build: update github actions (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	major	v4 → v6
actions/setup-go	action	major	v5 → v6
codecov/codecov-action	action	major	v4 → v7
docker/login-action	action	major	v3 → v4
docker/setup-buildx-action	action	major	v3 → v4
golangci/golangci-lint	uses-with	major	v1.58.1 → v2.12.2
golangci/golangci-lint-action	action	major	v6 → v9
goreleaser/goreleaser-action	action	major	v5 → v7

---

Release Notes

actions/checkout (actions/checkout)

v6.0.3

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in #​2226
• Prepare v5.0.0 release by @​salmanmkc in #​2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v5

Compare Source

actions/setup-go (actions/setup-go)

v6.4.0

Compare Source

What's Changed

Enhancement

• Add go-download-base-url input for custom Go distributions by @​gdams in #​721

Dependency update

• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in #​727

Documentation update

• Rearrange README.md, add advanced-usage.md by @​priyagupta108 in #​724
• Fix Microsoft build of Go link by @​gdams in #​734

New Contributors

• @​gdams made their first contribution in #​721

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

Compare Source

What's Changed

• Update default Go module caching to use go.mod by @​priyagupta108 in #​705
• Fix golang download url to go.dev by @​178inaba in #​469

Full Changelog: actions/setup-go@v6...v6.3.0

v6.2.0

Compare Source

What's Changed

Enhancements

• Example for restore-only cache in documentation by @​aparnajyothi-y in #​696
• Update Node.js version in action.yml by @​ccoVeille in #​691
• Documentation update of actions/checkout by @​deining in #​683

Dependency updates

• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot in #​682
• Upgrade @​actions/cache to v5 by @​salmanmkc in #​695
• Upgrade actions/checkout from 5 to 6 by @​dependabot in #​686
• Upgrade qs from 6.14.0 to 6.14.1 by @​dependabot in #​703

New Contributors

• @​ccoVeille made their first contribution in #​691
• @​deining made their first contribution in #​683

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

Compare Source

What's Changed

Enhancements

• Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @​nicholasngai in #​665
• Add support for .tool-versions file and update workflow by @​priya-kinthali in #​673
• Add comprehensive breaking changes documentation for v6 by @​mahabaleshwars in #​674

Dependency updates

• Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @​dependabot in #​617
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in #​641
• Upgrade semver and @​types/semver by @​dependabot in #​652

New Contributors

• @​nicholasngai made their first contribution in #​665
• @​priya-kinthali made their first contribution in #​673
• @​mahabaleshwars made their first contribution in #​674

Full Changelog: actions/setup-go@v6...v6.1.0

v6.0.0

Compare Source

What's Changed

Breaking Changes

• Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @​matthewhughes934 in #​460
• Upgrade Nodejs runtime from node20 to node 24 by @​salmanmkc in #​624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot[bot] in #​589
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in #​591
• Upgrade @​typescript-eslint/parser from 8.31.1 to 8.35.1 by @​dependabot[bot] in #​590
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​594
• Upgrade typescript from 5.4.2 to 5.8.3 by @​dependabot[bot] in #​538
• Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @​dependabot[bot] in #​603
• Upgrade form-data to bring in fix for critical vulnerability by @​matthewhughes934 in #​618
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​631

New Contributors

• @​matthewhughes934 made their first contribution in #​618
• @​salmanmkc made their first contribution in #​624

Full Changelog: actions/setup-go@v5...v6.0.0

v6

Compare Source

codecov/codecov-action (codecov/codecov-action)

v7.0.0

Compare Source

v7

Compare Source

v6.0.2

Compare Source

v6.0.1

Compare Source

What's Changed

• fix: prevent template injection in run: steps (VULN-1652) by @​thomasrockhu-codecov in #​1947
• chore(release): 6.0.1 by @​thomasrockhu-codecov in #​1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

v6.0.0

Compare Source

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

• Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @​thomasrockhu-codecov in #​1929
• Th/6.0.0 by @​thomasrockhu-codecov in #​1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v6

Compare Source

v5.5.4

Compare Source

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

• Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @​thomasrockhu-codecov in #​1926
• chore(release): 5.5.4 by @​thomasrockhu-codecov in #​1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

