Skip to content

chore(deps): bump Go modules and drop stale osv ignores#971

Merged
cpcloud merged 1 commit intomicasa-dev:mainfrom
cpcloud:worktree-crystalline-doodling-gosling
Apr 23, 2026
Merged

chore(deps): bump Go modules and drop stale osv ignores#971
cpcloud merged 1 commit intomicasa-dev:mainfrom
cpcloud:worktree-crystalline-doodling-gosling

Conversation

@cpcloud
Copy link
Copy Markdown
Collaborator

@cpcloud cpcloud commented Apr 23, 2026

Summary

  • go get -u ./... + go mod tidy across all direct and transitive deps
  • Refresh Nix vendorHash in nix/package.nix to match the new go.sum
  • Drop three stale [[IgnoredVulns]] from osv-scanner.toml
    (GO-2026-4514, GO-2026-4771, GO-2026-4772) now that the scanner
    reports them as unused

Notable version jumps:

  • anthropic-sdk-go v1.27.1 -> v1.37.0
  • ollama v0.18.3 -> v0.21.1
  • mark3labs/mcp-go v0.48.0 -> v0.49.0
  • OpenTelemetry otel/metric/trace v1.42.0 -> v1.43.0
  • google.golang.org/genai v1.51.0 -> v1.54.0
  • google.golang.org/grpc v1.79.3 -> v1.80.0
  • golang.org/x/net v0.52.0 -> v0.53.0

@cpcloud cpcloud added the chore Maintenance and housekeeping label Apr 23, 2026
@cpcloud
chore(deps): bump Go modules and drop stale osv ignores
c0c6546 
Notable jumps:
- anthropic-sdk-go v1.27.1 -> v1.37.0
- ollama v0.18.3 -> v0.21.1
- mark3labs/mcp-go v0.48.0 -> v0.49.0
- OpenTelemetry otel/metric/trace v1.42.0 -> v1.43.0
- google.golang.org/genai v1.51.0 -> v1.54.0
- google.golang.org/grpc v1.79.3 -> v1.80.0
- golang.org/x/net v0.52.0 -> v0.53.0

Remove stale osv-scanner.toml ignores (GO-2026-4514, GO-2026-4771,
GO-2026-4772) now that the scanner reports them as unused. Refresh Nix
vendorHash to match the new go.sum.
@cpcloud cpcloud force-pushed the worktree-crystalline-doodling-gosling branch from ed10e1f to c0c6546 Compare April 23, 2026 09:47
@cpcloud cpcloud merged commit e881963 into micasa-dev:main Apr 23, 2026
30 checks passed
@cpcloud cpcloud deleted the worktree-crystalline-doodling-gosling branch April 23, 2026 09:56
@cpcloud cpcloud mentioned this pull request Apr 23, 2026
Merged
cpcloud added a commit that referenced this pull request Apr 23, 2026
@cpcloud
chore(deps): enable Renovate updates for indirect Go modules (#972)
6a1fbcc 
## Summary

- Renovate's `gomod` manager [disables indirect-dep updates by
default](https://docs.renovatebot.com/modules/manager/gomod/). The
existing `go-indirect` rule sets a `groupName` but never flips
`enabled`, so indirect deps never get PRs.
- Set `"enabled": true` on that rule.

#971 is the manual catch-up for deps that have been dormant under this
rule.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

chore Maintenance and housekeeping

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cpcloud