Skip to content

Bump the go group across 2 directories with 3 updates #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the go group across 2 directories with 3 updates #49

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 1, 2025

Bumps the go group with 1 update in the / directory: golang.org/x/tools.
Bumps the go group with 2 updates in the /build directory: github.com/curioswitch/go-build and github.com/goyek/x.

Updates golang.org/x/tools from 0.33.0 to 0.39.0

Commits
  • 034e59c internal/analysis/analyzerutil: fix FileUsesGoVersion
  • 076bd80 gopls/internal/filewatcher: retry directory reading upon failure
  • 605803f go/analysis/passes/loopclosure: simplify using IsMethodNamed
  • 2c6e03f internal/testenv: allow Apple diff too
  • 82112c0 gopls/internal/settings: correct git issue for fieldalignment warning
  • 1f97856 go.mod: update golang.org/x dependencies
  • c24121c go/analysis/passes/modernize: stditerators: even better name heuristic
  • edb9587 go/analysis/passes/modernize: stditerators: better name heuristic
  • 2f6a4f9 go/analysis/passes/modernize: forvar: handle "if v := v; cond {"
  • efd8c43 go/analysis: don't apply fixes to generated files
  • Additional commits viewable in compare view

Updates github.com/curioswitch/go-build from 0.1.0 to 0.6.3

Release notes

Sourced from github.com/curioswitch/go-build's releases.

v0.6.3

This release adds bun to the exported renovate workflow to allow using renovate in projects using bun for package management.

v0.6.2

This release updates the default version of go-yamllint for compatibility with the latest Go.

v0.6.1

This release fixes an issue with refreshing cache on Windows.

v0.6.0

This release optimizes renovate by running it directly with Node instead of the official action which uses Docker. Because we otherwise need the full Docker image for access to the go command, this runs significantly faster. We will keep node/pnpm versions in the workflow synced with renovate versions going forward.

This minor version also marks completion of various fixes in patch releases for use in monorepo. CI runs in monorepos should generally be quite fast when using the exported workflows.

v0.5.2

This release fixes issues with running tasks in a monorepo. download now downloads all the modules in the workspace. In the process, runall was improved to be runnable from any module rather than only root.

v0.5.1

This release works around an issue where GItHub actions does not seem to reliably allow updating an existing cache file - now we append the go.mod hash to the cache key. For a manually refreshed cache, this shouldn't be needed but ensures the cache can be updated reliably - old caches will be automatically cleaned up when reaching limits so should not cause problems in practice.

Tools are now only downloaded on Linux by default to reflect that most non-test tasks such as lint are only run on a single OS. This notably improves Windows CI performance where a large cache size can severely degrade performance.

Finally, gotestsum has been wired up for running tests with cleaner output. An option is added to customize the format for all builds, or use the GOTESTSUM_FORMAT environment variable to customize only in a single environment such as CI.

v0.5.0

This release adds a new task, download, which is similar to (and invokes) go mod download while also making sure tools are downloaded at the same time. This can be useful to make sure tools are cached by the CI when used in jobs separate from the main one. We also publish a workflow that can take advantage of the task, or it can be invoked manually in existing CI scripts.

We also publish a renovate.json which can be used as a preset for anyone interested. The major feature is the ability to manage versions in versions.go to update tools - this should close one gap between using go run instead of the unsupported go tool. Protobuf users that use buf to generate code may be interested in the config in go-curiostack instead which also can manage versions of go run protoc binaries in a buf.gen.yaml file.

v0.4.0

This release reverts the major change of v0.3.0, using go run again instead of go tool. After some time using the new feature, it became clear that it doesn't actually work due to not providing stable dependencies to the built CLIs. We are following the advice of popular CLIs like golangci-lint and buf to not use go tool. We will explore other options for automating the update of dependencies.

v0.3.0

This is a major release that reworks tool invocation to use go tool instead of go run. This allows tool versions to be managed in the codebase, making it easier to update them. The full dependency graph will also have checksums validated for better security.

A get-tools command is added to fetch all tools to go.mod. When updating, it can be run to quickly get setup.

GitHub actions lint now also verifies that actions use pinned versions rather than floating version tags. This check cannot be disabled without disabling the entire lint since we believe it is essential for the security of builds. The easiest way to pin versions in an existing repo is to run GITHUB_TOKEN=$(gh auth token) go tool pinact run to automatically resolve them all without rate limiting.

Finally, the output of golangci-lint is passed to reviewdog to allow formatting them as checks within PRs. This will allow errors to be printed together with the code. In the future, more lints will be passed through reviewdog.

Full Changelog: curioswitch/go-build@v0.2.0...v0.3.0

v0.2.0

This release primarily updates tool versions, notably updating to golangci-lint v2.

Full Changelog: curioswitch/go-build@v0.1.0...v0.2.0

Commits

Updates github.com/goyek/x from 0.3.0 to 0.4.0

Release notes

Sourced from github.com/goyek/x's releases.

0.4.0

Changed

  • BREAKING: Change boot.Main command line syntax from [flags] [--] [tasks] to [tasks] [flags] [--] [args] to align with goyek v3 recommendation.
  • Bump github.com/goyek/goyek to 3.0.0.
  • Bump other dependencies.

Remove

  • Drop support for Go 1.22.
Changelog

Sourced from github.com/goyek/x's changelog.

0.4.0 - 2025-11-25

Changed

  • BREAKING: Change boot.Main command line syntax from [flags] [--] [tasks] to [tasks] [flags] [--] [args] to align with goyek v3 recommendation.
  • Bump github.com/goyek/goyek to 3.0.0.
  • Bump other dependencies.

Remove

  • Drop support for Go 1.22.
Commits
  • 666236e Release 0.4.0 (#164)
  • a01c411 Bump github/codeql-action from 4.31.3 to 4.31.5 (#162)
  • caed58b Bump actions/checkout from 5.0.0 to 6.0.0 (#161)
  • 720e46d Bump actions/setup-go from 6.0.0 to 6.1.0 (#163)
  • 6f07483 Bump github.com/golangci/golangci-lint/v2 from 2.6.1 to 2.6.2 in /build (#159)
  • ca88d96 Bump github/codeql-action from 4.31.2 to 4.31.3 (#160)
  • 2658c5c Bump github.com/golangci/golangci-lint/v2 from 2.6.0 to 2.6.1 in /build (#158)
  • 7c2a8bc Bump github.com/golangci/golangci-lint/v2 from 2.5.0 to 2.6.0 in /build (#157)
  • 021e218 Bump github/codeql-action from 4.31.0 to 4.31.2 (#156)
  • 1d1f3bd Bump github/codeql-action from 4.30.9 to 4.31.0 (#155)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the go group across 2 directories with 3 updates
e693cae 
Bumps the go group with 1 update in the / directory: [golang.org/x/tools](https://github.com/golang/tools).
Bumps the go group with 2 updates in the /build directory: [github.com/curioswitch/go-build](https://github.com/curioswitch/go-build) and [github.com/goyek/x](https://github.com/goyek/x).


Updates `golang.org/x/tools` from 0.33.0 to 0.39.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.33.0...v0.39.0)

Updates `github.com/curioswitch/go-build` from 0.1.0 to 0.6.3
- [Release notes](https://github.com/curioswitch/go-build/releases)
- [Commits](curioswitch/go-build@v0.1.0...v0.6.3)

Updates `github.com/goyek/x` from 0.3.0 to 0.4.0
- [Release notes](https://github.com/goyek/x/releases)
- [Changelog](https://github.com/goyek/x/blob/main/CHANGELOG.md)
- [Commits](goyek/x@v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/curioswitch/go-build
  dependency-version: 0.6.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/goyek/x
  dependency-version: 0.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant