🌱 Update Builder Image group

[cluster-stack-bot]

This PR contains the following updates:

Package	Type	Update	Change
adrienverge/yamllint		minor	v1.33.0 -> v1.35.1
docker.io/aquasec/trivy (source)	stage	minor	0.49.0 -> 0.51.3
docker.io/library/alpine	stage	minor	3.19.1 -> 3.20.0
golangci/golangci-lint		minor	v1.55.2 -> v1.58.2
lycheeverse/lychee		minor	v0.14.2 -> v0.15.1

---

Release Notes

adrienverge/yamllint (adrienverge/yamllint)

v1.35.1

Compare Source

v1.35.0

Compare Source

v1.34.0

Compare Source

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.51.2

Compare Source

Changelog

• eadc6fb fix: node-collector high and critical cves (#​6707)
• cc489b1 Merge pull request from GHSA-xcq4-m2r3-cmrj
• 013f71a chore: auto-bump golang patch versions (#​6711)
• 113a5b2 fix(misconf): don't shift ignore rule related to code (#​6708)
• 733e5ac fix(go): include only .version|.ver (no prefixes) ldflags for gobinaries (#​6705)
• d311e49 fix(go): add only non-empty root modules for gobinaries (#​6710)
• cf1a7bf refactor: unify package addition and vulnerability scanning (#​6579)
• d465d9d fix: Golang version parsing from binaries w/GOEXPERIMENT (#​6696)
• 0af225c fix(conda): add support pip deps for environment.yml files (#​6675)
• 6f64d55 fix(misconf): skip Rego errors with a nil location (#​6666)
• 8c27430 fix(misconf): skip Rego errors with a nil location (#​6638)
• c2b46d3 refactor: unify Library and Package structs (#​6633)
• 4368f11 fix: use of specified context to obtain cluster name (#​6645)
• 5ec62f8 docs: fix usage of image-config-scanners (#​6635)

v0.51.1

Compare Source

Changelog

• 8016b82 fix(fs): handle default skip dirs properly (#​6628)
• 7a25dad fix(misconf): load cached tf modules (#​6607)
• 9c794c0 fix(misconf): do not use semver for parsing tf module versions (#​6614)

