chore(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0#39
Closed
dependabot[bot] wants to merge 1 commit intomainfrom
Closed
chore(deps): Bump google.golang.org/grpc from 1.79.3 to 1.80.0#39dependabot[bot] wants to merge 1 commit intomainfrom
dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.3 to 1.80.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.79.3...v1.80.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.80.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
5 tasks
kevinelliott
added a commit
that referenced
this pull request
Apr 24, 2026
…lint to v2
golang.org/x/sync v0.20.0 requires go >= 1.25.0. Rather than pin that
sub-package to v0.19 and leave four other bumps blocked, bump the
module's minimum Go to match. User-visible: go install users on 1.24
will see a clear "requires go >= 1.25" error when they next install.
Golangci-lint v1 is discontinued (last release v1.64.8 built with
Go 1.24, refuses to lint Go 1.25 modules). Migrated to v2.11.4:
- .golangci.yml: v1 format -> v2 (via `golangci-lint migrate`)
- Makefile GOLANGCI_LINT_VERSION: v1.64.8 -> v2.11.4; install path
switched to v2 module (.../v2/cmd/golangci-lint)
- CI uses golangci-lint-action@v7 (v6 doesn't support v2 binaries)
- Added exclusions for 3 v2-new rules that fire false-positive-heavy
on this codebase:
- gocritic importShadow (we deliberately shadow agent/status)
- gosec G703 (all flagged paths are from platform.GetConfigDir /
platform.GetDataDir / catalog package names, never user input)
- noctx (most flags are exec.Command/net.Listen/httptest.NewRequest
where adopting ctx variants adds ceremony without correctness)
Dep bumps:
- google.golang.org/grpc v1.79.3 -> v1.80.0
- golang.org/x/sync v0.19.0 -> v0.20.0 (forces 1.25)
- github.com/mattn/go-isatty v0.0.20 -> v0.0.21
- github.com/mattn/go-sqlite3 v1.14.34 -> v1.14.42
- golang.org/x/sys v0.41.0 -> v0.43.0
- Transitive: x/net 0.48->0.49, x/text 0.32->0.33,
protobuf 1.36.10->1.36.11, genproto-rpc bump
Toolchain updates: go.mod go 1.24.2 -> 1.25.0; CI GO_VERSION 1.24
-> 1.25; test matrix ['1.23','1.24'] -> ['1.25']; Dockerfile
golang:1.24-alpine -> golang:1.25-alpine; README.md +
CONTRIBUTING.md prerequisites Go 1.24+ -> Go 1.25+.
Real findings the v2 lint surfaced and fixed inline:
- internal/systray/systray.go:109 gosec G118: cancel func is stored
on the struct and invoked in onExit; suppressed with contextual
nolint since gosec can't see that.
- internal/systray/systray.go:942 nolintlint: removed a stale
//nolint:gosec directive (the call no longer matched G204 under
the new ruleset).
- internal/tui/app.go:572 staticcheck QF1012: WriteString(Sprintf)
-> Fprintf.
Supersedes dependabot PRs #35, #36, #37, #38, #39.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
kevinelliott
added a commit
that referenced
this pull request
Apr 24, 2026
…lint to v2 (#40) golang.org/x/sync v0.20.0 requires go >= 1.25.0. Rather than pin that sub-package to v0.19 and leave four other bumps blocked, bump the module's minimum Go to match. User-visible: go install users on 1.24 will see a clear "requires go >= 1.25" error when they next install. Golangci-lint v1 is discontinued (last release v1.64.8 built with Go 1.24, refuses to lint Go 1.25 modules). Migrated to v2.11.4: - .golangci.yml: v1 format -> v2 (via `golangci-lint migrate`) - Makefile GOLANGCI_LINT_VERSION: v1.64.8 -> v2.11.4; install path switched to v2 module (.../v2/cmd/golangci-lint) - CI uses golangci-lint-action@v7 (v6 doesn't support v2 binaries) - Added exclusions for 3 v2-new rules that fire false-positive-heavy on this codebase: - gocritic importShadow (we deliberately shadow agent/status) - gosec G703 (all flagged paths are from platform.GetConfigDir / platform.GetDataDir / catalog package names, never user input) - noctx (most flags are exec.Command/net.Listen/httptest.NewRequest where adopting ctx variants adds ceremony without correctness) Dep bumps: - google.golang.org/grpc v1.79.3 -> v1.80.0 - golang.org/x/sync v0.19.0 -> v0.20.0 (forces 1.25) - github.com/mattn/go-isatty v0.0.20 -> v0.0.21 - github.com/mattn/go-sqlite3 v1.14.34 -> v1.14.42 - golang.org/x/sys v0.41.0 -> v0.43.0 - Transitive: x/net 0.48->0.49, x/text 0.32->0.33, protobuf 1.36.10->1.36.11, genproto-rpc bump Toolchain updates: go.mod go 1.24.2 -> 1.25.0; CI GO_VERSION 1.24 -> 1.25; test matrix ['1.23','1.24'] -> ['1.25']; Dockerfile golang:1.24-alpine -> golang:1.25-alpine; README.md + CONTRIBUTING.md prerequisites Go 1.24+ -> Go 1.25+. Real findings the v2 lint surfaced and fixed inline: - internal/systray/systray.go:109 gosec G118: cancel func is stored on the struct and invoked in onExit; suppressed with contextual nolint since gosec can't see that. - internal/systray/systray.go:942 nolintlint: removed a stale //nolint:gosec directive (the call no longer matched G204 under the new ruleset). - internal/tui/app.go:572 staticcheck QF1012: WriteString(Sprintf) -> Fprintf. Supersedes dependabot PRs #35, #36, #37, #38, #39. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Owner
|
Superseded by #40 (batched Go 1.25 + 5 deps + golangci-lint v2 migration). |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps google.golang.org/grpc from 1.79.3 to 1.80.0.
Release notes
Sourced from google.golang.org/grpc's releases.
Commits
397e45eChange version to 1.80.0 (#8948)64ebf0aCherry-pick #8997 to v1.80.x (#9027)e45ed24xds/rbac: add additional handling for addresses with ports (#8990) (#9022)c78d26eCherry-pick #8957 to v1.80.x (#9007)bd7cd3cgrpc: enforce strict path checking for incoming requests on the server (#8987)b6597b3xds/clusterimpl: use xdsConfig for updates and remove redundant fields from L...1d4fa8axds: change cdsbalancer to use update from dependency manager (#8907)8f47d36attributes: Replace internal map with linked list (#8933)22e1ee8xds: add panic recovery in xdsclient resource unmarshalling. (#8895)7136e99credentials/alts: Pool write buffers (#8919)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)