🤖 I have created a release beep boop

0.43.0 (2026-06-08)

🎉 Features

• Add flag to select specific analyzer to run (#264) (882de9a)
• add ghaOutput and jsonOutput CLI flags (#455) (b4c9a33)
• add output in GitHub Actions workflow commands format (#452) (7a8dcf3)
• Change metadatavalid default severity (#271) (32dae9d)
• check screenshot image mimetype and extension (#491) (45b1c83)
• check screenshot image type (#278) (aeea69a)
• mcp server for validate plugin (#518) (4de19a1)
• support Anthropic and OpenAI as LLM providers (#541) (06099b1)
• switch to Anthropic Sonnet 4.6 with prompt caching (#548) (9d7e161)
• validate grafanaDep with semver (#515) (b0f0069)
• warn if readme plugin contains a comment. (#253) (8c479a1)

🐛 Bug Fixes

• accept lowercase magefile.go in backend build tooling check (#585) (cfafb01)
• ci: handle release-please prefixed tags in goreleaser publish (#575) (e33c65a)
• ci: skip goreleaser validate pipe for prefixed tags (#577) (bdc6a6e)
• ci: use github hosted runners for npm publish (#462) (e8aab49)
• code-rules per-rule exceptions and severity config not applied (#582) (a8e1a2c)
• deps: remediate CVEs in Go stdlib and dependencies (#594) (a5b8dad)
• deps: update dependency tar to v7.5.10 [security] (#531) (df396d5)
• deps: update go dependencies (#414) (72734bf)
• deps: update go dependencies (#426) (e275f16)
• deps: update go dependencies (#468) (9322b24)
• deps: update go dependencies (#476) (cbcb1e5)
• deps: update go dependencies (#482) (8f27d4a)
• deps: update go dependencies (major) (#415) (6c73dba)
• deps: update module github.com/modelcontextprotocol/go-sdk to v1.3.1 [security] (#528) (5a442bb)
• deps: update module github.com/modelcontextprotocol/go-sdk to v1.4.1 [security] (#545) (144c6bb)
• deps: update module golang.org/x/crypto to v0.45.0 [security] (#470) (25e1974)
• deps: update module google.golang.org/api to v0.252.0 (#424) (e2549a6)
• deps: update module google.golang.org/api to v0.253.0 (#459) (54fcc74)
• go-manifest false positives from node_modules in sourceCodeUri scans (#556) (820579f)
• make LLM review resilient to individual question failures (#550) (c653140)
• needs to check all the links (#351) (3a1c2aa)
• release: attach binaries to immutable releases via draft-then-publish (#602) (2120434)
• release: use un-prefixed release-please outputs for root component (#605) (da146c7)
• return ok when screenshots don't exist (#108) (090d08b)
• screenshots: handle malformed screenshots format gracefully (#346) (5d6d266)
• sdkusage now checking plugin's version age for warnings and errors (#486) (31c45a4)
• security/medium: update module github.com/go-git/go-git/v5 to v5.19.1 [security] (#597) (70c4c80)
• use the new schema url (#196) (f66c53d)

📝 Documentation

• improve release documentation (#562) (ebc624c)
• Validate multi-page docs (#560) (d49fb5f)

♻️ Code Refactoring

• add output package and marshaler interface (#451) (1ff3cec)

✅ Tests

• Fix broken readme for old plugin (#234) (ac28776)

🏗️ Builds

• allow building Docker image on Mac OS ARM (#538) (5d514d0)
• Install semgrep and gosec in build stage for CI tests (#180) (12d52dc)

🤖 Continuous Integrations

• migrate releases to release-please (#571) (dcd8302)
• npm: publish using oidc instead of tokens (#383) (56f7588)
• switch to self-hosted runners (#456) (7be5deb)
• Update GitHub Action to build Docker container (#181) (cb55801)
• use GATB for release and release-mcp GitHub tokens (#588) (8f563f6)
• use GATB for release-please GitHub token (#584) (6d1dd2a)

🔧 Chores

• address goreleaser deprecation notices (#461) (b3cea63)
• Build: Use Go 1.20.X (#118) (cfd81d9)
• Bump to Go 1.24 (#313) (182ad2e)
• change prev tag finding step for mcp (#523) (7b6ddf9)
• ci: migrate to docker-build-push-image action (#558) (7185226)
• clean up unnecessary report all (part 2) (#373) (cdca30e)
• clean up unnecessary report all (part 3) (#378) (7a692c9)
• deps: Bump actions/checkout from 4.2.2 to 5.0.0 (#366) (60531b1)
• deps: Bump actions/create-github-app-token from 2.0.6 to 2.1.1 (#364) (28f126d)
• deps: Bump actions/create-github-app-token from 2.1.1 to 2.1.4 (#390) (7ea187b)
• deps: Bump actions/setup-go from 5.5.0 to 6.0.0 (#392) (4918cac)
• deps: Bump actions/setup-node from 4.4.0 to 5.0.0 (#391) (0929d47)
• deps: bump build-push-to-dockerhub to v0.4.0, add comment for renovate (#458) (ce85bde)
• deps: Bump github.com/bmatcuk/doublestar/v4 from 4.8.1 to 4.9.1 (#354) (957b522)
• deps: bump github.com/docker/docker to v28.5.2 [security] (#567) (175afff)
• deps: Bump github.com/jarcoal/httpmock from 1.4.0 to 1.4.1 (#361) (3883fab)
• deps: Bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#359) (aa54b2f)
• deps: Bump golang.org/x/crypto from 0.40.0 to 0.41.0 (#362) (9159fa6)
• deps: Bump golang.org/x/crypto from 0.41.0 to 0.42.0 (#388) (660b0b7)
• deps: Bump golang.org/x/mod from 0.25.0 to 0.26.0 (#353) (f720abb)
• deps: Bump golang.org/x/mod from 0.26.0 to 0.27.0 (#363) (606c8ae)
• deps: Bump golang.org/x/mod from 0.27.0 to 0.28.0 (#386) (b760259)
• deps: Bump google.golang.org/api from 0.235.0 to 0.239.0 (#347) (d73dea8)
• deps: Bump google.golang.org/api from 0.239.0 to 0.244.0 (#355) (9578824)
• deps: Bump google.golang.org/api from 0.244.0 to 0.248.0 (#360) (5f79e6b)
• deps: Bump google.golang.org/api from 0.248.0 to 0.251.0 (#387) (2d69294)
• deps: Bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 (#367) (2e91d7d)
• deps: Bump grafana/shared-workflows from 1.2.1 to 1.3.0 (#365) (965c9f1)
• deps: bump step-security/harden-runner to v2.16.0 (#595) (a7f5763)
• deps: Bump tar from 7.4.3 to 7.5.1 (#389) (1da3aed)
• deps: pin npm dependencies to exact lockfile versions (#583) (cce23b6)
• deps: set up renovate for Go version in go.mod and Dockerfile (#536) (9a70fee)
• deps: update actions/setup-node action to v6 (#434) (b33dbea)
• deps: update alpine docker tag to v3.22 (#427) (42e58ef)
• deps: update dependency go to v1.25.2 (#421) (d3f301f)
• deps: update dependency go to v1.25.3 (#432) (3cd348c)
• deps: update dependency tar to v7.5.11 [security] (#540) (822b22b)
• deps: update dependency tar to v7.5.2 [security] (#444) (89f94c3)
• deps: update dependency tar to v7.5.3 [security] (#488) (fb51260)
• deps: update dependency tar to v7.5.4 [security] (#492) (3da2dc0)
• deps: update dependency tar to v7.5.7 [security] (#505) (1060d2c)
• deps: update dependency tar to v7.5.8 [security] (#521) (e968649)
• deps: update github actions (#480) (2d7f847)
• deps: update github actions (#484) (5967bb5)
• deps: update github actions (#525) (d9d6d53)
• deps: update golang docker tag to v1.25 (#440) (e8021b8)
• deps: update golang:1.25-alpine3.21 docker digest to 3289aac (#463) (149657d)
• deps: update golang:1.25-alpine3.21 docker digest to 8f507c4 (#460) (e71d25b)
• deps: update golang:1.25-alpine3.22 docker digest to fa3380a (#493) (f0ec653)
• deps: update grafana/shared-workflows/ action to (#413) (174f652)
• deps: update grafana/shared-workflows/ action to (#416) (984e298)
• deps: update grafana/shared-workflows/ action to (#420) (0a3aa5f)
• deps: update grafana/shared-workflows/ action to (#422) (d9e6aad)
• deps: update grafana/shared-workflows/ action to (#423) (ff95689)
• deps: update grafana/shared-workflows/ action to (#425) (51c1c4a)
• deps: update grafana/shared-workflows/ action to (#428) (2484218)
• deps: update grafana/shared-workflows/ action to (#429) (9fbfba0)
• deps: update grafana/shared-workflows/ action to (#430) (a49848f)
• deps: update grafana/shared-workflows/ action to (#433) (3c2b5c5)
• deps: update grafana/shared-workflows/ action to (#435) (44f0efb)
• deps: update grafana/shared-workflows/ action to (#439) (d8c80dd)
• deps: update grafana/shared-workflows/ action to (#442) (d5aa1c4)
• deps: update grafana/shared-workflows/ action to (#443) (f25ba40)
• deps: update grafana/shared-workflows/ action to (#445) (79e5be4)
• deps: update grafana/shared-workflows/ action to (#446) (440e970)
• deps: update grafana/shared-workflows/ action to (#447) (24f97ee)
• deps: update grafana/shared-workflows/ action to (#448) (0859fab)
• deps: update grafana/shared-workflows/ action to (#449) (7357b6e)
• deps: update grafana/shared-workflows/build-push-to-dockerhub action to v0.4.1 (#481) (89c590d)
• deps: update module github.com/cloudflare/circl to v1.6.3 [security] (#527) (c114da4)
• deps: update module github.com/containerd/containerd to v1.7.29 [security] (#465) (73b3e6a)
• deps: update module github.com/docker/cli to v29 [security] (#532) (3b48852)
• deps: update module github.com/go-git/go-git/v5 to v5.16.5 [security] (#506) (af2f3c2)
• deps: update module github.com/go-git/go-git/v5 to v5.17.1 [security] (#554) (81c0331)
• deps: update module github.com/go-git/go-git/v5 to v5.18.0 [security] (#559) (731cf94)
• deps: update module github.com/go-git/go-git/v5 to v5.19.0 [security] (#579) (54685dd)
• deps: update module github.com/opencontainers/selinux to v1.13.0 [security] (#466) (e985ef0)
• deps: update module github.com/prometheus/exporter-toolkit to v0.7.2 [security] (#396) (ba3eefb)
• deps: update module go.opentelemetry.io/otel to v1.41.0 [security] (#563) (48220f5)
• deps: update module golang.org/x/net to v0.53.0 [security] (#568) (6a1440f)
• deps: update module google.golang.org/grpc to v1.79.3 [security] (#544) (6a8f1b9)
• Disable install scripts in package manager configs (#581) (2e92589)
• exclude test files from validator (#242) (a859319)
• Fix bump and release action (#329) (15f1b0c)
• Get npm token from vault for release (#337) (0dad87c)
• Harden github token permissions (#344) (f9326a4)
• Improve validation message when source map differ from source code (#139) (475749e)
• main: release plugin-validator 0.42.0 (#574) (6b70d96)
• main: release plugin-validator 0.42.1 (#576) (d47a70e)
• main: release plugin-validator 0.42.2 (#586) (720e12a)
• main: release plugin-validator 0.42.3 (#589) (3efa9f4)
• main: release plugin-validator 0.42.4 (#590) (6043abd)
• main: release plugin-validator 0.42.5 (#599) (025145e)
• main: release plugin-validator 0.42.6 (#601) (7d5413c)
• main: release plugin-validator 0.42.7 (#603) (cf49b07)
• migrate codeowners to @grafana/grafana-catalog (#572) (93d60a1)
• remove binwrap dependency (#248) (91ad559)
• remove drone and move to github action to release a docker image (#255) (f7df6d5)
• Update go dependencies and pin github action versions (#316) (3283c73)
• update Grafana plugin schema (#479) (da6d9c1)
• update Grafana plugin schema (#489) (67e23f7)
• update Grafana plugin schema (#514) (92521fc)
• update Grafana plugin schema (#522) (daabb15)
• update Grafana plugin schema (#543) (67ff0f4)
• update Grafana plugin schema (#557) (f896b9a)
• update Grafana plugin schema (#566) (c9fa796)
• update Grafana plugin schema (#569) (ecb9105)
• update packages and images (#173) (39c038c)
• Upgrade go releaser (#247) (7febb5c)
• Use get-vault-secrets without exporting env variables (#345) (a1a241b)

This PR was generated with Release Please. See documentation.