diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
index 64d12cc..c6fe34e 100644
--- a/.github/workflows/pr.yaml
+++ b/.github/workflows/pr.yaml
@@ -25,7 +25,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
+        uses: securego/gosec@v2.16.0
         with:
           args: './...'
 
diff --git a/auth_oidc.go b/auth_oidc.go
index 9a87a16..ea82ba0 100644
--- a/auth_oidc.go
+++ b/auth_oidc.go
@@ -96,6 +96,7 @@ func (w *OidcCredential) getAssertion(ctx context.Context) (string, error) {
 		return "", fmt.Errorf("getAssertion: cannot request token: %v", err)
 	}
 
+	// #nosec G307
 	defer resp.Body.Close()
 	body, err := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
 	if err != nil {