v0.54.0

What's Changed

Breaking Changes

• Remove deprecated --module/--no-module and module attribute by @wata727 in #2036

Enhancements

• Update to owenrumney/go-sarif/v2 by @oWretch in #2111
• build(deps): Bump github.com/terraform-linters/tflint-ruleset-terraform from 0.9.1 to 0.10.0 by @dependabot in #2152

Bug Fixes

• Override exactly according to the Terraform spec by @wata727 in #2124

Chores

• build(deps): Bump google.golang.org/grpc from 1.65.0 to 1.66.0 by @dependabot in #2112
• build(deps): Bump github.com/hashicorp/hcl/v2 from 2.21.0 to 2.22.0 by @dependabot in #2109
• build(deps): Bump actions/attest-build-provenance from d6e56129ac57db21eabf33778e4aa20e800eb5cb to 310b0a4a3b0b78ef57ecda988ee04b132db73ef8 by @dependabot in #2103
• plugin: Introduce explicit locking on the root runner operations by @wata727 in #2115
• build(deps): Bump google.golang.org/grpc from 1.66.0 to 1.66.2 by @dependabot in #2125
• build(deps): Bump google.golang.org/grpc from 1.66.2 to 1.67.0 by @dependabot in #2129
• build(deps): Bump golang.org/x/oauth2 from 0.22.0 to 0.23.0 by @dependabot in #2117
• build(deps): Bump golang.org/x/text from 0.17.0 to 0.18.0 by @dependabot in #2120
• build(deps): Bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #2119
• build(deps): Bump docker/build-push-action from 6.7.0 to 6.9.0 by @dependabot in #2131
• Update config.md by @rquadling in #2130
• build(deps): Bump actions/attest-build-provenance from 1.4.1 to 1.4.3 by @dependabot in #2121
• build(deps): Bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @dependabot in #2134
• build(deps): Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #2136
• build(deps): Bump golang.org/x/text from 0.18.0 to 0.19.0 by @dependabot in #2137
• build(deps): Bump github.com/zclconf/go-cty-yaml from 1.0.3 to 1.1.0 by @dependabot in #2138
• build(deps): Bump golang.org/x/crypto from 0.27.0 to 0.28.0 by @dependabot in #2139
• build(deps): Bump google.golang.org/grpc from 1.67.0 to 1.67.1 by @dependabot in #2140
• build(deps): Bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #2141
• build(deps): Bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @dependabot in #2135
• build(deps): Bump github.com/hashicorp/go-plugin from 1.6.1 to 1.6.2 by @dependabot in #2147
• build(deps): Bump github.com/fatih/color from 1.17.0 to 1.18.0 by @dependabot in #2148
• go: Remove patch version from go.mod by @wata727 in #2156
• Bump GoReleaser to v2 by @wata727 in #2157
• Fix FromAsCasting build check failure by @wata727 in #2158

New Contributors

• @oWretch made their first contribution in #2111
• @rquadling made their first contribution in #2130

Full Changelog: v0.53.0...v0.54.0

v0.53.0

What's Changed

Enhancements

• build(deps): Bump github.com/terraform-linters/tflint-ruleset-terraform from 0.8.0 to 0.9.1 by @dependabot in #2093

Bug Fixes

• Fix a race condition when evaluating on the root context by @wata727 in #2096

Chores

• build(deps): Bump golang.org/x/net from 0.26.0 to 0.27.0 by @dependabot in #2086
• build(deps): Bump google.golang.org/grpc from 1.64.0 to 1.65.0 by @dependabot in #2088
• build(deps): Bump github.com/terraform-linters/tflint-plugin-sdk from 0.20.0 to 0.21.0 by @dependabot in #2090
• build(deps): Bump github.com/zclconf/go-cty from 1.14.4 to 1.15.0 by @dependabot in #2089
• build(deps): Bump golang.org/x/text from 0.16.0 to 0.17.0 by @dependabot in #2098
• build(deps): Bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in #2097
• build(deps): Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 by @dependabot in #2092
• build(deps): Bump golang.org/x/crypto from 0.25.0 to 0.26.0 by @dependabot in #2099
• build(deps): Bump golang.org/x/net from 0.27.0 to 0.28.0 by @dependabot in #2100
• build(deps): Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by @dependabot in #2091
• chore: bump to use go 1.23.0 by @chenrui333 in #2101
• chore: pin workflow action sha by @chenrui333 in #2102

Full Changelog: v0.52.0...v0.53.0

v0.52.0

What's Changed

Enhancements

• cmd: Allow --chdir and --recursive to be used together by @wata727 in #2079
• terraform: Add support for Terraform v1.9 by @wata727 in #2077
• Bump bundled terraform ruleset to v0.8.0 by @wata727 in #2085

Bug Fixes

• formatter: Add source attribute in the checkstyle format by @wata727 in #2078

Chores

• deps: Go 1.22.5 by @wata727 in #2084

Full Changelog: v0.51.2...v0.52.0

v0.51.2

What's Changed

• build(deps): Bump github.com/hashicorp/go-plugin from 1.6.0 to 1.6.1 by @dependabot in #2047
• build(deps): Bump github.com/fatih/color from 1.16.0 to 1.17.0 by @dependabot in #2048
• build(deps): Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in #2049
• build(deps): Bump google.golang.org/grpc from 1.63.2 to 1.64.0 by @dependabot in #2053
• build(deps): Bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 by @dependabot in #2054
• build(deps): Bump alpine from 3.19 to 3.20 by @dependabot in #2055
• build(deps): Bump goreleaser/goreleaser-action from 5 to 6 by @dependabot in #2061
• build(deps): Bump golang.org/x/crypto from 0.23.0 to 0.24.0 by @dependabot in #2062
• build(deps): Bump golang.org/x/text from 0.15.0 to 0.16.0 by @dependabot in #2064
• build(deps): Bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 by @dependabot in #2063
• build(deps): Bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in #2065
• build(deps): Bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 by @dependabot in #2066
• build(deps): Bump docker/build-push-action from 5 to 6 by @dependabot in #2067
• build(deps): Bump github.com/hashicorp/hcl/v2 from 2.20.1 to 2.21.0 by @dependabot in #2068
• build(deps): Bump github.com/go-test/deep from 1.1.0 to 1.1.1 by @dependabot in #2069
• build(deps): Bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 by @dependabot in #2070
• deps: Go 1.22.4 by @wata727 in #2073
• docs: Recommend verification with GitHub CLI by @wata727 in #2074

Full Changelog: v0.51.1...v0.51.2

v0.51.1

What's Changed

Bug Fixes

• terraform: Fix provider::terraform::* function names by @wata727 in #2046

Chores

• build(deps): Bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 by @dependabot in #2043
• build(deps): Bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 by @dependabot in #2039
• gh: update golangci-lint by @bendrucker in #2045
• go: remove loop variable copying by @bendrucker in #2044
• build(deps): Bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in #2042
• build(deps): Bump golang.org/x/net from 0.24.0 to 0.25.0 by @dependabot in #2041
• release: Introduce Artifact Attestations by @wata727 in #2038

Full Changelog: v0.51.0...v0.51.1

v0.51.0

What's Changed

This release includes many new features including parallelization of recursion inspection and support for Terraform v1.8.

Also, please be aware that there are important changes regarding licensing. TFLint has updated the embedded Terraform package to the latest version for Terraform v1.6+ support. As a result, we will be affected by Terraform's license change to BUSL announced by Hashicorp in August 2023.

Most of the code in TFLint is still licensed under MPL 2.0, but some files under the Terraform package are now licensed under BUSL 1.1. This means that release binaries are bound by both licenses and may be subject to Hashicorp's BUSL restrictions. If you have concerns about this change, we recommend reviewing the licensing implications before updating. Please note that we cannot provide legal advice.

Please refer to the discussion in https://github.com/terraform-linters/tflint/discussions/1826 and #1878 for details.

Enhancements

• config: Add TFLint required_version settings by @wata727 in #2027
  • The required_version attribute can now be set in .tflint.hcl. This is useful for enforcing the version of TFLint that is actually used.
• plugin: Add support for host-specific GitHub tokens by @wata727 in #2025
  • Environment variables like GITHUB_TOKEN_example_com have been introduced for GitHub Enterprise Server support.
• Recursive inspection in parallel by @wata727 in #2021
  • The --recursive inspection now runs in parallel according to the number of CPU cores by default. The number of parallels can be changed with --max-workers.
• terraform: Add support for Terraform v1.6/v1.7/v1.8 by @wata727 in #2030
  • New Terraform features are now supported, including provider-defined functions. Please note that support for provider-defined functions requires the latest HCL parser, so you may need to update your plugin versions.
  • Updated embedded Terraform packages to support Terraform v1.6+. As a result, TFLint now includes code for Hashicorp's BUSL 1.1.

Changes

• Add warnings to --module/--no-module and module attribute by @wata727 in #1951
  • If you see a warning, use --call-module-type instead. The --module is equivalent to --call-module-type=all and the --no-module is equivalent to --call-module-type=none. This also applies to .tflint.hcl.

Chores

• build: use go1.22 by @chenrui333 in #1977
• workflows: remove cache: true for setup-go (default) by @chenrui333 in #1979
• install: enable pipefail catch curl errors by @Ry4an in #1978
• build(deps): Bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by @dependabot in #1981
• build(deps): Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in #1980
• build(deps): Bump google.golang.org/grpc from 1.61.0 to 1.61.1 by @dependabot in #1987
• sarif: add schema to repo by @bendrucker in #2000
• build(deps): Bump google.golang.org/grpc from 1.61.1 to 1.62.0 by @dependabot in #1992
• build(deps): Bump github.com/hashicorp/hcl/v2 from 2.19.1 to 2.20.0 by @dependabot in #1999
• build(deps): Bump github.com/zclconf/go-cty from 1.14.2 to 1.14.3 by @dependabot in #1998
• build(deps): Bump golang.org/x/crypto from 0.19.0 to 0.21.0 by @dependabot in #2001
• build(deps): Bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 by @dependabot in #2002
• build(deps): Bump google.golang.org/grpc from 1.62.0 to 1.62.1 by @dependabot in #2003
• build(deps): Bump github.com/zclconf/go-cty from 1.14.3 to 1.14.4 by @dependabot in #2009
• build(deps): Bump github.com/hashicorp/hcl/v2 from 2.20.0 to 2.20.1 by @dependabot in #2012
• build(deps): Bump google.golang.org/grpc from 1.62.1 to 1.63.0 by @dependabot in #2014
• build(deps): Bump golang.org/x/crypto from 0.21.0 to 0.22.0 by @dependabot in #2016
• build(deps): Bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 by @dependabot in #2015
• build(deps): Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #2022
• build(deps): Bump google.golang.org/grpc from 1.63.0 to 1.63.2 by @dependabot in #2023
• build(deps): Bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #2024
• build(deps): Bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.4 by @dependabot in #2026
• build(deps): Bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 by @dependabot in #2029
• Pin Go patch version in go.mod by @wata727 in #2031
• build(deps): Bump github.com/terraform-linters/tflint-plugin-sdk from 0.18.0 to 0.20.0 by @dependabot in #2032
• build(deps): Bump github.com/terraform-linters/tflint-ruleset-terraform from 0.5.0 to 0.7.0 by @dependabot in #2033

New Contributors

• @Ry4an made their first contribution in #1978

Full Changelog: v0.50.3...v0.51.0

v0.50.3

What's Changed

• build(deps): Bump github.com/zclconf/go-cty from 1.14.1 to 1.14.2 by @dependabot in #1962
• build(deps): Bump github.com/google/uuid from 1.5.0 to 1.6.0 by @dependabot in #1963
• build(deps): Bump google.golang.org/grpc from 1.60.1 to 1.61.0 by @dependabot in #1964
• Ignore module issues that are not valid expressions by @bendrucker in #1969
• make release: invoke $EDITOR in shell by @bendrucker in #1971
• build(deps): Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #1970
• actions: test on macOS by @bendrucker in #1972
• test: use darwin_arm64 compatible aws plugin by @bendrucker in #1973
• test: document git submodule requirements by @bendrucker in #1974

Full Changelog: v0.50.2...v0.50.3

v0.50.2

What's Changed

Bug Fixes

• Fix a bug where auto-fixed code could not be retrieved via GetFile API by @wata727 in #1959

Chores

• build(deps): Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by @dependabot in #1954
• build(deps): Bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 by @dependabot in #1956

Full Changelog: v0.50.1...v0.50.2

v0.50.1

What's Changed

BugFixes

• Fix panic for module calls without source by @wata727 in #1950

Full Changelog: v0.50.0...v0.50.1

v0.50.0

What's Changed

Breaking Changes

• Call local modules by default by @wata727 in #1918
  • Module inspection is now enabled by default for modules whose source is a relative path. Note that "module inspection" will be called "calling modules" after this change. See also #1066
  • CLI flag --module has been changed to --call-module-type. For backward compatibility, --module will continue to work, but it will be removed in a future version, so we recommend migrating early. The same applies to the module attribute of the configuration file.
    • --module flag is replaced by --call-module-type=all and --no-module (previous default) is replaced by --call-module-type=none
  • For modules with many local module calls, this change may result in performance degradation. If this is not acceptable, you can keep the previous default by specifying --call-module-type=none.
• Make assignments to undeclared variables an error by @wata727 in #1941
  • In line with Terraform behavior, assignments using the --var flag etc. to undeclared variables now result in an error. To avoid this, remove unnecessary variable assignments.

Enhancements

• Print the working directory on error in recursive inspection by @wata727 in #1933
• Enable per-runner parallelism by @wata727 in #1944

BugFixes

• Exit with an error if the explicitly passed .tflint.hcl does not exist by @wata727 in #1940

Chores

• build(deps): Bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 by @dependabot in #1913
• build(deps): Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 by @dependabot in #1915
• build(deps): Bump github.com/hashicorp/go-plugin from 1.5.2 to 1.6.0 by @dependabot in #1917
• docs: Remove mention of directory arguments by @wata727 in #1921
• build(deps): Bump golang.org/x/crypto from 0.15.0 to 0.16.0 by @dependabot in #1923
• build(deps): Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 by @dependabot in #1931
• build(deps): Bump github.com/spf13/afero from 1.10.0 to 1.11.0 by @dependabot in #1932
• build(deps): Bump actions/setup-go from 4 to 5 by @dependabot in #1936
• build(deps): Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #1937
• build(deps): Bump alpine from 3.18 to 3.19 by @dependabot in #1938
• Stop using backticks for emphasis by @wata727 in #1934
• Avoid escaping newlines by @wata727 in #1942
• build(deps): Bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #1945
• build(deps): Bump github.com/google/uuid from 1.4.0 to 1.5.0 by @dependabot in #1947
• build(deps): Bump google.golang.org/grpc from 1.59.0 to 1.60.1 by @dependabot in #1948

Full Changelog: v0.49.0...v0.50.0