diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 44140da..054e48b 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -16,6 +16,6 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@v2.22.10
+        uses: securego/gosec@v2.22.11
         with:
           args: '-exclude=G103,G104,G304,G402 ./...'
diff --git a/server.go b/server.go
index 522dff6..6676f67 100644
--- a/server.go
+++ b/server.go
@@ -2718,7 +2718,7 @@ func acquireByteReader(ctxP **RequestCtx) (*bufio.Reader, error) {
 	}
 
 	ctx.fbr.c = c
-	ctx.fbr.ch = b[0]
+	ctx.fbr.ch = b[0] // #nosec G602
 	ctx.fbr.byteRead = false
 	r := acquireReader(ctx)
 	r.Reset(&ctx.fbr)
diff --git a/tcplisten/tcplisten_linux.go b/tcplisten/tcplisten_linux.go
index a135c17..6668521 100644
--- a/tcplisten/tcplisten_linux.go
+++ b/tcplisten/tcplisten_linux.go
@@ -72,7 +72,7 @@ func kernelVersion() (int, int) {
 		} else {
 			// Note that we're assuming N.N.N here.  If we see anything else we are likely to
 			// mis-parse it.
-			values[vi] = value
+			values[vi] = value // #nosec G602
 			vi++
 			if vi >= len(values) {
 				break
@@ -85,7 +85,7 @@ func kernelVersion() (int, int) {
 	case 1:
 		return values[0], 0
 	case 2:
-		return values[0], values[1]
+		return values[0], values[1] // #nosec G602
 	}
 	return 0, 0
 }