[tools](deps): Bump the main group across 1 directory with 4 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the main group with 4 updates in the /tools directory: github.com/golangci/golangci-lint/v2, github.com/vektra/mockery/v3, golang.org/x/tools and mvdan.cc/sh/v3.

Updates github.com/golangci/golangci-lint/v2 from 2.9.0 to 2.11.3

Release notes

Sourced from github.com/golangci/golangci-lint/v2's releases.

v2.11.3

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• 697a1899cc458a617306273776854c4a4fd3c09d build(deps): bump github.com/securego/gosec/v2 from v2.24.7 to 619ce2117e08 (#6424)
• 760f8ab58f508c36d0da483000e7dec66c5096c3 build(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in /scripts/gen_github_action_config in the scripts group (#6425)
• 5ea763ec8d0060c93002d79ab2bce1bad7480600 build(deps): bump the github-actions group with 2 updates (#6426)

v2.11.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• 6ebd82f6a722198cd276533485d7a458450d1ed3 fix: fmt with path (#6418)

v2.11.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published.

This release contains the same things as v2.11.0.

v2.11.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint/v2's changelog.

v2.11.3

Released on 2026-03-10

1. Linters bug fixes
   • gosec: from v2.24.7 to 619ce2117e08

v2.11.2

Released on 2026-03-07

1. Fixes
   • fmt: fix error when using the fmt command with explicit paths.

v2.11.1

Released on 2026-03-06

Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published.

This release contains the same things as v2.11.0.

v2.11.0

Released on 2026-03-06

1. Linters new features or changes
   • errcheck: from 1.9.0 to 1.10.0 (exclude crypto/rand.Read by default)
   • gosec: from 2.23.0 to 2.24.6 (new rules: G113, G118, G119, G120, G121, G122, G123, G408, G707)
   • noctx: from 0.4.0 to 0.5.0 (new detection: httptest.NewRequestWithContext)
   • prealloc: from 1.0.2 to 1.1.0
   • revive: from 1.14.0 to 1.15.0 (⚠️ Breaking change: package-related checks moved from var-naming to a new rule package-naming)
2. Linters bug fixes
   • gocognit: from 1.2.0 to 1.2.1
   • gosec: from 2.24.6 to 2.24.7
   • unqueryvet: from 1.5.3 to 1.5.4

v2.10.1

Released on 2026-02-17

1. Fixes
   • buildssa panic

v2.10.0

Released on 2026-02-17

1. Linters new features or changes
   • ginkgolinter: from 0.22.0 to 0.23.0

... (truncated)

Commits

• 6008b81 chore: prepare release
• 697a189 build(deps): bump github.com/securego/gosec/v2 from v2.24.7 to 619ce2117e08 (...
• 5ea763e build(deps): bump the github-actions group with 2 updates (#6426)
• 760f8ab build(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in /scripts/gen_g...
• bba7663 docs: update GitHub Action assets (#6419)
• e8f6219 chore: prepare release
• 6ebd82f fix: fmt with path (#6418)
• 9cab9dc docs: update GitHub Action assets (#6415)
• 89a46a2 chore: prepare release
• ff7206c docs: update GitHub Action assets (#6414)
• Additional commits viewable in compare view

Updates github.com/vektra/mockery/v3 from 3.6.4 to 3.7.0

Release notes

Sourced from github.com/vektra/mockery/v3's releases.

v3.7.0

What's Changed

• Update example by @​DenisPalnitsky in vektra/mockery#1144
• Refactor name suggestion logic in method_scope.go by @​LandonTClipp in vektra/mockery#1148
• feat: goimports configuration options by @​rfwatson in vektra/mockery#1138

New Contributors

• @​DenisPalnitsky made their first contribution in vektra/mockery#1144
• @​rfwatson made their first contribution in vektra/mockery#1138

