chore(deps): update module github.com/securego/gosec/v2 to v2.23.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/securego/gosec/v2	v2.22.11 → v2.23.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

securego/gosec (github.com/securego/gosec/v2)

v2.23.0

Compare Source

Changelog

• 398ad54 feat: Support for adding taint analysis engine (#​1486)
• 6eacd5c chore(deps): update all dependencies (#​1494)
• 181a7cb chore(deps): update all dependencies (#​1494)
• e2fa6ab chore(deps): update all dependencies (#​1488)
• eb252ba Fix G602 analyzer panic that kills gosec process (#​1491)
• 20d71a0 update go version to 1.25.7 (#​1492)
• a631af8 Fix URL regexp and remove redundant Google regex patterns (#​1485)
• 8968502 feat: implement global cache usage in rules (#​1480)
• 04f729c chore(deps): update module google.golang.org/genai to v1.43.0 (#​1484)
• ade0e8f refactor: optimize nosec parsing and reduce allocations (#​1478)
• d24bbf7 Fix SARIF artifactChanges null validation error (#​1483)
• 15cba7f feat: optimize GetCallInfo with per-package sync.Pool caching (#​1481)
• 5288673 feat: implement entropy pre-filtering to optimize secret detection (#​1479)
• d9a9bcd feat: ensure GoVersion is cached using sync.Once (#​1477)
• 516260a Fix #​1240: nosec comments now work with trailing open brackets (#​1475)
• be0fd6d Debug Build Profiling Support: Code improvement suggestions for PR#1471 (#​1476)
• b579523 Update the go version to 1.25.6 and 1.24.12 (#​1474)
• bd3c738 G115: Enhance RangeAnalyzer with constant propagation and chained arithmetic support (#​1470)
• 6897b36 chore(deps): update all dependencies (#​1473)
• 9f20212 feat: support path-based rule exclusions via exclude-rules (#​1465)
• 726d847 Optimize analyzer with parallel package processing (#​1466)
• 3150b28 feat: add goanalysis package for nogo (#​1449)
• 7284e15 Refactor Analyzers: Unify Range Logic & Optimize Allocations (#​1464)
• 7a4ccef Optimize G115, G602, G407 analyzers to reduce allocations and memory (#​1463)
• 833d791 refactor(g115): improve coverage (#​1462)
• 0cc9e01 Refine G407 to improve detection and coverage of hardcoded nonces (#​1460)
• 303f84d chore(deps): update all dependencies (#​1461)
• 7387d22 Refactor rules to use callListRule base structure (#​1458)
• 52f5dbf feat(slice): enhance slice bounds analysis with dynamic bounds handling (#​1457)
• 649e2c8 remove deprecated ast.Object (#​1455)
• 35a92b4 feat(sql): enhance SQL injection detection with improved string concatenation checks (#​1454)
• bc9d2bc feat(rules): enhance subprocess variable checks (#​1453)
• 8a5404e feat(resolve): enhance TryResolve to handle KeyValueExpr, IndexExpr, and SliceExpr (#​1452)
• 0f6f21c feat: add secrets serialization G117 (#​1451)
• 717706e feat(rules): add support for detecting high entropy strings in composite literals (#​1447)
• 082deb6 whitelist crypto/rand Read from error checks (#​1446)
• 095d529 chore(deps): update all dependencies (#​1443)
• c073629 Improve slice bound check (#​1442)
• 538a05c docs: add documentation for using gosec with private modules (#​1441)
• 2580437 chore(deps): update all dependencies (#​1440)
• 872b331 docs: add G116 rule description to README (#​1439)
• dcf93a8 Update GitHub action to gosec 2.22.11 (#​1438)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

❌ Patch coverage is 60.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.7%. Comparing base (c79ebf4) to head (cb418a0).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
trace/tracestate.go	0.0%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##            main   #7899     +/-   ##
=======================================
- Coverage   81.7%   81.7%   -0.1%     
=======================================
  Files        304     304             
  Lines      23331   23333      +2     
=======================================
- Hits       19078   19076      -2     
- Misses      3866    3868      +2     
- Partials     387     389      +2     

Files with missing lines	Coverage Δ
bridge/opentracing/mock.go	76.3% <ø> (ø)
exporters/otlp/otlplog/otlploghttp/client.go	83.3% <ø> (+0.6%)	⬆️
exporters/otlp/otlpmetric/otlpmetrichttp/client.go	80.7% <ø> (ø)
exporters/otlp/otlptrace/otlptracehttp/client.go	76.9% <ø> (ø)
exporters/zipkin/zipkin.go	81.9% <100.0%> (ø)
sdk/log/batch.go	100.0% <100.0%> (ø)
sdk/resource/host_id_readfile.go	100.0% <100.0%> (ø)
trace/tracestate.go	94.4% <0.0%> (-1.4%)	⬇️

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dmathieu]

Ping @open-telemetry/go-approvers for cross-check. I marked some checks as false positive, and added a check for the rune->byte conversion.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.