Skip to content

chore(deps): bump golang.org/x/time from 0.9.0 to 0.15.0#11

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/time-0.14.0
Open

chore(deps): bump golang.org/x/time from 0.9.0 to 0.15.0#11
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/time-0.14.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Nov 30, 2025
edited
Loading

Bumps golang.org/x/time from 0.9.0 to 0.15.0.

Commits
  • 812b343 all: upgrade go directive to at least 1.25.0 [generated]
  • 2b4e439 rate: use time.Time.Equal instead of ==
  • c0b0320 all: upgrade go directive to at least 1.24.0 [generated]
  • 1616a7f rate: skip time.Now call in Sometimes.Do unless necessary
  • 0c50ed8 all: upgrade go directive to at least 1.23.0 [generated]
  • 66520f6 rate: simplify function advance only returns new Tokens to caller
  • 2c6c5a2 rate: prevent overflows when calculating durationFromTokens
  • See full diff in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Nov 30, 2025
@piotr-roslaniec
Copy link
Copy Markdown
Contributor

piotr-roslaniec commented May 23, 2026

@dependabot recreate

@dependabot dependabot Bot changed the title Bump golang.org/x/time from 0.0.0-20210220033141-f8bda1e9f3ba to 0.14.0 chore(deps): bump golang.org/x/time from 0.9.0 to 0.15.0 May 23, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/time-0.14.0 branch from 8457828 to a92e00e Compare May 23, 2026 12:44
@piotr-roslaniec
Copy link
Copy Markdown
Contributor

piotr-roslaniec commented May 23, 2026

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/time-0.14.0 branch from a92e00e to 8a7151b Compare May 23, 2026 13:23
@piotr-roslaniec piotr-roslaniec mentioned this pull request May 23, 2026
Merged
4 tasks
@piotr-roslaniec
Copy link
Copy Markdown
Contributor

piotr-roslaniec commented May 23, 2026

@dependabot recreate

@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/time-0.14.0 branch from 8a7151b to 554e101 Compare May 23, 2026 13:39
@piotr-roslaniec piotr-roslaniec mentioned this pull request May 23, 2026
Merged
2 tasks
piotr-roslaniec added a commit that referenced this pull request May 23, 2026
@piotr-roslaniec
ci(govulncheck): bump v1.1.1 -> v1.1.4 to unblock Go 1.25 toolchain
c451fa1 
govulncheck v1.1.1 transitively imports golang.org/x/tools@v0.21.1,
which contains an array-length trick in internal/tokeninternal/tokeninternal.go:64
that evaluates to -256 on Go 1.25 and fails to compile:

    invalid array length -delta * delta (constant -256 of type int64)

This blocks any dep bump that pushes go.mod past go 1.24.0 (e.g. PR #11's
golang.org/x/time v0.15.0, which requires go 1.25.0).

govulncheck v1.1.4 uses x/tools v0.29.0, which doesn't have that pattern.
v1.1.4 still requires only Go 1.22.0 minimum, so it works on both Go 1.24
(current main) and Go 1.25 (post-#11). Holding back from v1.2.0 because
v1.2.0+ requires Go 1.25.0 minimum, which would prematurely force the
toolchain floor before consumers are ready.

Pairs with #18's gotestsum v1.12.0 -> v1.13.0 bump for the same
underlying issue.
@piotr-roslaniec
Copy link
Copy Markdown
Contributor

piotr-roslaniec commented May 23, 2026

@dependabot rebase

@dependabot
chore(deps): bump golang.org/x/time from 0.9.0 to 0.15.0
c5c2818 
Bumps [golang.org/x/time](https://github.com/golang/time) from 0.9.0 to 0.15.0.
- [Commits](golang/time@v0.9.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/time
  dependency-version: 0.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/time-0.14.0 branch from 554e101 to c5c2818 Compare May 23, 2026 13:49
@piotr-roslaniec
Copy link
Copy Markdown
Contributor

piotr-roslaniec commented May 23, 2026

Holding this PR for now.

golang.org/x/time v0.15.0 requires go 1.25.0 in its own go.mod, which forces this module's go directive from go 1.24.0go 1.25.0. Any downstream consumer that re-vendors the resulting tag would be transitively forced onto Go 1.25.

This is the same kind of toolchain-floor cascade we just absorbed in #16 (1.18 → 1.24). Taking another cascade so soon isn't worth it for an x/time bump — the rate.Limiter surface we actually use (pkg/rate/limiter.go) is stable across 0.9 → 0.15 and we get no functional gain.

Will revisit when a Go 1.25 floor bump is independently warranted (e.g., a security/feature pull from another dep). The PR is left open rather than closed so Dependabot doesn't re-propose the same version on the next scan.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@piotr-roslaniec