Update go modules (release-v0.7) (minor) by renovate[bot] · Pull Request #1634 · conforma/policy

renovate · 2026-01-20T00:43:39Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/conforma/cli	`v0.7.109` → `v0.9.50`
github.com/conforma/cli	`v0.7.95` → `v0.9.50`
github.com/cucumber/godog	`v0.13.0` → `v0.15.1`
github.com/google/addlicense	`v1.1.1` → `v1.2.0`
github.com/open-policy-agent/conftest	`v0.55.0` → `v0.68.2`
github.com/open-policy-agent/opa	`v0.68.0` → `v0.70.0`
github.com/styrainc/regal	`v0.29.2` → `v0.41.1`
github.com/tektoncd/cli	`v0.39.1` → `v0.45.0`
oras.land/oras	`v1.2.3` → `v1.3.2`

Release Notes

conforma/cli (github.com/conforma/cli)

cucumber/godog (github.com/cucumber/godog)

`v0.15.1`

Compare Source

Added

Step text is added to "step is undefined" error - (669 - vearutop)
Localisation support by @MegaGrindStone in #665
feat: support uint types by @chengxilo in #695

Changed

Replace deprecated ::set-output - (681 - nodeg)

Fixed

fix(errors): fix(errors): Fix expected Step argument count for steps with context.Context (679 - tigh-latte)
fix(formatter): On concurrent execution, execute formatter at end of Scenario - (645 - tigh-latte)
Pretty printing results now prints the line where the step is declared instead of the line where the handler is declared. (668 - spencerc)
Update honnef.co/go/tools/cmd/staticcheck version in Makefile by @RezaZareiii in #670
fix: verify dogT exists in the context before using it by @cakoolen in #692
fix: change bang to being in README by @nahomEagleLion in #687
Mark junit test cases as skipped if no pickle step results available by @mrsheepuk in #597
Print step declaration line instead of handler declaration line by @SpencerC in #668

`v0.15.0`

Compare Source

Added

Improved the type checking of step return types and improved the error messages - (647 - johnlon)
Ambiguous step definitions will now be detected when strict mode is activated - (636/(648 - johnlon)
Provide support for attachments / embeddings including a new example in the examples dir - (623 - johnlon)

Changed

Formatters now have a Close method and associated io.Writer changed to io.WriteCloser.

`v0.14.1`

Compare Source

Added

Provide testing.T-compatible interface on test context, allowing usage of assertion libraries such as testify's assert/require - (571 - mrsheepuk)
Created releasing guidelines - (608 - glibas)

Fixed

Step duration calculation - (616 - iaroslav-ciupin)
Invalid memory address or nil pointer dereference in RetrieveFeatures - (566 - corneldamian)

`v0.14.0`

Compare Source

Added

Improve ErrSkip handling, add test for Summary and operations order (584 - vearutop)

Fixed

Remove line overwriting for scenario outlines in cucumber formatter (605 - glibas)
Remove duplicate warning message (590 - vearutop)
updated base formatter to set a scenario as passed unless there exist (582 - roskee)

Changed

Update test.yml (583 - vearutop)

google/addlicense (github.com/google/addlicense)

`v1.2.0`

Compare Source

This is the first full release after a period of dormancy for the project. Support for several file types has been added, plus some internal cleanup.

What's Changed

fix(readme): Update the docs to show current year by @xorima in #140
Add support for TOML configuration files by @kupiakos in #144
Support *.BUILD files by @pmeric in #145
Adding support for the j2 format. by @sjswerdlow in #146
feature: add pre-commit support by @Thomy90 in #138
style: Each language in a case on its own line by @flwyd in #174
Add Powershell Support [ps1, psm1] by @JackStuart in #165
feat: add support for .htm files by @CalebAlbers in #121
Fix test: expected copyright year must be 2018 by @flwyd in #178
Upgrade GitHub workflows by @flwyd in #180
Fix ignore on Windows by @06393993 in #157
Add support for BUILD.bazel files by @pmeric in #151
Add support for Rackup (.ru) config files by @CalebAlbers in #120
Add .bash and .zsh extensions by @CalebAlbers in #122
Add support for nix scripts by @06393993 in #156
Reformat TestLicenseHeader to one filetype per line by @flwyd in #181
Add AWK, Elixir, Julia, Lua, Raku, Scheme, & Vim by @flwyd in #182
Add .graphql support by @SleepySquash in #111
Add .less support by @gnugomez in #184
Wrap the MIT License template to ensure the generated license fits into 80 characters by @XuehaiPan in #185
feat(buck): add support for buck2 files (#188) by @yesudeep in #187
Cython files Support by @Spill-Tea in #192
Goreleaser config update by @Spill-Tea in #193
Adding support for the gradle file extension by @tfroseman in #194

