Skip to content

Update all dependencies #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update all dependencies #2

wants to merge 1 commit into from

Conversation

@renovate
Copy link

@renovate renovate bot commented Oct 10, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
actions/dependency-review-action action patch v4.8.0 -> v4.8.1 age adoption passing confidence
github.com/golangci/golangci-lint/v2 require minor v2.5.0 -> v2.6.1 age adoption passing confidence
github/codeql-action action minor v4.30.7 -> v4.31.2 age adoption passing confidence
mvdan.cc/gofumpt require patch v0.9.1 -> v0.9.2 age adoption passing confidence
step-security/harden-runner action patch v2.13.1 -> v2.13.2 age adoption passing confidence

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.8.1: Dependency Review Action v4.8.1

Compare Source

What's Changed

Full Changelog: actions/dependency-review-action@v4...v4.8.1

golangci/golangci-lint (github.com/golangci/golangci-lint/v2)

v2.6.1

Compare Source

v2.6.0

Compare Source

  1. New linters
    • Add modernize analyzer suite
  2. Linters new features or changes
    • arangolint: from 0.2.0 to 0.3.1
    • dupword: from 0.1.6 to 0.1.7 (new option comments-only)
    • go-critic: from 0.13.0 to 0.14.0 (new rules/checkers: zeroByteRepeat, dupOption)
    • gofumpt: from 0.9.1 to 0.9.2 ("clothe" naked returns is now controlled by the extra-rules option)
    • perfsprint: from 0.9.1 to 0.10.0 (new options: concat-loop, loop-other-ops)
    • wsl: from 5.2.0 to 5.3.0
  3. Linters bug fixes
    • dupword: from 0.1.6 to 0.1.7
    • durationcheck: from 0.0.10 to 0.0.11
    • exptostd: from 0.4.4 to 0.4.5
    • fatcontext: from 0.8.1 to 0.9.0
    • forbidigo: from 2.1.0 to 2.3.0
    • ginkgolinter: from 0.21.0 to 0.21.2
    • godoc-lint: from 0.10.0 to 0.10.1
    • gomoddirectives: from 0.7.0 to 0.7.1
    • gosec: from 2.22.8 to 2.22.10
    • makezero: from 2.0.1 to 2.1.0
    • nilerr: from 0.1.1 to 0.1.2
    • paralleltest: from 1.0.14 to 1.0.15
    • protogetter: from 0.3.16 to 0.3.17
    • unparam: from 0df0534 to 5beb8c8
  4. Misc.
    • fix: ignore some files to hash the version for custom build
github/codeql-action (github/codeql-action)

v4.31.2

Compare Source

v4.31.1

Compare Source

v4.31.0

Compare Source

v4.30.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.9 - 17 Oct 2025
  • Update default CodeQL bundle version to 2.23.3. #​3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​3204

See the full CHANGELOG.md for more information.

v4.30.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

mvdan/gofumpt (mvdan.cc/gofumpt)

v0.9.2

Compare Source

This release moves the "clothe naked returns" rule under gofumpt -extra, following the discussion in #​285.

Binaries built on go version go1.25.3 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s"

Consider becoming a sponsor if you benefit from the work that went into this release!

Note that this release no longer includes a sha256sums.txt asset; GitHub now provide digests natively.

step-security/harden-runner (step-security/harden-runner)

v2.13.2

Compare Source

What's Changed
  • Fixed an issue where there was a limit of 512 allowed endpoints when using block egress policy. This restriction has been removed, allowing for an unlimited number of endpoints to be configured.
  • Harden Runner now automatically detects if the agent is already pre-installed on a custom VM image used by a GitHub-hosted runner. When detected, the action will skip reinstallation and use the existing agent.

Full Changelog: step-security/harden-runner@v2.13.1...v2.13.2

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title Update github/codeql-action action to v4.30.8 Update all dependencies Oct 10, 2025
@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 71cf6b6 to fa357ba Compare October 22, 2025 00:43
@socket-security
Copy link

socket-security bot commented Oct 22, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgithub.com/​golangci/​golangci-lint/​v2@​v2.5.0 ⏵ v2.6.174 +110010010070
Updatedmvdan.cc/​gofumpt@​v0.9.1 ⏵ v0.9.299 +1100100100100

View full report

@renovate renovate bot force-pushed the renovate/all branch 2 times, most recently from 437e969 to 7af08e4 Compare October 29, 2025 23:51
@renovate
Copy link
Author

renovate bot commented Oct 29, 2025
edited
Loading

ℹ Artifact update notice

File name: hack/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 25 additional dependencies were updated

Details:

Package Change
github.com/Abirdcfly/dupword v0.1.6 -> v0.1.7
github.com/Masterminds/semver/v3 v3.3.1 -> v3.4.0
github.com/ashanbrown/forbidigo/v2 v2.1.0 -> v2.3.0
github.com/ashanbrown/makezero/v2 v2.0.1 -> v2.1.0
github.com/bombsimon/wsl/v5 v5.2.0 -> v5.3.0
github.com/catenacyber/perfsprint v0.9.1 -> v0.10.0
github.com/charithe/durationcheck v0.0.10 -> v0.0.11
github.com/ghostiam/protogetter v0.3.16 -> v0.3.17
github.com/go-critic/go-critic v0.13.0 -> v0.14.2
github.com/godoc-lint/godoc-lint v0.10.0 -> v0.10.1
github.com/gofrs/flock v0.12.1 -> v0.13.0
github.com/karamaru-alpha/copyloopvar v1.2.1 -> v1.2.2
github.com/kunwardeep/paralleltest v1.0.14 -> v1.0.15
github.com/ldez/exptostd v0.4.4 -> v0.4.5
github.com/ldez/gomoddirectives v0.7.0 -> v0.7.1
github.com/nunnatsa/ginkgolinter v0.21.0 -> v0.21.2
github.com/quasilyte/go-ruleguard v0.4.4 -> v0.4.5
github.com/quasilyte/go-ruleguard/dsl v0.3.22 -> v0.3.23
github.com/securego/gosec/v2 v2.22.8 -> v2.22.10
go.augendre.info/arangolint v0.2.0 -> v0.3.1
go.augendre.info/fatcontext v0.8.1 -> v0.9.0
golang.org/x/exp/typeparams v0.0.0-20250911091902-df9299821621 -> v0.0.0-20251023183803-a4bb9ffd2546
golang.org/x/text v0.29.0 -> v0.30.0
google.golang.org/protobuf v1.36.6 -> v1.36.8
mvdan.cc/unparam v0.0.0-20250301125049-0df0534333a4 -> v0.0.0-20251027182757-5beb8c8f8f15

@renovate renovate bot force-pushed the renovate/all branch 3 times, most recently from d67b6b6 to 57f2cb5 Compare November 4, 2025 16:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant