Skip to content

🚨 Update go modules (main) (major) #3061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🚨 Update go modules (main) (major) #3061

renovate wants to merge 1 commit into from
+106 −38

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 12, 2025
edited
Loading

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/MakeNowJust/heredoc v1.0.0v2.0.1 age adoption passing confidence
github.com/golangci/golangci-lint v1.63.4v2.8.0 age adoption passing confidence
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1v6.0.2 age adoption passing confidence
github.com/tektoncd/pipeline v0.66.0v1.7.0 age adoption passing confidence
gopkg.in/go-jose/go-jose.v2 v2.6.3v4.1.3 age adoption passing confidence
helm.sh/helm/v3 v3.18.5v4.0.4 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

MakeNowJust/heredoc (github.com/MakeNowJust/heredoc)

v2.0.1

Compare Source

Version 2.0.1

Fixes

  • Correct import path for Go modules

v2.0.0

Compare Source

Version 2.0.0

Breaking Changes

  • Treats only white space (U+0020) and horizontal tabs (U+000D) as space characters. (#​6)
golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.8.0

Compare Source

Released on 2026-01-07

  1. Linters new features or changes
    • godoc-lint: from 0.10.2 to 0.11.1 (new rule: require-stdlib-doclink)
    • golines: from 442fd00 to 0.14.0
    • gomoddirectives: from 0.7.1 to 0.8.0
    • gosec: from daccba6 to 2.22.11 (new rule: G116)
    • modernize: from 0.39.0 to 0.40.0 (new analyzers: stringscut, unsafefuncs)
    • prealloc: from 1.0.0 to 1.0.1 (message changes)
    • unqueryvet: from 1.3.0 to 1.4.0 (new options: check-aliased-wildcard, check-string-concat, check-format-strings, check-string-builder, check-subqueries, ignored-functions, sql-builders)
  2. Linters bug fixes
    • go-critic: from 0.14.2 to 0.14.3
    • go-errorlint: from 1.8.0 to 1.9.0
    • govet: from 0.39.0 to 0.40.0
    • protogetter: from 0.3.17 to 0.3.18
    • revive: add missing enable-default-rules setting
  3. Documentation
    • docs: split installation page

v2.7.2

Compare Source

Released on 2025-12-07

  1. Linter bug fixes

v2.7.1

Compare Source

Released on 2025-12-04

  1. Linter bug fixes
    • modernize: disable stringscut analyzer

v2.7.0

Compare Source

  1. Bug fixes
    • fix: clone args used by custom command
  2. Linters new features or changes
    • no-sprintf-host-port: from 0.2.0 to 0.3.1 (ignore string literals without a colon)
    • unqueryvet: from 1.2.1 to 1.3.0 (handles const and var declarations)
    • revive: from 1.12.0 to 1.13.0 (new option: enable-default-rules, new rules: forbidden-call-in-wg-go, unnecessary-if, inefficient-map-lookup)
    • modernize: from 0.38.0 to 0.39.0 (new analyzers: plusbuild, stringscut)
  3. Linters bug fixes
    • perfsprint: from 0.10.0 to 0.10.1
    • wrapcheck: from 2.11.0 to 2.12.0
    • godoc-lint: from 0.10.1 to 0.10.2
  4. Misc.
    • Add some flags to the custom command
  5. Documentation
    • docs: split changelog v1 and v2

v2.6.2

Compare Source

Released on 2025-11-14

  1. Bug fixes
    • fmt command with symlinks
    • use file depending on build configuration to invalidate cache
  2. Linters bug fixes
    • testableexamples: from 1.0.0 to 1.0.1
    • testpackage: from 1.1.1 to 1.1.2

v2.6.1

Compare Source

v2.6.0

Compare Source

  1. New linters
    • Add modernize analyzer suite
  2. Linters new features or changes
    • arangolint: from 0.2.0 to 0.3.1
    • dupword: from 0.1.6 to 0.1.7 (new option comments-only)
    • go-critic: from 0.13.0 to 0.14.0 (new rules/checkers: zeroByteRepeat, dupOption)
    • gofumpt: from 0.9.1 to 0.9.2 ("clothe" naked returns is now controlled by the extra-rules option)
    • perfsprint: from 0.9.1 to 0.10.0 (new options: concat-loop, loop-other-ops)
    • wsl: from 5.2.0 to 5.3.0
  3. Linters bug fixes
    • dupword: from 0.1.6 to 0.1.7
    • durationcheck: from 0.0.10 to 0.0.11
    • exptostd: from 0.4.4 to 0.4.5
    • fatcontext: from 0.8.1 to 0.9.0
    • forbidigo: from 2.1.0 to 2.3.0
    • ginkgolinter: from 0.21.0 to 0.21.2
    • godoc-lint: from 0.10.0 to 0.10.1
    • gomoddirectives: from 0.7.0 to 0.7.1
    • gosec: from 2.22.8 to 2.22.10
    • makezero: from 2.0.1 to 2.1.0
    • nilerr: from 0.1.1 to 0.1.2
    • paralleltest: from 1.0.14 to 1.0.15
    • protogetter: from 0.3.16 to 0.3.17
    • unparam: from 0df0534 to 5beb8c8
  4. Misc.
    • fix: ignore some files to hash the version for custom build

