fix(deps): lock file maintenance vulnfeeds

[renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
		lockFileMaintenance	All locks refreshed
cloud.google.com/go/secretmanager	require	minor	v1.15.0 -> v1.16.0
gcr.io/google.com/cloudsdktool/google-cloud-cli	final	digest	cdac858 -> 4cc9437
github.com/go-git/go-git/v5	require	patch	v5.16.2 -> v5.16.3
github.com/ossf/osv-schema/bindings/go	require	digest	f6ae0b6 -> a45f3f3
golang	stage	patch	1.25.1-alpine -> 1.25.3-alpine
golang.org/x/exp	require	digest	8b4c13b -> a4bb9ff
google.golang.org/api	require	minor	v0.247.0 -> v0.253.0
pylint (changelog)	dev	patch	3.3.8 -> 3.3.9

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Release Notes

go-git/go-git (github.com/go-git/go-git/v5)

v5.16.3

Compare Source

What's Changed

• internal: Expand regex to fix build [5.x] by @​baloo in #​1644
• build: raise timeouts for windows CI tests and disable CIFuzz [5.x] by @​baloo in #​1646
• plumbing: support commits extra headers, support jujutsu signed commit [5.x] by @​baloo in #​1633

Full Changelog: go-git/go-git@v5.16.2...v5.16.3

googleapis/google-api-go-client (google.golang.org/api)

v0.253.0

Compare Source

Features

• all: Auto-regenerate discovery clients (#​3337) (40f2752)
• all: Auto-regenerate discovery clients (#​3339) (d1ef976)
• all: Auto-regenerate discovery clients (#​3340) (580c65f)
• all: Auto-regenerate discovery clients (#​3341) (9d031c4)
• all: Auto-regenerate discovery clients (#​3342) (ca2b9ad)
• all: Auto-regenerate discovery clients (#​3344) (844753e)
• all: Auto-regenerate discovery clients (#​3345) (3de8a5b)
• all: Auto-regenerate discovery clients (#​3346) (a590b9a)
• all: Auto-regenerate discovery clients (#​3347) (40ca8fe)

v0.252.0

Compare Source

Features

• all: Auto-regenerate discovery clients (#​3326) (c992545)
• all: Auto-regenerate discovery clients (#​3328) (b9b915b)
• all: Auto-regenerate discovery clients (#​3330) (fcb7723)
• all: Auto-regenerate discovery clients (#​3331) (a67f44d)
• all: Auto-regenerate discovery clients (#​3332) (b9890fc)
• all: Auto-regenerate discovery clients (#​3334) (163216d)
• all: Auto-regenerate discovery clients (#​3336) (2c4dd78)

v0.251.0

Compare Source

Features

• all: Auto-regenerate discovery clients (#​3319) (7ef0f9b)
• all: Auto-regenerate discovery clients (#​3321) (2cb519b)
• all: Auto-regenerate discovery clients (#​3322) (3e4bc60)
• all: Auto-regenerate discovery clients (#​3324) (b41b5a5)
• all: Auto-regenerate discovery clients (#​3325) (8c5ef06)

v0.250.0

Compare Source

Features

• all: Auto-regenerate discovery clients (#​3306) (04e9340)
• all: Auto-regenerate discovery clients (#​3308) (b85955a)
• all: Auto-regenerate discovery clients (#​3309) (6d11ef4)
• all: Auto-regenerate discovery clients (#​3310) (5ed74f3)
• all: Auto-regenerate discovery clients (#​3311) (ffae061)
• all: Auto-regenerate discovery clients (#​3312) (7f0983c)
• all: Auto-regenerate discovery clients (#​3314) (0e5a06d)
• all: Auto-regenerate discovery clients (#​3315) (a6d27cf)
• all: Auto-regenerate discovery clients (#​3316) (e4eefd9)
• all: Auto-regenerate discovery clients (#​3318) (2242712)

v0.249.0

Compare Source

Features

• all: Auto-regenerate discovery clients (#​3281) (c03d56b)
• all: Auto-regenerate discovery clients (#​3283) (4d1d336)
• all: Auto-regenerate discovery clients (#​3284) (d2b41b6)
• all: Auto-regenerate discovery clients (#​3285) (bcde943)
• all: Auto-regenerate discovery clients (#​3286) (27530dd)
• all: Auto-regenerate discovery clients (#​3288) (240e54a)
• all: Auto-regenerate discovery clients (#​3289) (2bd4a72)
• all: Auto-regenerate discovery clients (#​3291) (d09c7d3)
• all: Auto-regenerate discovery clients (#​3292) (7b2235b)
• all: Auto-regenerate discovery clients (#​3293) (2e60cd5)
• all: Auto-regenerate discovery clients (#​3294) (162aba4)
• all: Auto-regenerate discovery clients (#​3295) (e297a42)
• all: Auto-regenerate discovery clients (#​3296) (f98f835)
• all: Auto-regenerate discovery clients (#​3297) (ababe60)
• all: Auto-regenerate discovery clients (#​3299) (ad70b6e)
• all: Auto-regenerate discovery clients (#​3300) (4fcd5bb)
• all: Auto-regenerate discovery clients (#​3301) (6db0561)
• all: Auto-regenerate discovery clients (#​3302) (79b251a)
• all: Auto-regenerate discovery clients (#​3303) (e93c8a8)
• all: Auto-regenerate discovery clients (#​3305) (1ca0330)

v0.248.0

Compare Source

Features

• all: Auto-regenerate discovery clients (#​3272) (8f03c8e)
• all: Auto-regenerate discovery clients (#​3274) (2900298)
• all: Auto-regenerate discovery clients (#​3275) (4c66642)
• all: Auto-regenerate discovery clients (#​3276) (2692170)
• all: Auto-regenerate discovery clients (#​3277) (23daa11)
• all: Auto-regenerate discovery clients (#​3279) (71f2c5f)
• all: Auto-regenerate discovery clients (#​3280) (59f18fd)

pylint-dev/pylint (pylint)

v3.3.9

Compare Source

What's new in Pylint 3.3.9?

Release date: 2025-10-05

False Positives Fixed

• Fix used-before-assignment for PEP 695 type aliases and parameters.

  Closes #​9815

• No longer flag undeprecated functions in importlib.resources as deprecated.

  Closes #​10593

• Fix false positive inconsistent-return-statements when using quit() or exit() functions.

  Closes #​10508

• Fix false positive undefined-variable (E0602) for for-loop variable shadowing patterns like for item in item: when the variable was previously defined.

  Closes #​10562

Other Bug Fixes

• Fixed crash in 'unnecessary-list-index-lookup' when starting an enumeration using
  minus the length of an iterable inside a dict comprehension when the len call was only
  made in this dict comprehension, and not elsewhere. Also changed the approach,
  to use inference in all cases but the simple ones, so we don't have to fix crashes
  one by one for arbitrarily complex expressions in enumerate.

  Closes #​10510

---

Configuration

📅 Schedule: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[forking-renovate]

ℹ Artifact update notice

File name: vulnfeeds/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 19 additional dependencies were updated

Details:

Package	Change
cloud.google.com/go/auth	v0.16.5 -> v0.17.0
cloud.google.com/go/compute/metadata	v0.8.0 -> v0.9.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp	v1.27.0 -> v1.29.0
github.com/go-jose/go-jose/v4	v4.0.5 -> v4.1.2
go.opentelemetry.io/otel	v1.36.0 -> v1.37.0
go.opentelemetry.io/otel/metric	v1.36.0 -> v1.37.0
go.opentelemetry.io/otel/sdk	v1.36.0 -> v1.37.0
go.opentelemetry.io/otel/sdk/metric	v1.36.0 -> v1.37.0
go.opentelemetry.io/otel/trace	v1.36.0 -> v1.37.0
golang.org/x/crypto	v0.41.0 -> v0.43.0
golang.org/x/net	v0.43.0 -> v0.46.0
golang.org/x/oauth2	v0.30.0 -> v0.32.0
golang.org/x/sync	v0.16.0 -> v0.17.0
golang.org/x/sys	v0.35.0 -> v0.37.0
golang.org/x/text	v0.28.0 -> v0.30.0
golang.org/x/time	v0.12.0 -> v0.14.0
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250818200422-3122310a409c -> v0.0.0-20251014184007-4626949a642f
google.golang.org/grpc	v1.74.3 -> v1.76.0
google.golang.org/protobuf	v1.36.7 -> v1.36.10