Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the tools group across 1 directory with 5 updates #896

Closed
wants to merge 1 commit into from
Closed

Bump the tools group across 1 directory with 5 updates #896

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 27, 2024
edited
Loading

Bumps the tools group with 4 updates in the /tools directory: github.com/go-task/task/v3, github.com/golangci/golangci-lint, github.com/quasilyte/go-consistent and golang.org/x/vuln.

Updates github.com/go-task/task/v3 from 3.36.0 to 3.37.2

Release notes

Sourced from github.com/go-task/task/v3's releases.

v3.37.2

  • Fixed a bug where an empty Taskfile would cause a panic (#1648 by @​pd93).
  • Fixed a bug where includes Taskfile variable were not being merged correctly (#1643, #1649 by @​pd93).

v3.37.1

v3.37.0

Changelog

Sourced from github.com/go-task/task/v3's changelog.

v3.37.2 - 2024-05-12

  • Fixed a bug where an empty Taskfile would cause a panic (#1648 by @​pd93).
  • Fixed a bug where includes Taskfile variable were not being merged correctly (#1643, #1649 by @​pd93).

v3.37.1 - 2024-05-09

v3.37.0 - 2024-05-08

Commits

Updates github.com/golangci/golangci-lint from 1.57.2 to 1.59.0

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.59.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • 4f5251d3 Support Sarif output (#4723)
  • 73110df2 build(deps): bump github.com/Antonboom/testifylint from 1.2.0 to 1.3.0 (#4729)
  • 62c83ccd build(deps): bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 (#4746)
  • 0cb14183 build(deps): bump github.com/go-critic/go-critic from 0.11.3 to 0.11.4 (#4738)
  • e14ae4b7 build(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#4745)
  • 2059b18a build(deps): bump github.com/securego/gosec/v2 from 2.20.0 to 5f0084eb01a9 (#4748)
  • be1bb6db build(deps): bump go-simpler.org/sloglint from 0.6.0 to 0.7.0 (#4718)
  • 08deff42 feat: add warning about disabled and deprecated linters (level 2) (#4742)
  • b99d5295 feat: allow the analysis of generated files (#4740)
  • 867adaf9 feat: deprecate github-actions format (#4726)
  • 4beae6a9 fix: remove errcheck defaults (#4734)

v1.58.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • 7c87a9e6 build(deps): bump github.com/Antonboom/nilnil from 0.1.8 to 0.1.9 (#4716)
  • 3fbc2f52 build(deps): bump github.com/fatih/color from 1.16.0 to 1.17.0 (#4725)
  • 8fe47a93 build(deps): bump github.com/lasiar/canonicalheader from 1.0.6 to 1.1.1 (#4715)
  • 8c4cfb61 build(deps): bump github.com/securego/gosec/v2 from 2.19.0 to 2.20.0 (#4724)
  • 35eaf609 build(deps): bump go-simpler.org/musttag from 0.12.1 to 0.12.2 (#4710)
  • 7f6606a7 build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#4722)

v1.58.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! ❤️

For key updates, see the changelog.

Changelog

  • dc281531 build(deps): bump github.com/4meepo/tagalign from 1.3.3 to 1.3.4 (#4705)

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.59.0

  1. Enhancements
    • Add SARIF output format
    • Allow the analysis of generated files (issues.exclude-generated: disable)
  2. Updated linters
    • errcheck: fix deprecation warning
    • go-critic: from 0.11.3 to 0.11.4
    • gosec: from 2.20.0 to 5f0084eb01a9 (fix G601 and G113 performance issues)
    • sloglint: from 0.6.0 to 0.7.0 (new option forbidden-keys)
    • testifylint: from 1.2.0 to 1.3.0 (new checker negative-positive and new option go-require.ignore-http-handlers)
  3. Misc.
    • ️️⚠️ Deprecate github-action output format
    • ️️⚠️ Deprecate issues.exclude-generated-strict option (replaced by issues.exclude-generated: strict)
    • ️️⚠️ Add warning about disabled and deprecated linters (level 2)

v1.58.2

  1. Updated linters
    • canonicalheader: from 1.0.6 to 1.1.1
    • gosec: from 2.19.0 to 2.20.0
    • musttag: from 0.12.1 to 0.12.2
    • nilnil: from 0.1.8 to 0.1.9
  2. Documentation
    • Improve integrations and install pages

v1.58.1

  1. Updated linters
    • tagalign: from 1.3.3 to 1.3.4
    • protogetter: from 0.3.5 to 0.3.6
    • gochecknoinits: fix analyzer name
  2. Fixes
    • Restores previous gihub-actions output format (removes GitHub Action problem matchers)

v1.58.0

  1. New linters
  2. Updated linters
    • copyloopvar: from 1.0.10 to 1.1.0 (ignore-alias is replaced by check-alias with the opposite behavior)
    • decorder: from 0.4.1 to 0.4.2
    • errname: from 0.1.12 to 0.1.13
    • errorlint: from 1.4.8 to 1.5.1 (new options allowed-errors and allowed-errors-wildcard)
    • execinquery: deprecate linter ⚠️
    • gci: from 0.12.3 to 0.13.4 (new section localModule)
    • gocritic: from 0.11.2 to 0.11.3
    • spancheck: from 0.5.3 to 0.6.1
    • goerr113 is replaced by err113 ⚠️

... (truncated)

Commits
  • 2059b18 build(deps): bump github.com/securego/gosec/v2 from 2.20.0 to 5f0084eb01a9 (#...
  • 95ca3c3 dev: fix badges
  • 495321c dev: improve issue chooser (#4747)
  • 62c83cc build(deps): bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 (#4746)
  • e14ae4b build(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#4745)
  • 010b4f8 chore: use global security policy
  • b99d529 feat: allow the analysis of generated files (#4740)
  • 08deff4 feat: add warning about disabled and deprecated linters (level 2) (#4742)
  • b9868e1 chore: add html to the JSONSchema (#4737)
  • 0cb1418 build(deps): bump github.com/go-critic/go-critic from 0.11.3 to 0.11.4 (#4738)
  • Additional commits viewable in compare view

Updates github.com/quasilyte/go-consistent from 0.6.0 to 0.6.1

Release notes

Sourced from github.com/quasilyte/go-consistent's releases.

v0.6.1

What's Changed

New Contributors

Full Changelog: quasilyte/go-consistent@v0.6.0...v0.6.1

Commits

Updates golang.org/x/tools from 0.20.0 to 0.21.0

Commits
  • cc29c91 go.mod: update golang.org/x dependencies
  • 397fef9 gopls/internal/protocol: add links to LSP spec
  • e2a352c internal/refactor/inline: extensible API
  • c16c816 go/analysis/passes/stdversion: test *.go < go.mod version
  • 629a7be go/analysis/analysistest: stricter errors and GOWORK setting
  • 4db1697 go/packages/packagestest: fold modules_111.go into modules.go
  • ccdef3c gopls/internal/golang: fix nil panic in InlayHint
  • 74c9cfe go/analysis: add Pass.ReadFile
  • 5ef4fc9 gopls/internal/golang/completion: fix the isEmptyInterface predicate
  • 77f691b internal/gcimporter: use Alias.Rhs, not unsafe hack
  • Additional commits viewable in compare view

Updates golang.org/x/vuln from 1.0.5-0.20240405165317-7bf0c05f1467 to 1.1.1

Release notes

Sourced from golang.org/x/vuln's releases.

v1.1.1

This release brings some minor improvements to govulncheck textual output and performance optimizations for package and module scan modes.

The major change brought by this release is the support for SARIF output format.

Integration

Govulncheck now supports Static Analysis Results Interchange Format (SARIF) output format via -format sarif flag option. Please see here for more details on the actual encoding.

v1.1.0

This release brings minor improvements to govulncheck inner workings and a few bug fixes (#66139, #65590).

Integration

Govulncheck JSON now also contains scan mode as part of the Config message.

Further, the Position in trace frames now contains only paths relative to their enclosing module. This could potentially break some existing clients, hence the bump of the minor version.

Note that this change is made to allow for easier preservation of privacy by the clients as now the file positions do not contain information about the local machine. This is also a portable solution. Clients can reconstruct full paths for their local machine by joining the Position relative paths with paths of the enclosing modules on the local machine.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the tools group across 1 directory with 5 updates
2392e20 
Bumps the tools group with 4 updates in the /tools directory: [github.com/go-task/task/v3](https://github.com/go-task/task), [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint), [github.com/quasilyte/go-consistent](https://github.com/quasilyte/go-consistent) and [golang.org/x/vuln](https://github.com/golang/vuln).


Updates `github.com/go-task/task/v3` from 3.36.0 to 3.37.2
- [Release notes](https://github.com/go-task/task/releases)
- [Changelog](https://github.com/go-task/task/blob/main/CHANGELOG.md)
- [Commits](go-task/task@v3.36.0...v3.37.2)

Updates `github.com/golangci/golangci-lint` from 1.57.2 to 1.59.0
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](golangci/golangci-lint@v1.57.2...v1.59.0)

Updates `github.com/quasilyte/go-consistent` from 0.6.0 to 0.6.1
- [Release notes](https://github.com/quasilyte/go-consistent/releases)
- [Commits](quasilyte/go-consistent@v0.6.0...v0.6.1)

Updates `golang.org/x/tools` from 0.20.0 to 0.21.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.20.0...v0.21.0)

Updates `golang.org/x/vuln` from 1.0.5-0.20240405165317-7bf0c05f1467 to 1.1.1
- [Release notes](https://github.com/golang/vuln/releases)
- [Commits](https://github.com/golang/vuln/commits/v1.1.1)

---
updated-dependencies:
- dependency-name: github.com/go-task/task/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tools
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tools
- dependency-name: github.com/quasilyte/go-consistent
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tools
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tools
- dependency-name: golang.org/x/vuln
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tools
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner May 27, 2024 16:26
@dependabot dependabot bot requested a review from AlekSi May 27, 2024 16:26
@dependabot dependabot bot added deps PRs that update dependencies not ready Issues that are not ready to be worked on; PRs that should skip CI labels May 27, 2024
@dependabot dependabot bot mentioned this pull request May 27, 2024
Closed
@mergify Mergify
Copy link
Contributor

mergify bot commented May 27, 2024

@dependabot[bot] this pull request has merge conflicts.

@mergify mergify bot added the conflict PRs that have merge conflicts label May 27, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github May 27, 2024

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this May 27, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/tools/tools-929f1daadc branch May 27, 2024 16:47
@mergify mergify bot removed the conflict PRs that have merge conflicts label May 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlekSi AlekSi Awaiting requested review from AlekSi AlekSi is a code owner automatically assigned from FerretDB/specops

Assignees

@AlekSi AlekSi

Labels
deps PRs that update dependencies not ready Issues that are not ready to be worked on; PRs that should skip CI
Projects
Current Engineering
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@AlekSi