Update all dependencies #1

renovate · 2024-04-16T05:50:00Z

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	`v4.1.1` -> `v5.0.0`
actions/dependency-review-action	action	minor	`v4.2.5` -> `v4.8.0`
actions/setup-go	action	major	`v5.0.0` -> `v6.0.0`
github.com/golangci/golangci-lint	require	major	`v1.64.8` -> `v2.5.0`
github/codeql-action	action	major	`v3.24.10` -> `v4.30.7`
step-security/harden-runner	action	minor	`v2.7.0` -> `v2.13.1`

Release Notes

actions/checkout (actions/checkout)

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

`v4.3.0`

Compare Source

What's Changed

docs: update README.md by @motss in https://github.com/actions/checkout/pull/1971
Add internal repos for checking out multiple repositories by @mouismail in https://github.com/actions/checkout/pull/1977
Documentation update - add recommended permissions to Readme by @benwells in https://github.com/actions/checkout/pull/2043
Adjust positioning of user email note and permissions heading by @joshmgross in https://github.com/actions/checkout/pull/2044
Update README.md by @nebuk89 in https://github.com/actions/checkout/pull/2194
Update CODEOWNERS for actions by @TingluoHuang in https://github.com/actions/checkout/pull/2224
Update package dependencies by @salmanmkc in https://github.com/actions/checkout/pull/2236
Prepare release v4.3.0 by @salmanmkc in https://github.com/actions/checkout/pull/2237

New Contributors

@motss made their first contribution in https://github.com/actions/checkout/pull/1971
@mouismail made their first contribution in https://github.com/actions/checkout/pull/1977
@benwells made their first contribution in https://github.com/actions/checkout/pull/2043
@nebuk89 made their first contribution in https://github.com/actions/checkout/pull/2194
@salmanmkc made their first contribution in https://github.com/actions/checkout/pull/2236

Full Changelog: actions/checkout@v4...v4.3.0

`v4.2.2`

Compare Source

url-helper.ts now leverages well-known environment variables by @jww3 in #1941
Expand unit test coverage for isGhes by @jww3 in #1946

`v4.2.1`

Compare Source

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in #1924

`v4.2.0`

Compare Source

Add Ref and Commit outputs by @lucacome in #1180
Dependency updates by @dependabot- #1777, #1872

`v4.1.7`

Compare Source

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in #1739
Bump actions/checkout from 3 to 4 by @dependabot in #1697
Check out other refs/* by commit by @orhantoy in #1774
Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in #1776

`v4.1.6`

Compare Source

Check platform to set archive extension appropriately by @cory-miller in #1732

`v4.1.5`

Compare Source

Update NPM dependencies by @cory-miller in #1703
Bump github/codeql-action from 2 to 3 by @dependabot in #1694
Bump actions/setup-node from 1 to 4 by @dependabot in #1696
Bump actions/upload-artifact from 2 to 4 by @dependabot in #1695
README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in #1707

`v4.1.4`

Compare Source

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in #1692
Add dependabot config by @cory-miller in #1688
Bump the minor-actions-dependencies group with 2 updates by @dependabot in #1693
Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in #1643

`v4.1.3`

Compare Source

Check git version before attempting to disable sparse-checkout by @jww3 in #1656
Add SSH user parameter by @cory-miller in #1685
Update actions/checkout version in update-main-version.yml by @jww3 in #1650

`v4.1.2`

Compare Source

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in #1598

actions/dependency-review-action (actions/dependency-review-action)

`v4.8.0`

Compare Source

What's Changed

Make Ruby Code Scannable by @ljones140 in #978
Batch some contributions for release by @brrygrdn in #986
- Make license lists collapsable by @jasperkamerling
- feat: add large summary handling with artifact upload by @MattMencel

New Contributors

@ljones140 made their first contribution in #978
@jasperkamerling made their first contribution in #986
@MattMencel made their first contribution in #986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

`v4.7.4`

Compare Source

`v4.7.3`: 4.7.3

Compare Source

What's Changed

Add explicit permissions to workflow files by @AshelyTC in #966
Claire153/fix spamming mentioned issue by @claire153 in #974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

`v4.7.2`: 4.7.2

Compare Source

What's Changed

Add Missing Languages to CodeQL Advanced Configuration by @KyFaSt in #945
Deprecate deny lists by @claire153 in #958
Address discrepancy between docs and reality by @ahpook in #960

New Contributors

@KyFaSt made their first contribution in #945
@claire153 made their first contribution in #958
@ahpook made their first contribution in #960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

`v4.7.1`

Compare Source

Packages added to allow-dependencies-licenses will be allowed even if the package in question has no license information #889
License expressions (e.g. Ruby OR GPL-2.0) in the allow list are automatically discarded so that they don't invalidate the whole allow list, which should just be license identifier (e.g. Ruby)

`v4.7.0`

Compare Source

Handle complex license expressions (e.g. MIT AND GPL-2.0) in allow lists (fixes #809 and probably others)
Replace OTHER in package licenses with LicenseRef-clearlydefined-OTHER so that parsing passes

`v4.6.0`

Compare Source

What's Changed

Updating multiple dependency versions by @Ahmed3lmallah in #870
Grouping minor and patch dependabot updates to lessen the number of PRs by @Ahmed3lmallah in #876
Bump actions/stale from 9.0.0 to 9.1.0 by @dependabot in #878
Bump undici from 5.28.4 to 5.28.5 by @dependabot in #877
DR Action should link to the proxima stamp when appropriate in error messages by @AshelyTC in #891
Allow deny package removal by @ellenfieldn in #888
Fix typos by @omahs in #893
Bump esbuild from 0.19.5 to 0.25.0 by @dependabot in #900
Bump octokit and related dependencies by @RomanIakovlev in #904
Bump @babel/helpers from 7.23.2 to 7.26.10 by @dependabot in #905
Bump @octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 by @dependabot in #899
Update transitive dependency spdx-license-ids by @ailox in #855
To not print OpenSSF Scorecard section if no dependencies scanned by @fabasoad in #884
Improve usage of this action in dependency-review.yml by @fabasoad in #883
Clarify comment-summary-in-pr behaviour by @Pantelis-Santorinios in #902
Prepare 4.6.0 Release candidate by @brrygrdn in #910

New Contributors

@AshelyTC made their first contribution in #891
@ellenfieldn made their first contribution in #888
@omahs made their first contribution in #893
@RomanIakovlev made their first contribution in #904
@ailox made their first contribution in #855
@fabasoad made their first contribution in #884
@Pantelis-Santorinios made their first contribution in #902
@brrygrdn made their first contribution in #910

Full Changelog: actions/dependency-review-action@v4.5.0...v4.6.0

`v4.5.0`

Compare Source

What's Changed

Bump got from 14.4.2 to 14.4.3 by @dependabot in #844
Bump nodemon from 3.1.0 to 3.1.7 by @dependabot in #847
Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in #849
Overriding the cross-spawn dependency to use a safe version by @Ahmed3lmallah in #850
fix: add summary comment on failure when warn-only: true by @ebickle in #827
Prepare for 4.5.0 release by @Ahmed3lmallah in #851

New Contributors

@ebickle made their first contribution in #827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

`v4.4.0`

Compare Source

What's Changed

Fix for merge_group event bug by @Ahmed3lmallah in #846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

`v4.3.5`

Compare Source

What's Changed

fix: getRefs function to handle merge_group events by @louis-bompart in #766
Create pull_request_template.md by @jonjanego in #794
Update CONTRIBUTING.md by @jonjanego in #793
Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in #815
Upgrade transitive micromatch library by @elireisman in #829
Do not list changed dependencies in summary by @hmaurer in #828
Update stale.yaml by @jonjanego in #832
Bump got from 14.4.1 to 14.4.2 by @dependabot in #822
Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in #840

New Contributors

@louis-bompart made their first contribution in #766
@Ahmed3lmallah made their first contribution in #840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

`v4.3.4`

Compare Source

What's Changed

Include all added dependencies in scorecard entries by @elireisman in #783
Update SPDX Expression Parsing by @febuiles in #719
- This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

`v4.3.3`: Notes for v4.3.3

Compare Source

What's Changed

Allow slashes in purl package names by @juxtin in #765
use the v3 version of the deps.dev API by @josieang in #741
PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @am-stead in #773
fix show-openssf-scorecard-levels input by @ramann in #776
Updates to the contribution guidelines by @jonjanego in #778
Create issue templates by @jonjanego in #777
Fix the max comment length issue by @jhutchings1 and @elireisman in #767
Bump project version to 4.3.3 in prep for a release by @elireisman in #781

New Contributors

@josieang made their first contribution in #741
@am-stead made their first contribution in #773
@ramann made their first contribution in #776

Full Changelog: actions/dependency-review-action@v4.3.2...v4.3.3

`v4.3.2`

Compare Source

What's Changed

Fix package-url parsing for allow-dependencies-licenses by @juxtin in #761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

`v4.3.1`

Compare Source

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See #753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

`v4.3.0`

Compare Source

New Features

The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

Fix action variable name for scorecard by @lukehinds in #735
Fix extra https:// in summary by @jhutchings1 in #748
Bump typescript from 5.3.3 to 5.4.5 by @dependabot in #744
Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @dependabot in #737
Show denied packages with red X by @juxtin in #750
deny-packages configuration option can deny specified version or all packages by @febuiles and @bteng22 in #733

New Contributors

@bteng22 made their first contribution in #733
@lukehinds made their first contribution in #735

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

actions/setup-go (actions/setup-go)

`v6.0.0`

Compare Source

What's Changed

Breaking Changes

Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in #460
Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in #624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in #589
Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in #591
Upgrade @typescript-eslint/parser from 8.31.1 to 8.35.1 by @dependabot[bot] in #590
Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in #594
Upgrade typescript from 5.4.2 to 5.8.3 by @dependabot[bot] in #538
Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in #603
Upgrade form-data to bring in fix for critical vulnerability by @matthewhughes934 in #618
Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in #631

New Contributors

@matthewhughes934 made their first contribution in #618
@salmanmkc made their first contribution in #624

Full Changelog: actions/setup-go@v5...v6.0.0

`v5.5.0`

Compare Source

What's Changed

Bug fixes:

Update self-hosted environment validation by @priyagupta108 in #556
Add manifest validation and improve error handling by @priyagupta108 in #586
Update template link by @jsoref in #527

Dependency updates:

Upgrade @action/cache from 4.0.2 to 4.0.3 by @aparnajyothi-y in #574
Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in #573
Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in #582
Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @dependabot in #537

New Contributors

@jsoref made their first contribution in #527

Full Changelog: actions/setup-go@v5...v5.5.0

`v5.4.0`

Compare Source

What's Changed

Dependency updates :

Upgrade semver from 7.6.0 to 7.6.3 by @dependabot in #535
Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @dependabot in #536
Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in #568
Upgrade undici from 5.28.4 to 5.28.5 by @dependabot in #541

New Contributors

@aparnajyothi-y made their first contribution in #568

Full Changelog: actions/setup-go@v5...v5.4.0

`v5.3.0`

Compare Source

What's Changed

Use the new cache service: upgrade @actions/cache to ^4.0.0 by @Link- in #531
Configure Dependabot settings by @HarithaVattikuti in #530
Document update - permission section by @HarithaVattikuti in #533
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in #534

New Contributors

@Link- made their first contribution in #531

Full Changelog: actions/setup-go@v5...v5.3.0

`v5.2.0`

Compare Source

What's Changed

Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @Shegox in #496

New Contributors

@Shegox made their first contribution in #496

Full Changelog: actions/setup-go@v5...v5.2.0

`v5.1.0`

Compare Source

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in #500
Upgrade IA Publish by @Jcambass in #502
Add architecture to cache key by @Zxilly in #493
This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
Note: This change may break previous cache keys as they will no longer be compatible with the new format.
Enhance workflows and Upgrade micromatch Dependency by @priyagupta108 in #510

Bug Fixes

Revise isGhes logic by @jww3 in #511

New Contributors

@Zxilly made their first contribution in #493
@Jcambass made their first contribution in #500
@jww3 made their first contribution in #511
@priyagupta108 made their first contribution in #510

Full Changelog: actions/setup-go@v5...v5.1.0

`v5.0.2`

Compare Source

What's Changed

Bug fixes:

Fix versions check failure by @HarithaVattikuti in #479

Dependency updates:

Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by @dependabot in #487

New Contributors

@HarithaVattikuti made their first contribution in #479

Full Changelog: actions/setup-go@v5...v5.0.2

`v5.0.1`

Compare Source

What's Changed

Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by @dependabot , @HarithaVattikuti in #465
Update documentation with latest V5 release notes by @ab in #459
Update version documentation by @178inaba in #458
Documentation update of actions/setup-go to v5 by @chenrui333 in #449

New Contributors

@ab made their first contribution in #459

Full Changelog: actions/setup-go@v5.0.0...v5.0.1

golangci/golangci-lint (github.com/golangci/golangci-lint)

`v2.5.0`

Compare Source

New linters
- Add godoclint linter https://github.com/godoc-lint/godoc-lint
- Add unqueryvet linter https://github.com/MirrexOne/unqueryvet
- Add iotamixing linter https://github.com/AdminBenni/iota-mixing
Linters new features or changes
- embeddedstructfieldcheck: from 0.3.0 to 0.4.0 (new option: empty-line)
- err113: from aea10b5 to 0.1.1 (skip internals of Is methods for error type)
- ginkgolinter: from 0.20.0 to 0.21.0 (new option: force-tonot)
- gofumpt: from 0.8.0 to 0.9.1 (new rule is to "clothe" naked returns for the sake of clarity)
- ineffassign: from 0.1.0 to 0.2.0 (new option: check-escaping-errors)
- musttag: from 0.13.1 to 0.14.0 (support interface methods)
- revive: from 1.11.0 to 1.12.0 (new options: identical-ifelseif-branches, identical-ifelseif-conditions, identical-switch-branches, identical-switch-conditions, package-directory-mismatch, unsecure-url-scheme, use-waitgroup-go, useless-fallthrough)
- thelper: from 0.6.3 to 0.7.1 (skip t.Helper in functions passed to synctest.Test)
- wsl: from 5.1.1 to 5.2.0 (improvements related to subexpressions)
Linters bug fixes
- asciicheck: from 0.4.1 to 0.5.0
- errname: from 1.1.0 to 1.1.1
- fatcontext: from 0.8.0 to 0.8.1
- go-printf-func-name: from 0.1.0 to 0.1.1
- godot: from 1.5.1 to 1.5.4
- gosec: from 2.22.7 to 2.22.8
- nilerr: from 0.1.1 to a temporary fork
- nilnil: from 1.1.0 to 1.1.1
- protogetter: from 0.3.15 to 0.3.16
- tagliatelle: from 0.7.1 to 0.7.2
- testifylint: from 1.6.1 to 1.6.4
Misc.
- fix: "no export data" errors are now handled as a standard typecheck error
Documentation
- Improve nolint section about syntax

`v2.4.0`

Compare Source

Enhancements
- 🎉 go1.25 support
Linters new features or changes
- exhaustruct: from v3.3.1 to 4.0.0 (new options: allow-empty, allow-empty-rx, allow-empty-returns, allow-empty-declarations)
Linters bug fixes
- godox: trim filepath from report messages
- staticcheck: allow empty options
- tagalign: from 1.4.2 to 1.4.3
Documentation
- 🌟 New website (with a search engine)

`v2.3.1`

Compare Source

Linters bug fixes
- gci: from 0.13.6 to 0.13.7
- gosec: from 2.22.6 to 2.22.7
- noctx: from 0.3.5 to 0.4.0
- wsl: from 5.1.0 to 5.1.1
- tagliatelle: force upper case for custom initialisms

`v2.3.0`

Compare Source

Linters new features or changes
- ginkgolinter: from 0.19.1 to 0.20.0 (new option: force-assertion-description)
- iface: from 1.4.0 to 1.4.1 (report message improvements)
- noctx: from 0.3.4 to 0.3.5 (new detections: log/slog, exec, crypto/tls)
- revive: from 1.10.0 to 1.11.0 (new rule: enforce-switch-style)
- wsl: from 5.0.0 to 5.1.0
Linters bug fixes
- gosec: from 2.22.5 to 2.22.6
- noinlineerr: from 1.0.4 to 1.0.5
- sloglint: from 0.11.0 to 0.11.1
Misc.
- fix: panic close of closed channel

`v2.2.2`

Compare Source

Linters bug fixes
- noinlineerr: from 1.0.3 to 1.0.4
Documentation
- Improve debug keys documentation
Misc.
- fix: panic close of closed channel
- godot: add noinline value into the JSONSchema

`v2.2.1`

Compare Source

Linters bug fixes

varnamelen: fix configuration

`v2.2.0`

Compare Source

New linters
- Add arangolint linter https://github.com/Crocmagnon/arangolint
- Add embeddedstructfieldcheck linter https://github.com/manuelarte/embeddedstructfieldcheck
- Add noinlineerr linter https://github.com/AlwxSin/noinlineerr
- Add swaggo formatter https://github.com/golangci/swaggoswag
Linters new features or changes
- errcheck: add verbose option
- funcorder: from 0.2.1 to 0.5.0 (new option alphabetical)
- gomoddirectives: from 0.6.1 to 0.7.0 (new option ignore-forbidden)
- iface: from 1.3.1 to 1.4.0 (new option unexported)
- noctx: from 0.1.0 to 0.3.3 (new report messages, and new rules related to database/sql)
- noctx: from 0.3.3 to 0.3.4 (new SQL functions detection)
- revive: from 1.9.0 to 1.10.0 (new rules: time-date, unnecessary-format, use-fmt-print)
- usestdlibvars: from 1.28.0 to 1.29.0 (new option time-date-month)
- wsl: deprecation
- wsl_v5: from 4.7.0 to 5.0.0 (major version with new configuration)
Linters bug fixes
- dupword: from 0.1.3 to 0.1.6
- exptostd: from 0.4.3 to 0.4.4
- forbidigo: from 1.6.0 to 2.1.0
- gci: consistently format the code
- go-spancheck: from 0.6.4 to 0.6.5
- goconst: from 1.8.1 to 1.8.2
- gosec: from 2.22.3 to 2.22.4
- gosec: from 2.22.4 to 2.22.5
- makezero: from 1.2.0 to 2.0.1
- misspell: from 0.6.0 to 0.7.0
- usetesting: from 0.4.3 to 0.5.0
Misc.
- exclusions: fix path-expect
- formatters: write the input to stdout when using stdin and there are no changes
- migration: improve the error message when trying to migrate a migrated config
- typecheck: deduplicate errors
- typecheck: stops the analysis after the first error
- Deprecate print-resources-usage flag
- Unique version per custom build
Documentation
- Improves typecheck FAQ
- Adds plugin systems recommendations
- Add description for linters.default sets

`v2.1.6`

Compare Source

Linters bug fixes
- godot: from 1.5.0 to 1.5.1
- musttag: from 0.13.0 to 0.13.1
Documentation
- Add note about golangci-lint v2 integration in VS Code

`v2.1.5`

Compare Source

Due to an error related to Snapcraft, some artifacts of the v2.1.4 release have not been published.

This release contains the same things as v2.1.3.

`v2.1.4`

Compare Source

Due to an error related to Snapcraft, some artifacts of the v2.1.3 release have not been published.

This release contains the same things as v2.1.3.

`v2.1.3`

Compare Source

Linters bug fixes
- fatcontext: from 0.7.2 to 0.8.0
Misc.
- migration: fix nakedret.max-func-lines: 0
- migration: fix order of staticcheck settings
- fix: add go.mod hash to the cache salt
- fix: use diagnostic position for related information position

[`v2.1.2`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v21

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2024-06-05T23:24:43Z

ℹ Artifact update notice

File name: hack/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

65 additional dependencies were updated

Details:

Package	Change
`github.com/4meepo/tagalign`	`v1.4.2` -> `v1.4.3`
`github.com/Abirdcfly/dupword`	`v0.1.3` -> `v0.1.6`
`github.com/Antonboom/errname`	`v1.0.0` -> `v1.1.1`
`github.com/Antonboom/nilnil`	`v1.0.1` -> `v1.1.1`
`github.com/Antonboom/testifylint`	`v1.5.2` -> `v1.6.4`
`github.com/BurntSushi/toml`	`v1.4.1-0.20240526193622-a339e1f7089c` -> `v1.5.0`
`github.com/Djarvur/go-err113`	`v0.0.0-20210108212216-aea10b59be24` -> `v0.1.1`
`github.com/Masterminds/semver/v3`	`v3.3.0` -> `v3.3.1`
`github.com/alexkohler/nakedret/v2`	`v2.0.5` -> `v2.0.6`
`github.com/alingse/nilnesserr`	`v0.1.2` -> `v0.2.0`
`github.com/bombsimon/wsl/v4`	`v4.5.0` -> `v4.7.0`
`github.com/breml/bidichk`	`v0.3.2` -> `v0.3.3`
`github.com/breml/errchkjson`	`v0.4.0` -> `v0.4.1`
`github.com/butuzov/ireturn`	`v0.3.1` -> `v0.4.0`
`github.com/catenacyber/perfsprint`	`v0.8.2` -> `v0.9.1`
`github.com/ccojocar/zxcvbn-go`	`v1.0.2` -> `v1.0.4`
`github.com/ckaznocha/intrange`	`v0.3.0` -> `v0.3.1`
`github.com/daixiang0/gci`	`v0.13.5` -> `v0.13.7`
`github.com/firefart/nonamedreturns`	`v1.0.5` -> `v1.0.6`
`github.com/ghostiam/protogetter`	`v0.3.9` -> `v0.3.16`
`github.com/go-critic/go-critic`	`v0.12.0` -> `v0.13.0`
`github.com/go-viper/mapstructure/v2`	`v2.2.1` -> `v2.4.0`
`github.com/golangci/go-printf-func-name`	`v0.1.0` -> `v0.1.1`
`github.com/golangci/misspell`	`v0.6.0` -> `v0.7.0`
`github.com/golangci/plugin-module-register`	`v0.1.1` -> `v0.1.2`
`github.com/golangci/unconvert`	`v0.0.0-20240309020433-c5143eacb3ed` -> `v0.0.0-20250410112200-a129a6e6413e`
`github.com/gordonklaus/ineffassign`	`v0.1.0` -> `v0.2.0`
`github.com/jgautheron/goconst`	`v1.7.1` -> `v1.8.2`
`github.com/jjti/go-spancheck`	`v0.6.4` -> `v0.6.5`
`github.com/kulti/thelper`	`v0.6.3` -> `v0.7.1`
`github.com/kunwardeep/paralleltest`	`v1.0.10` -> `v1.0.14`
`github.com/ldez/exptostd`	`v0.4.2` -> `v0.4.4`
`github.com/ldez/gomoddirectives`	`v0.6.1` -> `v0.7.0`
`github.com/ldez/grignotin`	`v0.9.0` -> `v0.10.1`
`github.com/ldez/tagliatelle`	`v0.7.1` -> `v0.7.2`
`github.com/ldez/usetesting`	`v0.4.2` -> `v0.5.0`
`github.com/macabu/inamedparam`	`v0.1.3` -> `v0.2.0`
`github.com/mgechev/revive`	`v1.7.0` -> `v1.12.0`
`github.com/nunnatsa/ginkgolinter`	`v0.19.1` -> `v0.21.0`
`github.com/pelletier/go-toml/v2`	`v2.2.3` -> `v2.2.4`
`github.com/polyfloyd/go-errorlint`	`v1.7.1` -> `v1.8.0`
`github.com/quasilyte/go-ruleguard`	`v0.4.3-0.20240823090925-0fe6f58b47b1` -> `v0.4.4`
`github.com/ryancurrah/gomodguard`	`v1.3.5` -> `v1.4.1`
`github.com/santhosh-tekuri/jsonschema/v6`	`v6.0.1` -> `v6.0.2`
`github.com/sashamelentyev/usestdlibvars`	`v1.28.0` -> `v1.29.0`
`github.com/securego/gosec/v2`	`v2.22.2` -> `v2.22.8`
`github.com/sonatard/noctx`	`v0.1.0` -> `v0.4.0`
`github.com/spf13/afero`	`v1.12.0` -> `v1.14.0`
`github.com/spf13/cobra`	`v1.9.1` -> `v1.10.1`
`github.com/spf13/pflag`	`v1.0.6` -> `v1.0.10`
`github.com/stretchr/testify`	`v1.10.0` -> `v1.11.1`
`github.com/tetafro/godot`	`v1.5.0` -> `v1.5.4`
`github.com/timakin/bodyclose`	`v0.0.0-20241017074812-ed6a65f985e3` -> `v0.0.0-20241222091800-1db5c5ca4d67`
`github.com/timonwong/loggercheck`	`v0.10.1` -> `v0.11.0`
`github.com/tomarrell/wrapcheck/v2`	`v2.10.0` -> `v2.11.0`
`github.com/uudashr/iface`	`v1.3.1` -> `v1.4.1`
`github.com/xen0n/gosmopolitan`	`v1.2.2` -> `v1.3.0`
`go-simpler.org/musttag`	`v0.13.0` -> `v0.14.0`
`go-simpler.org/sloglint`	`v0.9.0` -> `v0.11.1`
`go.uber.org/multierr`	`v1.6.0` -> `v1.10.0`
`go.uber.org/zap`	`v1.24.0` -> `v1.27.0`
`golang.org/x/exp/typeparams`	`v0.0.0-20250210185358-939b2ce775ac` -> `v0.0.0-20250911091902-df9299821621`
`golang.org/x/text`	`v0.22.0` -> `v0.29.0`
`google.golang.org/protobuf`	`v1.36.5` -> `v1.36.6`
`mvdan.cc/unparam`	`v0.0.0-20240528143540-8a5130ca722f` -> `v0.0.0-20250301125049-0df0534333a4`

