From fb6b6d160c1f7dcfff5b79f1f8efb231c4bb2abf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Dec 2025 16:34:33 +0100
Subject: [PATCH] chore(deps): bump securego/gosec from 2.22.10 to 2.22.11
 (#2110)

* chore(deps): bump securego/gosec from 2.22.10 to 2.22.11

Bumps [securego/gosec](https://github.com/securego/gosec) from 2.22.10 to 2.22.11.
- [Release notes](https://github.com/securego/gosec/releases)
- [Commits](https://github.com/securego/gosec/compare/v2.22.10...v2.22.11)

---
updated-dependencies:
- dependency-name: securego/gosec
  dependency-version: 2.22.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Ignore invalid warnings

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
---
 .github/workflows/security.yml | 2 +-
 server.go                      | 2 +-
 tcplisten/tcplisten_linux.go   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 44140da..054e48b 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -16,6 +16,6 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@v2.22.10
+        uses: securego/gosec@v2.22.11
         with:
           args: '-exclude=G103,G104,G304,G402 ./...'
diff --git a/server.go b/server.go
index 522dff6..6676f67 100644
--- a/server.go
+++ b/server.go
@@ -2718,7 +2718,7 @@ func acquireByteReader(ctxP **RequestCtx) (*bufio.Reader, error) {
 	}
 
 	ctx.fbr.c = c
-	ctx.fbr.ch = b[0]
+	ctx.fbr.ch = b[0] // #nosec G602
 	ctx.fbr.byteRead = false
 	r := acquireReader(ctx)
 	r.Reset(&ctx.fbr)
diff --git a/tcplisten/tcplisten_linux.go b/tcplisten/tcplisten_linux.go
index a135c17..6668521 100644
--- a/tcplisten/tcplisten_linux.go
+++ b/tcplisten/tcplisten_linux.go
@@ -72,7 +72,7 @@ func kernelVersion() (int, int) {
 		} else {
 			// Note that we're assuming N.N.N here.  If we see anything else we are likely to
 			// mis-parse it.
-			values[vi] = value
+			values[vi] = value // #nosec G602
 			vi++
 			if vi >= len(values) {
 				break
@@ -85,7 +85,7 @@ func kernelVersion() (int, int) {
 	case 1:
 		return values[0], 0
 	case 2:
-		return values[0], values[1]
+		return values[0], values[1] // #nosec G602
 	}
 	return 0, 0
 }