chore(actions): update anthropics/claude-code-action action (v1.0.71 → v1.0.72) (#137 )

chore(actions): update ivuorinen/actions action (v2026.03.09 → v2026.03.11) (#138 )
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-19 02:02:13 +00:00 · 2026-03-16 14:06:03 +02:00 · 2026-03-16 13:03:12 +02:00 · 2026-03-15 19:01:22 +02:00 · 2026-03-15 17:59:43 +02:00
11 changed files with 22 additions and 23 deletions
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -53,7 +53,7 @@ jobs:

      - name: Run Claude Code
        id: claude
-        uses: anthropics/claude-code-action@5d0cc745cd0cce4c0e9e0b3511de26c3bc285eb5 # v1.0.71
+        uses: anthropics/claude-code-action@cd77b50d2b0808657f8e6774085c8bf54484351c # v1.0.72
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -43,5 +43,5 @@ jobs:
      - name: golangci-lint
        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
        with:
-          version: v2.10.1
+          version: v2.11.3
          install-mode: goinstall
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -52,7 +52,7 @@ jobs:
      - name: golangci-lint
        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
        with:
-          version: v2.10.1
+          version: v2.11.3
          install-mode: goinstall

      - name: Run integration tests and collect coverage
@@ -69,4 +69,4 @@ jobs:
      - name: Run PR Lint
        # Custom PR linting action that performs additional PR-specific checks
        # https://github.com/ivuorinen/actions
-        uses: ivuorinen/actions/pr-lint@4360ea39c744dbd52bf1d624bf058ba4dd81245a # v2026.03.09
+        uses: ivuorinen/actions/pr-lint@7f6a23b59316795c4b3cb3b3b28dd53e53655a33 # v2026.03.11
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -23,4 +23,4 @@ jobs:
      issues: write
      pull-requests: write
    steps:
-      - uses: ivuorinen/actions/stale@4360ea39c744dbd52bf1d624bf058ba4dd81245a # v2026.03.09
+      - uses: ivuorinen/actions/stale@7f6a23b59316795c4b3cb3b3b28dd53e53655a33 # v2026.03.11
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -23,4 +23,4 @@ jobs:
      contents: read
      issues: write
    steps:
-      - uses: ivuorinen/actions/sync-labels@4360ea39c744dbd52bf1d624bf058ba4dd81245a # v2026.03.09
+      - uses: ivuorinen/actions/sync-labels@7f6a23b59316795c4b3cb3b3b28dd53e53655a33 # v2026.03.11
--- a/cmd/helpers.go
+++ b/cmd/helpers.go
@@ -28,6 +28,7 @@ func createTimeoutContext(base context.Context, config *Config) (context.Context
 	if config != nil && config.CommandTimeout > 0 {
 		timeout = config.CommandTimeout
 	}
+	// #nosec G118 -- cancel is returned to callers who are responsible for calling it
 	return context.WithTimeout(base, timeout)
 }

--- a/fail2ban/fail2ban_log_performance_benchmark_test.go
+++ b/fail2ban/fail2ban_log_performance_benchmark_test.go
@@ -58,6 +58,7 @@ func setupBenchmarkLogEnvironment(b *testing.B, source string) func() {

 	tempDir := b.TempDir()
 	dest := filepath.Join(tempDir, "fail2ban.log")
+	// #nosec G703 -- dest is constructed from b.TempDir() and a literal string, not user input
 	if err := os.WriteFile(dest, data, 0o600); err != nil {
 		b.Fatalf("failed to create benchmark log file: %v", err)
 	}
--- a/fail2ban/fail2ban_logs_integration_test.go
+++ b/fail2ban/fail2ban_logs_integration_test.go
@@ -418,6 +418,7 @@ func BenchmarkLogParsing(b *testing.B) {
 	if err != nil {
 		b.Fatalf("Failed to read test file: %v", err)
 	}
+	// #nosec G703 -- mainLog is constructed from b.TempDir() and a literal string, not user input
 	if err := os.WriteFile(mainLog, data, 0600); err != nil {
 		b.Fatalf("Failed to create test log: %v", err)
 	}
--- a/fail2ban/security_utils.go
+++ b/fail2ban/security_utils.go
@@ -57,14 +57,6 @@ func ContainsPathTraversal(input string) bool {
 // The returned patterns include both production patterns (real attack signatures)
 // and test sentinels (used exclusively in test fixtures for validation).
 func GetDangerousCommandPatterns() []string {
-	// Production patterns: Real command injection and SQL injection signatures
-	productionPatterns := []string{
-		"rm -rf",                     // Destructive file operations
-		"drop table",                 // SQL injection attempts
-		"'; cat",                     // Command injection with file reads
-		"/etc/passwd", "/etc/shadow", // Specific sensitive file access
-	}
-
 	// Test sentinels: Markers used exclusively in test fixtures
 	// These help verify pattern detection logic in tests
 	testSentinels := []string{
@@ -84,6 +76,16 @@ func GetDangerousCommandPatterns() []string {
 		"DANGEROUS_EVAL_FUNCTION",
 	}

-	// Combine both lists for backward compatibility
-	return append(productionPatterns, testSentinels...)
+	// Production patterns: Real command injection and SQL injection signatures
+	productionPatterns := []string{
+		"rm -rf",                     // Destructive file operations
+		"drop table",                 // SQL injection attempts
+		"'; cat",                     // Command injection with file reads
+		"/etc/passwd", "/etc/shadow", // Specific sensitive file access
+	}
+
+	// Combine both lists for backward compatibility; preallocate to avoid reallocation
+	combined := make([]string, 0, len(productionPatterns)+len(testSentinels))
+	combined = append(combined, productionPatterns...)
+	return append(combined, testSentinels...)
 }
--- a/fail2ban/test_helpers.go
+++ b/fail2ban/test_helpers.go
@@ -45,6 +45,7 @@ func setupTestLogEnvironment(t *testing.T, testDataFile string) (cleanup func())
 	if err != nil {
 		t.Fatalf("Failed to read test file: %v", err)
 	}
+	// #nosec G703 -- path is constructed from t.TempDir() and a literal string, not user input
 	if err := os.WriteFile(mainLog, data, shared.DefaultFilePermissions); err != nil {
 		t.Fatalf("Failed to create test log: %v", err)
 	}
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,4 @@
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -11,8 +10,6 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=
 github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=
 github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
@@ -20,16 +17,12 @@ github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiT
 github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
Author	SHA1	Message	Date
renovate[bot]	dd6029be9f	chore(actions): update anthropics/claude-code-action action (v1.0.71 → v1.0.72) (#137 )	2026-03-16 14:06:03 +02:00
renovate[bot]	eee5f81643	chore(actions): update ivuorinen/actions action (v2026.03.09 → v2026.03.11) (#138 ) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2026-03-16 13:03:12 +02:00
renovate[bot]	b312c9a296	chore(actions): update dependency golangci/golangci-lint (v2.10.1 → v2.11.3) (#135 )	2026-03-15 19:01:22 +02:00
Copilot	c5b81d04b6	fix(security): suppress gosec false positives G703 and G118 (#136 )	2026-03-15 17:59:43 +02:00