Update module github.com/securego/gosec/v2 to v2.22.10

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/securego/gosec/v2	v2.20.1-0.20240525090044-5f0084eb01a9 -> v2.22.10

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

securego/gosec (github.com/securego/gosec/v2)

v2.22.10

Compare Source

Changelog

• 6be2b51 Update go to version 1.25.3 and 1.24.9 in CI (#​1404)
• fddb942 chore(deps): update all dependencies (#​1402)
• f676031 Update go to version 1.25.2 and 2.24.8 in CI (#​1401)
• 35f7ec2 chore(deps): update all dependencies (#​1399)
• 01029f0 check nil slices, partially check bounds (#​1396)
• 34db3de Remove unused target from the makefile
• f5a3b7a Use the ginkgo command install by the dependencies
• 761fcbc Keep the go module at 1.24 version for compatibility reasons
• 2238079 Remove manual test deps
• bb08aa3 fix: text must be supplied when markdown is used
• 23597d2 fix: improve error message of CheckAnalyzers
• 8d7e9d5 fix: log panic on SSA
• 0d8255e chore(deps): update all dependencies
• f9c52aa Update gosec to version v.22.9 in the github action

v2.22.9

Compare Source

Changelog

• 15d5c61 Update cosign to v2.6.0 and go in the CI to latest version
• 7b8713e fix(autofix): unnecessary conversion
• 64ebfc0 feat(autofix): update gemini sdk and add anthropic claude
• 506407e feat(G304): add os.Root remediation hint (Autofix) when Go >= 1.24
• 3ead143 chore(deps): update all dependencies
• e81fba3 refactor(G304): remove unused trackJoin helper; no functional change
• ab078db style: gofmt rules/readfile.go
• e6218c8 test(g304): add samples for var perm and var flag with cleaned path\n\n- Ensure G304 does not fire when only non-path args (flag/perm) are variables\n- Both samples use filepath.Clean on the path arg\n- Rules suite remains green (42 passed)
• 79f835d rules(G304): analyze only path arg; ignore flag/perm vars; track Clean and safe Join; fix nil-context panic\n\n- Limit G304 checks to first arg (path) for os.Open/OpenFile/ReadFile, avoiding false positives when flag/perm are variables\n- Track filepath.Clean so cleaned identifiers are treated as safe\n- Consider safe joins: filepath.Join(const|resolvedBase, Clean(var)|cleanedIdent)\n- Record Join(...) assigned to identifiers and allow if later cleaned\n- Fix panic by passing non-nil context in trackJoinAssignStmt\n- All rules tests: 42 passed
• 40ac530 rules(G202): detect SQL concat in ValueSpec declarations; add test sample\n\n- Handle var query string = 'SELECT ...' + user style declarations\n- Reuse existing binary expr detection on ValueSpec.Values\n- Add postgres sample mirroring issue #​1309 report\n- Rules tests: 42 passed
• 4be6b11 chore(deps): update all dependencies
• 5af1117 chore(deps): update all dependencies
• 287b46c chore(deps): update all dependencies
• cee0aea Update gosec version to v2.22.8 in the Github action

v2.22.8

Compare Source

Changelog

• c945302 Add support for go version 1.25.0
• ef7adab Update go version in CI to 1.24.6 and 1.23.12
• e201bb8 chore(deps): update all dependencies
• ba592af chore(deps): update all dependencies
• 2ef6017 Update github action to release v2.22.7

v2.22.7

Compare Source

Changelog

• 32975f4 Fix crash in hardcoded_nonce analyzer
• 6ea6b35 Update go action to use release v2.22.6

v2.22.6

Compare Source

Changelog

• bc3f214 Update go version to 1.24.5 and 1.23.11 in the CI
• 925741b chore(deps): update module google.golang.org/api to v0.242.0
• 59ae7e9 chore(deps): update all dependencies
• e7abd9e chore(deps): update all dependencies
• 35e7bc1 chore(deps): update all dependencies
• 2d1ed95 chore(deps): update all dependencies
• 4a8cb46 Do not allow dashes in file names
• bcc8afb Update gosec to version 2.22.5 in Github action

v2.22.5

Compare Source

Changelog

• d2d3ae6 Switch back go.mod to minimum 1.23.0
• 1e7ed06 Update dependencies
• 1bef91a Update go version 1.24.4 and 1.23.10 in CI
• 621702f chore(deps): update all dependencies
• 017d1d6 G201/G202: add checks for injection into sql.Conn methods
• 67f63d4 chore(deps): update module google.golang.org/api to v0.235.0
• b4eabb1 chore(deps): update module google.golang.org/api to v0.234.0
• 52a80ff chore(deps): update module google.golang.org/api to v0.233.0
• e2a9506 chore(deps): update module google.golang.org/api to v0.232.0

v2.22.4

Compare Source

Changelog

• 6decf96 Update to go version 1.24.3 and 1.23.9
• d522338 update: updated the build command to include version metadata
• 270b5ce chore(deps): update all dependencies
• 6027926 Update the AI provider API key value when provided as an argument
• 65d2d9f chore(deps): update module google.golang.org/api to v0.230.0
• dc1c38b chore(deps): update module google.golang.org/api to v0.229.0
• 55dbf5a chore(deps): update all dependencies
• 2aaa9c4 Comment the reason why the file can be nil when an issue is created
• 700e9a9 Handle nil file when creating a new issue
• d514c42 chore(deps): update all dependencies (#​1333)
• 1d458c5 Update version in 'action.yml' to 2.22.3 (anticipating next version (#​1332)

v2.22.3

Compare Source

Changelog

• 955a68d Update go version to 1.24.2 and 1.23.8 (#​1331)
• 1336dc6 remove G113. It only affects old/unsupported versions of Go (#​1328)
• 5fd2a37 chore(deps): update all dependencies (#​1325)
• 39e4477 Add SSOJet (#​1320)
• 6141d10 chore(deps): update all dependencies (#​1319)
• 9452efe Update the integrity sha for babel dependency in html report (#​1316)
• 57ec633 Add support for //gosec:disable directive (#​1314)
• e5fee17 chore(deps): update all dependencies (#​1315)

v2.22.2

Compare Source

Changelog

• 136f6c0 Update to go version 1.24.1 and 1.23.7 (#​1313)
• 047453a chore(deps): update all dependencies (#​1310)
• 76ccee5 chore(deps): update all dependencies (#​1308)
• a9eb1c9 Update gosec version in the GitHub action to v2.22.1 (#​1307)
• 89c5da3 chore(deps): update module google.golang.org/api to v0.221.0 (#​1305)

v2.22.1

Compare Source

Changelog

• 43fee88 Update cosign to v2.4.2 (#​1303)
• 7723829 Add support for go 1.24 and phased out support for go 1.22 (#​1302)
• 9552f03 chore(deps): update all dependencies (#​1300)
• f4d2576 Update to go version 1.23.6 and 1.22.12 (#​1299)
• 2258e31 chore(deps): update module google.golang.org/api to v0.219.0 (#​1296)
• fbb0833 chore(deps): update module google.golang.org/api to v0.218.0 (#​1294)
• c66cb56 Add test to conver unit parssing for G115 rule (#​1293)
• 59291a0 Update to go version 1.23.5 and 1.22.11 (#​1291)
• 7466b7c chore(deps): update all dependencies (#​1290)
• 32dcc8a Update gosec in github action to 2.22.0 (#​1286)