Full Changelog: vektra/mockery@v3.6.4...v3.7.0

Commits

• 61b1a45 Update VERSION to v3.7.0
• 1bcb334 Merge pull request #1138 from rfwatson/feat/goimports-local-prefix
• 533f37c fix: format-only default value
• c877b7e Merge pull request #1148 from vektra/LandonTClipp-patch-2
• 4dfe781 test: remove extraneous test
• d0f5c50 doc: update README.md
• e37444a refactor: nil handling
• e5275a1 fix: improve nil safety
• 64b11b2 chore: remove stray debug line
• fe4faad feat: improve goimports integration
• Additional commits viewable in compare view

Updates golang.org/x/tools from 0.42.0 to 0.43.0

Commits

• 24a8e95 go.mod: update golang.org/x dependencies
• 3dd57fb gopls/internal/mcp: refactor unified diff generation
• fcc014d cmd/digraph: fix package doc
• 39f0f5c cmd/stress: add -failfast flag
• 063c264 gopls/test/integration/misc: add diagnostics to flaky test
• deb6130 gopls/internal/golang: fix hover panic in raw strings with CRLF
• 5f1186b gopls/internal/analysis/driverutil: remove unnecessary new imports
• ff45494 go/analysis: expose GoMod etc. to Pass.Module
• 62daff4 go/analysis/passes/inline: fix panic in inlineAlias with instantiated generic...
• fcb6088 x/tools: delete obsolete code
• Additional commits viewable in compare view

Updates mvdan.cc/sh/v3 from 3.12.0 to 3.13.0

Release notes

Sourced from mvdan.cc/sh/v3's releases.

v3.13.0

This release introduces support for Zsh in the parser and formatter, which was tracked in issue #120 alongside the label https://github.com/mvdan/sh/labels/zsh. While support is not complete, it should be far enough for many use cases.

This release also drops support for Go 1.24 and includes many other enhancements:

• cmd/shfmt
  • Exit with a non-zero status when -l prints any filenames
  • shfmt -version is now derived from the git current tag, dropping the -ldflags workaround
• syntax
  • New nodes types and node fields are introduced alongside LangZsh
  • LangVariant is now a bitset, allowing the use of sets like "Bash-like"
  • Add InteractiveSeq and StmtsSeq iterator methods for Parser
  • Stop exposing the internal buffer in Printer via struct embedding
  • Support the use of brace expansions like declare {a,b}_c=value
  • Fix a bug where POSIX and Bash incorrectly allowed empty command lists
• interp
  • Add support for shopt -s dotglob and shopt -s extglob
  • Add support for simple uses of !(expr) extended glob patterns
  • Support more builtin flags for declare, type, read
  • Fix various bugs relating to nulls, errors, and arrays
• expand
  • Add Config.DotGlob and Config.ExtGlob for the interpreter
  • Add Variable.Flags to get the one-character declare flags
  • Do not force env vars on Windows to be uppercase
  • Fix various bugs relating to glob pattern matching
• pattern
  • Add GlobLeadingDot and ExtendedOperators for the interpreter
  • Add NegExtGlobError to mark the use of !(expr) negation patterns

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.26.1 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Note that this release no longer includes a sha256sums.txt asset; GitHub now provide digests natively.

Changelog

Sourced from mvdan.cc/sh/v3's changelog.

Changelog

Commits

• 5c4d285 cmd/shfmt: bump Go and Alpine in the Dockerfile
• 1ae455b update golang.org/x/sys
• cb484d3 syntax: apply gopls warning suggestion
• 64d9126 syntax: gofmt -w
• 55d279f syntax: simplify zsh logic on left parentheses
• 1cf3c19 syntax: support alternations in zsh test expressions
• 0f0636e syntax: support parsing extended globs in zsh
• a173247 syntax: parse and format zsh >! redirects as >|
• d6bf6c9 syntax: rename ParamExp.Plus to IsSet
• b612daa cmd/shfmt: simplify flag value code
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml