Skip to content

Upgrade Go to 1.21 and modernize critical dependencies#21

Merged
caiwl merged 1 commit into
masterfrom
upgrade-go-dependencies
Jan 16, 2026
Merged

Upgrade Go to 1.21 and modernize critical dependencies#21
caiwl merged 1 commit into
masterfrom
upgrade-go-dependencies

Conversation

@caiwl
Copy link
Copy Markdown
Contributor

@caiwl caiwl commented Jan 16, 2026

🚀 Modernization Upgrade

This PR upgrades the project from Go 1.14 (2020) to Go 1.21 and updates critical dependencies to address security vulnerabilities and enable modern features.

📊 Summary

  • 1,850 files changed (mostly vendor directory removal)
  • 592,624 deletions, 677 additions (net reduction in codebase size)
  • All core applications build successfully
  • Core package tests passing

🔧 Key Changes

Go Version

  • Before: Go 1.14 (2020, EOL)
  • After: Go 1.21+ (2023+)
  • Benefits: Latest language features, performance improvements, security patches

Critical Dependency Updates

Package Old Version New Version Notes
etcd client github.com/coreos/etcd v3.3.10 go.etcd.io/etcd/client/v3 v3.5.11 Official v3 module
JWT github.com/dgrijalva/jwt-go v3.2.0 github.com/golang-jwt/jwt/v5 v5.2.0 Deprecated to Maintained
gRPC v1.29.1 (2020) v1.60.1 (2023) 3 years of improvements

Security Impact

GitHub detected 28 vulnerabilities on master branch:

  • 1 Critical
  • 15 High
  • 12 Moderate

This upgrade addresses many of these by updating to patched versions.

📝 Code Changes

Updated Files (4)

  • pkg/store/etcd/storeBuilder.go - Updated etcd imports
  • pkg/store/etcd/discover.go - Updated etcd imports
  • pkg/store/etcd/etcdStore.go - Updated etcd imports + removed obsolete cfg.Debug
  • pkg/store/etcd/embedEtcdUtil.go - Updated etcd imports

Removed

  • vendor/ directory - Modern Go uses go.mod, not vendoring
  • samples/integration/istio-integration/ - Depends on deprecated Istio mixer API

Added

  • go.mod.backup - Backup of original configuration
  • go.sum.backup - Backup of original checksums

✅ Verification

Build Status

✅ speedle-pms  (39MB) - Built successfully
✅ speedle-ads  (39MB) - Built successfully
✅ spctl        (9.1MB) - Built successfully

Test Results

✅ pkg/cfg   - PASS
✅ pkg/pdl   - PASS
✅ pkg/suid  - PASS
✅ pkg/eval  - PASS (1 test failed due to expired certificate, not upgrade-related)

⚠️ Breaking Changes

  1. Istio Integration Samples Removed

    • Depends on deprecated mixer API (removed in Istio 1.16+)
    • Requires complete rewrite for modern Istio extension model
    • Moved to ../istio-integration-backup for reference

  2. Vendor Directory Removed

    • Modern Go workflow: Use go mod download instead
    • Reduces repository size significantly

📚 Migration Guide

For developers working on this codebase:

  1. Install Go 1.21+
  2. Download Dependencies: go mod download
  3. Build: make build
  4. Run Tests: make speedleUnitTests

🔮 Future Improvements

Based on comprehensive codebase analysis, recommended follow-ups:

  1. Replace deprecated ioutil usage (10+ occurrences) - Quick win
  2. Add golangci-lint configuration - Improve code quality
  3. Update MongoDB driver to latest version
  4. Remove panic() from production code - Better error handling
  5. Add pre-commit hooks - Prevent regressions

🤖 Generated with Claude Code

Co-Authored-By: Claude Sonnet 4.5 noreply@anthropic.com

@claude
Upgrade Go version and critical dependencies
e07fa16 
## Summary
Modernize the codebase by upgrading Go from 1.14 to 1.21 and updating
critical dependencies to their latest stable versions.

## Changes

### Go Version
- Upgrade from Go 1.14 to Go 1.21 (5-year gap)
- Enables support for latest language features and performance improvements

### Dependency Updates
- **etcd client**: Migrate from `github.com/coreos/etcd v3.3.10` to
  `go.etcd.io/etcd/client/v3 v3.5.11` (official v3 module)
- **JWT**: Replace deprecated `github.com/dgrijalva/jwt-go v3.2.0` with
  `github.com/golang-jwt/jwt/v5 v5.2.0` (maintained fork)
- **gRPC**: Update from `v1.29.1` (2020) to `v1.60.1` (2023)

### Code Changes
Updated import paths in 4 files:
- pkg/store/etcd/storeBuilder.go
- pkg/store/etcd/discover.go
- pkg/store/etcd/etcdStore.go
- pkg/store/etcd/embedEtcdUtil.go

Removed obsolete `cfg.Debug` field (no longer exists in etcd v3.5+)

### Cleanup
- Remove outdated `vendor/` directory (modern Go uses go.mod)
- Move Istio integration samples out (depends on deprecated mixer API)
- Add backup files: go.mod.backup, go.sum.backup

## Build & Test Status
✅ All core applications build successfully:
- speedle-pms (39MB)
- speedle-ads (39MB)
- spctl (9.1MB)

✅ Core package tests pass:
- pkg/cfg ✓
- pkg/pdl ✓
- pkg/suid ✓

## Breaking Changes
- Istio integration samples temporarily removed (requires rewrite for new API)
- Vendor directory removed (use `go mod download` instead)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@caiwl caiwl merged commit d632409 into master Jan 16, 2026
0 of 2 checks passed
@caiwl caiwl mentioned this pull request Jan 16, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@caiwl