fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
github.com/golangci/golangci-lint	v1.62.2 -> v1.63.4					require	minor
github/codeql-action	v3.27.9 -> v3.28.1					action	minor
google.golang.org/protobuf	v1.36.0 -> v1.36.2					require	patch
step-security/harden-runner	v2.10.2 -> v2.10.3					action	patch

---

Release Notes

golangci/golangci-lint (github.com/golangci/golangci-lint)

v1.63.4

Compare Source

1. Linters bug fixes
   • dupl, gomodguard, revive: keep only Go-files.

v1.63.3

Compare Source

v1.63.2

Compare Source

v1.63.1

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

• afa0e27 fix: filter files (#​5272)
• ffb15ca gci: fix cgo (#​5274)

v1.63.0

Compare Source

github/codeql-action (github/codeql-action)

v3.28.1

Compare Source

v3.28.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024

• Bump the minimum CodeQL bundle version to 2.15.5. #​2655
• Don't fail in the unusual case that a file is on the search path. #​2660.

See the full CHANGELOG.md for more information.

protocolbuffers/protobuf-go (google.golang.org/protobuf)

v1.36.2

Compare Source

Full Changelog: protocolbuffers/protobuf-go@v1.36.1...v1.36.2

Bug fixes:
CL/638515: internal/impl: fix WhichOneof() to work with synthetic oneofs

v1.36.1

Compare Source

Full Changelog: protocolbuffers/protobuf-go@v1.36.0...v1.36.1

Bug fixes:
CL/638495: internal/impl: revert IsSynthetic() check to fix panic

Maintenance:
CL/637475: internal/errors: delete compatibility code for Go before 1.13

step-security/harden-runner (step-security/harden-runner)

v2.10.3

Compare Source

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: hack/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 31 additional dependencies were updated

Details:

Package	Change
github.com/4meepo/tagalign	v1.3.4 -> v1.4.1
github.com/Antonboom/nilnil	v1.0.0 -> v1.0.1
github.com/alecthomas/go-check-sumtype	v0.2.0 -> v0.3.1
github.com/ashanbrown/makezero	v1.1.1 -> v1.2.0
github.com/bombsimon/wsl/v4	v4.4.1 -> v4.5.0
github.com/butuzov/ireturn	v0.3.0 -> v0.3.1
github.com/butuzov/mirror	v1.2.0 -> v1.3.0
github.com/ckaznocha/intrange	v0.2.1 -> v0.3.0
github.com/curioswitch/go-reassign	v0.2.0 -> v0.3.0
github.com/go-xmlfmt/xmlfmt	v1.1.2 -> v1.1.3
github.com/golangci/gofmt	v0.0.0-20240816233607-d8596aa466a9 -> v0.0.0-20241223200906-057b0627d9b9
github.com/jjti/go-spancheck	v0.6.2 -> v0.6.4
github.com/julz/importas	v0.1.0 -> v0.2.0
github.com/ldez/gomoddirectives	v0.2.4 -> v0.6.0
github.com/nunnatsa/ginkgolinter	v0.18.3 -> v0.18.4
github.com/raeperd/recvcheck	v0.1.2 -> v0.2.0
github.com/sanposhiho/wastedassign/v2	v2.0.7 -> v2.1.0
github.com/sashamelentyev/usestdlibvars	v1.27.0 -> v1.28.0
github.com/stbenjam/no-sprintf-host-port	v0.1.1 -> v0.2.0
github.com/tdakkota/asciicheck	v0.2.0 -> v0.3.0
github.com/tetafro/godot	v1.4.18 -> v1.4.20
github.com/timakin/bodyclose	v0.0.0-20230421092635-574207250966 -> v0.0.0-20241017074812-ed6a65f985e3
github.com/tomarrell/wrapcheck/v2	v2.9.0 -> v2.10.0
github.com/ultraware/funlen	v0.1.0 -> v0.2.0
github.com/ultraware/whitespace	v0.1.1 -> v0.2.0
github.com/uudashr/gocognit	v1.1.3 -> v1.2.0
github.com/uudashr/iface	v1.2.1 -> v1.3.0
golang.org/x/sync	v0.9.0 -> v0.10.0
golang.org/x/sys	v0.27.0 -> v0.28.0
golang.org/x/text	v0.18.0 -> v0.20.0
golang.org/x/tools	v0.27.0 -> v0.28.0