v2.5.0

Compare Source

  1. New linters
  2. Linters new features or changes
    • embeddedstructfieldcheck: from 0.3.0 to 0.4.0 (new option: empty-line)
    • err113: from aea10b5 to 0.1.1 (skip internals of Is methods for error type)
    • ginkgolinter: from 0.20.0 to 0.21.0 (new option: force-tonot)
    • gofumpt: from 0.8.0 to 0.9.1 (new rule is to "clothe" naked returns for the sake of clarity)
    • ineffassign: from 0.1.0 to 0.2.0 (new option: check-escaping-errors)
    • musttag: from 0.13.1 to 0.14.0 (support interface methods)
    • revive: from 1.11.0 to 1.12.0 (new options: identical-ifelseif-branches, identical-ifelseif-conditions, identical-switch-branches, identical-switch-conditions, package-directory-mismatch, unsecure-url-scheme, use-waitgroup-go, useless-fallthrough)
    • thelper: from 0.6.3 to 0.7.1 (skip t.Helper in functions passed to synctest.Test)
    • wsl: from 5.1.1 to 5.2.0 (improvements related to subexpressions)
  3. Linters bug fixes
    • asciicheck: from 0.4.1 to 0.5.0
    • errname: from 1.1.0 to 1.1.1
    • fatcontext: from 0.8.0 to 0.8.1
    • go-printf-func-name: from 0.1.0 to 0.1.1
    • godot: from 1.5.1 to 1.5.4
    • gosec: from 2.22.7 to 2.22.8
    • nilerr: from 0.1.1 to a temporary fork
    • nilnil: from 1.1.0 to 1.1.1
    • protogetter: from 0.3.15 to 0.3.16
    • tagliatelle: from 0.7.1 to 0.7.2
    • testifylint: from 1.6.1 to 1.6.4
  4. Misc.
    • fix: "no export data" errors are now handled as a standard typecheck error
  5. Documentation
    • Improve nolint section about syntax

v2.4.0

Compare Source

  1. Enhancements
    • 🎉 go1.25 support
  2. Linters new features or changes
    • exhaustruct: from v3.3.1 to 4.0.0 (new options: allow-empty, allow-empty-rx, allow-empty-returns, allow-empty-declarations)
  3. Linters bug fixes
    • godox: trim filepath from report messages
    • staticcheck: allow empty options
    • tagalign: from 1.4.2 to 1.4.3
  4. Documentation
    • 🌟 New website (with a search engine)

v2.3.1

Compare Source

  1. Linters bug fixes
    • gci: from 0.13.6 to 0.13.7
    • gosec: from 2.22.6 to 2.22.7
    • noctx: from 0.3.5 to 0.4.0
    • wsl: from 5.1.0 to 5.1.1
    • tagliatelle: force upper case for custom initialisms

v2.3.0

Compare Source

  1. Linters new features or changes
    • ginkgolinter: from 0.19.1 to 0.20.0 (new option: force-assertion-description)
    • iface: from 1.4.0 to 1.4.1 (report message improvements)
    • noctx: from 0.3.4 to 0.3.5 (new detections: log/slog, exec, crypto/tls)
    • revive: from 1.10.0 to 1.11.0 (new rule: enforce-switch-style)
    • wsl: from 5.0.0 to 5.1.0
  2. Linters bug fixes
    • gosec: from 2.22.5 to 2.22.6
    • noinlineerr: from 1.0.4 to 1.0.5
    • sloglint: from 0.11.0 to 0.11.1
  3. Misc.
    • fix: panic close of closed channel

v2.2.2

Compare Source

  1. Linters bug fixes
    • noinlineerr: from 1.0.3 to 1.0.4
  2. Documentation
    • Improve debug keys documentation
  3. Misc.
    • fix: panic close of closed channel
    • godot: add noinline value into the JSONSchema

