[tools]: Bump the all-tools group across 1 directory with 6 updates

[dependabot]

Bumps the all-tools group with 4 updates in the /tools directory: github.com/golangci/golangci-lint/v2, github.com/itchyny/gojq, mvdan.cc/gofumpt and mvdan.cc/sh/v3.

Updates github.com/golangci/golangci-lint/v2 from 2.8.0 to 2.12.2

Release notes

Sourced from github.com/golangci/golangci-lint/v2's releases.

v2.12.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• 0b01827ae79a0cb92002b4b39867d133cef4c05c build(deps): bump github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.2 in /pkg/golinters/ginkgolinter/testdata in the linter-testdata group across 1 directory (#6559)
• 1a0697fc84d7f1376c8d8b1ebe20d9331c3d221f build(deps): bump github.com/pelletier/go-toml/v2 from 2.3.0 to 2.3.1 (#6548)
• f11cfe0f968601fb4cf40c704ca18e97b49282dd build(deps): bump github.com/ryancurrah/gomodguard/v2 from 2.1.0 to 2.1.3 (#6549)
• fb2c2411a7e6b05778c097c971e4017d2a6ef5c9 build(deps): bump github.com/shirou/gopsutil/v4 from 4.26.3 to 4.26.4 (#6547)
• 9a10710cd9d198dbda7ebdf39f7be4c659bc20c9 build(deps): bump github.com/uudashr/iface from 1.4.1 to 1.4.2 (#6557)
• 81e8f81bbb341152bb21dc516981cb4c30712088 gomodguard: fix blocked configuration (#6561)

v2.12.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

[!IMPORTANT] If you are using the install script from the master branch: https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh This branch is not used anymore, we are using main.

We recommend using https://golangci-lint.run/install.sh as URL to install golangci-lint.

https://golangci-lint.run/docs/welcome/install/local/#binaries

• 35b2189782a6a059489289257e6523550167cb64 fix: install.sh script (#6539)
• 3a006ab284f52a5aac0a7daa77ae683e43fb7b69 gomodguard: fix panic with migration suggestion (#6542)

v2.12.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint/v2's changelog.

v2.12.2

Released on 2026-05-06

1. Linters bug fixes
   • gomodguard_v2: fix blocked configuration
   • gomodguard_v2: from 2.1.0 to 2.1.3
   • iface: from 1.4.1 to 1.4.2

v2.12.1

Released on 2026-05-01

1. Linters bug fixes
   • gomodguard_v2: fix panic with migration suggestion
2. Misc.
   • fix install.sh script (if you are still using an URL based on the branch master, please update to use https://golangci-lint.run/install.sh)

v2.12.0

Released on 2026-05-01

1. New linters
   • Add clickhouselint linter https://github.com/ClickHouse/clickhouse-go-linter
2. Linters new features or changes
   • dupl: from f665c8d69b32 to c99c5cf5c202 (extended detection)
   • funcorder: from 0.5.0 to 0.6.0 (new option: function)
   • goconst: add an option to ignore strings from tests
   • goconst: from 1.8.2 to 1.10.0 (extended detection)
   • gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)
   • gosec: from 619ce2117e08 to 2.26.1 (new checks: G124, G708, G709, G710)
   • govet: add inline analyzer
   • makezero: from 2.1.0 to 2.2.1 (support slice type aliases)
   • paralleltest: expose checkcleanup option
   • sloglint: from 0.11.1 to 0.12.0 (new options: allowed-keys, custom-funcs)
   • wsl_v5: from 5.6.0 to 5.8.0 (new option: cuddle-max-statements; new checks: after-decl, after-defer, after-expr, after-go, cuddle-group)
3. Linters bug fixes
   • forbidigo: from 2.3.0 to 2.3.1
   • godot: from 1.5.4 to 1.5.6
   • govet-modernize: from 0.43.0 to 0.44.0
   • ireturn: from 0.4.0 to 0.4.1
   • rowserrcheck: from 1.1.1 to c5f79b8
4. Misc.
   • Decrease cache entropy
   • Embed the JSON schema in the binary
   • Filter env vars when cloning the repository with the custom command

v2.11.4

Released on 2026-03-22

... (truncated)

