chore: bump vendor/zoekt to include CodeQL security fixes

msukkari · claude · msukkari · commit 4001a1b3e866 · 2026-04-20T23:12:30.000-07:00
Pulls in sourcebot-dev/zoekt#13 (open), which resolves all open CodeQL security alerts on the zoekt repo: - go/clear-text-logging (high) in gitindex/clone.go - go/incorrect-integer-conversion (high) in api.go and zoekt-sourcegraph-indexserver/sg.go - actions/missing-workflow-permissions (medium x8) in ci.yml and buf-breaking-check.yml - actions/untrusted-checkout/high (high) in semgrep.yml Also carries through the dependency bumps from sourcebot-dev/zoekt#11 and #12 (go-git 5.18.0, grpc 1.80.0, otel 1.43.0) that were merged after #1140 so weren't included when main shipped the original zoekt sync. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/vendor/zoekt b/vendor/zoekt
@@ -1 +1 @@
-Subproject commit da9bf1a3c96b438268e2692c4b4fd7a3d341c2c9
+Subproject commit 945c3e96b253d242b2f2f31df872e81cacaa3bf3
