Update securego/gosec action to v2.19.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
securego/gosec	action	minor	v2.17.0 -> v2.19.0

---

Release Notes

securego/gosec (securego/gosec)

v2.19.0

Compare Source

Changelog

• 26e57d6 Update CI to go version 1.22
• e60b8d8 chore(deps): update all dependencies
• 1285eb7 chore(deps): update all dependencies
• cf4ab3e chore(deps): update all dependencies
• 277553c chore(deps): update all dependencies
• 57ec76b chore(deps): update all dependencies
• 8fa46c1 chore(deps): update dependency babel-standalone to v7.23.7
• 53aa3f7 chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
• 187adab chore(deps): update all dependencies
• e1f27ba chore(deps): update actions/setup-go action to v5
• 2aad3f0 Fix lint warnings by properly formatting the files
• 0e2a618 chore: Refactor Sample Code to Separate Files
• bc03d1c Update go version to 1.21.5 and 1.20.12 (#​1084)
• 79a6b47 chore(deps): update all dependencies (#​1080)
• eb256a7 Ignore the issues from generated files when using the analysis framework (#​1079)
• 43b7cbf Update README with upload-sarif v2 (#​1078)
• fece498 chore(deps): update dependency babel-standalone to v7.23.4
• 24c614b Added ppc64le support
• c736581 chore(deps): update all dependencies
• 3188e3f Ensure ignores are handled properly for multi-line issues
• 6d56592 Update Go to version 1.21.4 and 1.20.11
• 870103b chore(deps): update module golang.org/x/text to v0.14.0
• b50e493 chore(deps): update all dependencies
• 2f9965b Remove the hardcoded GOOS value when building the Linux binary to enable support for container image for ARM
• fa1b74d Avoid allocations with (*regexp.Regexp).MatchString
• 64bbe90 Fix some typos
• d9071e3 Update local installation instructions by removing the details for Go 1.16
• 5d837bc Update gosec version to 2.18.2 in the action

v2.18.2

Compare Source

Changelog

• 55d7949 Disable dot-imports in revive linter
• 4656817 chore(deps): update module github.com/onsi/gomega to v1.28.1
• 5567ac4 Run the gosec with data race detector active during tests
• a239758 Fix data race in the analyzer
• c06903a Fix test that checks the overriden nosec directive
• bde2619 Clean global state in flgs tests
• e108c56 Format the file
• e298388 Update README with details which describe the current behaviour of #nosec
• d8a6d35 Ensure the ignores are parsed before analysing the package
• 7846db0 chore(deps): update all dependencies
• 8e0cf8c Update gosec to version 2.18.1 in the action
• 6b12a71 Update cosign version to v2.2.0

v2.18.1

Compare Source

Changelog

• 0ec6cd9 Refactor how ignored issues are tracked
• f338a98 Restrict the maximum depth when tracking the slice bounds
• 7e2d8d3 Handle empty ssa results
• 074353a Handle gracefully any panic that occurs when building the SSA representation of a package
• ec31a3a Fix typo
• a11eb28 Handle new function when getting the call info in case is overriden
• 5b7867d Bump golang.org/x/net from 0.16.0 to 0.17.0 (#​1037)
• dd08f99 Update to Go 1.21.3 and 1.20.10 (#​1035)
• 616520f Update the list of unsafe functions detected by the unsafe rule (#​1033)
• 3952187 Update the action to use gosec version v2.18.0 (#​1029)
• 2b62dd1 Use a step ID in github release action to get the digest of the image (#​1028)

v2.18.0

Compare Source

Changelog

• 53fc0c3 Update to go version 1.21.2 and 1.20.9 (#​1027)
• 7f7c47f chore(deps): update all dependencies (#​1026)
• d864a91 Enable gochecknoinits; fix lint issues; use consts for some vars (#​1022)
• 09cf6ef Fix typos in struct fields, comments, and docs (#​1023)
• 665e87b chore(deps): update all dependencies
• 4def3a4 Fix lint warning
• 0d332a1 Add a new rule which detects when a file is created with os.Create but the configured permissions are less than 0666
• 293d887 Fix lint warnings
• ac482cb Update ginkgo to latest version
• e02e2f6 Redesign and reimplement the slice out of bounds check using SSA code representation
• e1278f9 docs: add reMarkable to users list
• f6a6496 chore(deps): update all dependencies
• aebe20c Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
• 7a98537 Update to latest go version
• b192f06 chore(deps): update all dependencies (#​1011)
• 6c93653 Fix hardcoded_credentials rule to only match on more specific patterns (#​1009)
• 325eb19 chore(deps): update all dependencies (#​1008)
• beef125 Exclude maps from slince bounce check rule (#​1006)
• 21d13c9 Ignore struct pointers in G601 (#​1003)
• 85005c4 Update gosec image version to 2.17.0 in the Github action (#​1002)
• 6a2c5e1 Update cosign to version v2.1.1 (#​1000)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (d4397cb) 77.26% compared to head (6edb667) 78.40%.
Report is 2 commits behind head on master.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master      #84      +/-   ##
==========================================
+ Coverage   77.26%   78.40%   +1.13%     
==========================================
  Files          25       25              
  Lines        3000     3000              
==========================================
+ Hits         2318     2352      +34     
+ Misses        519      493      -26     
+ Partials      163      155       -8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.