Changelog
- 15d5c61 Update cosign to v2.6.0 and go in the CI to latest version
- 7b8713e fix(autofix): unnecessary conversion
- 64ebfc0 feat(autofix): update gemini sdk and add anthropic claude
- 506407e feat(G304): add os.Root remediation hint (Autofix) when Go >= 1.24
- 3ead143 chore(deps): update all dependencies
- e81fba3 refactor(G304): remove unused trackJoin helper; no functional change
- ab078db style: gofmt rules/readfile.go
- e6218c8 test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed)
- 79f835d rules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Consider safe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed
- 40ac530 rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #1309 report\n- Rules tests: 42 passed
- 4be6b11 chore(deps): update all dependencies
- 5af1117 chore(deps): update all dependencies
- 287b46c chore(deps): update all dependencies
- cee0aea Update gosec version to v2.22.8 in the Github action