From 1f1173707cab405af87e708d45f85add6446e719 Mon Sep 17 00:00:00 2001 From: Mohammed Firdous Date: Thu, 15 Jan 2026 14:29:17 +0000 Subject: [PATCH 1/7] feat: add dependabot configuration for gomod updates Signed-off-by: Mohammed Firdous --- .github/dependabot.yml | 47 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..1c20587e5f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,47 @@ +version: 2 +updates: + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + + - package-ecosystem: "gomod" + directory: "/pkg/plugin/sdk" + schedule: + interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/tool/actions-gh-release" + schedule: + interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/tool/actions-plan-preview" + schedule: + interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/tool/codegen/protoc-gen-auth" + schedule: + interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/pkg/app/pipedv1/plugin/kubernetes" + schedule: + interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/pkg/app/pipedv1/plugin/kubernetes_multicluster" + schedule: + interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/pkg/app/pipedv1/plugin/terraform" + schedule: + interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/pkg/app/pipedv1/plugin/cloudrun" + schedule: + interval: "weekly" From 148b5a30574e98580567c7663b8fbf9a6d5df12f Mon Sep 17 00:00:00 2001 From: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> Date: Thu, 15 Jan 2026 14:44:39 +0000 Subject: [PATCH 2/7] Add govulncheck job to lint workflow and fix matrix job result syntax Signed-off-by: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> --- .github/dependabot.yml | 36 ++++++++++++++++++++++++++++++++++++ .github/workflows/lint.yaml | 35 ++++++++++++++++++++++++++++++----- 2 files changed, 66 insertions(+), 5 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1c20587e5f..90c859c549 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -45,3 +45,39 @@ updates: directory: "/pkg/app/pipedv1/plugin/cloudrun" schedule: interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/pkg/app/pipedv1/plugin/scriptrun" + schedule: + interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/pkg/app/pipedv1/plugin/analysis" + schedule: + interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/pkg/app/pipedv1/plugin/wait" + schedule: + interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/pkg/app/pipedv1/plugin/waitapproval" + schedule: + interval: "weekly" + + - package-ecosystem: "npm" + directory: "/web" + schedule: + interval: "weekly" + open-pull-requests-limit: 5 + + - package-ecosystem: "npm" + directory: "/docs" + schedule: + interval: "monthly" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index f3e1130763..b630d65396 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -60,11 +60,7 @@ jobs: # if jobs in the 'go' job matrix failed or were cancelled, this job will fail # otherwise this job is marked as successful because all steps are skipped run: exit 1 - if: >- - ${{ - contains(needs.*.result, 'failure') - || contains(needs.*.result, 'cancelled') - }} + if: needs.go.result != 'success' web: runs-on: ubuntu-24.04 @@ -100,3 +96,32 @@ jobs: - name: Lint all Helm charts run: make lint/helm + + govulncheck: + runs-on: ubuntu-24.04 + needs: list-go-modules + strategy: + fail-fast: false + matrix: + module: ${{ fromJSON(needs.list-go-modules.outputs.modules) }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + - name: Install govulncheck + run: go install golang.org/x/vuln/cmd/govulncheck@latest + - name: Run govulncheck + working-directory: ${{ matrix.module }} + run: govulncheck ./... + + govulncheck-completed: + runs-on: ubuntu-24.04 + if: always() + needs: govulncheck + steps: + - name: Check if all govulncheck jobs succeeded + # if jobs in the 'govulncheck' job matrix failed or were cancelled, this job will fail + # otherwise this job is marked as successful because all steps are skipped + run: exit 1 + if: needs.govulncheck.result != 'success' From b61d0964f3053cfaad90a6903e027e61850075d6 Mon Sep 17 00:00:00 2001 From: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> Date: Mon, 19 Jan 2026 10:46:12 +0000 Subject: [PATCH 3/7] test CI workflow for govulncheck Signed-off-by: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index b630d65396..9df9507c09 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -122,6 +122,6 @@ jobs: steps: - name: Check if all govulncheck jobs succeeded # if jobs in the 'govulncheck' job matrix failed or were cancelled, this job will fail - # otherwise this job is marked as successful because all steps are skipped + # otherwise this job is marked as successful because all steps are skipped. run: exit 1 if: needs.govulncheck.result != 'success' From 1f815853592b281cd73c487e7a1a828ec502ba81 Mon Sep 17 00:00:00 2001 From: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> Date: Mon, 19 Jan 2026 11:16:46 +0000 Subject: [PATCH 4/7] update setup-go action version and improve message formatting Signed-off-by: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> --- .github/workflows/first-time-contributor.yaml | 24 +++++++++---------- .github/workflows/lint.yaml | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/first-time-contributor.yaml b/.github/workflows/first-time-contributor.yaml index ad2acd37fb..2bd435d0c2 100644 --- a/.github/workflows/first-time-contributor.yaml +++ b/.github/workflows/first-time-contributor.yaml @@ -36,18 +36,18 @@ jobs: return; } - const body = ` -👋 Hi @${prAuthor}, thanks for opening your first pull request to **PipeCD**! - -Here are a few helpful resources to get started: -- Contributing guide: \`CONTRIBUTING.md\` -- Common commands: - - \`make test\` - - \`make lint\` - -If you have any questions, feel free to ask in this PR. -Thanks for contributing! -`; + const body = [ + `👋 Hi @${prAuthor}, thanks for opening your first pull request to **PipeCD**!`, + '', + 'Here are a few helpful resources to get started:', + '- Contributing guide: `CONTRIBUTING.md`', + '- Common commands:', + ' - `make test`', + ' - `make lint`', + '', + 'If you have any questions, feel free to ask in this PR.', + 'Thanks for contributing!' + ].join('\n'); await github.rest.issues.createComment({ owner, diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 9df9507c09..80b903dffb 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -106,7 +106,7 @@ jobs: module: ${{ fromJSON(needs.list-go-modules.outputs.modules) }} steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@v5 + - uses: actions/setup-go@v3 with: go-version: ${{ env.GO_VERSION }} - name: Install govulncheck From 04285d3470a869e48b0a1d24b0e8d5071e36f42f Mon Sep 17 00:00:00 2001 From: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> Date: Wed, 18 Mar 2026 02:05:54 +0000 Subject: [PATCH 5/7] fix: update Go version to 1.25.8 to fix govulncheck vulnerabilities Signed-off-by: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> --- go.mod | 2 +- pkg/app/pipedv1/plugin/analysis/go.mod | 2 +- pkg/app/pipedv1/plugin/cloudrun/go.mod | 6 ++---- pkg/app/pipedv1/plugin/ecs/go.mod | 2 +- pkg/app/pipedv1/plugin/kubernetes/go.mod | 2 +- .../pipedv1/plugin/kubernetes_multicluster/go.mod | 2 +- .../pipedv1/plugin/kubernetes_multicluster/go.sum | 12 ++++++------ pkg/app/pipedv1/plugin/scriptrun/go.mod | 2 +- pkg/app/pipedv1/plugin/terraform/go.mod | 4 ++-- pkg/app/pipedv1/plugin/terraform/go.sum | 2 -- pkg/app/pipedv1/plugin/wait/go.mod | 4 ++-- pkg/app/pipedv1/plugin/waitapproval/go.mod | 2 +- pkg/plugin/sdk/go.mod | 2 +- tool/actions-gh-release/go.mod | 2 +- tool/actions-plan-preview/go.mod | 2 +- tool/codegen/protoc-gen-auth/go.mod | 2 +- 16 files changed, 23 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index 9523d1eab6..15d6782672 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/pipe-cd/pipecd -go 1.25.0 +go 1.25.8 require ( cloud.google.com/go/firestore v1.14.0 diff --git a/pkg/app/pipedv1/plugin/analysis/go.mod b/pkg/app/pipedv1/plugin/analysis/go.mod index c88f91019f..bcf5650a16 100644 --- a/pkg/app/pipedv1/plugin/analysis/go.mod +++ b/pkg/app/pipedv1/plugin/analysis/go.mod @@ -1,6 +1,6 @@ module github.com/pipe-cd/pipecd/pkg/app/pipedv1/plugin/analysis -go 1.25.0 +go 1.25.8 require ( github.com/DataDog/datadog-api-client-go v1.0.0-beta.16 diff --git a/pkg/app/pipedv1/plugin/cloudrun/go.mod b/pkg/app/pipedv1/plugin/cloudrun/go.mod index ad01231a16..2cee060edb 100644 --- a/pkg/app/pipedv1/plugin/cloudrun/go.mod +++ b/pkg/app/pipedv1/plugin/cloudrun/go.mod @@ -1,10 +1,9 @@ module github.com/pipe-cd/pipecd/pkg/app/pipedv1/plugin/cloudrunservice -go 1.24.1 - -toolchain go1.24.2 +go 1.25.8 require ( + github.com/creasty/defaults v1.6.0 github.com/pipe-cd/piped-plugin-sdk-go v0.0.0-20250813060314-58a44ff1d325 github.com/stretchr/testify v1.10.0 ) @@ -16,7 +15,6 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/coreos/go-oidc/v3 v3.11.0 // indirect - github.com/creasty/defaults v1.6.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect github.com/go-jose/go-jose/v4 v4.0.5 // indirect diff --git a/pkg/app/pipedv1/plugin/ecs/go.mod b/pkg/app/pipedv1/plugin/ecs/go.mod index 7d5beb3a77..aac9ea5b3e 100644 --- a/pkg/app/pipedv1/plugin/ecs/go.mod +++ b/pkg/app/pipedv1/plugin/ecs/go.mod @@ -1,6 +1,6 @@ module github.com/pipe-cd/pipecd/pkg/app/pipedv1/plugin/ecs -go 1.25.0 +go 1.25.8 require ( github.com/aws/aws-sdk-go-v2 v1.31.0 diff --git a/pkg/app/pipedv1/plugin/kubernetes/go.mod b/pkg/app/pipedv1/plugin/kubernetes/go.mod index 5ddfc5e780..e9ac0e2313 100644 --- a/pkg/app/pipedv1/plugin/kubernetes/go.mod +++ b/pkg/app/pipedv1/plugin/kubernetes/go.mod @@ -1,6 +1,6 @@ module github.com/pipe-cd/pipecd/pkg/app/pipedv1/plugin/kubernetes -go 1.25.0 +go 1.25.8 require ( github.com/creasty/defaults v1.6.0 diff --git a/pkg/app/pipedv1/plugin/kubernetes_multicluster/go.mod b/pkg/app/pipedv1/plugin/kubernetes_multicluster/go.mod index a17f44752f..f554f597ec 100644 --- a/pkg/app/pipedv1/plugin/kubernetes_multicluster/go.mod +++ b/pkg/app/pipedv1/plugin/kubernetes_multicluster/go.mod @@ -1,6 +1,6 @@ module github.com/pipe-cd/pipecd/pkg/app/pipedv1/plugin/kubernetes_multicluster -go 1.25.0 +go 1.25.8 require ( github.com/creasty/defaults v1.6.0 diff --git a/pkg/app/pipedv1/plugin/kubernetes_multicluster/go.sum b/pkg/app/pipedv1/plugin/kubernetes_multicluster/go.sum index b594ffee50..1643b0908f 100644 --- a/pkg/app/pipedv1/plugin/kubernetes_multicluster/go.sum +++ b/pkg/app/pipedv1/plugin/kubernetes_multicluster/go.sum @@ -191,8 +191,11 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= +github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= +github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= +github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE= github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/goccy/go-yaml v1.9.8 h1:5gMyLUeU1/6zl+WFfR1hN7D2kf+1/eRGa7DFtToiBvQ= @@ -363,6 +366,7 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -423,12 +427,8 @@ github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFSt github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pipe-cd/pipecd v0.52.0 h1:/WRzHs4hqeYRJBvu0ask6UAO7qBlvPgN1ulBdA1VjgE= -github.com/pipe-cd/pipecd v0.52.0/go.mod h1:Hi4d3mndTeY+hPB4YbN9aIgvP00EBV0CM+NQgyEwn98= github.com/pipe-cd/pipecd v0.54.0-rc1.0.20250912082650-0b949bb7aac9 h1:kyFMfrjASFFSptyakHaF4OSCy2TamOr6VAkf2nlplxA= github.com/pipe-cd/pipecd v0.54.0-rc1.0.20250912082650-0b949bb7aac9/go.mod h1:etCJcXHbrFxuh9fG3MNBTZLKG8EQ1v+ZEGn9Rb/mK1o= -github.com/pipe-cd/piped-plugin-sdk-go v0.0.0-20250612023157-bc4c32dc15cb h1:dDgNZzEJl/RrHqSK8TDGVdvAxCNKDKaT9pWUDOYv6NA= -github.com/pipe-cd/piped-plugin-sdk-go v0.0.0-20250612023157-bc4c32dc15cb/go.mod h1:WpVRto2ZLgFRJ4VOk8gtTChHNCrGa4UjRhGN81TCl2E= github.com/pipe-cd/piped-plugin-sdk-go v0.2.0 h1:Le7IREhbLTm+PNiLcTcRUQ5Kep+OcvQbFa0tjgD/7gc= github.com/pipe-cd/piped-plugin-sdk-go v0.2.0/go.mod h1:qoRDN5uSt2kUs5hcNfvs8QIQYCnPVTKyKqUMf80RFFA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -592,6 +592,8 @@ go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= +go.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE= +go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -1077,7 +1079,5 @@ sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sigs.k8s.io/yaml v1.5.0 h1:M10b2U7aEUY6hRtU870n2VTPgR5RZiL/I6Lcc2F4NUQ= sigs.k8s.io/yaml v1.5.0/go.mod h1:wZs27Rbxoai4C0f8/9urLZtZtF3avA3gKvGyPdDqTO4= diff --git a/pkg/app/pipedv1/plugin/scriptrun/go.mod b/pkg/app/pipedv1/plugin/scriptrun/go.mod index 3555b0417d..86a91b37e0 100644 --- a/pkg/app/pipedv1/plugin/scriptrun/go.mod +++ b/pkg/app/pipedv1/plugin/scriptrun/go.mod @@ -1,6 +1,6 @@ module github.com/pipe-cd/pipecd/pkg/app/pipedv1/plugin/scriptrun -go 1.25.0 +go 1.25.8 require ( github.com/creasty/defaults v1.6.0 diff --git a/pkg/app/pipedv1/plugin/terraform/go.mod b/pkg/app/pipedv1/plugin/terraform/go.mod index 49e3adb076..524e492d37 100644 --- a/pkg/app/pipedv1/plugin/terraform/go.mod +++ b/pkg/app/pipedv1/plugin/terraform/go.mod @@ -1,8 +1,9 @@ module github.com/pipe-cd/pipecd/pkg/app/pipedv1/plugin/terraform -go 1.25.0 +go 1.25.8 require ( + github.com/creasty/defaults v1.6.0 github.com/hashicorp/hcl/v2 v2.0.0 github.com/pipe-cd/piped-plugin-sdk-go v0.3.0 github.com/stretchr/testify v1.10.0 @@ -18,7 +19,6 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/coreos/go-oidc/v3 v3.11.0 // indirect - github.com/creasty/defaults v1.6.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect github.com/go-jose/go-jose/v4 v4.0.5 // indirect diff --git a/pkg/app/pipedv1/plugin/terraform/go.sum b/pkg/app/pipedv1/plugin/terraform/go.sum index 9ac15e2527..ed17211766 100644 --- a/pkg/app/pipedv1/plugin/terraform/go.sum +++ b/pkg/app/pipedv1/plugin/terraform/go.sum @@ -226,8 +226,6 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/pipe-cd/pipecd v0.54.0-rc1.0.20250912082650-0b949bb7aac9 h1:kyFMfrjASFFSptyakHaF4OSCy2TamOr6VAkf2nlplxA= github.com/pipe-cd/pipecd v0.54.0-rc1.0.20250912082650-0b949bb7aac9/go.mod h1:etCJcXHbrFxuh9fG3MNBTZLKG8EQ1v+ZEGn9Rb/mK1o= -github.com/pipe-cd/piped-plugin-sdk-go v0.2.0 h1:Le7IREhbLTm+PNiLcTcRUQ5Kep+OcvQbFa0tjgD/7gc= -github.com/pipe-cd/piped-plugin-sdk-go v0.2.0/go.mod h1:qoRDN5uSt2kUs5hcNfvs8QIQYCnPVTKyKqUMf80RFFA= github.com/pipe-cd/piped-plugin-sdk-go v0.3.0 h1:pXBEHqKxsYZVXav9J1SkT36LNCNLHXGK99J6YfX1oQ4= github.com/pipe-cd/piped-plugin-sdk-go v0.3.0/go.mod h1:qoRDN5uSt2kUs5hcNfvs8QIQYCnPVTKyKqUMf80RFFA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= diff --git a/pkg/app/pipedv1/plugin/wait/go.mod b/pkg/app/pipedv1/plugin/wait/go.mod index 9ac17e8247..c79e0dc384 100644 --- a/pkg/app/pipedv1/plugin/wait/go.mod +++ b/pkg/app/pipedv1/plugin/wait/go.mod @@ -1,8 +1,9 @@ module github.com/pipe-cd/pipecd/pkg/app/pipedv1/plugin/wait -go 1.25.0 +go 1.25.8 require ( + github.com/creasty/defaults v1.6.0 github.com/pipe-cd/piped-plugin-sdk-go v0.3.0 github.com/stretchr/testify v1.10.0 go.uber.org/zap v1.19.1 @@ -15,7 +16,6 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/coreos/go-oidc/v3 v3.11.0 // indirect - github.com/creasty/defaults v1.6.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect github.com/go-jose/go-jose/v4 v4.0.5 // indirect diff --git a/pkg/app/pipedv1/plugin/waitapproval/go.mod b/pkg/app/pipedv1/plugin/waitapproval/go.mod index 6bb4219e56..ba2658f3f1 100644 --- a/pkg/app/pipedv1/plugin/waitapproval/go.mod +++ b/pkg/app/pipedv1/plugin/waitapproval/go.mod @@ -1,6 +1,6 @@ module github.com/pipe-cd/pipecd/pkg/app/pipedv1/plugin/waitapproval -go 1.25.0 +go 1.25.8 require ( github.com/creasty/defaults v1.6.0 diff --git a/pkg/plugin/sdk/go.mod b/pkg/plugin/sdk/go.mod index 061419f770..acbae595e7 100644 --- a/pkg/plugin/sdk/go.mod +++ b/pkg/plugin/sdk/go.mod @@ -1,6 +1,6 @@ module github.com/pipe-cd/piped-plugin-sdk-go -go 1.25.0 +go 1.25.8 require ( github.com/pipe-cd/pipecd v0.54.0-rc1.0.20250912082650-0b949bb7aac9 diff --git a/tool/actions-gh-release/go.mod b/tool/actions-gh-release/go.mod index 55b4ec53c2..5ae4a7830e 100644 --- a/tool/actions-gh-release/go.mod +++ b/tool/actions-gh-release/go.mod @@ -1,6 +1,6 @@ module github.com/pipe-cd/actions-gh-release -go 1.25.0 +go 1.25.8 require ( github.com/creasty/defaults v1.5.2 diff --git a/tool/actions-plan-preview/go.mod b/tool/actions-plan-preview/go.mod index 293e545edb..d1ba46993d 100644 --- a/tool/actions-plan-preview/go.mod +++ b/tool/actions-plan-preview/go.mod @@ -1,6 +1,6 @@ module github.com/pipe-cd/actions-plan-preview -go 1.25.0 +go 1.25.8 require ( github.com/google/go-github/v36 v36.0.0 diff --git a/tool/codegen/protoc-gen-auth/go.mod b/tool/codegen/protoc-gen-auth/go.mod index 1b4caacfa3..18e825daa1 100644 --- a/tool/codegen/protoc-gen-auth/go.mod +++ b/tool/codegen/protoc-gen-auth/go.mod @@ -1,5 +1,5 @@ module github.com/pipe-cd/pipecd/tool/codegen/protoc-gen-auth -go 1.25.0 +go 1.25.8 require google.golang.org/protobuf v1.33.0 From 5cdef2c3760d0a38168ebd42e8b7327c2e3cbd7a Mon Sep 17 00:00:00 2001 From: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> Date: Wed, 18 Mar 2026 02:10:35 +0000 Subject: [PATCH 6/7] chore: update dependencies to latest versions in go.mod and go.sum Signed-off-by: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> --- go.mod | 17 +++++++++-------- go.sum | 40 ++++++++++++++++++++++------------------ 2 files changed, 31 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index 15d6782672..df837c47f4 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/envoyproxy/go-control-plane v0.12.0 github.com/envoyproxy/protoc-gen-validate v1.0.4 github.com/fsouza/fake-gcs-server v1.21.0 - github.com/go-logr/logr v1.4.2 + github.com/go-logr/logr v1.4.3 github.com/go-sql-driver/mysql v1.6.0 github.com/goccy/go-yaml v1.9.8 github.com/golang-jwt/jwt/v5 v5.2.2 @@ -47,11 +47,11 @@ require ( github.com/slack-go/slack v0.12.2 github.com/spf13/cobra v1.9.1 github.com/spf13/pflag v1.0.6 - github.com/stretchr/testify v1.10.0 - go.opentelemetry.io/otel v1.28.0 + github.com/stretchr/testify v1.11.1 + go.opentelemetry.io/otel v1.40.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 - go.opentelemetry.io/otel/sdk v1.28.0 - go.opentelemetry.io/otel/trace v1.28.0 + go.opentelemetry.io/otel/sdk v1.40.0 + go.opentelemetry.io/otel/trace v1.40.0 go.uber.org/atomic v1.11.0 go.uber.org/mock v0.6.0 go.uber.org/zap v1.19.1 @@ -109,7 +109,7 @@ require ( github.com/aws/smithy-go v1.21.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50 // indirect github.com/containerd/continuity v0.3.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect @@ -182,14 +182,15 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/zclconf/go-cty v1.1.0 // indirect go.opencensus.io v0.24.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect - go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.40.0 // indirect go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/multierr v1.6.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect - golang.org/x/sys v0.31.0 // indirect + golang.org/x/sys v0.40.0 // indirect golang.org/x/term v0.30.0 // indirect golang.org/x/text v0.23.0 // indirect golang.org/x/time v0.5.0 // indirect diff --git a/go.sum b/go.sum index c5d1438e8c..fe2eea4891 100644 --- a/go.sum +++ b/go.sum @@ -183,8 +183,8 @@ github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -296,8 +296,8 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= @@ -695,8 +695,8 @@ github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzG github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -758,8 +758,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tinylib/msgp v1.1.2 h1:gWmO7n0Ys2RBEb7GPYB9Ujq8Mk5p2U08lRnmMcGy6BQ= github.com/tinylib/msgp v1.1.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE= @@ -802,6 +802,8 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= @@ -810,25 +812,27 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= -go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= -go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms= +go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= -go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= -go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g= +go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= -go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= -go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8= +go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= +go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw= +go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= -go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= -go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw= +go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= @@ -1063,8 +1067,8 @@ golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220406163625-3f8b81556e12/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= +golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= From 1ab6a449c6de9eceba527273a504555f99b1e446 Mon Sep 17 00:00:00 2001 From: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> Date: Wed, 18 Mar 2026 02:17:44 +0000 Subject: [PATCH 7/7] ci: make govulncheck warn-only until vulnerabilities are fixed Signed-off-by: Mohammed Firdous <124298708+mohammedfirdouss@users.noreply.github.com> --- .github/workflows/lint.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 80b903dffb..9b3cefa62f 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -113,6 +113,8 @@ jobs: run: go install golang.org/x/vuln/cmd/govulncheck@latest - name: Run govulncheck working-directory: ${{ matrix.module }} + # TODO: Remove continue-on-error once vulnerabilities are fixed (see #6600) + continue-on-error: true run: govulncheck ./... govulncheck-completed: @@ -120,8 +122,9 @@ jobs: if: always() needs: govulncheck steps: - - name: Check if all govulncheck jobs succeeded - # if jobs in the 'govulncheck' job matrix failed or were cancelled, this job will fail - # otherwise this job is marked as successful because all steps are skipped. - run: exit 1 + - name: Check govulncheck status + # Warn-only for now until vulnerabilities are fixed (see #6600) + # Change 'skipped' back to 'success' once fixed + run: | + echo "::warning::govulncheck found vulnerabilities - see issue #6600 for tracking" if: needs.govulncheck.result != 'success'