[tools]: Bump the all-tools group across 1 directory with 2 updates

[dependabot]

Bumps the all-tools group with 2 updates in the /tools directory: github.com/golangci/golangci-lint/v2 and mvdan.cc/sh/v3.

Updates github.com/golangci/golangci-lint/v2 from 2.11.4 to 2.12.1

Release notes

Sourced from github.com/golangci/golangci-lint/v2's releases.

v2.12.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

[!IMPORTANT] If you are using the install script from the master branch: https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh This branch is not used anymore, we are using main.

We recommend using https://golangci-lint.run/install.sh as URL to install golangci-lint.

https://golangci-lint.run/docs/welcome/install/local/#binaries

• 35b2189782a6a059489289257e6523550167cb64 fix: install.sh script (#6539)
• 3a006ab284f52a5aac0a7daa77ae683e43fb7b69 gomodguard: fix panic with migration suggestion (#6542)

v2.12.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

[!IMPORTANT] If you are using the install script from the master branch: https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh This branch is not used anymore, we are using main.

We recommend using https://golangci-lint.run/install.sh as URL to install golangci-lint.

https://golangci-lint.run/docs/welcome/install/local/#binaries

• d092dad51011497cda6dfcdeac572e87e7e00f79 Bump github.com/jingyugao/rowserrcheck from v1.1.1 to c5f79b8 (#6510)
• eec5c47e4a7a7e15fb0989cad1d6e41bf1b29c4b build(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0 (#6535)
• c670072b84808b392e04e9fa8b77355c99b7d4c0 build(deps): bump github.com/alecthomas/chroma/v2 from 2.23.1 to 2.24.1 (#6534)
• 493a1c881dad24cbe5fba5c2c8a1199ca383bb2c build(deps): bump github.com/ashanbrown/forbidigo/v2 from 2.3.0 to 2.3.1 (#6502)
• 3ad7eac33ff388240568f0fd0cccb2631e36f85d build(deps): bump github.com/ashanbrown/makezero/v2 from 2.1.0 to 2.2.0 (#6492)

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint/v2's changelog.

v2.12.1

Released on 2026-05-01

1. Linters bug fixes
   • gomodguard_v2: fix panic with migration suggestion
2. Misc.
   • fix install.sh script (if you are still using an URL based on the branch master, please update to use https://golangci-lint.run/install.sh)

v2.12.0

Released on 2026-05-01

1. New linters
   • Add clickhouselint linter https://github.com/ClickHouse/clickhouse-go-linter
2. Linters new features or changes
   • dupl: from f665c8d69b32 to c99c5cf5c202 (extended detection)
   • funcorder: from 0.5.0 to 0.6.0 (new option: function)
   • goconst: add an option to ignore strings from tests
   • goconst: from 1.8.2 to 1.10.0 (extended detection)
   • gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)
   • gosec: from 619ce2117e08 to 2.26.1 (new checks: G124, G708, G709, G710)
   • govet: add inline analyzer
   • makezero: from 2.1.0 to 2.2.1 (support slice type aliases)
   • paralleltest: expose checkcleanup option
   • sloglint: from 0.11.1 to 0.12.0 (new options: allowed-keys, custom-funcs)
   • wsl_v5: from 5.6.0 to 5.8.0 (new option: cuddle-max-statements; new checks: after-decl, after-defer, after-expr, after-go, cuddle-group)
3. Linters bug fixes
   • forbidigo: from 2.3.0 to 2.3.1
   • godot: from 1.5.4 to 1.5.6
   • govet-modernize: from 0.43.0 to 0.44.0
   • ireturn: from 0.4.0 to 0.4.1
   • rowserrcheck: from 1.1.1 to c5f79b8
4. Misc.
   • Decrease cache entropy
   • Embed the JSON schema in the binary
   • Filter env vars when cloning the repository with the custom command

Commits

• 9aa24e9 chore: prepare release
• 3a006ab gomodguard: fix panic with migration suggestion (#6542)
• 35b2189 fix: install.sh script (#6539)
• 6349bbc docs: update GitHub Action assets (#6538)
• 7761527 chore: prepare release
• 8116fb5 build(deps): bump github.com/bombsimon/wsl/v5 from 5.6.0 to 5.8.0 (#6536)
• eec5c47 build(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0 (#6535)
• c670072 build(deps): bump github.com/alecthomas/chroma/v2 from 2.23.1 to 2.24.1 (#6534)
• 80ad1dc feat: embed the JSON schema in the binary (#6533)
• 8589d80 build(deps): bump github.com/securego/gosec/v2 from 2.25.0 to 2.26.1 (#6532)
• Additional commits viewable in compare view

Updates mvdan.cc/sh/v3 from 3.13.0 to 3.13.1

Release notes

Sourced from mvdan.cc/sh/v3's releases.

v3.13.1

• cmd/shfmt
  • Add support for [[zsh]] in EditorConfig files
  • Detect the shell variant from filenames like .zshrc and .bash_profile
  • Fix --apply-ignore when used with explicit args - #1310
• syntax
  • Revert an accidental change to how array subscripts are formatted - #1314
  • Never join ;; with the previous line when formatting - #1289
  • Fix a bug where $1[foo] was parsed as a subscript in Zsh - #1288
  • Correctly parse $! in double quotes in Zsh - #1298
  • Allow indexing into special parameters in Zsh - #1299
  • Allow parameter expansions with empty names in Zsh - #1280
• interp
  • Test against Bash 5.3 and fix three new discrepancies
  • Fix a few bugs related to nameref variables
  • Avoid panics when user input encounters unimplemented features

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.26.1 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Changelog

Sourced from mvdan.cc/sh/v3's changelog.

[3.13.1] - 2026-03-09

• cmd/shfmt
  • Add support for [[zsh]] in EditorConfig files
  • Detect the shell variant from filenames like .zshrc and .bash_profile
  • Fix --apply-ignore when used with explicit args - #1310
• syntax
  • Revert an accidental change to how array subscripts are formatted - #1314
  • Never join ;; with the previous line when formatting - #1289
  • Fix a bug where $1[foo] was parsed as a subscript in Zsh - #1288
  • Correctly parse $! in double quotes in Zsh - #1298
  • Allow indexing into special parameters in Zsh - #1299
  • Allow parameter expansions with empty names in Zsh - #1280
• interp
  • Test against Bash 5.3 and fix three new discrepancies
  • Fix a few bugs related to nameref variables
  • Avoid panics when user input encounters unimplemented features

Commits

• 2f3f5e3 CHANGELOG: add entry for v3.13.1
• 1b77144 CHANGELOG: add late entry for v3.13.0
• 4fe0cc2 README: bring output in caveats examples up to date
• d2b044b syntax: only make index expressions compact when it's a comma
• 1569230 syntax: add test cases for issue #1314
• e97b2b0 interp: avoid the last panics which can be triggered by users
• f299f47 cmd/shfmt: --apply-ignore should not skip explicit args based on extension
• 2315483 interp: fix a few nameref bugs
• 7e3be04 interp: test with Bash 5.3 and fix three bugs uncovered by it
• 8852860 pattern: tokenize patterns rune by rune
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions