🚨 Update go modules (main) (major) #3061
Open
+9
−9
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
renovate
bot
force-pushed
the
renovate/main-major-go-modules
branch
4 times, most recently
from
f61fd07 to
ae14d9b
Compare
renovate
bot
force-pushed
the
renovate/main-major-go-modules
branch
from
ae14d9b to
2d107ee
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.0.0->v2.0.1v1.63.4->v2.7.2v5.3.1->v6.0.2v2.4.1->v3.0.3v0.66.0->v1.7.0v2.6.3->v4.1.3v3.18.5->v4.0.4Release Notes
MakeNowJust/heredoc (github.com/MakeNowJust/heredoc)
v2.0.1Compare Source
Version 2.0.1
Fixes
importpath for Go modulesv2.0.0Compare Source
Version 2.0.0
Breaking Changes
golangci/golangci-lint (github.com/golangci/golangci-lint)
v2.7.2Compare Source
Released on 2025-12-07
gosec: from 2.22.10 todaccba6v2.7.1Compare Source
Released on 2025-12-04
modernize: disablestringscutanalyzerv2.7.0Compare Source
customcommandno-sprintf-host-port: from 0.2.0 to 0.3.1 (ignore string literals without a colon)unqueryvet: from 1.2.1 to 1.3.0 (handlesconstandvardeclarations)revive: from 1.12.0 to 1.13.0 (new option:enable-default-rules, new rules:forbidden-call-in-wg-go,unnecessary-if,inefficient-map-lookup)modernize: from 0.38.0 to 0.39.0 (new analyzers:plusbuild,stringscut)perfsprint: from 0.10.0 to 0.10.1wrapcheck: from 2.11.0 to 2.12.0godoc-lint: from 0.10.1 to 0.10.2customcommandv2.6.2Compare Source
Released on 2025-11-14
fmtcommand with symlinkstestableexamples: from 1.0.0 to 1.0.1testpackage: from 1.1.1 to 1.1.2v2.6.1Compare Source
v2.6.0Compare Source
modernizeanalyzer suitearangolint: from 0.2.0 to 0.3.1dupword: from 0.1.6 to 0.1.7 (new optioncomments-only)go-critic: from 0.13.0 to 0.14.0 (new rules/checkers:zeroByteRepeat,dupOption)gofumpt: from 0.9.1 to 0.9.2 ("clothe" naked returns is now controlled by theextra-rulesoption)perfsprint: from 0.9.1 to 0.10.0 (new options:concat-loop,loop-other-ops)wsl: from 5.2.0 to 5.3.0dupword: from 0.1.6 to 0.1.7durationcheck: from 0.0.10 to 0.0.11exptostd: from 0.4.4 to 0.4.5fatcontext: from 0.8.1 to 0.9.0forbidigo: from 2.1.0 to 2.3.0ginkgolinter: from 0.21.0 to 0.21.2godoc-lint: from 0.10.0 to 0.10.1gomoddirectives: from 0.7.0 to 0.7.1gosec: from 2.22.8 to 2.22.10makezero: from 2.0.1 to 2.1.0nilerr: from 0.1.1 to 0.1.2paralleltest: from 1.0.14 to 1.0.15protogetter: from 0.3.16 to 0.3.17unparam: from0df0534to5beb8c8v2.5.0Compare Source
godoclintlinter https://github.com/godoc-lint/godoc-lintunqueryvetlinter https://github.com/MirrexOne/unqueryvetiotamixinglinter https://github.com/AdminBenni/iota-mixingembeddedstructfieldcheck: from 0.3.0 to 0.4.0 (new option:empty-line)err113: fromaea10b5to 0.1.1 (skip internals ofIsmethods forerrortype)ginkgolinter: from 0.20.0 to 0.21.0 (new option:force-tonot)gofumpt: from 0.8.0 to 0.9.1 (new rule is to "clothe" naked returns for the sake of clarity)ineffassign: from 0.1.0 to 0.2.0 (new option:check-escaping-errors)musttag: from 0.13.1 to 0.14.0 (support interface methods)revive: from 1.11.0 to 1.12.0 (new options:identical-ifelseif-branches,identical-ifelseif-conditions,identical-switch-branches,identical-switch-conditions,package-directory-mismatch,unsecure-url-scheme,use-waitgroup-go,useless-fallthrough)thelper: from 0.6.3 to 0.7.1 (skipt.Helperin functions passed tosynctest.Test)wsl: from 5.1.1 to 5.2.0 (improvements related to subexpressions)asciicheck: from 0.4.1 to 0.5.0errname: from 1.1.0 to 1.1.1fatcontext: from 0.8.0 to 0.8.1go-printf-func-name: from 0.1.0 to 0.1.1godot: from 1.5.1 to 1.5.4gosec: from 2.22.7 to 2.22.8nilerr: from 0.1.1 to a temporary forknilnil: from 1.1.0 to 1.1.1protogetter: from 0.3.15 to 0.3.16tagliatelle: from 0.7.1 to 0.7.2testifylint: from 1.6.1 to 1.6.4v2.4.0Compare Source
exhaustruct: from v3.3.1 to 4.0.0 (new options:allow-empty,allow-empty-rx,allow-empty-returns,allow-empty-declarations)godox: trim filepath from report messagesstaticcheck: allow empty optionstagalign: from 1.4.2 to 1.4.3v2.3.1Compare Source
gci: from 0.13.6 to 0.13.7gosec: from 2.22.6 to 2.22.7noctx: from 0.3.5 to 0.4.0wsl: from 5.1.0 to 5.1.1v2.3.0Compare Source
ginkgolinter: from 0.19.1 to 0.20.0 (new option:force-assertion-description)iface: from 1.4.0 to 1.4.1 (report message improvements)noctx: from 0.3.4 to 0.3.5 (new detections:log/slog,exec,crypto/tls)revive: from 1.10.0 to 1.11.0 (new rule:enforce-switch-style)wsl: from 5.0.0 to 5.1.0gosec: from 2.22.5 to 2.22.6noinlineerr: from 1.0.4 to 1.0.5sloglint: from 0.11.0 to 0.11.1v2.2.2Compare Source
noinlineerr: from 1.0.3 to 1.0.4v2.2.1Compare Source
varnamelen: fix configurationv2.2.0Compare Source
arangolintlinter https://github.com/Crocmagnon/arangolintembeddedstructfieldchecklinter https://github.com/manuelarte/embeddedstructfieldchecknoinlineerrlinter https://github.com/AlwxSin/noinlineerrswaggoformatter https://github.com/golangci/swaggoswagerrcheck: addverboseoptionfuncorder: from 0.2.1 to 0.5.0 (new optionalphabetical)gomoddirectives: from 0.6.1 to 0.7.0 (new optionignore-forbidden)iface: from 1.3.1 to 1.4.0 (new optionunexported)noctx: from 0.1.0 to 0.3.3 (new report messages, and new rules related todatabase/sql)noctx: from 0.3.3 to 0.3.4 (new SQL functions detection)revive: from 1.9.0 to 1.10.0 (new rules:time-date,unnecessary-format,use-fmt-print)usestdlibvars: from 1.28.0 to 1.29.0 (new optiontime-date-month)wsl: deprecationwsl_v5: from 4.7.0 to 5.0.0 (major version with new configuration)dupword: from 0.1.3 to 0.1.6exptostd: from 0.4.3 to 0.4.4forbidigo: from 1.6.0 to 2.1.0gci: consistently format the codego-spancheck: from 0.6.4 to 0.6.5goconst: from 1.8.1 to 1.8.2gosec: from 2.22.3 to 2.22.4gosec: from 2.22.4 to 2.22.5makezero: from 1.2.0 to 2.0.1misspell: from 0.6.0 to 0.7.0usetesting: from 0.4.3 to 0.5.0path-expectstdoutwhen usingstdinand there are no changestypecheck: deduplicate errorstypecheck: stops the analysis after the first errorprint-resources-usageflaglinters.defaultsetsv2.1.6Compare Source
godot: from 1.5.0 to 1.5.1musttag: from 0.13.0 to 0.13.1v2.1.5Compare Source
Due to an error related to Snapcraft, some artifacts of the v2.1.4 release have not been published.
