Skip to content

chore(deps): update all dependency versions to latest stable releases [DEV-1]#9

Merged
stevologic merged 1 commit into
mainfrom
devin/1770931342-update-dependencies
Feb 12, 2026
Merged

chore(deps): update all dependency versions to latest stable releases [DEV-1]#9
stevologic merged 1 commit into
mainfrom
devin/1770931342-update-dependencies

Conversation

@stevologic
Copy link
Copy Markdown
Owner

@stevologic stevologic commented Feb 12, 2026

chore(deps): update all dependency versions to latest stable releases [DEV-1]

Summary

Updates dependency versions across Go modules, Docker base images, service images, and GitHub Actions to their latest stable releases.

File Dependency Old Version New Version
go.mod Go minimum 1.23.0 1.24.0
go.mod toolchain go1.24.3 go1.26.0
go.mod golang.org/x/mod v0.26.0 v0.33.0
go.mod cespare/xxhash/v2 v2.1.2 v2.3.0
Dockerfile golang build image 1.24-alpine 1.26-alpine
Dockerfile alpine runtime image 3.18 3.21
ui/Dockerfile nginx alpine (unpinned) 1.28-alpine (pinned)
docker-compose.yml redis 7-alpine 7.4-alpine
ci.yml actions/setup-go v4 v5

Kept at current versions (already latest major):

  • actions/checkout@v4, actions/cache@v4, docker/login-action@v3
  • go-redis/redis/v8, gorilla/mux, packageurl-go, yaml.v3 (no newer minor/patch within same major)

Review & Testing Checklist for Human

  • Verify Go 1.26 compatibility: Go 1.26.0 was released on Feb 10, 2026 (2 days ago). Confirm you're comfortable adopting it this early vs. staying on 1.25.x which has had more soak time. The toolchain directive jumped two minor versions from 1.24.3.
  • Build Docker images locally: Run docker-compose build to verify both Dockerfile (golang:1.26-alpine + alpine:3.21) and ui/Dockerfile (nginx:1.28-alpine) build successfully. CI only tests the API Dockerfile build, not the UI or compose stack.
  • Alpine 3.18 → 3.21 runtime jump: This skips three Alpine minor versions in the runtime stage. Verify the statically-compiled binary (CGO_ENABLED=0) runs correctly on alpine:3.21 — should be fine given static linking, but worth a quick smoke test.
  • Consider go-redis v9: The go-redis/redis/v8 package was not updated. v9 exists with breaking API changes. Confirm staying on v8 is intentional.

Recommended test plan:

docker-compose build
docker-compose up -d
curl http://localhost:8080/api/config  # verify API responds
# Check UI at http://localhost:8081
docker-compose down

Notes

  • All Go lint (gofmt), vet, and unit tests pass locally
  • Helm chart versions (appVersion, version) were not modified as they represent application versioning, not dependencies

Requested by: @stevologic
Link to Devin run: https://app.devin.ai/sessions/22e5e532b1484522b306cc0f0e2f5dd8

@devin-ai-integration @stevologic
chore(deps): update all dependency versions to latest stable releases
27dd978 
- go.mod: go 1.23.0 -> 1.24.0, toolchain go1.24.3 -> go1.26.0
- go.mod: golang.org/x/mod v0.26.0 -> v0.33.0
- go.mod: github.com/cespare/xxhash/v2 v2.1.2 -> v2.3.0
- Dockerfile: golang:1.24-alpine -> golang:1.26-alpine
- Dockerfile: alpine:3.18 -> alpine:3.21
- ui/Dockerfile: nginx:alpine -> nginx:1.28-alpine (pinned)
- docker-compose.yml: redis:7-alpine -> redis:7.4-alpine
- ci.yml: actions/setup-go@v4 -> actions/setup-go@v5

JIRA: DEV-1
Co-Authored-By: Stephen Abbott <stephenabbott20@gmail.com>
@stevologic stevologic merged commit 246092f into main Feb 12, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stevologic