Skip to content

chore(deps): update all-ci-updates#975

Merged
oliverbaehler merged 1 commit intomainfrom
renovate/all-ci-updates
Mar 11, 2026
Merged

chore(deps): update all-ci-updates#975
oliverbaehler merged 1 commit intomainfrom
renovate/all-ci-updates

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Feb 26, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/setup-go action minor v6.2.0v6.3.0
aquasecurity/trivy-action action minor v0.34.20.35.0
securego/gosec action minor v2.23.0v2.24.7
sigstore/cosign-installer action minor v4.0.0v4.1.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

actions/setup-go (actions/setup-go)

v6.3.0

Compare Source

What's Changed

Full Changelog: actions/setup-go@v6...v6.3.0

aquasecurity/trivy-action (aquasecurity/trivy-action)

v0.35.0

Compare Source

What's Changed

Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0

securego/gosec (securego/gosec)

v2.24.7

Compare Source

Changelog

  • bb17e42 Ignore nosec comments in action integration workflow to generate some warnings (#​1573)
  • e1502ad Add a workflow for action integration test (#​1571)
  • f8691bd fix(sarif): avoid invalid null relationships in SARIF output (#​1569)
  • ade1d0e chore: migrate gosec container image references to GHCR (#​1567)

v2.24.6

Compare Source

Changelog

  • 88835e8 Update gorelease to use the latest cosign bundle argument (#​1565)

v2.24.5

Compare Source

v2.24.4

Compare Source

v2.24.3

Compare Source

v2.24.2

Compare Source

v2.24.1

Compare Source

v2.24.0

Compare Source

Changelog

  • 271492b fix: G704 false positive on const URL (#​1551)
  • 1341aea fix(G705): eliminate false positive for non-HTTP io.Writer (#​1550)
  • f2262c8 G120: avoid false positive when MaxBytesReader is applied in middleware (#​1547)
  • 5b580c7 Fix G602 regression coverage for issue #​1545 and stabilize G117 TOML test dependency (#​1546)
  • eba2d15 taint: skip context.Context arguments during taint propagation to fix false positives (#​1543)
  • a6381c1 test: add missing rules to formatter report tests (#​1540)
  • fea9725 chore(deps): update all dependencies (#​1541)
  • f3e2fac Regenrate the TLS config rule (#​1539)
  • 200461f Improve documentation (#​1538)
  • 078a62a Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#​1537)
  • ffdc620 Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#​1536)
  • c13a486 Add G707 taint analyzer for SMTP command/header injection (#​1535)
  • f61ed31 Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#​1534)
  • b568aa1 Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#​1532)
  • 1735e5a fix(G602): avoid false positives for range-over-array indexing (#​1531)
  • caf93d0 Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#​1530)
  • bd11fbe fix: taint analysis false positives with G703,G705 (#​1522)
  • e34e8dd Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#​1529)
  • b940702 Fix the G117 rule to take the JSON serialization into account (#​1528)
  • 4f84627 (docs) fix justification format (#​1524)
  • 36ba72b Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#​1521)
  • 238f982 Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#​1520)
  • 89cde27 Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#​1519)
  • 14fdd9c Fix G115 false positives and negatives (Issue #​1501) (#​1518)
  • cec54ec chore(deps): update all dependencies (#​1517)
  • 2b2077e Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#​1516)
  • a7666f3 Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#​1515)
  • 47f8b52 Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#​1513)
  • 4f1f362 Add more unit tests to improve coverage (#​1512)
  • 9344582 Improve test coverage in various areas (#​1511)
  • 8d1b2c6 Imprve the test coverage (#​1510)
  • 993c1c4 Fix incorrect detection of fixed iv in G407 (#​1509)
  • 8668b74 Add support for go 1.26.x and removed support for go 1.24.x (#​1508)
  • 514225c Fix the sonar report to follow the latest schema (#​1507)
  • 000384e fix: broken taint analysis causing false positives (#​1506)
  • 616192c fix: panic on float constants in overflow analyzer (#​1505)
  • 79956a3 fix: panic when scanning multi-module repos from root (#​1504)
  • 5736e8b fix: G602 false positive for array element access (#​1499)
  • 1b7e1e9 Update gosec to version v2.23.0 in the Github action (#​1496)
sigstore/cosign-installer (sigstore/cosign-installer)

v4.1.0

Compare Source

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

  • Bump cosign to 3.0.5 in #​220
  • fix: add retry to curl downloads for transient network failures in #​210

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 26, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (c0f9f02) to head (378350c).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@          Coverage Diff          @@
##            main    #975   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files          1       1           
  Lines        201     201           
=====================================
  Misses       201     201

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate bot changed the title chore(deps): update actions/setup-go action to v6.3.0 chore(deps): update all-ci-updates Feb 27, 2026
@renovate renovate bot force-pushed the renovate/all-ci-updates branch 8 times, most recently from fffb4db to a1a6004 Compare March 6, 2026 07:58
@renovate renovate bot force-pushed the renovate/all-ci-updates branch from a1a6004 to 43fb17f Compare March 7, 2026 05:52
@renovate renovate bot force-pushed the renovate/all-ci-updates branch from 43fb17f to 378350c Compare March 9, 2026 17:48
@oliverbaehler oliverbaehler merged commit 977ad16 into main Mar 11, 2026
19 checks passed
@oliverbaehler oliverbaehler deleted the renovate/all-ci-updates branch March 11, 2026 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oliverbaehler oliverbaehler oliverbaehler approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@oliverbaehler