Commits

• c0d3ddc chore: prepare release
• 41f8dfb dev: keep only JSONSchema (#6564)
• 81e8f81 gomodguard: fix blocked configuration (#6561)
• 9a10710 build(deps): bump github.com/uudashr/iface from 1.4.1 to 1.4.2 (#6557)
• 0b01827 build(deps): bump github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.2 in /pkg/gol...
• 18bc4bf docs: update GitHub Action assets (#6554)
• 54a04eb dev: update Hugo (#6553)
• 0e8093b docs: update documentation assets (#6552)
• b665704 dev: workaround for post-release trigger (#6551)
• 006d012 dev: update documentation theme (#6550)
• Additional commits viewable in compare view

Updates github.com/itchyny/gojq from 0.12.18 to 0.12.19

Release notes

Sourced from github.com/itchyny/gojq's releases.

Release v0.12.19

• fix gsub and sub when the replacement emits multiple values
• fix fmax, fmin, modf functions against NaN and infinities
• fix join/1 to use add/0 implementation and handle null separator
• fix del and delpaths on null to emit null
• fix arithmetic operations on the minimum integer
• fix significand function against subnormal numbers
• fix handling of -- in cli flag parsing for jq compatibility
• fix flatten/1 to emit error when the depth is NaN
• fix array slice update to validate index types
• fix string repetition boundary check to match jq behavior
• implement splits/2 using match/2 for better jq compatibility
• implement to_entries and from_entries in jq for simplicity
• improve performance of regexp functions by caching compiled regexps

Changelog

Sourced from github.com/itchyny/gojq's changelog.

v0.12.19 (2026-04-01)

• fix gsub and sub when the replacement emits multiple values
• fix fmax, fmin, modf functions against NaN and infinities
• fix join/1 to use add/0 implementation and handle null separator
• fix del and delpaths on null to emit null
• fix arithmetic operations on the minimum integer
• fix significand function against subnormal numbers
• fix handling of -- in cli flag parsing for jq compatibility
• fix flatten/1 to emit error when the depth is NaN
• fix array slice update to validate index types
• fix string repetition boundary check to match jq behavior
• implement splits/2 using match/2 for better jq compatibility
• implement to_entries and from_entries in jq for simplicity
• improve performance of regexp functions by caching compiled regexps

Commits

• b7ebffb bump up version to 0.12.19
• b02c97b update CHANGELOG.md for v0.12.19
• d7ca9b5 implement to_entries and from_entries in jq for simplicity
• bac8b0b update dependencies
• 183cbec bump up Docker actions
• 40707cf fix repeated argument type any
• b5ece86 fix handling of -- in cli flag parsing for jq compatibility
• cca2307 re-generate the parser.go file
• ca5066d fix gsub and sub when the replacement emits multiple values
• 0878958 improve performance of regexp functions by caching compiled regexps (fix #230)
• Additional commits viewable in compare view

Updates golang.org/x/tools from 0.41.0 to 0.44.0

Commits

• 3dd188d go.mod: update golang.org/x dependencies
• aebd870 gopls: improve doc link matching to support links followed by a colon
• 5357b43 go/analysis/passes/modernize: rangeint: handle type parameter constraints
• bf04c61 go/types/internal/play: show normal terms of selected type
• 0ae2de0 gopls/internal/filecache: cache decoded objects in memCache
• 8e51a5f go/ssa: support direct references to embedded fields in struct lit
• 5005b9e internal/gcimporter: rename ureader_yes.go to ureader.go
• 5ca865b go/types/objectpath: add debugging command
• f6476fb internal/gcimporter: consume generic methods in gcimporter
• b36d1d1 internal/pkgbits: sync version.go with goroot
• Additional commits viewable in compare view

Updates honnef.co/go/tools from 0.6.1 to 0.7.0

Release notes

Sourced from honnef.co/go/tools's releases.

Staticcheck 2026.1 (v0.7.0)

Improved Go 1.25 and Go 1.26 support

This release updates Staticcheck’s database of deprecated standard library APIs to cover the Go 1.25 and Go 1.26 releases, as well as to add some crypto/elliptic deprecations from Go 1.21 that were missing. Furthermore, it adds support for new(expr), which was added in Go 1.26.

