chore: migrate to Go 1.24 tool directive, bump testify and goleak#26
chore: migrate to Go 1.24 tool directive, bump testify and goleak#26
Conversation
- Bump stretchr/testify v1.10.0 to v1.11.1 - Bump uber-go/goleak v1.1.12 to v1.3.0 - Add golangci-lint v2 and gomarkdoc as Go tool dependencies in go.mod - Remove tools/tools.go (replaced by tool directive) - Remove install target from Makefile - Update Makefile to use go tool instead of go install
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (4)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
- Upgrade go-git/go-git/v5 v5.3.0 → v5.17.0 (CVE-2023-49569, CVE-2025-21613) - Add govulncheck as Go tool dependency - Run govulncheck as part of make lint
There was a problem hiding this comment.
Pull request overview
This PR updates the repo’s Go tooling/dependencies by migrating tool tracking into go.mod (using the tool directive), bumping key test/lint dependencies, and simplifying local developer workflows in the Makefile.
Changes:
- Bump
stretchr/testifyto v1.11.1 andgo.uber.org/goleakto v1.3.0. - Replace the legacy
tools/tools.goapproach with atool (...)block ingo.modand removetools/tools.go. - Update the Makefile to run tools via
go tooland remove theinstalltarget.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
tools/tools.go |
Removes legacy //go:build tools tool-dependency tracking file. |
go.mod |
Updates deps; adds tool (...) block for tool dependencies. |
go.sum |
Refreshes sums consistent with dependency/tool updates. |
Makefile |
Drops install; runs lint/docs via go tool. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Replace standalone golangci-lint-action with make lint to ensure CI uses the same go.mod-pinned tool versions (golangci-lint + govulncheck) as local development.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Fixes vulnerabilities in os, net/url, crypto/tls, crypto/x509, encoding/asn1, encoding/pem — all patched in Go 1.25.8.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Summary
stretchr/testifyv1.10.0 → v1.11.1uber-go/goleakv1.1.12 → v1.3.0golangci-lintv2,gomarkdoc, andgovulncheckas Go tool dependencies viatooldirective ingo.modtools/tools.go(replaced bytooldirective)installtarget from Makefilego toolinstead ofgo installgovulnchecktomake linttarget for vulnerability scanninggo-git/go-git/v5v5.3.0 → v5.17.0 (fixes CVE-2023-49569, CVE-2025-21613)Test plan
make buildpassesmake testpasses (go test -race ./...)make lintpasses (golangci-lint 0 issues + govulncheck no vulnerabilities)