Skip to content
This repository has been archived by the owner on Jun 26, 2024. It is now read-only.

cherry-pick(release-v1.4.x): Bump securego/gosec from 2.18.1 to 2.18.2 #1522

Merged
merged 1 commit into from
Oct 30, 2023
Merged

cherry-pick(release-v1.4.x): Bump securego/gosec from 2.18.1 to 2.18.2 #1522

merged 1 commit into from
Oct 30, 2023

Conversation

service-binding-operator-bot
Copy link
Collaborator

Bumps securego/gosec from 2.18.1 to 2.18.2.

Release notes

Sourced from securego/gosec's releases.

v2.18.2

Changelog

  • 55d7949 Disable dot-imports in revive linter
  • 4656817 chore(deps): update module github.com/onsi/gomega to v1.28.1
  • 5567ac4 Run the gosec with data race detector active during tests
  • a239758 Fix data race in the analyzer
  • c06903a Fix test that checks the overriden nosec directive
  • bde2619 Clean global state in flgs tests
  • e108c56 Format the file
  • e298388 Update README with details which describe the current behaviour of #nosec
  • d8a6d35 Ensure the ignores are parsed before analysing the package
  • 7846db0 chore(deps): update all dependencies
  • 8e0cf8c Update gosec to version 2.18.1 in the action
  • 6b12a71 Update cosign version to v2.2.0
Commits
  • 55d7949 Disable dot-imports in revive linter
  • 4656817 chore(deps): update module github.com/onsi/gomega to v1.28.1
  • 5567ac4 Run the gosec with data race detector active during tests
  • a239758 Fix data race in the analyzer
  • c06903a Fix test that checks the overriden nosec directive
  • bde2619 Clean global state in flgs tests
  • e108c56 Format the file
  • e298388 Update README with details which describe the current behaviour of #nosec
  • d8a6d35 Ensure the ignores are parsed before analysing the package
  • 7846db0 chore(deps): update all dependencies
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot @web-flow
Bump securego/gosec from 2.18.1 to 2.18.2 (redhat-developer#1520)
b3939c1 
Bumps [securego/gosec](https://github.com/securego/gosec) from 2.18.1 to 2.18.2.
- [Release notes](https://github.com/securego/gosec/releases)
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml)
- [Commits](securego/gosec@v2.18.1...v2.18.2)

---
updated-dependencies:
- dependency-name: securego/gosec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@service-binding-operator-bot service-binding-operator-bot added approved cherry-pick dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code lgtm needs-ok-to-test release/v1.4.x Used to mark PRs to be cherry-picked in release-v1.4.x branch labels Oct 30, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 30, 2023

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 30, 2023

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@codecov
Copy link

codecov bot commented Oct 30, 2023
edited
Loading

Codecov Report

Merging #1522 (b3939c1) into release-v1.4.x (755814b) will not change coverage.
Report is 1 commits behind head on release-v1.4.x.
The diff coverage is n/a.

Additional details and impacted files

Impacted file tree graph

@@               Coverage Diff               @@
##           release-v1.4.x    #1522   +/-   ##
===============================================
  Coverage           58.16%   58.16%           
===============================================
  Files                  35       35           
  Lines                3014     3014           
===============================================
  Hits                 1753     1753           
  Misses               1093     1093           
  Partials              168      168

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 755814b...b3939c1. Read the comment docs.

@openshift-ci openshift-ci bot merged commit a748a77 into redhat-developer:release-v1.4.x Oct 30, 2023
21 checks passed
@service-binding-operator-bot service-binding-operator-bot deleted the cherry-pick_release-v1.4.x_24a0a739_fe96e8fd-a22a-473e-9b5d-7b566b6c0ac4 branch October 30, 2023 17:37
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@filariow filariow Awaiting requested review from filariow

@sadlerap sadlerap Awaiting requested review from sadlerap

Assignees
No one assigned
Labels
approved cherry-pick dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code lgtm needs-ok-to-test release/v1.4.x Used to mark PRs to be cherry-picked in release-v1.4.x branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@service-binding-operator-bot