Bump the go-mod-magefiles group in /magefiles with 7 updates

[dependabot]

Bumps the go-mod-magefiles group in /magefiles with 7 updates:

Package	From	To
github.com/bufbuild/buf	1.30.0	1.31.0
github.com/golangci/golangci-lint	1.54.2	1.58.0
github.com/grpc-ecosystem/grpc-gateway/v2	2.19.0	2.19.1
github.com/planetscale/vtprotobuf	0.5.0	0.6.0
golang.org/x/vuln	1.0.1	1.1.0
google.golang.org/protobuf	1.33.0	1.34.0
mvdan.cc/gofumpt	0.5.0	0.6.0

Updates github.com/bufbuild/buf from 1.30.0 to 1.31.0

Release notes

Sourced from github.com/bufbuild/buf's releases.

v1.31.0

• Update dependencies.

v1.30.1

• Fix issue where buf lint incorrectly reports an error for (buf.validate.field).repeated is set for a repeated validation rule.

Changelog

Sourced from github.com/bufbuild/buf's changelog.

[v1.31.0] - 2024-04-23

• Update dependencies.

[v1.30.1] - 2024-04-03

• Fix issue where buf lint incorrectly reports an error for (buf.validate.field).repeated is set for a repeated validation rule.

Commits

• c9863a6 Release v1.31.0 (#2908)
• 00dfa3d Bump connectrpc.com/connect from 1.16.0 to 1.16.1 (#2904)
• 5370d4a Make upgrade (#2905)
• 1607d07 Update user_id to reserved in UserPluginPreferences (#2898)
• 0b24de2 Make upgrade (#2892)
• a52805a Make upgrade (#2880)
• e9aaa1b Bump bufbuild/buf-setup-action from 1.30.0 to 1.30.1 (#2878)
• 5a71edd Return to development (#2866)
• a3f5940 Release v1.30.1 (#2865)
• aeb84da Update CHANGELOG.md for v1.30.1 (#2864)
• Additional commits viewable in compare view

Updates github.com/golangci/golangci-lint from 1.54.2 to 1.58.0

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.58.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

• 7e2229aa Add pre-commit hook to run config verify (#4602)
• b2df2f48 Add new linter canonicalheader (#4672)
• 95fc378f build(deps): bump github.com/Antonboom/errname from 0.1.12 to 0.1.13 (#4669)
• 4c3cc53f build(deps): bump github.com/Antonboom/nilnil from 0.1.7 to 0.1.8 (#4668)
• 2004f31e build(deps): bump github.com/butuzov/mirror from 1.1.0 to 1.2.0 (#4610)
• 4e56cba3 build(deps): bump github.com/ckaznocha/intrange from 0.1.1 to 0.1.2 (#4601)
• ed205573 build(deps): bump github.com/daixiang0/gci from 0.12.3 to 0.13.3 (#4522)
• dc512093 build(deps): bump github.com/daixiang0/gci from 0.13.3 to 0.13.4 (#4611)
• 8fb9856e build(deps): bump github.com/firefart/nonamedreturns from 1.0.4 to 1.0.5 (#4666)
• 8f59629b build(deps): bump github.com/go-critic/go-critic from 0.11.2 to 0.11.3 (#4619)
• 92cb3118 build(deps): bump github.com/golangci/misspell from 0.4.1 to 0.5.1 (#4665)
• 3f374122 build(deps): bump github.com/golangci/revgrep from 0.5.2 to 0.5.3 (#4633)
• 1611bca2 build(deps): bump github.com/jjti/go-spancheck from 0.5.3 to 0.6.0 (#4670)
• e9536898 build(deps): bump github.com/jjti/go-spancheck from 0.6.0 to 0.6.1 (#4679)
• 3f63db13 build(deps): bump github.com/karamaru-alpha/copyloopvar from 1.0.10 to 1.1.0 (#4632)
• e4dae2a2 build(deps): bump github.com/lasiar/canonicalheader from 1.0.5 to 1.0.6 (#4682)
• 28f7c396 build(deps): bump github.com/leonklingele/grouper from 1.1.1 to 1.1.2 (#4613)
• 8e8ad836 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.1 (#4643)
• 813af3ef build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2 (#4688)
• 24bcca2e build(deps): bump github.com/polyfloyd/go-errorlint from 1.4.8 to 1.5.1 (#4690)
• e12d0708 build(deps): bump github.com/ryancurrah/gomodguard from 1.3.1 to 1.3.2 (#4614)
• b937c196 build(deps): bump github.com/shirou/gopsutil/v3 from 3.24.2 to 3.24.3 (#4612)
• fa1cca80 build(deps): bump github.com/shirou/gopsutil/v3 from 3.24.3 to 3.24.4 (#4686)
• d2d77afe build(deps): bump github.com/ultraware/whitespace from 0.1.0 to 0.1.1 (#4664)
• 54bfac8c build(deps): bump github.com/yeya24/promlinter from 0.2.0 to 0.3.0 (#4671)
• 1eab03d6 build(deps): bump gitlab.com/bosi/decorder from 0.4.1 to 0.4.2 (#4667)
• 5e1e22f4 build(deps): bump go-simpler.org/musttag from 0.10.0 to 0.11.0 (#4600)
• 7f707636 build(deps): bump go-simpler.org/musttag from 0.11.0 to 0.12.0 (#4621)
• b7c1d1a0 build(deps): bump go-simpler.org/musttag from 0.12.0 to 0.12.1 (#4626)
• ad7eab96 build(deps): bump go-simpler.org/musttag from 0.9.0 to 0.10.0 (#4579)
• 40d48727 build(deps): bump go-simpler.org/sloglint from 0.5.0 to 0.5.1 (#4644)
• 7ea621b8 build(deps): bump go-simpler.org/sloglint from 0.5.1 to 0.6.0 (#4645)
• 1f46a118 build(deps): bump golang.org/x/tools from 0.19.0 to 0.20.0 (#4620)
• 87db2a33 build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (#4684)
• 83a91b47 build(deps): bump peaceiris/actions-gh-pages from 3 to 4 (#4625)
• b7c7a1d9 execinquery: deprecation (#4652)
• c00c1a56 feat: add fatcontext linter (#4583)
• 5a9f5c1f feat: deprecate usage of linter alternative names (#4562)
• a7868b3e feat: err113 analyzer name (#4567)

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.58.0

1. New linters
   • fatcontext: https://github.com/Crocmagnon/fatcontext
   • canonicalheader: https://github.com/lasiar/canonicalheader
2. Updated linters
   • copyloopvar: from 1.0.10 to 1.1.0 (ignore-alias is replaced by check-alias with the opposite behavior)
   • decorder: from 0.4.1 to 0.4.2
   • errname: from 0.1.12 to 0.1.13
   • errorlint: from 1.4.8 to 1.5.1 (new options allowed-errors and allowed-errors-wildcard)
   • execinquery: deprecate linter ⚠️
   • gci: from 0.12.3 to 0.13.4 (new section localModule)
   • gocritic: from 0.11.2 to 0.11.3
   • spancheck: from 0.5.3 to 0.6.1
   • goerr113 is replaced by err113 ⚠️
   • gomnd is replaced by mnd ⚠️
   • gomodguard: from 1.3.1 to 1.3.2
   • grouper: from 1.1.1 to 1.1.2
   • intrange: from 0.1.1 to 0.1.2
   • mirror: from 1.1.0 to 1.2.0
   • misspell: from 0.4.1 to 0.5.1
   • musttag: from 0.9.0 to 0.12.1
   • nilnil: from 0.1.7 to 0.1.8
   • nonamedreturns: from 1.0.4 to 1.0.5
   • promlinter: from 0.2.0 to 0.3.0
   • sloglint: from 0.5.0 to 0.6.0
   • unparam: bump to HEAD (063aff900ca150b80930c8de76f11d7e6488222f)
   • whitespace: from 0.1.0 to 0.1.1
3. Enhancements
   • Speed up "fast" linters when only "fast" linters are run: between 40% and 80% faster at first run (i.e. without cache)
4. Fixes
   • Use version with module plugins
   • Skip go.mod report inside autogenerated processor
   • Keep only typecheck issues when needed
   • Don't hide typecheck errors inside diff processor
5. Misc.
   • ⚠️ log an error when using previously deprecated linters (Linter Deprecation Cycle)
     • deadcode: deprecated since v1.49.0 (2022-08-23).
     • exhaustivestruct: deprecated since v1.46.0 (2022-05-08).
     • golint: deprecated since v1.41.0 (2021-06-15).
     • ifshort: deprecated since v1.48.0 (2022-08-04).
     • interfacer: deprecated since v1.38.0 (2021-03-03).
     • maligned: deprecated since v1.38.0 (2021-03-03).
     • nosnakecase: deprecated since v1.48.0 (2022-08-04).
     • scopelint: deprecated since v1.39.0 (2021-03-25).
     • structcheck: deprecated since v1.49.0 (2022-08-23).
     • varcheck: deprecated since v1.49.0 (2022-08-23).
   • ⚠️ Deprecate usage of linter alternative names
   • Remove help display on errors with config verify command
   • Add pre-commit hook to run config verify

... (truncated)

Commits

• 28b3813 feat: use problem matchers for GitHub Action format (#4685)
• 24bcca2 build(deps): bump github.com/polyfloyd/go-errorlint from 1.4.8 to 1.5.1 (#4690)
• 0260ec8 unparam: bump to HEAD (#4689)
• 813af3e build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2 (#4688)
• fa1cca8 build(deps): bump github.com/shirou/gopsutil/v3 from 3.24.3 to 3.24.4 (#4686)
• 87db2a3 build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (#4684)
• 38fac89 feat: log an error when using previously deprecated linters (#4681)
• e4dae2a build(deps): bump github.com/lasiar/canonicalheader from 1.0.5 to 1.0.6 (#4682)
• dfde379 dev: clean deprecated options (#4673)
• 55b2f5d dev: removes BaseRule, ExcludeRule, SeverityRule duplications (#4676)
• Additional commits viewable in compare view

Updates github.com/grpc-ecosystem/grpc-gateway/v2 from 2.19.0 to 2.19.1

Release notes

Sourced from github.com/grpc-ecosystem/grpc-gateway/v2's releases.

v2.19.1

What's Changed

• (fix) remove internal comments from generated protoComments by @​kiambogo in grpc-ecosystem/grpc-gateway#3864
• fix(protoc-gen-openapiv2): exclude from query params oneof fields in the same group as the one used in the body by @​ovargas in grpc-ecosystem/grpc-gateway#3862
• If no subfields are set in a map, add the field to fieldMask by @​sbansal7 in grpc-ecosystem/grpc-gateway#3879
• Parse request body when using X-HTTP-Method-Override header by @​eyasy1217 in grpc-ecosystem/grpc-gateway#3918
• fix path param override by query params by @​ljmsc in grpc-ecosystem/grpc-gateway#3946

New Contributors

• @​kiambogo made their first contribution in grpc-ecosystem/grpc-gateway#3864
• @​ovargas made their first contribution in grpc-ecosystem/grpc-gateway#3862
• @​sbansal7 made their first contribution in grpc-ecosystem/grpc-gateway#3879
• @​eyasy1217 made their first contribution in grpc-ecosystem/grpc-gateway#3918

Full Changelog: grpc-ecosystem/grpc-gateway@v2.19.0...v2.19.1

Commits

• 0bcc6bf fix path param override by query params (#3946)
• 8f860cf chore(deps): update googleapis digest to d638535
• 5a55932 chore(deps): update googleapis digest to 11c5a8b
• 5e20b2e chore(deps): update googleapis digest to 9847acc
• d1db865 chore(deps): update googleapis digest to 27c16bb
• 80e1f52 fix(deps): update google.golang.org/genproto/googleapis/api digest to 1f4bbc5
• cfec40d fix(deps): update google.golang.org/genproto/googleapis/rpc digest to 1f4bbc5
• 3e31a0f chore(deps): update dependency bazel to v7.0.2
• 313a7c3 chore(deps): update googleapis digest to 8169878
• e5d2c70 chore(deps): update googleapis digest to 6f0527b
• Additional commits viewable in compare view

Updates github.com/planetscale/vtprotobuf from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/planetscale/vtprotobuf's releases.

v0.6.0

Notable new features

• Support for Well-Known Type Wrappers (planetscale/vtprotobuf#99)
• Unsafe unmarshalling without memory allocations (planetscale/vtprotobuf#103)
• Support for custom build tags (planetscale/vtprotobuf#122)
• Support for using wildcards when choosing which objects to pool (planetscale/vtprotobuf#115)

List of all merged PRs

• feat: use vtpool when cloning poolable objects by @​kruskall in planetscale/vtprotobuf#95
• fix: do not try to reset nil objects by @​kruskall in planetscale/vtprotobuf#96
• Fix misspell in clone.go by @​cristaloleg in planetscale/vtprotobuf#98
• Well known type wrappers by @​vmg in planetscale/vtprotobuf#99
• Added well-known types generated by vtproto plugin by @​biosvs in planetscale/vtprotobuf#93
• Add unmarshal_unsafe feature by @​nockty in planetscale/vtprotobuf#103
• fix: ResetVT oneof by @​evgfedotov in planetscale/vtprotobuf#109
• Fix alloc qualify ident by @​evgfedotov in planetscale/vtprotobuf#113
• fix: check oneof on syntetic by @​evgfedotov in planetscale/vtprotobuf#111
• Support Struct for wellknown type wrappers by @​howardjohn in planetscale/vtprotobuf#116
• Bump go.mod dependencies by @​howardjohn in planetscale/vtprotobuf#119
• Make generated code use public helpers instead of generating them by @​nockty in planetscale/vtprotobuf#120
• Downgrade grpc to version 1.58.2 by @​nockty in planetscale/vtprotobuf#121
• Fix: Append check on IsMap in pool message generation by @​evgfedotov in planetscale/vtprotobuf#124
• Add ability to include a build tag by @​howardjohn in planetscale/vtprotobuf#122
• Fix: Prevent out of bounds access when unsafe unmarshalling empty strings by @​maheeshap-canopus in planetscale/vtprotobuf#127
• feature: pool with wildcard by @​evgfedotov in planetscale/vtprotobuf#115

New Contributors

• @​kruskall made their first contribution in planetscale/vtprotobuf#95
• @​cristaloleg made their first contribution in planetscale/vtprotobuf#98
• @​nockty made their first contribution in planetscale/vtprotobuf#103
• @​evgfedotov made their first contribution in planetscale/vtprotobuf#109
• @​howardjohn made their first contribution in planetscale/vtprotobuf#116
• @​maheeshap-canopus made their first contribution in planetscale/vtprotobuf#127

Full Changelog: planetscale/vtprotobuf@v0.5.0...v0.6.0

Commits

• ec98e72 Merge branch 'main' into feature/pool-wildcard
• 63d143b Merge branch 'fix/unsafe-empty-string-map-values'
• 7e7e2ec unmarshal: fix length checks for unsafe marshalling
• ab88888 Merge pull request #122 from howardjohn/gen/build-tag
• 2cc4577 Merge pull request #124 from evgfedotov/fix/check-kind-map
• be92325 Regenerate pb.go files
• bcde995 fix: handle zero-length strings in unsafe unmarshalling and update test logic...
• c47c2bc Add test case to demonstrate panic when UnmarshalUnsafe is called with an emp...
• 3aa6540 Fix: Append check on IsMap in pool message generation
• c64fedf Add ability to include a build tag
• Additional commits viewable in compare view

Updates golang.org/x/vuln from 1.0.1 to 1.1.0

Release notes

Sourced from golang.org/x/vuln's releases.

v1.1.0

This release brings minor improvements to govulncheck inner workings and a few bug fixes (#66139, #65590).

Integration

Govulncheck JSON now also contains scan mode as part of the Config message.

Further, the Position in trace frames now contains only paths relative to their enclosing module. This could potentially break some existing clients, hence the bump of the minor version.

Note that this change is made to allow for easier preservation of privacy by the clients as now the file positions do not contain information about the local machine. This is also a portable solution. Clients can reconstruct full paths for their local machine by joining the Position relative paths with paths of the enclosing modules on the local machine.

v1.0.4

This release brings an improved overhaul of the govulncheck textual output. Findings at each detected level of precision (symbol, package, or module) are communicated in their own section.

By default, only the section with the user-specified precision mode is shown followed by a summary of other sections. A detailed description with all of the sections can be obtained using a newly introduced -show verbose option.

This release also brings improvements and fixes for error messages and binaries (#59731).

Integration

govulncheck (streaming) JSON now includes the code position of the vulnerable symbol. Where applicable, the .Position of the last entry of a finding's trace is the code location defining the .Function.

v1.0.3

The major feature brought by this release is govulncheck -mode extract option. It enables users to extract a blob abstraction of a binary whose size is typically much smaller than the binary itself. The blob can be passed to govulncheck for analysis with the -mode binary option. The users should not rely on the contents or the representation of the blob.

This release also brings several bug fixes (#65124, #65155, and #65130).

v1.0.2

This release brings minor improvements to the govulncheck textual output and fixes for error messages (#59623, #64681), fixed version suggestion (#62276), documentation (e.g., #60166), and issues in dependencies (e.g., #64112).

Support for analyzing stripped darwin binaries in govulncheck is added as well (#61051).

Integration

govulncheck (streaming) JSON now emits an OSV message for each vulnerability associated with user modules and its transitive dependencies, regardless of the module version.

As usual, govulncheck emits a module-level Finding if a vulnerability for a module applies to the current module version.

Commits

• a7188c6 internal/openvex: add vex types
• 4b737a9 internal/sarif: compute relative paths for findings
• 7bf0c05 internal/sarif: remove unused field
• 7b0e650 go.mod: update golang.org/x dependencies
• f1b1098 internal/sarif,internal/scan,internal/traces: clean up tests
• 33791bc internal/sarif: add region part of the physical location
• d00c170 internal/sarif: add code flows
• 9fbf042 cmd/govulncheck: clean up test
• efaa3ce cmd/govulncheck: make test case config data
• 7838670 cmd/govulncheck: add comment capability to fixups
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.33.0 to 1.34.0

Updates mvdan.cc/gofumpt from 0.5.0 to 0.6.0

Release notes

Sourced from mvdan.cc/gofumpt's releases.

v0.6.0

This release is based on Go 1.21's gofmt, and requires Go 1.20 or later.

The following changes are included:

• Support go version strings from newer go.mod files - #280
• Consider simple error checks even if they use the = operator - #271
• Ignore //line directives to avoid panics - #288

Binaries built on go version go1.21.6 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s -X=main.version=v0.6.0"

Consider becoming a sponsor if you benefit from the work that went into this release!

#271: mvdan/gofumpt#271 #280: mvdan/gofumpt#280 #288: mvdan/gofumpt#288

Changelog

Sourced from mvdan.cc/gofumpt's changelog.

[v0.6.0] - 2024-01-28

This release is based on Go 1.21's gofmt, and requires Go 1.20 or later.

The following changes are included:

• Support go version strings from newer go.mod files - #280
• Consider simple error checks even if they use the = operator - #271
• Ignore //line directives to avoid panics - #288

Commits

• 636d7a7 add release notes for v0.6.0
• 37e0463 format: ignore //line directives when computing positions
• 9e77a5f update deps
• ddd4dc4 skip gomod.txtar testscript on Go 1.20
• 5249497 add package godoc
• 13743a4 format: support Go versions from newer go.mod files
• 4ac1be2 Update Helix editor config
• a8415d3 format: add a TODO to remind myself about token.File.Lines
• 025a91f treat err assignments as a simple error check
• 9a108c1 add Go 1.21, drop 1.19
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions