Bump securego/gosec from 2.24.7 to 2.25.0

[dependabot]

Bumps securego/gosec from 2.24.7 to 2.25.0.

Release notes

Sourced from securego/gosec's releases.

v2.25.0

Changelog

• 223e19b8856e00f02cc67804499a83f77e208f3c chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617)
• b23a9e534822ec656207d6d33116b9c48fcde6c7 fix: allow barry action to access secrets on fork PRs (#1616)
• 355cfa5a43916c57b7727eece120dd54665c1427 fix: reduce G117 false positives for custom marshalers and transformed values (#1614) (#1615)
• 744bfb5ef06e24230087a2470dd1eda8cf5ac48a Add barry security scanner as a step in the CI (#1612)
• 4fde15d2287caa7ba8480e14d3ccd49579d17f42 chore(deps): update all dependencies (#1611)
• dec52c4101b534ac9bc8cf22ac051a65c90d75e0 fix: prevent taint analysis hang on packages with many CHA call graph edges (#1608) (#1610)
• a0de8b6aab054e0fe97bec94d1f5e635dc5dc495 Add some skills for claude code to automate some tasks (#1609)
• c2dfcec7f34bdbb3591c1dccd4aafde1d49c5bd6 Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606)
• 8aec3f48a22ee5404185b01ac7667302ba73e51c fix: skip SSA analysis on ill-typed packages to prevent panic (#1607)
• 1ced32df147e2dd7bb9400023c246235bb32be92 Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605)
• befce8de5da965121ad143b3c1eba58b0c3941bb fix(G118): eliminate false positive for package-level cancel variables (#1602)
• b7b2c7b668f3f2bef8a8ae04d72f0eb60492322c feat: add G124 rule for insecure HTTP cookie configuration (#1599)
• 6e66a943db54eb8d235ac766fa2fd414d44e8821 feat: add G709 rule for unsafe deserialization of untrusted data (#1598)
• e7ea2377aa2138d550e6d466ceef7a3164b4d7ea feat: add G708 rule for server-side template injection via text/template (#1597)
• 889546214c90564feb348e14fd1bf526295e0b2d fix(G118): eliminate false positive when cancel is called via struct field in a closure (#1596)
• 619ce2117e086b696f9357dc3422c18c2d0262bf Fix infinite recursion in interprocedural taint analysis (#1594)
• 0e0eb1792f3ced1edfe332daa388f088d4bd2f08 Fix G118 false positive when cancel is stored in returned struct field (#1593)
• 59a9da022f37d928b5c26c2b720e5f43f4a3e9b4 Fix G118 false positive on cancel called inside goroutine closure (#1592)
• cbf46b8771cfe2f02d3f935469c7898198d901f4 fix(analyzer): per-package rule instantiation eliminates concurrent map crash (#1589)
• c6c3ba865980cf3333c8bcaa93b4b9b7a4858bba chore(deps): update all dependencies (#1588)
• c709ed8be30a01d52ef51a099f5da6fc23dd3e31 fix(G118): treat returned cancel func as called (fixes #1584) (#1585)
• fa74dd7069d482a37b1207afbeffbfc7681a47f8 chore(go): update supported Go versions to 1.25.8 and 1.26.1 (#1583)
• cd1f29ec710ed24a305edf5908f52240addb1811 Update the README with the correct version of the Github action for gosec (#1582)
• 5887aee36f8b982ecb71885fde827ec0e84d98a2 chore(deps): update all dependencies (#1579)
• 6641fcf966593bf52ed426aa262839b340d56375 Fix G115 false positives for guarded int64-to-byte conversions (#1578)
• 3c9c3da6924bb1daeea428e28ec9ac5fa5a09c25 Update the container image migration notice (#1576)
• 973e94e8fc181de08ab86b212e6475221e777069 chore(action): bump gosec to 2.24.7 (#1575)

Commits

• 223e19b chore(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 (#1617)
• b23a9e5 fix: allow barry action to access secrets on fork PRs (#1616)
• 355cfa5 fix: reduce G117 false positives for custom marshalers and transformed values...
• 744bfb5 Add barry security scanner as a step in the CI (#1612)
• 4fde15d chore(deps): update all dependencies (#1611)
• dec52c4 fix: prevent taint analysis hang on packages with many CHA call graph edges (...
• a0de8b6 Add some skills for claude code to automate some tasks (#1609)
• c2dfcec Add G701-G706 rule-to-CWE mappings and CWE-117, CWE-918 entries (#1606)
• 8aec3f4 fix: skip SSA analysis on ill-typed packages to prevent panic (#1607)
• 1ced32d Port G120 from SSA-based to taint analysis (fixes #1600, #1603) (#1605)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)