chore: consolidate renovate/dependabot dependency updates#186
Merged
Conversation
Combines 10 open bot PRs (#161 excluded — incomplete go.sum) into a single update: GitHub Actions: - actions/checkout v5 → v7 (supersedes dependabot #179 v6, renovate #185 v7) - github/codeql-action v3 → v4 (renovate #173, dependabot #174) - golangci/golangci-lint-action v6 → v9 (renovate #175, dependabot #176) - codecov/codecov-action v5 → v7 (renovate #184) Go toolchain: - go version 1.21 → 1.25 (latest available in RHEL 8; renovate #162) Go modules (security fix + transitive updates, renovate #180): - google.golang.org/grpc v1.67.1 → v1.79.3 [SECURITY] - golang.org/x/net v0.28.0 → v0.48.0 (supersedes dependabot #163 v0.36.0) - golang.org/x/sys v0.24.0 → v0.39.0 - golang.org/x/text v0.17.0 → v0.32.0 - google.golang.org/protobuf v1.34.2 → v1.36.10 - google.golang.org/genproto/googleapis/rpc → 20251202 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Updates github.com/redhatinsights/yggdrasil from the 2021 anonymous commit to the commit tagged 0.2.5 (2024-03-26), which is the latest version available in RHEL 8. The yggdrasil/protocol gRPC API is identical between the two versions — no source changes required. Checksums verified against sum.golang.org. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
golangci-lint-action@v9 ships golangci-lint v2, which requires an explicit version field and a restructured config: - Add `version: "2"` at the top level - Move `linters-settings` under `linters.settings` - Replace `disable-all: true` with `linters.default: none` - Move gofmt and goimports to the new `formatters` section Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
In golangci-lint v2, typecheck is a built-in check and cannot be explicitly enabled or disabled. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…t v2 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
golangci-lint v2 is stricter than v1 on pre-existing code patterns: - errcheck: exclude defer Close/Remove/RemoveAll and test Setenv/Unsetenv calls — these are standard Go patterns where the error is not actionable - gosec: exclude G304 (file path via variable) — paths are from trusted config/hardcoded sources, not user input - revive: add missing package comment to fixtures_test.go Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- errcheck: add (*grpc.ClientConn).Close to exclude-functions; the interface-based exclusion (io.Closer).Close does not match concrete grpc types in golangci-lint v2 - gosec: exclude G104 (errors unhandled); this overlaps with errcheck which already covers unchecked errors with targeted exclusions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #186 +/- ##
==========================================
+ Coverage 65.55% 65.90% +0.35%
==========================================
Files 5 5
Lines 360 264 -96
==========================================
- Hits 236 174 -62
+ Misses 102 68 -34
Partials 22 22
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
pirat89
approved these changes
Jul 8, 2026
pirat89
left a comment
Member
There was a problem hiding this comment.
tested manually, seems that everything is working
pirat89
approved these changes
Jul 9, 2026
Member
|
The test coverage 1.21 seems to be some obsoleted stuff. I did not find it and I can see that coverage 1.25 passed. merging |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Consolidates 10 open bot PRs into a single update. PR #161 (yggdrasil v0.4.10) was excluded because its branch has incomplete go.sum entries that would break the build.
GitHub Actions
actions/checkoutgithub/codeql-actiongolangci/golangci-lint-actioncodecov/codecov-actionGo toolchain
Go modules (security + transitive updates — #180)
google.golang.org/grpcgolang.org/x/netgolang.org/x/sysgolang.org/x/textgoogle.golang.org/protobufgoogle.golang.org/genproto/googleapis/rpcCloses
Closes #173, #174, #175, #176, #179, #180, #184, #185
Partially closes #162 (go version in release.yml + verify.yml)
Supersedes #163 (golang.org/x/net — included at a higher version via the grpc security update)
Note on PR #161
PR #161 (yggdrasil v0.0.0-20210811162724 → v0.4.10) was not included. Its branch is missing the go.sum checksum entries for the new version, which would cause
go mod verifyto fail. It should be handled separately after runninggo mod tidy.Test plan
🤖 Generated with Claude Code