Update github.com/hectane/go-acl digest to ca0b05c - autoclosed#49574
Closed
renovate[bot] wants to merge 1 commit intomainfrom
Closed
Update github.com/hectane/go-acl digest to ca0b05c - autoclosed#49574renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
renovate
Bot
added
changelog/no-changelog
github-actions
Bot
added
the
short review
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f467247f1a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| github.com/hashicorp/go-version v1.9.0 | ||
| github.com/hashicorp/golang-lru/v2 v2.0.7 | ||
| github.com/hectane/go-acl v0.0.0-20230225031251-cdfc9e3acf94 | ||
| github.com/hectane/go-acl ca0b05cb1adb |
There was a problem hiding this comment.
The new require entry pins github.com/hectane/go-acl to a raw commit hash (ca0b05cb1adb) instead of a valid Go module version, which makes the root module unparsable. In this repo, GOTOOLCHAIN=local go mod edit -json fails with version "ca0b05cb1adb" invalid: must be of the form v1.2.3, so any root-module build/test/tidy path that reads go.mod will fail until this is converted to a canonical pseudo-version (as done in pkg/util/filesystem/go.mod).
Useful? React with 👍 / 👎.
renovate
Bot
force-pushed
the
renovate/github.com-hectane-go-acl-digest
branch
from
f467247 to
f8f9cf7
Compare
renovate
Bot
changed the title
This was referenced Apr 24, 2026
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/github.com-hectane-go-acl-digest
branch
2 times, most recently
from
f8f9cf7 to
b55fa59
Compare
|
PRApprover will approve and merge this PR, FAQ, #dx-source-code-management 🛠️ PRApproval Status
➡️ Current phase: CI tests failed. Please fix the failing tests to continue. |
Contributor
|
🎯 Code Coverage (details) 🔗 Commit SHA: b55fa59 | Docs | Datadog PR Page | Give us feedback! |
5 tasks
gh-worker-dd-mergequeue-cf854d Bot
pushed a commit
that referenced
this pull request
Apr 27, 2026
## Summary - Adds a `packageRules` entry that disables `digest`-type updates under the `gomod` manager. - Only tagged (semver) gomod updates will be accepted from now on. ## Context When a Go dependency does not publish semver tags, Renovate's `gomod` manager has nothing to do and falls back to the `digest` datasource, which tracks the HEAD of the upstream default branch. Two problems come out of this: 1. **Malformed `go.mod` entries.** The digest manager does not always round-trip a proper `v0.0.0-<timestamp>-<commit>` pseudo-version — it can leave a bare short hash in the root `go.mod`, breaking the build. Example: #49574 rewrote the root entry to `github.com/hectane/go-acl ca0b05cb1adb`. 2. **"Updates" that go backwards in time.** The digest datasource has no time or semver ordering. If the upstream default branch is reset, renamed, or never had the commit we currently pin, Renovate will happily "update" to an older commit. Example from the same PR: the subpackage `go.mod` was bumped from a Feb 2023 commit to a Jan 2023 commit. Disabling digest updates for `gomod` is a guardrail so this class of regression cannot slip in again for any tag-less Go dependency. ## Test plan - [ ] Renovate dashboard/dry-run confirms no new `gomod` digest PRs are opened. - [ ] Existing tagged gomod update PRs continue to open normally. Co-authored-by: nicolas.schweitzer <nicolas.schweitzer@datadoghq.com>
renovate
Bot
changed the title
chouetz
added a commit
that referenced
this pull request
Apr 29, 2026
Replaces the direct dependency on github.com/hectane/go-acl (v0.0.0-20230225031251-cdfc9e3acf94, the head of upstream's unmerged PR #19) with github.com/DataDog/go-acl v1.0.0, a tagged release of a DataDog-owned fork that contains the same code (upstream master HEAD plus the golang.org/x/sys 0.1.0 bump from PR #19). Why: - Upstream hectane/go-acl is inactive, has no semver tags, and the commit we depended on lives on an unmerged PR branch — fragile ground for Renovate, which fell back to digest updates that produced malformed go.mod entries and time-regressing "updates" (see #49574). - Owning a tagged fork lets Renovate resolve real semver versions and guarantees the source we depend on cannot vanish or be force-pushed. Scope: - Two Go imports rewritten (pkg/util/filesystem/permission_windows.go and pkg/security/probe/probe_auditing_windows_test.go). - All affected go.mod/go.sum updated via dda inv tidy. - Bazel manifest updated (deps/go.MODULE.bazel, pkg/util/filesystem/BUILD.bazel). - LICENSE-3rdparty.csv regenerated. The hectane/go-acl // indirect entries that remain come from old datadog-agent submodule versions pinned by opentelemetry-collector- contrib. They will disappear once OTel bumps its datadog-agent pin past this PR.
chouetz
added a commit
that referenced
this pull request
Apr 29, 2026
Replaces the direct dependency on github.com/hectane/go-acl (v0.0.0-20230225031251-cdfc9e3acf94, the head of upstream's unmerged PR #19) with github.com/DataDog/go-acl v1.0.0, a tagged release of a DataDog-owned fork that contains the same code (upstream master HEAD plus the golang.org/x/sys 0.1.0 bump from PR #19). Why: - Upstream hectane/go-acl is inactive, has no semver tags, and the commit we depended on lives on an unmerged PR branch — fragile ground for Renovate, which fell back to digest updates that produced malformed go.mod entries and time-regressing "updates" (see #49574). - Owning a tagged fork lets Renovate resolve real semver versions and guarantees the source we depend on cannot vanish or be force-pushed. Scope: - Two Go imports rewritten (pkg/util/filesystem/permission_windows.go and pkg/security/probe/probe_auditing_windows_test.go). - All affected go.mod/go.sum updated via dda inv tidy. - Bazel manifest updated (deps/go.MODULE.bazel, pkg/util/filesystem/BUILD.bazel). - LICENSE-3rdparty.csv regenerated. The hectane/go-acl // indirect entries that remain come from old datadog-agent submodule versions pinned by opentelemetry-collector- contrib. They will disappear once OTel bumps its datadog-agent pin past this PR.
chouetz
added a commit
that referenced
this pull request
Apr 30, 2026
Replaces the direct dependency on github.com/hectane/go-acl (v0.0.0-20230225031251-cdfc9e3acf94, the head of upstream's unmerged PR #19) with github.com/DataDog/go-acl v1.0.0, a tagged release of a DataDog-owned fork that contains the same code (upstream master HEAD plus the golang.org/x/sys 0.1.0 bump from PR #19). Why: - Upstream hectane/go-acl is inactive, has no semver tags, and the commit we depended on lives on an unmerged PR branch — fragile ground for Renovate, which fell back to digest updates that produced malformed go.mod entries and time-regressing "updates" (see #49574). - Owning a tagged fork lets Renovate resolve real semver versions and guarantees the source we depend on cannot vanish or be force-pushed. Scope: - Two Go imports rewritten (pkg/util/filesystem/permission_windows.go and pkg/security/probe/probe_auditing_windows_test.go). - All affected go.mod/go.sum updated via dda inv tidy. - Bazel manifest updated (deps/go.MODULE.bazel, pkg/util/filesystem/BUILD.bazel). - LICENSE-3rdparty.csv regenerated. The hectane/go-acl // indirect entries that remain come from old datadog-agent submodule versions pinned by opentelemetry-collector- contrib. They will disappear once OTel bumps its datadog-agent pin past this PR.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
cdfc9e3→ca0b05cWarning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Configuration
📅 Schedule: (UTC)
* 0-4,22-23 * * 1-5)* * * * 0,6)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.