8000 fix(deps): update tool deps to v2 (major) by renovate[bot] · Pull Request #723 · liatrio/liatrio-otel-collector · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix(deps): update tool deps to v2 (major) #723

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update tool deps to v2 (major) #723

wants to merge 1 commit into from
+2 −2

Conversation

renovate[bot]
Copy link
Contributor
@renovate renovate bot commented Mar 27, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/golangci/golangci-lint v1.64.5 -> v2.1.6 age adoption passing confidence
github.com/google/osv-scanner v1.9.2 -> v2.0.2 age adoption passing confidence

⚠️ MAJOR VERSION UPDATE ⚠️ - please manually update this package

Release Notes

golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.1.6

Compare Source

  1. Linters bug fixes
    • godot: from 1.5.0 to 1.5.1
    • musttag: from 0.13.0 to 0.13.1
  2. Documentation
    • Add note about golangci-lint v2 integration in VS Code

v2.1.5

Compare Source

Due to an error related to Snapcraft, some artifacts of the v2.1.4 release have not been published.

This release contains the same things as v2.1.3.

v2.1.4

Compare Source

Due to an error related to Snapcraft, some artifacts of the v2.1.3 release have not been published.

This release contains the same things as v2.1.3.

v2.1.3

Compare Source

  1. Linters bug fixes
    • fatcontext: from 0.7.2 to 0.8.0
  2. Misc.
    • migration: fix nakedret.max-func-lines: 0
    • migration: fix order of staticcheck settings
    • fix: add go.mod hash to the cache salt
    • fix: use diagnostic position for related information position

v2.1.2

Compare Source

  1. Linters bug fixes
    • exptostd: from 0.4.2 to 0.4.3
    • gofumpt: from 0.7.0 to 0.8.0
    • protogetter: from 0.3.13 to 0.3.15
    • usetesting: from 0.4.2 to 0.4.3

v2.1.1

Compare Source

The release process of v2.1.0 failed due to a regression inside goreleaser.

The binaries of v2.1.0 have been published, but not the other artifacts (AUR, Docker, etc.).

v2.1.0

Compare Source

  1. Enhancements
    • Add an option to display absolute paths (--path-mode=abs)
    • Add configuration path placeholder (${config-path})
    • Add warn-unused option for fmt command
    • Colored diff for fmt command (golangci-lint fmt --diff-colored)
  2. New linters
  3. Linters new features or changes
    • go-errorlint: from 1.7.1 to 1.8.0 (automatic error comparison and type assertion fixes)
    • ⚠️ goconst: ignore-strings is deprecated and replaced by ignore-string-values
    • goconst: from 1.7.1 to 1.8.1 (new options: find-duplicates, eval-const-expressions)
    • govet: add httpmux analyzer
    • nilnesserr: from 0.1.2 to 0.2.0 (detect more cases)
    • paralleltest: from 1.0.10 to 1.0.14 (checks only _test.go files)
    • revive: from 1.7.0 to 1.9.0 (support kebab case for setting names)
    • sloglint: from 0.9.0 to 0.11.0 (autofix, new option msg-style, suggest slog.DiscardHandler)
    • wrapcheck: from 2.10.0 to 2.11.0 (new option report-internal-errors)
    • wsl: from 4.6.0 to 4.7.0 (cgo files are always excluded)
  4. Linters bug fixes
    • fatcontext: from 0.7.1 to 0.7.2
    • gocritic: fix importshadow checker
    • gosec: from 2.22.2 to 2.22.3
    • ireturn: from 0.3.1 to 0.4.0
    • loggercheck: from 0.10.1 to 0.11.0
    • nakedret: from 2.0.5 to 2.0.6
    • nonamedreturns: from 1.0.5 to 1.0.6
    • protogetter: from 0.3.12 to 0.3.13
    • testifylint: from 1.6.0 to 1.6.1
    • unconvert: update to HEAD
  5. Misc.
    • Fixes memory leaks when using go1.(N) with golangci-lint built with go1.(N-X)
    • Adds golangci-lint-fmt pre-commit hook
  6. Documentation
    • Improvements
    • Updates section about vscode integration

v2.0.2

Compare Source

  1. Misc.
    • Fixes flags parsing for formatters
    • Fixes the filepath used by the exclusion source option
  2. Documentation
    • Adds a section about flags migration
    • Cleaning pages with v1 options

v2.0.1

Compare Source

  1. Linters/formatters bug fixes
    • golines: fix settings during linter load
  2. Misc.
    • Validates the version field before the configuration
    • forbidigo: fix migration

v2.0.0

Compare Source

  1. Enhancements
  2. New linters/formatters
  3. Linters new features
    • ⚠️ Merge staticcheck, stylecheck, gosimple into one linter (staticcheck) (cf. Migration guide)
    • go-critic: from 0.12.0 to 0.13.0
    • gomodguard: from 1.3.5 to 1.4.1 (block explicit indirect dependencies)
    • nilnil: from 1.0.1 to 1.1.0 (new option: only-two)
    • perfsprint: from 0.8.2 to 0.9.1 (checker name in the diagnostic message)
    • staticcheck: new quickfix set of rules
    • testifylint: from 1.5.2 to 1.6.0 (new options: equal-values, suite-method-signature, require-string-msg)
    • wsl: from 4.5.0 to 4.6.0 (new option: allow-cuddle-used-in-block)
  4. Linters bug fixes
    • bidichk: from 0.3.2 to 0.3.3
    • errchkjson: from 0.4.0 to 0.4.1
    • errname: from 1.0.0 to 1.1.0
    • funlen: fix ignore-comments option
    • gci: from 0.13.5 to 0.13.6
    • gosmopolitan: from 1.2.2 to 1.3.0
    • inamedparam: from 0.1.3 to 0.2.0
    • intrange: from 0.3.0 to 0.3.1
    • protogetter: from 0.3.9 to 0.3.12
    • unparam: from 8a5130c to 0df0534
  5. Misc.
    • 🧹 Configuration options renaming (cf. Migration guide)
    • 🧹 Remove options (cf. Migration guide)
    • 🧹 Remove flags (cf. Migration guide)
    • 🧹 Remove alternative names (cf. Migration guide)
    • 🧹 Remove or replace deprecated elements (cf. Migration guide)
    • Adds an option to display some commands as JSON:
      • golangci-lint config path --json
      • golangci-lint help linters --json
      • golangci-lint help formatters --json
      • golangci-lint linters --json
      • golangci-lint formatters --json
      • golangci-lint version --json
  6. Documentation

v1.64.8

Compare Source

  • Detects use of configuration files from golangci-lint v2

v1.64.7

Compare Source

  1. Linters bug fixes
    • depguard: from 2.2.0 to 2.2.1
    • dupl: from 3e9179a to f665c8d
    • gosec: from 2.22.1 to 2.22.2
    • staticcheck: from 0.6.0 to 0.6.1
  2. Documentation
    • Add GitLab documentation

v1.64.6

Compare Source

  1. Linters bug fixes
    • asciicheck: from 0.4.0 to 0.4.1
    • contextcheck: from 1.1.5 to 1.1.6
    • errcheck: from 1.8.0 to 1.9.0
    • exptostd: from 0.4.1 to 0.4.2
    • ginkgolinter: from 0.19.0 to 0.19.1
    • go-exhaustruct: from 3.3.0 to 3.3.1
    • gocheckcompilerdirectives: from 1.2.1 to 1.3.0
    • godot: from 1.4.20 to 1.5.0
    • perfsprint: from 0.8.1 to 0.8.2
    • revive: from 1.6.1 to 1.7.0
    • tagalign: from 1.4.1 to 1.4.2
google/osv-scanner (github.com/google/osv-scanner)

v2.0.2

Compare Source

Fixes:
  • Bug #​1842 Fix an issue in the GitHub Action where call analysis for Go projects using the tool directive (Go 1.24+) in go.mod files would fail. The scanner image has been updated to use a newer Go version.
  • Bug #​1806 Fix an issue where license overrides were not correctly reflected in the final scan results and license summary.
  • Fix #​1825, #​1809, #​1805, #​1803, #​1787 Enhance XML output stability and consistency by preserving original spacing and minimizing unnecessary escaping. This helps reduce differences when XML files are processed.

v2.0.1

Compare Source

Features:
  • Feature #​1730 Add support for extracting dependencies from .NET packages.config and packages.lock.json files.
  • Feature #​1770 Add support for extracting dependencies from rust binaries compiled with cargo-auditable.
  • Feature #​1761 Improve output when scanning for OS packages, we now show binary packages associated with a source package in the table output.
Fixes:
  • Bug #​1752 Fix paging depth issue when querying the osv.dev API.
  • Bug #​1747 Ensure osv-reporter prints warnings instead of errors for certain messages to return correct exit code (related to osv-scanner-action#65).
  • Bug #​1717 Fix issue where nested CycloneDX components were not being parsed.
  • Bug #​1744 Fix issue where empty CycloneDX SBOMs was causing a panic.
  • Bug #​1726 De-duplicate references in CycloneDX report output for improved validity.
  • Bug #​1727 Remove automatic opening of HTML reports in the browser (fixes #​1721).
  • Bug #​1735 Require a tag when scanning container images to prevent potential errors.
Docs:
API Changes:

v2.0.0

Compare Source

This release merges the improvements, features, and fixes from v2.0.0-rc1, v2.0.0-beta2, and v2.0.0-beta1.

Important: This release includes several breaking changes aimed at future-proofing OSV-Scanner. Please consult our comprehensive Migration Guide to ensure a smooth upgrade.

Features:
  • Layer and base image-aware container scanning:
    • Rewritten support for Debian, Ubuntu, and Alpine container images.
    • Layer level analysis and vulnerability breakdown.
    • Supports Go, Java, Node, and Python artifacts within supported distros.
    • Base image identification via deps.dev.
    • Usage: osv-scanner scan image <image-name>:<tag>
  • Interactive HTML output:
    • Severity breakdown, package/ID/importance filtering, vulnerability details.
    • Container image layer filtering, layer info, base image identification.
    • Usage: osv-scanner scan --serve ...
  • Guided Remediation for Maven pom.xml:
    • Remediate direct and transitive dependencies (non-interactive mode).
    • New override remediation strategy.
    • Support for reading/writing pom.xml and parent POM files.
    • Private registry support for Maven metadata.
    • Machine-readable output for guided remediation.
  • Enhanced Dependency Extraction with osv-scalibr:
    • Haskell: cabal.project.freeze, stack.yaml.lock
    • .NET: deps.json
    • Python: uv.lock
    • Artifacts: node_modules, Python wheels, Java uber jars, Go binaries
  • Feature #​1636 osv-scanner update command for updating the local vulnerability database (formerly experimental).
  • Feature #​1582 Add container scanning information to vertical output format.
  • Feature #​1587 Add support for severity in SARIF report format.
  • Feature #​1569 Add support for bun.lock lockfiles.
  • Feature #​1547 Add experimental config support to the scan image command.
  • Feature #​1557 Allow setting port number with --serve using the new --port flag.
Breaking Changes:
  • Feature #​1670 Guided remediation now defaults to non-interactive mode; use the --interactive flag for interactive mode.
  • Feature #​1670 Removed the --verbosity=verbose verbosity level.
  • Feature #​1673 & Feature #​1664 All previous experimental flags are now out of experimental, and the experimental flag mechanism has been removed.
  • Feature #​1651 Multiple license flags have been merged into a single --license flag.
  • Feature #​1666 API: reporter removed; logging now uses slog, which can be overridden.
  • Feature #​1638 API: Deprecated packages removed, including lockfile (migrated to OSV-Scalibr).
Improvements:
  • Feature #​1561 Updated HTML report for better contrast and usability (from beta2).
  • Feature #​1584 Make skipping the root git repository the default behavior (from beta2).
  • Feature #​1648 Updated HTML report styling to improve contrast (from rc1).
Fixes:
  • Fix #​1598 Fix table output vulnerability ordering.
  • Fix #​1616 Filter out Ubuntu unimportant vulnerabilities.
  • Fix #​1585 Fixed issue where base images are occasionally duplicated.
  • Fix #​1597 Fixed issue where SBOM parsers are not correctly parsing CycloneDX files when using the bom.xml filename.
  • Fix #​1566 Fixed issue where offline scanning returns different results from online scanning.
  • Fix #​1538 Reduce memory usage when using guided remediation.

We encourage everyone to upgrade to OSV-Scanner v2.0.0 and experience these powerful new capabilities! As always, your feedback is invaluable, so please don't hesitate to share your thoughts and suggestions.

Configuration

📅 Schedule: Branch creation - "before 5am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate Renovate
Copy link
Contributor Author
renovate bot commented Mar 27, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: internal/tools/go.sum
Command failed: install-tool golang 1.23.8

@github-actions github-actions bot added the go label Mar 27, 2025
@renovate renovate bot force-pushed the renovate/major-tool-deps branch from 3b882a6 to c5b3453 Compare April 3, 2025 04:35
@renovate renovate bot changed the title fix(deps): update tool deps to v2 (major) fix(deps): update module github.com/google/osv-scanner to v2 Apr 9, 2025
@renovate renovate bot changed the title fix(deps): update module github.com/google/osv-scanner to v2 fix(deps): update tool deps to v2 (major) Apr 9, 2025
@renovate renovate bot force-pushed the renovate/major-tool-deps branch 4 times, most recently from 6077d80 to 361adee Compare April 15, 2025 13:54
@renovate renovate bot force-pushed the renovate/major-tool-deps branch 3 times, most recently from 9b2f938 to ad3308c Compare April 30, 2025 09:05
@renovate renovate bot force-pushed the renovate/major-tool-deps branch from ad3308c to 05bfbd3 Compare May 4, 2025 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependency-major-update go
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants
0