Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gosec for openSUSE:Factory checked in at 2026-03-23 17:15:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gosec (Old) and /work/SRC/openSUSE:Factory/.gosec.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gosec" Mon Mar 23 17:15:37 2026 rev:33 rq:1342025 version:2.25.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gosec/gosec.changes 2026-03-04 21:08:21.976254114 +0100 +++ /work/SRC/openSUSE:Factory/.gosec.new.8177/gosec.changes 2026-03-23 17:17:36.012234933 +0100 @@ -1,0 +2,32 @@ +Mon Mar 23 08:50:38 UTC 2026 - Felix Niederwanger <[email protected]> + +- Update to version 2.25.0: + * chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617) + * fix: allow barry action to access secrets on fork PRs (#1616) + * fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615) + * Add barry security scanner as a step in the CI (#1612) + * chore(deps): update all dependencies (#1611) + * fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610) + * Add some skills for claude code to automate some tasks (#1609) + * Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606) + * fix: skip SSA analysis on ill-typed packages to prevent panic (#1607) + * Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605) + * fix(G118): eliminate false positive for package-level cancel variables (#1602) + * feat: add G124 rule for insecure HTTP cookie configuration (#1599) + * feat: add G709 rule for unsafe deserialization of untrusted data (#1598) + * feat: add G708 rule for server-side template injection via text/template (#1597) + * fix(G118): eliminate false positive when cancel is called via struct field in a closure (#1596) + * Fix infinite recursion in interprocedural taint analysis (#1594) + * Fix G118 false positive when cancel is stored in returned struct field (#1593) + * Fix G118 false positive on cancel called inside goroutine closure (#1592) + * fix(analyzer): per-package rule instantiation eliminates concurrent map crash (#1589) + * chore(deps): update all dependencies (#1588) + * fix(G118): treat returned cancel func as called (fixes #1584) (#1585) + * chore(go): update supported Go versions to 1.25.8 and 1.26.1 (#1583) + * Update the README with the correct version of the Github action for gosec (#1582) + * chore(deps): update all dependencies (#1579) + * Fix G115 false positives for guarded int64-to-byte conversions (#1578) + * Update the container image migration notice (#1576) + * chore(action): bump gosec to 2.24.7 (#1575) + +------------------------------------------------------------------- Old: ---- gosec-2.24.7.obscpio New: ---- gosec-2.25.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gosec.spec ++++++ --- /var/tmp/diff_new_pack.jeHcRS/_old 2026-03-23 17:17:36.864270369 +0100 +++ /var/tmp/diff_new_pack.jeHcRS/_new 2026-03-23 17:17:36.864270369 +0100 @@ -17,7 +17,7 @@ Name: gosec -Version: 2.24.7 +Version: 2.25.0 Release: 0 Summary: CLI tool to scan the Go AST and SSA code representations for security problems License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.jeHcRS/_old 2026-03-23 17:17:36.916272531 +0100 +++ /var/tmp/diff_new_pack.jeHcRS/_new 2026-03-23 17:17:36.920272698 +0100 @@ -4,7 +4,7 @@ <param name="filename">gosec</param> <param name="url">https://github.com/securego/gosec.git</param> <param name="scm">git</param> - <param name="revision">v2.24.7</param> + <param name="revision">v2.25.0</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.jeHcRS/_old 2026-03-23 17:17:36.940273530 +0100 +++ /var/tmp/diff_new_pack.jeHcRS/_new 2026-03-23 17:17:36.944273697 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/securego/gosec.git</param> - <param name="changesrevision">bb17e422fc34bf4c0a2e5cab9d07dc45a68c040c</param></service></servicedata> + <param name="changesrevision">223e19b8856e00f02cc67804499a83f77e208f3c</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2025-02-13 15:25:36.000000000 +0100 @@ -0,0 +1,3 @@ +.osc +/gosec +/gosec-*.*.*.tar.xz ++++++ gosec-2.24.7.obscpio -> gosec-2.25.0.obscpio ++++++ ++++ 5488 lines of diff (skipped) ++++++ gosec.obsinfo ++++++ --- /var/tmp/diff_new_pack.jeHcRS/_old 2026-03-23 17:17:37.504296987 +0100 +++ /var/tmp/diff_new_pack.jeHcRS/_new 2026-03-23 17:17:37.508297154 +0100 @@ -1,5 +1,5 @@ name: gosec -version: 2.24.7 -mtime: 1772358177 -commit: bb17e422fc34bf4c0a2e5cab9d07dc45a68c040c +version: 2.25.0 +mtime: 1773910202 +commit: 223e19b8856e00f02cc67804499a83f77e208f3c ++++++ vendor.tar.xz ++++++ ++++ 83924 lines of diff (skipped)
