Update all dependencies to latest#80
Merged
Merged
Conversation
Bump go-pkgz/testutils to 0.6.0, which moves testcontainers-go to 0.42 and migrates the docker client to the new moby/moby module. This drops github.com/docker/docker and google.golang.org/grpc from the graph entirely, clearing all open Dependabot alerts: - google.golang.org/grpc CVE-2026-33186 (critical, test-only) - github.com/docker/docker CVE-2026-34040 and related (high/medium, test-only) Also update mongo-driver, golang.org/x/net, otel and aws-sdk deps to latest within the go 1.25 requirement. Introduce constants for repeated mongo field names and operators to satisfy goconst. go test -race, go vet, golangci-lint and govulncheck all clean.
Coverage Report for CI Build 28460920821Coverage remained the same at 77.947%Details
Uncovered ChangesNo uncovered changes found. Coverage Regressions3 previously-covered lines in 1 file lost coverage.
Coverage Stats
💛 - Coveralls |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates every module to its latest version within the go 1.25 requirement.
Security alerts cleared
The Dependabot alerts (grpc CVE-2026-33186 critical, docker/docker CVE-2026-34040 high + related) were all in test-only transitive deps pulled through
go-pkgz/testutils→testcontainers-go. Bumpingtestutilsto 0.6.0 movestestcontainers-goto 0.42, which migrated its docker client to the newmoby/mobymodule. As a resultgithub.com/docker/dockerandgoogle.golang.org/grpcare dropped from the module graph entirely — the alerts are resolved by removal, not just a version bump.Other updates
go.mongodb.org/mongo-driver/v22.5.0 → 2.7.0golang.org/x/net0.53.0 → 0.56.0, plus x/crypto, x/text, x/sysgo-pkgz/lgr,docker/go-connections0.6 → 0.7Other
domain,enabled,_id,$set) to satisfy thegoconstlinter, which was failing CI.vendor/re-synced.Verified locally:
go test -race ./...(incl. the mongo testcontainers tests),go vet,golangci-lint run, andgovulncheck ./...all clean.Supersedes #79.