Other changes

• Version mismatch checks have been relaxed and no longer care about mismatches in the patch level. For example, Staticcheck built with Go 1.26.0 will be able to check code using Go 1.26.1.
• Staticcheck no longer opens staticcheck.conf files that aren’t regular files (or symlinks to regular files). See this gomodfs issue for the motivation behind this change.
• Staticcheck now exits with a non-zero status code if it encountered an invalid configuration file.

Checks

Changed checks

The following checks have been improved:

• SA1026 no longer panics when checking code that tries to marshal named functions (issue 1660).
• SA4000 no longer flags var _ = T{} == T{}, a pattern used to ensure that type T is comparable (issue 1670).
• SA4000 now correctly skips structs containing floats.
• SA4000 now skips functions from the math/rand/v2 package.
• SA4003 now skips over generated files.
• SA4030 now also checks uses of math/rand/v2.
• SA5008 has been updated with better support for encoding/json/v2.
• SA5010 no longer tries to reason about generics, to avoid false positives.
• ST1019 no longer flags duplicate imports of unsafe, mainly to play nice with cgo.
• ST1003 and QF1002 now emit more concise positions, benefitting users of gopls (issue 1647).
• ST1019 now allows importing the same package twice, once using a blank import (issue 1688).
• QF1008 no longer offers to delete all embedded fields from a selector expression. Even when two fields are individually superfluous, removing both might change the semantics of the code (issue 1682).
• QF1012 now detects more uses of bytes.Buffer (issue 1097).
• A bug in the intermediate representation was fixed, affecting the behavior of various checks (issue 1654).

Staticcheck 2025.1.1 (v0.6.1)

This is a re-release of 2025.1 but with prebuilt binaries that have been built with Go 1.24.1.

Staticcheck 2025.1 (v0.6.0)

Added Go 1.24 support

This release adds support for Go 1.24.

Checks

Changed checks

The following checks have been improved:

• U1000 treats all fields in a struct as used if the struct has a field of type structs.HostLayout.
• S1009 now emits a clearer message.
• S1008 no longer recommends simplifying branches that contain comments (issue 704, issue 1488).
• S1009 now flags another redundant nil check (issue 1605).
• QF1002 now emits a valid automatic fix for switches that use initialization statements (issue 1613).

... (truncated)

Commits

• ff63afa Version 2026.1 (v0.7.0)
• b4a35ea Ignore deprecated uses of GOROOT in our code
• ad522a4 config: add simd/archsimd to default dot_import_whitelist
• 9bb55d1 website: go mod tidy
• 4d7b7cb website: add 2026.1 release notes
• 5b2cf0a go/ir, go/buildid: update UPSTREAM
• 4e2a09a SA5008: update for latest version of encoding/json/v2
• 8be920f Update to Go 1.25 and run 'go fix'
• 952cd74 knowledge: update deprecations for Go 1.26
• 0ca3b12 go/ir: support new(expr)
• Additional commits viewable in compare view

Updates mvdan.cc/gofumpt from 0.9.2 to 0.10.0

Release notes

Sourced from mvdan.cc/gofumpt's releases.

v0.10.0

This release is based on Go 1.26's gofmt, and requires Go 1.25 or later.

A new rule is introduced to drop unnecessary parentheses around expressions where the inner expression is unambiguous on its own, such as f((3)). Parentheses are kept where they are useful, such as on binary expressions. See #44.

A new rule is introduced to require multi-line function calls to match the opening and closing parenthesis in terms of the use of newlines. See #74.

The -extra flag now accepts a comma-separated list of rule names to enable individual extra rules, rather than enabling all of them at once. See #339.

The following changes are included as well:

• Avoid crashing on go.mod files without a module directive - #350
• Avoid failing when an ignored directory cannot be read - #351
• Avoid prefixing more kinds of commented-out Go code with spaces - #230
• Avoid prefixing a shebang comment with a space - #237
• Narrow the newlines on assignments rule to ignore complex cases - #354
• Fix three bugs which caused a second gofumpt run to make changes - #132, #345

Binaries built on go version go1.26.2 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Consider becoming a sponsor if you benefit from the work that went into this release! New tiers with rewards are available as well.

Changelog

Sourced from mvdan.cc/gofumpt's changelog.

[v0.10.0] - 2026-05-04

This release is based on Go 1.26's gofmt, and requires Go 1.25 or later.

A new rule is introduced to drop unnecessary parentheses around expressions where the inner expression is unambiguous on its own, such as f((3)). Parentheses are kept where they are useful, such as on binary expressions. See #44.

A new rule is introduced to require multi-line function calls to match the opening and closing parenthesis in terms of the use of newlines. See #74.

The -extra flag now accepts a comma-separated list of rule names to enable individual extra rules, rather than enabling all of them at once. See #339.

The following changes are included as well:

• Avoid crashing on go.mod files without a module directive - #350
• Avoid failing when an ignored directory cannot be read - #351
• Avoid prefixing more kinds of commented-out Go code with spaces - #230
• Avoid prefixing a shebang comment with a space - #237
• Narrow the newlines on assignments rule to ignore complex cases - #354
• Fix three bugs which caused a second gofumpt run to make changes - #132, #345

[v0.9.1] - 2025-09-07

This is a bugfix release to address a regression in detecting comment directives with special characters such as //golangcitest:config_path.

[v0.9.0] - 2025-09-02

This release is based on Go 1.25's gofmt, and requires Go 1.24 or later.

A new rule is introduced to "clothe" naked returns for the sake of clarity. While there is nothing wrong with naming results in function signatures, using lone return statements can be confusing to the reader.

Go 1.25's ignore directives in go.mod files are now obeyed; any directories within the module matching any of the patterns are now omitted when walking directories, such as with gofumpt -w ..

Module information is now loaded via Go's x/mod/modfile package rather than executing go mod edit -json, which is way faster. This should result in moderate speed-ups when formatting many directories.

[v0.8.0] - 2025-04-13

This release is based on Go 1.24's gofmt, and requires Go 1.23 or later.

The following changes are included:

... (truncated)

Commits

• 1405025 CHANGELOG: add entry for v0.10.0
• 3e7fd1f format: narrow scope of newline-after-assignment rule
• 64a87f4 format: leave shebang comments on the first line alone
• 529740e format: align opening and closing parens in multi-line calls
• a7ca065 format: add empty line after trailing inline comment between decls
• 018b5c8 format: re-sort imports after joining adjacent single-line decls
• d9b8a3c format: separate adjacent long func decls with a blank line
• de56e49 format: detect commented-out code by parsing as Go
• e476e62 testdata: add cases showing the commented-code heuristic limits
• ba22a6d format: remove definitely useless parentheses
• Additional commits viewable in compare view

Updates mvdan.cc/sh/v3 from 3.12.0 to 3.13.1

Release notes

Sourced from mvdan.cc/sh/v3's releases.

v3.13.1

• cmd/shfmt
  • Add support for [[zsh]] in EditorConfig files
  • Detect the shell variant from filenames like .zshrc and .bash_profile
  • Fix --apply-ignore when used with explicit args - #1310
• syntax
  • Revert an accidental change to how array subscripts are formatted - #1314
  • Never join ;; with the previous line when formatting - #1289
  • Fix a bug where $1[foo] was parsed as a subscript in Zsh - #1288
  • Correctly parse $! in double quotes in Zsh - #1298
  • Allow indexing into special parameters in Zsh - #1299
  • Allow parameter expansions with empty names in Zsh - #1280
• interp
  • Test against Bash 5.3 and fix three new discrepancies
  • Fix a few bugs related to nameref variables
  • Avoid panics when user input encounters unimplemented features

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.26.1 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

v3.13.0

This release introduces support for Zsh in the parser and formatter, which was tracked in issue #120 alongside the label https://github.com/mvdan/sh/labels/zsh. While support is not complete, it should be far enough for many use cases.

This release also drops support for Go 1.24 and includes many other enhancements:

• cmd/shfmt
  • Exit with a non-zero status when -l prints any filenames
  • shfmt -version is now derived from the git current tag, dropping the -ldflags workaround
• syntax
  • New nodes types and node fields are introduced alongside LangZsh
  • LangVariant is now a bitset, allowing the use of sets like "Bash-like"
  • Add InteractiveSeq and StmtsSeq iterator methods for Parser
  • Stop exposing the internal buffer in Printer via struct embedding
  • Support the use of brace expansions like declare {a,b}_c=value
  • Fix a bug where POSIX and Bash incorrectly allowed empty command lists
• interp
  • Add support for shopt -s dotglob and shopt -s extglob
  • Add support for simple uses of !(expr) extended glob patterns
  • Support more builtin flags for declare, type, read
  • Fix various bugs relating to nulls, errors, and arrays
• expand
  • Add Config.DotGlob and Config.ExtGlob for the interpreter
  • Add Variable.Flags to get the one-character declare flags
  • Do not force env vars on Windows to be uppercase
  • Fix various bugs relating to glob pattern matching
• pattern
  • Add GlobLeadingDot and ExtendedOperators for the interpreter

... (truncated)

Changelog

Sourced from mvdan.cc/sh/v3's changelog.

[3.13.1] - 2026-03-09

• cmd/shfmt
  • Add support for [[zsh]] in EditorConfig files
  • Detect the shell variant from filenames like .zshrc and .bash_profile
  • Fix --apply-ignore when used with explicit args - #1310
• syntax
  • Revert an accidental change to how array subscripts are formatted - #1314
  • Never join ;; with the previous line when formatting - #1289
  • Fix a bug where $1[foo] was parsed as a subscript in Zsh - #1288
  • Correctly parse $! in double quotes in Zsh - #1298
  • Allow indexing into special parameters in Zsh - #1299
  • Allow parameter expansions with empty names in Zsh - #1280
• interp
  • Test against Bash 5.3 and fix three new discrepancies
  • Fix a few bugs related to nameref variables
  • Avoid panics when user input encounters unimplemented features

[3.13.0] - 2026-03-09

This release introduces support for Zsh in the parser and formatter, which was tracked in issue #120 alongside the label https://github.com/mvdan/sh/labels/zsh. While support is not complete, it should be far enough for many use cases.

This release also drops support for Go 1.24 and includes many other enhancements:

• cmd/shfmt
  • Exit with a non-zero status when -l prints any filenames
  • shfmt -version is now derived from the git current tag, dropping the -ldflags workaround
• syntax
  • New nodes types and node fields are introduced alongside LangZsh
  • LangVariant is now a bitset, allowing the use of sets like "Bash-like"
  • Add InteractiveSeq and StmtsSeq iterator methods for Parser
  • Stop exposing the internal buffer in Printer via struct embedding
  • Support the use of brace expansions like declare {a,b}_c=value
  • Fix a bug where POSIX and Bash incorrectly allowed empty command lists
• interp
  • Add support for shopt -s dotglob and shopt -s extglob
  • Add support for simple uses of !(expr) extended glob patterns
  • Support more builtin flags for declare, type, read
  • Fix various bugs relating to nulls, errors, and arrays
• expand
  • Add Config.DotGlob and Config.ExtGlob for the interpreter
  • Add Variable.Flags to get the one-character declare flags
  • Do not force env vars on Windows to be uppercase
  • Fix various bugs relating to glob pattern matching
• pattern
  • Add GlobLeadingDot and ExtendedOperators for the interpreter
  • Add NegExtGlobError to mark the use of !(expr) negation patterns

Commits

• 2f3f5e3 CHANGELOG: add entry for v3.13.1
• 1b77144 CHANGELOG: add late entry for v3.13.0
• 4fe0cc2 README: bring output in caveats examples up to date
• d2b044b syntax: only make index expressions compact when it's a comma
• 1569230 syntax: add test cases for issue #1314
• e97b2b0 interp: avoid the last panics which can be triggered by users
• f299f47 cmd/shfmt: --apply-ignore should not skip explicit args based on extension
• 2315483 interp: fix a few nameref bugs
• 7e3be04 interp: test with Bash 5.3 and fix three bugs uncovered by it
• 8852860 pattern: tokenize patterns rune by rune
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions