Skip to content

fix(deps): update non-major deps#566

Merged
wass3rw3rk merged 1 commit intomainfrom
renovate/non-major-deps
Mar 26, 2026
Merged

fix(deps): update non-major deps#566
wass3rw3rk merged 1 commit intomainfrom
renovate/non-major-deps

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Feb 10, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Confidence
actions/setup-go action minor v6.2.0v6.3.0 age confidence
cloud.google.com/go/pubsub/v2 require minor v2.4.0v2.5.0 age confidence
docker.io/golang stage minor 1.25.7-alpine1.26.1-alpine age confidence
docker.io/golang final minor 1.25.7-alpine1.26.1-alpine age confidence
docker.io/ruby final patch 3.4.8-alpine3.4.9-alpine age confidence
github.com/golangci/golangci-lint minor v2.8.0v2.11.4 age confidence
github.com/mattermost/mattermost/server/public require minor v0.1.22v0.2.1 age confidence
github.com/slack-go/slack require minor v0.17.3v0.20.0 age confidence
github/codeql-action action minor v4.32.2v4.34.1 age confidence
google.golang.org/api require minor v0.265.0v0.273.0 age confidence

Release Notes

actions/setup-go (actions/setup-go)

v6.3.0

Compare Source

What's Changed

Full Changelog: actions/setup-go@v6...v6.3.0

golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.11.4

Compare Source

Released on 2026-03-22

  1. Linters bug fixes
    • govet-modernize: from 0.42.0 to 0.43.0
    • noctx: from 0.5.0 to 0.5.1
    • sqlclosecheck: from 0.5.1 to 0.6.0

v2.11.3

Compare Source

Released on 2026-03-10

  1. Linters bug fixes

v2.11.2

Compare Source

Released on 2026-03-07

  1. Fixes
    • fmt: fix error when using the fmt command with explicit paths.

v2.11.1

Compare Source

Released on 2026-03-06

Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published.

This release contains the same things as v2.11.0.

v2.11.0

Compare Source

Released on 2026-03-06

  1. Linters new features or changes
    • errcheck: from 1.9.0 to 1.10.0 (exclude crypto/rand.Read by default)
    • gosec: from 2.23.0 to 2.24.6 (new rules: G113, G118, G119, G120, G121, G122, G123, G408, G707)
    • noctx: from 0.4.0 to 0.5.0 (new detection: httptest.NewRequestWithContext)
    • prealloc: from 1.0.2 to 1.1.0
    • revive: from 1.14.0 to 1.15.0 (⚠️ Breaking change: package-related checks moved from var-naming to a new rule package-naming)
  2. Linters bug fixes
    • gocognit: from 1.2.0 to 1.2.1
    • gosec: from 2.24.6 to 2.24.7
    • unqueryvet: from 1.5.3 to 1.5.4

v2.10.1

Compare Source

Released on 2026-02-17

  1. Fixes
    • buildssa panic

v2.10.0

Compare Source

Released on 2026-02-17

  1. Linters new features or changes
    • ginkgolinter: from 0.22.0 to 0.23.0
    • gosec: from 2.22.11 to 2.23.0 (new rules: G117, G602, G701, G702, G703, G704, G705, G706)
    • staticcheck: from 0.6.1 to 0.7.0
  2. Linters bug fixes
    • godoclint: from 0.11.1 to 0.11.2

v2.9.0

Compare Source

Released on 2026-02-10

  1. Enhancements
    • 🎉 go1.26 support
  2. Linters new features or changes
    • arangolint: from 0.3.1 to 0.4.0 (new rule: detect potential query injections)
    • ginkgolinter: from 0.21.2 to 0.22.0 (support for wrappers)
    • golines: from 0.14.0 to 0.15.0
    • misspell: from 0.7.0 to 0.8.0
    • unqueryvet: from 1.4.0 to 1.5.3 (new options: check-n1, check-sql-injection, check-tx-leaks, allow, custom-rules)
    • wsl: from 5.3.0 to 5.6.0 (new rule: after-block)
  3. Linters bug fixes
    • modernize: from 0.41.0 to 0.42.0
    • prealloc: from 1.0.1 to 1.0.2
    • protogetter: from 0.3.18 to 0.3.20
  4. Misc.
    • Log information about files when configuration verification
    • Emit an error when no linters enabled
    • Do not collect VCS information when loading code
slack-go/slack (github.com/slack-go/slack)

v0.20.0

Compare Source

Previous release. See GitHub releases
for details.

v0.19.0

Compare Source

Previous release. See GitHub releases
for details.

v0.18.0

Compare Source

Previous release. See GitHub releases
for details.

github/codeql-action (github/codeql-action)

v4.34.1

Compare Source

  • Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #​3762

v4.34.0

Compare Source

  • Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #​3569
  • We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #​3584
  • Update default CodeQL bundle version to 2.25.0. #​3585

v4.33.0

Compare Source

  • Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #​3562

    To opt out of this change:

    • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
    • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
    • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

  • Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #​3557

  • The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #​3559

  • Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #​3563

  • Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #​3564

  • A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #​3570

v4.32.6

Compare Source

v4.32.5

Compare Source

  • Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #​3507
  • Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #​3487
  • The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #​3515
  • Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #​3516
  • Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #​3498
  • Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #​3512
  • The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #​3503, #​3504

v4.32.4

Compare Source

  • Update default CodeQL bundle version to 2.24.2. #​3493
  • Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #​3473
  • When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #​3486
  • Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #​3485
  • Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #​3484

v4.32.3

Compare Source

  • Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #​3466
googleapis/google-api-go-client (google.golang.org/api)

v0.273.0

Compare Source

Features

v0.272.0

Compare Source

Features

v0.271.0

Compare Source

Features

v0.270.0

Compare Source

Features

v0.269.0

Compare Source

Features
Bug Fixes

v0.268.0

Compare Source

Features

v0.267.0

Compare Source

Features

v0.266.0

Compare Source

Features

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from wass3rw3rk as a code owner February 10, 2026 20:55
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Feb 10, 2026
edited
Loading

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 18 additional dependencies were updated

Details:

Package Change
cloud.google.com/go/auth v0.18.1 -> v0.18.2
github.com/googleapis/enterprise-certificate-proxy v0.3.11 -> v0.3.14
github.com/googleapis/gax-go/v2 v2.16.0 -> v2.19.0
go.opentelemetry.io/otel v1.39.0 -> v1.42.0
go.opentelemetry.io/otel/metric v1.39.0 -> v1.42.0
go.opentelemetry.io/otel/trace v1.39.0 -> v1.42.0
golang.org/x/crypto v0.47.0 -> v0.49.0
golang.org/x/mod v0.31.0 -> v0.33.0
golang.org/x/net v0.49.0 -> v0.52.0
golang.org/x/oauth2 v0.34.0 -> v0.36.0
golang.org/x/sync v0.19.0 -> v0.20.0
golang.org/x/sys v0.40.0 -> v0.42.0
golang.org/x/text v0.33.0 -> v0.35.0
golang.org/x/time v0.14.0 -> v0.15.0
google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 -> v0.0.0-20260316180232-0b37fe3546d5
google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b -> v0.0.0-20260316180232-0b37fe3546d5
google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 -> v0.0.0-20260319201613-d00831a3d3e7
google.golang.org/grpc v1.78.0 -> v1.79.3

@coveralls
Copy link
Copy Markdown

coveralls commented Feb 10, 2026
edited
Loading

Pull Request Test Coverage Report for Build 23571812796

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 0.0%
Totals Coverage Status
Change from base Build 21882032221: 0.0%
Covered Lines: 0
Relevant Lines: 0
💛 - Coveralls

@renovate renovate Bot changed the title fix(deps): update module google.golang.org/api to v0.266.0 fix(deps): update non-major deps Feb 11, 2026
@renovate renovate Bot force-pushed the renovate/non-major-deps branch 4 times, most recently from a627ba0 to 58fd430 Compare February 17, 2026 20:54
@renovate renovate Bot force-pushed the renovate/non-major-deps branch 5 times, most recently from b301f60 to 6d206eb Compare February 26, 2026 04:50
@renovate renovate Bot force-pushed the renovate/non-major-deps branch 8 times, most recently from f1308fc to de0abd7 Compare March 8, 2026 00:54
@renovate renovate Bot force-pushed the renovate/non-major-deps branch 5 times, most recently from 1995865 to d9d5dab Compare March 12, 2026 14:06
@renovate renovate Bot force-pushed the renovate/non-major-deps branch 7 times, most recently from 610ae54 to 9ef3241 Compare March 22, 2026 20:59
@renovate renovate Bot force-pushed the renovate/non-major-deps branch 4 times, most recently from 3e23fab to 3eb1258 Compare March 25, 2026 21:48
@renovate renovate Bot force-pushed the renovate/non-major-deps branch from 3eb1258 to adf222e Compare March 26, 2026 00:47
@wass3rw3rk wass3rw3rk merged commit abe2a33 into main Mar 26, 2026
10 checks passed
@wass3rw3rk wass3rw3rk deleted the renovate/non-major-deps branch March 26, 2026 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wass3rw3rk wass3rw3rk wass3rw3rk approved these changes

@sjqnn sjqnn Awaiting requested review from sjqnn sjqnn is a code owner

@JordanSussman JordanSussman Awaiting requested review from JordanSussman JordanSussman is a code owner

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@coveralls @wass3rw3rk