search

ossf / criticality_score

Gives criticality score for an open source project
Apache License 2.0
1.32k stars 119 forks source link

Bump github.com/golangci/golangci-lint from 1.57.2 to 1.60.2 in /tools #668

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps github.com/golangci/golangci-lint from 1.57.2 to 1.60.2.

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.60.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • f338f3ef33f0f7b641100aa1fd759549cc959a8b build(deps): bump github.com/securego/gosec/v2 from 5f0084eb01a9 to 81cda2f91fbe (#4927)
  • 132d81cb5a37a48b190b3fbb58eeb7fcc754f71a build(deps): bump github.com/tomarrell/wrapcheck/v2 from 2.8.3 to 2.9.0 (#4921)
  • 15529a9d74d8b6904d7da121c6f8c96e502c070c build(deps): bump honnef.co/go/tools from 0.5.0 to 0.5.1 (#4911)
  • e24ef74f8f63de3d1a31834c2754f31b32e571c3 build(deps): bump mvdan.cc/gofumpt from 0.6.0 to 0.7.0 (#4922)
  • 87dd8fe7552a8c8374ebde29db3bda8b28055962 exportloopref: deprecation (#4916)
  • ca0b09e5e3891abef239b7c14459c6fba90e796e gosec: add G602 analyzer (#4906)
  • adbdfdb288e939a175182b7a12b7555215ce98b2 staticcheck: propagate Go version (#4907)

v1.60.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • 1147824c go1.23 support (#4836)
  • 9eeb891c build(deps): bump golang.org/x/tools from 0.23.0 to 0.24.0 (#4898)
  • 73bbf822 build(deps): bump github.com/polyfloyd/go-errorlint from 1.5.2 to 1.6.0 (#4899)
  • a9ea7d32 unused: remove exported-is-used option
  • 90664f6c build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#4893)
  • 78a738f7 unused: remove exported-is-used option (#4890)
  • 5536bb5c build(deps): bump github.com/mgechev/revive from 1.3.7 to 1.3.9 (#4886)
  • f903621d build(deps): bump github.com/gofrs/flock from 0.12.0 to 0.12.1 (#4889)
  • 113858f7 build(deps): bump github.com/uudashr/gocognit from 1.1.2 to 1.1.3 (#4887)
  • 7cc813ea build(deps): bump github.com/Crocmagnon/fatcontext from 0.3.0 to 0.4.0 (#4888)
  • e8300b71 feat: improve processors filtering stats (#4882)
  • e95ac1b6 fix: typecheck issues should never be ignored (#4870)
  • ee37ef31 build(deps): bump golang.org/x/tools from 0.22.0 to 0.23.0 (#4868)
  • 283a9e7d build(deps): bump github.com/gofrs/flock from 0.10.0 to 0.12.0 (#4863)
  • aeacb541 build(deps): bump github.com/valyala/quicktemplate from 1.7.0 to 1.8.0 (#4862)
  • c5998e14 build(deps): bump github.com/ryancurrah/gomodguard from 1.3.2 to 1.3.3 (#4851)
  • 96bd9ef9 build(deps): bump github.com/gofrs/flock from 0.8.1 to 0.10.0 (#4852)
  • a62f1f13 build(deps): bump github.com/moricho/tparallel from 0.3.1 to 0.3.2 (#4849)
  • 967061e5 build(deps): bump github.com/bombsimon/wsl/v4 from 4.4.0 to 4.4.1 (#4844)
  • 4f9e50e9 build(deps): bump github.com/Antonboom/testifylint from 1.4.2 to 1.4.3 (#4839)
  • 23f23907 build(deps): bump go-simpler.org/sloglint from 0.7.1 to 0.7.2 (#4840)

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.60.2

  1. Updated linters
  • gofmt: update to HEAD (go1.22)
  • gofumpt: from 0.6.0 to 0.7.0
  • gosec: fix G602 analyzer
  • gosec: from 5f0084eb01a9 to 81cda2f91fbe (adds G115, G405, G406, G506, G507)
  • staticcheck: from 0.5.0 to 0.5.1
  • staticcheck: propagate Go version
  • wrapcheck: from 2.8.3 to 2.9.0
  • ⚠️ exportloopref: deprecation

v1.60.1

  1. Updated linters
    • errorlint: from 1.5.2 to 1.6.0
    • exhaustruct: from 3.2.0 to 3.3.0 (recognize custom error values in return)
    • fatcontext: from 0.2.2 to 0.4.0 (fix false positives for context stored in structs)
    • gocognit: from 1.1.2 to 1.1.3
    • gomodguard: from 1.3.2 to 1.3.3
    • govet (printf): report non-constant format, no args
    • lll: advertise max line length instead of just reporting failure
    • revive: from 1.3.7 to 1.3.9 (new rule: comments-density)
    • sloglint: from 0.7.1 to 0.7.2
    • spancheck: from 0.6.1 to 0.6.2
    • staticcheck: from 0.4.7 to 0.5.0
    • tenv: from 1.7.1 to 1.10.0 (remove reports on fuzzing)
    • testifylint: from 1.3.1 to 1.4.3 (new options: formatter, suite-broken-parallel, suite-subtest-run)
    • tparallel: from 0.3.1 to 0.3.2
    • usestdlibvars: from 1.26.0 to 1.27.0 (fix false-positive with number used inside a mathematical operations)
    • wsl: from 4.2.1 to 4.4.1
    • ️⚠️ unused: remove exported-is-used option
  2. Fixes
    • SARIF: sanitize level property
    • ️⚠️ typecheck issues should never be ignored
  3. Documentation
    • Add link on linter without configuration
    • Remove 'trusted by' page
    • wsl update documentation of the configuration
  4. misc.
    • 🎉 go1.23 support

v1.60.0

Cancelled due to a CI problem.

v1.59.1

  1. Updated linters
    • errorlint: from 1.5.1 to 1.5.2

... (truncated)

Commits
  • f338f3e build(deps): bump github.com/securego/gosec/v2 from 5f0084eb01a9 to 81cda2f91...
  • 741df1f dev: fix GO_VERSION in post release workflow (#4926)
  • 87dd8fe exportloopref: deprecation (#4916)
  • af298e1 chore: update gofmt (#4923)
  • 132d81c build(deps): bump github.com/tomarrell/wrapcheck/v2 from 2.8.3 to 2.9.0 (#4921)
  • e24ef74 build(deps): bump mvdan.cc/gofumpt from 0.6.0 to 0.7.0 (#4922)
  • adbdfdb staticcheck: propagate Go version (#4907)
  • ca0b09e gosec: add G602 analyzer (#4906)
  • 15529a9 build(deps): bump honnef.co/go/tools from 0.5.0 to 0.5.1 (#4911)
  • de069cf docs: update documentation (#4903)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 months ago

Superseded by #672.