socket-security · 2025-08-08T03:15:18Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/golangci/golangci-lint/v2@v2.5.0
	golang.org/x/tools@v0.20.0 ⏵ v0.38.0	⁺¹
	mvdan.cc/gofumpt@v0.6.0 ⏵ v0.9.1	⁺¹

View full report

renovate bot force-pushed the renovate/all branch from ae6a3fb to 842baa7 Compare April 17, 2024 20:40

renovate bot changed the title ~~chore(deps): update github/codeql-action action to v3.25.0~~ chore(deps): update github/codeql-action action to v3.25.1 Apr 17, 2024

renovate bot force-pushed the renovate/all branch from 842baa7 to e2243e8 Compare April 22, 2024 14:58

renovate bot changed the title ~~chore(deps): update github/codeql-action action to v3.25.1~~ chore(deps): update all dependencies Apr 22, 2024

renovate bot force-pushed the renovate/all branch 3 times, most recently from cc906c6 to e3a956f Compare April 30, 2024 23:24

renovate bot force-pushed the renovate/all branch 4 times, most recently from 77cd525 to 2337ee7 Compare May 9, 2024 05:25

renovate bot force-pushed the renovate/all branch from 2337ee7 to 3c756dc Compare May 14, 2024 05:54

renovate bot force-pushed the renovate/all branch 2 times, most recently from e284f6a to d3c0cea Compare May 27, 2024 17:43

renovate bot force-pushed the renovate/all branch from d3c0cea to 646c02a Compare June 1, 2024 08:48

renovate bot force-pushed the renovate/all branch 3 times, most recently from 1ce49b1 to 9dbea1b Compare June 10, 2024 08:01

renovate bot force-pushed the renovate/all branch from 9dbea1b to 1924faf Compare June 14, 2024 23:58

renovate bot force-pushed the renovate/all branch 2 times, most recently from 2df9e29 to 2414e28 Compare July 2, 2024 20:31

renovate bot force-pushed the renovate/all branch 3 times, most recently from 898e771 to 7bed420 Compare July 12, 2024 18:00

renovate bot force-pushed the renovate/all branch 2 times, most recently from bd4aab1 to e928e31 Compare July 26, 2024 02:29

renovate bot force-pushed the renovate/all branch from e928e31 to c7015c1 Compare July 27, 2024 15:00

renovate bot force-pushed the renovate/all branch 2 times, most recently from e80c830 to a4905f4 Compare August 14, 2024 05:41

renovate bot force-pushed the renovate/all branch from ba1bf2e to b482390 Compare June 15, 2025 00:13

renovate bot force-pushed the renovate/all branch from b482390 to fbdbdeb Compare July 5, 2025 08:08

renovate bot force-pushed the renovate/all branch from fbdbdeb to 6b4ce1a Compare July 13, 2025 03:59

renovate bot force-pushed the renovate/all branch from 6b4ce1a to e9869d8 Compare July 27, 2025 04:11

renovate bot force-pushed the renovate/all branch 3 times, most recently from a18b97c to 261592f Compare August 8, 2025 03:14

renovate bot force-pushed the renovate/all branch 2 times, most recently from aa4b3b0 to 9a7012f Compare August 15, 2025 19:35

renovate bot force-pushed the renovate/all branch from 9a7012f to f82a67a Compare August 23, 2025 15:27

renovate bot force-pushed the renovate/all branch 5 times, most recently from 0cc89b9 to 507840e Compare September 6, 2025 14:50

renovate bot force-pushed the renovate/all branch 2 times, most recently from 4c47ee1 to a57c1a7 Compare September 10, 2025 20:15

renovate bot force-pushed the renovate/all branch 3 times, most recently from afa11bf to 1a0d3c2 Compare September 27, 2025 07:49

renovate bot force-pushed the renovate/all branch 3 times, most recently from b157763 to ec97e65 Compare October 9, 2025 20:14

renovate bot changed the title ~~fix(deps): update all dependencies~~ Update all dependencies Oct 9, 2025

renovate bot force-pushed the renovate/all branch from ec97e65 to 37fb854 Compare October 9, 2025 20:22

Update all dependencies

55ade85

renovate bot force-pushed the renovate/all branch from 37fb854 to 55ade85 Compare October 9, 2025 21:13

paralin merged commit b6f052c into master Oct 9, 2025
3 of 5 checks passed

renovate bot deleted the renovate/all branch October 9, 2025 21:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update all dependencies #1

Update all dependencies #1

Uh oh!

renovate bot commented Apr 16, 2024 •

edited

Loading

Uh oh!

renovate bot commented Jun 5, 2024 •

edited

Loading

Uh oh!

socket-security bot commented Aug 8, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

Update all dependencies #1

Update all dependencies #1

Uh oh!

Conversation

renovate bot commented Apr 16, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

What's Changed

⚠️ Minimum Compatible Runner Version

What's Changed

New Contributors

What's Changed

New Contributors

v4.7.3: 4.7.3

What's Changed

v4.7.2: 4.7.2

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

New Contributors

What's Changed

v4.3.3: Notes for v4.3.3

What's Changed

New Contributors

What's Changed

What's Changed

New Features

What's Changed

New Contributors

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

What's Changed

Bug fixes:

Dependency updates:

New Contributors

What's Changed

Dependency updates :

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

Bug fixes:

Dependency updates:

New Contributors

What's Changed

New Contributors

[v2.1.2](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v21

Configuration

Uh oh!

renovate bot commented Jun 5, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ Artifact update notice

File name: hack/go.mod

Uh oh!

socket-security bot commented Aug 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

renovate bot commented Apr 16, 2024 •

edited

Loading

`v4.7.3`: 4.7.3

`v4.7.2`: 4.7.2

`v4.3.3`: Notes for v4.3.3

[`v2.1.2`](https://redirect.github.com/golangci/golangci-lint/blob/HEAD/CHANGELOG.md#v21

renovate bot commented Jun 5, 2024 •

edited

Loading

socket-security bot commented Aug 8, 2025 •

edited

Loading