Skip to content

Bump dependency versions from dependabot warnings #3512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 11, 2025
Merged

Bump dependency versions from dependabot warnings #3512

merged 2 commits into from
Mar 11, 2025

Conversation

gmlewis
Copy link
Collaborator

@gmlewis gmlewis commented Mar 10, 2025

Closes: #3427.
Closes: #3457.
Closes: #3484.
Closes: #3509.
Closes: #3510.

@codecov Codecov
Copy link

codecov bot commented Mar 10, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.

Project coverage is 91.21%. Comparing base (76d1d46) to head (2a433a9).
Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
example/verifyartifact/main.go 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #3512   +/-   ##
=======================================
  Coverage   91.21%   91.21%           
=======================================
  Files         182      182           
  Lines       15930    15930           
=======================================
  Hits        14531    14531           
  Misses       1225     1225           
  Partials      174      174

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@gmlewis
Copy link
Collaborator Author

gmlewis commented Mar 10, 2025

@dnwe - @stevehipwell - are you OK with these changes?
The bump to Go 1.23 is required in the examples, tools, and scrape directories due to dependencies with dependabot warnings. I've left the main go.mod alone.

@gmlewis gmlewis added the NeedsReview PR is awaiting a review before merging. label Mar 10, 2025
@dnwe
Copy link
Contributor

dnwe commented Mar 10, 2025

@gmlewis as per IBM/sarama#3113, since the Go team started immediately bumping the golang.org/x tree to have go.mod directives of N-1 as soon as a new release is made, I feel it is no longer possible for any of us library authors to maintain support for anything older than N-1.

As such, I'd recommend you keep all the go.mod files in-sync and bump to 1.23.0

@gmlewis gmlewis removed the NeedsReview PR is awaiting a review before merging. label Mar 11, 2025
@gmlewis gmlewis merged commit 75813d0 into google:master Mar 11, 2025
8 of 9 checks passed
@gmlewis gmlewis deleted the bump-org-x-net branch March 11, 2025 00:56
@stevehipwell
Copy link
Contributor

Sorry for the slow reply @gmlewis, I agree with the above comment.

@gmlewis gmlewis mentioned this pull request Mar 17, 2025
Merged
@asvoboda asvoboda mentioned this pull request Mar 24, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gmlewis @dnwe @stevehipwell