[tools]: Bump the all-tools group in /tools with 4 updates

[dependabot]

Bumps the all-tools group in /tools with 4 updates: github.com/golangci/golangci-lint/v2, github.com/itchyny/gojq, golang.org/x/tools and honnef.co/go/tools.

Updates github.com/golangci/golangci-lint/v2 from 2.5.0 to 2.9.0

Release notes

Sourced from github.com/golangci/golangci-lint/v2's releases.

v2.9.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• 7bcbbbf04e2dff939a1383b44391d33949bcbfab build(deps): bump github.com/MirrexOne/unqueryvet from 1.4.0 to 1.5.0 (#6320)
• 34a7735dcafe57189faa191994faf3d546d9065e build(deps): bump github.com/MirrexOne/unqueryvet from 1.5.0 to 1.5.3 (#6332)
• 4fd6c246757e682f823d73ed4c34db5987571966 build(deps): bump github.com/alecthomas/chroma/v2 from 2.21.1 to 2.22.0 (#6308)
• bc9df8bab4d4bb1e809326fb78d18321b4c86bc1 build(deps): bump github.com/alecthomas/chroma/v2 from 2.22.0 to 2.23.0 (#6328)
• 2ed365c7944938b15a969dd36be9637b6c9c0d9e build(deps): bump github.com/alecthomas/chroma/v2 from 2.23.0 to 2.23.1 (#6338)
• 935cc2f1eb985f958f3e09ed9fbab7b008454ba3 build(deps): bump github.com/alexkohler/prealloc from 1.0.1 to 1.0.2 (#6307)
• a0a46d1c5f4333f10c702ac035534f4c81655316 build(deps): bump github.com/bombsimon/wsl/v5 from 5.3.0 to 5.6.0 (#6333)
• d79ce2f9d50dd7825ac18629e2ddd831190c195f build(deps): bump github.com/ghostiam/protogetter from 0.3.18 to 0.3.19 (#6326)
• 1d3d007777bd3381374e22f52e0c62e0bf282300 build(deps): bump github.com/ghostiam/protogetter from 0.3.19 to 0.3.20 (#6346)
• a41092538295644b731c139a3a29a30c26265001 build(deps): bump github.com/go-viper/mapstructure/v2 from 2.4.0 to 2.5.0 (#6318)
• 353cec6f307fe6c69ea1d584a6859efeafc2c2bc build(deps): bump github.com/golangci/golines from 0.14.0 to 0.15.0 (#6354)
• 645ae5b29b795d6dc23d387118890ec12a38319e build(deps): bump github.com/golangci/misspell from 0.7.0 to 0.8.0 (#6358)
• 9abb996cafd57c8a7c11d137cd4a300ce8379530 build(deps): bump github.com/mgechev/revive from 1.13.0 to 1.14.0 (#6359)
• 1a9f05c302532ad87b2091e387812796d798eaed build(deps): bump github.com/nunnatsa/ginkgolinter from 0.21.2 to 0.22.0 (#6306)
• 6106a601cfc7e15ee0fd3f614753a3d28c4143f4 build(deps): bump github.com/shirou/gopsutil/v4 from 4.25.12 to 4.26.1 (#6342)
• eac37cbcea389d8869da7002a68340184efed475 build(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4 (#6325)
• efc54c5e936947322d2c08168fd1e28c810c4f4e build(deps): bump go.augendre.info/arangolint from 0.3.1 to 0.4.0 (#6304)
• 8f0bb649d11c1316227560bce12e9be298402fea build(deps): bump golang.org/x/mod from 0.31.0 to 0.32.0 (#6317)
• 70ad936c9c6663bfed189c2e3de8601bdabccb83 build(deps): bump golang.org/x/mod from 0.32.0 to 0.33.0 (#6355)
• ca3fa5d1e88dc987c09c90571da9313232f49abc build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 in /scripts/gen_github_action_config in the scripts group (#6352)
• a0a1f7e102a052af76e0905f1d9460f612b83be5 build(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 (#6305)
• a346ce32524449a405b84c865e970111a67bb23b build(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 (#6356)
• 956db1275979ed4ca0e8f2180275af1151e6fa40 build(deps): bump golang.org/x/tools from 0.40.0 to 0.41.0 (#6319)
• 2eecf2820b74cd7ac4ab271d0a736136fb40d534 build(deps): bump golang.org/x/tools from 0.41.0 to 0.42.0 (#6357)
• b16c91e2c891bd4a1234508919f1a66682a2284b build(deps): bump the linter-testdata group across 1 directory with 2 updates (#6343)
• 4636637045cadcc952398d2d0c97faf3d7588bc8 feat: do not collect VCS information when loading code (#6349)
• 05158565b1be3d00d7b0eb66830358f456555c05 feat: log information about files when configuration verification (#6330)
• 7024fff9ee8306bee7b15fafa4c0fa07b84ab01e fix: emit an error when no linters enabled (#6323)
• e9b722123bb155c751490bb4c08ba7ddfda33baf go1.26 support (#6271)
• f9b1289ff70596864b232bf89ebd9ef9e86a8382 mnd: add more tests (#6324)
• de42a4682f1f2ac9544dfefb0aacdf980174ce92 unqueryvet: change default (#6350)

v2.8.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint/v2's changelog.

v2.9.0

Released on 2026-02-10

1. Enhancements
   • 🎉 go1.26 support
2. Linters new features or changes
   • arangolint: from 0.3.1 to 0.4.0 (new rule: detect potential query injections)
   • ginkgolinter: from 0.21.2 to 0.22.0 (support for wrappers)
   • golines: from 0.14.0 to 0.15.0
   • misspell: from 0.7.0 to 0.8.0
   • revive: from v1.13.0 to v1.14.0 (new rules: epoch-naming, use-slices-sort)
   • unqueryvet: from 1.4.0 to 1.5.3 (new options: check-n1, check-sql-injection, check-tx-leaks, allow, custom-rules)
   • wsl_v5: from 5.3.0 to 5.6.0 (new rule: after-block)
3. Linters bug fixes
   • modernize: from 0.41.0 to 0.42.0
   • prealloc: from 1.0.1 to 1.0.2
   • protogetter: from 0.3.18 to 0.3.20
4. Misc.
   • Log information about files when configuration verification
   • Emit an error when no linters enabled
   • Do not collect VCS information when loading code

v2.8.0

Released on 2026-01-07

1. Linters new features or changes
   • godoclint: from 0.10.2 to 0.11.1 (new rule: require-stdlib-doclink)
   • golines: from 442fd0091d95 to 0.14.0
   • gomoddirectives: from 0.7.1 to 0.8.0
   • gosec: from daccba6b93d7 to 2.22.11 (new rule: G116)
   • modernize: from 0.39.0 to 0.40.0 (new analyzers: stringscut, unsafefuncs)
   • prealloc: from 1.0.0 to 1.0.1 (message changes)
   • unqueryvet: from 1.3.0 to 1.4.0 (new options: check-aliased-wildcard, check-string-concat, check-format-strings, check-string-builder, check-subqueries, ignored-functions, sql-builders)
2. Linters bug fixes
   • gocritic: from 0.14.2 to 0.14.3
   • errorlint: from 1.8.0 to 1.9.0
   • govet: from 0.39.0 to 0.40.0
   • protogetter: from 0.3.17 to 0.3.18
   • revive: add missing enable-default-rules setting
3. Documentation
   • docs: split installation page

v2.7.2

Released on 2025-12-07

1. Linter bug fixes
   • gosec: from 2.22.10 to daccba6b93d7

... (truncated)

Commits

• 72798d3 chore: prepare release
• 26668d6 chore: minor changes
• e9b7221 go1.26 support (#6271)
• 9abb996 build(deps): bump github.com/mgechev/revive from 1.13.0 to 1.14.0 (#6359)
• 645ae5b build(deps): bump github.com/golangci/misspell from 0.7.0 to 0.8.0 (#6358)
• 2eecf28 build(deps): bump golang.org/x/tools from 0.41.0 to 0.42.0 (#6357)
• a346ce3 build(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 (#6356)
• 70ad936 build(deps): bump golang.org/x/mod from 0.32.0 to 0.33.0 (#6355)
• 353cec6 build(deps): bump github.com/golangci/golines from 0.14.0 to 0.15.0 (#6354)
• ca3fa5d build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 in /scripts/gen_g...
• Additional commits viewable in compare view

Updates github.com/itchyny/gojq from 0.12.17 to 0.12.18

Release notes

Sourced from github.com/itchyny/gojq's releases.

Release v0.12.18

• implement trimstr/1, toboolean/0 function
• fix last/1 to be included in builtins/0
• fix --indent 0 to preserve newlines
• fix string repetition to emit error when the result is too large
• increase the array index limit to 536870912 (2^29)
• stop numeric normalization for concurrent execution (see 1ace748d08df)
• support binding expressions with binary operators (1 + 2 as $x | -$x)
• improve gojq.NewIter to be a generic function
• improve logic for getting file contents on JSON parse error
• improve JSON parsing to preserve the precision of floating-point numbers
• improve YAML parsing performance and preserve the precision of large integers
• improve performance and reduce memory allocation of long-running queries

Changelog

Sourced from github.com/itchyny/gojq's changelog.

v0.12.18 (2025-12-02)

• implement trimstr/1, toboolean/0 function
• fix last/1 to be included in builtins/0
• fix --indent 0 to preserve newlines
• fix string repetition to emit error when the result is too large
• increase the array index limit to 536870912 (2^29)
• stop numeric normalization for concurrent execution (see 1ace748d08df)
• support binding expressions with binary operators (1 + 2 as $x | -$x)
• improve gojq.NewIter to be a generic function
• improve logic for getting file contents on JSON parse error
• improve JSON parsing to preserve the precision of floating-point numbers
• improve YAML parsing performance and preserve the precision of large integers
• improve performance and reduce memory allocation of long-running queries

Commits

• fa534a1 bump up version to 0.12.18
• d7e1531 update CHANGELOG.md for v0.12.18
• 672cc79 update dependencies
• 2263e18 update actions/checkout to v6
• 5d8a53c add more tests for empty strings and NO_COLOR
• 97274d3 make use of cmp package for comparisons
• 3e31863 merge identical cases for getting operator functions
• e4d456b avoid variable names that shadow built-in functions
• 19a3975 stop replacing capturing group syntax
• 5bb6d33 support binding expressions with binary operators (fix #283)
• Additional commits viewable in compare view

Updates golang.org/x/tools from 0.38.0 to 0.42.0

Commits

• 009367f go.mod: update golang.org/x dependencies
• 2182926 go/ast/inspector: add Cursor.ParentEdge{Kind,Index} methods
• 27020ac internal/server: add module upgrade pathway after vulncheck scanning
• c4ec0f5 internal/server: list vulnerabilities within vulncheck prompt
• 80d1715 gopls/internal/protocol: add document uri field type
• 0e23509 gopls/doc: update link to Acme LSP plugin
• 7b3ed75 gopls/internal/server: respect SemanticTokens option during initialization
• fddd4a6 gopls/filecache: prevent premature CAS file eviction
• e3a69ff gopls/internal/golang: refactor.inline.variable: add parens
• 955d132 gopls/internal/golang: migrate pkgdoc to cursor
• Additional commits viewable in compare view

Updates honnef.co/go/tools from 0.6.1 to 0.7.0

Release notes

Sourced from honnef.co/go/tools's releases.

Staticcheck 2026.1 (v0.7.0)

Improved Go 1.25 and Go 1.26 support

This release updates Staticcheck’s database of deprecated standard library APIs to cover the Go 1.25 and Go 1.26 releases, as well as to add some crypto/elliptic deprecations from Go 1.21 that were missing. Furthermore, it adds support for new(expr), which was added in Go 1.26.

Other changes

• Version mismatch checks have been relaxed and no longer care about mismatches in the patch level. For example, Staticcheck built with Go 1.26.0 will be able to check code using Go 1.26.1.
• Staticcheck no longer opens staticcheck.conf files that aren’t regular files (or symlinks to regular files). See this gomodfs issue for the motivation behind this change.
• Staticcheck now exits with a non-zero status code if it encountered an invalid configuration file.

Checks

Changed checks

The following checks have been improved:

• SA1026 no longer panics when checking code that tries to marshal named functions (issue 1660).
• SA4000 no longer flags var _ = T{} == T{}, a pattern used to ensure that type T is comparable (issue 1670).
• SA4000 now correctly skips structs containing floats.
• SA4000 now skips functions from the math/rand/v2 package.
• SA4003 now skips over generated files.
• SA4030 now also checks uses of math/rand/v2.
• SA5008 has been updated with better support for encoding/json/v2.
• SA5010 no longer tries to reason about generics, to avoid false positives.
• ST1019 no longer flags duplicate imports of unsafe, mainly to play nice with cgo.
• ST1003 and QF1002 now emit more concise positions, benefitting users of gopls (issue 1647).
• ST1019 now allows importing the same package twice, once using a blank import (issue 1688).
• QF1008 no longer offers to delete all embedded fields from a selector expression. Even when two fields are individually superfluous, removing both might change the semantics of the code (issue 1682).
• QF1012 now detects more uses of bytes.Buffer (issue 1097).
• A bug in the intermediate representation was fixed, affecting the behavior of various checks (issue 1654).

Staticcheck 2025.1.1 (v0.6.1)

This is a re-release of 2025.1 but with prebuilt binaries that have been built with Go 1.24.1.

Staticcheck 2025.1 (v0.6.0)

Added Go 1.24 support

This release adds support for Go 1.24.

Checks

Changed checks

The following checks have been improved:

• U1000 treats all fields in a struct as used if the struct has a field of type structs.HostLayout.
• S1009 now emits a clearer message.
• S1008 no longer recommends simplifying branches that contain comments (issue 704, issue 1488).
• S1009 now flags another redundant nil check (issue 1605).
• QF1002 now emits a valid automatic fix for switches that use initialization statements (issue 1613).

... (truncated)

Commits

• ff63afa Version 2026.1 (v0.7.0)
• b4a35ea Ignore deprecated uses of GOROOT in our code
• ad522a4 config: add simd/archsimd to default dot_import_whitelist
• 9bb55d1 website: go mod tidy
• 4d7b7cb website: add 2026.1 release notes
• 5b2cf0a go/ir, go/buildid: update UPSTREAM
• 4e2a09a SA5008: update for latest version of encoding/json/v2
• 8be920f Update to Go 1.25 and run 'go fix'
• 952cd74 knowledge: update deprecations for Go 1.26
• 0ca3b12 go/ir: support new(expr)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.