fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/checkout	action	major	v4.1.1 -> v5.0.0
actions/dependency-review-action	action	minor	v4.2.5 -> v4.7.3
actions/setup-go	action	major	v5.0.0 -> v6.0.0
github.com/golangci/golangci-lint	require	major	v1.57.2 -> v2.4.0
github/codeql-action	action	minor	v3.24.10 -> v3.30.3
go (source)	toolchain	minor	1.22.2 -> 1.25.1
golang.org/x/tools	require	minor	v0.20.0 -> v0.37.0
mvdan.cc/gofumpt	require	minor	v0.6.0 -> v0.9.1
step-security/harden-runner	action	minor	v2.7.0 -> v2.13.1

---

Release Notes

actions/checkout (actions/checkout)

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in https://github.com/actions/checkout/pull/2226
• Prepare v5.0.0 release by @​salmanmkc in https://github.com/actions/checkout/pull/2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in https://github.com/actions/checkout/pull/1971
• Add internal repos for checking out multiple repositories by @​mouismail in https://github.com/actions/checkout/pull/1977
• Documentation update - add recommended permissions to Readme by @​benwells in https://github.com/actions/checkout/pull/2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in https://github.com/actions/checkout/pull/2044
• Update README.md by @​nebuk89 in https://github.com/actions/checkout/pull/2194
• Update CODEOWNERS for actions by @​TingluoHuang in https://github.com/actions/checkout/pull/2224
• Update package dependencies by @​salmanmkc in https://github.com/actions/checkout/pull/2236
• Prepare release v4.3.0 by @​salmanmkc in https://github.com/actions/checkout/pull/2237

New Contributors

• @​motss made their first contribution in https://github.com/actions/checkout/pull/1971
• @​mouismail made their first contribution in https://github.com/actions/checkout/pull/1977
• @​benwells made their first contribution in https://github.com/actions/checkout/pull/2043
• @​nebuk89 made their first contribution in https://github.com/actions/checkout/pull/2194
• @​salmanmkc made their first contribution in https://github.com/actions/checkout/pull/2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in #​1180
• Dependency updates by @​dependabot- #​1777, #​1872

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in #​1739
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1697
• Check out other refs/* by commit by @​orhantoy in #​1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in #​1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in #​1732

v4.1.5

Compare Source

• Update NPM dependencies by @​cory-miller in #​1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in #​1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in #​1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in #​1707

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in #​1692
• Add dependabot config by @​cory-miller in #​1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in #​1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in #​1643

v4.1.3

Compare Source

• Check git version before attempting to disable sparse-checkout by @​jww3 in #​1656
• Add SSH user parameter by @​cory-miller in #​1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in #​1650

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in #​1598

actions/dependency-review-action (actions/dependency-review-action)

v4.7.3: 4.7.3

Compare Source

What's Changed

• Add explicit permissions to workflow files by @​AshelyTC in #​966
• Claire153/fix spamming mentioned issue by @​claire153 in #​974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

v4.7.2: 4.7.2

Compare Source

What's Changed

• Add Missing Languages to CodeQL Advanced Configuration by @​KyFaSt in #​945
• Deprecate deny lists by @​claire153 in #​958
• Address discrepancy between docs and reality by @​ahpook in #​960

New Contributors

• @​KyFaSt made their first contribution in #​945
• @​claire153 made their first contribution in #​958
• @​ahpook made their first contribution in #​960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

v4.7.1

Compare Source

• Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #​889
• License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

v4.7.0

Compare Source

• Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #​809 and probably others)
• Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

v4.6.0

Compare Source

What's Changed

• Updating multiple dependency versions by @​Ahmed3lmallah in #​870
• Grouping minor and patch dependabot updates to lessen the number of PRs by @​Ahmed3lmallah in #​876
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in #​878
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in #​877
• DR Action should link to the proxima stamp when appropriate in error messages by @​AshelyTC in #​891
• Allow deny package removal by @​ellenfieldn in #​888
• Fix typos by @​omahs in #​893
• Bump esbuild from 0.19.5 to 0.25.0 by @​dependabot in #​900
• Bump octokit and related dependencies by @​RomanIakovlev in #​904
• Bump @​babel/helpers from 7.23.2 to 7.26.10 by @​dependabot in #​905
• Bump @​octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @​dependabot in #​899
• Update transitive dependency spdx-license-ids by @​ailox in #​855
• To not print OpenSSF Scorecard section if no dependencies scanned by @​fabasoad in #​884
• Improve usage of this action in dependency-review.yml by @​fabasoad in #​883
• Clarify comment-summary-in-pr behaviour by @​Pantelis-Santorinios in #​902
• Prepare 4.6.0 Release candidate by @​brrygrdn in #​910

New Contributors

• @​AshelyTC made their first contribution in #​891
• @​ellenfieldn made their first contribution in #​888
• @​omahs made their first contribution in #​893
• @​RomanIakovlev made their first contribution in #​904
• @​ailox made their first contribution in #​855
• @​fabasoad made their first contribution in #​884
• @​Pantelis-Santorinios made their first contribution in #​902
• @​brrygrdn made their first contribution in #​910

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

v4.5.0

Compare Source

What's Changed

• Bump got from 14.4.2 to 14.4.3 by @​dependabot in #​844
• Bump nodemon from 3.1.0 to 3.1.7 by @​dependabot in #​847
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in #​849
• Overriding the cross-spawn dependency to use a safe version by @​Ahmed3lmallah in #​850
• fix: add summary comment on failure when warn-only: true by @​ebickle in #​827
• Prepare for 4.5.0 release by @​Ahmed3lmallah in #​851

New Contributors

• @​ebickle made their first contribution in #​827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

Compare Source

What's Changed

• Fix for merge_group event bug by @​Ahmed3lmallah in #​846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

Compare Source

What's Changed

• fix: getRefs function to handle merge_group events by @​louis-bompart in #​766
• Create pull_request_template.md by @​jonjanego in #​794
• Update CONTRIBUTING.md by @​jonjanego in #​793
• Bump @​types/node from 20.11.28 to 20.16.0 by @​dependabot in #​815
• Upgrade transitive micromatch library by @​elireisman in #​829
• Do not list changed dependencies in summary by @​hmaurer in #​828
• Update stale.yaml by @​jonjanego in #​832
• Bump got from 14.4.1 to 14.4.2 by @​dependabot in #​822
• Bump eslint-plugin-jest and ts-jest by @​Ahmed3lmallah in #​840

New Contributors

• @​louis-bompart made their first contribution in #​766
• @​Ahmed3lmallah made their first contribution in #​840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

Compare Source

What's Changed

• Include all added dependencies in scorecard entries by @​elireisman in #​783
• Update SPDX Expression Parsing by @​febuiles in #​719
  • This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

v4.3.3: Notes for v4.3.3

Compare Source

What's Changed

• Allow slashes in purl package names by @​juxtin in #​765
• use the v3 version of the deps.dev API by @​josieang in #​741
• PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @​am-stead in #​773
• fix show-openssf-scorecard-levels input by @​ramann in #​776
• Updates to the contribution guidelines by @​jonjanego in #​778
• Create issue templates by @​jonjanego in #​777
• Fix the max comment length issue by @​jhutchings1 and @​elireisman in #​767
• Bump project version to 4.3.3 in prep for a release by @​elireisman in #​781

New Contributors

• @​josieang made their first contribution in #​741
• @​am-stead made their first contribution in #​773
• @​ramann made their first contribution in #​776

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

v4.3.2

Compare Source

What's Changed

• Fix package-url parsing for allow-dependencies-licenses by @​juxtin in #​761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

Compare Source

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See #​753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

Compare Source

New Features

• The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

• Fix action variable name for scorecard by @​lukehinds in #​735
• Fix extra https:// in summary by @​jhutchings1 in #​748
• Bump typescript from 5.3.3 to 5.4.5 by @​dependabot in #​744
• Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in #​737
• Show denied packages with red X by @​juxtin in #​750
• deny-packages configuration option can deny specified version or all packages by @​febuiles and @​bteng22 in #​733

New Contributors

• @​bteng22 made their first contribution in #​733
• @​lukehinds made their first contribution in #​735

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

actions/setup-go (actions/setup-go)

v6.0.0

Compare Source

What's Changed

Breaking Changes

• Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @​matthewhughes934 in #​460
• Upgrade Nodejs runtime from node20 to node 24 by @​salmanmkc in #​624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot[bot] in #​589
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in #​591
• Upgrade @​typescript-eslint/parser from 8.31.1 to 8.35.1 by @​dependabot[bot] in #​590
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​594
• Upgrade typescript from 5.4.2 to 5.8.3 by @​dependabot[bot] in #​538
• Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @​dependabot[bot] in #​603
• Upgrade form-data to bring in fix for critical vulnerability by @​matthewhughes934 in #​618
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​631

