Skip to content

Upgrade Go to 1.26 and update dependencies#323

Merged
makkes merged 1 commit into
mainfrom
bump-deps
May 4, 2026
Merged

Upgrade Go to 1.26 and update dependencies#323
makkes merged 1 commit into
mainfrom
bump-deps

Conversation

@makkes
Copy link
Copy Markdown
Member

@makkes makkes commented Apr 29, 2026
edited
Loading

Before:

$ govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2026-4910
Maliciously crafted idx file can cause asymmetric memory consumption in
    github.com/go-git/go-git
[...]
Vulnerability #2: GO-2026-4909
    Missing validation decoding Index v4 files leads to panic in
    github.com/go-git/go-git
[...]
Vulnerability #3: GO-2026-4550
    CIRCL has an incorrect calculation in secp384r1 CombinedMult in
    github.com/cloudflare/circl

After:

$ govulncheck ./...
No vulnerabilities found.

matheuscscp
matheuscscp approved these changes Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@matheuscscp matheuscscp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Comment thread go.mod Outdated
stefanprodan
stefanprodan requested changes Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Besides fixing the e2e tests, please bump Go to 1.26.x in all GitHub workflows.

stefanprodan
stefanprodan reviewed Apr 29, 2026
View reviewed changes
Comment thread go.mod Outdated
@makkes makkes force-pushed the bump-deps branch 2 times, most recently from be53134 to 786d477 Compare April 29, 2026 14:27
@stefanprodan
Copy link
Copy Markdown
Member

stefanprodan commented Apr 30, 2026

@makkes can you please bump go-version: 1.25.x to 1.26.x in all workflows please.

@makkes
Upgrade Go deps
df35f62 
Signed-off-by: Max Jonas Werner <max@coppersoft.com>
@makkes
Copy link
Copy Markdown
Member Author

makkes commented Apr 30, 2026

@makkes can you please bump go-version: 1.25.x to 1.26.x in all workflows please.

done

matheuscscp
matheuscscp approved these changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@matheuscscp matheuscscp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀

@matheuscscp matheuscscp requested a review from stefanprodan May 1, 2026 11:53
stefanprodan
stefanprodan approved these changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @makkes

@stefanprodan stefanprodan added the dependencies Pull requests that update a dependency file label May 1, 2026
@stefanprodan stefanprodan changed the title Upgrade Go deps Upgrade Go to 1.26 and update dependencies May 1, 2026
@makkes makkes merged commit 5f11506 into main May 4, 2026
7 checks passed
@makkes makkes deleted the bump-deps branch May 4, 2026 07:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matheuscscp matheuscscp matheuscscp approved these changes

@stefanprodan stefanprodan stefanprodan approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@makkes @stefanprodan @matheuscscp