build(deps): bump honnef.co/go/tools from 0.6.1 to 0.7.0

[dependabot]

Bumps honnef.co/go/tools from 0.6.1 to 0.7.0.

Release notes

Sourced from honnef.co/go/tools's releases.

Staticcheck 2026.1 (v0.7.0)

Improved Go 1.25 and Go 1.26 support

This release updates Staticcheck’s database of deprecated standard library APIs to cover the Go 1.25 and Go 1.26 releases, as well as to add some crypto/elliptic deprecations from Go 1.21 that were missing. Furthermore, it adds support for new(expr), which was added in Go 1.26.

Other changes

• Version mismatch checks have been relaxed and no longer care about mismatches in the patch level. For example, Staticcheck built with Go 1.26.0 will be able to check code using Go 1.26.1.
• Staticcheck no longer opens staticcheck.conf files that aren’t regular files (or symlinks to regular files). See this gomodfs issue for the motivation behind this change.
• Staticcheck now exits with a non-zero status code if it encountered an invalid configuration file.

Checks

Changed checks

The following checks have been improved:

• SA1026 no longer panics when checking code that tries to marshal named functions (issue 1660).
• SA4000 no longer flags var _ = T{} == T{}, a pattern used to ensure that type T is comparable (issue 1670).
• SA4000 now correctly skips structs containing floats.
• SA4000 now skips functions from the math/rand/v2 package.
• SA4003 now skips over generated files.
• SA4030 now also checks uses of math/rand/v2.
• SA5008 has been updated with better support for encoding/json/v2.
• SA5010 no longer tries to reason about generics, to avoid false positives.
• ST1019 no longer flags duplicate imports of unsafe, mainly to play nice with cgo.
• ST1003 and QF1002 now emit more concise positions, benefitting users of gopls (issue 1647).
• ST1019 now allows importing the same package twice, once using a blank import (issue 1688).
• QF1008 no longer offers to delete all embedded fields from a selector expression. Even when two fields are individually superfluous, removing both might change the semantics of the code (issue 1682).
• QF1012 now detects more uses of bytes.Buffer (issue 1097).
• A bug in the intermediate representation was fixed, affecting the behavior of various checks (issue 1654).

Staticcheck 2025.1.1 (v0.6.1)

This is a re-release of 2025.1 but with prebuilt binaries that have been built with Go 1.24.1.

Staticcheck 2025.1 (v0.6.0)

Added Go 1.24 support

This release adds support for Go 1.24.

Checks

Changed checks

The following checks have been improved:

• U1000 treats all fields in a struct as used if the struct has a field of type structs.HostLayout.
• S1009 now emits a clearer message.
• S1008 no longer recommends simplifying branches that contain comments (issue 704, issue 1488).
• S1009 now flags another redundant nil check (issue 1605).
• QF1002 now emits a valid automatic fix for switches that use initialization statements (issue 1613).

... (truncated)

Commits

• ff63afa Version 2026.1 (v0.7.0)
• b4a35ea Ignore deprecated uses of GOROOT in our code
• ad522a4 config: add simd/archsimd to default dot_import_whitelist
• 9bb55d1 website: go mod tidy
• 4d7b7cb website: add 2026.1 release notes
• 5b2cf0a go/ir, go/buildid: update UPSTREAM
• 4e2a09a SA5008: update for latest version of encoding/json/v2
• 8be920f Update to Go 1.25 and run 'go fix'
• 952cd74 knowledge: update deprecations for Go 1.26
• 0ca3b12 go/ir: support new(expr)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.81%. Comparing base (dbf8e61) to head (6db123e).
⚠️ Report is 9 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #879   +/-   ##
=======================================
  Coverage   49.81%   49.81%           
=======================================
  Files         106      106           
  Lines        3174     3174           
=======================================
  Hits         1581     1581           
  Misses       1517     1517           
  Partials       76       76           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.