Conversation
orangepizza
force-pushed
the
bump-depend
branch
3 times, most recently
from
529d3dd to
391ff47
Compare
|
@orangepizza is there any specific reason for this dependencies version upgrades? @doanac It does look sane, but I have no capacity to verify. |
orangepizza
left a comment
orangepizza
left a comment
There was a problem hiding this comment.
@orangepizza is there any specific reason for this dependencies version upgrades?
As a trade-off, can we take only the Golang/Golint upgrades?@doanac It does look sane, but I have no capacity to verify.
Do we need to configure dependabot for this project and let it take care of this chore for us?
updated echo v4 version https://pkg.go.dev/vuln/GO-2024-2687 / GO-2024-3333 and I had no reason to not bump it to newest version. and it bumped most of std depends anyway.
and for pkcs7 i'd prper depend on actual release than depend on some git commit hash)
zerolog repo looks patches was mostly bumping depends on their side.
|
There's no one change I have a problem with. Will you please break them up into separate commits and provide the rationale for each change please. |
vkhoroz
left a comment
vkhoroz
left a comment
There was a problem hiding this comment.
I think it looks good.
Just need to move one line into another commit.
matching with other repositoy we have like flocfg this updates ci version to supported this go version
fixes GO-2024-2687 and GO-2024-3333
prefer track actual version tag than require specific commit hash
3 participants
targeted go 1.24.5 because last flocfg was bumped to that version, matching it:
echo have v5 version (with breaking changes) but it isn't stable until April.