chore: update dependencies

[renovate]

Update Request | Renovate Bot

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
github.com/golangci/golangci-lint	v2.5.0 -> v2.6.0						minor
github.com/google/go-github/v75	v75.0.0 -> v76.0.0					require	major
github.com/mvdan/gofumpt	v0.9.1 -> v0.9.2						patch
oven/bun	1.3.0-alpine -> 1.3.1-alpine						patch

---

Release Notes

golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.6.0

Compare Source

1. New linters
   • Add modernize analyzer suite
2. Linters new features or changes
   • arangolint: from 0.2.0 to 0.3.1
   • dupword: from 0.1.6 to 0.1.7 (new option comments-only)
   • go-critic: from 0.13.0 to 0.14.0 (new rules/checkers: zeroByteRepeat, dupOption)
   • gofumpt: from 0.9.1 to 0.9.2 ("clothe" naked returns is now controlled by the extra-rules option)
   • perfsprint: from 0.9.1 to 0.10.0 (new options: concat-loop, loop-other-ops)
   • wsl: from 5.2.0 to 5.3.0
3. Linters bug fixes
   • dupword: from 0.1.6 to 0.1.7
   • durationcheck: from 0.0.10 to 0.0.11
   • exptostd: from 0.4.4 to 0.4.5
   • fatcontext: from 0.8.1 to 0.9.0
   • forbidigo: from 2.1.0 to 2.3.0
   • ginkgolinter: from 0.21.0 to 0.21.2
   • godoc-lint: from 0.10.0 to 0.10.1
   • gomoddirectives: from 0.7.0 to 0.7.1
   • gosec: from 2.22.8 to 2.22.10
   • makezero: from 2.0.1 to 2.1.0
   • nilerr: from 0.1.1 to 0.1.2
   • paralleltest: from 1.0.14 to 1.0.15
   • protogetter: from 0.3.16 to 0.3.17
   • unparam: from 0df0534 to 5beb8c8
4. Misc.
   • fix: ignore some files to hash the version for custom build

google/go-github (github.com/google/go-github/v75)

v76.0.0

Compare Source

This release contains the following breaking API changes:

• chore!: Remove ActionsBilling endpoints for User and Organization (#​3701)
  BREAKING CHANGE: ActionsBilling endpoints are removed.
• fix!: Return RepositoryAttachment from GetRepositoriesForCodeSecurityConfiguration (#​3707)
  BREAKING CHANGE: GetRepositoriesForCodeSecurityConfiguration now returns RepositoryAttachment instead of Repository.
• refactor!: Replace Edit with Update in permissions method names (#​3731)
  BREAKING CHANGE: Permissions-related methods are renamed from Edit* to Update*.
• fix!: Change return type of GetDefaultCodeSecurityConfigurations (#​3747)
  BREAKING CHANGE: GetDefaultCodeSecurityConfigurations now returns CodeSecurityConfigurationWithDefaultForNewRepos instead of CodeSecurityConfiguration.
• refactor!: Adjust function names and field types for billing API (#​3770)
  BREAKING CHANGE: Billing-related methods are renamed to pattern, and required fields are changed to value types.

...and the following additional changes:

• Bump go-github from v74 to v75 in /scrape (#​3724)
• feat: Add ClientID to Installation (#​3712)
• feat: Add some GitHub Classroom API endpoints (#​3690)
• chore: Replace http.Method* constants with string literals (#​3696)
• fix: Repositories.UpdateRulesetClearBypassActor sets BypassActors to empty slice (#​3727)
• test: Ensure bypass_actors serializes as an empty array when clearing ruleset bypass actors (#​3734)
• Add reason field to PullRequestEvent (#​3730)
• chore: Update openapi_operations.yaml (#​3735)
• Update CONTRIBUTING.md (#​3736)
• feat: Support roles field in SCIM (#​3728)
• chore: Ignore hidden .claude settings folder (#​3738)
• feat: Add ListAcceptedAssignments and GetAssignmentGrades methods to Classroom API (#​3732)
• feat: Add immutable releases support (#​3725)
• build(deps): Bump actions/cache from 4.2.4 to 4.3.0 in the actions group (#​3742)
• refactor: Use errors package to compare and assert error types (#​3739)
• ci: Add errorlint configuration to golangci-lint settings (#​3743)
• docs: Update code snippets to use errors package for type assertions (#​3746)
• Update openapi_operations.yaml (#​3749)
• test: Use t.Context() instead of context.Background() (#​3750)
• chore: Add zyfy29 to REVIEWERS (#​3753)
• Prefer %v over %d,%s and add fmtpercentv custom linter (#​3756)
• test: Simplify the function that skips integration tests (#​3752)
• test: Fix issues in TestSecretScanningService tests (#​3760)
• refactor: Simplify for range loops (#​3762)
• chore(ci): Add example dir to dependabot config (#​3764)
• fix: Correct body in EnterpriseService.InitialConfig (#​3763)
• feat: Add premium request usage report endpoints for organizations and users (#​3751)
• feat: Add two new Secret Scanning API endpoints (#​3687)
• build(deps): Bump github.com/ProtonMail/go-crypto from 0.0.0-20230828082145-3c4c8a2d2371 to 1.3.0 in /example (#​3765)
• build(deps): Bump golang.org/x/crypto from 0.36.0 to 0.42.0 in /example (#​3766)
• build(deps): Bump github.com/gofri/go-github-pagination from 1.0.0 to 1.0.1 in /example (#​3767)
• Update openapi_operations.yaml (#​3772)
• feat: Add fork PR workflows permission API support (#​3737)
• Add support for organization Immutable Releases API (#​3774)
• feat: Add enterprise license endpoints (#​3755)
• build(deps): Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.0.4 to 2.17.0 in /example (#​3776)
• build(deps): Bump golang.org/x/net from 0.44.0 to 0.46.0 in /scrape (#​3777)
• build(deps): Bump golang.org/x/crypto from 0.42.0 to 0.43.0 in /example (#​3778)
• Add ProjectsService (#​3718)
• Fix breakages caused by merge (#​3781)
• Bump version of go-github to v76.0.0 (#​3782)

mvdan/gofumpt (github.com/mvdan/gofumpt)

v0.9.2

Compare Source

This release moves the "clothe naked returns" rule under gofumpt -extra, following the discussion in #​285.

Binaries built on go version go1.25.3 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Consider becoming a sponsor if you benefit from the work that went into this release!

Note that this release no longer includes a sha256sums.txt asset; GitHub now provide digests natively.

oven-sh/bun (oven/bun)

v1.3.1: Bun v1.3.1

To install Bun v1.3.1

curl -fsSL https://bun.sh/install | bash

# or you can use npm
# npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.3.1:

bun upgrade

Read Bun v1.3.1's release notes on Bun's blog

Thanks to 15 contributors!

• @​alinalihassan
• @​cirospaciari
• @​dylan-conway
• @​hoxyy
• @​jarred-sumner
• @​jsparkdev
• @​mariusz4044
• @​markovejnovic
• @​nektro
• @​pfgithub
• @​riskymh
• @​robobun
• @​shlomocode
• @​sosukesuzuki
• @​taylordotfish

Special thanks to Martin Schwarzl of Cloudflare for fuzzing & reporting several bugs!!

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.