Update devTools non-major (release-v1.35)

[ske-renovate-ce]

This PR contains the following updates:

Package	Update	Change
chainguard-dev/apko	patch	v1.2.9 → v1.2.11
golangci/golangci-lint	minor	v2.11.4 → v2.12.2

---

Release Notes

chainguard-dev/apko (chainguard-dev/apko)

v1.2.11

Compare Source

Changelog

• bfd6776 Tweak solver's same-origin heuristic (#​2208)
• 1564c07 build(deps): bump chainguard-dev/actions from 1.6.15 to 1.6.17 (#​2215)
• 4700edf build(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6 (#​2211)
• b593d2c build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#​2213)
• 9157b1a build(deps): bump google.golang.org/api from 0.276.0 to 0.277.0 (#​2212)
• 0e4728d build(deps): bump k8s.io/apimachinery from 0.35.4 to 0.36.0 (#​2189)
• d81a5d4 build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 (#​2214)
• 5644a41 retry package fetch+expand on transient errors (#​2210)

v1.2.10

Compare Source

Changelog

• 0670f22 build(deps): bump go.step.sm/crypto from 0.77.2 to 0.77.9 (#​2209)
• eebbe62 build(deps): bump goreleaser/goreleaser-action from 7.1.0 to 7.2.1 (#​2207)

golangci/golangci-lint (golangci/golangci-lint)

v2.12.2

Compare Source

Released on 2026-05-06

1. Linters bug fixes
   • gomodguard_v2: fix blocked configuration
   • gomodguard_v2: from 2.1.0 to 2.1.3
   • iface: from 1.4.1 to 1.4.2

v2.12.1

Compare Source

Released on 2026-05-01

1. Linters bug fixes
   • gomodguard_v2: fix panic with migration suggestion
2. Misc.
   • fix install.sh script (if you are still using an URL based on the branch master, please update to use https://golangci-lint.run/install.sh)

v2.12.0

Compare Source

Released on 2026-05-01

1. New linters
   • Add clickhouselint linter https://github.com/ClickHouse/clickhouse-go-linter
2. Linters new features or changes
   • dupl: from f665c8d to c99c5cf (extended detection)
   • funcorder: from 0.5.0 to 0.6.0 (new option: function)
   • goconst: add an option to ignore strings from tests
   • goconst: from 1.8.2 to 1.10.0 (extended detection)
   • gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)
   • gosec: from 619ce21 to 2.26.1 (new checks: G124, G708, G709, G710)
   • govet: add inline analyzer
   • makezero: from 2.1.0 to 2.2.1 (support slice type aliases)
   • paralleltest: expose checkcleanup option
   • sloglint: from 0.11.1 to 0.12.0 (new options: allowed-keys, custom-funcs)
   • wsl_v5: from 5.6.0 to 5.8.0 (new option: cuddle-max-statements; new checks: after-decl, after-defer, after-expr, after-go, cuddle-group)
3. Linters bug fixes
   • forbidigo: from 2.3.0 to 2.3.1
   • godot: from 1.5.4 to 1.5.6
   • govet-modernize: from 0.43.0 to 0.44.0
   • ireturn: from 0.4.0 to 0.4.1
   • rowserrcheck: from 1.1.1 to c5f79b8
4. Misc.
   • Decrease cache entropy
   • Embed the JSON schema in the binary
   • Filter env vars when cloning the repository with the custom command

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[ske-renovate-ce]

/label skip-review

[ske-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jamand for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ske-prow]

@ske-renovate-ce[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cloud-provider-stackit-verify	2e67f15	link	true	/test pull-cloud-provider-stackit-verify

Full PR test history. Your PR dashboard. Command help for this repository.
Please help us cut down on flakes by linking this test failure to an open flake report or filing a new flake report if you can't find an existing one. Also see the gardener testing guideline for how to avoid and hunt flakes.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.