docs: correct gosec action reference in changelog

.gitea/workflows/pr-validation.yml

@@ -53,12 +53,6 @@ jobs:
           git diff --exit-code go.mod go.sum
           go mod verify
 
-      - name: Install security tools
-        run: |
-          set -euo pipefail
-          go install github.com/securego/gosec/v2/cmd/gosec@v2.22.3
-          go install golang.org/x/vuln/cmd/govulncheck@v1.1.4
-
       - name: Install AWS CLI v2
         uses: ankurk91/install-aws-cli-action@v1
 
@@ -159,7 +153,7 @@ jobs:
           fi
 
       - name: Run Gosec Security Scanner
-        uses: secureCodeBox/gosec-action@v1
+        uses: securego/gosec@v2.22.3
         with:
           args: './...'
 

.gitea/workflows/push-validation.yml

@@ -64,7 +64,7 @@ jobs:
           fi
 
       - name: Run Gosec Security Scanner
-        uses: secureCodeBox/gosec-action@v1
+        uses: securego/gosec@v2.22.3
         with:
           args: './...'
 

CHANGELOG.md

@@ -15,7 +15,8 @@ A `### Breaking` section is used in addition to Keep a Changelog's standard sect
 
 ### Changed
 
-- CI security scanning now uses GitHub Marketplace actions (`secureCodeBox/gosec-action` and `golang/govulncheck-action`) instead of manual tool installation, improving reliability and caching.
+- CI security scanning now uses GitHub Marketplace actions (`securego/gosec` and `golang/govulncheck-action`) instead of manual tool installation, improving reliability and caching.
+- CI setup compatibility fix: gosec scanner now references the correct public action source (`securego/gosec`), resolving action clone failures in Gitea runners.
 - Code formatting validation added to CI pipelines: pushes and pull requests with code not matching `go fmt ./...` output will be rejected.
 - Dependencies updated to resolve security vulnerabilities: `cloudflare/circl` to v1.6.3, `go-git/v5` to v5.17.0, `golang.org/x/crypto` to v0.49.0, and `golang.org/x/net` to v0.52.0.
 - CI workflows now include explicit caching for Go modules and build artifacts to reduce pipeline execution time.