build(deps): bump github.com/securego/gosec/v2 from 2.4.0 to 2.5.0

[dependabot]

Bumps github.com/securego/gosec/v2 from 2.4.0 to 2.5.0.

Release notes

Sourced from github.com/securego/gosec/v2's releases.

v2.5.0

Changelog

a4746e1 Update all dependencies (#533) 6bd6e4b Use $(go env GOPATH) that works even when GOPATH is not set aef335a Fix typo in README.md 0ce48a5 Reproducible junit report (#529) 868556b Update README with the correct path to tlsconfig command 13519fd Update the tls configuration generate to handle also the NSS alternative names e351067 Update all dependencies 166e4f5 Update README file with some more details required to run successfully a scan with the docker image f5cc32a Update the Go version to 1.15 in the Makefile ea0fa28 Update the Github go action version to 1.6.0 feea8bb Fix the action tag 6688a97 Fix the github action for Go 1.15 7234349 Add Go 1.15 to the supported version and phase out the Go 1.12 a3895d5 Fix typo in README file 17c9555 Incorrect local installation instructions for v2 f13b8bc Add also filepath.Rel as a sanitization method for input argument in the G304 rule 047729a Fix the rule G304 to handle the case when the input is cleaned as a variable assignment b60ddc2 feat: adds support for path.Join and for tar archives in G305 673a139 Update all dependencies 110b62b Add io.CopyBuffer function to rule G110 6bcd89a Mark all lines of a multi-line finding 4d4e594 Add some comments d1467ac Extend the code snippet included in the issue and refactored how the code snippet is printed 37d1af0 Expand the arguments to a list of strings when they are provided as a single string 59cbe00 Update all dependencies ade81d3 Rename file for consistency 03f12f3 Change naming rule from blacklist to blocklist 3784ffe Fix panic when reading the version from debug info in Go 1.13 55d368f Improve the TLS version checking ad1cb7e Make sure some version information is set when no version was injected into the binary 1d2c951 Extend the rule G304 with os.OpenFile and add a test to cover it 0c1a71b Add more tests samples to increase coverage fe07fcf Fix unit test when checking a mix of good and bad random functions 6bbf8f9 Extend the insecure random rule with more insecure random functions af699f6 Exclude .git directory from scan (#485) 6202b38 Update all dependencies (#484) 6a130d5 Update the link pointing to issues to CWE mapping to use the master version (#483) 826db1c Fix the build tags propagation 7da9248 Change the issue test to verify that a multi-line finding contains a line range 7aedcc5 Remove print line from tests 30e93bf Improve the SQL strings concat rules to handle multiple string concatenation 68bce94 Improve the SQL concatenation and string formatting rules to be applied only in the database/sql context 32be4a5 Make sure all rules are mapped to CWE numbers 8630c43 Add null pointer check in G601 1418b85 ondisk -> onDisk

... (truncated)

Commits

• a4746e1 Update all dependencies (#533)
• 6bd6e4b Use $(go env GOPATH) that works even when GOPATH is not set
• aef335a Fix typo in README.md
• 0ce48a5 Reproducible junit report (#529)
• 868556b Update README with the correct path to tlsconfig command
• 13519fd Update the tls configuration generate to handle also the NSS alternative names
• e351067 Update all dependencies
• 166e4f5 Update README file with some more details required to run successfully a scan...
• f5cc32a Update the Go version to 1.15 in the Makefile
• ea0fa28 Update the Github go action version to 1.6.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually