chore: update dependencies

.github/workflows/lint.yaml

@@ -24,12 +24,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo 🛎
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Lint Code Base 🕵🏻‍♀️
-        uses: super-linter/super-linter/slim@v7
+        uses: super-linter/super-linter/slim@v8
         env:
           LINTER_RULES_PATH: /
           VALIDATE_ALL_CODEBASE: false
@@ -47,20 +47,20 @@ jobs:
     strategy:
       matrix:
         go-version:
-          - 1.23.6
+          - 1.24.7
     steps:
       - name: Checkout Repo 🛎
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Go 🐹
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go-version }}
           cache: true
           cache-dependency-path: go.sum
 
       - name: Lint Go Code 🕵🏻‍♂️
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v8
         with:
           version: latest
           only-new-issues: false

.github/workflows/release.yaml

@@ -27,14 +27,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo 🛎
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Setup Go 🐹
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
-          go-version: 1.23.6
+          go-version: 1.24.7
           cache: true
           cache-dependency-path: go.sum
 

.github/workflows/test.yml

@@ -25,16 +25,16 @@ jobs:
     strategy:
       matrix:
         go-version:
-          - 1.23.6
+          - 1.24.7
     defaults:
       run:
         shell: bash
     steps:
       - name: Checkout Repo 🛎
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Go 🐹
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go-version }}
           cache: true
@@ -92,14 +92,14 @@ jobs:
     strategy:
       matrix:
         go-version:
-          - 1.23.6
+          - 1.24.7
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo 🛎
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Go 🐹
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go-version }}
           cache: true

.golangci.yml

@@ -1,29 +1,44 @@
-# See https://github.com/golangci/golangci-lint/blob/master/.golangci.example.yml
-issues:
-  exclude-rules:
-    - path: _test\.go
-      linters:
-        - dupl
-        - gosec
-        - goconst
+version: "2"
 linters:
   enable:
-    - gosec
-    - unconvert
-    - gocyclo
     - goconst
-    - goimports
     - gocritic
-    - govet
+    - gocyclo
+    - gosec
+    - lll
     - revive
-linters-settings:
-  errcheck:
-    # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`;
-    # default is false: such cases aren't reported by default.
-    check-blank: true
-  govet:
-    enable:
-      - shadow
-  gocyclo:
-    # minimal code complexity to report, 30 by default
-    min-complexity: 15
+    - unconvert
+  settings:
+    errcheck:
+      check-blank: true
+    gocyclo:
+      min-complexity: 15
+    lll:
+      line-length: 120
+
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - linters:
+          - dupl
+          - goconst
+          - gosec
+        path: _test\.go
+    paths:
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
+  enable:
+    - goimports
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

.goreleaser.yaml

@@ -1,4 +1,5 @@
 # Customization options: https://goreleaser.com/customization/
+version: 2
 project_name: locksmith
 before:
   hooks:
@@ -39,3 +40,16 @@ dockers:
     - "--label=org.opencontainers.image.version={{ .Version }}"
     - "--build-arg=PROJECT_NAME={{ .ProjectName }}"
     - "--platform=linux/amd64"
+
+# Update to this config in the future.
+# dockers_v2:
+#   - images:
+#       - "ghcr.io/insightsengineering/{{ .ProjectName }}"
+#     tags:
+#       - "latest"
+#       - "{{ .Version }}"
+#     labels:
+#       "org.opencontainers.image.created": "{{ .Date }}"
+#       "org.opencontainers.image.title": "{{ .ProjectName }}"
+#       "org.opencontainers.image.revision": "{{ .FullCommit }}"
+#       "org.opencontainers.image.version": "{{ .Version }}"

Dockerfile

@@ -1,7 +1,11 @@
 FROM scratch
 ARG PROJECT_NAME="locksmith"
+# Uncomment when goreleaser config is updated to dockers_v2.
+# ARG TARGETPLATFORM
 ENV PROJECT_NAME=${PROJECT_NAME}
 COPY ${PROJECT_NAME} /
+# Change to this when goreleaser config is updated to dockers_v2.
+# COPY $TARGETPLATFORM/${PROJECT_NAME} /
 WORKDIR /
 # hadolint ignore=DL3025
 ENTRYPOINT ${PROJECT_NAME}

Makefile

@@ -25,9 +25,10 @@ help: ## Show this help menu
 
 devdeps: ## Install development dependencies
 	@printf "Executing target: [$@] 🎯\n"
-	@which -a golangci-lint > /dev/null || curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH) v1.55.2
+	@which -a golangci-lint > /dev/null || curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH) v2.5.0
 	@which -a typex > /dev/null || go install github.com/dtgorski/typex@latest
-	@which -a goreleaser > /dev/null || go install github.com/goreleaser/goreleaser@latest
+	@# Goreleaser v2.12 requires Go 1.25, so pin to v2.11.2 for now
+	@which -a goreleaser > /dev/null || go install github.com/goreleaser/goreleaser/v2@v2.11.2
 	@which -a gocover-cobertura > /dev/null || go install github.com/boumenot/gocover-cobertura@latest
 	@which -a misspell > /dev/null || go install github.com/client9/misspell/cmd/misspell@latest
 	@which -a gotestdox > /dev/null || go install github.com/bitfield/gotestdox/cmd/gotestdox@latest

cmd/download.go

@@ -134,7 +134,8 @@
 		log.Trace("remoteRef = ", remoteRef, " doesn't match tag name regexp.")
 		urlPath = "heads"
 	}
-	tagOrBranchURL := "https://api.github.com/repos/" + remoteUsername + "/" + remoteRepo + "/git/ref/" + urlPath + "/" + remoteRef
+	tagOrBranchURL := "https://api.github.com/repos/" + remoteUsername + "/" + remoteRepo +
+		"/git/ref/" + urlPath + "/" + remoteRef
 	_, tagDataResponse, err := downloadFileFunction(tagOrBranchURL, token)
 	if err == nil {
 		var tagOrBranchData GitHubTagOrBranchResponse
@@ -178,7 +179,7 @@
 		}
 	} else {
 		// Expecting GitLab URL in form:
 		// https://example.gitlab.com/api/v4/projects/<project-id>/repository/files/<optional-subdirectories>/DESCRIPTION/raw?ref=<ref-name>
 		// <optional-subdirectories> contains '/' encoded as '%2F'
 		re := regexp.MustCompile(`ref=.*$`)
 		if gitLabToken != "" {

cmd/renv.go

@@ -215,7 +215,10 @@ func GetLatestPackageVersionFromAnyRepository(soughtPackageName string, packages
 	for repositoryName, p := range packagesFiles {
 		for _, packageDescription := range p.Packages {
 			if packageDescription.Package == soughtPackageName {
-				log.Trace(soughtPackageName, " version ", packageDescription.Version, " found in ", repositoryName, " repository.")
+				log.Trace(
+					soughtPackageName, " version ", packageDescription.Version, " found in ",
+					repositoryName, " repository.",
+				)
 				if CheckIfVersionSufficient(packageDescription.Version, ">", latestPackageVersion) {
 					latestPackageVersion = packageDescription.Version
 					latestPackageVersionRepository = repositoryName
@@ -224,7 +227,10 @@ func GetLatestPackageVersionFromAnyRepository(soughtPackageName string, packages
 			}
 		}
 	}
-	log.Trace("Latest version ", latestPackageVersion, " for package ", soughtPackageName, " found in ", latestPackageVersionRepository, " repository.")
+	log.Trace(
+		"Latest version ", latestPackageVersion, " for package ", soughtPackageName, " found in ",
+		latestPackageVersionRepository, " repository.",
+	)
 	return latestPackageVersionRepository
 }
 

cmd/root.go

@@ -171,7 +171,9 @@
 				inputPackages := ParseDescriptionFileList(inputDescriptionFiles)
 				repositoryPackagesFiles := DownloadPackagesFiles(repositoryList, DownloadTextFile)
 				packagesFiles := ParsePackagesFiles(repositoryPackagesFiles)
-				outputPackageList := ConstructOutputPackageList(inputPackages, packagesFiles, repositoryList, allowedMissingDependencyTypes)
+				outputPackageList := ConstructOutputPackageList(
+					inputPackages, packagesFiles, repositoryList, allowedMissingDependencyTypes,
+				)
 				renvLock := GenerateRenvLock(outputPackageList, repositoryMap)
 				GenerateHTMLReport(outputPackageList, inputPackages, packagesFiles, renvLock, repositoryMap)
 				writeJSON(outputRenvLock, renvLock)
@@ -199,7 +201,7 @@
 			"However, it will not fail for comma-separated dependency types listed in this argument, e.g.: "+
 			"'Imports,Depends,Suggests,LinkingTo'")
 	rootCmd.PersistentFlags().StringVarP(&updatePackages, "updatePackages", "u", "*",
 		"Expression with wildcards indicating which packages from the inputRenvLock should be updated to the newest version. "+
 			"The expression follows the pattern: \"expression1,expression2,...\" where \"expressionN\" can be: "+
 			"literal package name and/or * symbol(s) meaning any set of characters. Example: "+
 			`'package*,*abc,a*b,someOtherPackage'. By default all packages are updated.`)

go.mod

@@ -1,79 +1,74 @@
 module github.com/insightsengineering/locksmith
 
-go 1.23.0
-
-toolchain go1.23.6
+go 1.24.7
 
 require (
-	github.com/go-git/go-git/v5 v5.13.2
+	github.com/go-git/go-git/v5 v5.16.2
 	github.com/jamiealquiza/envy v1.1.0
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/cobra v1.9.1
-	github.com/spf13/viper v1.19.0
-	github.com/stretchr/testify v1.10.0
+	github.com/spf13/cobra v1.10.1
+	github.com/spf13/viper v1.21.0
+	github.com/stretchr/testify v1.11.1
 	go.szostok.io/version v1.2.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	dario.cat/mergo v1.0.1 // indirect
+	dario.cat/mergo v1.0.2 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.3.1 // indirect
+	github.com/Masterminds/semver/v3 v3.4.0 // indirect
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/ProtonMail/go-crypto v1.1.5 // indirect
+	github.com/ProtonMail/go-crypto v1.3.0 // indirect
 	github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/clipperhouse/uax29/v2 v2.2.0 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
-	github.com/cyphar/filepath-securejoin v0.4.1 // indirect
+	github.com/cyphar/filepath-securejoin v0.5.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/fatih/color v1.18.0 // indirect
-	github.com/fsnotify/fsnotify v1.8.0 // indirect
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
-	github.com/goccy/go-yaml v1.15.23 // indirect
+	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hokaccha/go-prettyjson v0.0.0-20211117102719-0474bc63780f // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
-	github.com/magiconair/properties v1.8.9 // indirect
+	github.com/kevinburke/ssh_config v1.4.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/lucasb-eyer/go-colorful v1.3.0 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mattn/go-runewidth v0.0.19 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/muesli/termenv v0.15.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
-	github.com/pjbgf/sha1cd v0.3.2 // indirect
+	github.com/muesli/termenv v0.16.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/pjbgf/sha1cd v0.5.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/sagikazarmark/locafero v0.7.0 // indirect
-	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
-	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
+	github.com/sagikazarmark/locafero v0.12.0 // indirect
+	github.com/sergi/go-diff v1.4.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/skeema/knownhosts v1.3.1 // indirect
-	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.12.0 // indirect
-	github.com/spf13/cast v1.7.1 // indirect
-	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
+	github.com/spf13/cast v1.10.0 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.36.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/crypto v0.42.0 // indirect
 	golang.org/x/exp v0.0.0-20250218142911-aa4b98e5adaa // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	gopkg.in/ini.v1 v1.67.0 // indirect
+	golang.org/x/net v0.44.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )