ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.63k stars 504 forks source link

:seedling: Bump github.com/golangci/golangci-lint from 1.59.1 to 1.60.1 in /tools #4301

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps github.com/golangci/golangci-lint from 1.59.1 to 1.60.1.

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.60.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • 1147824c go1.23 support (#4836)
  • 9eeb891c build(deps): bump golang.org/x/tools from 0.23.0 to 0.24.0 (#4898)
  • 73bbf822 build(deps): bump github.com/polyfloyd/go-errorlint from 1.5.2 to 1.6.0 (#4899)
  • a9ea7d32 unused: remove exported-is-used option
  • 90664f6c build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#4893)
  • 78a738f7 unused: remove exported-is-used option (#4890)
  • 5536bb5c build(deps): bump github.com/mgechev/revive from 1.3.7 to 1.3.9 (#4886)
  • f903621d build(deps): bump github.com/gofrs/flock from 0.12.0 to 0.12.1 (#4889)
  • 113858f7 build(deps): bump github.com/uudashr/gocognit from 1.1.2 to 1.1.3 (#4887)
  • 7cc813ea build(deps): bump github.com/Crocmagnon/fatcontext from 0.3.0 to 0.4.0 (#4888)
  • e8300b71 feat: improve processors filtering stats (#4882)
  • e95ac1b6 fix: typecheck issues should never be ignored (#4870)
  • ee37ef31 build(deps): bump golang.org/x/tools from 0.22.0 to 0.23.0 (#4868)
  • 283a9e7d build(deps): bump github.com/gofrs/flock from 0.10.0 to 0.12.0 (#4863)
  • aeacb541 build(deps): bump github.com/valyala/quicktemplate from 1.7.0 to 1.8.0 (#4862)
  • c5998e14 build(deps): bump github.com/ryancurrah/gomodguard from 1.3.2 to 1.3.3 (#4851)
  • 96bd9ef9 build(deps): bump github.com/gofrs/flock from 0.8.1 to 0.10.0 (#4852)
  • a62f1f13 build(deps): bump github.com/moricho/tparallel from 0.3.1 to 0.3.2 (#4849)
  • 967061e5 build(deps): bump github.com/bombsimon/wsl/v4 from 4.4.0 to 4.4.1 (#4844)
  • 4f9e50e9 build(deps): bump github.com/Antonboom/testifylint from 1.4.2 to 1.4.3 (#4839)
  • 23f23907 build(deps): bump go-simpler.org/sloglint from 0.7.1 to 0.7.2 (#4840)
  • 45efa678 build(deps): bump github.com/jjti/go-spancheck from 0.6.1 to 0.6.2 (#4833)
  • 304e22a0 fix: sanitize level property for SARIF (#4831)
  • 9211eecc build(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.1 (#4822)
  • 2e2e14b4 build(deps): bump github.com/sivchari/tenv from 1.9.1 to 1.10.0 (#4823)
  • 8abf4fef build(deps): bump github.com/Antonboom/testifylint from 1.4.1 to 1.4.2 (#4821)
  • 7b776e47 build(deps): bump github.com/sashamelentyev/usestdlibvars from 1.26.0 to 1.27.0 (#4820)
  • 464ad177 build(deps): bump goreleaser/goreleaser-action from 5 to 6 (#4809)
  • a02629a8 build(deps): bump github.com/sivchari/tenv from 1.7.1 to 1.9.1 (#4808)
  • a2cc1c4b build(deps): bump github.com/bombsimon/wsl/v4 from 4.3.0 to 4.4.0 (#4807)
  • e2087c74 build(deps): bump github.com/Antonboom/testifylint from 1.3.1 to 1.4.1 (#4798)
  • 784ea0e6 build(deps): bump github.com/Crocmagnon/fatcontext from 0.2.2 to 0.3.0 (#4783)
  • eb23eaf7 lll: Advertise max line length instead of just reporting failure (#4781)
  • 78f350bd build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v3 from 3.2.0 to 3.3.0 (#4760)
  • 2eb80811 build(deps): bump github.com/bombsimon/wsl/v4 from 4.2.1 to 4.3.0 (#4799)
Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.60.1

  1. Updated linters
    • errorlint: from 1.5.2 to 1.6.0
    • exhaustruct: from 3.2.0 to 3.3.0 (recognize custom error values in return)
    • fatcontext: from 0.2.2 to 0.4.0 (fix false positives for context stored in structs)
    • gocognit: from 1.1.2 to 1.1.3
    • gomodguard: from 1.3.2 to 1.3.3
    • govet (printf): report non-constant format, no args
    • lll: advertise max line length instead of just reporting failure
    • revive: from 1.3.7 to 1.3.9 (new rule: comments-density)
    • sloglint: from 0.7.1 to 0.7.2
    • spancheck: from 0.6.1 to 0.6.2
    • staticcheck: from 0.4.7 to 0.5.0
    • tenv: from 1.7.1 to 1.10.0 (remove reports on fuzzing)
    • testifylint: from 1.3.1 to 1.4.3 (new options: formatter, suite-broken-parallel, suite-subtest-run)
    • tparallel: from 0.3.1 to 0.3.2
    • usestdlibvars: from 1.26.0 to 1.27.0 (fix false-positive with number used inside a mathematical operations)
    • wsl: from 4.2.1 to 4.4.1
    • ️⚠️ unused: remove exported-is-used option
  2. Fixes
    • SARIF: sanitize level property
    • ️⚠️ typecheck issues should never be ignored
  3. Documentation
    • Add link on linter without configuration
    • Remove 'trusted by' page
    • wsl update documentation of the configuration
  4. misc.
    • 🎉 go1.23 support

v1.60.0

Cancelled due to a CI problem.

Commits
  • 3298c10 chore: free skip space during release
  • 1147824 go1.23 support (#4836)
  • 9eeb891 build(deps): bump golang.org/x/tools from 0.23.0 to 0.24.0 (#4898)
  • 73bbf82 build(deps): bump github.com/polyfloyd/go-errorlint from 1.5.2 to 1.6.0 (#4899)
  • a9ea7d3 unused: remove exported-is-used option
  • 90664f6 build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#4893)
  • bb35b7b build(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 in /scripts/gen_g...
  • 78a738f unused: remove exported-is-used option (#4890)
  • 5536bb5 build(deps): bump github.com/mgechev/revive from 1.3.7 to 1.3.9 (#4886)
  • f903621 build(deps): bump github.com/gofrs/flock from 0.12.0 to 0.12.1 (#4889)
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @spencerschrock.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
spencerschrock commented 3 months ago

@dependabot squash and merge