sync: update 4 files from source repository (#191)

Author: mrz1836

.github/.env.base

@@ -231,8 +231,8 @@ MAGE_X_AUTO_DISCOVER_BUILD_TAGS_EXCLUDE=race,custom           # Comma-separated
 MAGE_X_FORMAT_EXCLUDE_PATHS=vendor,node_modules,.git,.idea    # Format exclusion paths (comma-separated directories to exclude from formatting)
 MAGE_X_GITLEAKS_VERSION=8.28.0                                # https://github.com/gitleaks/gitleaks/releases
 MAGE_X_GOFUMPT_VERSION=v0.9.1                                 # https://github.com/mvdan/gofumpt/releases
-MAGE_X_GOLANGCI_LINT_VERSION=v2.4.0                           # https://github.com/golangci/golangci-lint/releases
-MAGE_X_GORELEASER_VERSION=v2.12.0                             # https://github.com/goreleaser/goreleaser/releases
+MAGE_X_GOLANGCI_LINT_VERSION=v2.5.0                           # https://github.com/golangci/golangci-lint/releases
+MAGE_X_GORELEASER_VERSION=v2.12.2                             # https://github.com/goreleaser/goreleaser/releases
 MAGE_X_GOVULNCHECK_VERSION=v1.1.4                             # https://pkg.go.dev/golang.org/x/vuln
 MAGE_X_GO_SECONDARY_VERSION=1.24.x                            # Secondary Go version for MAGE-X (also our secondary)
 MAGE_X_GO_VERSION=1.24.x                                      # Primary Go version for MAGE-X (also our primary)
@@ -274,6 +274,11 @@ GITLEAKS_CONFIG_FILE=
 # Nancy CVE Exclusions (known acceptable vulnerabilities)
 NANCY_EXCLUDES=CVE-2024-38513,CVE-2023-45142
 
+# OSS Index Authentication for Nancy (optional)
+# Username (email) for OSS Index authentication - reduces rate limits and provides better vulnerability data
+# Get your API token from: https://ossindex.sonatype.org/user-token
+# Github Secret(s): OSSI_USERNAME and OSSI_TOKEN
+
 # Security Tools
 GITLEAKS_VERSION=8.28.0                # https://github.com/gitleaks/gitleaks/releases
 GOVULNCHECK_VERSION=v1.1.4             # https://pkg.go.dev/golang.org/x/vuln
@@ -303,7 +308,7 @@ GO_PRE_COMMIT_MAX_FILES_OPEN=100
 GO_PRE_COMMIT_ALL_FILES=true
 
 # Tool Versions
-GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.4.0     # https://github.com/golangci/golangci-lint
+GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.5.0     # https://github.com/golangci/golangci-lint
 GO_PRE_COMMIT_FUMPT_VERSION=v0.9.1             # https://github.com/mvdan/gofumpt
 GO_PRE_COMMIT_GOIMPORTS_VERSION=latest         # https://github.com/golang/tools
 

.github/tech-conventions/pre-commit.md

@@ -98,8 +98,7 @@ Pin specific tool versions for consistency across environments:
 
 ```bash
 # External tool versions
-GO_PRE_COMMIT_GOLANGCI_LINT_VERSION=v2.4.0
-GO_PRE_COMMIT_FUMPT_VERSION=v0.8.0
+GO_PRE_COMMIT_FUMPT_VERSION=latest
 GO_PRE_COMMIT_GOIMPORTS_VERSION=latest
 ```
 

.github/workflows/fortress-security-scans.yml

@@ -51,6 +51,12 @@ on:
       gitleaks-license:
         description: "Gitleaks license key"
         required: false
+      ossi-username:
+        description: "OSS Index username or email for Nancy authentication"
+        required: false
+      ossi-token:
+        description: "OSS Index API token for Nancy authentication"
+        required: false
 
 # Security: Restrictive default permissions with job-level overrides for least privilege access
 permissions:
@@ -124,6 +130,9 @@ jobs:
       - name: 🔍 Ask Nancy
         uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3
         continue-on-error: false
+        env:
+          OSSI_USERNAME: ${{ secrets.ossi-username }}
+          OSSI_TOKEN: ${{ secrets.ossi-token }}
         with:
           githubToken: ${{ secrets.github-token }} # ← prevents rate-limit 403
           nancyVersion: ${{ env.NANCY_VERSION }}

.github/workflows/fortress.yml

@@ -207,6 +207,8 @@ jobs:
     secrets:
       github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }}
       gitleaks-license: ${{ secrets.GITLEAKS_LICENSE }}
+      ossi-token: ${{ secrets.OSSI_TOKEN }}
+      ossi-username: ${{ secrets.OSSI_USERNAME }}
   # ----------------------------------------------------------------------------------
   # Code Quality Checks
   # ----------------------------------------------------------------------------------