Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update tool deps #627

Merged
merged 2 commits into from
Feb 22, 2025
Merged

fix(deps): update tool deps #627

merged 2 commits into from
Feb 22, 2025
+381 −438

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 20, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
github.com/Khan/genqlient v0.7.0 -> v0.8.0 age adoption passing confidence require minor
github.com/golangci/golangci-lint v1.62.2 -> v1.64.5 age adoption passing confidence require minor
github.com/google/osv-scanner v1.9.1 -> v1.9.2 age adoption passing confidence require patch
github.com/securego/gosec/v2 v2.21.4 -> v2.22.1 age adoption passing confidence require minor
go (source) 1.23.5 -> 1.24.0 age adoption passing confidence toolchain minor
go.opentelemetry.io/build-tools/crosslink v0.15.0 -> v0.18.0 age adoption passing confidence require minor
go.opentelemetry.io/build-tools/multimod v0.15.0 -> v0.18.0 age adoption passing confidence require minor
golang.org/x/tools v0.28.0 -> v0.30.0 age adoption passing confidence require minor
golang.org/x/vuln v1.1.3 -> v1.1.4 age adoption passing confidence require patch
honnef.co/go/tools v0.5.1 -> v0.6.0 age adoption passing confidence require minor

Release Notes

Khan/genqlient (github.com/Khan/genqlient)

v0.8.0

Compare Source

This release adds support for genqlient subscriptions; see the documentation for more, and thanks to @​matthieu4294967296moineau for the original implementation and @​HaraldNordgren for additional testing and improvements.

Note that genqlient now requires Go 1.22.5 or higher, and is tested through Go 1.23.3.

Breaking changes:
  • genqlient now forbids omitempty: false (including implicit behaviour) when using pointer on non-null input field.
  • The error text for HTTP errors has changed slightly. If you were parsing it, switch to As-ing to graphql.HTTPError.
New features:
  • genqlient now supports subscriptions; the websocket protocol is by default graphql-transport-ws but can be set to another value.
    See the documentation for more details on how to use subscriptions.
  • genqlient now supports double-star globs for schema and query files; see genqlient.yaml docs for more.
  • genqlient now generates slices containing all enum values for each enum type.
  • genqlient now returns Is/As-able errors when the HTTP request returns a non-200 status.
Bug fixes:
  • omitempty validation:
    • allow omitempty on non-nullable input field, if the field has a default
    • allow omitempty: false on an input field, even when it is non-nullable
  • don't do omitempty and pointer input types validation when use_struct_reference is used, as the generated type is often not compatible with validation logic.
  • the allow_broken_features option, which no longer did anything, has been removed
golangci/golangci-lint (github.com/golangci/golangci-lint)

v1.64.5

Compare Source

  1. Bug fixes
    • Add missing flag new-from-merge-base-flag
  2. Linters bug fixes
    • asciicheck: from 0.3.0 to 0.4.0
    • forcetypeassert: from 0.1.0 to 0.2.0
    • gosec: from 2.22.0 to 2.22.1

v1.64.4

Compare Source

  1. Linters bug fixes
    • gci: fix standard packages list for go1.24

v1.64.3

Compare Source

  1. Linters bug fixes
    • ginkgolinter: from 0.18.4 to 0.19.0
    • go-critic: from 0.11.5 to 0.12.0
    • revive: from 1.6.0 to 1.6.1
    • gci: fix standard packages list for go1.24
  2. Misc.
    • Build Docker images with go1.24

v1.64.2

Compare Source

This is the last minor release of golangci-lint v1.
The next release will be golangci-lint v2.

  1. Enhancements
    • 🎉 go1.24 support
    • New issues.new-from-merge-base option
    • New run.relative-path-mode option
  2. Linters new features
    • copyloopvar: from 1.1.0 to 1.2.1 (support suggested fixes)
    • exptostd: from 0.3.1 to 0.4.1 (handles golang.org/x/exp/constraints.Ordered)
    • fatcontext: from 0.5.3 to 0.7.1 (new option: check-struct-pointers)
    • perfsprint: from 0.7.1 to 0.8.1 (new options: integer-format, error-format, string-format, bool-format, and hex-format)
    • revive: from 1.5.1 to 1.6.0 (new rules: redundant-build-tag, use-errors-new. New option early-return.early-return)
  3. Linters bug fixes
    • go-errorlint: from 1.7.0 to 1.7.1
    • gochecknoglobals: from 0.2.1 to 0.2.2
    • godox: from 006bad1 to 1.1.0
    • gosec: from 2.21.4 to 2.22.0
    • iface: from 1.3.0 to 1.3.1
    • nilnesserr: from 0.1.1 to 0.1.2
    • protogetter: from 0.3.8 to 0.3.9
    • sloglint: from 0.7.2 to 0.9.0
    • spancheck: fix default StartSpanMatchersSlice values
    • staticcheck: from 0.5.1 to 0.6.0
  4. Deprecations
    • ⚠️ tenv is deprecated and replaced by usetesting.os-setenv: true.
  5. Misc.
    • Sanitize severities by output format
    • Avoid panic with plugin without description
  6. Documentation
    • Clarify depguard configuration

v1.64.1

Compare Source

Cancelled due to CI failure.

v1.64.0

Compare Source

Cancelled due to CI failure.

v1.63.4

Compare Source

  1. Linters bug fixes
    • dupl, gomodguard, revive: keep only Go-files.

v1.63.3

Compare Source

v1.63.2

Compare Source

v1.63.1

Compare Source

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

v1.63.0

Compare Source

google/osv-scanner (github.com/google/osv-scanner)

v1.9.2

Compare Source

Changelog

Fixes:
  • Bug #​1327 Parsing crash on malformed pnpm lockfile.
  • Bug #​1377 Warn if a vulnerability is ignored multiple times in the same config.
  • Bug #​1394 Guided remediation: handle extraneous/missing packages in package-lock.json more leniently.
  • Bug #​1443 Go call analysis now works with Go version up to v1.23.4.
  • Bug #​1436 Only fetch Maven snapshots and releases when enabled.
  • Bug #​1456 Remove redundant calls from PreFetch.

New Contributors

Full Changelog: google/osv-scanner@v1.9.1...v1.9.2

securego/gosec (github.com/securego/gosec/v2)

v2.22.1

Compare Source

Changelog

v2.22.0

Compare Source

Changelog

  • e0cca6f Update what message for G104 (#​1282)
  • 534689b chore(deps): update module github.com/onsi/ginkgo/v2 to v2.22.2 (#​1281)
  • eb95db1 chore(deps): update all dependencies (#​1280)
  • 6c6da40 chore(deps): update all dependencies (#​1279)
  • b12f51f Simplify sortIssues implementation (#​1277)
  • 54c2185 Enable testifylint and fix up lint issues (#​1276)
  • 36c81ed Refactor AppendError to check for build.NoGoError (#​1273)
  • 9a2d74f chore(deps): update module golang.org/x/net to v0.33.0 [security] (#​1275)
  • 4c5ad91 Update README.md (#​1274)
  • e21b4d4 Rule documentation updates (#​1272)
  • 92de0ee Replace old golang.org links with new go.dev (#​1271)
  • 4fda076 Refactor AppendError to use strings.Contains (#​1270)
  • b01f49e Simplify Analyzer.ignore by reducing nesting (#​1269)
  • b62cc33 Improve capitalization in AI API flags descriptions (#​1267)
  • bc77d16 Remove unused golint dependency (#​1266)
  • ef1a35f Simplify tests by using GinkgoT().TempDir() (#​1265)
  • 09b9143 Documentation on adding new rules and analyzers (#​1262)
  • 1bd92a8 chore(deps): update all dependencies (#​1268)
  • ca55eca Update to go 1.22.10 and 1.23.4 versions (#​1264)
  • 329cad8 chore(deps): update module golang.org/x/crypto to v0.31.0 [security] (#​1263)
  • 08beb25 chore(deps): update all dependencies (#​1261)
  • d566be2 chore(deps): update module github.com/onsi/gomega to v1.36.0 (#​1259)
  • 8c602d0 fix: revive.redefines-builtin-id lint warnings (#​1257)
  • 399e835 Fix typos in comments and fields
  • 229cf63 Remove the decryption funtions/methods from G407 check
  • 699cb55 Upate go to version 1.23.3 and 1.22.9
  • 9b13cd5 Fix G115 false positive when going from parsed uint to larger int
  • 08ea2a5 chore(deps): update all dependencies
  • 4415613 chore(deps): update all dependencies
  • 3274716 chore(deps): update all dependencies
  • 1fb6a46 chore(deps): update all dependencies
  • d2c92ed chore(deps): update all dependencies
  • 4fd9872 Update go version to 1.23.2 and 1.22.8
  • 1501618 chore(deps): update module google.golang.org/api to v0.201.0
  • 7d33bc1 chore(deps): update all dependencies
  • bd8b4b4 chore(deps): update all dependencies
  • 1216c9b Fix the cosign step to authenticate with the container registry
  • 50d1b4a chore(deps): update module google.golang.org/api to v0.199.0
  • c0ba7c7 Update the gosec to v2.21.4 in the Github action
  • a3299ce Add the version into goreleaser config
golang/go (go)

v1.24.0

v1.23.6

open-telemetry/opentelemetry-go-build-tools (go.opentelemetry.io/build-tools/crosslink)

v0.18.0

Compare Source

🛑 Breaking changes 🛑

  • githubgen: githubgen now injects component lists and others into CODEOWNERS and ALLOWLIST files using magic strings instead of writing the complete files. (#​674)

    This feature allows maintainers to have custom content in addition to the component lists and others in their CODEOWNERS and ALLOWLIST files.
    Magic delimiter strings need to be added to CODEOWNERS and ALLOWLIST files fot githubgen to fill in the content.
    Use # Start/End components list, # Start/End distribution list and # Start/End unmaintained components list in your CODEOWNERS file.
    Use # Start/End deprecated components list and # Start/End unmaintained components list in your ALLOWLIST file.
    Also, issue template files need to be updated and use # Start/End components list to fill in the component list.

🧰 Bug fixes 🧰
  • githubgen: Remove internal/common entry in ALLOWLIST (#​669)

v0.17.0

Compare Source

🚀 New components 🚀
  • githubgen: Moved githubgen tool here from open-telemetry/opentelemetry-collector-contrib (#​639)
💡 Enhancements 💡
  • crosslink: Added --skip flag to crosslink tidylist subcommand (#​662)
  • githubgen: Enhanced githubgen tool with more options to better fit arbitrary repos, added unit tests (#​655)

v0.16.0

Compare Source

💡 Enhancements 💡
  • crosslink: Adds a 'tidy' subcommand to generate 'go mod tidy' schedules (#​642)
dominikh/go-tools (honnef.co/go/tools)

v0.6.0

Compare Source

Configuration

📅 Schedule: Branch creation - "before 5am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Pull requests that update a dependency file renovatebot labels Dec 20, 2024
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Dec 20, 2024
edited
Loading

ℹ Artifact update notice

File name: internal/tools/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 89 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.23 -> 1.23.6
4d63.com/gochecknoglobals v0.2.1 -> v0.2.2
cloud.google.com/go v0.115.1 -> v0.116.0
cloud.google.com/go/auth v0.9.4 -> v0.14.1
cloud.google.com/go/auth/oauth2adapt v0.2.4 -> v0.2.7
cloud.google.com/go/compute/metadata v0.5.1 -> v0.6.0
deps.dev/util/maven v0.0.0-20241010035105-b3ba03369df1 -> v0.0.0-20241218001045-3890182485f3
deps.dev/util/resolve v0.0.0-20241010035105-b3ba03369df1 -> v0.0.0-20241218001045-3890182485f3
github.com/4meepo/tagalign v1.3.4 -> v1.4.1
github.com/Antonboom/nilnil v1.0.0 -> v1.0.1
github.com/Crocmagnon/fatcontext v0.5.3 -> v0.7.1
github.com/ProtonMail/go-crypto v1.0.0 -> v1.1.5
github.com/alecthomas/go-check-sumtype v0.2.0 -> v0.3.1
github.com/ashanbrown/makezero v1.1.1 -> v1.2.0
github.com/bombsimon/wsl/v4 v4.4.1 -> v4.5.0
github.com/butuzov/ireturn v0.3.0 -> v0.3.1
github.com/butuzov/mirror v1.2.0 -> v1.3.0
github.com/catenacyber/perfsprint v0.7.1 -> v0.8.1
github.com/charmbracelet/bubbletea v1.1.1 -> v1.2.2
github.com/charmbracelet/lipgloss v0.13.0 -> v1.0.0
github.com/charmbracelet/x/ansi v0.2.3 -> v0.4.5
github.com/charmbracelet/x/term v0.2.0 -> v0.2.1
github.com/ckaznocha/intrange v0.2.1 -> v0.3.0
github.com/curioswitch/go-reassign v0.2.0 -> v0.3.0
github.com/cyphar/filepath-securejoin v0.3.1 -> v0.3.6
github.com/ghostiam/protogetter v0.3.8 -> v0.3.9
github.com/go-critic/go-critic v0.11.5 -> v0.12.0
github.com/go-git/go-billy/v5 v5.5.0 -> v5.6.2
github.com/go-git/go-git/v5 v5.12.0 -> v5.13.2
github.com/go-xmlfmt/xmlfmt v1.1.2 -> v1.1.3
github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9 -> v0.0.0-20250106114630-d62b90e6713d
github.com/golangci/revgrep v0.5.3 -> v0.8.0
github.com/google/generative-ai-go v0.18.0 -> v0.19.0
github.com/google/s2a-go v0.1.8 -> v0.1.9
github.com/googleapis/gax-go/v2 v2.13.0 -> v2.14.1
github.com/gostaticanalysis/forcetypeassert v0.1.0 -> v0.2.0
github.com/jedib0t/go-pretty/v6 v6.6.0 -> v6.6.2
github.com/jjti/go-spancheck v0.6.2 -> v0.6.4
github.com/julz/importas v0.1.0 -> v0.2.0
github.com/karamaru-alpha/copyloopvar v1.1.0 -> v1.2.1
github.com/ldez/gomoddirectives v0.2.4 -> v0.6.1
github.com/matoous/godox v0.0.0-20240105082147-c5b5e0e7c0c0 -> v1.1.0
github.com/mattn/go-colorable v0.1.13 -> v0.1.14
github.com/mgechev/revive v1.5.1 -> v1.6.1
github.com/nunnatsa/ginkgolinter v0.18.3 -> v0.19.0
github.com/pjbgf/sha1cd v0.3.0 -> v0.3.2
github.com/polyfloyd/go-errorlint v1.7.0 -> v1.7.1
github.com/raeperd/recvcheck v0.1.2 -> v0.2.0
github.com/sanposhiho/wastedassign/v2 v2.0.7 -> v2.1.0
github.com/sashamelentyev/usestdlibvars v1.27.0 -> v1.28.0
github.com/spf13/afero v1.11.0 -> v1.12.0
github.com/spf13/pflag v1.0.5 -> v1.0.6
github.com/stbenjam/no-sprintf-host-port v0.1.1 -> v0.2.0
github.com/tdakkota/asciicheck v0.2.0 -> v0.4.0
github.com/tetafro/godot v1.4.18 -> v1.4.20
github.com/timakin/bodyclose v0.0.0-20240125160201-f835fa56326a -> v0.0.0-20241017074812-ed6a65f985e3
github.com/tomarrell/wrapcheck/v2 v2.9.0 -> v2.10.0
github.com/ultraware/funlen v0.1.0 -> v0.2.0
github.com/ultraware/whitespace v0.1.1 -> v0.2.0
github.com/uudashr/gocognit v1.1.3 -> v1.2.0
github.com/uudashr/iface v1.2.1 -> v1.3.1
github.com/vektah/gqlparser/v2 v2.5.16 -> v2.5.19
go-simpler.org/sloglint v0.7.2 -> v0.9.0
go.opentelemetry.io/build-tools v0.15.0 -> v0.18.0
go.opentelemetry.io/collector/component v0.116.0 -> v0.120.0
go.opentelemetry.io/collector/confmap v1.22.0 -> v1.26.0
go.opentelemetry.io/collector/confmap/provider/fileprovider v1.22.0 -> v1.26.0
go.opentelemetry.io/collector/filter v0.116.0 -> v0.120.0
go.opentelemetry.io/collector/pdata v1.22.0 -> v1.26.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 -> v0.58.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 -> v0.58.0
go.opentelemetry.io/otel v1.32.0 -> v1.34.0
go.opentelemetry.io/otel/metric v1.32.0 -> v1.34.0
go.opentelemetry.io/otel/trace v1.32.0 -> v1.34.0
golang.org/x/crypto v0.30.0 -> v0.33.0
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c -> v0.0.0-20241108190413-2d47ceb2692f
golang.org/x/exp/typeparams v0.0.0-20241108190413-2d47ceb2692f -> v0.0.0-20250210185358-939b2ce775ac
golang.org/x/mod v0.22.0 -> v0.23.0
golang.org/x/net v0.32.0 -> v0.35.0
golang.org/x/oauth2 v0.23.0 -> v0.25.0
golang.org/x/sync v0.10.0 -> v0.11.0
golang.org/x/sys v0.28.0 -> v0.30.0
golang.org/x/term v0.27.0 -> v0.29.0
golang.org/x/text v0.21.0 -> v0.22.0
golang.org/x/time v0.6.0 -> v0.9.0
google.golang.org/api v0.198.0 -> v0.220.0
google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 -> v0.0.0-20241209162323-e6fa225c2576
google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 -> v0.0.0-20250127172529-29210b9bc287
google.golang.org/grpc v1.68.1 -> v1.70.0
google.golang.org/protobuf v1.35.2 -> v1.36.5

@github-actions github-actions bot added the go label Dec 20, 2024
@renovate renovate bot force-pushed the renovate/tool-deps branch from a454436 to c404212 Compare January 1, 2025 15:29
@renovate renovate bot changed the title fix(deps): update module github.com/google/osv-scanner to v1.9.2 fix(deps): update tool deps Jan 1, 2025
@renovate renovate bot force-pushed the renovate/tool-deps branch 6 times, most recently from 1e39437 to b424ef6 Compare January 8, 2025 01:02
@renovate renovate bot force-pushed the renovate/tool-deps branch 3 times, most recently from 08ca1ac to 18fe311 Compare January 16, 2025 04:06
@renovate renovate bot force-pushed the renovate/tool-deps branch 2 times, most recently from db0da7b to e2425c1 Compare January 22, 2025 16:41
@renovate renovate bot force-pushed the renovate/tool-deps branch 3 times, most recently from 3292641 to ae2ccfd Compare February 4, 2025 03:24
@renovate renovate bot force-pushed the renovate/tool-deps branch 10 times, most recently from 81e3be7 to 4009d0d Compare February 13, 2025 10:11
@renovate renovate bot force-pushed the renovate/tool-deps branch 4 times, most recently from 48b6fb0 to 7579d5b Compare February 18, 2025 05:08
@renovate renovate bot force-pushed the renovate/tool-deps branch from 7579d5b to 0a7f7b4 Compare February 22, 2025 01:25
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Feb 22, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: internal/tools/go.sum
Command failed: install-tool golang 1.23.6

@renovate renovate bot force-pushed the renovate/tool-deps branch from 0a7f7b4 to 20adaea Compare February 22, 2025 03:44
@renovate renovate bot force-pushed the renovate/tool-deps branch from 20adaea to 58252e7 Compare February 22, 2025 03:46
@adrielp adrielp merged commit 669f664 into main Feb 22, 2025
15 checks passed
@adrielp adrielp deleted the renovate/tool-deps branch February 22, 2025 03:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adrielp adrielp adrielp approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions go renovatebot
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@adrielp