From feaa3da799b1574abbed1c62177c8b708aae2ee9 Mon Sep 17 00:00:00 2001 From: avidal Date: Thu, 2 Apr 2026 10:37:25 -0500 Subject: [PATCH] chore: bump deps, including Go toolchain The important bump is to the Go toolchain to address some stdlib vulnerabilities and prevent security scanners from flagging images that COPY commit-headless. But, might as well rev the other dependencies while we're at it. --- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 4 ++-- github.go | 2 +- github_test.go | 2 +- go.mod | 12 +++++++----- go.sum | 23 +++++++++++------------ version.go | 2 +- 7 files changed, 24 insertions(+), 23 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index adc58e3..dab9665 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: - go-version: '1.24' + go-version: '1.26' - run: go test -v . diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0cc4c33..ffe9b34 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,7 +18,7 @@ jobs: - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: - go-version: '1.24' + go-version: '1.26' - name: Run Go tests run: go test -v ./... @@ -31,7 +31,7 @@ jobs: - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: - go-version: '1.24' + go-version: '1.26' - name: Build binary run: | diff --git a/github.go b/github.go index 5b3e281..8ebc5b2 100644 --- a/github.go +++ b/github.go @@ -12,7 +12,7 @@ import ( "strings" "time" - "github.com/google/go-github/v81/github" + "github.com/google/go-github/v84/github" "golang.org/x/oauth2" ) diff --git a/github_test.go b/github_test.go index 4fb631f..2659042 100644 --- a/github_test.go +++ b/github_test.go @@ -11,7 +11,7 @@ import ( "strings" "testing" - "github.com/google/go-github/v81/github" + "github.com/google/go-github/v84/github" ) func init() { diff --git a/go.mod b/go.mod index 8f8725d..28df589 100644 --- a/go.mod +++ b/go.mod @@ -1,11 +1,13 @@ module github.com/DataDog/commit-headless -go 1.24.10 +go 1.25.0 + +toolchain go1.26.1 require ( - github.com/alecthomas/kong v1.11.0 - github.com/google/go-github/v81 v81.0.0 - golang.org/x/oauth2 v0.30.0 + github.com/alecthomas/kong v1.14.0 + github.com/google/go-github/v84 v84.0.0 + golang.org/x/oauth2 v0.36.0 ) -require github.com/google/go-querystring v1.1.0 // indirect +require github.com/google/go-querystring v1.2.0 // indirect diff --git a/go.sum b/go.sum index d9c1302..8cc435e 100644 --- a/go.sum +++ b/go.sum @@ -1,18 +1,17 @@ github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0= github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k= -github.com/alecthomas/kong v1.11.0 h1:y++1gI7jf8O7G7l4LZo5ASFhrhJvzc+WgF/arranEmM= -github.com/alecthomas/kong v1.11.0/go.mod h1:p2vqieVMeTAnaC83txKtXe8FLke2X07aruPWXyMPQrU= -github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc= -github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/alecthomas/kong v1.14.0 h1:gFgEUZWu2ZmZ+UhyZ1bDhuutbKN1nTtJTwh19Wsn21s= +github.com/alecthomas/kong v1.14.0/go.mod h1:wrlbXem1CWqUV5Vbmss5ISYhsVPkBb1Yo7YKJghju2I= +github.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs= +github.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-github/v81 v81.0.0 h1:hTLugQRxSLD1Yei18fk4A5eYjOGLUBKAl/VCqOfFkZc= -github.com/google/go-github/v81 v81.0.0/go.mod h1:upyjaybucIbBIuxgJS7YLOZGziyvvJ92WX6WEBNE3sM= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/go-github/v84 v84.0.0 h1:I/0Xn5IuChMe8TdmI2bbim5nyhaRFJ7DEdzmD2w+yVA= +github.com/google/go-github/v84 v84.0.0/go.mod h1:WwYL1z1ajRdlaPszjVu/47x1L0PXukJBn73xsiYrRRQ= +github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= +github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU= github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= +golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= diff --git a/version.go b/version.go index 0e22c18..be23939 100644 --- a/version.go +++ b/version.go @@ -1,3 +1,3 @@ package main -const VERSION = "3.1.0" +const VERSION = "3.1.1"