go new/gosec-2.22.10/report/sarif/builder.go --- old/gosec-2.22.9/report/sarif/builder.go 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/report/sarif/builder.go 2025-10-14 14:54:01.000000000 +0200 @@ -91,6 +91,8 @@ result.Fixes = []*Fix{ { Description: &Message{ + // Note: Text SHALL be supplied when Markdown is used: https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790720 + Text: autofix, // TODO: ensure this is plain text Markdown: autofix, }, }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gosec-2.22.9/testutils/g602_samples.go new/gosec-2.22.10/testutils/g602_samples.go --- old/gosec-2.22.9/testutils/g602_samples.go 2025-09-22 10:42:03.000000000 +0200 +++ new/gosec-2.22.10/testutils/g602_samples.go 2025-10-14 14:54:01.000000000 +0200 @@ -338,4 +338,79 @@ } `}, 0, gosec.NewConfig()}, + {[]string{` +package main + +func main() { + s := make([]int, 16) + for i := 10; i < 17; i++ { + s[i]=i + } +} + +`}, 1, gosec.NewConfig()}, + {[]string{` +package main + +func main() { + var s []int + for i := 10; i < 17; i++ { + s[i]=i + } +} + +`}, 1, gosec.NewConfig()}, + {[]string{` +package main + +func main() { + s := make([]int,5, 16) + for i := 1; i < 6; i++ { + s[i]=i + } +} + +`}, 1, gosec.NewConfig()}, + {[]string{` +package main + +func main() { + var s [20]int + for i := 10; i < 17; i++ { + s[i]=i + } +}`}, 0, gosec.NewConfig()}, + {[]string{` +package main + +func main() { + var s [20]int + for i := 1; i < len(s); i++ { + s[i]=i + } +} + +`}, 0, gosec.NewConfig()}, + {[]string{` +package main + +func main() { + var s [20]int + for i := 1; i <= len(s); i++ { + s[i]=i + } +} + +`}, 1, gosec.NewConfig()}, + {[]string{` +package main + +func main() { + var s [20]int + for i := 18; i <= 22; i++ { + s[i]=i + } +} + +`}, 1, gosec.NewConfig()}, } ++++++ gosec.obsinfo ++++++ --- /var/tmp/diff_new_pack.MlBjwx/_old 2025-10-16 17:38:38.228132966 +0200 +++ /var/tmp/diff_new_pack.MlBjwx/_new 2025-10-16 17:38:38.232133134 +0200 @@ -1,5 +1,5 @@ name: gosec -version: 2.22.9 -mtime: 1758530523 -commit: 15d5c61e866bc2e2e8389376a31f1e5e09bde7d8 +version: 2.22.10 +mtime: 1760446441 +commit: 6be2b51fd78feca86af91f5186b7964d76cb1256 ++++++ vendor.tar.xz ++++++ ++++ 18961 lines of diff (skipped)
