v2.13.0

Changelog

• 79a5b13 chore(deps): update dependency babel-standalone to v7
• 97f03d9 chore: update module go to 1.19
• 0ba05e1 chore: fix lint warnings
• d3933f9 chore: add support for Go 1.19
• 4e68fb5 fix: parsing of the Go version (#844)
• 0c8e63e Detect use of net/http functions that have no support for setting timeouts (#842)
• 6a26c23 Refactor SQL rules for better extensibility (#841)
• 1b0873a chore(deps): update module golang.org/x/tools to v0.1.12 (#840)
• 845483e Fix lint warning
• 45bf9a6 Check the suppressed issues when generating the exit code
• a5982fb Fix for G402. Check package path instead of package name (#838)
• ea6d49d fix G204 bugs (#835)
• 21fcd2f Phase out support for Go 1.16 since is not supported anymore by Go team (#837)
• 3cda47a chore(deps): update all dependencies (#836)
• 0212c83 chore(deps): update dependency highlight.js to v11.6.0 (#830)
• 9a25f4e fix: filepaths with git anywhere in them being erroneously excluded (#828)
• 602ced7 Fix wrong location for G109 (#829)
• 7dd9ddd chore(deps): update golang.org/x/crypto digest to 0559593 (#826)
• b0f3e78 fix ReadTimeout for G112 rule
• 05f3ca8 Pin cosign-installer to v2 (#824)

v2.12.0

Changelog

• a9b0ef0 chore(deps): update all dependencies (#822)
• 9c19cb6 Add check for usage of Rat.SetString in math/big with an overflow error (#819)
• fb587c1 Remove additional --update for apk in Dockerfile (#818)
• c3ede62 Update x/tools to pick up fix for golang/go#51629 (#817)
• 0a929c7 chore(deps): update all dependencies (#816)
• 12be148 chore(deps): update all dependencies (#812)
• 0dcc336 chore(deps): update all dependencies (#811)
• 34d144b Add new rule for Slowloris Attack
• a64cde5 Fix the dependencies after renovate upate (#806)
• b69c3d4 chore(deps): update all dependencies (#805)
• 89dfdc0 Update the description message of template rule (#803)
• 0791d31 Fix typo in ReadMe (#802)
• 2ef1d9a Fix build after renovate update (#800)
• afc9903 Fix use rule IDs to retrieve the rule config
• 82eaa12 chore(deps): update all dependencies (#796)

v2.11.0

Changelog

• 607d607 Enable Go 1.18 in the ci and release workflows
• b99b5f7 Fix the lint action after upgrade (#790)
• 8af0af7 chore(deps): update all dependencies (#789)
• ea5d31f Add a recursive flag -r to skip specifying ./... path
• 48bbf96 Adds directory traversal for Http.Dir("/")

v2.10.0

Changelog

• 26f10e0 Extend the release action to sign the docker image and binary files with cosign (#781)
• 7d539ed feat: add concurrency option to parallelize package loading (#778)
• 43577ce chore(deps): update all dependencies
• c0680bb Process the code snippet before adding it to the SARIF report
• db8d98b Updated sponsor link in README.md
• 507f847 chore(deps): update golang.org/x/crypto commit hash to 30dcbda
• 853e1d5 chore(deps): update all dependencies
• 09a2941 Use the CWE name as a name in the SARIF report
• 9399e7b chore(deps): update all dependencies (#771)
• 2fad8a4 Resolve the TLS min version when is declarted in the same package but in a different file
• 1fbcf10 Add a test for tls min version defined in a different file
• b12c0f6 chore(deps): update all dependencies (#765)

v2.9.6

Changelog

• 1d909e2 Add db.Exec and db.Prepare to the sql rule (#763)
• 742aa84 chore(deps): update golang.org/x/crypto commit hash to 5e0467b (#764)
• 7be6d4e Add os.Create to the readfile rule (#761)
• 75cc7dc Fix false negative for SQL injection when using DB.QueryRow.Scan() (#759)
• 58058af chore(deps): update dependency highlight.js to v11.4.0 (#758)
• 9d66b0d Fix false negatives for SQL injection in multi-line queries
• 4c1afaa Find G303 with filepath.Join'd temp dirs (#754)
• 19bda8d Find more tempdirs
• 827fca9 build(fmt): use [ instead of [[ (#751)
• ad5d74d Update to ginkgo v2 (#753)
• 72f1145 Fix #743 (#748)
• 63a8e78 Handle nil when looking up a file by position into a package (#747)
• 3038a30 Add in the config file settings for exclude and include options
• bf0dd2f chore(deps): update golang.org/x/crypto commit hash to e495a2d (#745)
• 2d1c1a6 Track both #nosec and #nosec rulelist for one violation (#741)
• e0f354a Add the sponsors section in the README file (#740)
• d23ab2d Remove space between // and #nosec in examples and internal use

v2.9.5

Changelog

• 35af340 Fix #736 (#738)
• 6c0b344 chore(deps): update golang.org/x/crypto commit hash to 4570a08 (#737)

v2.9.4

Changelog

• b45f95f Add support for suppressing the findings
• 040327f chore(deps): update all dependencies (#734)

v2.9.3

Changelog

6a41fb9 Fix #714 (#733)
c95e9c2 chore(deps): update all dependencies (#731)

v2.9.2

Changelog

e57efa8 Fix a panic in suproc rule when the declaration of the variable is not available in the AST (#728)
ff17c30 Use go embed for templates (#725)
3eba7b8 add openssh to docker image (#719)
55c6cea Fix crash when parsing the TLS min version value (#724)
40fa36d G303: catch with os.WriteFile, add os.Create test case (#718)
873ac24 chore(deps): update all dependencies (#722)
f1f0056 Spelling fixes (#717)
0680c75 chore(deps): update all dependencies (#716)
79c8b79 use a better naming for the variable (#715)

v2.9.1

Changelog

6921395 Fix the SBOM generation step in the release action (#712)
5a3a27a Phase out support for go version 1.15 because current ginko is not backward compatible (#710)