v2.2.2

What's Changed

• feat: add KDL file validation support by @mvanhorn in #464
• chore(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by @dependabot[bot] in #499
• chore(deps): bump actions/setup-node from 4.4.0 to 6.4.0 by @dependabot[bot] in #498
• chore(deps): bump actions/deploy-pages from 4.0.5 to 5.0.0 by @dependabot[bot] in #497
• chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 by @dependabot[bot] in #496
• chore(deps): bump actions/upload-pages-artifact from 3.0.1 to 5.0.0 by @dependabot[bot] in #495
• fix: warn when schema-map skips unsupported validators by @nanookclaw in #493
• fix(validator): reject TOML files with duplicate keys by @SAY-5 in #506
• refactor: support recursive groupby output by @macayu17 in #500
• fix: reject duplicate reporter output files by @macayu17 in #501
• refactor(finder): split exclude file type cache by @macayu17 in #502
• fix(cli): report broken symlinks as failures instead of aborting the run by @SAY-5 in #508
• ci(release): replace attestation with SLSA provenance by @kehoecj in #513

New Contributors

• @nanookclaw made their first contribution in #493
• @SAY-5 made their first contribution in #506

Full Changelog: v2.2.1...v2.2.2

v2.2.1

What's Changed

• Fix exclude-file-types for known files by @Mak-1911 in #465
• chore(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 by @dependabot[bot] in #471
• chore(deps): bump github.com/pelletier/go-toml/v2 from 2.3.0 to 2.3.1 by @dependabot[bot] in #470
• chore(deps): bump gopkg.in/ini.v1 from 1.67.1 to 1.67.2 by @dependabot[bot] in #469
• chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 by @dependabot[bot] in #468
• chore(deps): bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 in the go_modules group across 1 directory by @dependabot[bot] in #472
• chore(deps): bump step-security/harden-runner from 2.19.1 to 2.19.3 by @dependabot[bot] in #476
• chore(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 by @dependabot[bot] in #477
• chore(deps): bump github/codeql-action from 4.35.3 to 4.35.5 by @dependabot[bot] in #478
• feat: add GitHub Actions workflow for automatic github/linguist updates by @jakubdomanski in #475
• feat(reporter): add GitHub Actions workflow command reporter (#459) by @mvanhorn in #461
• docs: add documentation website and slim down README by @kehoecj in #482
• ci: use Node 22 for docs build (npm bug on 20.20.2) by @kehoecj in #485
• chore(deps): bump webpack-dev-server from 5.2.3 to 5.2.4 in /website in the npm_and_yarn group across 1 directory by @dependabot[bot] in #483
• NPM Fixes for Docusaurus Docs by @kehoecj in #486
• fix: support duplicate reporter output paths by @macayu17 in #481
• docs: add AGENTS.md + cleanup by @kehoecj in #491
• ci: improve OpenSSF Scorecard (signed releases, vuln fixes, branch protection) by @kehoecj in #492

New Contributors

• @Mak-1911 made their first contribution in #465
• @jakubdomanski made their first contribution in #475
• @macayu17 made their first contribution in #481

Full Changelog: v2.2.0...v2.2.1

v2.2.0

This is a big one. v2.2.0 brings project-level configuration, smarter file detection, and a bunch of quality-of-life improvements we've been wanting to ship for a while.

Project configuration with .cfv.toml

You can now drop a .cfv.toml file in your project root and stop repeating CLI flags. The validator auto-discovers it by walking up from the current directory, so monorepos and nested projects just work. Every flag has a config equivalent — exclude dirs, file types, schema mappings, reporter settings, all of it. The config file itself is validated against an embedded schema, so typos get caught immediately instead of silently ignored.

Justfile validation

We added syntax validation for Justfiles (.just, justfile, .justfile) using an embedded Go parser. Unlike Makefiles, Justfiles have a real grammar, which means we can actually give you useful error messages.

--gitignore support

Pass --gitignore and the validator will skip anything your .gitignore covers — including nested .gitignore files, .git/info/exclude, and your global git config. No more noise from node_modules/, dist/, or vendored files showing up in your results. Works as a CLI flag, env var (CFV_GITIGNORE), or in .cfv.toml.

Smarter file detection

The validator now recognizes ~90 common config filenames automatically, sourced from GitHub Linguist. Files like .babelrc, tsconfig.json, Pipfile, pom.xml, and .gitconfig are detected and validated without any configuration. This also means tsconfig.json is correctly treated as JSONC (not strict JSON), and SchemaStore lookups work for extensionless files like .clangd.

