ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.61k stars 500 forks source link

:seedling: Bump github.com/golangci/golangci-lint from 1.60.1 to 1.61.0 in /tools #4366

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps github.com/golangci/golangci-lint from 1.60.1 to 1.61.0.

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.61.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • e9a872629d4feda79d2fff23ddc1f410faff163e build(deps): bump github.com/Abirdcfly/dupword from 0.0.14 to 0.1.1 (#4954)
  • 2813c451edd6b75098372dbb269ffed8df3a4ec6 build(deps): bump github.com/Crocmagnon/fatcontext from 0.4.0 to 0.5.2 (#4971)
  • 48251f274a1e09fae524271662a30a47f4ddb242 build(deps): bump github.com/ckaznocha/intrange from 0.1.2 to 0.2.0 (#4996)
  • 726b8153cac6c04238264b189f5b05ec059f9330 build(deps): bump github.com/daixiang0/gci from 0.13.4 to 0.13.5 (#4975)
  • 2fcfe26fdb368ae0930bac909a0573277a6d2226 build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0 to 2.1.0 (#4910)
  • 5fa1b681e4518b09be4ebdbe635e044cf729b8a1 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.2 to 2.2.3 (#4955)
  • a6fc686d733f339619b02de65ef4c782848eaff0 build(deps): bump github.com/quasilyte/go-ruleguard to 0fe6f58b47b1 (#4949)
  • 57fa4dad326cd24b71fccd3fb9b8fc8a2788c994 build(deps): bump github.com/ryancurrah/gomodguard from 1.3.3 to 1.3.5 (#4992)
  • 6e5dc28f52b76181f5c4f5c7d37dab20e09f59d1 build(deps): bump github.com/securego/gosec/v2 from 2.20.1-0.20240826145712-bcec04e78483 to 2.21.0 (#4981)
  • dd069d5578f3fb9eb298e5d397697c368a0e85f7 build(deps): bump github.com/securego/gosec/v2 from 2.21.0 to 2.21.1 (#4982)
  • a1d6c560de1a193a0c68ffed68cd5928ef39e884 build(deps): bump github.com/securego/gosec/v2 from 2.21.1 to 2.21.2 (#4997)
  • 98b685cc0d3dcc956eb30bd7557c4c2ecf369f54 build(deps): bump github.com/securego/gosec/v2 from ab3f6c1c83a0 to bcec04e78483 (#4960)
  • bfc52476dd7b0b5111bcc17f7e2c103cfc0a15e0 build(deps): bump github.com/tetafro/godot from 1.4.16 to 1.4.17 (#4993)
  • 04c19e6f4f8b04dae083c2923457bc911303d177 build(deps): bump golang.org/x/oauth2 from 0.22.0 to 0.23.0 in /scripts/gen_github_action_config in the all group (#4977)
  • e905c7a3e260abe5b984e532925dfa30ffe60a5b build(deps): bump peter-evans/create-pull-request from 6 to 7 in the all group (#4978)
  • 2881c7178b62e75ac33df7747c40fabc75c62e2b build(deps): bump the all group across 4 directories with 8 updates (#4979)
  • 0275389a64bd88fd37eb5f46993a8523ce4bf2f0 feat: add junit-xml-extended format (#4918)
  • a6bd868cf0c575d7a7e6d87007cd510394c30d86 feat: exclude Swagger Codegen files (#4967)
  • 54d089d1064eb700aafade61cdb00e452fdbf5da fix: improve runtime version parsing (#4961)
  • bf4a66a07d618628f6a26609404cb5c608e99ff8 gosec: disable G407 (#4983)
  • 3797ed90c38b8471c54f003ab9ac72492c1143ec nolintlint: remove empty line in unused directive replacement (#4973)

v1.60.3

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • c2e095c022a97360f7fff5d49fbc11f273be929a build(deps): bump github.com/securego/gosec/v2 from 81cda2f91fbe to ab3f6c1c83a0 (#4943)
  • f0c190436343e51e6b4dc98a368cf7bae0e5f33a feat: check that Go version use to build is greater or equals to the Go version of the project (#4938)

v1.60.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.61.0

  1. Enhancements
    • Add junit-xml-extended format
    • Exclude Swagger Codegen files by default
  2. Updated linters
    • dupword: from 0.0.14 to 0.1.1
    • fatcontext: from 0.4.0 to 0.5.2
    • gci: from 0.13.4 to 0.13.5 (new option no-lex-order)
    • go-ruleguard: from 0.4.2 to 0fe6f58b47b1 (fix panic with custom linters)
    • godot: from 1.4.16 to 1.4.17
    • gomodguard: from 1.3.3 to 1.3.5
    • gosec: disable temporarily G407
    • gosec: from ab3f6c1c83a0 to 2.21.2 (partially fix G115)
    • intrange: from 0.1.2 to 0.2.0
    • nolintlint: remove the empty line in the directive replacement
  3. Misc.
    • Improve runtime version parsing
  4. Documentation
    • Add additional info about typecheck

v1.60.3

  1. Updated linters
    • gosec: from 81cda2f91fbe to ab3f6c1c83a0 (fix G115 false positives)
  2. Misc.
    • Check that the Go version use to build is greater or equals to the Go version of the project

v1.60.2

  1. Updated linters
  • gofmt: update to HEAD (go1.22)
  • gofumpt: from 0.6.0 to 0.7.0
  • gosec: fix G602 analyzer
  • gosec: from 5f0084eb01a9 to 81cda2f91fbe (adds G115, G405, G406, G506, G507)
  • staticcheck: from 0.5.0 to 0.5.1
  • staticcheck: propagate Go version
  • wrapcheck: from 2.8.3 to 2.9.0
  • ⚠️ exportloopref: deprecation
Commits
  • a1d6c56 build(deps): bump github.com/securego/gosec/v2 from 2.21.1 to 2.21.2 (#4997)
  • 48251f2 build(deps): bump github.com/ckaznocha/intrange from 0.1.2 to 0.2.0 (#4996)
  • bfc5247 build(deps): bump github.com/tetafro/godot from 1.4.16 to 1.4.17 (#4993)
  • 57fa4da build(deps): bump github.com/ryancurrah/gomodguard from 1.3.3 to 1.3.5 (#4992)
  • d302a30 dev: fix nancy
  • 24e6645 docs: add additionnal info about typecheck (#4985)
  • bf4a66a gosec: disable G407 (#4983)
  • dd069d5 build(deps): bump github.com/securego/gosec/v2 from 2.21.0 to 2.21.1 (#4982)
  • 2813c45 build(deps): bump github.com/Crocmagnon/fatcontext from 0.4.0 to 0.5.2 (#4971)
  • e9a8726 build(deps): bump github.com/Abirdcfly/dupword from 0.0.14 to 0.1.1 (#4954)
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @spencerschrock.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 66.80%. Comparing base (353ed60) to head (58ca415). Report is 26 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #4366 +/- ## ======================================= Coverage 66.80% 66.80% ======================================= Files 230 230 Lines 16602 16602 ======================================= Hits 11091 11091 Misses 4808 4808 Partials 703 703 ```