v0.51.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6622

Changelog

• 14c1024 refactor: move setting scanners when using compliance reports to flag parsing (#​6619)
• 998f750 feat: introduce package UIDs for improved vulnerability mapping (#​6583)
• 770b141 perf(misconf): Improve cause performance (#​6586)
• 3ccb1a0 docs: trivy-k8s new experiance remove un-used section (#​6608)
• 58cfd1b chore(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible (#​6612)
• 715963d docs: remove mention of GitLab Gold because it doesn't exist anymore (#​6609)
• 37da98d feat(misconf): Use updated terminology for misconfiguration checks (#​6476)
• cdee703 chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.15 to 1.16.15 (#​6593)
• 6a2225b docs: use generic link from trivy-repo (#​6606)
• a2a02de docs: update trivy k8s with new experience (#​6465)
• e739ab8 feat: support --skip-images scanning flag (#​6334)
• c6d5d85 BREAKING: add support for k8s disable-node-collector flag (#​6311)
• 194a814 chore(deps): bump github.com/zclconf/go-cty from 1.14.1 to 1.14.4 (#​6601)
• 03830c5 chore(deps): bump github.com/sigstore/rekor from 1.2.2 to 1.3.6 (#​6599)
• 8e814fa chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#​6597)
• 2dc76ba chore(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#​6588)
• c17176b chore(deps): bump github.com/testcontainers/testcontainers-go from 0.28.0 to 0.30.0 (#​6595)
• bce70af chore(deps): bump github.com/open-policy-agent/opa from 0.62.0 to 0.64.1 (#​6596)
• 4369a19 feat: add ubuntu 23.10 and 24.04 support (#​6573)
• 5566548 chore(deps): bump azure/setup-helm from 3.5 to 4 (#​6590)
• a8af76a chore(deps): bump actions/checkout from 4.1.2 to 4.1.4 (#​6587)
• c8ed432 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecr from 1.24.6 to 1.27.4 (#​6598)
• 551a46e docs(go): add stdlib (#​6580)
• 261649b chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.16 (#​6592)
• acfddd4 chore(deps): bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0 (#​6600)
• 419e3d2 feat(go): parse main mod version from build info settings (#​6564)
• f0961d5 feat: respect custom exit code from plugin (#​6584)
• a5d485c docs: add asdf and mise installation method (#​6063)
• 29b8faf feat(vuln): Handle scanning conan v2.x lockfiles (#​6357)
• e3bef02 feat: add support environment.yaml files (#​6569)
• 916f6c6 fix: close plugin.yaml (#​6577)
• 8e6cd0e fix: trivy k8s avoid deleting non-default node collector namespace (#​6559)
• 060d0bb BREAKING: support exclude kinds/namespaces and include kinds/namespaces (#​6323)
• 2d090ef feat(go): add main module (#​6574)
• 6343e4f feat: add relationships (#​6563)
• a018ee1 ci: disable Go cache for reusable-release.yaml (#​6572)
• 5da053f docs: mention --show-suppressed is available in table (#​6571)
• 3d66cb8 chore: fix sqlite to support loong64 (#​6511)
• 9aca98c fix(debian): sort dpkg info before parsing due to exclude directories (#​6551)
• 7811ad0 docs: update info about config file (#​6547)
• fae710d docs: remove RELEASE_VERSION from trivy.repo (#​6546)
• d2d4022 fix(sbom): change error to warning for multiple OSes (#​6541)
• 164b025 fix(vuln): skip empty versions (#​6542)
• 5dd9bd4 feat(c): add license support for conan lock files (#​6329)
• 7c2017f fix(terraform): Attribute and fileset fixes (#​6544)
• 63c9469 refactor: change warning if no vulnerability details are found (#​6230)
• aa822c2 refactor(misconf): improve error handling in the Rego scanner (#​6527)
• 30cc88f ci: use tmp dir inside Trivy repo dir for GoReleaser (#​6533)
• e32215c feat(go): parse main module of go binary files (#​6530)
• d4da83c chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#​6526)
• 0d7d97d refactor(misconf): simplify the retrieval of module annotations (#​6528)
• 9873cf3 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#​6523)
• 95c8fd9 docs(nodejs): add info about supported versions of pnpm lock files (#​6510)
• 12ec0df feat(misconf): loading embedded checks as a fallback (#​6502)
• 9b7d713 fix(misconf): Parse JSON k8s manifests properly (#​6490)
• 13e72ec refactor: remove parallel walk (#​5180)
• a986199 fix: close pom.xml (#​6507)
• 46d5aba fix(secret): convert severity for custom rules (#​6500)
• 34ab09d fix(java): update logic to detect pom.xml file snapshot artifacts from remote repositories (#​6412)
• 1ba5b59 fix: typo (#​6283)
• 4fab0f8 docs(k8s,image): fix command-line syntax issues (#​6403)
• d770981 chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#​6435)
• 4337068 fix(misconf): avoid panic if the scheme is not valid (#​6496)
• d82d6cb feat(image): goversion as stdlib (#​6277)
• cfddfb3 fix: add color for error inside of log message (#​6493)
• dfcb0f9 chore(deps): bump actions/add-to-project from 0.4.1 to 1.0.0 (#​6438)
• 183eaaf docs: fix links to OPA docs (#​6480)
• 94d6e8c refactor: replace zap with slog (#​6466)
• 336c47e docs: update links to IaC schemas (#​6477)
• 06b4473 chore: bump Go to 1.22 (#​6075)
• a51cedd refactor(terraform): sync funcs with Terraform (#​6415)
• 53517d6 feat(misconf): add helm-api-version and helm-kube-version flag (#​6332)
• ad544e9 chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.4.0 to 1.5.1 (#​6426)
• 089368d chore(deps): bump github.com/go-openapi/strfmt from 0.22.0 to 0.23.0 (#​6452)
• 1163565 chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7 (#​6430)
• 637da2b chore(deps): bump aquaproj/aqua-installer from 2.2.0 to 3.0.0 (#​6437)
• 13190e9 fix(terraform): eval submodules (#​6411)
• 6bca7c3 refactor(terraform): remove unused options (#​6446)
• 8e4279b refactor(terraform): remove unused file (#​6445)
• e98c873 chore(deps): bump github.com/testcontainers/testcontainers-go to v0.28.0 (#​6387)
• b1c2eab chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.9.0 to 1.10.0 (#​6427)
• 1c49a16 fix(misconf): Escape template value correctly (#​6292)
• 8dd0fcd feat(misconf): add support for wildcard ignores (#​6414)
• 74e4c6e fix(cloudformation): resolve DedicatedMasterEnabled parsing issue (#​6439)
• 245c120 refactor(terraform): remove metrics collection (#​6444)
• 86714bf feat(cloudformation): add support for logging and endpoint access for EKS (#​6440)
• a758392 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.53.1 (#​6424)
• 4d00d8b chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.10 (#​6428)
• 3ad2b3e chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#​6429)
• 8baccd7 fix(db): check schema version for image name only (#​6410)
• e75a90f chore(deps): bump github.com/google/wire from 0.5.0 to 0.6.0 (#​6425)
• 6625bd3 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.149.1 to 1.155.1 (#​6433)
• 826fe60 chore(deps): bump actions/cache from 4.0.0 to 4.0.2 (#​6436)
• f23ed77 feat(misconf): Support private registries for misconf check bundle (#​6327)
• df024e8 feat(cloudformation): inline ignore support for YAML templates (#​6358)
• 29dee32 feat(terraform): ignore resources by nested attributes (#​6302)
• 1a67472 perf(helm): load in-memory files (#​6383)
• 09e37b7 feat(aws): apply filter options to result (#​6367)
• 87a9aa6 feat(aws): quiet flag support (#​6331)
• 712dcd3 fix(misconf): clear location URI for SARIF (#​6405)
• 625f22b test(cloudformation): add CF tests (#​6315)
• 6a2f6fd fix(cloudformation): infer type after resolving a function (#​6406)

v0.50.4

Compare Source

Note

v0.50.3 hads a critical problem, and we deleted it and released v0.50.4.

Changelog

• e47fd48 fix(sbom): change error to warning for multiple OSes (#​6541)

v0.50.2

Compare Source

Changelog

• 9aa9e17 ci: use tmp dir inside Trivy repo dir for GoReleaser (#​6533)
• 058f483 chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#​6526)
• 9e3d2c5 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#​6523)
• 2ad8e33 fix(java): update logic to detect pom.xml file snapshot artifacts from remote repositories (#​6412)

v0.50.1

Compare Source

Changelog

• 5f69937 fix(sbom): fix error when parent of SPDX Relationships is not a package. (#​6399)
• 258d153 fix(nodejs): merge Indirect, Dev, ExternalReferences fields for same deps from package-lock.json files v2 or later (#​6356)
• ade033a docs: add info about support for package license detection in fs/repo modes (#​6381)
• f85c9fa fix(nodejs): add support for parsing workspaces from package.json as an object (#​6231)
• 9d7f5c9 fix: use 0600 perms for tmp files for post analyzers (#​6386)
• f148eb1 fix(helm): scan the subcharts once (#​6382)
• 97f95c4 docs(terraform): add file patterns for Terraform Plan (#​6393)
• abd62ae fix(terraform): сhecking SSE encryption algorithm validity (#​6341)
• 7c409fd fix(java): parse modules from pom.xml files once (#​6312)
• 1b68327 chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#​6364)
• a2482c1 fix(server): add Locations for Packages in client/server mode (#​6366)
• e866bd5 fix(sbom): add check for CreationInfo to nil when detecting SPDX created using Trivy (#​6346)
• 1870f28 fix(report): don't include empty strings in .vulnerabilities[].identifiers[].url when gitlab.tpl is used (#​6348)
• 6c81e55 chore(ubuntu): Add Ubuntu 22.04 EOL date (#​6371)

v0.50.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6340

Changelog

• 8ec3938 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#​6321)
• f6c5d58 feat(java): add support licenses and graph for gradle lock files (#​6140)
• c4022d6 feat(vex): consider root component for relationships (#​6313)
• 3177924 fix: increase the default buffer size for scanning dpkg status files by 2 times (#​6298)
• dd9620e chore: updates wazero to v1.7.0 (#​6301)
• eb3ceb3 feat(sbom): Support license detection for SBOM scan (#​6072)
• ab74caa refactor(sbom): use intermediate representation for SPDX (#​6310)
• 71da44f docs(terraform): improve documentation for filtering by inline comments (#​6284)
• 102b6df fix(terraform): fix policy document retrieval (#​6276)
• aa19aaf refactor(terraform): remove unused custom error (#​6303)
• 8fcef35 refactor(sbom): add intermediate representation for BOM (#​6240)
• fb8c516 fix(amazon): check only major version of AL to find advisories (#​6295)
• 96bd7ac fix(db): use schema version as tag only for trivy-db and trivy-java-db registries by default (#​6219)
• 12c5bf0 fix(nodejs): add name validation for package name from package.json (#​6268)
• d6c40ce docs: Added install instructions for FreeBSD (#​6293)
• 9d2057a feat(image): customer podman host or socket option (#​6256)
• 2a9d9bd chore(deps): bump wazero from 1.2.1 to 1.6.0 (#​6290)
• 617c3e3 feat(java): mark dependencies from maven-invoker-plugin integration tests pom.xml files as Dev (#​6213)
• 56cedc0 fix(license): reorder logic of how python package licenses are acquired (#​6220)
• d7d7265 test(terraform): skip cached modules (#​6281)
• 6639911 feat(secret): Support for detecting Hugging Face Access Tokens (#​6236)
• 337cb75 fix(cloudformation): support of all SSE algorithms for s3 (#​6270)
• 9361cdb feat(terraform): Terraform Plan snapshot scanning support (#​6176)
• ee01e6e chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#​6249)
• 3d2f583 fix: typo function name and comment optimization (#​6200)
• c4b5ab7 fix(java): don't ignore runtime scope for pom.xml files (#​6223)
• 355c1b5 chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#​6242)
• 7244ece chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#​6243)
• 5cd0566 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#​6251)
• ebb74a5 chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#​6253)
• 24a8d6a chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#​6250)
• 9d0d7ad chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#​6247)
• e8230e1 chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#​6246)
• 04535b5 fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#​6215)
• 939e34e chore(deps): Upgrade iac deps (#​6255)
• 7cb6c02 feat: add info log message about dev deps suppression (#​6211)
• c1d26ec test(k8s): use test-db for k8s integration tests (#​6222)
• 4f70468 ci: add maximize-build-space for Test job (#​6221)
• 1dfece8 fix(terraform): fix root module search (#​6160)
• e1ea02c test(parser): squash test data for yarn (#​6203)
• 64926d8 fix(terraform): do not re-expand dynamic blocks (#​6151)
• eb54bb5 docs: update ecosystem page reporting with db app (#​6201)
• dc76c6e fix: k8s summary separate infra and user finding results (#​6120)
• 1b7e474 fix: add context to target finding on k8s table view (#​6099)
• 876ab84 fix: Printf format err (#​6198)
• eef7c4f refactor: better integration of the parser into Trivy (#​6183)
• 069aae5 chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#​6189)
• 4a9ac6d feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#​6108)
• 9c5e5a0 fix(vex): CSAF filtering should consider relationships (#​5923)
• 388f476 refactor(report): Replacing source_location in github report when scanning an image (#​5999)
• cd3e4bc feat(vuln): ignore vulnerabilities by PURL (#​6178)
• ce81c05 feat(java): add support for fetching packages from repos mentioned in pom.xml (#​6171)
• cf0f0d0 feat(k8s): rancher rke2 version support (#​5988)
• 8a3a113 docs: update kbom distribution for scanning (#​6019)
• 19495ba chore: update CODEOWNERS (#​6173)
• e787e1a fix(swift): try to use branch to resolve version (#​6168)
• 327cf88 fix(terraform): ensure consistent path handling across OS (#​6161)
• 8221473 fix(java): add only valid libs from pom.properties files from jars (#​6164)
• 7694df1 fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#​6163)
• 74dc5b6 chore(deps): merge go-dep-parser into Trivy (#​6094)
• 32a02a9 docs(report): add remark about path to filter licenses using .trivyignore.yaml file (#​6145)
• fb79ea7 docs: update template path for gitlab-ci tutorial (#​6144)
• c6844a7 feat(report): support for filtering licenses and secrets via rego policy files (#​6004)
• a813506 fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#​6113)
• 14adbb4 refactor(deps): Merge defsec into trivy (#​6109)
• efe0e0f chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#​6142)
• 73dde32 docs: add SecObserve in CI/CD and reporting (#​6139)
• aadbad1 fix(alpine): exclude empty licenses for apk packages (#​6130)
• 14a0981 docs: add docs tutorial on custom policies with rego (#​6104)
• 3ac6388 fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#​6102)
• 3c1601b feat(vuln): show suppressed vulnerabilities in table (#​6084)
• c107e1a docs: rename governance to principles (#​6107)
• b26f217 docs: add governance (#​6090)
• 7bd3b63 refactor(deps): Merge trivy-iac into Trivy (#​6005)
• 535b5a9 feat(java): add dependency location support for gradle files (#​6083)
• 428420e chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 (#​6038)
• 7fec991 fix(misconf): get user from Config.User (#​6070)

