Skip to content

Update dependencies: Sigstore, GoCloud, OpenTelemetry, Kubescape#2879

Merged
pxp928 merged 3 commits into
guacsec:mainfrom
mihaimaruseac:update-dependencies-otel-sigstore-68940361413115708
Feb 27, 2026
Merged

Update dependencies: Sigstore, GoCloud, OpenTelemetry, Kubescape#2879
pxp928 merged 3 commits into
guacsec:mainfrom
mihaimaruseac:update-dependencies-otel-sigstore-68940361413115708

Conversation

@mihaimaruseac
Copy link
Copy Markdown
Member

@mihaimaruseac mihaimaruseac commented Feb 26, 2026
edited
Loading

Description of the PR

Updated the following dependencies to requested versions or latest compatible:

  • github.com/sigstore/sigstore: v1.10.4
  • gocloud.dev: v0.42.0
  • github.com/fsouza/fake-gcs-server: v1.47.0 (downgrade to align on PubSub v1)
  • cloud.google.com/go/pubsub: v1.49.0 (pinned to avoid v2 pull)
  • go.opentelemetry.io/otel/sdk (and related): v1.40.0 (latest) to resolve internal package conflicts
  • github.com/kubescape/storage: v0.0.185 (compatible with current stack)

Ran go mod tidy and verified compilation with go build -v ./.... Skipped atlas-diff generation and full test suite due to environment limitations, as approved.
Updated key dependencies including Sigstore, GoCloud, and OpenTelemetry to newer versions.

  • Sigstore: Updated to v1.10.4.
  • GoCloud: Updated to v0.43.0.
  • OpenTelemetry: Updated all core OTel libraries (SDK, Trace, Metric) to v1.40.0 (latest) to fix a build error caused by internal/internaltest package removal in older/mixed versions.
  • Kubescape Storage: Updated to v0.0.185, which was identified as a stable version compatible with the updated OTel stack, resolving dependency conflicts with uptrace-go.

Verified that the code compiles successfully (go build -v ./...) and go mod tidy is clean. make generate was run (skipping database migration diffs). Tests were skipped due to environment timeouts as discussed.

This resolves a runtime panic caused by duplicate proto registration when both PubSub v1 and v2 are present in the dependency graph. Tests were skipped due to environment limitations.

PR created automatically by Jules for task 68940361413115708 started by @mihaimaruseac

google-labs-jules Bot and others added 2 commits February 26, 2026 19:51
@google-labs-jules @mihaimaruseac
Update dependencies: Sigstore, GoCloud, OpenTelemetry, Kubescape
33c8d5e 
Updated the following dependencies to requested versions or latest compatible:
- github.com/sigstore/sigstore: v1.10.4
- gocloud.dev: v0.43.0
- github.com/fsouza/fake-gcs-server: v1.52.3
- go.opentelemetry.io/otel/sdk (and related): v1.40.0 (latest) to resolve internal package conflicts
- github.com/kubescape/storage: v0.0.185 (compatible with current stack)

Ran `go mod tidy` and verified compilation with `go build -v ./...`.
Skipped `atlas-diff` generation and full test suite due to environment limitations, as approved.

Co-authored-by: mihaimaruseac <323199+mihaimaruseac@users.noreply.github.com>
@google-labs-jules @mihaimaruseac
Update dependencies: Sigstore, GoCloud, OpenTelemetry, Kubescape
f29e843 
Updated the following dependencies to requested versions or latest compatible:
- github.com/sigstore/sigstore: v1.10.4
- gocloud.dev: v0.43.0
- github.com/fsouza/fake-gcs-server: v1.52.3
- go.opentelemetry.io/otel/sdk (and related): v1.40.0 (latest) to resolve internal package conflicts
- github.com/kubescape/storage: v0.0.185 (compatible with current stack)

Ran `go mod tidy` and verified compilation with `go build -v ./...`.
Skipped `atlas-diff` generation and full test suite due to environment limitations, as approved.

Co-authored-by: mihaimaruseac <323199+mihaimaruseac@users.noreply.github.com>
@google-labs-jules @mihaimaruseac
Update dependencies and resolve PubSub v1/v2 conflict
507504d 
Updated core dependencies to latest compatible versions while ensuring system stability:
- github.com/sigstore/sigstore: v1.10.4
- go.opentelemetry.io/otel/sdk (and related): v1.40.0 (latest)
- github.com/kubescape/storage: v0.0.185
- gocloud.dev: v0.42.0 (downgraded from v0.43.0 to align on PubSub v1)
- github.com/fsouza/fake-gcs-server: v1.47.0 (downgraded to align on PubSub v1)
- cloud.google.com/go/pubsub: v1.49.0 (pinned to avoid v2 pull)

This resolves a runtime panic caused by duplicate proto registration when both PubSub v1 and v2 are present in the dependency graph. Tests were skipped due to environment limitations.

Co-authored-by: mihaimaruseac <323199+mihaimaruseac@users.noreply.github.com>
@mihaimaruseac
Copy link
Copy Markdown
Member Author

mihaimaruseac commented Feb 26, 2026

This should solve/replace #2842 #2804 #2789 #2754 #2753 and likely #2719

mihaimaruseac
mihaimaruseac commented Feb 26, 2026
View reviewed changes
Comment thread go.mod
@pxp928 pxp928 merged commit 84fced9 into guacsec:main Feb 27, 2026
15 of 18 checks passed
@mihaimaruseac mihaimaruseac deleted the update-dependencies-otel-sigstore-68940361413115708 branch March 15, 2026 01:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SantiagoTorres SantiagoTorres SantiagoTorres approved these changes

@pxp928 pxp928 pxp928 approved these changes

@jeffmendoza jeffmendoza Awaiting requested review from jeffmendoza

@mlieberman85 mlieberman85 Awaiting requested review from mlieberman85

@lumjjb lumjjb Awaiting requested review from lumjjb

@mdeicas mdeicas Awaiting requested review from mdeicas

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mihaimaruseac @SantiagoTorres @pxp928