Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: minor updates to deps #330

Merged
merged 1 commit into from
Sep 12, 2023
Merged

chore: minor updates to deps #330

merged 1 commit into from
Sep 12, 2023

Conversation

graza-io
Copy link
Contributor

No description provided.

@graza-io graza-io linked an issue Sep 11, 2023 that may be closed by this pull request
@graza-io
Copy link
Contributor Author

These were tested working, reason for not upgrading github.com/argonsecurity/pipeline-parser to latest was that it appears to be designed for go 1.21 which I'm not sure we're upgrading plugins to yet:

go build -o ~/.steampipe/plugins/hub.steampipe.io/plugins/turbot/github@latest/steampipe-plugin-github.plugin *.go
# github.com/quic-go/quic-go/internal/qtls
../../../go/pkg/mod/github.com/quic-go/quic-go@v0.32.0/internal/qtls/go121.go:5:13: cannot use "The version of quic-go you're using can't be built on Go 1.21 yet. For more details, please see https://github.com/quic-go/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.21 yet. F...) as int value in variable declaration
make: *** [install] Error 1

@graza-io
Copy link
Contributor Author

Also just noticed we have Dependabot PRs for some of these...

@cbruno10
Copy link
Contributor

@graza-io Can we use the Dependabot PRs for any packages covered in both sets of PRs? Any not caught by Dependabot we can then update in this PR.

@graza-io
Copy link
Contributor Author

The following Dependabot PRs are captured here & tested but should just use their own PR:

The following Dependabot PR is probably a good one to include but untested:

This one can't be done right now as latest would break build, which is the main purpose of this PR, to update to a reasonable version in between current and latest, which contains some fixes.

@graza-io graza-io reopened this Sep 11, 2023
@graza-io
Copy link
Contributor Author

@cbruno10 reworked so now only contains the update for pipeline-parser.

@cbruno10
Copy link
Contributor

cbruno10 commented Sep 11, 2023

@graza-io I think we could update to use Go 1.21 (the latest Steampipe plugin SDK will require it I believe), unless there's a larger issue that you know of. If we update to Go 1.21, would we be able to merge in #324, or are there other breaking changes affecting us in argonsecurity/pipeline-parser v1.3.4?

@graza-io
Copy link
Contributor Author

Actually I think I read this wrong and that it requires being built with a version of go prior to 1.21.

Starting with v1.0.0 of pipeline-parser they've taken a dependency on quic
go.mod @ v0.3.3
go.mod @ v1.0.0

This seems to have issues being built.
Using go1.21 at v0.32.0 of go-quic - as a dependency on v.3.33.1 of req

Because my local go version is 1.21, I cannot compile the code.

❯ go version
go version go1.21.1 darwin/arm64

go-quic remediates the support in v0.37.0
req picks up the newer go-quic in v3.38.0

Options:

  • Update pipeline-parser to 0.3.3 and watch for a new version which includes dependency upgrade of req >= v3.38.0, this will allow us to continue building locally with go1.21 but also to use go1.21 as plugin version.
  • Update pipeline-parser to 1.3.4 and be limited to go1.20 for building locally and in plugin version until a newer release is available and we update to that.

@cbruno10
Copy link
Contributor

@graza-io Thanks for the details, my vote would be to update to v0.3.3 then for now, since we will be upgrading the plugin to use the new Steampipe plugin SDK version in the upcoming weeks, which requires Go v1.21.

@cbruno10 cbruno10 merged commit 935143d into main Sep 12, 2023
2 checks passed
@cbruno10 cbruno10 deleted the issue-329 branch September 12, 2023 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

YAML unmarshal error in github_workflow.pipeline column
2 participants