Skip to content

chore(ci): bump securego/gosec from 2.25.0 to 2.26.1#99

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/securego/gosec-2.26.1
Closed

chore(ci): bump securego/gosec from 2.25.0 to 2.26.1#99
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/securego/gosec-2.26.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps securego/gosec from 2.25.0 to 2.26.1.

Release notes

Sourced from securego/gosec's releases.

v2.26.1

Changelog

  • 4a3bd8af174872c778439083ded7adbf3747e770 Update cosign to v3.0.6 (#1659)
Commits
  • 4a3bd8a Update cosign to v3.0.6 (#1659)
  • 553d8a5 Sync taint rule docs and add missing CWE mappings for G113/G307 (#1658)
  • bf0ccd3 Update all dependencies (#1657)
  • 4ead098 Add G710 rule for open redirect via taint analysis (#1654)
  • 8ff985f Fix formatting
  • a1aad0c Update the default models use by autofix and phase out the older models
  • 74bdf7f Format and clean-up the README
  • 74dc989 Add HTTP file-serving function to the skins of pathtraversal analyzer (#1647)
  • 7020111 Skip flaging the TLS min version for go 1.18+ (#1646)
  • d5869fc chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0 (#1645)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added ci CI/CD related dependencies Pull requests that update a dependency file labels May 4, 2026
@github-actions

github-actions Bot commented May 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/securego/gosec 4a3bd8af174872c778439083ded7adbf3747e770 🟢 5.9
Details
CheckScoreReason
Code-Review⚠️ 2Found 6/21 approved changesets -- score normalized to 2
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 8detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
Security-Policy⚠️ 0security policy file not detected
CII-Best-Practices🟢 5badge detected: Passing
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging🟢 10packaging workflow detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • .github/workflows/ci.yml

@dependabot dependabot Bot force-pushed the dependabot/github_actions/securego/gosec-2.26.1 branch from 23ca7c0 to fdce753 Compare May 4, 2026 07:03
@github-actions github-actions Bot enabled auto-merge (squash) May 4, 2026 07:03
@dependabot dependabot Bot force-pushed the dependabot/github_actions/securego/gosec-2.26.1 branch from fdce753 to f8db5f7 Compare May 11, 2026 07:44
@kilo-code-bot

kilo-code-bot Bot commented May 11, 2026
edited
Loading

Copy link
Copy Markdown

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (1 file)
  • .github/workflows/ci.yml - Bumped securego/gosec from v2.25.0 to v2.26.1 (line 118)

Reviewed by nemotron-3-super-120b-a12b-20230311:free · 281,874 tokens

@dependabot
chore(ci): bump securego/gosec from 2.25.0 to 2.26.1
9c182b3 
Bumps [securego/gosec](https://github.com/securego/gosec) from 2.25.0 to 2.26.1.
- [Release notes](https://github.com/securego/gosec/releases)
- [Commits](securego/gosec@223e19b...4a3bd8a)

---
updated-dependencies:
- dependency-name: securego/gosec
  dependency-version: 2.26.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/securego/gosec-2.26.1 branch from f8db5f7 to 9c182b3 Compare May 25, 2026 09:02
@sonarqubecloud

sonarqubecloud Bot commented May 25, 2026

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@dependabot @github

dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #109.

@dependabot dependabot Bot closed this Jun 1, 2026
auto-merge was automatically disabled June 1, 2026 21:09

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/github_actions/securego/gosec-2.26.1 branch June 1, 2026 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ci CI/CD related dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants