Bump securego/gosec from 2.23.0 to 2.24.7

[dependabot]

Bumps securego/gosec from 2.23.0 to 2.24.7.

Release notes

Sourced from securego/gosec's releases.

v2.24.7

Changelog

• bb17e422fc34bf4c0a2e5cab9d07dc45a68c040c Ignore nosec comments in action integration workflow to generate some warnings (#1573)
• e1502ad21653d1c6717e33f1221c3ce2d5c8581f Add a workflow for action integration test (#1571)
• f8691bd77bab5430ccb538e6f253275e82577afc fix(sarif): avoid invalid null relationships in SARIF output (#1569)
• ade1d0e0a04ec8ae98da98614d42524621d40df2 chore: migrate gosec container image references to GHCR (#1567)

v2.24.6

Changelog

• 88835e86bba381290c2f60a1c73610995b1502eb Update gorelease to use the latest cosign bundle argument (#1565)

v2.24.0

Changelog

• 271492bcd930ef72dfb9d00e5bb9544b3b407fb5 fix: G704 false positive on const URL (#1551)
• 1341aeadb4c334014c4834c745344edb9dcf85b0 fix(G705): eliminate false positive for non-HTTP io.Writer (#1550)
• f2262c88ffdfc9eb7be8444db19caa17cc71810f G120: avoid false positive when MaxBytesReader is applied in middleware (#1547)
• 5b580c76e4714fa553b2ceb8169a071e45bf6428 Fix G602 regression coverage for issue #1545 and stabilize G117 TOML test dependency (#1546)
• eba2d1582b13e37d5b6c991b643827bc60e58156 taint: skip context.Context arguments during taint propagation to fix false positives (#1543)
• a6381c1e2fe9a9a33ef105c76bea3191402ea4b3 test: add missing rules to formatter report tests (#1540)
• fea9725934065d3dd5c96352f89f75d117ac12f6 chore(deps): update all dependencies (#1541)
• f3e2fac4d58b7eca54307cd40ce2a836a12e4d95 Regenrate the TLS config rule (#1539)
• 200461fcf74ed836305bf95f72568c20925730c5 Improve documentation (#1538)
• 078a62afc3331206fec1cd9a03637983ec4f9fc8 Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#1537)
• ffdc6205c82278cee0b62923814141923794219e Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#1536)
• c13a48626bc160ef1caa293679044b5667d4d8ef Add G707 taint analyzer for SMTP command/header injection (#1535)
• f61ed314c2467116ec3a5126150cb2b29a623406 Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#1534)
• b568aa1445e110ed12abe5c2433b3cfbcd0a5935 Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#1532)
• 1735e5a9acd155702b8c6137d323df886c0252b5 fix(G602): avoid false positives for range-over-array indexing (#1531)
• caf93d07f10ef7d07006011b17f1d9bd218b5a9d Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#1530)
• bd11fbe2bacb0abf1e541df8b6ec6b040bbe2723 fix: taint analysis false positives with G703,G705 (#1522)
• e34e8dd8e880694cfa801d79977e2d9973df3fa1 Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#1529)
• b940702d5e385d1a68def10326b1658e780655fe Fix the G117 rule to take the JSON serialization into account (#1528)
• 4f846273804abaf7e040f77b26bf2866336e8af9 (docs) fix justification format (#1524)
• 36ba72bb7f91306f5210a821f409696c03dcbf2b Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#1521)
• 238f9823256b1c4a6d7b0ccd7fa0f2ce1123c820 Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#1520)
• 89cde277b5e2b4a5dc47eb710911c51a0cb33b63 Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#1519)
• 14fdd9cb07c02ab1506fcc336f49c84bf27a5c2d Fix G115 false positives and negatives (Issue #1501) (#1518)
• cec54ec685eda3083e2ab1adf72b6b7ec6cfdb6e chore(deps): update all dependencies (#1517)
• 2b2077e921b56c7ce6545cccceea0556ff8d5d91 Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#1516)
• a7666f3c70c94d07dfb03e81613fed34bccc89ae Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#1515)
• 47f8b52fb8700c7ba017ffcc0ea6a32c83e33115 Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#1513)
• 4f1f362671654660f7145c3c8655ffeaed037d55 Add more unit tests to improve coverage (#1512)
• 9344582ee4bd87b8fa5bc2e483d90fa661f8aa71 Improve test coverage in various areas (#1511)
• 8d1b2c63ae44e315fb0232813e535891ff0568fc Imprve the test coverage (#1510)
• 993c1c4da2d4426f7567591e23f53ee9f613d07c Fix incorrect detection of fixed iv in G407 (#1509)
• 8668b748925d8995cf7712d22bde62cbc96f2304 Add support for go 1.26.x and removed support for go 1.24.x (#1508)
• 514225c8cb01a6bab714db1dd557aeb0d7ab9dc9 Fix the sonar report to follow the latest schema (#1507)
• 000384e510a84a1e2a1118e0fbc56518d290113d fix: broken taint analysis causing false positives (#1506)
• 616192c9d92792998e2ff38530c080cd0fe293a8 fix: panic on float constants in overflow analyzer (#1505)
• 79956a3b4cdedc9a4cde5f567c57fc8b367448cf fix: panic when scanning multi-module repos from root (#1504)

... (truncated)

Commits

• bb17e42 Ignore nosec comments in action integration workflow to generate some warning...
• e1502ad Add a workflow for action integration test (#1571)
• f8691bd fix(sarif): avoid invalid null relationships in SARIF output (#1569)
• ade1d0e chore: migrate gosec container image references to GHCR (#1567)
• 88835e8 Update gorelease to use the latest cosign bundle argument (#1565)
• 4b8cc9a Migrate goreleaser to use the proper cosign arguments (#1564)
• 22485d5 Update the cosing to version v3.0.5 (#1563)
• 46e53da fix(release): use existing cosign-installer action version (#1562)
• a7ab382 chore(prompts): add skill and prompt to update supported Go versions (#1561)
• 84df6fa chore(prompts): add action version update skill and prompt (#1560)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)