Conversation
|
Note to self: Afterwards we should github.com/letsencrypt/boulder to avoid a dependency on no-longer-maintained |
| module github.com/containers/image/v5 | ||
|
|
||
| go 1.20 | ||
| go 1.21 |
There was a problem hiding this comment.
My understanding is that along with this, we also need toolchain 1.21 as well? Please double-check.
There was a problem hiding this comment.
My reading of “Go toolchain selection” in https://go.dev/doc/toolchain is that it is not compulsory, and effectively defaults to the go directive.
I don’t mind adding 1.21.0 here, if you think it would be more explicit. (Or 1.21.$latest ? That would force users to update.)
There was a problem hiding this comment.
Added toolchain 1.21.0, per discussion in containers/skopeo#2297 (comment) .
|
Cross-linking for visibility: containers/skopeo#2297 (comment) says we need an update to the Renovate config (affecting also repos using c/image). |
|
(Marking as draft to make sure we have a decision the Renovate configuration first; I understand Renovate would immediately start failing otherwise.) |
|
(cross-post / copy) I don't believe it will fail, it will simply (and mostly silently) refuse to open any module update PRs which also require a bump of go 1.21. |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... except where we need maps.Keys(). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... now that Go 1.21 is acceptable. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
LGTM |
… primarily because some dependencies started to require it: if we ever needed to quickly update a dependency for a vulnerability fix, we might have to update to Go 1.21 on a short notice, or fork the dependency.
And then bump dependencies which we have been holding back:
github.com/sylabs/sif/v2: fix(deps): update module github.com/sylabs/sif/v2 to v2.16.0 #2356github.com/sigstore/fulcio: fix(deps): update module github.com/sigstore/fulcio to v1.4.4 #2320 fix(deps): update module github.com/sigstore/fulcio to v1.4.5 #2371github.com/sigstore/rekor: fix(deps): update module github.com/sigstore/rekor to v1.3.0 #2100 fix(deps): update module github.com/sigstore/rekor to v1.3.1 #2139 fix(deps): update module github.com/sigstore/rekor to v1.3.2 #2141 fix(deps): update module github.com/sigstore/rekor to v1.3.3 #2169 Update module github.com/sigstore/rekor to v1.3.3 #2192 fix(deps): update module github.com/sigstore/rekor to v1.3.4 #2208 fix(deps): update module github.com/sigstore/rekor to v1.3.5 #2278 Update module github.com/sigstore/rekor to v1.3.5 #2292 fix(deps): update module github.com/sigstore/rekor to v1.3.6 #2362github.com/docker/docker: fix(deps): update module github.com/docker/docker to v26 #2353 (+ an update to 26.0.1)github.com/docker/cli: fix(deps): update module github.com/docker/cli to v26 #2352 (+ an update to 26.0.1)Cc: @jnovy @lsm5 @cevich @TomSweeneyRedHat