chore(deps): Bump golang.org/x/sys from 0.41.0 to 0.43.0#35
Closed
dependabot[bot] wants to merge 1 commit intomainfrom
Closed
chore(deps): Bump golang.org/x/sys from 0.41.0 to 0.43.0#35dependabot[bot] wants to merge 1 commit intomainfrom
dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.41.0 to 0.43.0. - [Commits](golang/sys@v0.41.0...v0.43.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
5 tasks
kevinelliott
added a commit
that referenced
this pull request
Apr 24, 2026
…lint to v2
golang.org/x/sync v0.20.0 requires go >= 1.25.0. Rather than pin that
sub-package to v0.19 and leave four other bumps blocked, bump the
module's minimum Go to match. User-visible: go install users on 1.24
will see a clear "requires go >= 1.25" error when they next install.
Golangci-lint v1 is discontinued (last release v1.64.8 built with
Go 1.24, refuses to lint Go 1.25 modules). Migrated to v2.11.4:
- .golangci.yml: v1 format -> v2 (via `golangci-lint migrate`)
- Makefile GOLANGCI_LINT_VERSION: v1.64.8 -> v2.11.4; install path
switched to v2 module (.../v2/cmd/golangci-lint)
- CI uses golangci-lint-action@v7 (v6 doesn't support v2 binaries)
- Added exclusions for 3 v2-new rules that fire false-positive-heavy
on this codebase:
- gocritic importShadow (we deliberately shadow agent/status)
- gosec G703 (all flagged paths are from platform.GetConfigDir /
platform.GetDataDir / catalog package names, never user input)
- noctx (most flags are exec.Command/net.Listen/httptest.NewRequest
where adopting ctx variants adds ceremony without correctness)
Dep bumps:
- google.golang.org/grpc v1.79.3 -> v1.80.0
- golang.org/x/sync v0.19.0 -> v0.20.0 (forces 1.25)
- github.com/mattn/go-isatty v0.0.20 -> v0.0.21
- github.com/mattn/go-sqlite3 v1.14.34 -> v1.14.42
- golang.org/x/sys v0.41.0 -> v0.43.0
- Transitive: x/net 0.48->0.49, x/text 0.32->0.33,
protobuf 1.36.10->1.36.11, genproto-rpc bump
Toolchain updates: go.mod go 1.24.2 -> 1.25.0; CI GO_VERSION 1.24
-> 1.25; test matrix ['1.23','1.24'] -> ['1.25']; Dockerfile
golang:1.24-alpine -> golang:1.25-alpine; README.md +
CONTRIBUTING.md prerequisites Go 1.24+ -> Go 1.25+.
Real findings the v2 lint surfaced and fixed inline:
- internal/systray/systray.go:109 gosec G118: cancel func is stored
on the struct and invoked in onExit; suppressed with contextual
nolint since gosec can't see that.
- internal/systray/systray.go:942 nolintlint: removed a stale
//nolint:gosec directive (the call no longer matched G204 under
the new ruleset).
- internal/tui/app.go:572 staticcheck QF1012: WriteString(Sprintf)
-> Fprintf.
Supersedes dependabot PRs #35, #36, #37, #38, #39.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
kevinelliott
added a commit
that referenced
this pull request
Apr 24, 2026
…lint to v2 (#40) golang.org/x/sync v0.20.0 requires go >= 1.25.0. Rather than pin that sub-package to v0.19 and leave four other bumps blocked, bump the module's minimum Go to match. User-visible: go install users on 1.24 will see a clear "requires go >= 1.25" error when they next install. Golangci-lint v1 is discontinued (last release v1.64.8 built with Go 1.24, refuses to lint Go 1.25 modules). Migrated to v2.11.4: - .golangci.yml: v1 format -> v2 (via `golangci-lint migrate`) - Makefile GOLANGCI_LINT_VERSION: v1.64.8 -> v2.11.4; install path switched to v2 module (.../v2/cmd/golangci-lint) - CI uses golangci-lint-action@v7 (v6 doesn't support v2 binaries) - Added exclusions for 3 v2-new rules that fire false-positive-heavy on this codebase: - gocritic importShadow (we deliberately shadow agent/status) - gosec G703 (all flagged paths are from platform.GetConfigDir / platform.GetDataDir / catalog package names, never user input) - noctx (most flags are exec.Command/net.Listen/httptest.NewRequest where adopting ctx variants adds ceremony without correctness) Dep bumps: - google.golang.org/grpc v1.79.3 -> v1.80.0 - golang.org/x/sync v0.19.0 -> v0.20.0 (forces 1.25) - github.com/mattn/go-isatty v0.0.20 -> v0.0.21 - github.com/mattn/go-sqlite3 v1.14.34 -> v1.14.42 - golang.org/x/sys v0.41.0 -> v0.43.0 - Transitive: x/net 0.48->0.49, x/text 0.32->0.33, protobuf 1.36.10->1.36.11, genproto-rpc bump Toolchain updates: go.mod go 1.24.2 -> 1.25.0; CI GO_VERSION 1.24 -> 1.25; test matrix ['1.23','1.24'] -> ['1.25']; Dockerfile golang:1.24-alpine -> golang:1.25-alpine; README.md + CONTRIBUTING.md prerequisites Go 1.24+ -> Go 1.25+. Real findings the v2 lint surfaced and fixed inline: - internal/systray/systray.go:109 gosec G118: cancel func is stored on the struct and invoked in onExit; suppressed with contextual nolint since gosec can't see that. - internal/systray/systray.go:942 nolintlint: removed a stale //nolint:gosec directive (the call no longer matched G204 under the new ruleset). - internal/tui/app.go:572 staticcheck QF1012: WriteString(Sprintf) -> Fprintf. Supersedes dependabot PRs #35, #36, #37, #38, #39. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Owner
|
Superseded by #40 (batched Go 1.25 + 5 deps + golangci-lint v2 migration). |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps golang.org/x/sys from 0.41.0 to 0.43.0.
Commits
f33a730windows: support nil security descriptor on GetNamedSecurityInfo493d172cpu: add runtime import in cpu_darwin_arm64_other.go2c2be75windows: use syscall.SyscallN in Proc.Calla76ec62cpu: roll back "use IsProcessorFeaturePresent to calculate ARM64 on windows"eaaaaeewindows/registry: correct KeyInfo.ModTime calculation942780bcpu: darwin/arm64 feature detectionacef388unix/linux: Prefixmsg and PrefixCacheinfo structs3687fbdcpu: better defaults on darwin ARM6448062e9plan9: change Note to alias syscall.Note4f23f80windows: change Signal to alias syscall.SignalDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)