Skip to content

chore: bump dependencies via gobump #4803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
supakeen merged 3 commits into from
Aug 5, 2025
Merged

chore: bump dependencies via gobump #4803

supakeen merged 3 commits into from
Aug 5, 2025

Conversation

@schutzbot
Copy link
Collaborator

@schutzbot schutzbot commented Aug 3, 2025

Pinned Go version dependency update

Summary

Module A Version
cloud.google.com/go/compute - v1.41.0 > v1.41.0
cloud.google.com/go/storage - v1.56.0 > v1.56.0
github.com/Azure/azure-sdk-for-go - v68.0.0+incompatible > v68.0.0+incompatible
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob - v1.6.2 > v1.6.2
github.com/Azure/go-autorest/autorest - v0.11.30 > v0.11.30
github.com/Azure/go-autorest/autorest/azure/auth - v0.5.13 > v0.5.13
github.com/BurntSushi/toml U v1.5.1-0.20250403130103-3d3abc24416a > v1.5.0
github.com/aws/aws-sdk-go-v2 U v1.36.3 > v1.37.1
github.com/aws/aws-sdk-go-v2/config U v1.29.10 > v1.30.2
github.com/aws/aws-sdk-go-v2/credentials U v1.17.63 > v1.18.2
github.com/aws/aws-sdk-go-v2/feature/ec2/imds U v1.16.30 > v1.18.1
github.com/aws/aws-sdk-go-v2/feature/s3/manager U v1.17.16 > v1.18.2
github.com/aws/aws-sdk-go-v2/service/autoscaling U v1.43.5 > v1.55.1
github.com/aws/aws-sdk-go-v2/service/ec2 U v1.177.0 > v1.239.0
github.com/aws/aws-sdk-go-v2/service/s3 U v1.61.0 > v1.85.1
github.com/aws/smithy-go U v1.22.2 > v1.22.5
github.com/coreos/go-systemd/v22 - v22.5.0 > v22.5.0
github.com/getkin/kin-openapi U v0.131.0 > v0.132.0
github.com/getsentry/sentry-go U v0.34.1 > v0.35.0
github.com/getsentry/sentry-go/echo U v0.34.1 > v0.35.0
github.com/getsentry/sentry-go/logrus U v0.34.1 > v0.35.0
github.com/gobwas/glob - v0.2.3 > v0.2.3
github.com/golang-jwt/jwt/v4 - v4.5.2 > v4.5.2
github.com/google/go-cmp - v0.7.0 > v0.7.0
github.com/google/uuid - v1.6.0 > v1.6.0
github.com/gophercloud/gophercloud U v1.14.0 > v1.14.1
github.com/hashicorp/go-retryablehttp - v0.7.8 > v0.7.8
github.com/jackc/pgconn - v1.14.3 > v1.14.3
github.com/jackc/pgtype U v1.14.3 > v1.14.4
github.com/jackc/pgx/v4 - v4.18.3 > v4.18.3
github.com/julienschmidt/httprouter - v1.3.0 > v1.3.0
github.com/labstack/echo/v4 U v4.13.3 > v4.13.4
github.com/labstack/gommon - v0.4.2 > v0.4.2
github.com/oapi-codegen/oapi-codegen/v2 U v2.4.1 > v2.5.0
github.com/oapi-codegen/runtime U v1.1.1 > v1.1.2
github.com/openshift-online/ocm-sdk-go U v0.1.438 > v0.1.473
github.com/oracle/oci-go-sdk/v54 - v54.0.0 > v54.0.0
github.com/osbuild/blueprint U v1.10.0 > v1.11.0
github.com/osbuild/images - v0.168.0 > v0.168.0
github.com/osbuild/osbuild-composer/pkg/splunk_logger - v0.0.0-20240814102216-0239db53236d > v0.0.0-20240814102216-0239db53236d
github.com/osbuild/pulp-client - v0.1.0 > v0.1.0
github.com/prometheus/client_golang U v1.22.0 > v1.23.0
github.com/segmentio/ksuid - v1.0.4 > v1.0.4
github.com/sirupsen/logrus - v1.9.3 > v1.9.3
github.com/spf13/cobra - v1.9.1 > v1.9.1
github.com/stretchr/testify - v1.10.0 > v1.10.0
github.com/vmware/govmomi - v0.51.0 > v0.51.0
golang.org/x/exp - v0.0.0-20250103183323-7d7fa50e5329 > v0.0.0-20250103183323-7d7fa50e5329
golang.org/x/oauth2 - v0.30.0 > v0.30.0
golang.org/x/sync - v0.16.0 > v0.16.0
golang.org/x/sys - v0.34.0 > v0.34.0
google.golang.org/api U v0.243.0 > v0.244.0

🥨 Created with gobump (HEAD) 🥨

@schutzbot schutzbot requested review from a team and thozza as code owners August 3, 2025 15:24
@schutzbot schutzbot requested review from achilleas-k and supakeen and removed request for a team August 3, 2025 15:24
@lzap
Copy link
Contributor

lzap commented Aug 4, 2025
edited
Loading

Error:

internal/cloudapi/v2/errors_test.go:117:21: invalid operation: cannot indirect apiErr.Details (variable of type interface{})

Trying to reproduce locally, I do not understand what is going on here.

@lzap lzap closed this Aug 4, 2025
@lzap
Copy link
Contributor

lzap commented Aug 4, 2025

Ah reproduced locally with go test github.com/osbuild/osbuild-composer/internal/cloudapi/v2 looking into this.

@lzap
Copy link
Contributor

lzap commented Aug 4, 2025

Okay oapi-codegen upgrade is causing this, a manual patch is needed for the upgrade, I am going to create a new PR with gobump update and fix.

@lzap lzap reopened this Aug 4, 2025
@lzap
Copy link
Contributor

lzap commented Aug 4, 2025

I can actually push to the upstream branch directly in this case, reopening.

@lzap
Copy link
Contributor

lzap commented Aug 4, 2025

Some tests involving registry.fedoraproject.org will fail due to infra issues, need to re-trigger them.

@lzap
v2: update errors test for new error type
f1750dc 
The oapi-codegen update to v2.5.0 changed the Details field of the main
Error type to be an empty interface. This requires updates to the error
handling tests to accommodate the new structure.
@lzap lzap force-pushed the gobump-deps-16706524840 branch from 638dc09 to f1750dc Compare August 5, 2025 07:32
@lzap
Copy link
Contributor

lzap commented Aug 5, 2025

Can you help me to merge this? Only shellshock is failing but this is irrelevant, thanks @osbuild/osbuild-reviewers

@lzap lzap mentioned this pull request Aug 5, 2025
Open
@lzap lzap force-pushed the gobump-deps-16706524840 branch from b167230 to 6c45c1c Compare August 5, 2025 09:07
@supakeen
Copy link
Member

supakeen commented Aug 5, 2025

I can't see the Snyk output but it's failing. What is it failing on?

@lzap
Copy link
Contributor

lzap commented Aug 5, 2025
edited
Loading

It was this theoretical path traversal in vendor/ dir, I went ahead and fixed it but then when you click on "All vulnerabilities" we have 150 of these "weak" reports in vendored dependencies. So my patch will not clean it up all.

Edit: The function in question is never used as user input, it is passed only with constants like /sys/net/blah.

@lzap lzap force-pushed the gobump-deps-16706524840 branch from 6c45c1c to d625b33 Compare August 5, 2025 09:35
@lzap
Copy link
Contributor

lzap commented Aug 5, 2025

Had to amend a small change, the version must be 0.10.0 in order to hit the download link correctly. Looks like 0.10 will not work.

@thozza
Copy link
Member

thozza commented Aug 5, 2025

Had to amend a small change, the version must be 0.10.0 in order to hit the download link correctly. Looks like 0.10 will not work.

Unfortunately, Shellcheck is still not happy 😬

@lzap lzap force-pushed the gobump-deps-16706524840 branch from d625b33 to 5f84971 Compare August 5, 2025 12:27
@lzap
Copy link
Contributor

lzap commented Aug 5, 2025

Thanks, the proper version string was v0.10.0.

thozza
thozza approved these changes Aug 5, 2025
View reviewed changes
Copy link
Member

@thozza thozza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@supakeen supakeen enabled auto-merge (rebase) August 5, 2025 12:58
@supakeen supakeen mentioned this pull request Aug 5, 2025
Closed
@lzap
Copy link
Contributor

lzap commented Aug 5, 2025

I retried the failed Azure, am I doing it right?

@supakeen supakeen merged commit e3255a5 into main Aug 5, 2025
47 of 48 checks passed
@supakeen supakeen deleted the gobump-deps-16706524840 branch August 5, 2025 16:55
This was referenced Aug 6, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thozza thozza thozza approved these changes

@supakeen supakeen supakeen approved these changes

@achilleas-k achilleas-k Awaiting requested review from achilleas-k achilleas-k is a code owner automatically assigned from osbuild/osbuild-reviewers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@schutzbot @lzap @supakeen @thozza