v2.2.1

Compare Source

  1. Linters bug fixes
  • varnamelen: fix configuration

v2.2.0

Compare Source

  1. New linters
  2. Linters new features or changes
    • errcheck: add verbose option
    • funcorder: from 0.2.1 to 0.5.0 (new option alphabetical)
    • gomoddirectives: from 0.6.1 to 0.7.0 (new option ignore-forbidden)
    • iface: from 1.3.1 to 1.4.0 (new option unexported)
    • noctx: from 0.1.0 to 0.3.3 (new report messages, and new rules related to database/sql)
    • noctx: from 0.3.3 to 0.3.4 (new SQL functions detection)
    • revive: from 1.9.0 to 1.10.0 (new rules: time-date, unnecessary-format, use-fmt-print)
    • usestdlibvars: from 1.28.0 to 1.29.0 (new option time-date-month)
    • wsl: deprecation
    • wsl_v5: from 4.7.0 to 5.0.0 (major version with new configuration)
  3. Linters bug fixes
    • dupword: from 0.1.3 to 0.1.6
    • exptostd: from 0.4.3 to 0.4.4
    • forbidigo: from 1.6.0 to 2.1.0
    • gci: consistently format the code
    • go-spancheck: from 0.6.4 to 0.6.5
    • goconst: from 1.8.1 to 1.8.2
    • gosec: from 2.22.3 to 2.22.4
    • gosec: from 2.22.4 to 2.22.5
    • makezero: from 1.2.0 to 2.0.1
    • misspell: from 0.6.0 to 0.7.0
    • usetesting: from 0.4.3 to 0.5.0
  4. Misc.
    • exclusions: fix path-expect
    • formatters: write the input to stdout when using stdin and there are no changes
    • migration: improve the error message when trying to migrate a migrated config
    • typecheck: deduplicate errors
    • typecheck: stops the analysis after the first error
    • Deprecate print-resources-usage flag
    • Unique version per custom build
  5. Documentation
    • Improves typecheck FAQ
    • Adds plugin systems recommendations
    • Add description for linters.default sets

v2.1.6

Compare Source

  1. Linters bug fixes
    • godot: from 1.5.0 to 1.5.1
    • musttag: from 0.13.0 to 0.13.1
  2. Documentation
    • Add note about golangci-lint v2 integration in VS Code

v2.1.5

Compare Source

Due to an error related to Snapcraft, some artifacts of the v2.1.4 release have not been published.

This release contains the same things as v2.1.3.

v2.1.4

Compare Source

Due to an error related to Snapcraft, some artifacts of the v2.1.3 release have not been published.

This release contains the same things as v2.1.3.

v2.1.3

Compare Source

  1. Linters bug fixes
    • fatcontext: from 0.7.2 to 0.8.0
  2. Misc.
    • migration: fix nakedret.max-func-lines: 0
    • migration: fix order of staticcheck settings
    • fix: add go.mod hash to the cache salt
    • fix: use diagnostic position for related information position

v2.1.2

Compare Source

  1. Linters bug fixes
    • exptostd: from 0.4.2 to 0.4.3
    • gofumpt: from 0.7.0 to 0.8.0
    • protogetter: from 0.3.13 to 0.3.15
    • usetesting: from 0.4.2 to 0.4.3

v2.1.1

Compare Source

The release process of v2.1.0 failed due to a regression inside goreleaser.

The binaries of v2.1.0 have been published, but not the other artifacts (AUR, Docker, etc.).

v2.1.0

Compare Source

  1. Enhancements
    • Add an option to display absolute paths (--path-mode=abs)
    • Add configuration path placeholder (${config-path})
    • Add warn-unused option for fmt command
    • Colored diff for fmt command (golangci-lint fmt --diff-colored)
  2. New linters
  3. Linters new features or changes
    • go-errorlint: from 1.7.1 to 1.8.0 (automatic error comparison and type assertion fixes)
    • ⚠️ goconst: ignore-strings is deprecated and replaced by ignore-string-values
    • goconst: from 1.7.1 to 1.8.1 (new options: find-duplicates, eval-const-expressions)
    • govet: add httpmux analyzer
    • nilnesserr: from 0.1.2 to 0.2.0 (detect more cases)
    • paralleltest: from 1.0.10 to 1.0.14 (checks only _test.go files)
    • revive: from 1.7.0 to 1.9.0 (support kebab case for setting names)
    • sloglint: from 0.9.0 to 0.11.0 (autofix, new option msg-style, suggest slog.DiscardHandler)
    • wrapcheck: from 2.10.0 to 2.11.0 (new option report-internal-errors)
    • wsl: from 4.6.0 to 4.7.0 (cgo files are always excluded)
  4. Linters bug fixes
    • fatcontext: from 0.7.1 to 0.7.2
    • gocritic: fix importshadow checker
    • gosec: from 2.22.2 to 2.22.3
    • ireturn: from 0.3.1 to 0.4.0
    • loggercheck: from 0.10.1 to 0.11.0
    • nakedret: from 2.0.5 to 2.0.6
    • nonamedreturns: from 1.0.5 to 1.0.6
    • protogetter: from 0.3.12 to 0.3.13
    • testifylint: from 1.6.0 to 1.6.1
    • unconvert: update to HEAD
  5. Misc.
    • Fixes memory leaks when using go1.(N) with golangci-lint built with go1.(N-X)
    • Adds golangci-lint-fmt pre-commit hook
  6. Documentation
    • Improvements
    • Updates section about vscode integration

v2.0.2

Compare Source

  1. Misc.
    • Fixes flags parsing for formatters
    • Fixes the filepath used by the exclusion source option
  2. Documentation
    • Adds a section about flags migration
    • Cleaning pages with v1 options

v2.0.1

Compare Source

  1. Linters/formatters bug fixes
    • golines: fix settings during linter load
  2. Misc.
    • Validates the version field before the configuration
    • forbidigo: fix migration

v2.0.0

Compare Source

  1. Enhancements
  2. New linters/formatters
  3. Linters new features
    • ⚠️ Merge staticcheck, stylecheck, gosimple into one linter (staticcheck) (cf. Migration guide)
    • go-critic: from 0.12.0 to 0.13.0
    • gomodguard: from 1.3.5 to 1.4.1 (block explicit indirect dependencies)
    • nilnil: from 1.0.1 to 1.1.0 (new option: only-two)
    • perfsprint: from 0.8.2 to 0.9.1 (checker name in the diagnostic message)
    • staticcheck: new quickfix set of rules
    • testifylint: from 1.5.2 to 1.6.0 (new options: equal-values, suite-method-signature, require-string-msg)
    • wsl: from 4.5.0 to 4.6.0 (new option: allow-cuddle-used-in-block)
  4. Linters bug fixes
    • bidichk: from 0.3.2 to 0.3.3
    • errchkjson: from 0.4.0 to 0.4.1
    • errname: from 1.0.0 to 1.1.0
    • funlen: fix ignore-comments option
    • gci: from 0.13.5 to 0.13.6
    • gosmopolitan: from 1.2.2 to 1.3.0
    • inamedparam: from 0.1.3 to 0.2.0
    • intrange: from 0.3.0 to 0.3.1
    • protogetter: from 0.3.9 to 0.3.12
    • unparam: from 8a5130c to 0df0534
  5. Misc.
    • 🧹 Configuration options renaming (cf. Migration guide)
    • 🧹 Remove options (cf. Migration guide)
    • 🧹 Remove flags (cf. Migration guide)
    • 🧹 Remove alternative names (cf. Migration guide)
    • 🧹 Remove or replace deprecated elements (cf. Migration guide)
    • Adds an option to display some commands as JSON:
      • golangci-lint config path --json
      • golangci-lint help linters --json
      • golangci-lint help formatters --json
      • golangci-lint linters --json
      • golangci-lint formatters --json
      • golangci-lint version --json
  6. Documentation

v1.64.8

Compare Source

  • Detects use of configuration files from golangci-lint v2

v1.64.7

Compare Source

  1. Linters bug fixes
    • depguard: from 2.2.0 to 2.2.1
    • dupl: from 3e9179a to f665c8d
    • gosec: from 2.22.1 to 2.22.2
    • staticcheck: from 0.6.0 to 0.6.1
  2. Documentation
    • Add GitLab documentation

v1.64.6

Compare Source

  1. Linters bug fixes
    • asciicheck: from 0.4.0 to 0.4.1
    • contextcheck: from 1.1.5 to 1.1.6
    • errcheck: from 1.8.0 to 1.9.0
    • exptostd: from 0.4.1 to 0.4.2
    • ginkgolinter: from 0.19.0 to 0.19.1
    • go-exhaustruct: from 3.3.0 to 3.3.1
    • gocheckcompilerdirectives: from 1.2.1 to 1.3.0
    • godot: from 1.4.20 to 1.5.0
    • perfsprint: from 0.8.1 to 0.8.2
    • revive: from 1.6.1 to 1.7.0
    • tagalign: from 1.4.1 to 1.4.2

v1.64.5

Compare Source

  1. Bug fixes
    • Add missing flag new-from-merge-base-flag
  2. Linters bug fixes
    • asciicheck: from 0.3.0 to 0.4.0
    • forcetypeassert: from 0.1.0 to 0.2.0
    • gosec: from 2.22.0 to 2.22.1

v1.64.4

Compare Source

  1. Linters bug fixes
    • gci: fix standard packages list for go1.24

v1.64.3

Compare Source

  1. Linters bug fixes
    • ginkgolinter: from 0.18.4 to 0.19.0
    • go-critic: from 0.11.5 to 0.12.0
    • revive: from 1.6.0 to 1.6.1
    • gci: fix standard packages list for go1.24
  2. Misc.
    • Build Docker images with go1.24

v1.64.2

Compare Source

This is the last minor release of golangci-lint v1.
The next release will be golangci-lint v2.

  1. Enhancements
    • 🎉 go1.24 support
    • New issues.new-from-merge-base option
    • New run.relative-path-mode option
  2. Linters new features
    • copyloopvar: from 1.1.0 to 1.2.1 (support suggested fixes)
    • exptostd: from 0.3.1 to 0.4.1 (handles golang.org/x/exp/constraints.Ordered)
    • fatcontext: from 0.5.3 to 0.7.1 (new option: check-struct-pointers)
    • perfsprint: from 0.7.1 to 0.8.1 (new options: integer-format, error-format, string-format, bool-format, and hex-format)
    • revive: from 1.5.1 to 1.6.0 (new rules: redundant-build-tag, use-errors-new. New option early-return.early-return)
  3. Linters bug fixes
    • go-errorlint: from 1.7.0 to 1.7.1
    • gochecknoglobals: from 0.2.1 to 0.2.2
    • godox: from 006bad1 to 1.1.0
    • gosec: from 2.21.4 to 2.22.0
    • iface: from 1.3.0 to 1.3.1
    • nilnesserr: from 0.1.1 to 0.1.2
    • protogetter: from 0.3.8 to 0.3.9
    • sloglint: from 0.7.2 to 0.9.0
    • spancheck: fix default StartSpanMatchersSlice values
    • staticcheck: from 0.5.1 to 0.6.0
  4. Deprecations
    • ⚠️ tenv is deprecated and replaced by usetesting.os-setenv: true.
    • ⚠️ exportloopref deprecation step 2
  5. Misc.
    • Sanitize severities by output format
    • Avoid panic with plugin without description
  6. Documentation
    • Clarify depguard configuration

v1.64.1

Compare Source

Cancelled due to CI failure.

