[tools]: Bump the all-tools group across 1 directory with 5 updates

[dependabot]

Bumps the all-tools group with 4 updates in the /tools directory: github.com/golangci/golangci-lint/v2, github.com/vektra/mockery/v3, golang.org/x/tools and mvdan.cc/sh/v3.

Updates github.com/golangci/golangci-lint/v2 from 2.8.0 to 2.11.3

Release notes

Sourced from github.com/golangci/golangci-lint/v2's releases.

v2.11.3

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• 697a1899cc458a617306273776854c4a4fd3c09d build(deps): bump github.com/securego/gosec/v2 from v2.24.7 to 619ce2117e08 (#6424)
• 760f8ab58f508c36d0da483000e7dec66c5096c3 build(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in /scripts/gen_github_action_config in the scripts group (#6425)
• 5ea763ec8d0060c93002d79ab2bce1bad7480600 build(deps): bump the github-actions group with 2 updates (#6426)

v2.11.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• 6ebd82f6a722198cd276533485d7a458450d1ed3 fix: fmt with path (#6418)

v2.11.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published.

This release contains the same things as v2.11.0.

v2.11.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint/v2's changelog.

v2.11.3

Released on 2026-03-10

1. Linters bug fixes
   • gosec: from v2.24.7 to 619ce2117e08

v2.11.2

Released on 2026-03-07

1. Fixes
   • fmt: fix error when using the fmt command with explicit paths.

v2.11.1

Released on 2026-03-06

Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published.

This release contains the same things as v2.11.0.

v2.11.0

Released on 2026-03-06

1. Linters new features or changes
   • errcheck: from 1.9.0 to 1.10.0 (exclude crypto/rand.Read by default)
   • gosec: from 2.23.0 to 2.24.6 (new rules: G113, G118, G119, G120, G121, G122, G123, G408, G707)
   • noctx: from 0.4.0 to 0.5.0 (new detection: httptest.NewRequestWithContext)
   • prealloc: from 1.0.2 to 1.1.0
   • revive: from 1.14.0 to 1.15.0 (⚠️ Breaking change: package-related checks moved from var-naming to a new rule package-naming)
2. Linters bug fixes
   • gocognit: from 1.2.0 to 1.2.1
   • gosec: from 2.24.6 to 2.24.7
   • unqueryvet: from 1.5.3 to 1.5.4

v2.10.1

Released on 2026-02-17

1. Fixes
   • buildssa panic

v2.10.0

Released on 2026-02-17

1. Linters new features or changes
   • ginkgolinter: from 0.22.0 to 0.23.0

... (truncated)

Commits

• 6008b81 chore: prepare release
• 697a189 build(deps): bump github.com/securego/gosec/v2 from v2.24.7 to 619ce2117e08 (...
• 5ea763e build(deps): bump the github-actions group with 2 updates (#6426)
• 760f8ab build(deps): bump golang.org/x/oauth2 from 0.35.0 to 0.36.0 in /scripts/gen_g...
• bba7663 docs: update GitHub Action assets (#6419)
• e8f6219 chore: prepare release
• 6ebd82f fix: fmt with path (#6418)
• 9cab9dc docs: update GitHub Action assets (#6415)
• 89a46a2 chore: prepare release
• ff7206c docs: update GitHub Action assets (#6414)
• Additional commits viewable in compare view

Updates github.com/vektra/mockery/v3 from 3.6.3 to 3.7.0

Release notes

Sourced from github.com/vektra/mockery/v3's releases.

v3.7.0

What's Changed

• Update example by @​DenisPalnitsky in vektra/mockery#1144
• Refactor name suggestion logic in method_scope.go by @​LandonTClipp in vektra/mockery#1148
• feat: goimports configuration options by @​rfwatson in vektra/mockery#1138

New Contributors

• @​DenisPalnitsky made their first contribution in vektra/mockery#1144
• @​rfwatson made their first contribution in vektra/mockery#1138

Full Changelog: vektra/mockery@v3.6.4...v3.7.0

v3.6.4

What's Changed

• Basic documentation updates by @​LandonTClipp in vektra/mockery#1137
• v3: Support Go 1.26 by @​LandonTClipp in vektra/mockery#1142

Full Changelog: vektra/mockery@v3.6.3...v3.6.4

Commits

• 61b1a45 Update VERSION to v3.7.0
• 1bcb334 Merge pull request #1138 from rfwatson/feat/goimports-local-prefix
• 533f37c fix: format-only default value
• c877b7e Merge pull request #1148 from vektra/LandonTClipp-patch-2
• 4dfe781 test: remove extraneous test
• d0f5c50 doc: update README.md
• e37444a refactor: nil handling
• e5275a1 fix: improve nil safety
• 64b11b2 chore: remove stray debug line
• fe4faad feat: improve goimports integration
• Additional commits viewable in compare view

Updates golang.org/x/tools from 0.42.0 to 0.43.0

Commits

• 24a8e95 go.mod: update golang.org/x dependencies
• 3dd57fb gopls/internal/mcp: refactor unified diff generation
• fcc014d cmd/digraph: fix package doc
• 39f0f5c cmd/stress: add -failfast flag
• 063c264 gopls/test/integration/misc: add diagnostics to flaky test
• deb6130 gopls/internal/golang: fix hover panic in raw strings with CRLF
• 5f1186b gopls/internal/analysis/driverutil: remove unnecessary new imports
• ff45494 go/analysis: expose GoMod etc. to Pass.Module
• 62daff4 go/analysis/passes/inline: fix panic in inlineAlias with instantiated generic...
• fcb6088 x/tools: delete obsolete code
• Additional commits viewable in compare view

Updates honnef.co/go/tools from 0.6.1 to 0.7.0

Release notes

Sourced from honnef.co/go/tools's releases.

Staticcheck 2026.1 (v0.7.0)

Improved Go 1.25 and Go 1.26 support

This release updates Staticcheck’s database of deprecated standard library APIs to cover the Go 1.25 and Go 1.26 releases, as well as to add some crypto/elliptic deprecations from Go 1.21 that were missing. Furthermore, it adds support for new(expr), which was added in Go 1.26.

Other changes

• Version mismatch checks have been relaxed and no longer care about mismatches in the patch level. For example, Staticcheck built with Go 1.26.0 will be able to check code using Go 1.26.1.
• Staticcheck no longer opens staticcheck.conf files that aren’t regular files (or symlinks to regular files). See this gomodfs issue for the motivation behind this change.
• Staticcheck now exits with a non-zero status code if it encountered an invalid configuration file.

Checks

Changed checks

The following checks have been improved:

• SA1026 no longer panics when checking code that tries to marshal named functions (issue 1660).
• SA4000 no longer flags var _ = T{} == T{}, a pattern used to ensure that type T is comparable (issue 1670).
• SA4000 now correctly skips structs containing floats.
• SA4000 now skips functions from the math/rand/v2 package.
• SA4003 now skips over generated files.
• SA4030 now also checks uses of math/rand/v2.
• SA5008 has been updated with better support for encoding/json/v2.
• SA5010 no longer tries to reason about generics, to avoid false positives.
• ST1019 no longer flags duplicate imports of unsafe, mainly to play nice with cgo.
• ST1003 and QF1002 now emit more concise positions, benefitting users of gopls (issue 1647).
• ST1019 now allows importing the same package twice, once using a blank import (issue 1688).
• QF1008 no longer offers to delete all embedded fields from a selector expression. Even when two fields are individually superfluous, removing both might change the semantics of the code (issue 1682).
• QF1012 now detects more uses of bytes.Buffer (issue 1097).
• A bug in the intermediate representation was fixed, affecting the behavior of various checks (issue 1654).

Staticcheck 2025.1.1 (v0.6.1)

This is a re-release of 2025.1 but with prebuilt binaries that have been built with Go 1.24.1.

Staticcheck 2025.1 (v0.6.0)

Added Go 1.24 support

This release adds support for Go 1.24.

Checks

Changed checks

The following checks have been improved:

• U1000 treats all fields in a struct as used if the struct has a field of type structs.HostLayout.
• S1009 now emits a clearer message.
• S1008 no longer recommends simplifying branches that contain comments (issue 704, issue 1488).
• S1009 now flags another redundant nil check (issue 1605).
• QF1002 now emits a valid automatic fix for switches that use initialization statements (issue 1613).

... (truncated)

Commits

• ff63afa Version 2026.1 (v0.7.0)
• b4a35ea Ignore deprecated uses of GOROOT in our code
• ad522a4 config: add simd/archsimd to default dot_import_whitelist
• 9bb55d1 website: go mod tidy
• 4d7b7cb website: add 2026.1 release notes
• 5b2cf0a go/ir, go/buildid: update UPSTREAM
• 4e2a09a SA5008: update for latest version of encoding/json/v2
• 8be920f Update to Go 1.25 and run 'go fix'
• 952cd74 knowledge: update deprecations for Go 1.26
• 0ca3b12 go/ir: support new(expr)
• Additional commits viewable in compare view

Updates mvdan.cc/sh/v3 from 3.12.0 to 3.13.0

Release notes

Sourced from mvdan.cc/sh/v3's releases.

v3.13.0

This release introduces support for Zsh in the parser and formatter, which was tracked in issue #120 alongside the label https://github.com/mvdan/sh/labels/zsh. While support is not complete, it should be far enough for many use cases.

This release also drops support for Go 1.24 and includes many other enhancements:

• cmd/shfmt
  • Exit with a non-zero status when -l prints any filenames
  • shfmt -version is now derived from the git current tag, dropping the -ldflags workaround
• syntax
  • New nodes types and node fields are introduced alongside LangZsh
  • LangVariant is now a bitset, allowing the use of sets like "Bash-like"
  • Add InteractiveSeq and StmtsSeq iterator methods for Parser
  • Stop exposing the internal buffer in Printer via struct embedding
  • Support the use of brace expansions like declare {a,b}_c=value
  • Fix a bug where POSIX and Bash incorrectly allowed empty command lists
• interp
  • Add support for shopt -s dotglob and shopt -s extglob
  • Add support for simple uses of !(expr) extended glob patterns
  • Support more builtin flags for declare, type, read
  • Fix various bugs relating to nulls, errors, and arrays
• expand
  • Add Config.DotGlob and Config.ExtGlob for the interpreter
  • Add Variable.Flags to get the one-character declare flags
  • Do not force env vars on Windows to be uppercase
  • Fix various bugs relating to glob pattern matching
• pattern
  • Add GlobLeadingDot and ExtendedOperators for the interpreter
  • Add NegExtGlobError to mark the use of !(expr) negation patterns

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.26.1 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Note that this release no longer includes a sha256sums.txt asset; GitHub now provide digests natively.

Changelog

Sourced from mvdan.cc/sh/v3's changelog.

Changelog

Commits

• 5c4d285 cmd/shfmt: bump Go and Alpine in the Dockerfile
• 1ae455b update golang.org/x/sys
• cb484d3 syntax: apply gopls warning suggestion
• 64d9126 syntax: gofmt -w
• 55d279f syntax: simplify zsh logic on left parentheses
• 1cf3c19 syntax: support alternations in zsh test expressions
• 0f0636e syntax: support parsing extended globs in zsh
• a173247 syntax: parse and format zsh >! redirects as >|
• d6bf6c9 syntax: rename ParamExp.Plus to IsSet
• b612daa cmd/shfmt: simplify flag value code
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.