Update go module minor/patch updates#207
Update go module minor/patch updates#207red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
Conversation
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR. I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
📝 WalkthroughWalkthrough
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Security NotesCWE-1104 / Supply chain surface. Direct dependencies warranting individual CVE triage:
Go 1.26.0 toolchain bump — confirm the toolchain is pinned in CI/CD and no 🚥 Pre-merge checks | ✅ 11✅ Passed checks (11 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Line 3: The go directive in this module has been upgraded to 1.26.0, but
dependent modules broker, sentinel, and api still require Go 1.25.0, creating a
supply chain compatibility risk. Either revert the go directive back to 1.25.0
to match the minimum version required by the broker dependency and other
transitive dependencies, or coordinate updates to broker's go.mod and other
dependent modules to also require 1.26.0 and verify protobuf and gRPC
compatibility with the new version. Ensure all modules in the ecosystem have
consistent minimum Go versions before merging.
- Line 177: The go.mod file declares an unreleased pseudo-version of
google.golang.org/protobuf that conflicts with broker's stable v1.36.11 release,
and the declared google.golang.org/grpc v1.81.1 is incompatible with sentinel's
transitive otelgrpc v0.65.0 dependency. Update the google.golang.org/protobuf
version from the pseudo-version to the stable v1.36.11 release to align with
broker. Additionally, verify that otelgrpc v0.65.0 (or upgrade to a newer
version) explicitly supports google.golang.org/grpc v1.81.1 to prevent
instrumentation breakage in sentinel.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 1bc7156a-d7c0-4de9-ae6a-0b7c2656763f
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum,!**/go.sum
📒 Files selected for processing (1)
go.mod
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
openshift-hyperfleet/architecture(manual)openshift-hyperfleet/hyperfleet-api(manual)openshift-hyperfleet/hyperfleet-sentinel(manual)openshift-hyperfleet/hyperfleet-adapter(manual)openshift-hyperfleet/hyperfleet-broker(manual)
| module github.com/openshift-hyperfleet/hyperfleet-adapter | ||
|
|
||
| go 1.25.0 | ||
| go 1.26.0 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify Go 1.26.0 is available and from upstream
curl -sI https://go.dev/dl/go1.26.0.linux-amd64.tar.gz | head -1
# Expected: HTTP/2 200 (or similar success code)
# Check if any CI files pin conflicting Go versions
fd -e yml -e yaml . --exec grep -l 'go-version:' {} \; 2>/dev/null | head -5Repository: openshift-hyperfleet/hyperfleet-adapter
Length of output: 96
🏁 Script executed:
#!/bin/bash
# Find all CI/CD configuration files
find . -type f \( -name "*.yml" -o -name "*.yaml" -o -name "Dockerfile*" \) | grep -E '(github|gitlab|ci|docker)' | head -20Repository: openshift-hyperfleet/hyperfleet-adapter
Length of output: 99
🏁 Script executed (no clone):
#!/bin/bash
# Verify Go 1.26.0 release status
curl -s https://go.dev/dl/ 2>&1 | grep -o 'go1\.26\.[0-9]*' | head -5
# Also check the go.dev API for available versions
curl -s 'https://go.dev/dl/?mode=json' 2>&1 | head -50
Length of output: 1374
🏁 Script executed:
#!/bin/bash
# Find GitHub Actions workflows and other CI configs
find .github/workflows -type f 2>/dev/null || echo "No .github/workflows found"
# Find all potential CI/deployment files
find . -type f \( -name "*.yml" -o -name "*.yaml" \) | head -20Repository: openshift-hyperfleet/hyperfleet-adapter
Length of output: 1092
🏁 Script executed:
#!/bin/bash
# Check current go.mod to see the go directive
head -5 go.modRepository: openshift-hyperfleet/hyperfleet-adapter
Length of output: 163
🏁 Script executed on selected repositories:
#!/bin/bash
# Check go directive in linked repos
head -5 go.mod
Repositories: openshift-hyperfleet/hyperfleet-broker, openshift-hyperfleet/hyperfleet-sentinel, openshift-hyperfleet/hyperfleet-api
Length of output: 618
🏁 Script executed:
#!/bin/bash
# Check Tekton pipeline files for Go version constraints
cat .tekton/hyperfleet-adapter-push.yaml | grep -i 'go\|version' | head -20
cat .tekton/hyperfleet-adapter-chart-push.yaml | grep -i 'go\|version' | head -20Repository: openshift-hyperfleet/hyperfleet-adapter
Length of output: 161
🏁 Script executed:
#!/bin/bash
# Check if adapter imports broker, sentinel, or api
rg 'github.com/openshift-hyperfleet/(hyperfleet-broker|hyperfleet-sentinel|hyperfleet-api)' --type goRepository: openshift-hyperfleet/hyperfleet-adapter
Length of output: 250
🏁 Script executed on selected repositories:
#!/bin/bash
# Check go.mod require section for mutual dependencies
grep -A 50 'require (' go.mod | head -30
Repositories: openshift-hyperfleet/hyperfleet-broker, openshift-hyperfleet/hyperfleet-sentinel, openshift-hyperfleet/hyperfleet-api
Length of output: 4400
Go 1.26.0 upgrade not coordinated across module dependencies—CWE-829 supply chain risk.
Adapter bumps go directive to 1.26.0, but direct dependency broker (imported in cmd/adapter/main.go and pkg/health/metrics_test.go) remains at Go 1.25.0, as do sentinel and api. Go 1.26.0 may have breaking changes to protobuf codegen (broker uses google.golang.org/protobuf v1.36.11 and google.golang.org/grpc v1.79.3). Verify that adapter's new 1.26.0 requirement is compatible with broker's 1.25.0 minimum. If broker or its transitive dependencies require 1.26-specific behavior or API changes, broker's go.mod must also be updated—inconsistent minimum versions across the ecosystem introduces silent compatibility failures.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` at line 3, The go directive in this module has been upgraded to
1.26.0, but dependent modules broker, sentinel, and api still require Go 1.25.0,
creating a supply chain compatibility risk. Either revert the go directive back
to 1.25.0 to match the minimum version required by the broker dependency and
other transitive dependencies, or coordinate updates to broker's go.mod and
other dependent modules to also require 1.26.0 and verify protobuf and gRPC
compatibility with the new version. Ensure all modules in the ecosystem have
consistent minimum Go versions before merging.
| gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect | ||
| google.golang.org/genproto/googleapis/rpc v0.0.0-20260610212136-7ab31c22f7ad // indirect | ||
| google.golang.org/grpc v1.81.1 // indirect | ||
| google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af // indirect |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify protobuf pseudo-version is intentional and compatible with broker's pubsubpb usage
# Expected: Confirm this is a known/blessed pre-release, not an accidental or malicious substitution
# 1. Extract the commit hash from pseudo-version
commit_hash="f2248ac996af"
# 2. Check git history for this commit in protobuf repo (if accessible)
# This would verify the commit exists and is authored by Google
git ls-remote https://github.com/protocolbuffers/protobuf.git | grep -q "$commit_hash" && \
echo "✓ Commit found in official protobuf repo" || \
echo "✗ Commit NOT found — possible supply chain issue"
# 3. Verify broker's pubsubpb imports are compatible
# Search for actual usage of pubsubpb.* and durationpb.* in broker
rg -C3 'pubsubpb\.|durationpb\.' \
--glob '*/broker/googlepubsub.go' 2>/dev/null || \
echo "⚠ Cannot verify broker protobuf usage (adapter doesn't include broker source)"Repository: openshift-hyperfleet/hyperfleet-adapter
Length of output: 210
🏁 Script executed:
#!/bin/bash
# Inspect go.mod to verify the pseudo-version and related dependencies
echo "=== Lines 170-185 of go.mod (protobuf and related deps) ==="
sed -n '170,185p' go.mod
echo -e "\n=== Check for protobuf imports in adapter code ==="
rg 'google\.golang\.org/protobuf' --type go -l 2>/dev/null || echo "No protobuf imports found"
echo -e "\n=== Verify google.golang.org/protobuf line ==="
rg 'google\.golang\.org/protobuf' go.modRepository: openshift-hyperfleet/hyperfleet-adapter
Length of output: 1236
🏁 Script executed:
#!/bin/bash
# Verify broker's actual protobuf/pubsub dependencies
echo "=== Broker go.mod protobuf section ==="
rg 'google\.golang\.org/protobuf|cloud\.google\.com/go/pubsub' go.mod -A1 || echo "Not found in broker"
echo -e "\n=== Check broker's actual protobuf usage ==="
rg 'pubsubpb\.|durationpb\.' --type go broker/ -l 2>/dev/null || echo "No usage found"Repository: openshift-hyperfleet/hyperfleet-broker
Length of output: 313
🏁 Script executed:
#!/bin/bash
# Verify API's OTel semconv version
echo "=== API go.mod OTel section ==="
rg 'go\.opentelemetry\.io/otel' go.mod -A1 | head -20
echo -e "\n=== Check explicit semconv import ==="
rg 'semconv' --type go pkg/telemetry/ 2>/dev/null || echo "Not found"Repository: openshift-hyperfleet/hyperfleet-api
Length of output: 893
🏁 Script executed:
#!/bin/bash
# Verify Sentinel's OTel version and instrumentation deps
echo "=== Sentinel go.mod OTel dependencies ==="
rg 'go\.opentelemetry\.io|otelgrpc' go.mod 2>/dev/null || echo "Not found"
echo -e "\n=== Check sentinel's OTel usage ==="
rg 'go\.opentelemetry\.io' --type go -l 2>/dev/null | head -5Repository: openshift-hyperfleet/hyperfleet-sentinel
Length of output: 1347
🏁 Script executed (no clone):
#!/bin/bash
# Research protobuf v1.36.12 legitimacy and release info
# The pseudo-version format suggests a pre-release commit
echo "=== Protobuf v1.36.12 release info ==="
curl -s "https://api.github.com/repos/protocolbuffers/protobuf/releases/tags/v1.36.12" | \
jq '.tag_name, .prerelease, .published_at' || echo "Not found as official release"
echo -e "\n=== Check if v1.36.12 exists on pkg.go.dev ==="
curl -s "https://pkg.go.dev/google.golang.org/protobuf@v1.36.12" | grep -q "404" && \
echo "v1.36.12 does NOT exist (404)" || echo "v1.36.12 may exist"
echo -e "\n=== Pseudo-version indicates unreleased commit ==="
echo "Pseudo-version format: v1.36.12-0.20260120151049-f2248ac996af"
echo "Decoding: base=v1.36.12, timestamp=0.20260120151049, hash=f2248ac996af"
echo "Interpretation: commit AFTER v1.36.12, dated 2026-01-20"
Length of output: 393
🌐 Web query:
opentelemetry otel v1.44.0 semconv compatibility breaking changes
💡 Result:
OpenTelemetry Semantic Conventions (semconv) follow independent versioning and are maintained separately from the core OpenTelemetry SDKs (such as the Go SDK, which recently reached v1.44.0) [1][2]. There is no "v1.44.0" release for the OpenTelemetry Semantic Conventions repository itself. The most recent major releases of the semantic conventions (e.g., v1.40.0, v1.41.0, v1.42.0) have historically introduced breaking changes [3][4][5][6][7]. Key details regarding stability and breaking changes in semantic conventions include: 1. Independent Versioning: Semantic Conventions are versioned as a single package with their own release lifecycle [8][2]. You should check the official OpenTelemetry Semantic Conventions releases page to see the latest available version [4]. 2. Breaking Changes Definition: OpenTelemetry defines breaking changes as those that invalidate common usage of tooling (alerts, dashboards, queries) written against the telemetry produced. To mitigate these impacts, OpenTelemetry utilizes Telemetry Schemas, which allow for schema transformations to maintain compatibility [8][2]. 3. Mitigation Strategies: Instrumentations are encouraged to use declarative configuration for version selection [9]. When upgrading, you should consult the migration documentation provided in the release notes of the specific semconv version you are targeting [1]. 4. Stability Levels: Some language implementations ship separate artifacts for "stable" versus "incubating/preview" conventions to ensure that production applications do not inadvertently rely on unstable, breaking attribute definitions [10]. If you are seeing a reference to "v1.44.0" in the context of an SDK (like go.opentelemetry.io/otel), that version number refers to the SDK package release, not the semantic conventions version it might be bundled with or currently using [1]. Always verify the semantic convention version explicitly in your project configuration or dependency tree.
Citations:
- 1: Bump go.opentelemetry.io/otel from 1.43.0 to 1.44.0 microsoft/azure-linux-image-tools#753
- 2: https://opentelemetry.io/docs/specs/otel/versioning-and-stability/
- 3: https://github.com/open-telemetry/semantic-conventions/blob/main/CHANGELOG.md
- 4: https://github.com/open-telemetry/semantic-conventions/releases
- 5: https://github.com/open-telemetry/semantic-conventions/releases/tag/v1.41.0
- 6: https://github.com/open-telemetry/semantic-conventions/releases/tag/v1.42.0
- 7: https://github.com/open-telemetry/semantic-conventions/releases/tag/v1.40.0
- 8: https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md
- 9: https://github.com/open-telemetry/semantic-conventions/blob/main/docs/configuration/version-selection.md
- 10: https://opentelemetry.io/docs/specs/semconv/non-normative/code-generation/
🌐 Web query:
grpc otelgrpc v0.65.0 google.golang.org/grpc v1.81 compatibility
💡 Result:
For grpc-ecosystem/go-grpc-middleware, the relevant OpenTelemetry interceptor is go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc, not a separate grpc-ecosystem module; go-grpc-middleware docs list otelgrpc as an external dependency. In practice, “compatibility with google.golang.org/grpc v1.81.0” for otelgrpc v0.65.0 means whether otelgrpc v0.65.0 builds/tests against that grpc version. otelgrpc v0.65.0 dependency version vs grpc v1.81: - The pkg.go.dev page for go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.65.0 shows it depends on google.golang.org/grpc v1.78.0 (not v1.81.0). [1] Is it compatible with grpc v1.81.0 anyway? - I did not find an explicit statement like “v0.65.0 supports grpc v1.81.x” in the v0.65.0 docs or release notes. - However, open-telemetry repositories do appear to bump grpc versions up to v1.81.x around May 2026 (suggesting they were actively keeping up with grpc changes): - open-telemetry/opentelemetry-go has a PR “update module google.golang.org/grpc to v1.81.0”. [2] - open-telemetry/opentelemetry-go-contrib has a PR “update module google.golang.org/grpc to v1.81.1” (which would be the repo where otelgrpc lives). [3] Practical guidance: - If you must target google.golang.org/grpc v1.81.x, the most evidence-backed approach is to use an otelgrpc release whose declared google.golang.org/grpc dependency already matches (or is at least closer) to v1.81.x. - Based on the available evidence, otelgrpc v0.65.0 declares grpc v1.78.0, so you should expect to either (a) run into compile/test breakage when your application upgrades grpc to v1.81.x, or (b) rely on Go module resolution to still work if grpc changes were backward-compatible at the API level—but that “it works” claim is not explicitly verified by the sources above. [1] Bottom line: - Confirmed from sources: otelgrpc v0.65.0 is declared with google.golang.org/grpc v1.78.0, not v1.81.0. [1] - Not confirmed from sources: explicit “compatibility” guarantee between otelgrpc v0.65.0 and grpc v1.81.x. - Strong hint: the opentelemetry-go-contrib project was updating grpc to v1.81.1 in May 2026, so using a newer otelgrpc version than v0.65.0 is likely the safest route for grpc v1.81. [3]
Citations:
- 1: https://pkg.go.dev/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.65.0
- 2: fix(deps): update module google.golang.org/grpc to v1.81.0 open-telemetry/opentelemetry-go#8298
- 3: fix(deps): update module google.golang.org/grpc to v1.81.1 open-telemetry/opentelemetry-go-contrib#9022
Protobuf pseudo-version breaks broker compatibility; gRPC/otelgrpc version mismatch escalates.
Adapter declares google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af (line 177) — an unreleased pseudo-version commit, not an official release. Broker is locked to v1.36.11 and uses protobuf-generated types (pubsubpb.*, durationpb.* in broker/googlepubsub.go); this pseudo-version forces a breaking protobuf upgrade on all consumers (sentinel, API) that depend on broker, risking message deserialization failures.
Additionally, adapter declares google.golang.org/grpc v1.81.1 while sentinel's transitive otelgrpc v0.65.0 declares google.golang.org/grpc v1.78.0 — a 3-point version gap with no explicit compatibility guarantee. Sentinel will inherit grpc v1.81.1 from adapter, breaking otelgrpc instrumentation.
Use a stable google.golang.org/protobuf release (e.g., v1.36.11 to match broker) and verify otelgrpc supports grpc v1.81.1 or upgrade otelgrpc in sentinel.
[CWE-829: Supply Chain Risk]
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` at line 177, The go.mod file declares an unreleased pseudo-version of
google.golang.org/protobuf that conflicts with broker's stable v1.36.11 release,
and the declared google.golang.org/grpc v1.81.1 is incompatible with sentinel's
transitive otelgrpc v0.65.0 dependency. Update the google.golang.org/protobuf
version from the pseudo-version to the stable v1.36.11 release to align with
broker. Additionally, verify that otelgrpc v0.65.0 (or upgrade to a newer
version) explicitly supports google.golang.org/grpc v1.81.1 to prevent
instrumentation breakage in sentinel.
Source: Coding guidelines
Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
red-hat-konflux-kflux-prd-rh02
Bot
force-pushed
the
konflux/mintmaker/main/go-module-minorpatch-updates
branch
from
696d203 to
d1cad3f
Compare
This PR contains the following updates:
v0.25.1→v0.25.2v0.18.2→v0.20.0v2.5.1→v2.6.0v1.5.1→v1.5.2v3.0.2→v3.1.0v2.0.0→v2.0.1v4.13.0→v4.13.1v0.6.0→v0.7.0v0.10.0→v0.10.1v1.0.4→v1.1.0v1.9.0→v1.10.1v2.9.0→v2.9.2v0.20.0→v0.47.0v0.21.1→v0.23.1v0.21.0→v0.21.6v0.25.4→v0.26.1v0.25.4→v0.26.1v0.25.4→v0.26.1v0.25.4→v0.26.1v0.25.4→v0.26.1v0.25.4→v0.26.1v0.25.4→v0.26.1v0.25.4→v0.26.1v0.25.4→v0.26.1v0.25.4→v0.26.1v0.25.4→v0.26.1v0.25.4→v0.26.1v0.26.1→v0.28.1v0.7.0→v0.7.1v0.3.14→v0.3.16v2.21.0→v2.22.0v2.28.0→v2.29.0v1.18.5→v1.18.6v1.54.1→v1.55.0v0.4.0→v0.5.0v0.6.0→v0.7.0v0.1.493→v0.1.503v2.2.4→v2.4.0v0.67.4→v0.69.0v0.19.2→v0.20.1v1.10.0→v1.12.0v4.26.3→v4.26.5v0.42.0→v0.43.0v0.3.16→v0.4.0v0.11.0→v0.12.0v0.65.0→v0.69.0v0.65.0→v0.69.0v0.68.0→v0.69.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.43.0→v1.44.0v1.27.1→v1.28.0v2.4.3→v2.4.4v0.52.0→v0.53.0v0.54.0→v0.56.0v0.45.0→v0.46.0v0.43.0→v0.44.0v0.37.0→v0.38.0v0.274.0→v0.285.0v1.80.0→v1.81.1v4.12.0→v4.13.0v0.34.3→v0.36.2v0.34.3→v0.36.2v0.34.3→v0.36.2v1.2.0→v1.3.0v1.2.0→v1.3.0v0.22.4→v0.24.1v6.3.2→v6.4.0Release Notes
google/cel-spec (cel.dev/expr)
v0.25.2Compare Source
What's Changed
New Contributors
Full Changelog: cel-expr/cel-spec@v0.25.1...v0.25.2
googleapis/google-cloud-go (cloud.google.com/go/auth)
v0.20.0Compare Source
bigquery: Support SchemaUpdateOptions for load jobs.
bigtable:
datastore: Add OpenCensus tracing.
firestore:
logging: Add a WriteTimeout option.
spanner: Support Batch API.
storage: Add OpenCensus tracing.
v0.19.0bigquery:
bigtable:
datastore:
firestore:
logging:
profiler:
pubsub:
callback returns).
storage:
ThreeDotsLabs/watermill (github.com/ThreeDotsLabs/watermill)
v1.5.2Compare Source
What's Changed
New Contributors
Full Changelog: ThreeDotsLabs/watermill@v1.5.1...v1.5.2
ThreeDotsLabs/watermill-amqp (github.com/ThreeDotsLabs/watermill-amqp/v3)
v3.1.0Compare Source
What's Changed
New Contributors
Full Changelog: ThreeDotsLabs/watermill-amqp@v3.0.2...v3.1.0
ThreeDotsLabs/watermill-googlecloud (github.com/ThreeDotsLabs/watermill-googlecloud/v2)
v2.0.1Compare Source
What's Changed
Full Changelog: ThreeDotsLabs/watermill-googlecloud@v2.0.0...v2.0.1
antlr4-go/antlr (github.com/antlr4-go/antlr/v4)
v4.13.1: Release 4.13.1Compare Source
The 4.13.1 release has:
using mutexes, when the user knows they will not use it with multiple
go routines. (Note, somewhat experimental)
Note that I did not remove the sort.Slices calls. They will not be experimental for long
and are implemented efficently. Please make a fork if you must use it without this
dependency. Maybe review whether you need to do so for the sake of one call.
docker/go-connections (github.com/docker/go-connections)
v0.7.0Compare Source
ebitengine/purego (github.com/ebitengine/purego)
v0.10.1Compare Source
felixge/httpsnoop (github.com/felixge/httpsnoop)
v1.1.0Compare Source
fsnotify/fsnotify (github.com/fsnotify/fsnotify)
v1.10.1Compare Source
Changes and fixes
inotify: don't remove sibling watches sharing a path prefix (#754)
inotify, windows: don't rename sibling watches sharing a path prefix
(#755)
v1.10.0Compare Source
This version of fsnotify needs Go 1.23.
Changes and fixes
inotify: improve initialization error message (#731)
inotify: send Rename event if recursive watch is renamed (#696)
inotify: avoid copying event buffers when reading names (#741)
kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)
kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)
windows: fix nil pointer dereference in remWatch (#736)
windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)
fxamacker/cbor (github.com/fxamacker/cbor/v2)
v2.9.2Compare Source
This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.
Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).
The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.
This release passed fuzz tests (billions of execs) and it is production quality.
What's Changed
CI / GitHub Actions and Docs
🔎 Details...
Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2
v2.9.1Compare Source
This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.
🐞 Bug fixes related to the
keyasintfeatureThese changes only affect Go struct fields tagged with
keyasint:math.MaxInt64when decoding CBOR map to a struct withkeyasintfield (PR #757)keyasinttag values (PR #757)🐞 Other bug fixes and defensive checks
Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).
NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).
RawMessagefromRawMessage.MarshalCBOR(PR #753)U+FFFDreplacement character (PR #753)What's Changed
TimeRFC3339NanoUTCby @fxamacker in #688CI / GitHub Actions and Docs
🔎 Details...
Configuration
📅 Schedule: Branch creation - "on monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.