v2.22.0

Compare Source

Changelog

• e0cca6f Update what message for G104 (#​1282)
• 534689b chore(deps): update module github.com/onsi/ginkgo/v2 to v2.22.2 (#​1281)
• eb95db1 chore(deps): update all dependencies (#​1280)
• 6c6da40 chore(deps): update all dependencies (#​1279)
• b12f51f Simplify sortIssues implementation (#​1277)
• 54c2185 Enable testifylint and fix up lint issues (#​1276)
• 36c81ed Refactor AppendError to check for build.NoGoError (#​1273)
• 9a2d74f chore(deps): update module golang.org/x/net to v0.33.0 [security] (#​1275)
• 4c5ad91 Update README.md (#​1274)
• e21b4d4 Rule documentation updates (#​1272)
• 92de0ee Replace old golang.org links with new go.dev (#​1271)
• 4fda076 Refactor AppendError to use strings.Contains (#​1270)
• b01f49e Simplify Analyzer.ignore by reducing nesting (#​1269)
• b62cc33 Improve capitalization in AI API flags descriptions (#​1267)
• bc77d16 Remove unused golint dependency (#​1266)
• ef1a35f Simplify tests by using GinkgoT().TempDir() (#​1265)
• 09b9143 Documentation on adding new rules and analyzers (#​1262)
• 1bd92a8 chore(deps): update all dependencies (#​1268)
• ca55eca Update to go 1.22.10 and 1.23.4 versions (#​1264)
• 329cad8 chore(deps): update module golang.org/x/crypto to v0.31.0 [security] (#​1263)
• 08beb25 chore(deps): update all dependencies (#​1261)
• d566be2 chore(deps): update module github.com/onsi/gomega to v1.36.0 (#​1259)
• 8c602d0 fix: revive.redefines-builtin-id lint warnings (#​1257)
• 399e835 Fix typos in comments and fields
• 229cf63 Remove the decryption funtions/methods from G407 check
• 699cb55 Upate go to version 1.23.3 and 1.22.9
• 9b13cd5 Fix G115 false positive when going from parsed uint to larger int
• 08ea2a5 chore(deps): update all dependencies
• 4415613 chore(deps): update all dependencies
• 3274716 chore(deps): update all dependencies
• 1fb6a46 chore(deps): update all dependencies
• d2c92ed chore(deps): update all dependencies
• 4fd9872 Update go version to 1.23.2 and 1.22.8
• 1501618 chore(deps): update module google.golang.org/api to v0.201.0
• 7d33bc1 chore(deps): update all dependencies
• bd8b4b4 chore(deps): update all dependencies
• 1216c9b Fix the cosign step to authenticate with the container registry
• 50d1b4a chore(deps): update module google.golang.org/api to v0.199.0
• c0ba7c7 Update the gosec to v2.21.4 in the Github action
• a3299ce Add the version into goreleaser config

v2.21.4

Compare Source

Changelog

• d4617f5 chore(deps): update module google.golang.org/api to v0.198.0 (#​1233)
• 1d23143 Prevent panic: unexpected constant value: (#​1232)
• 6741874 Fix running single analyzer which isn't a rule bug (#​1231)
• a836898 Update gosec version to v2.21.3 in github action (#​1227)

v2.21.3

Compare Source

Changelog

• be8bd6e Populate the fixes only when autofix is not empty (#​1226)
• 3004932 chore(deps): update all dependencies (#​1223)
• 1f3bdd9 G115 Struct Attribute Checks (#​1221)
• 5f3194b Update the github action to v2.21.2 (#​1218)

v2.21.2

Compare Source

Changelog

• abfe8cf Update the SARIF schema URL (#​1217)
• 0396179 Update go version to 1.23.1 and 1.22.7 (#​1216)
• 5e53c8b chore(deps): update all dependencies (#​1215)
• 014751c Update gosec version to v2.21.1 in github action (#​1213)

v2.21.1

Compare Source

Changelog

• 0ce4453 Rollback the SARIF version to 2.1 since github doesn't support 2.2 (#​1210)
• ea26e84 Update gosec in github action to v2.21.0 (#​1208)

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux-kflux-prd-rh02[bot]
Once this PR has been reviewed and has the lgtm label, please assign rhmdnd for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.