v0.49.1

Compare Source

Changelog

• 6ccc0a5 fix: check unescaped BomRef when matching PkgIdentifier (#​6025)
• 458c5d9 docs: Fix broken link to "pronunciation" (#​6057)
• 5c0ff6d chore(deps): bump actions/upload-artifact from 3 to 4 (#​6047)
• e2bd7f7 chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#​6042)
• f95fbcb chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 (#​6043)
• 7651bf5 ci: reduce root-reserve-mb size for maximize-build-space (#​6064)
• fc20dfd chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#​6041)
• 3bd80e7 chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#​6039)
• 2900a21 fix: fix cursor usage in Redis Clear function (#​6056)
• 85cb9a7 chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 (#​6037)
• 4e962c0 fix(nodejs): add local packages support for pnpm-lock.yaml files (#​6034)
• aa48a7b chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#​6046)
• 8aabbea chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 (#​6044)
• ec02a65 chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#​6048)
• 27d35ba test: fix flaky TestDockerEngine (#​6054)
• c3a66da chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 (#​6040)
• 2000fe2 chore(deps): bump easimon/maximize-build-space from 9 to 10 (#​6049)
• 2be6421 chore(deps): bump alpine from 3.19.0 to 3.19.1 (#​6051)
• 41c0ef6 chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 (#​6028)

golangci/golangci-lint (golangci/golangci-lint)

v1.58.2

Compare Source

1. Updated linters
   • canonicalheader: from 1.0.6 to 1.1.1
   • gosec: from 2.19.0 to 2.20.0
   • musttag: from 0.12.1 to 0.12.2
   • nilnil: from 0.1.8 to 0.1.9
2. Documentation
   • Improve integrations and install pages

v1.58.1

Compare Source

1. Updated linters
   • tagalign: from 1.3.3 to 1.3.4
   • protogetter: from 0.3.5 to 0.3.6
   • gochecknoinits: fix analyzer name
2. Fixes
   • Restores previous gihub-actions output format (removes GitHub Action problem matchers)

v1.58.0

Compare Source

1. New linters
   • fatcontext: https://github.com/Crocmagnon/fatcontext
   • canonicalheader: https://github.com/lasiar/canonicalheader
2. Updated linters
   • copyloopvar: from 1.0.10 to 1.1.0 (ignore-alias is replaced by check-alias with the opposite behavior)
   • decorder: from 0.4.1 to 0.4.2
   • errname: from 0.1.12 to 0.1.13
   • errorlint: from 1.4.8 to 1.5.1 (new options allowed-errors and allowed-errors-wildcard)
   • execinquery: deprecate linter ⚠️
   • gci: from 0.12.3 to 0.13.4 (new section localModule)
   • gocritic: from 0.11.2 to 0.11.3
   • spancheck: from 0.5.3 to 0.6.1
   • goerr113 is replaced by err113 ⚠️
   • gomnd is replaced by mnd ⚠️
   • gomodguard: from 1.3.1 to 1.3.2
   • grouper: from 1.1.1 to 1.1.2
   • intrange: from 0.1.1 to 0.1.2
   • mirror: from 1.1.0 to 1.2.0
   • misspell: from 0.4.1 to 0.5.1
   • musttag: from 0.9.0 to 0.12.1
   • nilnil: from 0.1.7 to 0.1.8
   • nonamedreturns: from 1.0.4 to 1.0.5
   • promlinter: from 0.2.0 to 0.3.0
   • sloglint: from 0.5.0 to 0.6.0
   • unparam: bump to HEAD (063aff9)
   • whitespace: from 0.1.0 to 0.1.1
3. Enhancements
   • Speed up "fast" linters when only "fast" linters are run: between 40% and 80% faster at first run (i.e. without cache)
4. Fixes
   • Use version with module plugins
   • Skip go.mod report inside autogenerated processor
   • Keep only typecheck issues when needed
   • Don't hide typecheck errors inside diff processor
5. Misc.
   • ⚠️ log an error when using previously deprecated linters (Linter Deprecation Cycle)
     • deadcode: deprecated since v1.49.0 (2022-08-23).
     • exhaustivestruct: deprecated since v1.46.0 (2022-05-08).
     • golint: deprecated since v1.41.0 (2021-06-15).
     • ifshort: deprecated since v1.48.0 (2022-08-04).
     • interfacer: deprecated since v1.38.0 (2021-03-03).
     • maligned: deprecated since v1.38.0 (2021-03-03).
     • nosnakecase: deprecated since v1.48.0 (2022-08-04).
     • scopelint: deprecated since v1.39.0 (2021-03-25).
     • structcheck: deprecated since v1.49.0 (2022-08-23).
     • varcheck: deprecated since v1.49.0 (2022-08-23).
   • ⚠️ Deprecate usage of linter alternative names
   • Remove help display on errors with config verify command
   • Add pre-commit hook to run config verify
   • Improve github-action output
6. Documentation
   • Remove deprecated Atom from Editor Integrations