New Contributors

@xorima made their first contribution in #140
@kupiakos made their first contribution in #144
@pmeric made their first contribution in #145
@sjswerdlow made their first contribution in #146
@Thomy90 made their first contribution in #138
@JackStuart made their first contribution in #165
@CalebAlbers made their first contribution in #121
@06393993 made their first contribution in #157
@SleepySquash made their first contribution in #111
@gnugomez made their first contribution in #184
@yesudeep made their first contribution in #187
@Spill-Tea made their first contribution in #192
@tfroseman made their first contribution in #194

Full Changelog: google/addlicense@v1.1.1...v1.2.0

open-policy-agent/conftest (github.com/open-policy-agent/conftest)

`v0.68.2`

Compare Source

Changelog

OPA Changes

36f23bf: build(deps): bump github.com/open-policy-agent/opa from 1.15.1 to 1.15.2 (#1311) (@dependabot[bot])

Other Changes

479de13: build(deps): bump github.com/hashicorp/go-getter from 1.8.5 to 1.8.6 (#1307) (@dependabot[bot])

`v0.68.1`

Compare Source

Changelog

Bug Fixes

2631477: fix(push): Use Rego v1 by default (#1290) (@jalseth)

`v0.68.0`

Compare Source

Changelog

New Features

a604f55: feat(parser): Add nginx parser (#1289) (@jalseth)

Bug Fixes

487a2e1: fix: Skip extensionless files that are not recognized types (#1302) (@ricardbejarano)

OPA Changes

472e4e3: build(deps): bump github.com/open-policy-agent/opa from 1.14.1 to 1.15.1 (#1303) (@dependabot[bot])

Other Changes

6d521ef: build(deps): bump github.com/google/go-jsonnet from 0.21.0 to 0.22.0 (#1299) (@dependabot[bot])
2d5f1c2: build(deps): bump github.com/moby/buildkit from 0.28.0 to 0.29.0 (#1306) (@dependabot[bot])

`v0.67.1`

Compare Source

Changelog

Bug Fixes

9cef5a2: fix(releasing): Ensure GoReleaser creates a tar for linux_amd64 (#1294) (@jalseth)

Other Changes

8bc9477: build(deps): bump actions/setup-go from 6.0.0 to 6.3.0 (#1278) (@dependabot[bot])
7655171: build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#1284) (@dependabot[bot])
35ab0ca: build(deps): bump docker/login-action from 3.6.0 to 4.0.0 (#1283) (@dependabot[bot])
94e5286: build(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 (#1275) (@dependabot[bot])
45a3835: ci: Update Nix devshell to use go-overlay (#1287) (@jalseth)

`v0.67.0`

Compare Source

Changelog

Bug Fixes

69f41ed: fix(plugin): Handle spaces in the plugin command path (#1242) (@jalseth)

OPA Changes

59cb419: build(deps): bump github.com/open-policy-agent/opa from 1.12.1 to 1.13.1 (#1262) (@dependabot[bot])
507345f: build(deps): bump github.com/open-policy-agent/opa from 1.13.1 to 1.13.2 (#1274) (@dependabot[bot])
69b7329: build(deps): bump github.com/open-policy-agent/opa from 1.13.2 to 1.14.1 (#1282) (@dependabot[bot])

Other Changes

8ec8ba0: build(deps): bump actions/checkout from 5.0.0 to 6.0.1 (#1230) (@dependabot[bot])
fb1d20e: build(deps): bump alpine from 3.23.2 to 3.23.3 (#1264) (@dependabot[bot])
84ee4f1: build(deps): bump bats-core/bats-action from 3.0.1 to 4.0.0 (#1270) (@dependabot[bot])
06f26a6: build(deps): bump cuelang.org/go from 0.15.1 to 0.15.3 (#1244) (@dependabot[bot])
d01f783: build(deps): bump cuelang.org/go from 0.15.3 to 0.15.4 (#1259) (@dependabot[bot])
b7f9627: build(deps): bump cuelang.org/go from 0.15.4 to 0.16.0 (#1279) (@dependabot[bot])
3e4cf98: build(deps): bump docker/build-push-action from 6.18.0 to 6.19.2 (#1273) (@dependabot[bot])
b7060d3: build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.3 to 0.10.0 (#1265) (@dependabot[bot])
e130513: build(deps): bump github.com/hashicorp/go-getter from 1.8.3 to 1.8.4 (#1245) (@dependabot[bot])
e5afd3f: build(deps): bump github.com/hashicorp/go-getter from 1.8.4 to 1.8.5 (#1285) (@dependabot[bot])
d6f5fb2: build(deps): bump github.com/moby/buildkit from 0.26.3 to 0.27.1 (#1260) (@dependabot[bot])
c1ba806: build(deps): bump github.com/moby/buildkit from 0.27.1 to 0.28.0 (#1280) (@dependabot[bot])
fc57996: build(deps): bump github.com/spdx/tools-golang from 0.5.5 to 0.5.6 (#1243) (@dependabot[bot])
95d756f: build(deps): bump github.com/spdx/tools-golang from 0.5.6 to 0.5.7 (#1251) (@dependabot[bot])
a59b8bd: build(deps): bump golang from 1.25.5-alpine to 1.25.6-alpine (#1256) (@dependabot[bot])
bde1457: build(deps): bump golang from 1.25.6-alpine to 1.26.1-alpine (#1281) (@dependabot[bot])
b2e58f0: build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.2.0 (#1231) (@dependabot[bot])
b1e9f30: ci: Update Dependabot config (#1267) (@jalseth)
bf63002: ci: Update setup-go to use Go version from go.mod (#1268) (@jalseth)

`v0.66.0`

Compare Source

Changelog

OPA Changes

08529c7: build(deps): bump github.com/open-policy-agent/opa from 1.11.0 to 1.12.1 (#1240) (@dependabot[bot])

Other Changes

10434c1: build(deps): bump actions/setup-python from 6.0.0 to 6.1.0 (#1225) (@dependabot[bot])
25bee5d: build(deps): bump alpine from 3.22.2 to 3.23.0 (#1229) (@dependabot[bot])
6cafc0f: build(deps): bump github.com/BurntSushi/toml from 1.5.0 to 1.6.0 (#1238) (@dependabot[bot])
f6b8fa9: build(deps): bump github.com/moby/buildkit from 0.26.2 to 0.26.3 (#1235) (@dependabot[bot])
233776f: build(deps): bump golang from 1.25.4-alpine to 1.25.5-alpine (#1228) (@dependabot[bot])
7a86f94: chore: Remove dependency on github.com/pkg/errors (#1233) (@jalseth)
5a394b8: ci(golangci-lint): Disable revive skip-package-name-collision-with-go-std (#1232) (@jalseth)

`v0.65.0`

Compare Source

Changelog

New Features

7de1f99: feat: Add location to SARIF output (#1207) (@jalseth)

Bug Fixes

94bb769: fix(build): Include Git version when using 'make build' (#1218) (@jalseth)
ff4e456: fix(sarif): Include conftest version number (#1206) (@jalseth)

OPA Changes

8c4cfa6: build(deps): bump github.com/open-policy-agent/opa from 1.10.1 to 1.11.0 (#1224) (@dependabot[bot])

Other Changes

3dab980: build(deps): bump cuelang.org/go from 0.15.0 to 0.15.1 (#1217) (@dependabot[bot])
cfa85ca: build(deps): bump github.com/moby/buildkit from 0.25.2 to 0.26.2 (#1216) (@dependabot[bot])
dd7e3bc: build(deps): bump golang from 1.25.3-alpine to 1.25.4-alpine (#1210) (@dependabot[bot])
bbbb04c: chore: Include goreleaser in Nix devshell (#1219) (@jalseth)
ac3146f: ci: Pin GitHub Actions to the Git SHA using ratchet (#1204) (@jalseth)

`v0.64.0`

Compare Source

Changelog

New Features

00b02b2: feat: Include loca

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

Branch creation
- Between 12:00 AM and 03:59 AM (* 0-3 * * *)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2026-01-20T05:03:19Z

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: acceptance/go.sum

Command failed: go get -t ./...
go: module github.com/conforma/cli@v0.9.50 requires go >= 1.26.3; switching to go1.26.4
go: downloading github.com/google/go-containerregistry v0.21.7
go: downloading github.com/cespare/xxhash v1.1.0
go: downloading github.com/sigstore/timestamp-authority v1.2.2
go: downloading golang.org/x/net v0.56.0
go: downloading github.com/vektah/gqlparser v1.2.0
go: downloading golang.org/x/mod v0.37.0
go: downloading github.com/containerd/containerd v1.7.27
go: downloading github.com/go-chi/chi v4.1.2+incompatible
go: downloading github.com/dgraph-io/ristretto v0.1.1
go: downloading golang.org/x/tools v0.46.0
go: github.com/muhammadmuzzammil1998/jsonc@v1.0.0 used for two different module paths (github.com/muhammadmuzzammil1998/jsonc and muzzammil.xyz/jsonc)

File name: go.sum

Command failed: go get -t ./...
go: module github.com/conforma/cli@v0.9.50 requires go >= 1.26.3; switching to go1.26.4
go: github.com/styrainc/regal@v0.41.1: parsing go.mod:
	module declares its path as: github.com/open-policy-agent/regal
	        but was required as: github.com/styrainc/regal

fullsend-ai-review

See the review comment for full details.

fullsend-ai-review · 2026-06-09T18:16:51Z

🤖 Finished Review · ✅ Success · Started 6:16 PM UTC · Completed 6:23 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review · 2026-06-13T02:03:46Z

🤖 Finished Review · ✅ Success · Started 2:03 AM UTC · Completed 2:12 AM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review

See the review comment for full details.

fullsend-ai-review · 2026-06-17T17:11:48Z

🤖 Finished Review · ✅ Success · Started 5:11 PM UTC · Completed 5:19 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review · 2026-06-18T01:51:27Z

🤖 Finished Review · ✅ Success · Started 1:51 AM UTC · Completed 2:00 AM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review

See the review comment for full details.

fullsend-ai-review · 2026-06-18T01:59:55Z

-	github.com/styrainc/regal v0.29.2
-	github.com/tektoncd/cli v0.39.1
-	oras.land/oras v1.2.3
+	github.com/conforma/cli v0.9.48


[high] missing artifacts

The root go.mod updates 6 direct dependencies but go.sum is not included in the PR. Verification confirms that 5 of the 6 new versions lack checksums in go.sum: conforma/cli v0.9.48 (go.sum has v0.9.2), conftest v0.68.2 (go.sum has v0.66.0), regal v0.41.1 (no entry at all), tektoncd/cli v0.45.0 (go.sum has v0.42.1), oras v1.3.2 (go.sum has v1.3.0). Only addlicense v1.2.0 already has a matching entry. Builds will fail without go.sum updates.

Suggested fix: Run go mod tidy in the root directory and include the resulting go.sum changes in the PR.

fullsend-ai-review · 2026-06-18T01:59:55Z

 require (
-	github.com/conforma/cli v0.7.95
-	github.com/cucumber/godog v0.13.0
+	github.com/conforma/cli v0.9.48


[medium] missing artifacts

The acceptance/go.mod updates conforma/cli from v0.7.95 to v0.9.48 and godog from v0.13.0 to v0.15.1, but acceptance/go.sum is not included in the PR. conforma/cli v0.9.48 is missing from acceptance/go.sum (which has v0.9.2 instead). godog v0.15.1 already has a valid checksum entry.

Suggested fix: Run go mod tidy in the acceptance/ directory and include the resulting go.sum changes in the PR.

fullsend-ai-review · 2026-06-22T16:04:34Z

🤖 Finished Review · ✅ Success · Started 4:04 PM UTC · Completed 4:13 PM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review · 2026-06-27T01:09:48Z

🤖 Finished Review · ✅ Success · Started 1:09 AM UTC · Completed 1:20 AM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review

See the review comment for full details.

fullsend-ai-review · 2026-06-27T01:19:59Z

-	github.com/styrainc/regal v0.29.2
-	github.com/tektoncd/cli v0.39.1
-	oras.land/oras v1.2.3
+	github.com/conforma/cli v0.9.50


[high] missing-artifacts

The PR updates six dependencies in go.mod but does not include the corresponding go.sum update. Verification confirms that five of six new dependency versions (conforma/cli v0.9.50, conftest v0.68.2, regal v0.41.1, tektoncd/cli v0.45.0, oras v1.3.2) have no checksum entries in go.sum. Only addlicense v1.2.0 is already present. Without the updated go.sum, go build, go test, and go mod verify will fail. The pre-merge CI only triggers on PRs to main, not release-v0.7, so this gap may not be caught by automated checks.

Suggested fix: Run go mod tidy in the root module directory and include the resulting go.sum changes in the PR.

fullsend-ai-review · 2026-06-27T01:19:59Z

 require (
-	github.com/conforma/cli v0.7.95
-	github.com/cucumber/godog v0.13.0
+	github.com/conforma/cli v0.9.50


[medium] missing-artifacts

The PR updates conforma/cli v0.7.95 to v0.9.50 and godog v0.13.0 to v0.15.1, but does not include acceptance/go.sum changes. Verification confirms godog v0.15.1 already has entries, but conforma/cli v0.9.50 does not. The missing checksum will cause build failures in the acceptance module.

Suggested fix: Run go mod tidy in the acceptance/ directory and include the resulting acceptance/go.sum changes in the PR.

renovate Bot added release-v0.7 renovate labels Jan 20, 2026

github-actions Bot added the size: XS label Jan 20, 2026

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch from 6b8b3a9 to 356ee83 Compare January 20, 2026 05:03

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch 5 times, most recently from e85d278 to 1de80e8 Compare January 29, 2026 05:41

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch 2 times, most recently from f0269a7 to 28461a8 Compare February 2, 2026 12:43

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch 4 times, most recently from cf6bb5e to cb12a04 Compare February 14, 2026 09:15

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch 2 times, most recently from 640ac05 to 602b0e4 Compare February 26, 2026 22:01

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch 5 times, most recently from 3ae6928 to d6fe4d7 Compare March 9, 2026 13:08

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch 4 times, most recently from 585cb2d to 836e5e7 Compare March 18, 2026 18:17

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch 2 times, most recently from 46d270a to 046b71f Compare March 24, 2026 01:52

fullsend-ai-review Bot approved these changes Jun 3, 2026

View reviewed changes

fullsend-ai-review Bot added the ready-for-merge All reviewers approved — ready to merge label Jun 3, 2026

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch from 7d6144f to 16f6859 Compare June 4, 2026 00:19

fullsend-ai-review Bot suggested changes Jun 4, 2026

View reviewed changes

fullsend-ai-review Bot removed the ready-for-merge All reviewers approved — ready to merge label Jun 4, 2026

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch from 16f6859 to d81d15d Compare June 4, 2026 19:11

fullsend-ai-review Bot approved these changes Jun 4, 2026

View reviewed changes

fullsend-ai-review Bot added the ready-for-merge All reviewers approved — ready to merge label Jun 4, 2026

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch from d81d15d to 85b21bb Compare June 5, 2026 18:49

fullsend-ai-review Bot added requires-manual-review Review requires human judgment and removed ready-for-merge All reviewers approved — ready to merge labels Jun 5, 2026

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch from 85b21bb to 4ebf3c0 Compare June 9, 2026 18:14

fullsend-ai-review Bot approved these changes Jun 9, 2026

View reviewed changes

fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge and removed requires-manual-review Review requires human judgment labels Jun 9, 2026

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch from 4ebf3c0 to 4f5f915 Compare June 13, 2026 02:02

fullsend-ai-review Bot suggested changes Jun 13, 2026

View reviewed changes

fullsend-ai-review Bot removed the ready-for-merge All reviewers approved — ready to merge label Jun 13, 2026

renovate Bot force-pushed the renovate/release-v0.7-go-modules branch from 4f5f915 to 3313ebe Compare June 17, 2026 17:09

fullsend-ai-review Bot approved these changes Jun 17, 2026

View reviewed changes

fullsend-ai-review Bot suggested changes Jun 18, 2026

View reviewed changes

fullsend-ai-review Bot approved these changes Jun 22, 2026

View reviewed changes

Update go modules

305b55d

fullsend-ai-review Bot suggested changes Jun 27, 2026

View reviewed changes

Uh oh!

Conversation

renovate Bot commented Jan 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Added

Changed

Fixed

Added

Changed

Added

Fixed

Added

Fixed

Changed

What's Changed

New Contributors

Changelog

OPA Changes

Other Changes

Changelog

Bug Fixes

Changelog

New Features

Bug Fixes

renovate Bot commented Jan 20, 2026 •

edited

Loading