Skip to content

chore(deps): update go-non-major to v1.26.5#1133

Merged
Wikid82 merged 5 commits into
developmentfrom
renovate/go-non-major
Jul 8, 2026
Merged

chore(deps): update go-non-major to v1.26.5#1133
Wikid82 merged 5 commits into
developmentfrom
renovate/go-non-major

Conversation

@renovate

@renovate renovate Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
go (source) golang patch 1.26.41.26.5
golang/go (source) patch 1.26.41.26.5

Release Notes

golang/go (golang/go)

v1.26.5

Compare Source


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Jul 7, 2026
@renovate

renovate Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: agent/go.sum
Command failed: go get -t ./...
go: downloading github.com/sirupsen/logrus v1.9.4
go: downloading github.com/gorilla/websocket v1.5.3
go: downloading github.com/hashicorp/yamux v0.1.2
go: downloading github.com/stretchr/testify v1.11.1
go: downloading golang.org/x/sys v0.46.0
go: downloading github.com/davecgh/go-spew v1.1.1
go: downloading github.com/pmezard/go-difflib v1.0.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: module . listed in go.work file requires go >= 1.26.5, but go.work lists go 1.26.4; to update it:
	go work use

File name: backend/go.sum
Command failed: go get -t ./...
go: downloading github.com/gin-gonic/gin v1.12.0
go: downloading gopkg.in/natefinch/lumberjack.v2 v2.2.1
go: downloading github.com/glebarez/sqlite v1.11.0
go: downloading github.com/google/uuid v1.6.0
go: downloading gorm.io/gorm v1.31.2
go: downloading gorm.io/driver/sqlite v1.6.0
go: downloading golang.org/x/text v0.39.0
go: downloading github.com/mattn/go-sqlite3 v1.14.47
go: downloading github.com/gin-contrib/gzip v1.2.6
go: downloading github.com/prometheus/client_golang v1.23.2
go: downloading golang.org/x/crypto v0.53.0
go: downloading golang.org/x/time v0.15.0
go: downloading github.com/golang-jwt/jwt/v5 v5.3.1
go: downloading github.com/moby/moby/client v0.5.0
go: downloading github.com/oschwald/geoip2-golang/v2 v2.2.0
go: downloading github.com/robfig/cron/v3 v3.0.1
go: downloading golang.org/x/net v0.56.0
go: downloading software.sslmate.com/src/go-pkcs12 v0.7.3
go: downloading github.com/gin-contrib/sse v1.1.1
go: downloading github.com/mattn/go-isatty v0.0.22
go: downloading github.com/quic-go/quic-go v0.60.0
go: downloading github.com/glebarez/go-sqlite v1.22.0
go: downloading modernc.org/sqlite v1.53.0
go: downloading github.com/jinzhu/now v1.1.5
go: downloading github.com/stretchr/objx v0.5.3
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading github.com/prometheus/client_model v0.6.2
go: downloading github.com/prometheus/common v0.69.0
go: downloading github.com/prometheus/procfs v0.21.1
go: downloading google.golang.org/protobuf v1.36.11
go: downloading github.com/kylelemons/godebug v1.1.0
go: downloading github.com/Microsoft/go-winio v0.6.2
go: downloading github.com/containerd/errdefs v1.0.0
go: downloading github.com/containerd/errdefs/pkg v0.3.0
go: downloading github.com/distribution/reference v0.6.0
go: downloading github.com/docker/go-connections v0.7.0
go: downloading github.com/moby/moby/api v1.55.0
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/opencontainers/image-spec v1.1.1
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0
go: downloading go.opentelemetry.io/otel/trace v1.44.0
go: downloading go.opentelemetry.io/otel v1.44.0
go: downloading github.com/oschwald/maxminddb-golang/v2 v2.4.1
go: downloading github.com/go-playground/validator/v10 v10.30.3
go: downloading github.com/goccy/go-yaml v1.19.2
go: downloading github.com/pelletier/go-toml/v2 v2.4.3
go: downloading github.com/ugorji/go/codec v1.3.1
go: downloading go.mongodb.org/mongo-driver/v2 v2.7.0
go: downloading github.com/bytedance/sonic v1.15.2
go: downloading github.com/goccy/go-json v0.10.6
go: downloading github.com/json-iterator/go v1.1.12
go: downloading github.com/quic-go/qpack v0.6.0
go: downloading modernc.org/libc v1.74.0
go: downloading github.com/jinzhu/inflection v1.0.0
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading github.com/docker/go-units v0.5.0
go: downloading github.com/moby/docker-image-spec v1.3.1
go: downloading github.com/felixge/httpsnoop v1.1.0
go: downloading go.opentelemetry.io/otel/metric v1.44.0
go: downloading github.com/gabriel-vasile/mimetype v1.4.13
go: downloading github.com/go-playground/universal-translator v0.18.1
go: downloading github.com/leodido/go-urn v1.4.0
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/modern-go/reflect2 v1.0.2
go: downloading github.com/dustin/go-humanize v1.0.1
go: downloading github.com/ncruces/go-strftime v1.0.0
go: downloading modernc.org/mathutil v1.7.1
go: downloading modernc.org/memory v1.11.0
go: downloading github.com/go-logr/logr v1.4.3
go: downloading github.com/go-playground/locales v0.14.1
go: downloading github.com/bytedance/gopkg v0.1.4
go: downloading github.com/cloudwego/base64x v0.1.7
go: downloading golang.org/x/arch v0.28.0
go: downloading github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading go.opentelemetry.io/auto/sdk v1.2.1
go: downloading github.com/bytedance/sonic/loader v0.5.1
go: downloading github.com/klauspost/cpuid/v2 v2.4.0
go: downloading github.com/twitchyliquid64/golang-asm v0.15.1
go: module ../agent listed in go.work file requires go >= 1.26.5, but go.work lists go 1.26.4; to update it:
	go work use
go: module . listed in go.work file requires go >= 1.26.5, but go.work lists go 1.26.4; to update it:
	go work use

@codecov

codecov Bot commented Jul 7, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@renovate

renovate Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

The Dockerfile's golang builder image ARG was tracked via the docker
datasource and grouped separately (dockerfile-non-major) from go.mod's
go directive and GO_VERSION workflow vars (go-non-major, golang-version
datasource). This let the two land in independent PRs that could merge
out of order, breaking the Docker build whenever go.mod's floor version
outran the pinned builder image (as happened with the 1.26.5 bump).
@github-advanced-security

Copy link
Copy Markdown
Contributor

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

✅ Supply Chain Verification Results

PASSED

📦 SBOM Summary

  • Components: 1484

🔍 Vulnerability Scan

Severity Count
🔴 Critical 0
🟠 High 0
🟡 Medium 4
🟢 Low 3
Total 7

📎 Artifacts

  • SBOM (CycloneDX JSON) and Grype results available in workflow artifacts

Generated by Supply Chain Verification workflow • View Details

Wikid82 added 2 commits July 8, 2026 03:44
The "Utility: Update Go Version" task only pinned GOTOOLCHAIN, leaving
gopls (a long-running process that resolves its Go version once at
startup) reporting the old version until the editor was reloaded. It
also left every previously-downloaded toolchain cached indefinitely
(~285MB each). update-go-toolchain.sh now prunes old toolchain caches
and kills gopls so the editor's Go extension respawns it automatically.
Go vulndb flags golang.org/x/crypto/openpgp v0.53.0 as unmaintained and
unsafe by design with no fixed version — not a patchable bug. Trivy's
gobinary scan flags it in app/charon, caddy, crowdsec, and cscli based
on module version alone; verified via `go list -deps ./...` that
Charon's own code never imports the openpgp subpackage, so the
app/charon finding is a false positive. caddy/crowdsec/cscli carry it
as a third-party transitive dependency we don't control.

Documents the suppression in .trivyignore, .grype.yaml, and SECURITY.md
so it's tracked as awaiting upstream with a 2026-08-08 review date.
@Wikid82 Wikid82 merged commit ce82032 into development Jul 8, 2026
41 checks passed
@renovate renovate Bot deleted the renovate/go-non-major branch July 8, 2026 04:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants