Skip to content

Bump github.com/hashicorp/copywrite from 0.25.1 to 0.25.3 in /tools in the tools group#75

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/tools/tools-1dc4c5f84f
Open

Bump github.com/hashicorp/copywrite from 0.25.1 to 0.25.3 in /tools in the tools group#75
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/tools/tools-1dc4c5f84f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the tools group in /tools with 1 update: github.com/hashicorp/copywrite.

Updates github.com/hashicorp/copywrite from 0.25.1 to 0.25.3

Release notes

Sourced from github.com/hashicorp/copywrite's releases.

v0.25.3

Bug Fixes

  • LICENSE no longer updated on every run (#224)
    anyFileUpdated was unconditionally set to true in non-plan mode due to a buggy condition, causing the LICENSE file's copyright year to be bumped on every successful run — even when all source file headers were already correct. This triggered spurious pre-commit hook failures with "files were modified by this hook" when nothing should have changed. addlicense.Run now correctly reports whether it actually wrote any files, and the LICENSE update is gated on that signal.

  • Ignored directories are now skipped in a single step (#225)
    Patterns in header_ignore (e.g. .venv/**, vendor/**) were previously only checked against files — the walk still descended into every directory unconditionally, visiting each file before discarding it. For directories with thousands of files this caused significant slowdowns. The walk now checks each directory against ignore patterns and returns filepath.SkipDir immediately, pruning the entire subtree regardless of how many files are inside.

Full Changelog

hashicorp/copywrite@v0.25.2...v0.25.3

v0.25.2

What's Changed

New Features

  • ignore_year1 config option (#213): Added a new project.ignore_year1 boolean flag in .copywrite.hcl. When set to true, the tool skips updating the start year in existing copyright headers, preserving historically accurate start years (e.g. 2015) even when they differ from copyright_year in config. End-year logic is unaffected — files modified after their copyright end year still get the end year bumped to current year. New files with no copyright header are also unaffected and always receive the config year as the start year.

    project {
      copyright_year = 2024
    Preserve original start years in existing headers
    ignore_year1 = true
    }

Bug Fixes

  • Removed unused ignore_year2 references from config, CLI, init template, and README.

Documentation

  • README updated with ignore_year1 behaviour for both source file headers and LICENSE files.
  • Init template updated to include ignore_year1 as a commented-out option.
Commits
  • b3e6599 fix: skip ignored directories early during file walk (#225)
  • f558415 fix: LICENSE file no longer updated on every run when no headers changed (#224)
  • a3688dd [chore] : Bump actions/upload-artifact from 6.0.0 to 7.0.1 (#218)
  • 6c09892 [chore] : Bump github.com/mattn/go-isatty from 0.0.20 to 0.0.21 (#219)
  • 04fdad9 bump konaf pkg 1.5.0 > 2.3.4 (#215)
  • 9c2be07 [chore] : Bump actions/setup-go from 6.2.0 to 6.4.0 (#216)
  • 55932f7 [chore] : Bump github.com/jedib0t/go-pretty/v6 from 6.7.8 to 6.7.9 (#217)
  • 24ca005 [chore] : Bump golang.org/x/sync from 0.19.0 to 0.20.0 (#212)
  • ffab25f Skip symlinks in file walk to avoid broken-symlink crashes (#214)
  • 376a04c Feat/ignore year1 header behavior (#213)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the tools group in /tools with 1 update: [github.com/hashicorp/copywrite](https://github.com/hashicorp/copywrite).


Updates `github.com/hashicorp/copywrite` from 0.25.1 to 0.25.3
- [Release notes](https://github.com/hashicorp/copywrite/releases)
- [Commits](hashicorp/copywrite@v0.25.1...v0.25.3)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/copywrite
  dependency-version: 0.25.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tools
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants