chore(deps): bump mvdan.cc/sh/v3 from 3.12.0 to 3.13.0

[dependabot]

Bumps mvdan.cc/sh/v3 from 3.12.0 to 3.13.0.

Release notes

Sourced from mvdan.cc/sh/v3's releases.

v3.13.0

This release introduces support for Zsh in the parser and formatter, which was tracked in issue #120 alongside the label https://github.com/mvdan/sh/labels/zsh. While support is not complete, it should be far enough for many use cases.

This release also drops support for Go 1.24 and includes many other enhancements:

• cmd/shfmt
  • Exit with a non-zero status when -l prints any filenames
  • shfmt -version is now derived from the git current tag, dropping the -ldflags workaround
• syntax
  • New nodes types and node fields are introduced alongside LangZsh
  • LangVariant is now a bitset, allowing the use of sets like "Bash-like"
  • Add InteractiveSeq and StmtsSeq iterator methods for Parser
  • Stop exposing the internal buffer in Printer via struct embedding
  • Support the use of brace expansions like declare {a,b}_c=value
  • Fix a bug where POSIX and Bash incorrectly allowed empty command lists
• interp
  • Add support for shopt -s dotglob and shopt -s extglob
  • Add support for simple uses of !(expr) extended glob patterns
  • Support more builtin flags for declare, type, read
  • Fix various bugs relating to nulls, errors, and arrays
• expand
  • Add Config.DotGlob and Config.ExtGlob for the interpreter
  • Add Variable.Flags to get the one-character declare flags
  • Do not force env vars on Windows to be uppercase
  • Fix various bugs relating to glob pattern matching
• pattern
  • Add GlobLeadingDot and ExtendedOperators for the interpreter
  • Add NegExtGlobError to mark the use of !(expr) negation patterns

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.26.1 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Note that this release no longer includes a sha256sums.txt asset; GitHub now provide digests natively.

Changelog

Sourced from mvdan.cc/sh/v3's changelog.

Changelog

Commits

• 5c4d285 cmd/shfmt: bump Go and Alpine in the Dockerfile
• 1ae455b update golang.org/x/sys
• cb484d3 syntax: apply gopls warning suggestion
• 64d9126 syntax: gofmt -w
• 55d279f syntax: simplify zsh logic on left parentheses
• 1cf3c19 syntax: support alternations in zsh test expressions
• 0f0636e syntax: support parsing extended globs in zsh
• a173247 syntax: parse and format zsh >! redirects as >|
• d6bf6c9 syntax: rename ParamExp.Plus to IsSet
• b612daa cmd/shfmt: simplify flag value code
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)