Bump securego/gosec from 2.23.0 to 2.24.0 by dependabot[bot] · Pull Request #518 · wavesplatform/nodemon

dependabot · 2026-02-27T11:22:30Z

Bumps securego/gosec from 2.23.0 to 2.24.0.

Release notes

Sourced from securego/gosec's releases.

v2.24.0

Changelog

271492bcd930ef72dfb9d00e5bb9544b3b407fb5 fix: G704 false positive on const URL (#1551)

1341aeadb4c334014c4834c745344edb9dcf85b0 fix(G705): eliminate false positive for non-HTTP io.Writer (#1550)

f2262c88ffdfc9eb7be8444db19caa17cc71810f G120: avoid false positive when MaxBytesReader is applied in middleware (#1547)

5b580c76e4714fa553b2ceb8169a071e45bf6428 Fix G602 regression coverage for issue #1545 and stabilize G117 TOML test dependency (#1546)

eba2d1582b13e37d5b6c991b643827bc60e58156 taint: skip context.Context arguments during taint propagation to fix false positives (#1543)

a6381c1e2fe9a9a33ef105c76bea3191402ea4b3 test: add missing rules to formatter report tests (#1540)

fea9725934065d3dd5c96352f89f75d117ac12f6 chore(deps): update all dependencies (#1541)

f3e2fac4d58b7eca54307cd40ce2a836a12e4d95 Regenrate the TLS config rule (#1539)

200461fcf74ed836305bf95f72568c20925730c5 Improve documentation (#1538)

078a62afc3331206fec1cd9a03637983ec4f9fc8 Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537)

ffdc6205c82278cee0b62923814141923794219e Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536)

c13a48626bc160ef1caa293679044b5667d4d8ef Add G707 taint analyzer for SMTP command/header injection (#1535)

f61ed314c2467116ec3a5126150cb2b29a623406 Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534)

b568aa1445e110ed12abe5c2433b3cfbcd0a5935 Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532)

1735e5a9acd155702b8c6137d323df886c0252b5 fix(G602): avoid false positives for range-over-array indexing (#1531)

caf93d07f10ef7d07006011b17f1d9bd218b5a9d Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530)

bd11fbe2bacb0abf1e541df8b6ec6b040bbe2723 fix: taint analysis false positives with G703,G705 (#1522)

e34e8dd8e880694cfa801d79977e2d9973df3fa1 Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529)

b940702d5e385d1a68def10326b1658e780655fe Fix the G117 rule to take the JSON serialization into account (#1528)

4f846273804abaf7e040f77b26bf2866336e8af9 (docs) fix justification format (#1524)

36ba72bb7f91306f5210a821f409696c03dcbf2b Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521)

238f9823256b1c4a6d7b0ccd7fa0f2ce1123c820 Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520)

89cde277b5e2b4a5dc47eb710911c51a0cb33b63 Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519)

14fdd9cb07c02ab1506fcc336f49c84bf27a5c2d Fix G115 false positives and negatives (Issue #1501) (#1518)

cec54ec685eda3083e2ab1adf72b6b7ec6cfdb6e chore(deps): update all dependencies (#1517)

2b2077e921b56c7ce6545cccceea0556ff8d5d91 Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516)

a7666f3c70c94d07dfb03e81613fed34bccc89ae Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515)

47f8b52fb8700c7ba017ffcc0ea6a32c83e33115 Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#1513)

4f1f362671654660f7145c3c8655ffeaed037d55 Add more unit tests to improve coverage (#1512)

9344582ee4bd87b8fa5bc2e483d90fa661f8aa71 Improve test coverage in various areas (#1511)

8d1b2c63ae44e315fb0232813e535891ff0568fc Imprve the test coverage (#1510)

993c1c4da2d4426f7567591e23f53ee9f613d07c Fix incorrect detection of fixed iv in G407 (#1509)

8668b748925d8995cf7712d22bde62cbc96f2304 Add support for go 1.26.x and removed support for go 1.24.x (#1508)

514225c8cb01a6bab714db1dd557aeb0d7ab9dc9 Fix the sonar report to follow the latest schema (#1507)

000384e510a84a1e2a1118e0fbc56518d290113d fix: broken taint analysis causing false positives (#1506)

616192c9d92792998e2ff38530c080cd0fe293a8 fix: panic on float constants in overflow analyzer (#1505)

79956a3b4cdedc9a4cde5f567c57fc8b367448cf fix: panic when scanning multi-module repos from root (#1504)

5736e8b88b6ca97fc7e09ef1bf24b205ab35fd9c fix: G602 false positive for array element access (#1499)

1b7e1e94bc2077fc1adccfc1358399fad2958d5a Update gosec to version v2.23.0 in the Github action (#1496)

Commits

271492b fix: G704 false positive on const URL (#1551)
1341aea fix(G705): eliminate false positive for non-HTTP io.Writer (#1550)
f2262c8 G120: avoid false positive when MaxBytesReader is applied in middleware (#1547)
5b580c7 Fix G602 regression coverage for issue #1545 and stabilize G117 TOML test dep...
eba2d15 taint: skip context.Context arguments during taint propagation to fix false...
a6381c1 test: add missing rules to formatter report tests (#1540)
fea9725 chore(deps): update all dependencies (#1541)
f3e2fac Regenrate the TLS config rule (#1539)
200461f Improve documentation (#1538)
078a62a Expand analyzer-core test coverage for orchestration, go/analysis adapter log...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [securego/gosec](https://github.com/securego/gosec) from 2.23.0 to 2.24.0. - [Release notes](https://github.com/securego/gosec/releases) - [Commits](securego/gosec@398ad54...271492b) --- updated-dependencies: - dependency-name: securego/gosec dependency-version: 2.24.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-02T12:09:41Z

Superseded by #519.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 27, 2026

dependabot bot closed this Mar 2, 2026

dependabot bot deleted the dependabot/github_actions/securego/gosec-2.24.0 branch March 2, 2026 12:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump securego/gosec from 2.23.0 to 2.24.0#518

Bump securego/gosec from 2.23.0 to 2.24.0#518
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/securego/gosec-2.24.0

dependabot bot commented on behalf of github Feb 27, 2026

Uh oh!

dependabot bot commented on behalf of github Mar 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 27, 2026

v2.24.0

Changelog

Uh oh!

dependabot bot commented on behalf of github Mar 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants