Conversation
WalkthroughThe changes update the dependency versions in the Changes
Suggested reviewers
Poem
Warning There were issues while running some tools. Please review the errors and either fix the tool’s configuration or disable the tool if it’s a critical failure. 🔧 golangci-lint (1.62.2)Error: can't load config: the Go language version (go1.23) used to build golangci-lint is lower than the targeted Go version (1.24.0) Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
go.mod (1)
153-156: Kubernetes API Extension Dependencies UpdateKubernetes-related dependencies have been updated:
k8s.io/apiextensions-apiserverk8s.io/apiserverk8s.io/cli-runtimek8s.io/component-baseAll are now at v0.32.2. Please verify that Kubernetes CRD validation and API server integrations continue to work as expected.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (1)
go.mod(4 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (4)
- GitHub Check: Test
- GitHub Check: Build
- GitHub Check: build-and-scan
- GitHub Check: Socket Security: Pull Request Alerts
🔇 Additional comments (21)
go.mod (21)
7-16: Dependency Bumps in Primary Module RequirementsThe dependency versions for critical libraries in the primary require block have been updated as follows:
github.com/go-playground/validator/v10is bumped to v10.25.0helm.sh/helm/v3updated to v3.17.1- Kubernetes dependencies (
k8s.io/api,k8s.io/apimachinery,k8s.io/client-go) updated to v0.32.2sigs.k8s.io/controller-runtimeupdated to v0.20.2Please ensure that any integrations using these libraries are fully compatible with the new versions and that the test suite confirms their proper behavior.
22-26: Updated Azure and Masterminds DependenciesThe dependencies have been updated:
github.com/Azure/go-ansitermis now v0.0.0-20250102033503-faa5f7b0171cgithub.com/Masterminds/semver/v3is bumped to v3.3.1Verify that these updates do not introduce API mismatches in scenarios where these libraries are used.
34-35: Containerd Dependency Update and AdditionThe containerd dependency has been bumped to v1.7.26 and a new dependency,
github.com/containerd/errdefs, has been added at v1.0.0.
Ensure that error handling using the new errdefs is consistent throughout the codebase.
38-38: Filepath Securejoin Update
github.com/cyphar/filepath-securejoinis updated to v0.4.1.
This is a straightforward version bump—please confirm that any file path operations reliant on this library continue to behave as expected.
41-43: Docker Dependencies UpgradeBoth Docker-related dependencies have been updated:
github.com/docker/cli→ v28.0.1+incompatiblegithub.com/docker/docker→ v28.0.1+incompatibleDouble-check that these version upgrades remain compatible with your Docker integration logic and that no breaking changes have been introduced.
47-49: Go-restful and JSON Patch Libraries UpdateThe following updates were applied:
github.com/emicklei/go-restful→ v3.12.2github.com/evanphx/json-patch→ v5.9.11+incompatiblegithub.com/evanphx/json-patch/v5→ v5.9.11Verify that these libraries continue to process HTTP requests and JSON modifications as expected.
53-53: Fsnotify Version Bump
github.com/fsnotify/fsnotifyhas been updated to v1.8.0.
It is advisable to re-run file system watchers and associated tests to ensure that notifications are being captured reliably.
55-55: Gabriel Vasile Mimetype UpdateThe
github.com/gabriel-vasile/mimetypedependency is now at v1.4.8.
Confirm that MIME type detection remains accurate and performs as expected post-update.
68-68: Golang Groupcache Revision BumpThe bump to
github.com/golang/groupcachereflects an update to a newer commit version.
This update should be validated to ensure that cache behavior remains consistent.
71-72: Google Gnostic Models and Go-Cmp UpdateBoth
github.com/google/gnostic-models(now v0.6.9) andgithub.com/google/go-cmp(now v0.7.0) have been updated.
Please verify that any schema validations or diff computations that use these libraries continue to operate correctly.
74-74: Google Pprof Update
github.com/google/pprofis updated to v0.0.0-20250208200701-d0013a598941.
It is important to confirm that performance profiling and memory usage analysis remain accurate after this bump.
88-88: Klauspost Compress Update
github.com/klauspost/compresshas been updated to v1.18.0.
Review any compression routines to check for performance improvements or API changes.
94-95: Mailru Easyjson and Mattn Go-Colorable UpdateUpdates applied:
github.com/mailru/easyjson→ v0.9.0github.com/mattn/go-colorable→ v0.1.14Ensure the JSON serialization logic and terminal color handling remain unaffected by these bumps.
112-114: Prometheus Client and Common UpdateThe Prometheus libraries have been updated:
github.com/prometheus/client_golang→ v1.21.0github.com/prometheus/common→ v0.62.0Please verify that the metrics collection and exposition continue to function correctly in your monitoring setup.
117-117: SQL Migrate UpdateThe dependency
github.com/rubenv/sql-migrateis bumped to v1.7.1.
Ensure that the database migration tooling and rollback mechanisms operate without issues.
121-123: Spf13 CLI Tools UpdateThe following CLI-related dependencies have been updated:
github.com/spf13/cast→ v1.7.1github.com/spf13/cobra→ v1.9.1github.com/spf13/pflag→ v1.0.6Double-check that command-line argument parsing and command dispatch functionalities continue to work as expected.
129-133: OpenTelemetry Dependencies UpdateThe OpenTelemetry dependencies have been updated:
go.opentelemetry.io/auto/sdk→ v1.1.0go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp→ v0.59.0go.opentelemetry.io/otel,otel/metric, andotel/trace→ v1.34.0Given the potential for subtle API changes in telemetry instrumentation, please ensure comprehensive testing of all distributed tracing and metrics collection features.
136-145: Golang.org/x Dependencies UpdateMultiple
golang.org/xmodules have been updated:
crypto,mod,net,oauth2,sync,sys,term,text,time, andtoolsnow use the latest revisions (e.g., v0.35.0 for many, v0.29.0 for term, etc.).It is critical to run a full regression test to ensure that no breaking changes affect your code base due to these updates.
147-149: Google gRPC and Protobuf Dependencies UpdateThe following gRPC-related dependencies have been bumped:
google.golang.org/genproto/googleapis/rpc→ v0.0.0-20250224174004-546df14abb99google.golang.org/grpc→ v1.70.0google.golang.org/protobuf→ v1.36.5Verify that any gRPC service and client interactions remain stable with these updates.
158-160: Additional Kubernetes Dependencies UpdateThe updates include:
k8s.io/kube-openapik8s.io/kubectlk8s.io/utils
All updated to new revisions. Confirm that these changes do not adversely affect cluster interactions and operator functionalities.
163-165: Kustomize Dependencies UpdateThe following kustomize modules have been bumped:
sigs.k8s.io/kustomize/api→ v0.19.0sigs.k8s.io/kustomize/kyaml→ v0.19.0sigs.k8s.io/structured-merge-diff/v4→ v4.5.0Ensure that any manifest generation or customization operations continue to produce the expected output.
|
New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Have feedback? Participate in our User Experience Survey 📊 |
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again. Next stepsWhy is native code a concern?Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior. Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks. What is a license policy violation?This package is not allowed per your license policy. Review the package's license to ensure compliance. Find a package that does not violate your license policy or adjust your policy to allow this package's license. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
Makefile (1)
170-178: New target: find-deprecated.
This target checks for deprecated modules viago list -u -m -jsonand looks for deprecation notices in code comments as well as during build time. Consider whether a case-insensitive search (e.g., usinggrep -ri) might capture more variations in deprecation markers, if needed.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (3)
.gitignore(1 hunks)Makefile(2 hunks)go.mod(3 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- go.mod
⏰ Context from checks skipped due to timeout of 90000ms (4)
- GitHub Check: Test
- GitHub Check: Build
- GitHub Check: build-and-scan
- GitHub Check: Socket Security: Pull Request Alerts
🔇 Additional comments (7)
.gitignore (1)
38-40: Enhance ignored files list.
The addition of the.DS_Storeentry is a standard best practice for macOS environments and helps keep your repository clean from system files. Also, modifying the tilt bin entry to/tilt_bin(if intentional for ignoring only the root-level directory) is acceptable. Ensure that this change aligns with your project's directory structure.Makefile (6)
160-163: New target: safe-bump-deps.
This target usesgo get -u ./...followed bygo mod tidyto update all dependencies to their latest versions. It provides a quick way to bring in dependency updates; just ensure that upgrading all dependencies at once meets your stability requirements.
165-169: New target: major-bump-deps.
By updating only direct dependencies (and explicitly excluding indirect ones andgithub.com/wandb/operator), this target offers a more controlled upgrade path. Verify that the filtering withgrep -vworks as expected in all scenarios.
179-194: New target: check-vulnerabilities.
The target first verifies that the current Go version meets the requirement specified ingo.mod, then installs and runsgovulncheckto scan for vulnerable dependencies. The version extraction and comparison logic is clever; however, ensure it correctly handles all formats of thego versionoutput encountered in your environments.
195-198: New target: list-outdated.
This target filters the output ofgo list -u -m -json allusingjqto show outdated direct dependencies. It’s a useful addition for monitoring dependency updates.
200-203: New target: list-all-outdated.
Providing a comprehensive list, including transitive dependencies, this target helps in full-spectrum dependency management. Its usage ofjqto format the update details is clear and effective.
205-207: New target: clean-mod-cache.
A straightforward command that cleans the Go module cache usinggo clean -modcache, which can be very handy when troubleshooting module issues.
### [1.19.1](v1.19.0...v1.19.1) (2025-03-04) ### Bug Fixes * Bump deps ([#70](#70)) ([11ba9f8](11ba9f8))
|
This PR is included in version 1.19.1 🎉 |
## 1.0.0 (2025-04-11) ### Features * Add active-state cm ([wandb#2](https://github.com/sqaisar/wandb-operator/issues/2)) ([5a6c4c3](5a6c4c3)) * Add caching for deployer release requests ([1185b40](1185b40)) * Add events recording ([388d37b](388d37b)) * Add helm support ([077765c](077765c)) * Add option to set reconcileFrequency ([484c014](484c014)) * Add support for helm repo releases ([dfef752](dfef752)) * Add support for release from a git repository ([8a6b073](8a6b073)) * Adding owner ref and wait and timeout to uninstall ([wandb#51](https://github.com/sqaisar/wandb-operator/issues/51)) ([f21fd6d](f21fd6d)) * Allow the operator to support installation without cluster level permissions ([wandb#16](https://github.com/sqaisar/wandb-operator/issues/16)) ([6f29a3e](6f29a3e)) * Make wandb operator available on OperatorHub ([wandb#32](https://github.com/sqaisar/wandb-operator/issues/32)) ([1a59dab](1a59dab)) * **operator:** Add airgapped support ([wandb#12](https://github.com/sqaisar/wandb-operator/issues/12)) ([bfd3796](bfd3796)) * Prevent Logging of Sensitive info in Plain Text ([wandb#31](https://github.com/sqaisar/wandb-operator/issues/31)) ([5530cb3](5530cb3)) * Prevent Logging of Sensitive info in Plain Text ([wandb#35](https://github.com/sqaisar/wandb-operator/issues/35)) ([9a752fd](9a752fd)) * Release Version Pinning Init ([wandb#28](https://github.com/sqaisar/wandb-operator/issues/28)) ([dfe8bda](dfe8bda)) * Replace base image with RHEL UBI ([wandb#44](https://github.com/sqaisar/wandb-operator/issues/44)) ([12497d2](12497d2)) * Support for deploymenting via jobs ([da801ea](da801ea)) * Updated license.go file to include the feature for licenseSecret as well ([wandb#54](https://github.com/sqaisar/wandb-operator/issues/54)) ([bb55caa](bb55caa)) * Use container based deployments only ([3e6b222](3e6b222)) * use secrets instead of configmaps ([049797f](049797f)) ### Bug Fixes * add applied config to download bundle ([bef77c2](bef77c2)) * Add console namespace and service name to config properties ([0b9efef](0b9efef)) * Add debugging for installing release ([893ebd9](893ebd9)) * add gh token for ci ([72d456f](72d456f)) * add license log ([wandb#11](https://github.com/sqaisar/wandb-operator/issues/11)) ([e129fab](e129fab)) * Add operator namespace env ([846731a](846731a)) * add operator properties to config ([b5f48f0](b5f48f0)) * add pnpm, node and git to docker image ([176b6f0](176b6f0)) * Add Tilt configs for local development ([wandb#53](https://github.com/sqaisar/wandb-operator/issues/53)) ([5ef82b5](5ef82b5)) * added changelog commits ([61b5f5d](61b5f5d)) * Assign metadata instead of merging it ([908c839](908c839)) * Basic Auth Fix ([wandb#56](https://github.com/sqaisar/wandb-operator/issues/56)) ([414b2cf](414b2cf)) * Bump controller tools version to latest ([wandb#13](https://github.com/sqaisar/wandb-operator/issues/13)) ([c52dbb6](c52dbb6)) * Bump deps ([wandb#36](https://github.com/sqaisar/wandb-operator/issues/36)) ([eefb59c](eefb59c)) * Bump deps ([wandb#70](https://github.com/sqaisar/wandb-operator/issues/70)) ([11ba9f8](11ba9f8)) * Channel spec not getting applied correctly ([6e763a8](6e763a8)) * Charts download ([57355ce](57355ce)) * Clean up docker image ([ef7c629](ef7c629)) * clean up env for image push ([7213ed2](7213ed2)) * Correct merge order ([cd49cef](cd49cef)) * correctly check if chart is installed based on status ([384d330](384d330)) * Create release rc files ([f7f4622](f7f4622)) * Debug logging errors ([wandb#26](https://github.com/sqaisar/wandb-operator/issues/26)) ([a641621](a641621)) * Debug logging the cache ([wandb#21](https://github.com/sqaisar/wandb-operator/issues/21)) ([26e8fd5](26e8fd5)) * Debugging logic ([wandb#22](https://github.com/sqaisar/wandb-operator/issues/22)) ([2c019b8](2c019b8)) * Default to dev mode ([d961f77](d961f77)) * docker build ([d160a9c](d160a9c)) * docker image push ([e08b3da](e08b3da)) * Git release pulls correctly ([d47aebd](d47aebd)) * init controller ([0f0a9e9](0f0a9e9)) * install go version ([6664b4b](6664b4b)) * Install kubectl in docker image ([e5df9de](e5df9de)) * Jobs work? ([9972d26](9972d26)) * kubectl not working in docker image ([ffc694e](ffc694e)) * Local_resource and kubectl apply could risk deploying to the wrong context ([wandb#66](https://github.com/sqaisar/wandb-operator/issues/66)) ([a90a270](a90a270)) * lock pnpm version ([c2608f7](c2608f7)) * Log the diff of specs ([wandb#23](https://github.com/sqaisar/wandb-operator/issues/23)) ([c0ea0d8](c0ea0d8)) * Look for secret in namespace of wandb CR ([wandb#78](https://github.com/sqaisar/wandb-operator/issues/78)) ([e374c9a](e374c9a)) * Mask sensitive values in log ([wandb#14](https://github.com/sqaisar/wandb-operator/issues/14)) ([514336d](514336d)) * merge func ([94aa0d0](94aa0d0)) * Output json format logs ([90af7b6](90af7b6)) * Pass namespace into chart ([e8e0b8f](e8e0b8f)) * pass spec namespace and name ([79d77f2](79d77f2)) * Preserve unknown fields ([565a25f](565a25f)) * properly get license ([6ff6533](6ff6533)) * Properly merge chart specs together ([37c41bc](37c41bc)) * Properly parse chart from deployer ([5eabdfe](5eabdfe)) * Properly set namespace for deployments ([53f51a9](53f51a9)) * Properly update complete status ([86a5196](86a5196)) * push images to dockerhub ([d4cdd27](d4cdd27)) * refactor spec ([87be86b](87be86b)) * Refactor specs ([7c6da34](7c6da34)) * Release needs ginkgo ([wandb#65](https://github.com/sqaisar/wandb-operator/issues/65)) ([c51df78](c51df78)) * remove console ([fba45ee](fba45ee)) * remove debugging logs ([d4da31f](d4da31f)) * remove submodule ([bdb408a](bdb408a)) * Remove ui building step ([08ee985](08ee985)) * Rename config -> values and release -> chart ([519cd1b](519cd1b)) * Rename config spec cfs ([672100a](672100a)) * rename configs ([8727281](8727281)) * rename docker variables ([274e20c](274e20c)) * rename versioning step name ([77bf4ed](77bf4ed)) * reorder backup ([ab66486](ab66486)) * revert to v2 for semver ([535a721](535a721)) * Save active spec metadata ([47bd862](47bd862)) * Secret reading metadata ([6dab7ed](6dab7ed)) * secrets stored with correct values ([f6d61e9](f6d61e9)) * Serve console with gin ([c9e04aa](c9e04aa)) * set namespace when running kubectl apply ([1d6f00c](1d6f00c)) * Setting cached release namespace incorrectly ([e585555](e585555)) * Simplify docker image ([1cf55e4](1cf55e4)) * Support Openshift permissions schema for the helm cache ([wandb#17](https://github.com/sqaisar/wandb-operator/issues/17)) ([b498f79](b498f79)) * TLS ([wandb#67](https://github.com/sqaisar/wandb-operator/issues/67)) ([0d3013c](0d3013c)) * Tmp directory permissions ([b0820f5](b0820f5)) * Update to fix some CVEs ([wandb#55](https://github.com/sqaisar/wandb-operator/issues/55)) ([9a34cbe](9a34cbe)) * upgrade semantic to v3 ([594c463](594c463)) * Use cdk8s image for apply container ([189bc08](189bc08)) * Use deployer release channels ([480b380](480b380)) * Using validate for job spec ([5c7ff66](5c7ff66)) * x-kubernetes-preserve-unknown-fields ([bedac52](bedac52))
4 participants
ref INFRA-594
Summary by CodeRabbit
.DS_Storeto.gitignoreto exclude macOS system files from version control.