fix(deps): update tool deps

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/golangci/golangci-lint	v1.62.2 -> v1.63.4
github.com/google/osv-scanner	v1.9.1 -> v1.9.2
github.com/securego/gosec/v2	v2.21.4 -> v2.22.0
go.opentelemetry.io/build-tools/crosslink	v0.15.0 -> v0.16.0
go.opentelemetry.io/build-tools/multimod	v0.15.0 -> v0.16.0
go.opentelemetry.io/collector/cmd/builder	v0.116.0 -> v0.117.0
go.opentelemetry.io/collector/cmd/mdatagen	v0.116.0 -> v0.117.0
golang.org/x/tools	v0.28.0 -> v0.29.0
golang.org/x/vuln	v1.1.3 -> v1.1.4

---

Release Notes

golangci/golangci-lint (github.com/golangci/golangci-lint)

v1.63.4

Compare Source

1. Linters bug fixes
   • dupl, gomodguard, revive: keep only Go-files.

v1.63.3

Compare Source

v1.63.2

Compare Source

v1.63.1

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• afa0e27 fix: filter files (#​5272)
• ffb15ca gci: fix cgo (#​5274)

v1.63.0

Compare Source

google/osv-scanner (github.com/google/osv-scanner)

v1.9.2

Compare Source

Changelog

Fixes:

• Bug #​1327 Parsing crash on malformed pnpm lockfile.
• Bug #​1377 Warn if a vulnerability is ignored multiple times in the same config.
• Bug #​1394 Guided remediation: handle extraneous/missing packages in package-lock.json more leniently.
• Bug #​1443 Go call analysis now works with Go version up to v1.23.4.
• Bug #​1436 Only fetch Maven snapshots and releases when enabled.
• Bug #​1456 Remove redundant calls from PreFetch.

New Contributors

• @​ivmeta made their first contribution in https://github.com/google/osv-scanner/pull/1327
• @​janniclas made their first contribution in https://github.com/google/osv-scanner/pull/1398

Full Changelog: google/osv-scanner@v1.9.1...v1.9.2

securego/gosec (github.com/securego/gosec/v2)

v2.22.0

Compare Source

Changelog

• e0cca6f Update what message for G104 (#​1282)
• 534689b chore(deps): update module github.com/onsi/ginkgo/v2 to v2.22.2 (#​1281)
• eb95db1 chore(deps): update all dependencies (#​1280)
• 6c6da40 chore(deps): update all dependencies (#​1279)
• b12f51f Simplify sortIssues implementation (#​1277)
• 54c2185 Enable testifylint and fix up lint issues (#​1276)
• 36c81ed Refactor AppendError to check for build.NoGoError (#​1273)
• 9a2d74f chore(deps): update module golang.org/x/net to v0.33.0 [security] (#​1275)
• 4c5ad91 Update README.md (#​1274)
• e21b4d4 Rule documentation updates (#​1272)
• 92de0ee Replace old golang.org links with new go.dev (#​1271)
• 4fda076 Refactor AppendError to use strings.Contains (#​1270)
• b01f49e Simplify Analyzer.ignore by reducing nesting (#​1269)
• b62cc33 Improve capitalization in AI API flags descriptions (#​1267)
• bc77d16 Remove unused golint dependency (#​1266)
• ef1a35f Simplify tests by using GinkgoT().TempDir() (#​1265)
• 09b9143 Documentation on adding new rules and analyzers (#​1262)
• 1bd92a8 chore(deps): update all dependencies (#​1268)
• ca55eca Update to go 1.22.10 and 1.23.4 versions (#​1264)
• 329cad8 chore(deps): update module golang.org/x/crypto to v0.31.0 [security] (#​1263)
• 08beb25 chore(deps): update all dependencies (#​1261)
• d566be2 chore(deps): update module github.com/onsi/gomega to v1.36.0 (#​1259)
• 8c602d0 fix: revive.redefines-builtin-id lint warnings (#​1257)
• 399e835 Fix typos in comments and fields
• 229cf63 Remove the decryption funtions/methods from G407 check
• 699cb55 Upate go to version 1.23.3 and 1.22.9
• 9b13cd5 Fix G115 false positive when going from parsed uint to larger int
• 08ea2a5 chore(deps): update all dependencies
• 4415613 chore(deps): update all dependencies
• 3274716 chore(deps): update all dependencies
• 1fb6a46 chore(deps): update all dependencies
• d2c92ed chore(deps): update all dependencies
• 4fd9872 Update go version to 1.23.2 and 1.22.8
• 1501618 chore(deps): update module google.golang.org/api to v0.201.0
• 7d33bc1 chore(deps): update all dependencies
• bd8b4b4 chore(deps): update all dependencies
• 1216c9b Fix the cosign step to authenticate with the container registry
• 50d1b4a chore(deps): update module google.golang.org/api to v0.199.0
• c0ba7c7 Update the gosec to v2.21.4 in the Github action
• a3299ce Add the version into goreleaser config

open-telemetry/opentelemetry-go-build-tools (go.opentelemetry.io/build-tools/crosslink)

v0.16.0

Compare Source

💡 Enhancements 💡

• crosslink: Adds a 'tidy' subcommand to generate 'go mod tidy' schedules (#​642)

open-telemetry/opentelemetry-collector (go.opentelemetry.io/collector/cmd/builder)

v0.117.0

Compare Source

🛑 Breaking changes 🛑

• otelcol: Remove warnings when 0.0.0.0 is used (#​11713, #​8510)

🧰 Bug fixes 🧰

• internal/sharedcomponent: Fixed bug where sharedcomponent would use too much memory remembering all the previously reported statuses (#​11826)

---

Configuration

📅 Schedule: Branch creation - "before 5am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: internal/tools/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 63 additional dependencies were updated

Details:

Package	Change
cloud.google.com/go	v0.115.1 -> v0.116.0
cloud.google.com/go/auth	v0.9.4 -> v0.13.0
cloud.google.com/go/auth/oauth2adapt	v0.2.4 -> v0.2.6
cloud.google.com/go/compute/metadata	v0.5.1 -> v0.6.0
deps.dev/util/maven	v0.0.0-20241010035105-b3ba03369df1 -> v0.0.0-20241218001045-3890182485f3
deps.dev/util/resolve	v0.0.0-20241010035105-b3ba03369df1 -> v0.0.0-20241218001045-3890182485f3
github.com/4meepo/tagalign	v1.3.4 -> v1.4.1
github.com/Antonboom/nilnil	v1.0.0 -> v1.0.1
github.com/ProtonMail/go-crypto	v1.0.0 -> v1.1.3
github.com/alecthomas/go-check-sumtype	v0.2.0 -> v0.3.1
github.com/ashanbrown/makezero	v1.1.1 -> v1.2.0
github.com/bombsimon/wsl/v4	v4.4.1 -> v4.5.0
github.com/butuzov/ireturn	v0.3.0 -> v0.3.1
github.com/butuzov/mirror	v1.2.0 -> v1.3.0
github.com/charmbracelet/bubbletea	v1.1.1 -> v1.2.2
github.com/charmbracelet/lipgloss	v0.13.0 -> v1.0.0
github.com/charmbracelet/x/ansi	v0.2.3 -> v0.4.5
github.com/charmbracelet/x/term	v0.2.0 -> v0.2.1
github.com/ckaznocha/intrange	v0.2.1 -> v0.3.0
github.com/curioswitch/go-reassign	v0.2.0 -> v0.3.0
github.com/cyphar/filepath-securejoin	v0.3.1 -> v0.3.6
github.com/go-git/go-billy/v5	v5.5.0 -> v5.6.1
github.com/go-git/go-git/v5	v5.12.0 -> v5.13.1
github.com/go-xmlfmt/xmlfmt	v1.1.2 -> v1.1.3
github.com/golangci/gofmt	v0.0.0-20240816233607-d8596aa466a9 -> v0.0.0-20241223200906-057b0627d9b9
github.com/google/generative-ai-go	v0.18.0 -> v0.19.0
github.com/googleapis/gax-go/v2	v2.13.0 -> v2.14.0
github.com/jedib0t/go-pretty/v6	v6.6.0 -> v6.6.2
github.com/jjti/go-spancheck	v0.6.2 -> v0.6.4
github.com/julz/importas	v0.1.0 -> v0.2.0
github.com/ldez/gomoddirectives	v0.2.4 -> v0.6.0
github.com/nunnatsa/ginkgolinter	v0.18.3 -> v0.18.4
github.com/raeperd/recvcheck	v0.1.2 -> v0.2.0
github.com/sanposhiho/wastedassign/v2	v2.0.7 -> v2.1.0
github.com/sashamelentyev/usestdlibvars	v1.27.0 -> v1.28.0
github.com/stbenjam/no-sprintf-host-port	v0.1.1 -> v0.2.0
github.com/tdakkota/asciicheck	v0.2.0 -> v0.3.0
github.com/tetafro/godot	v1.4.18 -> v1.4.20
github.com/timakin/bodyclose	v0.0.0-20240125160201-f835fa56326a -> v0.0.0-20241017074812-ed6a65f985e3
github.com/tomarrell/wrapcheck/v2	v2.9.0 -> v2.10.0
github.com/ultraware/funlen	v0.1.0 -> v0.2.0
github.com/ultraware/whitespace	v0.1.1 -> v0.2.0
github.com/uudashr/gocognit	v1.1.3 -> v1.2.0
github.com/uudashr/iface	v1.2.1 -> v1.3.0
go.opentelemetry.io/build-tools	v0.15.0 -> v0.16.0
go.opentelemetry.io/collector/component	v0.116.0 -> v0.117.0
go.opentelemetry.io/collector/config/configtelemetry	v0.116.0 -> v0.117.0
go.opentelemetry.io/collector/confmap	v1.22.0 -> v1.23.0
go.opentelemetry.io/collector/confmap/provider/fileprovider	v1.22.0 -> v1.23.0
go.opentelemetry.io/collector/filter	v0.116.0 -> v0.117.0
go.opentelemetry.io/collector/pdata	v1.22.0 -> v1.23.0
golang.org/x/crypto	v0.30.0 -> v0.32.0
golang.org/x/exp	v0.0.0-20241009180824-f66d83c29e7c -> v0.0.0-20241108190413-2d47ceb2692f
golang.org/x/net	v0.32.0 -> v0.34.0
golang.org/x/oauth2	v0.23.0 -> v0.24.0
golang.org/x/sys	v0.28.0 -> v0.29.0
golang.org/x/term	v0.27.0 -> v0.28.0
golang.org/x/time	v0.6.0 -> v0.8.0
google.golang.org/api	v0.198.0 -> v0.214.0
google.golang.org/genproto/googleapis/api	v0.0.0-20241007155032-5fefd90f89a9 -> v0.0.0-20241118233622-e639e219e697
google.golang.org/genproto/googleapis/rpc	v0.0.0-20241007155032-5fefd90f89a9 -> v0.0.0-20241209162323-e6fa225c2576
google.golang.org/grpc	v1.68.1 -> v1.69.2
google.golang.org/protobuf	v1.35.2 -> v1.36.2