Bump the go-modules group with 3 updates

[dependabot]

Bumps the go-modules group with 3 updates: github.com/golangci/golangci-lint/v2, github.com/securego/gosec/v2 and go.uber.org/zap.

Updates github.com/golangci/golangci-lint/v2 from 2.11.4 to 2.12.1

Release notes

Sourced from github.com/golangci/golangci-lint/v2's releases.

v2.12.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

[!IMPORTANT] If you are using the install script from the master branch: https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh This branch is not used anymore, we are using main.

We recommend using https://golangci-lint.run/install.sh as URL to install golangci-lint.

https://golangci-lint.run/docs/welcome/install/local/#binaries

• 35b2189782a6a059489289257e6523550167cb64 fix: install.sh script (#6539)
• 3a006ab284f52a5aac0a7daa77ae683e43fb7b69 gomodguard: fix panic with migration suggestion (#6542)

v2.12.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

[!IMPORTANT] If you are using the install script from the master branch: https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh This branch is not used anymore, we are using main.

We recommend using https://golangci-lint.run/install.sh as URL to install golangci-lint.

https://golangci-lint.run/docs/welcome/install/local/#binaries

• d092dad51011497cda6dfcdeac572e87e7e00f79 Bump github.com/jingyugao/rowserrcheck from v1.1.1 to c5f79b8 (#6510)
• eec5c47e4a7a7e15fb0989cad1d6e41bf1b29c4b build(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0 (#6535)
• c670072b84808b392e04e9fa8b77355c99b7d4c0 build(deps): bump github.com/alecthomas/chroma/v2 from 2.23.1 to 2.24.1 (#6534)
• 493a1c881dad24cbe5fba5c2c8a1199ca383bb2c build(deps): bump github.com/ashanbrown/forbidigo/v2 from 2.3.0 to 2.3.1 (#6502)
• 3ad7eac33ff388240568f0fd0cccb2631e36f85d build(deps): bump github.com/ashanbrown/makezero/v2 from 2.1.0 to 2.2.0 (#6492)

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint/v2's changelog.

v2.12.1

Released on 2026-05-01

1. Linters bug fixes
   • gomodguard_v2: fix panic with migration suggestion
2. Misc.
   • fix install.sh script (if you are still using an URL based on the branch master, please update to use https://golangci-lint.run/install.sh)

v2.12.0

Released on 2026-05-01

1. New linters
   • Add clickhouselint linter https://github.com/ClickHouse/clickhouse-go-linter
2. Linters new features or changes
   • dupl: from f665c8d69b32 to c99c5cf5c202 (extended detection)
   • funcorder: from 0.5.0 to 0.6.0 (new option: function)
   • goconst: add an option to ignore strings from tests
   • goconst: from 1.8.2 to 1.10.0 (extended detection)
   • gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)
   • gosec: from 619ce2117e08 to 2.26.1 (new checks: G124, G708, G709, G710)
   • govet: add inline analyzer
   • makezero: from 2.1.0 to 2.2.1 (support slice type aliases)
   • paralleltest: expose checkcleanup option
   • sloglint: from 0.11.1 to 0.12.0 (new options: allowed-keys, custom-funcs)
   • wsl_v5: from 5.6.0 to 5.8.0 (new option: cuddle-max-statements; new checks: after-decl, after-defer, after-expr, after-go, cuddle-group)
3. Linters bug fixes
   • forbidigo: from 2.3.0 to 2.3.1
   • godot: from 1.5.4 to 1.5.6
   • govet-modernize: from 0.43.0 to 0.44.0
   • ireturn: from 0.4.0 to 0.4.1
   • rowserrcheck: from 1.1.1 to c5f79b8
4. Misc.
   • Decrease cache entropy
   • Embed the JSON schema in the binary
   • Filter env vars when cloning the repository with the custom command

Commits

• 9aa24e9 chore: prepare release
• 3a006ab gomodguard: fix panic with migration suggestion (#6542)
• 35b2189 fix: install.sh script (#6539)
• 6349bbc docs: update GitHub Action assets (#6538)
• 7761527 chore: prepare release
• 8116fb5 build(deps): bump github.com/bombsimon/wsl/v5 from 5.6.0 to 5.8.0 (#6536)
• eec5c47 build(deps): bump github.com/Masterminds/semver/v3 from 3.4.0 to 3.5.0 (#6535)
• c670072 build(deps): bump github.com/alecthomas/chroma/v2 from 2.23.1 to 2.24.1 (#6534)
• 80ad1dc feat: embed the JSON schema in the binary (#6533)
• 8589d80 build(deps): bump github.com/securego/gosec/v2 from 2.25.0 to 2.26.1 (#6532)
• Additional commits viewable in compare view

Updates github.com/securego/gosec/v2 from 2.25.0 to 2.26.1

Release notes

Sourced from github.com/securego/gosec/v2's releases.

v2.26.1

Changelog

• 4a3bd8af174872c778439083ded7adbf3747e770 Update cosign to v3.0.6 (#1659)

Commits

• 4a3bd8a Update cosign to v3.0.6 (#1659)
• 553d8a5 Sync taint rule docs and add missing CWE mappings for G113/G307 (#1658)
• bf0ccd3 Update all dependencies (#1657)
• 4ead098 Add G710 rule for open redirect via taint analysis (#1654)
• 8ff985f Fix formatting
• a1aad0c Update the default models use by autofix and phase out the older models
• 74bdf7f Format and clean-up the README
• 74dc989 Add HTTP file-serving function to the skins of pathtraversal analyzer (#1647)
• 7020111 Skip flaging the TLS min version for go 1.18+ (#1646)
• d5869fc chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0 (#1645)
• Additional commits viewable in compare view

Updates go.uber.org/zap from 1.27.1 to 1.28.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.28.0

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

#1534: uber-go/zap#1534

Changelog

Sourced from go.uber.org/zap's changelog.

1.28.0 (27 Apr 2026)

Enhancements:

• #1534[]: Add zapcore.CheckPreWriteHook and CheckedEntry.Before method for transforming entries before they are written to any Cores.

Commits

• 5b81b37 release v1.28.0 (#1547)
• 0ab0d5a zapcore: Add PreWriteHook for transforming entries before write (#1534)
• d278c59 [chore] CI: test on Go 1.26 (#1535)
• 16fb16b chore(dep): replace archived gopkg.in/yaml.v3 with officially maintained go.y...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions