chore(deps): update dependency aqua:golangci/golangci-lint to v2.11.4

[renovate]

This PR contains the following updates:

Package	Update	Change
aqua:golangci/golangci-lint	minor	2.10.1 → 2.11.4

---

Release Notes

golangci/golangci-lint (aqua:golangci/golangci-lint)

v2.11.4

Compare Source

Released on 2026-03-22

1. Linters bug fixes
   • govet-modernize: from 0.42.0 to 0.43.0
   • noctx: from 0.5.0 to 0.5.1
   • sqlclosecheck: from 0.5.1 to 0.6.0

v2.11.3

Compare Source

Released on 2026-03-10

1. Linters bug fixes
   • gosec: from v2.24.7 to 619ce21

v2.11.2

Compare Source

Released on 2026-03-07

1. Fixes
   • fmt: fix error when using the fmt command with explicit paths.

v2.11.1

Compare Source

Released on 2026-03-06

Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published.

This release contains the same things as v2.11.0.

v2.11.0

Compare Source

Released on 2026-03-06

1. Linters new features or changes
   • errcheck: from 1.9.0 to 1.10.0 (exclude crypto/rand.Read by default)
   • gosec: from 2.23.0 to 2.24.6 (new rules: G113, G118, G119, G120, G121, G122, G123, G408, G707)
   • noctx: from 0.4.0 to 0.5.0 (new detection: httptest.NewRequestWithContext)
   • prealloc: from 1.0.2 to 1.1.0
   • revive: from 1.14.0 to 1.15.0 (⚠️ Breaking change: package-related checks moved from var-naming to a new rule package-naming)
2. Linters bug fixes
   • gocognit: from 1.2.0 to 1.2.1
   • gosec: from 2.24.6 to 2.24.7
   • unqueryvet: from 1.5.3 to 1.5.4

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Version Range: v2.10.1 → v2.11.4 (4 intermediate releases)

Major Changes:

• errcheck (1.9.0 → 1.10.0): Now excludes crypto/rand.Read by default
• gosec (2.23.0 → 2.24.7): Added 9 new security rules (G113, G118, G119, G120, G121, G122, G123, G408, G707)
• noctx (0.4.0 → 0.5.1): Added detection for httptest.NewRequestWithContext, bug fix in v0.5.1
• prealloc (1.0.2 → 1.1.0): Minor version bump
• revive (1.14.0 → 1.15.0): ⚠️ Breaking change - package-related checks moved from var-naming to new rule package-naming
• gocognit (1.2.0 → 1.2.1): Bug fix
• unqueryvet (1.5.3 → 1.5.4): Bug fix
• govet-modernize (0.42.0 → 0.43.0): Bug fix
• sqlclosecheck (0.5.1 → 0.6.0): Version bump

Bug Fixes:

• v2.11.2: Fixed error when using the fmt command with explicit paths
• v2.11.3: gosec bug fix
• v2.11.4: Bug fixes for govet-modernize, noctx, and sqlclosecheck

Security Improvements:

• Nine new gosec security rules provide enhanced security coverage

🎯 Impact Scope Investigation

Configuration Analysis:

• ✅ No custom .golangci.yml configuration file exists in the repository
• ✅ Project runs golangci-lint run with default settings only
• ✅ Used in CI pipeline (.github/workflows/ci.yml:39) and pre-commit hooks (lefthook.yml:9)

Codebase Impact Assessment:

1. revive Breaking Change (var-naming → package-naming):

   • ✅ No Impact: All packages use lowercase single-word naming convention
   • Analyzed packages: handler, sandbox, middleware, cmd, e2e, main
   • No packages with uppercase letters, underscores, or special characters

2. noctx New Detection (httptest.NewRequestWithContext):

   • ⚠️ Minor Potential Impact: 5 instances of httptest.NewRequest found
   • Locations:
     • internal/handler/handler_test.go:198, 237
     • internal/middleware/concurrency_test.go:35, 42
     • internal/middleware/metrics_test.go:21
   • Note: These are in test files and already use proper context patterns. The new detection targets missing context, not existing usage.

3. errcheck (crypto/rand.Read exclusion):

   • ✅ No Impact: No usage of crypto/rand.Read found in codebase

4. New gosec Security Rules:

   • ✅ Positive Impact: Enhanced security detection with no expected issues
   • Codebase uses standard Go patterns and should not trigger false positives

5. Other Linter Updates:

   • ✅ No Impact: Bug fixes and minor improvements only

Dependency Scope:

• Only tool dependency, not a runtime or build dependency
• Changes isolated to development/CI environment

💡 Recommended Actions

Immediate Actions:

1. ✅ Merge this PR - No code changes required
2. Monitor CI pipeline for the first run after merge
3. If any new linter warnings appear, address them in a follow-up PR

Post-Merge Validation:

1. Verify CI "Lint" job passes successfully
2. Verify lefthook pre-commit hook works locally with golangci-lint run
3. Review any new security warnings from gosec rules (if any)

Optional Improvements (not required for merge):

• Consider adding a .golangci.yml configuration file to explicitly document linter settings
• The httptest.NewRequest calls in tests could optionally be migrated to httptest.NewRequestWithContext for future-proofing, but this is not required

🔗 Reference Links

• golangci-lint v2.11.4 Release
• golangci-lint v2.11.0 Release
• golangci-lint CHANGELOG
• revive Package Naming Rule

Generated by koki-develop/claude-renovate-review