fix(deps): update all dependencies

[renovate]

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

---

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/checkout	action	major	v4.1.1 -> v5.0.0
actions/dependency-review-action	action	minor	v4.2.5 -> v4.8.0
actions/setup-go	action	major	v5.0.0 -> v6.0.0
github.com/golangci/golangci-lint	require	major	v1.57.2 -> v2.5.0
github/codeql-action	action	minor	v3.24.10 -> v3.30.6
go (source)	toolchain	minor	1.22.2 -> 1.25.1
golang.org/x/tools	require	minor	v0.20.0 -> v0.37.0
mvdan.cc/gofumpt	require	minor	v0.6.0 -> v0.9.1
step-security/harden-runner	action	minor	v2.7.0 -> v2.13.1

---

Release Notes

actions/checkout (actions/checkout)

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in https://github.com/actions/checkout/pull/2226
• Prepare v5.0.0 release by @​salmanmkc in https://github.com/actions/checkout/pull/2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in https://github.com/actions/checkout/pull/1971
• Add internal repos for checking out multiple repositories by @​mouismail in https://github.com/actions/checkout/pull/1977
• Documentation update - add recommended permissions to Readme by @​benwells in https://github.com/actions/checkout/pull/2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in https://github.com/actions/checkout/pull/2044
• Update README.md by @​nebuk89 in https://github.com/actions/checkout/pull/2194
• Update CODEOWNERS for actions by @​TingluoHuang in https://github.com/actions/checkout/pull/2224
• Update package dependencies by @​salmanmkc in https://github.com/actions/checkout/pull/2236
• Prepare release v4.3.0 by @​salmanmkc in https://github.com/actions/checkout/pull/2237

New Contributors

• @​motss made their first contribution in https://github.com/actions/checkout/pull/1971
• @​mouismail made their first contribution in https://github.com/actions/checkout/pull/1977
• @​benwells made their first contribution in https://github.com/actions/checkout/pull/2043
• @​nebuk89 made their first contribution in https://github.com/actions/checkout/pull/2194
• @​salmanmkc made their first contribution in https://github.com/actions/checkout/pull/2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in #​1180
• Dependency updates by @​dependabot- #​1777, #​1872

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in #​1739
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1697
• Check out other refs/* by commit by @​orhantoy in #​1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in #​1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in #​1732

v4.1.5

Compare Source

• Update NPM dependencies by @​cory-miller in #​1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in #​1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in #​1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in #​1707

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in #​1692
• Add dependabot config by @​cory-miller in #​1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in #​1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in #​1643

v4.1.3

Compare Source

• Check git version before attempting to disable sparse-checkout by @​jww3 in #​1656
• Add SSH user parameter by @​cory-miller in #​1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in #​1650

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in #​1598

actions/dependency-review-action (actions/dependency-review-action)

v4.8.0

Compare Source

What's Changed

• Make Ruby Code Scannable by @​ljones140 in #​978
• Batch some contributions for release by @​brrygrdn in #​986
  • Make license lists collapsable by @​jasperkamerling
  • feat: add large summary handling with artifact upload by @​MattMencel

New Contributors

• @​ljones140 made their first contribution in #​978
• @​jasperkamerling made their first contribution in #​986
• @​MattMencel made their first contribution in #​986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

v4.7.4

Compare Source

v4.7.3: 4.7.3

Compare Source

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in #​966
• Claire153/fix spamming mentioned issue by @​claire153 in #​974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in #​945
• Deprecate deny lists by @​claire153 in #​958
• Address discrepancy between docs and reality by @​ahpook in #​960

New Contributors

• @​KyFaSt made their first contribution in #​945
• @​claire153 made their first contribution in #​958
• @​ahpook made their first contribution in #​960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

Compare Source

• Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #​889
• License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

Compare Source

• Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #​809 and probably others)
• Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

Compare Source

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in #​870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in #​876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in #​878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in #​877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in #​891
• Allow deny package removal by @​ellenfieldn in #​888
• Fix typos by @​omahs in #​893
• Bump esbuild from 0.19.5 to 0.25.0 by @​dependabot in #​900
• Bump octokit and related dependencies by @​RomanIakovlev in #​904
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot in #​905
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in #​899
• Update transitive dependency spdx-license-ids by @​ailox in #​855
• To not print OpenSSF Scorecard section if no dependencies scanned by @​fabasoad in #​884
• Improve usage of this action in dependency-review.yml by @​fabasoad in #​883
• Clarify comment-summary-in-pr behaviour by @​Pantelis-Santorinios in #​902
• Prepare 4.6.0 Release candidate by @​brrygrdn in #​910

New Contributors

• @​AshelyTC made their first contribution in #​891
• @​ellenfieldn made their first contribution in #​888
• @​omahs made their first contribution in #​893
• @​RomanIakovlev made their first contribution in #​904
• @​ailox made their first contribution in #​855
• @​fabasoad made their first contribution in #​884
• @​Pantelis-Santorinios made their first contribution in #​902
• @​brrygrdn made their first contribution in #​910

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

v4.5.0

Compare Source

What's Changed

• Bump got from 14.4.2 to 14.4.3 by @​dependabot in #​844
• Bump nodemon from 3.1.0 to 3.1.7 by @​dependabot in #​847
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in #​849
• Overriding the cross-spawn dependency to use a safe version by @​Ahmed3lmallah in #​850
• fix: add summary comment on failure when warn-only: true by @​ebickle in #​827
• Prepare for 4.5.0 release by @​Ahmed3lmallah in #​851

New Contributors

• @​ebickle made their first contribution in #​827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

• Fix for merge_group event bug by @​Ahmed3lmallah in #​846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

Compare Source

What's Changed

• fix: getRefs function to handle merge_group events by @​louis-bompart in #​766
• Create pull_request_template.md by @​jonjanego in #​794
• Update CONTRIBUTING.md by @​jonjanego in #​793
• Bump @​types/node from 20.11.28 to 20.16.0 by @​dependabot in #​815
• Upgrade transitive micromatch library by @​elireisman in #​829
• Do not list changed dependencies in summary by @​hmaurer in #​828
• Update stale.yaml by @​jonjanego in #​832
• Bump got from 14.4.1 to 14.4.2 by @​dependabot in #​822
• Bump eslint-plugin-jest and ts-jest by @​Ahmed3lmallah in #​840

New Contributors

• @​louis-bompart made their first contribution in #​766
• @​Ahmed3lmallah made their first contribution in #​840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

• Include all added dependencies in scorecard entries by @​elireisman in #​783
• Update SPDX Expression Parsing by @​febuiles in #​719
  • This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

v4.3.3: Notes for v4.3.3

Compare Source

What's Changed

• Allow slashes in purl package names by @​juxtin in #​765
• use the v3 version of the deps.dev API by @​josieang in #​741
• PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @​am-stead in #​773
• fix show-openssf-scorecard-levels input by @​ramann in #​776
• Updates to the contribution guidelines by @​jonjanego in #​778
• Create issue templates by @​jonjanego in #​777
• Fix the max comment length issue by @​jhutchings1 and @​elireisman in #​767
• Bump project version to 4.3.3 in prep for a release by @​elireisman in #​781

New Contributors

• @​josieang made their first contribution in #​741
• @​am-stead made their first contribution in #​773
• @​ramann made their first contribution in #​776

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

v4.3.2

Compare Source

What's Changed

• Fix package-url parsing for allow-dependencies-licenses by @​juxtin in #​761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

Compare Source

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See #​753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

Compare Source

New Features

• The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

• Fix action variable name for scorecard by @​lukehinds in #​735
• Fix extra https:// in summary by @​jhutchings1 in #​748
• Bump typescript from 5.3.3 to 5.4.5 by @​dependabot in #​744
• Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in #​737
• Show denied packages with red X by @​juxtin in #​750
• deny-packages configuration option can deny specified version or all packages by @​febuiles and @​bteng22 in #​733

New Contributors

• @​bteng22 made their first contribution in #​733
• @​lukehinds made their first contribution in #​735

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

actions/setup-go (actions/setup-go)

v6.0.0

Compare Source

What's Changed

Breaking Changes

• Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @​matthewhughes934 in #​460
• Upgrade Nodejs runtime from node20 to node 24 by @​salmanmkc in #​624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot[bot] in #​589
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in #​591
• Upgrade @​typescript-eslint/parser from 8.31.1 to 8.35.1 by @​dependabot[bot] in #​590
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​594
• Upgrade typescript from 5.4.2 to 5.8.3 by @​dependabot[bot] in #​538
• Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @​dependabot[bot] in #​603
• Upgrade form-data to bring in fix for critical vulnerability by @​matthewhughes934 in #​618
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​631

