build(deps): bump github.com/securego/gosec/v2 from 2.22.11-0.20251204091113-daccba6b93d7 to 2.22.11

.golangci.next.reference.yml

@@ -1493,89 +1493,91 @@ linters:
       # Available rules: https://github.com/securego/gosec#available-rules
       # Default: [] - means include all rules
       includes:
-        - G101 # Look for hard coded credentials
+        - G101 # Look for hardcoded credentials
         - G102 # Bind to all interfaces
         - G103 # Audit the use of unsafe block
         - G104 # Audit errors not checked
-        - G106 # Audit the use of ssh.InsecureIgnoreHostKey
+        - G106 # Audit the use of ssh.InsecureIgnoreHostKey function
         - G107 # Url provided to HTTP request as taint input
-        - G108 # Profiling endpoint automatically exposed on /debug/pprof
-        - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
-        - G110 # Potential DoS vulnerability via decompression bomb
-        - G111 # Potential directory traversal
-        - G112 # Potential slowloris attack
+        - G108 # Profiling endpoint is automatically exposed
+        - G109 # Converting strconv.Atoi result to int32/int16
+        - G110 # Detect io.Copy instead of io.CopyN when decompression
+        - G111 # Detect http.Dir('/') as a potential risk
+        - G112 # Detect ReadHeaderTimeout not configured as a potential risk
         - G114 # Use of net/http serve function that has no support for setting timeouts
-        - G115 # Potential integer overflow when converting between integer types
+        - G115 # Type conversion which leads to integer overflow
+        - G116 # Detect Trojan Source attacks using bidirectional Unicode characters
         - G201 # SQL query construction using format string
         - G202 # SQL query construction using string concatenation
         - G203 # Use of unescaped data in HTML templates
         - G204 # Audit use of command execution
         - G301 # Poor file permissions used when creating a directory
-        - G302 # Poor file permissions used with chmod
+        - G302 # Poor file permissions used when creation file or using chmod
         - G303 # Creating tempfile using a predictable path
         - G304 # File path provided as taint input
-        - G305 # File traversal when extracting zip/tar archive
-        - G306 # Poor file permissions used when writing to a new file
+        - G305 # File path traversal when extracting zip archive
+        - G306 # Poor file permissions used when writing to a file
         - G307 # Poor file permissions used when creating a file with os.Create
         - G401 # Detect the usage of MD5 or SHA1
         - G402 # Look for bad TLS connection settings
         - G403 # Ensure minimum RSA key length of 2048 bits
         - G404 # Insecure random number source (rand)
         - G405 # Detect the usage of DES or RC4
-        - G406 # Detect the usage of MD4 or RIPEMD160
+        - G406 # Detect the usage of deprecated MD4 or RIPEMD160
         - G501 # Import blocklist: crypto/md5
         - G502 # Import blocklist: crypto/des
         - G503 # Import blocklist: crypto/rc4
         - G504 # Import blocklist: net/http/cgi
         - G505 # Import blocklist: crypto/sha1
         - G506 # Import blocklist: golang.org/x/crypto/md4
         - G507 # Import blocklist: golang.org/x/crypto/ripemd160
-        - G601 # Implicit memory aliasing of items from a range statement
-        - G602 # Slice access out of bounds
+        - G601 # Implicit memory aliasing in RangeStmt
+        - G602 # Possible slice bounds out of range
 
       # To specify a set of rules to explicitly exclude.
       # Available rules: https://github.com/securego/gosec#available-rules
       # Default: []
       excludes:
-        - G101 # Look for hard coded credentials
+        - G101 # Look for hardcoded credentials
         - G102 # Bind to all interfaces
         - G103 # Audit the use of unsafe block
         - G104 # Audit errors not checked
-        - G106 # Audit the use of ssh.InsecureIgnoreHostKey
+        - G106 # Audit the use of ssh.InsecureIgnoreHostKey function
         - G107 # Url provided to HTTP request as taint input
-        - G108 # Profiling endpoint automatically exposed on /debug/pprof
-        - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
-        - G110 # Potential DoS vulnerability via decompression bomb
-        - G111 # Potential directory traversal
-        - G112 # Potential slowloris attack
+        - G108 # Profiling endpoint is automatically exposed
+        - G109 # Converting strconv.Atoi result to int32/int16
+        - G110 # Detect io.Copy instead of io.CopyN when decompression
+        - G111 # Detect http.Dir('/') as a potential risk
+        - G112 # Detect ReadHeaderTimeout not configured as a potential risk
         - G114 # Use of net/http serve function that has no support for setting timeouts
-        - G115 # Potential integer overflow when converting between integer types
+        - G115 # Type conversion which leads to integer overflow
+        - G116 # Detect Trojan Source attacks using bidirectional Unicode characters
         - G201 # SQL query construction using format string
         - G202 # SQL query construction using string concatenation
         - G203 # Use of unescaped data in HTML templates
         - G204 # Audit use of command execution
         - G301 # Poor file permissions used when creating a directory
-        - G302 # Poor file permissions used with chmod
+        - G302 # Poor file permissions used when creation file or using chmod
         - G303 # Creating tempfile using a predictable path
         - G304 # File path provided as taint input
-        - G305 # File traversal when extracting zip/tar archive
-        - G306 # Poor file permissions used when writing to a new file
+        - G305 # File path traversal when extracting zip archive
+        - G306 # Poor file permissions used when writing to a file
         - G307 # Poor file permissions used when creating a file with os.Create
         - G401 # Detect the usage of MD5 or SHA1
         - G402 # Look for bad TLS connection settings
         - G403 # Ensure minimum RSA key length of 2048 bits
         - G404 # Insecure random number source (rand)
         - G405 # Detect the usage of DES or RC4
-        - G406 # Detect the usage of MD4 or RIPEMD160
+        - G406 # Detect the usage of deprecated MD4 or RIPEMD160
         - G501 # Import blocklist: crypto/md5
         - G502 # Import blocklist: crypto/des
         - G503 # Import blocklist: crypto/rc4
         - G504 # Import blocklist: net/http/cgi
         - G505 # Import blocklist: crypto/sha1
         - G506 # Import blocklist: golang.org/x/crypto/md4
         - G507 # Import blocklist: golang.org/x/crypto/ripemd160
-        - G601 # Implicit memory aliasing of items from a range statement
-        - G602 # Slice access out of bounds
+        - G601 # Implicit memory aliasing in RangeStmt
+        - G602 # Possible slice bounds out of range
 
       # Filter out the issues with a lower severity than the given value.
       # Valid options are: low, medium, high.

go.mod

@@ -104,7 +104,7 @@ require (
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
 	github.com/sashamelentyev/interfacebloat v1.1.0
 	github.com/sashamelentyev/usestdlibvars v1.29.0
-	github.com/securego/gosec/v2 v2.22.11-0.20251204091113-daccba6b93d7
+	github.com/securego/gosec/v2 v2.22.11
 	github.com/shirou/gopsutil/v4 v4.25.11
 	github.com/sirupsen/logrus v1.9.3
 	github.com/sivchari/containedctx v1.0.3

jsonschema/golangci.next.jsonschema.json

@@ -505,6 +505,7 @@
         "G112",
         "G114",
         "G115",
+        "G116",
         "G201",
         "G202",
         "G203",