Update dependency securego/gosec to v2.18.2

[renovate]

This PR contains the following updates:

Package	Update	Change
securego/gosec	minor	v2.16.0 -> v2.18.2

---

Release Notes

securego/gosec (securego/gosec)

v2.18.2

Compare Source

Changelog

• 55d7949 Disable dot-imports in revive linter
• 4656817 chore(deps): update module github.com/onsi/gomega to v1.28.1
• 5567ac4 Run the gosec with data race detector active during tests
• a239758 Fix data race in the analyzer
• c06903a Fix test that checks the overriden nosec directive
• bde2619 Clean global state in flgs tests
• e108c56 Format the file
• e298388 Update README with details which describe the current behaviour of #nosec
• d8a6d35 Ensure the ignores are parsed before analysing the package
• 7846db0 chore(deps): update all dependencies
• 8e0cf8c Update gosec to version 2.18.1 in the action
• 6b12a71 Update cosign version to v2.2.0

v2.18.1

Compare Source

Changelog

• 0ec6cd9 Refactor how ignored issues are tracked
• f338a98 Restrict the maximum depth when tracking the slice bounds
• 7e2d8d3 Handle empty ssa results
• 074353a Handle gracefully any panic that occurs when building the SSA representation of a package
• ec31a3a Fix typo
• a11eb28 Handle new function when getting the call info in case is overriden
• 5b7867d Bump golang.org/x/net from 0.16.0 to 0.17.0 (#​1037)
• dd08f99 Update to Go 1.21.3 and 1.20.10 (#​1035)
• 616520f Update the list of unsafe functions detected by the unsafe rule (#​1033)
• 3952187 Update the action to use gosec version v2.18.0 (#​1029)
• 2b62dd1 Use a step ID in github release action to get the digest of the image (#​1028)

v2.18.0

Compare Source

Changelog

• 53fc0c3 Update to go version 1.21.2 and 1.20.9 (#​1027)
• 7f7c47f chore(deps): update all dependencies (#​1026)
• d864a91 Enable gochecknoinits; fix lint issues; use consts for some vars (#​1022)
• 09cf6ef Fix typos in struct fields, comments, and docs (#​1023)
• 665e87b chore(deps): update all dependencies
• 4def3a4 Fix lint warning
• 0d332a1 Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
• 293d887 Fix lint warnings
• ac482cb Update ginkgo to latest version
• e02e2f6 Redesign and reimplement the slice out of bounds check using SSA code representation
• e1278f9 docs: add reMarkable to users list
• f6a6496 chore(deps): update all dependencies
• aebe20c Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
• 7a98537 Update to latest go version
• b192f06 chore(deps): update all dependencies (#​1011)
• 6c93653 Fix hardcoded_credentials rule to only match on more specific patterns (#​1009)
• 325eb19 chore(deps): update all dependencies (#​1008)
• beef125 Exclude maps from slince bounce check rule (#​1006)
• 21d13c9 Ignore struct pointers in G601 (#​1003)
• 85005c4 Update gosec image version to 2.17.0 in the Github action (#​1002)
• 6a2c5e1 Update cosign to version v2.1.1 (#​1000)

v2.17.0

Compare Source

Changelog

• a89e9d5 Enable go 1.21.0 in the CI build (#​998)
• 4b458c4 chore(deps): update all dependencies (#​997)
• 7d51bfe Update to go version 1.20.7 and 1.19.12 (#​993)
• fc2f66b chore(deps): update all dependencies (#​992)
• 2cf2f96 chore(deps): update module github.com/onsi/gomega to v1.27.10 (#​991)
• bf7feda fix: correctly identify infixed concats as potential SQL injections (#​987)
• 2292ed5 chore(deps): update all dependencies (#​989)
• fc570b6 Add a new flag terse to show only the results and summary (#​986)
• 36f6933 Switch to a maintained fork of zxcvbn module (#​984)
• ed7b334 Fix dependencies after bot update (#​983)
• e76ad70 chore(deps): update all dependencies (#​982)
• 3a6fd99 Update to Go version 1.19.11 and 1.20.6 (#​981)
• ea39309 Fix and tidy the dependencies (#​977)
• ef8f560 chore(deps): update all dependencies (#​976)
• 17b7d31 Update README file with new rule (#​975)
• a018cf0 Feature: G602 Slice Bound Checking (#​973)
• 82364a7 chore(deps): update all dependencies (#​974)
• abeab10 Feature: G101 match variable values and names (#​971)
• b824c10 Update build script to go version 1.20.5
• 022584d chore(deps): update all dependencies
• bd58600 Recognize struct field in G601
• 1457921 Remove the depguard from the list of enabled linters
• 1f68996 Fix typos in comments, vars and tests
• e148465 chore(deps): update all dependencies
• 9120883 Fix no-sec alternative tag (#​962)
• 87cc45e Use image digest instead of tag when signing the released image with cosign (#​960)
• 6df05bd Update gosec image version to 2.16.0 in the Github action (#​959)

---

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.