Bump gosec version

pkg/yqlib/encoder_toml.go

@@ -122,6 +122,10 @@ func (te *tomlEncoder) encodeRootMapping(w io.Writer, node *CandidateNode) error
 
 // encodeTopLevelEntry encodes a key/value at the root, dispatching to attribute, table, or array-of-tables
 func (te *tomlEncoder) encodeTopLevelEntry(w io.Writer, path []string, node *CandidateNode) error {
+	if len(path) == 0 {
+		return fmt.Errorf("cannot encode TOML entry with empty path")
+	}
+
 	switch node.Kind {
 	case ScalarNode:
 		// key = value

pkg/yqlib/toml_test.go

@@ -2,6 +2,7 @@ package yqlib
 
 import (
 	"bufio"
+	"bytes"
 	"fmt"
 	"strings"
 	"testing"
@@ -797,6 +798,28 @@ func TestTomlColorisationNumberBug(t *testing.T) {
 	}
 }
 
+// Tests that the encoder handles empty path slices gracefully
+func TestTomlEmptyPathPanic(t *testing.T) {
+	encoder := NewTomlEncoder()
+	tomlEncoder := encoder.(*tomlEncoder)
+
+	var buf bytes.Buffer
+
+	// Create a simple scalar node
+	scalarNode := &CandidateNode{
+		Kind:  ScalarNode,
+		Tag:   "!!str",
+		Value: "test",
+	}
+
+	// Test with empty path - this should not panic
+	err := tomlEncoder.encodeTopLevelEntry(&buf, []string{}, scalarNode)
+	if err == nil {
+		t.Error("Expected error when encoding with empty path, got nil")
+	}
+
+}
+
 // TestTomlStringEscapeColourization tests that string colourization correctly
 // handles escape sequences, particularly escaped quotes at the end of strings
 func TestTomlStringEscapeColourization(t *testing.T) {

scripts/devtools.sh

@@ -2,4 +2,4 @@
 set -ex
 go mod download golang.org/x/tools@latest
 curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.1.5
-curl -sSfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s v2.22.5
+curl -sSfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s v2.22.11