github securego/gosec v2.25.0
on GitHub

11 hours ago

Changelog

  • 223e19b chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617)
  • b23a9e5 fix: allow barry action to access secrets on fork PRs (#1616)
  • 355cfa5 fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615)
  • 744bfb5 Add barry security scanner as a step in the CI (#1612)
  • 4fde15d chore(deps): update all dependencies (#1611)
  • dec52c4 fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610)
  • a0de8b6 Add some skills for claude code to automate some tasks (#1609)
  • c2dfcec Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606)
  • 8aec3f4 fix: skip SSA analysis on ill-typed packages to prevent panic (#1607)
  • 1ced32d Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605)
  • befce8d fix(G118): eliminate false positive for package-level cancel variables (#1602)
  • b7b2c7b feat: add G124 rule for insecure HTTP cookie configuration (#1599)
  • 6e66a94 feat: add G709 rule for unsafe deserialization of untrusted data (#1598)
  • e7ea237 feat: add G708 rule for server-side template injection via text/template (#1597)
  • 8895462 fix(G118): eliminate false positive when cancel is called via struct field in a closure (#1596)
  • 619ce21 Fix infinite recursion in interprocedural taint analysis (#1594)
  • 0e0eb17 Fix G118 false positive when cancel is stored in returned struct field (#1593)
  • 59a9da0 Fix G118 false positive on cancel called inside goroutine closure (#1592)
  • cbf46b8 fix(analyzer): per-package rule instantiation eliminates concurrent map crash (#1589)
  • c6c3ba8 chore(deps): update all dependencies (#1588)
  • c709ed8 fix(G118): treat returned cancel func as called (fixes #1584) (#1585)
  • fa74dd7 chore(go): update supported Go versions to 1.25.8 and 1.26.1 (#1583)
  • cd1f29e Update the README with the correct version of the Github action for gosec (#1582)
  • 5887aee chore(deps): update all dependencies (#1579)
  • 6641fcf Fix G115 false positives for guarded int64-to-byte conversions (#1578)
  • 3c9c3da Update the container image migration notice (#1576)
  • 973e94e chore(action): bump gosec to 2.24.7 (#1575)
Check out latest releases or
releases around securego/gosec v2.25.0

Don't miss a new gosec release

NewReleases is sending notifications on new releases.

Get notifications