New Contributors

• @​matthewhughes934 made their first contribution in #​618
• @​salmanmkc made their first contribution in #​624

Full Changelog: actions/setup-go@v5...v6.0.0

v5.5.0

Compare Source

What's Changed

Bug fixes:

• Update self-hosted environment validation by @​priyagupta108 in #​556
• Add manifest validation and improve error handling by @​priyagupta108 in #​586
• Update template link by @​jsoref in #​527

Dependency updates:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in #​574
• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in #​573
• Upgrade ts-jest from 29.1.2 to 29.3.2 by @​dependabot in #​582
• Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @​dependabot in #​537

New Contributors

• @​jsoref made their first contribution in #​527

Full Changelog: actions/setup-go@v5...v5.5.0

v5.4.0

Compare Source

What's Changed

Dependency updates :

• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in #​535
• Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @​dependabot in #​536
• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​aparnajyothi-y in #​568
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in #​541

New Contributors

• @​aparnajyothi-y made their first contribution in #​568

Full Changelog: actions/setup-go@v5...v5.4.0

v5.3.0

Compare Source

What's Changed

• Use the new cache service: upgrade @actions/cache to ^4.0.0 by @​Link- in #​531
• Configure Dependabot settings by @​HarithaVattikuti in #​530
• Document update - permission section by @​HarithaVattikuti in #​533
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in #​534

New Contributors

• @​Link- made their first contribution in #​531

Full Changelog: actions/setup-go@v5...v5.3.0

v5.2.0

Compare Source

What's Changed

• Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @​Shegox in #​496

New Contributors

• @​Shegox made their first contribution in #​496

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

Compare Source

What's Changed

• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​500
• Upgrade IA Publish by @​Jcambass in #​502
• Add architecture to cache key by @​Zxilly in #​493
  This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
  Note: This change may break previous cache keys as they will no longer be compatible with the new format.
• Enhance workflows and Upgrade micromatch Dependency by @​priyagupta108 in #​510

Bug Fixes

• Revise isGhes logic by @​jww3 in #​511

New Contributors

• @​Zxilly made their first contribution in #​493
• @​Jcambass made their first contribution in #​500
• @​jww3 made their first contribution in #​511
• @​priyagupta108 made their first contribution in #​510

Full Changelog: actions/setup-go@v5...v5.1.0

v5.0.2

Compare Source

What's Changed

Bug fixes:

• Fix versions check failure by @​HarithaVattikuti in #​479

Dependency updates:

• Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by @​dependabot in #​487

New Contributors

• @​HarithaVattikuti made their first contribution in #​479

Full Changelog: actions/setup-go@v5...v5.0.2

v5.0.1

Compare Source

What's Changed

• Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by @​dependabot , @​HarithaVattikuti in #​465
• Update documentation with latest V5 release notes by @​ab in #​459
• Update version documentation by @​178inaba in #​458
• Documentation update of actions/setup-go to v5 by @​chenrui333 in #​449

New Contributors

• @​ab made their first contribution in #​459

Full Changelog: actions/setup-go@v5.0.0...v5.0.1

golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.4.0

Compare Source

1. Enhancements
   • 🎉 go1.25 support
2. Linters new features or changes
   • exhaustruct: from v3.3.1 to 4.0.0 (new options: allow-empty, allow-empty-rx, allow-empty-returns, allow-empty-declarations)
3. Linters bug fixes
   • godox: trim filepath from report messages
   • staticcheck: allow empty options
   • tagalign: from 1.4.2 to 1.4.3
4. Documentation
   • 🌟 New website (with a search engine)

v2.3.1

Compare Source

1. Linters bug fixes
   • gci: from 0.13.6 to 0.13.7
   • gosec: from 2.22.6 to 2.22.7
   • noctx: from 0.3.5 to 0.4.0
   • wsl: from 5.1.0 to 5.1.1
   • tagliatelle: force upper case for custom initialisms

v2.3.0

Compare Source

1. Linters new features or changes
   • ginkgolinter: from 0.19.1 to 0.20.0 (new option: force-assertion-description)
   • iface: from 1.4.0 to 1.4.1 (report message improvements)
   • noctx: from 0.3.4 to 0.3.5 (new detections: log/slog, exec, crypto/tls)
   • revive: from 1.10.0 to 1.11.0 (new rule: enforce-switch-style)
   • wsl: from 5.0.0 to 5.1.0
2. Linters bug fixes
   • gosec: from 2.22.5 to 2.22.6
   • noinlineerr: from 1.0.4 to 1.0.5
   • sloglint: from 0.11.0 to 0.11.1
3. Misc.
   • fix: panic close of closed channel

v2.2.2

Compare Source

1. Linters bug fixes
   • noinlineerr: from 1.0.3 to 1.0.4
2. Documentation
   • Improve debug keys documentation
3. Misc.
   • fix: panic close of closed channel
   • godot: add noinline value into the JSONSchema

v2.2.1

Compare Source

1. Linters bug fixes

• varnamelen: fix configuration

v2.2.0

Compare Source

1. New linters
   • Add arangolint linter https://github.com/Crocmagnon/arangolint
   • Add embeddedstructfieldcheck linter https://github.com/manuelarte/embeddedstructfieldcheck
   • Add noinlineerr linter https://github.com/AlwxSin/noinlineerr
   • Add swaggo formatter https://github.com/golangci/swaggoswag
2. Linters new features or changes
   • errcheck: add verbose option
   • funcorder: from 0.2.1 to 0.5.0 (new option alphabetical)
   • gomoddirectives: from 0.6.1 to 0.7.0 (new option ignore-forbidden)
   • iface: from 1.3.1 to 1.4.0 (new option unexported)
   • noctx: from 0.1.0 to 0.3.3 (new report messages, and new rules related to database/sql)
   • noctx: from 0.3.3 to 0.3.4 (new SQL functions detection)
   • revive: from 1.9.0 to 1.10.0 (new rules: time-date, unnecessary-format, use-fmt-print)
   • usestdlibvars: from 1.28.0 to 1.29.0 (new option time-date-month)
   • wsl: deprecation
   • wsl_v5: from 4.7.0 to 5.0.0 (major version with new configuration)
3. Linters bug fixes
   • dupword: from 0.1.3 to 0.1.6
   • exptostd: from 0.4.3 to 0.4.4
   • forbidigo: from 1.6.0 to 2.1.0
   • gci: consistently format the code
   • go-spancheck: from 0.6.4 to 0.6.5
   • goconst: from 1.8.1 to 1.8.2
   • gosec: from 2.22.3 to 2.22.4
   • gosec: from 2.22.4 to 2.22.5
   • makezero: from 1.2.0 to 2.0.1
   • misspell: from 0.6.0 to 0.7.0
   • usetesting: from 0.4.3 to 0.5.0
4. Misc.
   • exclusions: fix path-expect
   • formatters: write the input to stdout when using stdin and there are no changes
   • migration: improve the error message when trying to migrate a migrated config
   • typecheck: deduplicate errors
   • typecheck: stops the analysis after the first error
   • Deprecate print-resources-usage flag
   • Unique version per custom build
5. Documentation
   • Improves typecheck FAQ
   • Adds plugin systems recommendations
   • Add description for linters.default sets

v2.1.6

Compare Source

1. Linters bug fixes
   • godot: from 1.5.0 to 1.5.1
   • musttag: from 0.13.0 to 0.13.1
2. Documentation
   • Add note about golangci-lint v2 integration in VS Code

v2.1.5

Compare Source

Due to an error related to Snapcraft, some artifacts of the v2.1.4 release have not been published.

This release contains the same things as v2.1.3.

v2.1.4

Compare Source

Due to an error related to Snapcraft, some artifacts of the v2.1.3 release have not been published.

This release contains the same things as v2.1.3.

v2.1.3

Compare Source

1. Linters bug fixes
   • fatcontext: from 0.7.2 to 0.8.0
2. Misc.
   • migration: fix nakedret.max-func-lines: 0
   • migration: fix order of staticcheck settings
   • fix: add go.mod hash to the cache salt
   • fix: use diagnostic position for related information position

v2.1.2

Compare Source

1. Linters bug fixes
   • exptostd: from 0.4.2 to 0.4.3
   • gofumpt: from 0.7.0 to 0.8.0
   • protogetter: from 0.3.13 to 0.3.15
   • usetesting: from 0.4.2 to 0.4.3

v2.1.1

Compare Source

The release process of v2.1.0 failed due to a regression inside goreleaser.

The binaries of v2.1.0 have been published, but not the other artifacts (AUR, Docker, etc.).

v2.1.0

Compare Source

1. Enhancements
   • Add an option to display absolute paths (--path-mode=abs)
   • Add configuration path placeholder (${config-path})
   • Add warn-unused option for fmt command
   • Colored diff for fmt command (golangci-lint fmt --diff-colored)
2. New linters
   • Add funcorder linter https://github.com/manuelarte/funcorder
3. Linters new features or changes
   • go-errorlint: from 1.7.1 to 1.8.0 (automatic error comparison and type assertion fixes)
   • ⚠️ goconst: ignore-strings is deprecated and replaced by ignore-string-values
   • goconst: from 1.7.1 to 1.8.1 (new options: find-duplicates, eval-const-expressions)
   • govet: add httpmux analyzer
   • nilnesserr: from 0.1.2 to 0.2.0 (detect more cases)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: hack/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 96 additional dependencies were updated

Details:

Package	Change
4d63.com/gocheckcompilerdirectives	v1.2.1 -> v1.3.0
4d63.com/gochecknoglobals	v0.2.1 -> v0.2.2
github.com/4meepo/tagalign	v1.3.3 -> v1.4.3
github.com/Abirdcfly/dupword	v0.0.14 -> v0.1.6
github.com/Antonboom/errname	v0.1.12 -> v1.1.0
github.com/Antonboom/nilnil	v0.1.7 -> v1.1.0
github.com/Antonboom/testifylint	v1.2.0 -> v1.6.1
github.com/BurntSushi/toml	v1.3.2 -> v1.5.0
github.com/OpenPeeDeeP/depguard/v2	v2.2.0 -> v2.2.1
github.com/alecthomas/go-check-sumtype	v0.1.4 -> v0.3.1
github.com/alexkohler/nakedret/v2	v2.0.4 -> v2.0.6
github.com/bkielbasa/cyclop	v1.2.1 -> v1.2.3
github.com/bombsimon/wsl/v4	v4.2.1 -> v4.7.0
github.com/breml/bidichk	v0.2.7 -> v0.3.3
github.com/breml/errchkjson	v0.3.6 -> v0.4.1
github.com/butuzov/ireturn	v0.3.0 -> v0.4.0
github.com/butuzov/mirror	v1.1.0 -> v1.3.0
github.com/catenacyber/perfsprint	v0.7.1 -> v0.9.1
github.com/ccojocar/zxcvbn-go	v1.0.2 -> v1.0.4
github.com/cespare/xxhash/v2	v2.2.0 -> v2.3.0
github.com/ckaznocha/intrange	v0.1.1 -> v0.3.1
github.com/curioswitch/go-reassign	v0.2.0 -> v0.3.0
github.com/daixiang0/gci	v0.12.3 -> v0.13.7
github.com/fatih/color	v1.16.0 -> v1.18.0
github.com/firefart/nonamedreturns	v1.0.4 -> v1.0.6
github.com/ghostiam/protogetter	v0.3.5 -> v0.3.15
github.com/go-critic/go-critic	v0.11.2 -> v0.13.0
github.com/go-viper/mapstructure/v2	v2.0.0-alpha.1 -> v2.4.0
github.com/go-xmlfmt/xmlfmt	v1.1.2 -> v1.1.3
github.com/gofrs/flock	v0.8.1 -> v0.12.1
github.com/golangci/dupl	v0.0.0-20180902072040-3e9179ac440a -> v0.0.0-20250308024227-f665c8d69b32
github.com/golangci/gofmt	v0.0.0-20231018234816-f50ced29576e -> v0.0.0-20250106114630-d62b90e6713d
github.com/golangci/misspell	v0.4.1 -> v0.7.0
github.com/golangci/plugin-module-register	v0.1.1 -> v0.1.2
github.com/golangci/revgrep	v0.5.2 -> v0.8.0
github.com/golangci/unconvert	v0.0.0-20240309020433-c5143eacb3ed -> v0.0.0-20250410112200-a129a6e6413e
github.com/google/go-cmp	v0.6.0 -> v0.7.0
github.com/gostaticanalysis/comment	v1.4.2 -> v1.5.0
github.com/gostaticanalysis/forcetypeassert	v0.1.0 -> v0.2.0
github.com/hashicorp/go-version	v1.6.0 -> v1.7.0
github.com/jgautheron/goconst	v1.7.1 -> v1.8.2
github.com/jjti/go-spancheck	v0.5.3 -> v0.6.5
github.com/julz/importas	v0.1.0 -> v0.2.0
github.com/karamaru-alpha/copyloopvar	v1.0.10 -> v1.2.1
github.com/kisielk/errcheck	v1.7.0 -> v1.9.0
github.com/kkHAIKE/contextcheck	v1.1.5 -> v1.1.6
github.com/kunwardeep/paralleltest	v1.0.10 -> v1.0.14
github.com/ldez/gomoddirectives	v0.2.4 -> v0.7.0
github.com/ldez/tagliatelle	v0.5.0 -> v0.7.1
github.com/leonklingele/grouper	v1.1.1 -> v1.1.2
github.com/macabu/inamedparam	v0.1.3 -> v0.2.0
github.com/matoous/godox	v0.0.0-20230222163458-006bad1f9d26 -> v1.1.0
github.com/mattn/go-colorable	v0.1.13 -> v0.1.14
github.com/mattn/go-runewidth	v0.0.14 -> v0.0.16
github.com/mgechev/revive	v1.3.7 -> v1.11.0
github.com/moricho/tparallel	v0.3.1 -> v0.3.2
github.com/nunnatsa/ginkgolinter	v0.16.2 -> v0.20.0
github.com/pelletier/go-toml/v2	v2.2.0 -> v2.2.4
github.com/polyfloyd/go-errorlint	v1.4.8 -> v1.8.0
github.com/quasilyte/go-ruleguard	v0.4.2 -> v0.4.4
github.com/rivo/uniseg	v0.4.3 -> v0.4.7
github.com/ryancurrah/gomodguard	v1.3.1 -> v1.4.1
github.com/sanposhiho/wastedassign/v2	v2.0.7 -> v2.1.0
github.com/sashamelentyev/usestdlibvars	v1.25.0 -> v1.29.0
github.com/securego/gosec/v2	v2.19.0 -> v2.22.7
github.com/sonatard/noctx	v0.0.2 -> v0.4.0
github.com/spf13/afero	v1.11.0 -> v1.14.0
github.com/spf13/cobra	v1.7.0 -> v1.9.1
github.com/spf13/pflag	v1.0.5 -> v1.0.7
github.com/stbenjam/no-sprintf-host-port	v0.1.1 -> v0.2.0
github.com/stretchr/testify	v1.9.0 -> v1.10.0
github.com/tdakkota/asciicheck	v0.2.0 -> v0.4.1
github.com/tetafro/godot	v1.4.16 -> v1.5.1
github.com/timakin/bodyclose	v0.0.0-20230421092635-574207250966 -> v0.0.0-20241222091800-1db5c5ca4d67
github.com/timonwong/loggercheck	v0.9.4 -> v0.11.0
github.com/tomarrell/wrapcheck/v2	v2.8.3 -> v2.11.0
github.com/ultraware/funlen	v0.1.0 -> v0.2.0
github.com/ultraware/whitespace	v0.1.0 -> v0.2.0
github.com/uudashr/gocognit	v1.1.2 -> v1.2.0
github.com/xen0n/gosmopolitan	v1.2.2 -> v1.3.0
github.com/yeya24/promlinter	v0.2.0 -> v0.3.0
gitlab.com/bosi/decorder	v0.4.1 -> v0.4.2
go-simpler.org/musttag	v0.9.0 -> v0.13.1
go-simpler.org/sloglint	v0.5.0 -> v0.11.1
go.uber.org/automaxprocs	v1.5.3 -> v1.6.0
go.uber.org/multierr	v1.9.0 -> v1.10.0
go.uber.org/zap	v1.24.0 -> v1.27.0
golang.org/x/exp	v0.0.0-20240325151524-a685a6edb6d8 -> v0.0.0-20240909161429-701f63a606c0
golang.org/x/exp/typeparams	v0.0.0-20240314144324-c7f7c6466f7f -> v0.0.0-20250620022241-b7579e27df2b
golang.org/x/mod	v0.17.0 -> v0.28.0
golang.org/x/sync	v0.7.0 -> v0.17.0
golang.org/x/sys	v0.19.0 -> v0.36.0
golang.org/x/text	v0.14.0 -> v0.27.0
google.golang.org/protobuf	v1.33.0 -> v1.36.6
honnef.co/go/tools	v0.4.7 -> v0.6.1
mvdan.cc/unparam	v0.0.0-20240104100049-c549a3470d14 -> v0.0.0-20250301125049-0df0534333a4

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	golang.org/​x/​tools@​v0.20.0 ⏵ v0.37.0	+1
	github.com/​golangci/​golangci-lint/​v2@​v2.4.0
	mvdan.cc/​gofumpt@​v0.6.0 ⏵ v0.9.1	+1

View full report