v1.64.0

Compare Source

Cancelled due to CI failure.

santhosh-tekuri/jsonschema (github.com/santhosh-tekuri/jsonschema/v5)

v6.0.2

Compare Source

v6.0.1

Compare Source

Bug Fixes:

  • fix/schema: field RecursiveRef misspelled
  • fix/schema: missing Deprecated field

check https://redirect.github.com/santhosh-tekuri/jsonschema/discussions/172 to see notes for migrating from v5 to v6

v6.0.0

Compare Source

Improvements

  • mixed dialect support
  • custom $vocabulary support
  • sermver format
  • support for localisation for ValidationError
  • command jv
    • support stdin
    • --insecure and --cacert flag
    • --quiet flag

check https://redirect.github.com/santhosh-tekuri/jsonschema/discussions/172 to see notes for migrating from v5 to v6

tektoncd/pipeline (github.com/tektoncd/pipeline)

v1.7.0: Tekton Pipeline release v1.7.0 "LaPerm Little Helper"

Compare Source

🎉 Bug fixes, stability improvements and dependency updates 🎉

-Docs @​ v1.7.0
-Examples @​ v1.7.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.7.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a0af3ff47db2d68605b227b75af0aa40d87262257e2b9295f35454fe3d050ed38

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a0af3ff47db2d68605b227b75af0aa40d87262257e2b9295f35454fe3d050ed38
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.7.0/release.yaml
REKOR_UUID=108e9186e8c5677a0af3ff47db2d68605b227b75af0aa40d87262257e2b9295f35454fe3d050ed38

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.7.0@​sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes
  • 🐛 fix: Populate step statuses before TaskRun timeout handling (#​9184)

Fix a race condition on timeout that would result in a TaskRun status without steps statuses.

  • 🐛 fix: panic in v1beta1 matrix validation for invalid result refs (#​9135)

Resolved an issue where Pipelines with invalid result references in matrix parameters would cause a panic during validation (v1beta1 API)

  • 🐛 Use patch instead of update to replace sidecars with nop image (#​9128)

Fixed race condition causing TaskRuns to fail with 409 conflict error when stopping sidecars.
StopSidecars now uses Patch instead of Update to avoid conflicts with concurrent kubelet pod status updates.

  • 🐛 fix: Add missing comma in slash commands workflow (#​9157)
  • 🐛 Fix tekton/publish sed for combined-based-image digest replacement (#​9119)
  • 🐛 examples: reduce the size of the matrix to reduce flakiness (#​9187)
Misc
  • 🔨 Migrate tests images out of dockerhub. (#​9158)
  • 🔨 refactor: add clock injection to cache for testing (#​9142)
  • 🔨 Remove deprecated // +build directive from most files (#​9118)
  • 🔨 build(deps): bump tj-actions/changed-files from 6da3c88 to abdd2f6 (#​9196)
  • 🔨 chore(release-pipeline): update references to oci bucket (#​9189)
  • 🔨 .github/workflows: fix e2e-matrix-extras (#​9185)
  • 🔨 build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#​9181)
  • 🔨 build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#​9180)
  • 🔨 build(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 (#​9179)
  • 🔨 .github: add a dependabot configuration to monitor .ko.yaml (#​9173)
  • 🔨 feat: Add GitHub Actions cherry-pick slash command (#​9172)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9170)
  • 🔨 build(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 (#​9169)
  • 🔨 build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#​9168)
  • 🔨 build(deps): bump tj-actions/changed-files from 7006987 to 6da3c88 (#​9167)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.3 to 1.5.10 (#​9166)
  • 🔨 build(deps): bump github/codeql-action from 4.31.0 to 4.31.5 (#​9165)
  • 🔨 Fix commit SHA of actions/github-script in e2e-extras workflow (#​9161)
  • 🔨 Fix the e2e-extras slash command (#​9160)
  • 🔨 examples: make sure we use the same image for sidecar and step (#​9139)
  • 🔨 fix(ci): correct grep patterns in detect job (#​9137)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9134)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.7 to 1.5.8 (#​9133)
  • 🔨 build(deps): bump tj-actions/changed-files from 0ff001d to 7006987 (#​9132)
  • 🔨 build(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 (#​9131)
  • 🔨 build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#​9130)
  • 🔨 fix: label checker action reference (#​9129)
  • 🔨 Update releases.md after 1.6.0 release (#​9127)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9124)
  • 🔨 build(deps): bump tj-actions/changed-files from dbf178c to 0ff001d (#​9122)
  • 🔨 feat: upload release manifests to oracle cloud (#​9121)
  • 🔨 test: reduce the number of examples tests running in parallel (#​9114)
  • 🔨 Run less e2e matrix by default (#​9109)
  • 🔨 ci: skip running builds and tests if no code changed (#​8768)
  • 🔨 fix: update tekton setup action (#​9126)
  • 🔨 build(deps): bump github.com/docker/docker from 26.1.5+incompatible to 28.0.0+incompatible in /test/resolver-with-timeout (#​9182)

Thanks

Thanks to these contributors who contributed to v1.7.0!

Extra shout-out for awesome release notes:

v1.6.0: Tekton Pipeline release v1.6.0 LTS "Sphynx Sentinels"

Compare Source

🎉 Resolvers caching, Pipeline in Pipeline, and better ARM64 support & tested releases 🎉

-Docs @​ v1.6.0
-Examples @​ v1.6.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.6.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a288ca8343f66259e4a615801fa37703480d82893d1c6a45a2935a6632beb4164

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a288ca8343f66259e4a615801fa37703480d82893d1c6a45a2935a6632beb4164
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.6.0/release.yaml
REKOR_UUID=108e9186e8c5677a288ca8343f66259e4a615801fa37703480d82893d1c6a45a2935a6632beb4164

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.6.0@​sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ feat: implement shared cache for bundle, git, and cluster resolvers (#​9051)

Support caching for bundle, git, and cluster resolvers, reducing redundant fetches and improving pipeline performance.

Key Features:

  • Automatic caching for immutable references (digest-based bundles, git SHAs)
  • Three cache modes: always (cache everything), never (disable caching),auto (cache only immutable references - default)
  • Configurable via ConfigMap: Set cache size and TTL without restarting controllers
  • Per-task override: Tasks can override global cache settings using the cache parameter
  • Observability: Cache hits/misses and timestamps added to resource annotations

This helps reduce external API calls, improves pipeline exec speed, and provides better resilience during remote resource resolution.

  • ✨ feat: resolve array values in Input of When expressions (#​9038)

Array values can now be resolved in the Input attribute of When expressions

  • ✨ Issue 9032 - Add support for step display name (#​9033)

add displayName field to Step.

A Pipeline can now execute embedded Pipelines (Pipelines-in-Pipelines) using the PipelineSpec field under tasks. Refer to the TEP-0056 for more details.

Fixes
  • 🐛 fix: do not fail PipelineRun when TaskRef reconciles with retryable err (#​9099)

With this change, unknown DryRunValidation errors during TaskRef and PipelineRef resolution no longer cause PipelineRuns and TaskRuns to fail. Explicit Validation errors will still cause the Run to fail.

  • 🐛 Added signal handling in SidecarLog results to support Kubernetes-native sidecar functionality (#​9095)

Added signal handling to SidecarLog to support Kubernetes-native sidecar functionality, preventing repeated restarts of the init container.

  • 🐛 Pods for timed out TaskRuns should not be deleted when keep-pod-on-cancel feature flag is true (#​9075)

If Feature flag "keep-pod-on-cancel" is set to true then pods corresponding to TaskRun will be not be deleted when TaskRun Times Out. Earlier pod was retained only if it taskrun was canceled.

  • 🐛 fix(taskrun): ensure status steps are ordered correctly when using StepAction (#​9039)

Binary file (standard input) matches

  • 🐛 entrypoint: handle linux in pkgs/platforms (#​9096)
  • 🐛 test/e2e: remove data race on global variable requireAlphaFeatureFlag (#​9067)
  • 🐛 tests: pdate csi-node-driver-registrar image reference (#​9089)
  • 🐛 ci: Ensure e2e setup errors fail tests, add retries during e2e setup (#​9082)
  • 🐛 test/e2e: Fix TestLargerResultsSidecarLogs and TestWaitCustomTask_V1_PipelineRun flakyness (#​9072)
Misc
  • 🔨 e2e: migrate wait.PollImmediate deprecated functions (#​9073)
  • 🔨 chore: centralize ko base image configuration (#​9110)
  • 🔨 build(deps): bump k8s.io/code-generator from 0.32.8 to 0.32.9 (#​9106)
  • 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9105)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.5.3 to 1.5.7 (#​9104)
  • 🔨 build(deps): bump github/codeql-action from 4.30.9 to 4.31.0 (#​9103)
  • 🔨 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#​9102)
  • 🔨 build(deps): bump tj-actions/changed-files from d03a93c to dbf178c (#​9101)
  • 🔨 build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.10 (#​9097)
  • 🔨 e2e: tests against 1.34 as well (#​9091)
  • 🔨 ci/e2e: run one e2e on arm64 (#​9090)
  • 🔨 build(deps): bump github/codeql-action from 3.30.1 to 4.30.9 (#​9088)
  • 🔨 build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (#​9087)
  • 🔨 build(deps): bump actions/dependency-review-action from 4.8.0 to 4.8.1 (#​9086)
  • 🔨 build(deps): bump golang.org/x/crypto from 0.41.0 to 0.43.0 (#​9085)
  • 🔨 build(deps): bump the all group in /tekton with 2 updates (#​9081)
  • 🔨 build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.2 (#​9079)
  • 🔨 build(deps): bump actions/cache from 4.2.4 to 4.3.0 (#​9078)
  • 🔨 build(deps): bump peter-evans/create-or-update-comment from 4.0.0 to 5.0.0 (#​9077)
  • 🔨 build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#​9076)
  • 🔨 test/e2e: update kubernetes versions we test against (#​9068)
  • 🔨 Pin actions by commit SHA or image digest (#​9061)
  • 🔨 build(deps): bump tj-actions/changed-files from 2036da1 to d03a93c (#​9058)
  • 🔨 build(deps): bump chainguard-dev/actions from 1.4.12 to 1.5.3 (#​9057)
  • 🔨 Add GitHub Actions workflow for go coverage job (#​9055)
  • 🔨 build(deps): bump actions/dependency-review-action from 4.7.2 to 4.8.0 (#​9047)
  • 🔨 build(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 (#​9036)
  • 🔨 build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (#​9027)
  • 🔨 fix: fix %w formatting leak in user-facing error (#​9003)
  • 🔨 build(deps): bump the all group in /tekton with 3 updates (#​8990)
  • 🔨 build(deps): bump github.com/spiffe/go-spiffe/v2 from 2.5.0 to 2.6.0 (#​8988)
Docs
  • 📖 document the latest release - 1.5 (#​9054)
  • 📖 Remove broken example link from TaskRuns doc (#​9023)

Thanks

Thanks to these contributors who contributed to v1.6.0!

Extra shout-out for awesome release notes:

v1.5.0: Tekton Pipeline release v1.5.0 "Bombay Robbie"

Compare Source

🎉 Use managedBy to delegate pipelineRun and taskRun lifecycle control 🎉

-Docs @​ v1.5.0
-Examples @​ v1.5.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.5.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a657cc892687dc9dbf41be24c29f51d2f5fc1092446b0739ec5280bb6b0bc1b82

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a657cc892687dc9dbf41be24c29f51d2f5fc1092446b0739ec5280bb6b0bc1b82
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.5.0/release.yaml
REKOR_UUID=108e9186e8c5677a657cc892687dc9dbf41be24c29f51d2f5fc1092446b0739ec5280bb6b0bc1b82

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.5.0@​sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

  • ✨ Add Support for managedBy field in TaskRun and PipelineRun (#​8965)

Added a "managedBy" field to delegate responsibility of controlling the lifecycle of PipelineRuns/TaskRuns.

The semantics of the field:

Whenever the value is set, and it does not point to the built-in controller, then we skip the reconciliation.

  • The field is immutable
  • The field is not defaulted
If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Copy link
Contributor Author

