Conversation
Bumps [github.com/pulumi/pulumi/sdk/v3](https://github.com/pulumi/pulumi) from 3.220.0 to 3.225.1. - [Release notes](https://github.com/pulumi/pulumi/releases) - [Changelog](https://github.com/pulumi/pulumi/blob/master/CHANGELOG.md) - [Commits](pulumi/pulumi@v3.220.0...v3.225.1) --- updated-dependencies: - dependency-name: github.com/pulumi/pulumi/sdk/v3 dependency-version: 3.225.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
rdimitrov
approved these changes
Mar 6, 2026
2 tasks
tadasant
added a commit
that referenced
this pull request
Mar 6, 2026
…ot Go to 1.25.8 (#1040) ## Summary Fixes two CI issues: ### 1. Deploy workflows broken since PR #1034 (all staging deploys failing) The deploy-staging and deploy-production workflows install Go using the **root** `go.mod`, but then build Pulumi infrastructure code from the `deploy/` directory which has its own `go.mod`. This started failing when PR #1034 (`build(deps): bump github.com/pulumi/pulumi/sdk/v3 from 3.220.0 to 3.225.1 in /deploy`) bumped `deploy/go.mod` from Go 1.24.11 to **Go 1.25.6** — a version newer than the root module's Go 1.24.13. Every staging deploy since that merge (Mar 6) has failed with: ``` go: go.mod requires go >= 1.25.6 (running go 1.24.13; GOTOOLCHAIN=local) ``` The last successful deploy was commit cb4807a on Mar 1, before the Go version bump. **Fix**: point `go-version-file` in both deploy workflows at `deploy/go.mod` instead of the root `go.mod`. ### 2. `govulncheck` failing due to Go stdlib vulnerabilities Five new Go stdlib vulnerabilities (GO-2026-4599 through GO-2026-4603) were published on Mar 5-6 affecting Go 1.24.13, fixed in Go 1.25.8. These cause `govulncheck` in the CI pipeline to fail. **Fix**: bump root `go.mod` from Go 1.24.13 to Go 1.25.8. ## Test plan - [ ] CI pipeline passes (govulncheck, build, lint, tests) - [ ] Verify the deploy-staging workflow passes on the next push to main after merge 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps github.com/pulumi/pulumi/sdk/v3 from 3.220.0 to 3.225.1.
Release notes
Sourced from github.com/pulumi/pulumi/sdk/v3's releases.
... (truncated)
Changelog
Sourced from github.com/pulumi/pulumi/sdk/v3's changelog.
... (truncated)
Commits
511dda3Fix provider inheritence (#22101)46eee5cFix Go program generation lifting plains to input values (#22084)346389aPrepare for patch release (#22104)62a6d20Fix Go codegen panic on digit-prefixed schema properties (#21917)58c7319Changelog and go.mod updates for v3.225.0 (#22091)d2c48abFix builtin-object tests for Python (#22086)e3eece1Freeze v3.225.0 (#22085)ca6228eUpdate yaml to 1.30.0 (#22081)e72496afix race when looking up package ref (#22080)21b4452l1 builtin secret test (#22079)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)