[deps]Update github.com/securego/gosec from v2.22.11 to v2.23.0

[github-actions]

Summary

Update github.com/securego/gosec dependency from v2.22.11 to v2.23.0

Current State

• Package: github.com/securego/gosec/v2
• Current Version: v2.22.11
• Proposed Version: v2.23.0
• Update Type: Minor

Why Separate Issue

⚠️ Minor version update with new features

• This is a minor version update (v2.22.11 → v2.23.0)
• Adds new taint analysis engine feature
• Multiple enhancements and refactorings
• May affect security scanning behavior
• Needs individual review and testing

Safety Assessment

⚠️ Requires careful review

• Minor version update indicates new features
• New taint analysis engine may change scan results
• Multiple rule enhancements may detect new issues
• Performance optimizations may affect scan times
• Review security scan output carefully after update

Changes

Major Features:

• Added taint analysis engine support (Refactor safe-outputs MCP server tools: Extract to JSON and pre-filter in Go #1486)
• New G117 rule for secrets serialization detection
• Enhanced SQL injection detection with improved string concatenation checks
• Enhanced subprocess variable checks
• Added support for detecting high entropy strings in composite literals

Improvements:

• Optimize analyzer with parallel package processing
• Implement entropy pre-filtering to optimize secret detection
• Enhance slice bounds analysis with dynamic bounds handling
• Support path-based rule exclusions via exclude-rules
• Multiple performance optimizations to reduce allocations

Bug Fixes:

• Fix G602 analyzer panic that kills gosec process
• Fix SARIF artifactChanges null validation error
• Fix nosec comments to work with trailing open brackets (Add support for @import as alias for @include in markdown workflows #1240)
• Fix URL regexp and remove redundant Google regex patterns

Links

• v2.23.0 Release
• Package Repository
• [Go Package]((pkg.go.dev/redacted)

Recommended Action

go get -u github.com/securego/gosec/v2@v2.23.0
go mod tidy

Testing Notes

• Run all tests: make test-unit
• Run security scanner: make lint (includes gosec)
• Review security scan results for new findings
• Check that no false positives are introduced
• Verify performance is acceptable
• Test with existing gosec configurations

Generated by Dependabot Dependency Checker

• expires on Feb 18, 2026, 9:27 AM UTC