dependency: bump * for June 11, 2026#21959
Conversation
|
Hi @vivekpatani. Thanks for your PR. I'm waiting for a etcd-io member to verify that this patch is reasonable to test. If it is, they should reply with Tip We noticed you've done this a few times! Consider joining the org to skip this step and gain Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
5f55225 to
0f3eadd
Compare
|
/ok-to-test |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted filessee 22 files with indirect coverage changes @@ Coverage Diff @@
## main #21959 +/- ##
==========================================
+ Coverage 69.65% 69.73% +0.08%
==========================================
Files 449 449
Lines 38172 38172
==========================================
+ Hits 26588 26620 +32
+ Misses 10152 10119 -33
- Partials 1432 1433 +1 Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
|
@vivekpatani, can you drop 8f42705? We should only focus on Go dependency bumps. That Dockerfile is used to track the latest version to keep |
|
@vivekpatani, it would also be helpful if you could list the actions for this PR. As a reference, previous PRs #21773 list which ones are indirect, which ones are bumped, etc. |
|
@vivekpatani can you please resolve the review comments? The new wave of dependabot PRs may come soon. |
See upstream PR etcd-io#21946. Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
…om 1.43.0 to 1.44.0 See upstream PR etcd-io#21948. Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
…lptracegrpc from 1.43.0 to 1.44.0 See upstream PR etcd-io#21949. Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
See upstream PR etcd-io#21944. Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
See upstream PR etcd-io#21945. Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
0f3eadd to
0208ed2
Compare
Dropped.
Done.
Updated the description: #21959 (comment) Thank you @ahrtr @ivanvc feel free to feedback, appreciate it. |
|
/test pull-etcd-govulncheck |
|
The workflow failure seems not related to this PR. |
|
/test pull-etcd-govulncheck |
|
@vivekpatani: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
From another PR I submitted here:
|
|
Generated by claude code. Root CauseThe panic is caused by a combination of two things: 1. New cache package uses Go genericsThe cache package (e.g., cache/ringbuffer.go:17) uses generic type parameters: 2. golang.org/x/tools@v0.46.0 panics on *types.TypeParamWhen govulncheck runs, it:
Looking at v0.45.0's element.go:124-126 (same logic exists in v0.46.0): In v0.46.0 the panic message was made more descriptive: "ForEachElement called on type containing *types.TypeParam" — which is exactly what appears in the stack trace. SummaryThe cache package's use of Go generics introduced *types.TypeParam into the type graph. govulncheck@v1.4.0 (using golang.org/x/tools@v0.46.0) builds a call graph via SSA analysis, which internally calls ForEachElement — a function that explicitly panics when it encounters a generic type parameter, because it was not designed to handle parameterized types. This is effectively a bug in govulncheck/golang.org/x/tools: the call graph analysis doesn't support Go generics. The fix needs to come from upstream — either golang.org/x/tools fixes ForEachElement to handle *types.TypeParam, or golang.org/x/vuln avoids calling RuntimeTypes() on SSA programs that contain instantiated generics. |
|
It looks like a bug in govulncheck/golang.org/x/tools. I am OK to ping to govulncheck@v1.3.0 for now to workaround it. Pls feel free to deliver a PR. @vivekpatani Once it's confirmed and fixed by govulncheck and/or golang.org/x/tools, we can revert the change. |
|
We are not alone. golang/go#80059 |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ahrtr, vivekpatani The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.
This pull request completes this week's etcd dependency updates following our dependency roster and dependency management instructions.
Bumped:
go.opentelemetry.io/otel/sdk1.43.0 → 1.44.0go.opentelemetry.io/otel/exporters/otlp/otlptrace1.43.0 → 1.44.0go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc1.43.0 → 1.44.0Purely Indirect:
codeberg.org/go-pdf/fpdf0.10.0 → 0.12.0 (intools/rw-heatmaps)github.com/bmatcuk/doublestar/v44.8.1 → 4.10.0 (intools/mod)