Conversation
product-security-plaid-production
Bot
requested review from
bolekk and
gustavogama-cll
|
👋 carte7000, thanks for creating this pull request! To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team. Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks! |
|
I see you updated files related to
|
|
✅ No conflicts with other open PRs targeting |
There was a problem hiding this comment.
Pull request overview
Risk Rating: LOW (dependency-only changes across multiple Go modules; primary risk is build/test breakage due to updated transitive deps)
This PR updates CCV-related Go dependencies across the repo’s main module and test/deployment submodules to keep them aligned with newer chainlink-ccv and chainlink-ccip/ccv/chains/evm pseudo-versions.
Changes:
- Bump
github.com/smartcontractkit/chainlink-ccvtov0.0.0-20260320145055-eb20b529ff95across modules. - Bump
github.com/smartcontractkit/chainlink-ccip/ccv/chains/evmtov0.0.0-20260319175550-83cf59fe6839across modules. - Add/record new indirect dependencies in system-test modules (
mfridman/interpolate,pressly/goose) and associatedgo.sumentries.
Reviewed changes
Copilot reviewed 7 out of 14 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| go.mod | Bumps chainlink-ccv and updates indirect chainlink-ccip/ccv/chains/evm version. |
| go.sum | Updates sums for the bumped CCV dependencies. |
| deployment/go.mod | Aligns deployment module’s indirect CCV deps to the bumped versions. |
| deployment/go.sum | Updates sums for bumped CCV dependencies in deployment module. |
| core/scripts/go.mod | Aligns scripts module’s indirect CCV deps to the bumped versions. |
| core/scripts/go.sum | Updates sums for bumped CCV dependencies in scripts module. |
| integration-tests/go.mod | Aligns integration-tests module’s indirect CCV deps to the bumped versions. |
| integration-tests/go.sum | Updates sums for bumped CCV dependencies in integration-tests module. |
| integration-tests/load/go.mod | Aligns load submodule’s indirect CCV deps to the bumped versions. |
| integration-tests/load/go.sum | Updates sums for bumped CCV dependencies in load submodule. |
| system-tests/lib/go.mod | Adds indirect deps and aligns indirect CCV deps to the bumped versions. |
| system-tests/lib/go.sum | Adds required sums (incl. new transitive deps) and updates CCV sums. |
| system-tests/tests/go.mod | Adds indirect deps and aligns indirect CCV deps to the bumped versions. |
| system-tests/tests/go.sum | Adds required sums (incl. new transitive deps) and updates CCV sums. |
Areas for scrupulous human review:
- Confirm the new
chainlink-ccv/chainlink-ccip/ccv/chains/evmSHAs are the intended ones for LINK-777 and are compatible with the currentchainlink-ccipversion already pinned in each module. - Sanity-check CI for modules that picked up new transitive deps (notably
modernc.org/sqlitevia dependency graph changes) to ensure no platform-specific build surprises.
Suggested reviewers (per .github/CODEOWNERS):
- Root
go.mod/go.sum:@smartcontractkit/core,@smartcontractkit/foundations deployment/**:@smartcontractkit/ccip-tooling,@smartcontractkit/ccip-offchain,@smartcontractkit/keystone,@smartcontractkit/operations-platform,@smartcontractkit/coreintegration-tests/**:@smartcontractkit/devex-tooling,@smartcontractkit/core
|
Requires
Supports