chore(deps): update dependency securego/gosec to v2.24.6

[ory-bot]

This PR contains the following updates:

Package	Update	Change
securego/gosec	minor	2.23.0 → 2.24.6

---

Release Notes

securego/gosec (securego/gosec)

v2.24.6

Compare Source

Changelog

• 88835e8 Update gorelease to use the latest cosign bundle argument (#​1565)

v2.24.0

Compare Source

Changelog

• 271492b fix: G704 false positive on const URL (#​1551)
• 1341aea fix(G705): eliminate false positive for non-HTTP io.Writer (#​1550)
• f2262c8 G120: avoid false positive when MaxBytesReader is applied in middleware (#​1547)
• 5b580c7 Fix G602 regression coverage for issue #​1545 and stabilize G117 TOML test dependency (#​1546)
• eba2d15 taint: skip context.Context arguments during taint propagation to fix false positives (#​1543)
• a6381c1 test: add missing rules to formatter report tests (#​1540)
• fea9725 chore(deps): update all dependencies (#​1541)
• f3e2fac Regenrate the TLS config rule (#​1539)
• 200461f Improve documentation (#​1538)
• 078a62a Expand analyzer-core test coverage for orchestration, go/analysis adapter logic, and taint integration (#​1537)
• ffdc620 Add unit tests for CLI orchestration, TLS config generation, and SSA cache behavior (#​1536)
• c13a486 Add G707 taint analyzer for SMTP command/header injection (#​1535)
• f61ed31 Add G123 analyzer for tls.VerifyPeerCertificate resumption bypass risk (#​1534)
• b568aa1 Add G122 SSA analyzer for filepath.Walk/WalkDir symlink TOCTOU race risks (#​1532)
• 1735e5a fix(G602): avoid false positives for range-over-array indexing (#​1531)
• caf93d0 Improve taint analyzer performance with shared SSA cache, parallel analyzer execution, and CI regression guard (#​1530)
• bd11fbe fix: taint analysis false positives with G703,G705 (#​1522)
• e34e8dd Extend the G117 rule to cover other types of serialization such as yaml/xml/toml (#​1529)
• b940702 Fix the G117 rule to take the JSON serialization into account (#​1528)
• 4f84627 (docs) fix justification format (#​1524)
• 36ba72b Add G121 analyzer for unsafe CORS bypass patterns in CrossOriginProtection (#​1521)
• 238f982 Add G120 SSA analyzer for unbounded form parsing in HTTP handlers (#​1520)
• 89cde27 Add G119 analyzer for unsafe redirect header propagation in CheckRedirect callbacks (#​1519)
• 14fdd9c Fix G115 false positives and negatives (Issue #​1501) (#​1518)
• cec54ec chore(deps): update all dependencies (#​1517)
• 2b2077e Add G118 SSA analyzer for context propagation failures that can cause goroutine/resource leaks (#​1516)
• a7666f3 Add G113: Detect HTTP Request Smuggling via conflicting headers (CVE-2025-22891, CWE-444) (#​1515)
• 47f8b52 Add G408: SSH PublicKeyCallback Authentication Bypass Analyzer (#​1513)
• 4f1f362 Add more unit tests to improve coverage (#​1512)
• 9344582 Improve test coverage in various areas (#​1511)
• 8d1b2c6 Imprve the test coverage (#​1510)
• 993c1c4 Fix incorrect detection of fixed iv in G407 (#​1509)
• 8668b74 Add support for go 1.26.x and removed support for go 1.24.x (#​1508)
• 514225c Fix the sonar report to follow the latest schema (#​1507)
• 000384e fix: broken taint analysis causing false positives (#​1506)
• 616192c fix: panic on float constants in overflow analyzer (#​1505)
• 79956a3 fix: panic when scanning multi-module repos from root (#​1504)
• 5736e8b fix: G602 false positive for array element access (#​1499)
• 1b7e1e9 Update gosec to version v2.23.0 in the Github action (#​1496)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.