GitHub Action (v5.1.0) for golangci-lint:

• supports for pull, pull_request_target, and merge_group events with the option only-new-issues.
• ️️⚠️ skip-pkg-cache and skip-build-cache have been removed because the cache related to Go itself is already handled by actions/setup-go.
• with golangci-lint v1.58, the file information (path and position) will be displayed on the log.

v1.57.2

Compare Source

1. Updated linters
   • contextcheck: from 1.1.4 to 1.1.5
   • copyloopvar: from 1.0.8 to 1.0.10
   • ginkgolinter: from 0.16.1 to 0.16.2
   • goconst: from 1.7.0 to 1.7.1
   • gomoddirectives: from 0.2.3 to 0.2.4
   • intrange: from 0.1.0 to 0.1.1
2. Misc.
   • Display warnings on deprecated linter options
   • Fix missing colored-tab output format
   • Fix TeamCity inspectionType service message
3. Documentation
   • Remove invalid example about mixing files and directory
   • Improve linters page

v1.57.1

Compare Source

1. Fixes
   • Ignore issues with invalid position (e.g. contextcheck).

v1.57.0

Compare Source

1. New linters
   • copyloopvar: https://github.com/karamaru-alpha/copyloopvar
   • intrange: https://github.com/ckaznocha/intrange
2. Updated linters
   • dupword: from 0.0.13 to 0.0.14
   • gci: from 0.12.1 to 0.12.3
   • ginkgolinter: from 0.15.2 to 0.16.1 (new option force-expect-to, validate-async-intervals, and forbid-spec-pollution)
   • go-critic: from 0.11.1 to 0.11.2
   • go-critic: support of enable-all and disable-all options
   • go-spancheck: from 0.5.2 to 0.5.3
   • gomodguard: from 1.3.0 to 1.3.1
   • govet: deprecation of check-shadowing ⚠️
   • govet: disable temporarily httpresponse because of a bug https://github.com/golang/go/issues/66259
   • misspell: add extra-words
   • musttag: from 0.8.0 to 0.9.0
   • nakedret: from 2.0.2 to 2.0.4
   • paralleltest: from 1.0.9 to 1.0.10
   • perfsprint: from 0.6.0 to 0.7.1 (new option strconcat)
   • protogetter: from 0.3.4 to 0.3.5
   • revive: add exclude option
   • sloglint: from 0.4.0 to 0.5.0 (new option no-global)
   • staticcheck: from 0.4.6 to 0.4.7
   • testifylint: from 1.1.2 to 1.2.0 (new option bool-compare)
   • unconvert: to HEAD (new options fast-math and safe)
   • wrapcheck: from 2.8.1 to 2.8.3
   • Disable copyloopvar and intrange on Go < 1.22
3. Enhancements
   • 🧩New custom linters system https://golangci-lint.run/plugins/module-plugins/
   • Allow running only a specific linter without modifying the file configuration (--enable-only)
   • Allow custom sort order for the reports (output.sort-order)
   • Automatically adjust the maximum concurrency to the container CPU quota if run.concurrency=0
   • Add config verify command to check the configuration against the JSON Schema
   • Option to strictly follow Go generated file convention (issues.exclude-generated-strict)
   • Syntax to not override severity from linters (@linter)
   • Use severities from gosec
   • Create automatically directory related to output.formats.path
   • Use the first issue without inline on mergeLineIssues on multiple issues
4. Misc.
   • ⚠️ Inactivate deprecated linters (deadcode, exhaustivestruct, golint, ifshort, interfacer, maligned, nosnakecase, scopelint, structcheck, varcheck)
   • ⚠️ Deprecated CLI flags have been removed (deprecated since 2018)
   • ⚠️ Move show-stats option from run to output configuration section
   • ⚠️ Replace run.skip-xxx options by issues.exclude-xxx options
   • ⚠️ Replace output.format by output.formats with a new file configuration syntax
   • Internal rewrite of the CLI
   • Improve 'no go files to analyze' message
   • Use GOTOOLCHAIN=auto inside the Docker images
5. Documentation
   • ⚠️ Define the linter deprecation cycle https://golangci-lint.run/product/roadmap/#linter-deprecation-cycle
   • 🎉Use information from the previous release

---

Configuration

📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box