renovate bot commented Dec 12, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: acceptance/go.sum
Command failed: go get -t ./...
go: gopkg.in/go-jose/go-jose.v4@v4.1.3: parsing go.mod:
	module declares its path as: github.com/go-jose/go-jose/v4
	        but was required as: gopkg.in/go-jose/go-jose.v4
File name: tools/go.sum
Command failed: go get -t ./...
go: downloading github.com/golangci/golangci-lint v1.57.2
go: downloading github.com/tektoncd/chains v0.22.2
go: downloading github.com/tektoncd/cli v0.38.0
go: downloading gotest.tools/gotestsum v1.12.1
go: downloading k8s.io/kubernetes v1.34.2
go: downloading golang.org/x/tools v0.40.0
go: downloading github.com/hashicorp/go-version v1.8.0
go: downloading github.com/tektoncd/triggers v0.29.0
go: downloading golang.org/x/mod v0.31.0
go: downloading github.com/ldez/gomoddirectives v0.8.0
go: downloading github.com/golangci/plugin-module-register v0.1.2
go: downloading github.com/go-openapi/jsonpointer v0.21.1
go: downloading cloud.google.com/go v0.121.2
go: downloading google.golang.org/api v0.239.0
go: downloading cloud.google.com/go/storage v1.53.0
go: downloading github.com/ldez/grignotin v0.10.1
go: downloading github.com/4meepo/tagalign v1.4.3
go: downloading github.com/Abirdcfly/dupword v0.1.7
go: downloading github.com/Antonboom/errname v1.1.1
go: downloading github.com/Antonboom/nilnil v1.1.1
go: downloading github.com/Antonboom/testifylint v1.6.4
go: downloading github.com/Djarvur/go-err113 v0.1.1
go: downloading github.com/alexkohler/nakedret/v2 v2.0.6
go: downloading github.com/alexkohler/prealloc v1.0.1
go: downloading github.com/bombsimon/wsl/v4 v4.7.0
go: downloading github.com/breml/bidichk v0.3.3
go: downloading github.com/breml/errchkjson v0.4.1
go: downloading github.com/butuzov/ireturn v0.4.0
go: downloading github.com/catenacyber/perfsprint v0.10.1
go: downloading github.com/charithe/durationcheck v0.0.11
go: downloading github.com/ckaznocha/intrange v0.3.1
go: downloading github.com/firefart/nonamedreturns v1.0.6
go: downloading github.com/ghostiam/protogetter v0.3.18
go: downloading github.com/go-critic/go-critic v0.14.3
go: downloading github.com/golangci/misspell v0.7.0
go: downloading github.com/golangci/unconvert v0.0.0-20250410112200-a129a6e6413e
go: downloading github.com/gordonklaus/ineffassign v0.2.0
go: downloading github.com/gostaticanalysis/nilerr v0.1.2
go: downloading github.com/jgautheron/goconst v1.8.2
go: downloading github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af
go: downloading github.com/jjti/go-spancheck v0.6.5
go: downloading github.com/karamaru-alpha/copyloopvar v1.2.2
go: downloading github.com/kulti/thelper v0.7.1
go: downloading github.com/kunwardeep/paralleltest v1.0.15
go: downloading github.com/ldez/tagliatelle v0.7.2
go: downloading github.com/lufeee/execinquery v1.2.1
go: downloading github.com/macabu/inamedparam v0.2.0
go: downloading github.com/maratori/testableexamples v1.0.1
go: downloading github.com/maratori/testpackage v1.1.2
go: downloading github.com/mgechev/revive v1.13.0
go: downloading github.com/nunnatsa/ginkgolinter v0.21.2
go: downloading github.com/ryancurrah/gomodguard v1.4.1
go: downloading github.com/sashamelentyev/usestdlibvars v1.29.0
go: downloading github.com/securego/gosec/v2 v2.22.11
go: downloading github.com/sonatard/noctx v0.4.0
go: downloading github.com/stbenjam/no-sprintf-host-port v0.3.1
go: downloading github.com/tetafro/godot v1.5.4
go: downloading github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67
go: downloading github.com/timonwong/loggercheck v0.11.0
go: downloading github.com/tomarrell/wrapcheck/v2 v2.12.0
go: downloading github.com/xen0n/gosmopolitan v1.3.0
go: downloading go-simpler.org/musttag v0.14.0
go: downloading go-simpler.org/sloglint v0.11.1
go: downloading mvdan.cc/gofumpt v0.9.2
go: downloading mvdan.cc/unparam v0.0.0-20251027182757-5beb8c8f8f15
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c
go: downloading cloud.google.com/go/compute/metadata v0.8.0
go: downloading github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0
go: downloading github.com/alfatraining/structtag v1.0.0
go: downloading github.com/quasilyte/go-ruleguard v0.4.5
go: downloading github.com/ccojocar/zxcvbn-go v1.0.4
go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0
go: downloading github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0
go: downloading golang.org/x/exp/typeparams v0.0.0-20251023183803-a4bb9ffd2546
go: downloading codeberg.org/chavacava/garif v0.2.0
go: downloading github.com/golangci/gofmt v0.0.0-20251215234548-e7be49a5ab4d
go: downloading github.com/nunnatsa/ginkgolinter v0.22.0
go: downloading helm.sh/helm v2.17.0+incompatible
go: github.com/conforma/cli/tools imports
	github.com/golangci/golangci-lint/cmd/golangci-lint imports
	github.com/golangci/golangci-lint/pkg/commands imports
	github.com/golangci/golangci-lint/pkg/lint/lintersdb imports
	github.com/golangci/golangci-lint/pkg/golinters imports
	github.com/golangci/gofmt/goimports: cannot find module providing package github.com/golangci/gofmt/goimports
go: github.com/conforma/cli/tools imports
	github.com/golangci/golangci-lint/cmd/golangci-lint imports
	github.com/golangci/golangci-lint/pkg/commands imports
	github.com/golangci/golangci-lint/pkg/lint/lintersdb imports
	github.com/golangci/golangci-lint/pkg/golinters imports
	github.com/nunnatsa/ginkgolinter/types: cannot find module providing package github.com/nunnatsa/ginkgolinter/types
go: warning: github.com/klauspost/compress@v1.18.1: retracted by module author: https://github.com/klauspost/compress/issues/1114
go: to switch to the latest unretracted version, run:
	go get github.com/klauspost/compress@latest

@renovate renovate bot force-pushed the renovate/main-major-go-modules branch 5 times, most recently from ae14d9b to 2d107ee Compare December 19, 2025 11:05
@renovate renovate bot force-pushed the renovate/main-major-go-modules branch from 2d107ee to 585ac43 Compare January 7, 2026 22:02
@renovate renovate bot force-pushed the renovate/main-major-go-modules branch from 585ac43 to a154eef Compare January 10, 2026 01:45
@renovate renovate bot force-pushed the renovate/main-major-go-modules branch from a154eef to c06dab0 Compare January 13, 2026 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

main major renovate size: L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants