chore(deps): update Go modules#2042
Merged
Merged
Conversation
Bump Go dependencies in both backend/ and backend/_example/memory_store.
Notable updates:
- github.com/go-pkgz/lgr v0.12.1 -> v0.12.3
- github.com/klauspost/compress v1.18.2 -> v1.18.5
- github.com/PuerkitoBio/goquery v1.11.0 -> v1.12.0
- github.com/montanaflynn/stats v0.7.1 -> v0.9.0
- github.com/redis/go-redis/v9 v9.17.2 -> v9.18.0
- github.com/slack-go/slack v0.17.3 -> v0.21.1
- go.mongodb.org/mongo-driver v1.17.6 -> v1.17.9
- golang.org/x/crypto v0.48.0 -> v0.50.0
- golang.org/x/net v0.49.0 -> v0.53.0
- golang.org/x/image v0.36.0 -> v0.39.0
- golang.org/x/sys v0.41.0 -> v0.43.0
- golang.org/x/{oauth2,sync,text} minor bumps
Key markdown/sanitisation libs (bluemonday v1.0.27,
alecthomas/chroma/v2 v2.23.1, russross/blackfriday/v2 v2.1.0,
Depado/bfchroma/v2 v2.0.0) are already at the latest available
versions and were not bumped.
Verified the Chroma span-class allowlist regex in
backend/app/store/comment.go:128-131 is still fully in sync with
chroma/v2 types.go StandardTypes map (86 classes, byte-equal after
sorting). The inline comment references commit c263f6f which is
stale (Chroma is at v2 now), but the class list content is current.
Ran `go mod tidy` + `go mod vendor` + full race test suite on both
modules. All green. Added a reminder in CLAUDE.md that updating
backend/ Go modules also requires `go mod tidy` in
backend/_example/memory_store since the example module uses a
local replace directive and inherits indirect deps from the main
module.
umputun
approved these changes
Apr 12, 2026
Owner
umputun
left a comment
umputun
left a comment
There was a problem hiding this comment.
lgtm, deps update with green CI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Routine Go dependency refresh across both modules (
backend/andbackend/_example/memory_store/).Notable bumps
github.com/go-pkgz/lgrgithub.com/klauspost/compressgithub.com/PuerkitoBio/goquerygithub.com/montanaflynn/statsgithub.com/redis/go-redis/v9github.com/slack-go/slackgo.mongodb.org/mongo-drivergolang.org/x/cryptogolang.org/x/netgolang.org/x/imagegolang.org/x/sysgolang.org/x/{oauth2,sync,text}Unchanged (already latest)
Markdown/sanitisation libs
microcosm-cc/bluemondayv1.0.27,alecthomas/chroma/v2v2.23.1,russross/blackfriday/v2v2.1.0, andDepado/bfchroma/v2v2.0.0 are already at the latest available versions and were not bumped.Chroma allowlist verification
Verified the Chroma span-class allowlist regex in
backend/app/store/comment.go:128-131is still fully in sync withchroma/v2types.goStandardTypesmap — 86 classes on both sides, byte-equal after sorting. The inline comment at line 127 references commitc263f6fwhich is stale (Chroma is on v2 now), but the class list content is current. I left the reference alone in this PR — could be updated separately if desired.CLAUDE.md
Added a reminder that updating
backend/Go modules also requiresgo mod tidyinbackend/_example/memory_store/because the example module uses a local replace directive and inherits indirect deps from the main module. Missing this step leaves the example with stale indirect deps that break its build.Verification
go build ./...— clean on both modulesgo test -timeout=180s -count=1 ./...— all green inbackend/app/go test -race ./...+go build -race ./...— all green inbackend/_example/memory_store/golangci-lint run ./...— same output as master (4 pre-existing gosec G120/G122 findings inmigrator.go,rest_private.go,fs_store.gothat are not introduced by this change; confirmed by stashing the diff and re-running lint on master)golangci-lint run --config ../../.golangci.yml ./...in example — 0 issues