Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gosec for openSUSE:Factory checked in at 2026-04-29 19:20:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gosec (Old) and /work/SRC/openSUSE:Factory/.gosec.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gosec" Wed Apr 29 19:20:49 2026 rev:34 rq:1350033 version:2.26.1 Changes: -------- --- /work/SRC/openSUSE:Factory/gosec/gosec.changes 2026-03-23 17:17:36.012234933 +0100 +++ /work/SRC/openSUSE:Factory/.gosec.new.30200/gosec.changes 2026-04-29 19:22:39.820923915 +0200 @@ -1,0 +2,31 @@ +Tue Apr 28 07:44:54 UTC 2026 - Felix Niederwanger <[email protected]> + +- Update to version 2.26.1: + * Update cosign to v3.0.6 (#1659) + * Sync taint rule docs and add missing CWE mappings for G113/G307 (#1658) + * Update all dependencies (#1657) + * Add G710 rule for open redirect via taint analysis (#1654) + * Fix formatting + * Update the default models use by autofix and phase out the older models + * Format and clean-up the README + * Add HTTP file-serving function to the skins of pathtraversal analyzer (#1647) + * Skip flaging the TLS min version for go 1.18+ (#1646) + * chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0 (#1645) + * Added filepath.Abs as a sanitizer (#1643) + * Allow rune to byte conversion (#1642) + * Allow platform specific conversions (#1641) + * chore(deps): update all dependencies (#1639) + * chore(deps): update all dependencies (#1634) + * chore(go): update supported Go versions to 1.25.9 and 1.26.2 (#1633) + * Fix: Bump go-version: 1.25.8 to 1.25.9 in ci (#1632) + * fix(taint): gate *http.Request auto-taint on entry-point detection (#1630) + * chore(deps): update all dependencies (#1631) + * Added a visited cycle-detection guard in the *ssa.Phi case (#1626) + * chore(deps): update all dependencies (#1625) + * fix(G706): scope slog sinks to msg arg only to prevent false positives on structured attributes (#1623) + * Gate the AI security review by the security-review environment (#1621) + * Fix anthropic autofix after dependencies update (#1620) + * chore(deps): update all dependencies (#1619) + * chore(action): bump gosec to 2.25.0 (#1618) + +------------------------------------------------------------------- Old: ---- gosec-2.25.0.obscpio New: ---- gosec-2.26.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gosec.spec ++++++ --- /var/tmp/diff_new_pack.Ly0e1i/_old 2026-04-29 19:22:40.684959280 +0200 +++ /var/tmp/diff_new_pack.Ly0e1i/_new 2026-04-29 19:22:40.684959280 +0200 @@ -17,7 +17,7 @@ Name: gosec -Version: 2.25.0 +Version: 2.26.1 Release: 0 Summary: CLI tool to scan the Go AST and SSA code representations for security problems License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Ly0e1i/_old 2026-04-29 19:22:40.756962227 +0200 +++ /var/tmp/diff_new_pack.Ly0e1i/_new 2026-04-29 19:22:40.764962554 +0200 @@ -4,7 +4,7 @@ <param name="filename">gosec</param> <param name="url">https://github.com/securego/gosec.git</param> <param name="scm">git</param> - <param name="revision">v2.25.0</param> + <param name="revision">v2.26.1</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Ly0e1i/_old 2026-04-29 19:22:40.792963701 +0200 +++ /var/tmp/diff_new_pack.Ly0e1i/_new 2026-04-29 19:22:40.796963864 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/securego/gosec.git</param> - <param name="changesrevision">223e19b8856e00f02cc67804499a83f77e208f3c</param></service></servicedata> + <param name="changesrevision">4a3bd8af174872c778439083ded7adbf3747e770</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2025-02-13 15:25:36.000000000 +0100 @@ -0,0 +1,3 @@ +.osc +/gosec +/gosec-*.*.*.tar.xz ++++++ gosec-2.25.0.obscpio -> gosec-2.26.1.obscpio ++++++ ++++ 3138 lines of diff (skipped) ++++++ gosec.obsinfo ++++++ --- /var/tmp/diff_new_pack.Ly0e1i/_old 2026-04-29 19:22:41.540994318 +0200 +++ /var/tmp/diff_new_pack.Ly0e1i/_new 2026-04-29 19:22:41.568995464 +0200 @@ -1,5 +1,5 @@ name: gosec -version: 2.25.0 -mtime: 1773910202 -commit: 223e19b8856e00f02cc67804499a83f77e208f3c +version: 2.26.1 +mtime: 1777358661 +commit: 4a3bd8af174872c778439083ded7adbf3747e770 ++++++ vendor.tar.xz ++++++ ++++ 69154 lines of diff (skipped)
