chore: a (hopefully) final set of upgrades before dependabot takes over #9622
Conversation
|
Gemini encountered an error creating the summary. You can try again by commenting |
|
Gemini encountered an error creating the summary. You can try again by commenting |
![code-review-assist[bot]](https://avatars.githubusercontent.com/in/1008254?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hi @plumpy, @reviewers,
I'm currently reviewing this pull request and will post a full review in a few minutes. In the meantime, I'm providing a summary of the pull request's content for you and other reviewers to quickly get up to speed on the changes and intent.
This PR, titled chore: a (hopefully) final set of upgrades before dependabot takes over, aims to upgrade various dependencies before Dependabot takes over the task. The changes are primarily focused on updating Go module dependencies, as reflected in the modifications to the go.mod and go.sum files.
Here's a summary of the changes:
- go.mod: Numerous dependency versions have been updated. I've listed some key changes below, but a full list is available in the PR itself. Note that some
excludedirectives have also been added or modified.
| Package Name | Old Version | New Version | Notes |
|---|---|---|---|
| cloud.google.com/go/cloudbuild | v1.19.1 | v1.19.2 | |
| cloud.google.com/go/monitoring | v1.22.0 | v1.22.1 | |
| cloud.google.com/go/storage | v1.48.0 | v1.49.0 | |
| github.com/buildpacks/pack | v0.36.0 | v0.36.2 | |
| github.com/go-git/go-git/v5 | v5.12.0 | v5.13.1 | |
| google.golang.org/api | v0.211.0 | v0.215.0 | |
| google.golang.org/genproto | v0.0.0-20241209162323-e6fa225c2576 | v0.0.0-20250106144421-5f5ef82da422 | |
| google.golang.org/genproto/googleapis/api | v0.0.0-20241209162323-e6fa225c2576 | v0.0.0-20250106144421-5f5ef82da422 | |
| golang.org/x/crypto | v0.31.0 | v0.32.0 | |
| golang.org/x/oauth2 | v0.24.0 | v0.25.0 | |
| golang.org/x/tools | v0.28.0 | v0.29.0 | |
| sigs.k8s.io/kind | v0.25.0 | v0.26.0 |
-
go.sum: Checksums updated to reflect the new dependency versions.
-
vendor/cloud.google.com/go/: Several Google Cloud dependencies updated to newer versions.
-
vendor/cloud.google.com/go/auth/: Logging added to the 2LO token provider.
I will provide more detailed comments in my full review.
Meanwhile, here's a little haiku for your enjoyment:
Dependencies flow,
Updates bring smoother sailing,
Code now takes flight.
There was a problem hiding this comment.
This pull request updates several dependencies, which is good practice for maintaining a healthy and secure codebase. It also adds a new dependency github.com/go-jose/go-jose/v4 v4.0.4 and removes an indirect dependency on gopkg.in/go-jose/go-jose.v2 v2.6.3. Ensure that the new go-jose library is compatible with all functionalities that previously relied on the older version. It's also a good idea to add a brief description to the PR body outlining the updated dependencies and the reason for the update (e.g., bug fixes, performance improvements, new features). This helps reviewers understand the scope and impact of the changes. Since this is the last manual dependency update before Dependabot takes over, it's crucial to ensure all critical dependencies are updated to their latest stable versions to minimize future maintenance.
No description provided.