This release contains the same things as v2.1.3.
v2.1.4Compare Source
Due to an error related to Snapcraft, some artifacts of the v2.1.3 release have not been published.
This release contains the same things as v2.1.3.
v2.1.3Compare Source
fatcontext: from 0.7.2 to 0.8.0nakedret.max-func-lines: 0staticchecksettingsgo.modhash to the cache saltv2.1.2Compare Source
exptostd: from 0.4.2 to 0.4.3gofumpt: from 0.7.0 to 0.8.0protogetter: from 0.3.13 to 0.3.15usetesting: from 0.4.2 to 0.4.3v2.1.1Compare Source
The release process of v2.1.0 failed due to a regression inside goreleaser.
The binaries of v2.1.0 have been published, but not the other artifacts (AUR, Docker, etc.).
v2.1.0Compare Source
--path-mode=abs)${config-path})warn-unusedoption forfmtcommandfmtcommand (golangci-lint fmt --diff-colored)funcorderlinter https://github.com/manuelarte/funcordergo-errorlint: from 1.7.1 to 1.8.0 (automatic error comparison and type assertion fixes)goconst:ignore-stringsis deprecated and replaced byignore-string-valuesgoconst: from 1.7.1 to 1.8.1 (new options:find-duplicates,eval-const-expressions)govet: addhttpmuxanalyzernilnesserr: from 0.1.2 to 0.2.0 (detect more cases)paralleltest: from 1.0.10 to 1.0.14 (checks only_test.gofiles)revive: from 1.7.0 to 1.9.0 (support kebab case for setting names)sloglint: from 0.9.0 to 0.11.0 (autofix, new optionmsg-style, suggestslog.DiscardHandler)wrapcheck: from 2.10.0 to 2.11.0 (new optionreport-internal-errors)wsl: from 4.6.0 to 4.7.0 (cgo files are always excluded)fatcontext: from 0.7.1 to 0.7.2gocritic: fiximportshadowcheckergosec: from 2.22.2 to 2.22.3ireturn: from 0.3.1 to 0.4.0loggercheck: from 0.10.1 to 0.11.0nakedret: from 2.0.5 to 2.0.6nonamedreturns: from 1.0.5 to 1.0.6protogetter: from 0.3.12 to 0.3.13testifylint: from 1.6.0 to 1.6.1unconvert: update to HEADgolangci-lint-fmtpre-commit hookv2.0.2Compare Source
sourceoptionv2.0.1Compare Source
golines: fix settings during linter loadversionfield before the configurationforbidigo: fix migrationv2.0.0Compare Source
golangci-lint fmtcommand with dedicated formatter configurationgolangci-lint migratecommand to help migration from v1 to v2 (cf. Migration guide)run.relative-path-mode(cf. Migration guide)--fast-onlyflag (cf. Migration guide)linters.exclusions.warn-unusedto log a warning if an exclusion rule is unused.golinesformatter https://github.com/segmentio/golinesstaticcheck,stylecheck,gosimpleinto one linter (staticcheck) (cf. Migration guide)go-critic: from 0.12.0 to 0.13.0gomodguard: from 1.3.5 to 1.4.1 (block explicit indirect dependencies)nilnil: from 1.0.1 to 1.1.0 (new option:only-two)perfsprint: from 0.8.2 to 0.9.1 (checker name in the diagnostic message)staticcheck: newquickfixset of rulestestifylint: from 1.5.2 to 1.6.0 (new options:equal-values,suite-method-signature,require-string-msg)wsl: from 4.5.0 to 4.6.0 (new option:allow-cuddle-used-in-block)bidichk: from 0.3.2 to 0.3.3errchkjson: from 0.4.0 to 0.4.1errname: from 1.0.0 to 1.1.0funlen: fixignore-commentsoptiongci: from 0.13.5 to 0.13.6gosmopolitan: from 1.2.2 to 1.3.0inamedparam: from 0.1.3 to 0.2.0intrange: from 0.3.0 to 0.3.1protogetter: from 0.3.9 to 0.3.12unparam: from8a5130cto0df0534golangci-lint config path --jsongolangci-lint help linters --jsongolangci-lint help formatters --jsongolangci-lint linters --jsongolangci-lint formatters --jsongolangci-lint version --jsonv1.64.8Compare Source
v1.64.7Compare Source
depguard: from 2.2.0 to 2.2.1dupl: from3e9179atof665c8dgosec: from 2.22.1 to 2.22.2staticcheck: from 0.6.0 to 0.6.1v1.64.6Compare Source
asciicheck: from 0.4.0 to 0.4.1contextcheck: from 1.1.5 to 1.1.6errcheck: from 1.8.0 to 1.9.0exptostd: from 0.4.1 to 0.4.2ginkgolinter: from 0.19.0 to 0.19.1go-exhaustruct: from 3.3.0 to 3.3.1gocheckcompilerdirectives: from 1.2.1 to 1.3.0godot: from 1.4.20 to 1.5.0perfsprint: from 0.8.1 to 0.8.2revive: from 1.6.1 to 1.7.0tagalign: from 1.4.1 to 1.4.2v1.64.5Compare Source
new-from-merge-base-flagasciicheck: from 0.3.0 to 0.4.0forcetypeassert: from 0.1.0 to 0.2.0gosec: from 2.22.0 to 2.22.1v1.64.4Compare Source
gci: fix standard packages list for go1.24v1.64.3Compare Source
ginkgolinter: from 0.18.4 to 0.19.0go-critic: from 0.11.5 to 0.12.0revive: from 1.6.0 to 1.6.1gci: fix standard packages list for go1.24v1.64.2Compare Source
This is the last minor release of golangci-lint v1.
The next release will be golangci-lint v2.
issues.new-from-merge-baseoptionrun.relative-path-modeoptioncopyloopvar: from 1.1.0 to 1.2.1 (support suggested fixes)exptostd: from 0.3.1 to 0.4.1 (handlesgolang.org/x/exp/constraints.Ordered)fatcontext: from 0.5.3 to 0.7.1 (new option:check-struct-pointers)perfsprint: from 0.7.1 to 0.8.1 (new options:integer-format,error-format,string-format,bool-format, andhex-format)revive: from 1.5.1 to 1.6.0 (new rules:redundant-build-tag,use-errors-new. New optionearly-return.early-return)go-errorlint: from 1.7.0 to 1.7.1gochecknoglobals: from 0.2.1 to 0.2.2godox: from006bad1to 1.1.0gosec: from 2.21.4 to 2.22.0iface: from 1.3.0 to 1.3.1nilnesserr: from 0.1.1 to 0.1.2protogetter: from 0.3.8 to 0.3.9sloglint: from 0.7.2 to 0.9.0spancheck: fix defaultStartSpanMatchersSlicevaluesstaticcheck: from 0.5.1 to 0.6.0tenvis deprecated and replaced byusetesting.os-setenv: true.exportlooprefdeprecation step 2depguardconfigurationv1.64.1Compare Source
Cancelled due to CI failure.
v1.64.0Compare Source
Cancelled due to CI failure.
santhosh-tekuri/jsonschema (github.com/santhosh-tekuri/jsonschema/v5)
v6.0.2Compare Source
v6.0.1Compare Source
Bug Fixes:
check https://redirect.github.com/santhosh-tekuri/jsonschema/discussions/172 to see notes for migrating from v5 to v6
v6.0.0Compare Source
Improvements
$vocabularysupportsermverformatValidationErrorjv--insecureand--cacertflag--quietflagcheck https://redirect.github.com/santhosh-tekuri/jsonschema/discussions/172 to see notes for migrating from v5 to v6
sigstore/cosign (github.com/sigstore/cosign/v2)
v3.0.3Compare Source
Thank you for all of your feedback on Cosign v3! v3.0.3 fixes a number of bugs reported by
the community along with adding compatibility for the new bundle format and attestation
storage in OCI to additional commands. We're continuing to work on compatibility with
the remaining commands and will have a new release shortly. If you run into any problems,
please file an issue
Changes
clean(#4539)saveandload(#4538)signcli package.cosign initialize(#4462)v3.0.2Compare Source
v3.0.2 is a functionally equivalent release to v3.0.0 and v3.0.1, with a fix for CI to publish signed releases in the new bundle format.
--bundleflag specifying an output file to write the Sigstore bundle (which contains all relevant verification material) has moved from optional to required in v3.Changes
v3.0.1Compare Source
v3.0.1 is an equivalent release to v3.0.0, which was never published due to a failure in our CI workflows.
--bundleflag specifying an output file to write the Sigstore bundle (which contains all relevant verification material) has moved from optional to required in v3.Changes
v3.0.0Compare Source
Announcing the next major release of Cosign!
Cosign v3 is a minor change from Cosign v2.6.x, with all of the new capabilities of recent
releases on by default, but will still allow you to disable them if you need the older functionality.
These new features include support for the standardized bundle format (
--new-bundle-fomat), providing rootsof trust for verification and service URLs for signing via one file (
--trusted-root,--signing-config),and container signatures stored as an OCI Image 1.1 referring artifact.
Learn more on our v3 announcement blog post! See
the changelogs for v2.6.0, v2.5.0, and v2.4.0 for more information on recent
changes.
If you have any feedback, please reach out on Slack or file an issue on GitHub.
Changes
v2.6.1Compare Source
Bug Fixes
v2.6.0Compare Source
v2.6.0 introduces a number of new features, including:
Example generation and verification of a signed in-toto statement:
Example container signing and verification using the new bundle format and referring artifacts:
Example usage of a signing config provided by the public good instance's TUF repository:
v2.6.0 leverages sigstore-go's signing and verification APIs gated behind these new flags. In an upcoming major release, we will be
updating Cosign to default to producing and consuming bundles to align with all other Sigstore SDKs.
Features
attest-blobthe ability to supply a complete in-toto statement, and add toverify-blob-attestationthe ability to verify with just a digest (#4306)Breaking API Changes
sign.SignerFromKeyOptsno longer generates a key. Instead, it returns whether or not the client needs to generate a key, and if so, clientsshould call
sign.KeylessSigner. This allows clients to more easily manage key generation.Bug Fixes
v2.5.3Compare Source
Features
Bug Fixes
v2.5.2Compare Source
Bug Fixes
Documentation
v2.5.1Compare Source
Features
Bug Fixes
Docs
verify-blobcmd examples (#4160)Releases
Contributors
v2.5.0Compare Source
v2.5.0 includes an implementation of the new bundle specification,
attesting and verifying OCI image attestations uploaded as OCI artifacts.
This feature is currently gated behind the
--new-bundle-formatflagwhen running
cosign attest.Features
Fixes
Contributors
v2.4.3Compare Source
Features
Bug Fixes
Cleanup
Contributors
v2.4.2Compare Source
Features
--trusted-root(#3933)Bug Fixes
Documentation
Contributors
tektoncd/pipeline (github.com/tektoncd/pipeline)
v1.7.0: Tekton Pipeline release v1.7.0 "LaPerm Little Helper"Compare Source
🎉 Bug fixes, stability improvements and dependency updates 🎉
-Docs @ v1.7.0
-Examples @ v1.7.0
Installation one-liner
Attestation
The Rekor UUID for this release is
108e9186e8c5677a0af3ff47db2d68605b227b75af0aa40d87262257e2b9295f35454fe3d050ed38Obtain the attestation:
Verify that all container images in the attestation are in the release file:
Changes
Fixes
Fix a race condition on timeout that would result in a TaskRun status without steps statuses.
Resolved an issue where Pipelines with invalid result references in matrix parameters would cause a panic during validation (v1beta1 API)
Fixed race condition causing TaskRuns to fail with 409 conflict error when stopping sidecars.
StopSidecars now uses Patch instead of Update to avoid conflicts with concurrent kubelet pod status updates.
Misc
// +builddirective from most files (#9118)6da3c88toabdd2f6(#9196)7006987to6da3c88(#9167)0ff001dto7006987(#9132)Configuration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.