New Contributors

• @​matthewhughes934 made their first contribution in #​618
• @​salmanmkc made their first contribution in #​624

Full Changelog: actions/setup-go@v5...v6.0.0

v5.5.0

Compare Source

What's Changed

Bug fixes:

• Update self-hosted environment validation by @​priyagupta108 in #​556
• Add manifest validation and improve error handling by @​priyagupta108 in #​586
• Update template link by @​jsoref in #​527

Dependency updates:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in #​574
• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in #​573
• Upgrade ts-jest from 29.1.2 to 29.3.2 by @​dependabot in #​582
• Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @​dependabot in #​537

New Contributors

• @​jsoref made their first contribution in #​527

Full Changelog: actions/setup-go@v5...v5.5.0

v5.4.0

Compare Source

What's Changed

Dependency updates :

• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in #​535
• Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @​dependabot in #​536
• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​aparnajyothi-y in #​568
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in #​541

New Contributors

• @​aparnajyothi-y made their first contribution in #​568

Full Changelog: actions/setup-go@v5...v5.4.0

v5.3.0

Compare Source

What's Changed

• Use the new cache service: upgrade @actions/cache to ^4.0.0 by @​Link- in #​531
• Configure Dependabot settings by @​HarithaVattikuti in #​530
• Document update - permission section by @​HarithaVattikuti in #​533
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in #​534

New Contributors

• @​Link- made their first contribution in #​531

Full Changelog: actions/setup-go@v5...v5.3.0

v5.2.0

Compare Source

What's Changed

• Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @​Shegox in #​496

New Contributors

• @​Shegox made their first contribution in #​496

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

Compare Source

What's Changed

• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​500
• Upgrade IA Publish by @​Jcambass in #​502
• Add architecture to cache key by @​Zxilly in #​493
  This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
  Note: This change may break previous cache keys as they will no longer be compatible with the new format.
• Enhance workflows and Upgrade micromatch Dependency by @​priyagupta108 in #​510

Bug Fixes

• Revise isGhes logic by @​jww3 in #​511

New Contributors

• @​Zxilly made their first contribution in #​493
• @​Jcambass made their first contribution in #​500
• @​jww3 made their first contribution in #​511
• @​priyagupta108 made their first contribution in #​510

Full Changelog: actions/setup-go@v5...v5.1.0

v5.0.2

Compare Source

What's Changed

Bug fixes:

• Fix versions check failure by @​HarithaVattikuti in #​479

Dependency updates:

• Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by @​dependabot in #​487

New Contributors

• @​HarithaVattikuti made their first contribution in #​479

Full Changelog: actions/setup-go@v5...v5.0.2

v5.0.1

Compare Source

What's Changed

• Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by @​dependabot , @​HarithaVattikuti in #​465
• Update documentation with latest V5 release notes by @​ab in #​459
• Update version documentation by @​178inaba in #​458
• Documentation update of actions/setup-go to v5 by @​chenrui333 in #​449

New Contributors

• @​ab made their first contribution in #​459

Full Changelog: actions/setup-go@v5.0.0...v5.0.1

golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.5.0

Compare Source

1. New linters
   • Add godoclint linter https://github.com/godoc-lint/godoc-lint
   • Add unqueryvet linter https://github.com/MirrexOne/unqueryvet
   • Add iotamixing linter https://github.com/AdminBenni/iota-mixing
2. Linters new features or changes
   • embeddedstructfieldcheck: from 0.3.0 to 0.4.0 (new option: empty-line)
   • err113: from aea10b5 to 0.1.1 (skip internals of Is methods for error type)
   • ginkgolinter: from 0.20.0 to 0.21.0 (new option: force-tonot)
   • gofumpt: from 0.8.0 to 0.9.1 (new rule is to "clothe" naked returns for the sake of clarity)
   • ineffassign: from 0.1.0 to 0.2.0 (new option: check-escaping-errors)
   • musttag: from 0.13.1 to 0.14.0 (support interface methods)
   • revive: from 1.11.0 to 1.12.0 (new options: identical-ifelseif-branches, identical-ifelseif-conditions, identical-switch-branches, identical-switch-conditions, package-directory-mismatch, unsecure-url-scheme, use-waitgroup-go, useless-fallthrough)
   • thelper: from 0.6.3 to 0.7.1 (skip t.Helper in functions passed to synctest.Test)
   • wsl: from 5.1.1 to 5.2.0 (improvements related to subexpressions)
3. Linters bug fixes
   • asciicheck: from 0.4.1 to 0.5.0
   • errname: from 1.1.0 to 1.1.1
   • fatcontext: from 0.8.0 to 0.8.1
   • go-printf-func-name: from 0.1.0 to 0.1.1
   • godot: from 1.5.1 to 1.5.4
   • gosec: from 2.22.7 to 2.22.8
   • nilerr: from 0.1.1 to a temporary fork
   • nilnil: from 1.1.0 to 1.1.1
   • protogetter: from 0.3.15 to 0.3.16
   • tagliatelle: from 0.7.1 to 0.7.2
   • testifylint: from 1.6.1 to 1.6.4
4. Misc.
   • fix: "no export data" errors are now handled as a standard typecheck error
5. Documentation
   • Improve nolint section about syntax

v2.4.0

Compare Source

1. Enhancements
   • 🎉 go1.25 support
2. Linters new features or changes
   • exhaustruct: from v3.3.1 to 4.0.0 (new options: allow-empty, allow-empty-rx, allow-empty-returns, allow-empty-declarations)
3. Linters bug fixes
   • godox: trim filepath from report messages
   • staticcheck: allow empty options
   • tagalign: from 1.4.2 to 1.4.3
4. Documentation
   • 🌟 New website (with a search engine)

v2.3.1

Compare Source

1. Linters bug fixes
   • gci: from 0.13.6 to 0.13.7
   • gosec: from 2.22.6 to 2.22.7
   • noctx: from 0.3.5 to 0.4.0
   • wsl: from 5.1.0 to 5.1.1
   • tagliatelle: force upper case for custom initialisms

v2.3.0

Compare Source

1. Linters new features or changes
   • ginkgolinter: from 0.19.1 to 0.20.0 (new option: force-assertion-description)
   • iface: from 1.4.0 to 1.4.1 (report message improvements)
   • noctx: from 0.3.4 to 0.3.5 (new detections: log/slog, exec, crypto/tls)
   • revive: from 1.10.0 to 1.11.0 (new rule: enforce-switch-style)
   • wsl: from 5.0.0 to 5.1.0
2. Linters bug fixes
   • gosec: from 2.22.5 to 2.22.6
   • noinlineerr: from 1.0.4 to 1.0.5
   • sloglint: from 0.11.0 to 0.11.1
3. Misc.
   • fix: panic close of closed channel

v2.2.2

Compare Source

1. Linters bug fixes
   • noinlineerr: from 1.0.3 to 1.0.4
2. Documentation
   • Improve debug keys documentation
3. Misc.
   • fix: panic close of closed channel
   • godot: add noinline value into the JSONSchema

v2.2.1

Compare Source

1. Linters bug fixes

• varnamelen: fix configuration

v2.2.0

Compare Source

1. New linters
   • Add arangolint linter https://github.com/Crocmagnon/arangolint
   • Add embeddedstructfieldcheck linter https://github.com/manuelarte/embeddedstructfieldcheck
   • Add noinlineerr linter https://github.com/AlwxSin/noinlineerr
   • Add swaggo formatter https://github.com/golangci/swaggoswag
2. Linters new features or changes
   • errcheck: add verbose option
   • funcorder: from 0.2.1 to 0.5.0 (new option alphabetical)
   • gomoddirectives: from 0.6.1 to 0.7.0 (new option ignore-forbidden)
   • iface: from 1.3.1 to 1.4.0 (new option unexported)
   • noctx: from 0.1.0 to 0.3.3 (new report messages, and new rules related to database/sql)
   • noctx: from 0.3.3 to 0.3.4 (new SQL functions detection)
   • revive: from 1.9.0 to 1.10.0 (new rules: time-date, unnecessary-format, use-fmt-print)
   • usestdlibvars: from 1.28.0 to 1.29.0 (new option time-date-month)
   • wsl: deprecation
   • wsl_v5: from 4.7.0 to 5.0.0 (major version with new configuration)
3. Linters bug fixes
   • dupword: from 0.1.3 to 0.1.6
   • exptostd: from 0.4.3 to 0.4.4
   • forbidigo: from 1.6.0 to 2.1.0
   • gci: consistently forma

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: hack/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 98 additional dependencies were updated

Details:

Package	Change
4d63.com/gocheckcompilerdirectives	v1.2.1 -> v1.3.0
4d63.com/gochecknoglobals	v0.2.1 -> v0.2.2
github.com/4meepo/tagalign	v1.3.3 -> v1.4.3
github.com/Abirdcfly/dupword	v0.0.14 -> v0.1.6
github.com/Antonboom/errname	v0.1.12 -> v1.1.1
github.com/Antonboom/nilnil	v0.1.7 -> v1.1.1
github.com/Antonboom/testifylint	v1.2.0 -> v1.6.4
github.com/BurntSushi/toml	v1.3.2 -> v1.5.0
github.com/Djarvur/go-err113	v0.0.0-20210108212216-aea10b59be24 -> v0.1.1
github.com/OpenPeeDeeP/depguard/v2	v2.2.0 -> v2.2.1
github.com/alecthomas/go-check-sumtype	v0.1.4 -> v0.3.1
github.com/alexkohler/nakedret/v2	v2.0.4 -> v2.0.6
github.com/bkielbasa/cyclop	v1.2.1 -> v1.2.3
github.com/bombsimon/wsl/v4	v4.2.1 -> v4.7.0
github.com/breml/bidichk	v0.2.7 -> v0.3.3
github.com/breml/errchkjson	v0.3.6 -> v0.4.1
github.com/butuzov/ireturn	v0.3.0 -> v0.4.0
github.com/butuzov/mirror	v1.1.0 -> v1.3.0
github.com/catenacyber/perfsprint	v0.7.1 -> v0.9.1
github.com/ccojocar/zxcvbn-go	v1.0.2 -> v1.0.4
github.com/cespare/xxhash/v2	v2.2.0 -> v2.3.0
github.com/ckaznocha/intrange	v0.1.1 -> v0.3.1
github.com/curioswitch/go-reassign	v0.2.0 -> v0.3.0
github.com/daixiang0/gci	v0.12.3 -> v0.13.7
github.com/fatih/color	v1.16.0 -> v1.18.0
github.com/firefart/nonamedreturns	v1.0.4 -> v1.0.6
github.com/ghostiam/protogetter	v0.3.5 -> v0.3.16
github.com/go-critic/go-critic	v0.11.2 -> v0.13.0
github.com/go-viper/mapstructure/v2	v2.0.0-alpha.1 -> v2.4.0
github.com/go-xmlfmt/xmlfmt	v1.1.2 -> v1.1.3
github.com/gofrs/flock	v0.8.1 -> v0.12.1
github.com/golangci/dupl	v0.0.0-20180902072040-3e9179ac440a -> v0.0.0-20250308024227-f665c8d69b32
github.com/golangci/gofmt	v0.0.0-20231018234816-f50ced29576e -> v0.0.0-20250106114630-d62b90e6713d
github.com/golangci/misspell	v0.4.1 -> v0.7.0
github.com/golangci/plugin-module-register	v0.1.1 -> v0.1.2
github.com/golangci/revgrep	v0.5.2 -> v0.8.0
github.com/golangci/unconvert	v0.0.0-20240309020433-c5143eacb3ed -> v0.0.0-20250410112200-a129a6e6413e
github.com/google/go-cmp	v0.6.0 -> v0.7.0
github.com/gordonklaus/ineffassign	v0.1.0 -> v0.2.0
github.com/gostaticanalysis/comment	v1.4.2 -> v1.5.0
github.com/gostaticanalysis/forcetypeassert	v0.1.0 -> v0.2.0
github.com/hashicorp/go-version	v1.6.0 -> v1.7.0
github.com/jgautheron/goconst	v1.7.1 -> v1.8.2
github.com/jjti/go-spancheck	v0.5.3 -> v0.6.5
github.com/julz/importas	v0.1.0 -> v0.2.0
github.com/karamaru-alpha/copyloopvar	v1.0.10 -> v1.2.1
github.com/kisielk/errcheck	v1.7.0 -> v1.9.0
github.com/kkHAIKE/contextcheck	v1.1.5 -> v1.1.6
github.com/kulti/thelper	v0.6.3 -> v0.7.1
github.com/kunwardeep/paralleltest	v1.0.10 -> v1.0.14
github.com/ldez/gomoddirectives	v0.2.4 -> v0.7.0
github.com/ldez/tagliatelle	v0.5.0 -> v0.7.2
github.com/leonklingele/grouper	v1.1.1 -> v1.1.2
github.com/macabu/inamedparam	v0.1.3 -> v0.2.0
github.com/matoous/godox	v0.0.0-20230222163458-006bad1f9d26 -> v1.1.0
github.com/mattn/go-colorable	v0.1.13 -> v0.1.14
github.com/mattn/go-runewidth	v0.0.14 -> v0.0.16
github.com/mgechev/revive	v1.3.7 -> v1.12.0
github.com/moricho/tparallel	v0.3.1 -> v0.3.2
github.com/nunnatsa/ginkgolinter	v0.16.2 -> v0.21.0
github.com/pelletier/go-toml/v2	v2.2.0 -> v2.2.4
github.com/polyfloyd/go-errorlint	v1.4.8 -> v1.8.0
github.com/quasilyte/go-ruleguard	v0.4.2 -> v0.4.4
github.com/rivo/uniseg	v0.4.3 -> v0.4.7
github.com/ryancurrah/gomodguard	v1.3.1 -> v1.4.1
github.com/sanposhiho/wastedassign/v2	v2.0.7 -> v2.1.0
github.com/sashamelentyev/usestdlibvars	v1.25.0 -> v1.29.0
github.com/securego/gosec/v2	v2.19.0 -> v2.22.8
github.com/sonatard/noctx	v0.0.2 -> v0.4.0
github.com/spf13/afero	v1.11.0 -> v1.14.0
github.com/spf13/cobra	v1.7.0 -> v1.10.1
github.com/spf13/pflag	v1.0.5 -> v1.0.10
github.com/stbenjam/no-sprintf-host-port	v0.1.1 -> v0.2.0
github.com/stretchr/testify	v1.9.0 -> v1.11.1
github.com/tetafro/godot	v1.4.16 -> v1.5.4
github.com/timakin/bodyclose	v0.0.0-20230421092635-574207250966 -> v0.0.0-20241222091800-1db5c5ca4d67
github.com/timonwong/loggercheck	v0.9.4 -> v0.11.0
github.com/tomarrell/wrapcheck/v2	v2.8.3 -> v2.11.0
github.com/ultraware/funlen	v0.1.0 -> v0.2.0
github.com/ultraware/whitespace	v0.1.0 -> v0.2.0
github.com/uudashr/gocognit	v1.1.2 -> v1.2.0
github.com/xen0n/gosmopolitan	v1.2.2 -> v1.3.0
github.com/yeya24/promlinter	v0.2.0 -> v0.3.0
gitlab.com/bosi/decorder	v0.4.1 -> v0.4.2
go-simpler.org/musttag	v0.9.0 -> v0.14.0
go-simpler.org/sloglint	v0.5.0 -> v0.11.1
go.uber.org/automaxprocs	v1.5.3 -> v1.6.0
go.uber.org/multierr	v1.9.0 -> v1.10.0
go.uber.org/zap	v1.24.0 -> v1.27.0
golang.org/x/exp	v0.0.0-20240325151524-a685a6edb6d8 -> v0.0.0-20240909161429-701f63a606c0
golang.org/x/exp/typeparams	v0.0.0-20240314144324-c7f7c6466f7f -> v0.0.0-20250911091902-df9299821621
golang.org/x/mod	v0.17.0 -> v0.28.0
golang.org/x/sync	v0.7.0 -> v0.17.0
golang.org/x/sys	v0.19.0 -> v0.36.0
golang.org/x/text	v0.14.0 -> v0.29.0
google.golang.org/protobuf	v1.33.0 -> v1.36.6
honnef.co/go/tools	v0.4.7 -> v0.6.1
mvdan.cc/unparam	v0.0.0-20240104100049-c549a3470d14 -> v0.0.0-20250301125049-0df0534333a4

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	golang.org/​x/​tools@​v0.20.0 ⏵ v0.37.0	-1
	github.com/​golangci/​golangci-lint/​v2@​v2.5.0
	mvdan.cc/​gofumpt@​v0.6.0 ⏵ v0.9.1	+1

View full report