JSONC as a first-class type

JSONC (JSON with comments and trailing commas) is now its own file type with full syntax and schema validation. JSON and JSONC are treated as a family — --file-types=json includes both, and --exclude-file-types=json excludes both.

SchemaStore, no clone required

--schemastore now fetches schemas over HTTPS using an embedded catalog — no local clone needed. Schemas are cached locally with a 24-hour TTL. For air-gapped setups, --schemastore-path still works with a local clone.

Stdin support

You can now pipe content directly into the validator: echo '{}' | validator --file-types=json -. Handy for quick checks or integrating with other tools.

Other improvements

• Pre-commit hooks are available — config-file-validator for changed files, config-file-validator-full for CI
• Exit codes are now granular: 0 for success, 1 for validation errors, 2 for config/runtime errors
• .tf and .tfvars are recognized as HCL
• Internal refactor moved package-level globals into the CLI struct for better concurrency safety

Breaking change

--schemastore is now a boolean flag for remote lookup. If you were passing a path to it, use --schemastore-path instead.

v2.1.0

SARIF Inline Annotations

• SARIF reporter now emits region with startLine/startColumn on each result, enabling GitHub Actions to post inline PR annotations on the affected lines
• 10 validators return structured position info (JSON, YAML, TOML, XML, HCL, CSV, ENV, HOCON, TOON, PList)
• 4 validators without position info (INI, EditorConfig, Properties, SARIF) fall back to file-level annotations
• Added ValidationError type with optional Line/Column fields

Multi-Error Separation

Previously, multiple schema validation errors were joined into a single string. Each reporter now handles them individually:

• Standard: each error on its own indented line
• JSON: "errors" array instead of a single "error" string
• SARIF: each error as its own result entry (one annotation per error)
• JUnit: each error on its own line within the <failure> message

Added SchemaErrors type to carry individual error messages from JSONSchemaValidate, ValidateXSD, and SARIF schema validation.

Error Type Classification

• All errors are prefixed with syntax: or schema: across every reporter
• New -groupby error-type option groups output into syntax, schema, and Passed categories
• Works with all existing groupby combinations (e.g. -groupby error-type,filetype)

XSD Error Improvements

• XSD validation now reports detailed diagnostics via helium ErrorCollector instead of the generic "xsd: validation failed"
• Error format cleaned up from (string):5: Schemas validity error : ... to line 5: ...

Documentation

• Added GitHub Action section to README and index referencing Boeing/validate-configs-action@v2.0.0
• Updated groupby documentation to include error-type
• Updated CHANGELOG for 2.1.0

v2.0.0

What's Changed

• Add schema validation
• feat: add fuzz test for ToonValidator by @mvanhorn in #427
• Add Sarif + Unit Test Refactor by @kehoecj in #428
• refactor: eliminate all test fixture files and golden files by @kehoecj in #429
• feat: add --type-map flag to map glob patterns to file types by @kehoecj in #430
• Upgrade to version 1.26 and add function test suite by @kehoecj in #432
• remove: drop --check-format flag and FormatValidator interface by @kehoecj in #433
• chore(deps): bump github.com/pelletier/go-toml/v2 from 2.2.4 to 2.3.0 by @dependabot[bot] in #435
• chore(deps): bump actions/setup-go from 6.3.0 to 6.4.0 by @dependabot[bot] in #436
• chore(deps): bump github/codeql-action from 4.34.1 to 4.35.1 by @dependabot[bot] in #437
• chore(deps): bump KSXGitHub/github-actions-deploy-aur from 4.1.1 to 4.1.2 by @dependabot[bot] in #441
• chore(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1 by @dependabot[bot] in #440
• Adding schema validation for JSON, TOML, TOON, YML, and XML by @kehoecj in #434

Full Changelog: v1.11.0...v2.0.0

v2.0.0-rc.1

What's Changed

• Add schema validation for supported types!
• feat: add fuzz test for ToonValidator by @mvanhorn in #427
• Add Sarif + Unit Test Refactor by @kehoecj in #428
• refactor: eliminate all test fixture files and golden files by @kehoecj in #429
• feat: add --type-map flag to map glob patterns to file types by @kehoecj in #430
• Upgrade to version 1.26 and add function test suite by @kehoecj in #432
• remove: drop --check-format flag and FormatValidator interface by @kehoecj in #433

Full Changelog: v1.11.0...v2.0.0-rc.1

v1.11.0

What's Changed

• chore(deps): bump github/codeql-action from 4.32.2 to 4.32.3 by @dependabot[bot] in #411
• chore(deps): bump github/codeql-action from 4.32.3 to 4.32.4 by @dependabot[bot] in #413
• refactor: use flag.NewFlagSet in validator CLI to satisfy lint by @charity254 in #414
• chore(deps): bump oxsecurity/megalinter from 9.3.0 to 9.4.0 by @dependabot[bot] in #419
• chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in #418
• chore(deps): bump actions/setup-go from 6.2.0 to 6.3.0 by @dependabot[bot] in #417
• chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 by @dependabot[bot] in #416
• chore(deps): bump step-security/harden-runner from 2.14.2 to 2.15.0 by @dependabot[bot] in #415
• chore(deps): bump github/codeql-action from 4.32.5 to 4.32.6 by @dependabot[bot] in #421
• chore(deps): bump step-security/harden-runner from 2.15.0 to 2.15.1 by @dependabot[bot] in #420
• chore(deps): bump step-security/harden-runner from 2.15.1 to 2.16.0 by @dependabot[bot] in #423
• chore(deps): bump github/codeql-action from 4.32.6 to 4.33.0 by @dependabot[bot] in #422
• chore(deps): bump github.com/fatih/color from 1.18.0 to 1.19.0 by @dependabot[bot] in #424
• chore(deps): bump github/codeql-action from 4.33.0 to 4.34.1 by @dependabot[bot] in #425
• Add --file-types flag to include only specified config file types by @mvanhorn in #426

New Contributors

• @charity254 made their first contribution in #414
• @mvanhorn made their first contribution in #426

Full Changelog: v1.10.0...v1.11.0

v1.10.0

What's Changed

• chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 by @dependabot[bot] in #364
• chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 by @dependabot[bot] in #363
• chore(deps): bump golang from 6bac879 to 6ca9eb0 by @dependabot[bot] in #362
• chore(deps): bump github.com/gurkankaymak/hocon from 1.2.21 to 1.2.22 by @dependabot[bot] in #367
• chore(deps): bump golang from 6ca9eb0 to e68f6a0 by @dependabot[bot] in #368
• chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 by @dependabot[bot] in #369
• chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 by @dependabot[bot] in #370
• chore(deps): bump alpine from 3.22 to 3.23 by @dependabot[bot] in #379
• chore(deps): bump github/codeql-action from 4.31.3 to 4.31.6 by @dependabot[bot] in #378
• chore(deps): bump oxsecurity/megalinter from 9.1.0 to 9.2.0 by @dependabot[bot] in #377
• chore(deps): bump actions/checkout from 5.0.1 to 6.0.0 by @dependabot[bot] in #376
• chore(deps): bump golang from e68f6a0 to 6981837 by @dependabot[bot] in #374
• chore(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 by @dependabot[bot] in #373
• chore(deps): bump github.com/gurkankaymak/hocon from 1.2.22 to 1.2.23 by @dependabot[bot] in #371
• chore(deps): bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in #372
• chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #385
• chore(deps): bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 by @dependabot[bot] in #383
• chore(deps): bump github/codeql-action from 4.31.6 to 4.31.8 by @dependabot[bot] in #382
• chore(deps): bump step-security/harden-runner from 2.13.2 to 2.14.0 by @dependabot[bot] in #380
• chore(deps): bump golang from 6981837 to 36b4f45 by @dependabot[bot] in #381
• chore(deps): bump wangyoucao577/go-release-action from 1.53 to 1.55 by @dependabot[bot] in #384
• docs: correct typos in docs and tests by @alexandear in #387
• chore(lint): enable copyloopvar linter by @alexandear in #388
• feat: add json formatter by @Kashugoyal in #336
• docs: update install instructions to use 'latest' for Go and Docker by @alexandear in #389
• chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #393
• chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 by @dependabot[bot] in #392
• chore(deps): bump alpine from 51183f2 to 865b95f by @dependabot[bot] in #390
• chore(deps): bump github.com/editorconfig/editorconfig-core-go/v2 from 2.6.2 to 2.6.4 by @dependabot[bot] in #391
• chore(deps): bump oxsecurity/megalinter from 9.2.0 to 9.3.0 by @dependabot[bot] in #394
• chore(deps): bump golang from 36b4f45 to 6cc2338 by @dependabot[bot] in #395
• support known files by @ccoVeille in #156
• chore(deps): bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #398
• chore(deps): bump gopkg.in/ini.v1 from 1.67.0 to 1.67.1 by @dependabot[bot] in #396
• chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.9.1 to 4.9.2 by @dependabot[bot] in #397
• chore(deps): bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in #399
• chore(deps): bump golang from 6cc2338 to ce63a16 by @dependabot[bot] in #400
• chore(deps): bump github/codeql-action from 4.31.10 to 4.32.0 by @dependabot[bot] in #402
• chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #403
• chore(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1 by @dependabot[bot] in #404
• chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.9.2 to 4.10.0 by @dependabot[bot] in #401
• chore(deps): bump alpine from 865b95f to 2510918 by @dependabot[bot] in #406
• chore(deps): bump github/codeql-action from 4.32.0 to 4.32.1 by @dependabot[bot] in #405
• chore(deps): bump step-security/harden-runner from 2.14.1 to 2.14.2 by @dependabot[bot] in #410
• chore(deps): bump github/codeql-action from 4.32.1 to 4.32.2 by @dependabot[bot] in #409
• chore(deps): bump golang from ce63a16 to cc73743 by @dependabot[bot] in #408
• Escape error text in JUnit XML Reporter output by @kehoecj in #407

New Contributors

• @alexandear made their first contribution in #387

Full Changelog: v1.9.0...v1.10.0

v1.9.0

What's Changed

• chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #310
• Add Winget Releaser workflow by @sitiom in #167
• Add fork user for Winget Releases by @kehoecj in #314
• Remove Winget by @kehoecj in #315
• chore(deps): bump github/codeql-action from 3.29.10 to 3.29.11 by @dependabot[bot] in #317
• chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @dependabot[bot] in #316
• chore(deps): bump golang from 91e2cd4 to a5e935d by @dependabot[bot] in #320
• chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in #319
• chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] in #321
• chore(deps): bump github/codeql-action from 3.29.11 to 3.30.1 by @dependabot[bot] in #322
• chore(deps): bump golang from a5e935d to 8305f5f by @dependabot[bot] in #323
• chore(deps): bump github/codeql-action from 3.30.1 to 3.30.3 by @dependabot[bot] in #324
• chore(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 by @dependabot[bot] in #325
• chore(deps): bump oxsecurity/megalinter from 8.8.0 to 9.0.1 by @dependabot[bot] in #326
• chore(deps): bump github/codeql-action from 3.30.3 to 3.30.5 by @dependabot[bot] in #327
• chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in #329
• chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 by @dependabot[bot] in #330
• chore(deps): bump golang from 8305f5f to d709837 by @dependabot[bot] in #328
• Update README to include homebrew as an installation option by @kehoecj in #334
• chore(deps): bump oxsecurity/megalinter from 9.0.1 to 9.1.0 by @dependabot[bot] in #341
• chore(deps): bump github/codeql-action from 3.30.6 to 4.30.8 by @dependabot[bot] in #342
• chore(deps): bump alpine from 4bcff63 to 4b7ce07 by @dependabot[bot] in #343
• chore(deps): bump golang from d709837 to 1c91b4f by @dependabot[bot] in #344
• README Updates by @kehoecj in #345
• adding fuzz tests for validators by @skirtan1 in #248
• Add a CHANGELOG and some other changes by @kehoecj in #351
• Adding a CODEOWNERS file by @kehoecj in #352
• chore(deps): bump golang from 1c91b4f to 6ea52a0 by @dependabot[bot] in #353
• chore(deps): bump tarides/changelog-check-action from 2 to 3 by @dependabot[bot] in #355
• chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 by @dependabot[bot] in #354
• Fix typo in index.md documentation by @echobash in #357
• chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #358
• chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 by @dependabot[bot] in #359
• chore(deps): bump github/codeql-action from 4.31.0 to 4.31.2 by @dependabot[bot] in #361
• chore(deps): bump golang from 6ea52a0 to 6bac879 by @dependabot[bot] in #360
• Add support for TOON validation by @kehoecj in #366

New Contributors

• @skirtan1 made their first contribution in #248
• @echobash made their first contribution in #357

Full Changelog: v1.8.1...v1.9.0

v1.8.1

What's Changed

• chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0 by @dependabot[bot] in #237
• chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot[bot] in #238
• chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot[bot] in #239
• chore(deps): bump step-security/harden-runner from 2.10.2 to 2.10.3 by @dependabot[bot] in #240
• chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1 by @dependabot[bot] in #241
• chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.0 by @dependabot[bot] in #242
• chore(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 by @dependabot[bot] in #243
• chore(deps): bump step-security/harden-runner from 2.10.3 to 2.10.4 by @dependabot[bot] in #244
• Bypass summary printing if any of the group is pass-fail by @siddharthkoli in #236
• ci(megalinter): add github action by @Kashugoyal in #218
• chore(deps): bump alpine from 3.20 to 3.21 by @dependabot[bot] in #245
• chore(deps): bump actions/setup-go from 4.1.0 to 5.3.0 by @dependabot[bot] in #246
• chore(deps): bump step-security/harden-runner from 2.10.1 to 2.10.4 by @dependabot[bot] in #247
• chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1 by @dependabot[bot] in #251
• chore(deps): bump oxsecurity/megalinter from 8.3.0 to 8.4.2 by @dependabot[bot] in #253
• chore(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.5.0 by @dependabot[bot] in #257
• chore(deps): bump step-security/harden-runner from 2.10.4 to 2.11.0 by @dependabot[bot] in #258
• chore(deps): bump KSXGitHub/github-actions-deploy-aur from 3.0.1 to 4.1.1 by @dependabot[bot] in #259
• chore(deps): bump alpine from 56fa17d to a8560b3 by @dependabot[bot] in #261
• chore(deps): bump github/codeql-action from 3.28.1 to 3.28.10 by @dependabot[bot] in #262
• chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @dependabot[bot] in #263
• chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @dependabot[bot] in #264
• chore(deps): bump github.com/gurkankaymak/hocon from 1.2.20 to 1.2.21 by @dependabot[bot] in #265
• chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by @dependabot[bot] in #266
• chore(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by @dependabot[bot] in #267
• chore(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @dependabot[bot] in #273
• chore(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot[bot] in #272
• chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot[bot] in #270
• chore(deps): bump oxsecurity/megalinter from 8.4.2 to 8.5.0 by @dependabot[bot] in #271
• chore(deps): bump github.com/pelletier/go-toml/v2 from 2.2.3 to 2.2.4 by @dependabot[bot] in #277
• chore(deps): bump step-security/harden-runner from 2.11.0 to 2.11.1 by @dependabot[bot] in #275
• chore(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in #276
• chore(deps): bump github.com/magiconair/properties from 1.8.9 to 1.8.10 by @dependabot[bot] in #278
• chore(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 by @dependabot[bot] in #280
• chore(deps): bump oxsecurity/megalinter from 8.5.0 to 8.6.0 by @dependabot[bot] in #282
• chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in #281
• chore(deps): bump golang from 1.23@sha256:70031844b8c225351d0bb63e2c383f80db85d92ba894e3da7e13bcf80efa9a37 to sha256:d9db32125db0c3a680cfb7a1afcaefb89c898a075ec148fdc2f0f646cc2ed509 by @dependabot[bot] in #279
• chore(deps): bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot[bot] in #283
• chore(deps): bump oxsecurity/megalinter from 8.6.0 to 8.7.0 by @dependabot[bot] in #284
• chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot[bot] in #286
• chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot[bot] in #288
• chore(deps): bump alpine from 3.21 to 3.22 by @dependabot[bot] in #290
• chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in #289
• chore(deps): bump oxsecurity/megalinter from 8.7.0 to 8.8.0 by @dependabot[bot] in #292
• chore(deps): bump step-security/harden-runner from 2.12.0 to 2.12.1 by @dependabot[bot] in #293
• chore(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by @dependabot[bot] in #294
• chore(deps): bump step-security/harden-runner from 2.12.1 to 2.12.2 by @dependabot[bot] in #296
• chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by @dependabot[bot] in #297
• chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.1 to 4.9.0 by @dependabot[bot] in #300
• chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3 by @dependabot[bot] in #302
• chore(deps): bump step-security/harden-runner from 2.12.2 to 2.13.0 by @dependabot[bot] in #303
• chore(deps): bump alpine from 8a1f59f to 4bcff63 by @dependabot[bot] in #304
• chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4 by @dependabot[bot] in #305
• chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.9.0 to 4.9.1 by @dependabot[bot] in #306
• update golangci-lint version and fix any lint warnings by @theaaronruss in #307
• chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #308
• chore(deps): bump golang from 1.24 to 1.25 by @dependabot[bot] in #312
• chore(deps): bump github/codeql-action from 3.29.7 to 3.29.10 by @dependabot[bot] in #311
• Update to go 1.25 by @kehoecj in #313

New Contributors

• @siddharthkoli made their first contribution in #236
• @Kashugoyal made their first contribution in #218
• @theaaronruss made their first contribution in #307

Full Changelog: v1.8.0...v1.8.1