From b71a598fd7b3bebfbd11445b860d6f2a633c7a58 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 18 Sep 2025 12:34:36 +0200
Subject: [PATCH] deps: update mvdan/gofumpt to v0.9.1 (#3961)

* deps: update mvdan/gofumpt to v0.9.1

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
---
 bazel/toolchains/ci_deps.bzl                  | 24 +++++++++----------
 e2e/internal/upgrade/upgrade.go               |  6 ++---
 hack/oci-pin/oci-pin.go                       |  2 +-
 internal/attestation/snp/snp.go               | 10 ++++----
 internal/config/config_test.go                |  2 +-
 internal/constellation/helm/versionlister.go  |  2 +-
 .../constellation/kubecmd/kubecmd_test.go     |  2 +-
 internal/sigstore/sign.go                     |  2 +-
 8 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl
index f6354e6ca..1d44afc2b 100644
--- a/bazel/toolchains/ci_deps.bzl
+++ b/bazel/toolchains/ci_deps.bzl
@@ -138,42 +138,42 @@ def _gofumpt_deps():
     http_file(
         name = "com_github_mvdan_gofumpt_linux_amd64",
         urls = [
-            "https://cdn.confidential.cloud/constellation/cas/sha256/11604bbaf7321abcc2fca2c6a37b7e9198bb1e76e5a86f297c07201e8ab1fda9",
-            "https://github.com/mvdan/gofumpt/releases/download/v0.8.0/gofumpt_v0.8.0_linux_amd64",
+            "https://cdn.confidential.cloud/constellation/cas/sha256/a616c867ca92f63017500502b7d0b490dfe5bcbcaa265659a1b50620ad63de5c",
+            "https://github.com/mvdan/gofumpt/releases/download/v0.9.1/gofumpt_v0.9.1_linux_amd64",
         ],
         executable = True,
         downloaded_file_path = "gofumpt",
-        sha256 = "11604bbaf7321abcc2fca2c6a37b7e9198bb1e76e5a86f297c07201e8ab1fda9",
+        sha256 = "a616c867ca92f63017500502b7d0b490dfe5bcbcaa265659a1b50620ad63de5c",
     )
     http_file(
         name = "com_github_mvdan_gofumpt_linux_arm64",
         urls = [
-            "https://cdn.confidential.cloud/constellation/cas/sha256/787c1d3d4d20e6fe2b0bf06a5a913ac0f50343dbf9a71540724a2b8092a0e6ca",
-            "https://github.com/mvdan/gofumpt/releases/download/v0.8.0/gofumpt_v0.8.0_linux_arm64",
+            "https://cdn.confidential.cloud/constellation/cas/sha256/cb0bddd2ea3dbdc292bb1b527c6806143a1e57653bc5be9ac1c9228fbbc43135",
+            "https://github.com/mvdan/gofumpt/releases/download/v0.9.1/gofumpt_v0.9.1_linux_arm64",
         ],
         executable = True,
         downloaded_file_path = "gofumpt",
-        sha256 = "787c1d3d4d20e6fe2b0bf06a5a913ac0f50343dbf9a71540724a2b8092a0e6ca",
+        sha256 = "cb0bddd2ea3dbdc292bb1b527c6806143a1e57653bc5be9ac1c9228fbbc43135",
     )
     http_file(
         name = "com_github_mvdan_gofumpt_darwin_amd64",
         urls = [
-            "https://cdn.confidential.cloud/constellation/cas/sha256/0dda6600cf263b703a5ad93e792b06180c36afdee9638617a91dd552f2c6fb3e",
-            "https://github.com/mvdan/gofumpt/releases/download/v0.8.0/gofumpt_v0.8.0_darwin_amd64",
+            "https://cdn.confidential.cloud/constellation/cas/sha256/62a54abe6488062fa79fbb56b44436c1d68805a9b7ce314a3fbfa37d9c17dc52",
+            "https://github.com/mvdan/gofumpt/releases/download/v0.9.1/gofumpt_v0.9.1_darwin_amd64",
         ],
         executable = True,
         downloaded_file_path = "gofumpt",
-        sha256 = "0dda6600cf263b703a5ad93e792b06180c36afdee9638617a91dd552f2c6fb3e",
+        sha256 = "62a54abe6488062fa79fbb56b44436c1d68805a9b7ce314a3fbfa37d9c17dc52",
     )
     http_file(
         name = "com_github_mvdan_gofumpt_darwin_arm64",
         urls = [
-            "https://cdn.confidential.cloud/constellation/cas/sha256/7e66e92b7a67d1d12839ab030fb7ae38e5e2273474af3762e67bc7fe9471fcd9",
-            "https://github.com/mvdan/gofumpt/releases/download/v0.8.0/gofumpt_v0.8.0_darwin_arm64",
+            "https://cdn.confidential.cloud/constellation/cas/sha256/3821782c96d1c322c0ba6c0e7078b897e29997bdd14be5fa8cf9821ee14b3845",
+            "https://github.com/mvdan/gofumpt/releases/download/v0.9.1/gofumpt_v0.9.1_darwin_arm64",
         ],
         executable = True,
         downloaded_file_path = "gofumpt",
-        sha256 = "7e66e92b7a67d1d12839ab030fb7ae38e5e2273474af3762e67bc7fe9471fcd9",
+        sha256 = "3821782c96d1c322c0ba6c0e7078b897e29997bdd14be5fa8cf9821ee14b3845",
     )
 
 def _tfsec_deps():
diff --git a/e2e/internal/upgrade/upgrade.go b/e2e/internal/upgrade/upgrade.go
index 09452bf13..226ae0a74 100644
--- a/e2e/internal/upgrade/upgrade.go
+++ b/e2e/internal/upgrade/upgrade.go
@@ -168,18 +168,18 @@ func runCommandWithSeparateOutputs(cmd *exec.Cmd) (stdout, stderr []byte, err er
 	stdoutIn, err := cmd.StdoutPipe()
 	if err != nil {
 		err = fmt.Errorf("create stdout pipe: %w", err)
-		return
+		return stdout, stderr, err
 	}
 	stderrIn, err := cmd.StderrPipe()
 	if err != nil {
 		err = fmt.Errorf("create stderr pipe: %w", err)
-		return
+		return stdout, stderr, err
 	}
 
 	err = cmd.Start()
 	if err != nil {
 		err = fmt.Errorf("start command: %w", err)
-		return
+		return stdout, stderr, err
 	}
 
 	continuouslyPrintOutput := func(r io.Reader, prefix string, wg *sync.WaitGroup) {
diff --git a/hack/oci-pin/oci-pin.go b/hack/oci-pin/oci-pin.go
index 1c68e42d3..50f31ed90 100644
--- a/hack/oci-pin/oci-pin.go
+++ b/hack/oci-pin/oci-pin.go
@@ -111,5 +111,5 @@ func splitRepoTag(ref string) (registry, prefix, name, tag string, err error) {
 		prefix = fullName[:nameSep]
 		name = fullName[nameSep+1:]
 	}
-	return
+	return registry, prefix, name, tag, err
 }
diff --git a/internal/attestation/snp/snp.go b/internal/attestation/snp/snp.go
index a296d7721..881baec69 100644
--- a/internal/attestation/snp/snp.go
+++ b/internal/attestation/snp/snp.go
@@ -215,18 +215,18 @@ func (a *InstanceInfo) ParseCertChain() (ask, ark *x509.Certificate, retErr erro
 	for block, rest = pem.Decode(rest); block != nil; block, rest = pem.Decode(rest) {
 		if i > 2 {
 			retErr = fmt.Errorf("parse certificate %d: more than 2 certificates in chain", i)
-			return
+			return ask, ark, retErr
 		}
 
 		if block.Type != "CERTIFICATE" {
 			retErr = fmt.Errorf("parse certificate %d: expected PEM block type 'CERTIFICATE', got '%s'", i, block.Type)
-			return
+			return ask, ark, retErr
 		}
 
 		cert, err := x509.ParseCertificate(block.Bytes)
 		if err != nil {
 			retErr = fmt.Errorf("parse certificate %d: %w", i, err)
-			return
+			return ask, ark, retErr
 		}
 
 		// https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/57230.pdf
@@ -238,7 +238,7 @@ func (a *InstanceInfo) ParseCertChain() (ask, ark *x509.Certificate, retErr erro
 			ark = cert
 		default:
 			retErr = fmt.Errorf("parse certificate %d: unexpected subject CN %s", i, cert.Subject.CommonName)
-			return
+			return ask, ark, retErr
 		}
 
 		i++
@@ -251,7 +251,7 @@ func (a *InstanceInfo) ParseCertChain() (ask, ark *x509.Certificate, retErr erro
 		retErr = fmt.Errorf("remaining PEM block is not a valid certificate: %s", rest)
 	}
 
-	return
+	return ask, ark, retErr
 }
 
 // ParseReportSigner parses the VCEK/VLEK certificate from the instanceInfo into an x509-formatted certificate.
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index 1c9fbe50f..42ba611ca 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -1108,7 +1108,7 @@ func getConfigAsMap(conf *Config, t *testing.T) (res configMap) {
 	if err := yaml.Unmarshal(bytes, &res); err != nil {
 		t.Fatal(err)
 	}
-	return
+	return res
 }
 
 type stubAttestationFetcher struct{}
diff --git a/internal/constellation/helm/versionlister.go b/internal/constellation/helm/versionlister.go
index c5faf1aea..efcb8cdb1 100644
--- a/internal/constellation/helm/versionlister.go
+++ b/internal/constellation/helm/versionlister.go
@@ -44,7 +44,7 @@ func (c ReleaseVersionClient) listAction(release string) (res []*helmrelease.Rel
 		res, err = action.Run()
 		return err
 	})
-	return
+	return res, err
 }
 
 // Versions queries the cluster for running versions and returns a map of releaseName -> version.
diff --git a/internal/constellation/kubecmd/kubecmd_test.go b/internal/constellation/kubecmd/kubecmd_test.go
index 3e861afb7..f5ae1e472 100644
--- a/internal/constellation/kubecmd/kubecmd_test.go
+++ b/internal/constellation/kubecmd/kubecmd_test.go
@@ -880,7 +880,7 @@ func supportedValidK8sVersions() (res []versions.ValidK8sVersion) {
 	for _, v := range versions.SupportedK8sVersions() {
 		res = append(res, versions.ValidK8sVersion(v))
 	}
-	return
+	return res
 }
 
 var kubeadmClusterConfigurationV1Beta3 = `
diff --git a/internal/sigstore/sign.go b/internal/sigstore/sign.go
index 84fb58652..1f2262e86 100644
--- a/internal/sigstore/sign.go
+++ b/internal/sigstore/sign.go
@@ -46,7 +46,7 @@ func (s signer) Sign(content []byte) (signature []byte, err error) {
 	if err != nil {
 		return signature, fmt.Errorf("sign version file: %w", err)
 	}
-	return
+	return signature, err
 }
 
 // SignContent signs the content with the cosign encrypted private key and corresponding cosign password.