ENG-4369: Update golangci-lint to 2.11.3 via mise

[oschwald]

Summary

• Update golangci-lint from 2.10.1 to 2.11.3 in mise.lock
• Add disable_backends, hooks, and watch_files settings to mise.toml

Test plan

• golangci-lint run ./... passes locally
• CI passes on PR

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request updates the mise configuration to enhance development environment management. It primarily focuses on upgrading the golangci-lint tool to its latest version and refining how mise interacts with the project by disabling specific backends and automating tool installation through hooks and file watching. These changes aim to improve consistency and efficiency in the development workflow.

Highlights

• golangci-lint Update: Updated golangci-lint to version 2.11.3 in mise.lock, including updated checksums and the addition of provenance information for all supported platforms.
• mise Configuration Enhancements: Introduced new mise.toml configurations including disable_backends for asdf and vfox, an enter hook to automatically run mise install --quiet, and watch_files to trigger mise install --quiet on changes to mise.toml or mise.lock.
• Tool Version Expansion: Added support for newer versions of Go (1.26.1) and Node.js (25.8.0) in mise.lock, alongside existing versions.

Changelog

• mise.lock
  • Updated golangci-lint from 2.10.1 to 2.11.3, including new checksums and the addition of provenance details for all supported platforms.
  • Added go version 1.26.1 and node version 25.8.0 entries, expanding the range of supported tool versions.
  • Restructured the platform-specific configuration for golangci-lint, precious, go, hugo, and node from inline tables to dedicated TOML tables, and introduced musl variants for Linux platforms.
  • Added a comment indicating the file is auto-generated by mise lock.
• mise.toml
  • Removed the locked = true setting.
  • Added disable_backends to exclude asdf and vfox from mise's backend usage.
  • Configured an enter hook to automatically run mise install --quiet when entering the project directory.
  • Added watch_files to trigger mise install --quiet when mise.toml or mise.lock are modified.

Activity

• The author, oschwald, created this pull request to update golangci-lint and configure mise.
• The author has verified that golangci-lint run ./... passes locally.
• The author is awaiting CI to pass on the PR.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates golangci-lint and makes several improvements to the mise configuration. The changes to mise.toml to use newer features like disable_backends, hooks, and watch_files are good enhancements.

However, the use of latest for tool versions in mise.toml has led to unintended updates of go and node alongside golangci-lint. This also resulted in the mise.lock file containing multiple versions for these tools, which is not ideal for reproducibility and clarity.

I've added a comment in mise.lock with a recommendation to pin tool versions in mise.toml. This is a best practice for dependency management that will prevent such issues in the future.

_{Note: Security Review has been skipped due to the limited scope of the PR.}

[gemini-code-assist]

The lock file now contains two versions of Go (1.26.0 and 1.26.1), and similarly for Node. This is likely because these tools are configured with version = "latest" in mise.toml. While this PR's goal is to update golangci-lint, it's also implicitly updating other tools.

Using latest can lead to non-reproducible builds and makes it hard to track when a dependency was updated. It's a best practice to pin tools to specific versions.

I recommend changing mise.toml to use specific versions for all tools. For example:

[tools]
go = "1.26.1"
hugo = "0.157.0"
node = "25.8.0"
"github:golangci/golangci-lint" = "2.11.3"
"github:houseabsolute/precious" = "0.10.2"
"npm:prettier" = "3.8.1"

After updating mise.toml, please regenerate the mise.lock file (e.g., by removing it and running mise install) to ensure it's clean and only contains single, pinned versions for each tool. This will also make the PR's scope clearer.