golangci · ldez · Feb 13, 2026 · Feb 13, 2026 · Feb 13, 2026
diff --git a/.golangci.next.reference.yml b/.golangci.next.reference.yml
@@ -1514,6 +1514,7 @@ linters:
         - G114 # Use of net/http serve function that has no support for setting timeouts
         - G115 # Type conversion which leads to integer overflow
         - G116 # Detect Trojan Source attacks using bidirectional Unicode characters
+        - G117 # Potential exposure of secrets via JSON marshaling
         - G201 # SQL query construction using format string
         - G202 # SQL query construction using string concatenation
         - G203 # Use of unescaped data in HTML templates
@@ -1540,6 +1541,12 @@ linters:
         - G507 # Import blocklist: golang.org/x/crypto/ripemd160
         - G601 # Implicit memory aliasing in RangeStmt
         - G602 # Possible slice bounds out of range
+        - G701 # SQL injection via taint analysis
+        - G702 # Command injection via taint analysis
+        - G703 # Path traversal via taint analysis
+        - G704 # SSRF via taint analysis
+        - G705 # XSS via taint analysis
+        - G706 # Log injection via taint analysis
 
       # To specify a set of rules to explicitly exclude.
       # Available rules: https://github.com/securego/gosec#available-rules

diff --git a/.golangci.yml b/.golangci.yml
@@ -171,6 +171,11 @@ linters:
         linters: [gosec]
         text: "G306: Expect WriteFile permissions to be 0600 or less"
 
+      # For compatibility with previous versions.
+      # Also, those reports are not relevant.
+      - linters: [gosec]
+        text: "(G704: SSRF via taint analysis|G703: Path traversal via taint analysis|G702: Command injection via taint analysis|G115: integer overflow conversion uintptr)"
+
       # Related to migration command.
       - path: pkg/commands/internal/migrate/two/
         linters:

diff --git a/go.mod b/go.mod
@@ -112,7 +112,7 @@ require (
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
 	github.com/sashamelentyev/interfacebloat v1.1.0
 	github.com/sashamelentyev/usestdlibvars v1.29.0
-	github.com/securego/gosec/v2 v2.22.11
+	github.com/securego/gosec/v2 v2.23.0
 	github.com/shirou/gopsutil/v4 v4.26.1
 	github.com/sirupsen/logrus v1.9.4
 	github.com/sivchari/containedctx v1.0.3
@@ -226,7 +226,7 @@ require (
 	go.uber.org/multierr v1.10.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp/typeparams v0.0.0-20260209203927-2842357ff358 // indirect
-	golang.org/x/text v0.33.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
 	golang.org/x/tools/go/expect v0.1.1-deprecated // indirect
 	golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect
 	google.golang.org/protobuf v1.36.8 // indirect

diff --git a/go.sum b/go.sum
diff --git a/jsonschema/golangci.next.jsonschema.json b/jsonschema/golangci.next.jsonschema.json
@@ -507,6 +507,7 @@
         "G114",
         "G115",
         "G116",
+        "G117",
         "G201",
         "G202",
         "G203",
@@ -532,7 +533,13 @@
         "G506",
         "G507",
         "G601",
-        "G602"
+        "G602",
+        "G701",
+        "G702",
+        "G703",
+        "G704",
+        "G705",
+        "G706"
       ]
     },
     "govet-analyzers": {
-Original file line number
+Diff line change
@@ Expand Up / @@ -507,6 +507,7 @@ @@
             "G114",
             "G115",
             "G116",
+            "G117",
             "G201",
             "G202",
             "G203",
@@ Expand All / @@ -532,7 +533,13 @@ @@
             "G506",
             "G507",
             "G601",
-            "G602"
+            "G602",
+            "G701",
+            "G702",
+            "G703",
+            "G704",
+            "G705",
+            "G706"
           ]
         },
         "govet-analyzers": {
@@ Expand Down @@