Skip to content

chore(deps): Update securego/gosec action to v2.24.7#48

Merged
acockrell merged 1 commit intomainfrom
renovate/github-actions
Mar 9, 2026
Merged

chore(deps): Update securego/gosec action to v2.24.7#48
acockrell merged 1 commit intomainfrom
renovate/github-actions

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Mar 2, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
securego/gosec action minor v2.23.0v2.24.7

Release Notes

securego/gosec (securego/gosec)

v2.24.7

Compare Source

Changelog

  • bb17e42 Ignore nosec comments in action integration workflow to generate some warnings (#​1573)
  • e1502ad Add a workflow for action integration test (#​1571)
  • f8691bd fix(sarif): avoid invalid null relationships in SARIF output (#​1569)
  • ade1d0e chore: migrate gosec container image references to GHCR (#​1567)

v2.24.6

Compare Source

Changelog

  • 88835e8 Update gorelease to use the latest cosign bundle argument (#​1565)

v2.24.5

Compare Source

v2.24.4

Compare Source

v2.24.3

Compare Source

v2.24.2

Compare Source

v2.24.1

Compare Source

v2.24.0

Compare Source

Changelog

  • 271492b fix: G704 false positive on const URL (#​1551)
  • 1341aea fix(G705): eliminate false positive for non-HTTP io.Writer (#​1550)
  • f2262c8 G120: avoid false positive when MaxBytesReader is applied in middleware (#​1547)
  • 5b580c7 Fix G602 regression coverage for issue #​1545 and stabilize G117 TOML test dependency (#​1546)
  • eba2d15 taint: skip context.Context arguments during taint propagation to fix false positives (#​1543)
  • a6381c1 test: add missing rules to formatter report tests (#​1540)
  • fea9725 chore(deps): update all dependencies (#​1541)
  • f3e2fac Regenrate the TLS config rule (#​1539)
  • 200461f Improve documentation (#​1538)
  • 078a62a Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#​1537)
  • ffdc620 Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#​1536)
  • c13a486 Add G707 taint analyzer for SMTP command/header injection (#​1535)
  • f61ed31 Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#​1534)
  • b568aa1 Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#​1532)
  • 1735e5a fix(G602): avoid false positives for range-over-array indexing (#​1531)
  • caf93d0 Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#​1530)
  • bd11fbe fix: taint analysis false positives with G703,G705 (#​1522)
  • e34e8dd Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#​1529)
  • b940702 Fix the G117 rule to take the JSON serialization into account (#​1528)
  • 4f84627 (docs) fix justification format (#​1524)
  • 36ba72b Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#​1521)
  • 238f982 Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#​1520)
  • 89cde27 Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#​1519)
  • 14fdd9c Fix G115 false positives and negatives (Issue #​1501) (#​1518)
  • cec54ec chore(deps): update all dependencies (#​1517)
  • 2b2077e Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#​1516)
  • a7666f3 Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#​1515)
  • 47f8b52 Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#​1513)
  • 4f1f362 Add more unit tests to improve coverage (#​1512)
  • 9344582 Improve test coverage in various areas (#​1511)
  • 8d1b2c6 Imprve the test coverage (#​1510)
  • 993c1c4 Fix incorrect detection of fixed iv in G407 (#​1509)
  • 8668b74 Add support for go 1.26.x and removed support for go 1.24.x (#​1508)
  • 514225c Fix the sonar report to follow the latest schema (#​1507)
  • 000384e fix: broken taint analysis causing false positives (#​1506)
  • 616192c fix: panic on float constants in overflow analyzer (#​1505)
  • 79956a3 fix: panic when scanning multi-module repos from root (#​1504)
  • 5736e8b fix: G602 false positive for array element access (#​1499)
  • 1b7e1e9 Update gosec to version v2.23.0 in the Github action (#​1496)

Configuration

📅 Schedule: Branch creation - "before 6am on Monday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Mar 2, 2026
@renovate renovate bot force-pushed the renovate/github-actions branch 4 times, most recently from 7b9423c to b5b09c9 Compare March 9, 2026 05:23
acockrell added a commit that referenced this pull request Mar 9, 2026
@acockrell
fix: remove cleartext password logging for security compliance
5613013 
Remove password from user creation output to comply with gosec
security scan requirements. This fixes the cleartext logging warnings
that were blocking the gosec v2.24.7 upgrade (PR #48).

Changes:
- Remove "Password: %s" from EMAIL template in user-create.go
- Update fmt.Printf to omit password parameter
- Add security note to output explaining password not displayed
- Update integration test to not print sensitive data
- Update documentation to reflect password is not output
- Add nosec comment for legitimate OAuth2 token caching in client.go

The password is still generated and set correctly, but is no longer
displayed to stdout for security reasons. Users must change password
on first login as enforced by ChangePasswordAtNextLogin flag.

Security improvements:
- Fixes gosec cleartext logging warning
- Adds proper OAuth2 token caching exception
- All security scans now pass (gosec 2.24.7: 0 issues)
@acockrell acockrell mentioned this pull request Mar 9, 2026
Merged
@renovate renovate bot force-pushed the renovate/github-actions branch from b5b09c9 to fa476d8 Compare March 9, 2026 05:46
@renovate renovate bot force-pushed the renovate/github-actions branch from fa476d8 to 85dd843 Compare March 9, 2026 05:46
@acockrell acockrell merged commit 5c244bf into main Mar 9, 2026
8 checks passed
@renovate renovate bot deleted the renovate/github-actions branch March 9, 2026 05:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@acockrell acockrell

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@acockrell