Compare Source

What's Changed

• build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @​dependabot[bot] in #​1874
• chore(release): bump to 5.5.3 by @​thomasrockhu-codecov in #​1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

v5.5.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

Compare Source

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in #​1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in #​1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in #​1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in #​1872
• docs: fix typo in README by @​datalater in #​1866
• Document a codecov-cli version reference example by @​webknjaz in #​1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in #​1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in #​1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

Compare Source

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in #​1864
• Pin actions/github-script by Git SHA by @​martincostello in #​1859
• fix: check reqs exist by @​joseph-sentry in #​1835
• fix: Typo in README by @​spalmurray in #​1838
• docs: Refine OIDC docs by @​spalmurray in #​1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in #​1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

Compare Source

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in #​1822
• fix: OIDC on forks by @​joseph-sentry in #​1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2

v5.4.1

Compare Source

What's Changed

• fix: use the github core methods by @​thomasrockhu-codecov in #​1807
• build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by @​app/dependabot in #​1803
• build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by @​app/dependabot in #​1797
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​app/dependabot in #​1798
• chore(release): wrapper -0.2.1 by @​app/codecov-releaser-app in #​1788
• build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @​app/dependabot in #​1786

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1

v5.4.0

Compare Source

What's Changed

• update wrapper submodule to 0.2.0, add recurse_submodules arg by @​matt-codecov in #​1780
• build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​app/dependabot in #​1775
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​app/dependabot in #​1776
• build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @​app/dependabot in #​1777
• Clarify in README that use_pypi bypasses integrity checks too by @​webknjaz in #​1773
• Fix use of safe.directory inside containers by @​Flamefire in #​1768
• Fix description for report_type input by @​craigscott-crascit in #​1770
• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @​app/dependabot in #​1765
• Fix a typo in the example by @​miranska in #​1758
• build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @​app/dependabot in #​1757
• build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @​app/dependabot in #​1753

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

v5.3.1

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1

v5.3.0

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.2.0..v5.3.0

v5.2.0

Compare Source

What's Changed

• Fix typo in README by @​tserg in #​1747
• Th/add commands by @​thomasrockhu-codecov in #​1745
• use correct audience when requesting oidc token by @​juho9000 in #​1744
• build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 by @​app/dependabot in #​1742
• build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 by @​app/dependabot in #​1743
• chore(deps): bump wrapper to 0.0.32 by @​thomasrockhu-codecov in #​1740
• feat: add disable-telem feature by @​thomasrockhu-codecov in #​1739
• fix: remove erroneous linebreak in readme by @​Vampire in #​1734

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.2..v5.2.0

v5.1.2

Compare Source

What's Changed

• fix: update statment by @​thomasrockhu-codecov in #​1726
• fix: update action script by @​thomasrockhu-codecov in #​1725
• fix: prevent oidc on tokenless due to permissioning by @​thomasrockhu-codecov in #​1724
• chore(release): wrapper-0.0.31 by @​app/codecov-releaser-app in #​1723
• Put quotes around ${{ inputs.token }} in action.yml by @​jwodder in #​1721
• build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @​app/dependabot in #​1722
• Remove mistake from options table by @​Acconut in #​1718
• build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @​app/dependabot in #​1717

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2

v5.1.1

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.0..v5.1.1

v5.1.0

Compare Source

What's Changed

• fix: hide unnecessary error on shasum by @​thomasrockhu-codecov in #​1692
• build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 by @​app/dependabot in #​1701
• chore(release): wrapper-0.0.29 by @​app/codecov-releaser-app in #​1713

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.7..v5.1.0

v5.0.7

Compare Source

What's Changed

• fix: use HEAD_REPO by @​thomasrockhu-codecov in #​1690

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.6..v5.0.7

v5.0.6

Compare Source

What's Changed

• fix: update CODECOV_TOKEN and fix tokenless by @​thomasrockhu-codecov in #​1688

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.5..v5.0.6

v5.0.5

Compare Source

What's Changed

• chore(release): wrapper-0.0.27 by @​app/codecov-releaser-app in #​1685

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.4..v5.0.5

v5.0.4

Compare Source

What's Changed

• chore(deps): bump wrapper to 0.0.26 by @​thomasrockhu-codecov in #​1681
• fix: strip out a trailing /n from input tokens by @​thomasrockhu-codecov in #​1679
• fix: add action version by @​thomasrockhu-codecov in #​1678

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.3..v5.0.4

v5.0.3

Compare Source

What's Changed

• fix: update OIDC audience by @​thomasrockhu-codecov in #​1675
• fix: use double-quotes for OIDC by @​thomasrockhu-codecov in #​1669
• fix: prevent always setting tokenless to be true by @​thomasrockhu-codecov in #​1673
• fix: update CHANGELOG and automate by @​thomasrockhu-codecov in #​1674
• fix: bump to v5 and update README by @​thomasrockhu-codecov in #​1655
• build(deps): bump github/codeql-action from 3.27.0 to 3.27.4 by @​app/dependabot in #​1665
• fix: typo in inputs.disable_safe_directory by @​mkroening in #​1666

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.2..v5.0.3

v5.0.2

Compare Source

What's Changed

• fix: override commit and pr values for PR cases by @​thomasrockhu-codecov in #​1657

Full Changelog: codecov/codecov-action@v5.0.1...v5.0.2

v5.0.1

Compare Source

What's Changed

• fix: use marketplace v5 badge by @​thomasrockhu-codecov in #​1646
• fix: update tokenless branch logic by @​thomasrockhu-codecov in #​1650
• chore(release): 5.0.1 by @​thomasrockhu-codecov in #​1656

Full Changelog: codecov/codecov-action@v5.0.0...v5.0.1

v5.0.0

Compare Source

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

• file (this has been deprecated in favor of files)
• plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

• binary
• gcov_args
• gcov_executable
• gcov_ignore
• gcov_include
• report_type
• skip_validation
• swift_project

You can see their usage in the action.yml file.

v5

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

docker/login-action (docker/login-action)

v4.2.0

Compare Source

• Bump @​actions/core from 3.0.0 to 3.0.1 in #​976
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1050.0 in #​960
• Bump @​docker/actions-toolkit from 0.86.0 to 0.90.0 in #​970
• Bump brace-expansion from 2.0.1 to 5.0.6 in #​993
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in #​985
• Bump fast-xml-parser from 5.3.6 to 5.8.0 in #​963
• Bump http-proxy-agent and https-proxy-agent to 9.0.0 in #​961
• Bump postcss from 8.5.6 to 8.5.10 in #​979
• Bump tar from 6.2.1 to 7.5.15 in #​991
• Bump vite from 7.3.1 to 7.3.3 in #​986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

v4.1.0

Compare Source

• Fix scoped Docker Hub cleanup path when registry is omitted by @​crazy-max in #​945
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1020.0 in #​930
• Bump @​docker/actions-toolkit from 0.77.0 to 0.86.0 in #​932 #​936
• Bump brace-expansion from 1.1.12 to 1.1.13 in #​952
• Bump fast-xml-parser from 5.3.4 to 5.3.6 in #​942
• Bump flatted from 3.3.3 to 3.4.2 in #​944
• Bump glob from 10.3.12 to 10.5.0 in #​940
• Bump handlebars from 4.7.8 to 4.7.9 in #​949
• Bump http-proxy-agent and https-proxy-agent to 8.0.0 in #​937
• Bump lodash from 4.17.23 to 4.18.1 in #​958
• Bump minimatch from 3.1.2 to 3.1.5 in #​941
• Bump picomatch from 4.0.3 to 4.0.4 in #​948
• Bump undici from 6.23.0 to 6.24.1 in #​938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

v4.0.0

Compare Source

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in #​929
• Switch to ESM and update config/test wiring by @​crazy-max in #​927
• Bump @​actions/core from 1.11.1 to 3.0.0 in #​919
• Bump @​aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in #​909 #​920
• Bump @​aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in #​909 #​920
• Bump @​docker/actions-toolkit from 0.63.0 to 0.77.0 in #​910 #​928
• Bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1 in #​921
• Bump js-yaml from 4.1.0 to 4.1.1 in #​901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v4

Compare Source

docker/setup-buildx-action (docker/setup-buildx-action)

v4.1.0

Compare Source

• Bump @​docker/actions-toolkit from 0.79.0 to 0.90.0 in #​489
• Bump brace-expansion from 1.1.12 to 5.0.6 in #​547 #​508
• Bump fast-xml-builder from 1.0.0 to 1.2.0 in #​540
• Bump fast-xml-parser from 5.4.2 to 5.8.0 in #​496
• Bump flatted from 3.3.3 to 3.4.2 in #​499
• Bump glob from 10.3.12 to 13.0.6 in #​495
• Bump handlebars from 4.7.8 to 4.7.9 in #​504
• Bump lodash from 4.17.23 to 4.18.1 in #​523
• Bump picomatch from 4.0.3 to 4.0.4 in #​503
• Bump postcss from 8.5.6 to 8.5.10 in #​537
• Bump tar from 6.2.1 to 7.5.15 in #​545
• Bump undici from 6.23.0 to 6.25.0 in #​492
• Bump vite from 7.3.1 to 7.3.2 in #​520

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

v4.0.0

Compare Source

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in #​483
• Remove deprecated inputs/outputs by @​crazy-max in #​464
• Switch to ESM and update config/test wiring by @​crazy-max in #​481
• Bump @​actions/core from 1.11.1 to 3.0.0 in #​475
• Bump @​docker/actions-toolkit from 0.63.0 to 0.79.0 in #​482 #​485
• Bump js-yaml from 4.1.0 to 4.1.1 in #​452
• Bump lodash from 4.17.21 to 4.17.23 in #​472
• Bump minimatch from 3.1.2 to 3.1.5 in #​480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

v4

Compare Source

golangci/golangci-lint (golangci/golangci-lint)

v2.12.2

Compare Source

Released on 2026-05-06

1. Linters bug fixes
   • gomodguard_v2: fix blocked configuration
   • gomodguard_v2: from 2.1.0 to 2.1.3
   • iface: from 1.4.1 to 1.4.2

v2.12.1

Compare Source

Released on 2026-05-01

1. Linters bug fixes
   • gomodguard_v2: fix panic with migration suggestion
2. Misc.
   • fix install.sh script (if you are still using an URL based on the branch master, please update to use https://golangci-lint.run/install.sh)

v2.12.0

Compare Source

Released on 2026-05-01

1. New linters
   • Add clickhouselint linter https://github.com/ClickHouse/clickhouse-go-linter
2. Linters new features or changes
   • dupl: from f665c8d to c99c5cf (extended detection)
   • funcorder: from 0.5.0 to 0.6.0 (new option: function)
   • goconst: add an option to ignore strings from tests
   • goconst: from 1.8.2 to 1.10.0 (extended detection)
   • gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)
   • gosec: from 619ce21 to 2.26.1 (new checks: G124, G708, G709, G710)
   • govet: add inline analyzer
   • makezero: from 2.1.0 to 2.2.1 (support slice type aliases)
   • paralleltest: expose checkcleanup option
   • sloglint: from 0.11.1 to 0.12.0 (new options: allowed-keys, custom-funcs)
   • wsl_v5: from 5.6.0 to 5.8.0 (new option: cuddle-max-statements; new checks: after-decl, after-defer, after-expr, after-go, cuddle-group)
3. Linters bug fixes
   • forbidigo: from 2.3.0 to 2.3.1
   • godot: from 1.5.4 to 1.5.6
   • govet-modernize: from 0.43.0 to 0.44.0
   • ireturn: from 0.4.0 to 0.4.1
   • rowserrcheck: from 1.1.1 to c5f79b8
4. Misc.
   • Decrease cache entropy
   • Embed the JSON schema in the binary
   • Filter env vars when cloning the repository with the custom command

v2.11.4

Compare Source

Released on 2026-03-22

1. Linters bug fixes
   • govet-modernize: from 0.42.0 to 0.43.0
   • noctx: from 0.5.0 to 0.5.1
   • sqlclosecheck: from 0.5.1 to 0.6.0

v2.11.3

Compare Source

Released on 2026-03-10

1. Linters bug fixes
   • gosec: from v2.24.7 to 619ce21

v2.11.2

Compare Source

Released on 2026-03-07

1. Fixes
   • fmt: fix error when using the fmt command with explicit paths.

v2.11.1

Compare Source

Released on 2026-03-06

Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published.

This release contains the same things as v2.11.0.

v2.11.0

Compare Source

Released on 2026-03-06

1. Linters new features or changes
   • errcheck: from 1.9.0 to 1.10.0 (exclude crypto/rand.Read by default)
   • gosec: from 2.23.0 to 2.24.6 (new rules: G113, G118, G119, G120, G121, G122, G123, G408, G707)
   • noctx: from 0.4.0 to 0.5.0 (new detection: httptest.NewRequestWithContext)
   • prealloc: from 1.0.2 to 1.1.0
   • revive: from 1.14.0 to 1.15.0 (⚠️ Breaking change: package-related checks moved from var-naming to a new rule package-naming)
2. Linters bug fixes
   • gocognit: from 1.2.0 to 1.2.1
   • gosec: from 2.24.6 to 2.24.7
   • unqueryvet: from 1.5.3 to 1.5.4

v2.10.1

Compare Source

Released on 2026-02-17

1. Fixes
   • buildssa panic

v2.10.0

Compare Source

Released on 2026-02-17

1. Linters new features or changes
   • ginkgolinter: from 0.22.0 to 0.23.0
   • gosec: from 2.22.11 to 2.23.0 (new rules: G117, G602, G701, G702, G703, G704, G705, G706)
   • staticcheck: from 0.6.1 to 0.7.0
2. Linters bug fixes
   • godoclint: from 0.11.1 to 0.11.2

v2.9.0

Compare Source

Released on 2026-02-10

1. Enhancements
   • 🎉 go1.26 support
2. Linters new features or changes
   • arangolint: from 0.3.1 to 0.4.0 (new rule: detect potential query injections)
   • ginkgolinter: from 0.21.2 to 0.22.0 (support for wrappers)
   • golines: from 0.14.0 to 0.15.0
   • misspell: from 0.7.0 to 0.8.0
   • unqueryvet: from 1.4.0 to 1.5.3 (new options: check-n1, check-sql-injection, check-tx-leaks, allow, custom-rules)
   • wsl: from 5.3.0 to 5.6.0 (new rule: after-block)
3. Linters bug fixes
   • modernize: from 0.41.0 to 0.42.0
   • prealloc: from 1.0.1 to 1.0.2
   • protogetter: from 0.3.18 to 0.3.20
4. Misc.
   • Log information about files when configuration verification
   • Emit an error when no linters enabled
   • Do not collect VCS information when loading code

v2.8.0

Compare Source

Released on 2026-01-07

1. Linters new features or changes
   • godoc-lint: from 0.10.2 to 0.11.1 (new rule: require-stdlib-doclink)
   • golines: from 442fd00 to 0.14.0
   • gomoddirectives: from 0.7.1 to 0.8.0
   • gosec: from daccba6 to 2.22.11 (new rule: G116)
   • modernize: from 0.39.0 to 0.40.0 (new analyzers: stringscut, unsafefuncs)
   • prealloc: from 1.0.0 to 1.0.1 (message changes)
   • unqueryvet: from 1.3.0 to 1.4.0 (new options: check-aliased-wildcard, check-string-concat, check-format-strings, check-string-builder, check-subqueries, ignored-functions, sql-builders)
2. Linters bug fixes
   • go-critic: from 0.14.2 to 0.14.3
   • go-errorlint: from 1.8.0 to 1.9.0
   • govet: from 0.39.0 to 0.40.0
   • protogetter: from 0.3.17 to 0.3.18
   • revive: add missing enable-default-rules setting
3. Documentation
   • docs: split installation page

v2.7.2

Compare Source

Released on 2025-12-07

1. Linter bug fixes
   • gosec: from 2.22.10 to daccba6

v2.7.1

[Compare Source](https://r

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.81%. Comparing base (3cf2082) to head (9d7715b).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #53   +/-   ##
=======================================
  Coverage   54.81%   54.81%           
=======================================
  Files          25       25           
  Lines        1609     1609           
=======================================
  Hits          882      882           
  Misses        630      630           
  Partials       97       97           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.