chore(deps): upgrade Go modules and GitHub Actions#533
Merged
Conversation
Go modules: - go.opentelemetry.io/otel v1.40.0 → v1.42.0 - go.opentelemetry.io/otel/metric v1.40.0 → v1.42.0 - go.opentelemetry.io/otel/trace v1.40.0 → v1.42.0 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 → v0.67.0 GitHub Actions: - step-security/harden-runner v2.12.0 → v2.16.0 - codecov/codecov-action v5.5.2 → v5.5.3 Signed-off-by: Sebastian Mendel <[email protected]>
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request focuses on maintaining the project's health and security by upgrading various dependencies to their latest compatible versions. It ensures that the application benefits from recent improvements and bug fixes in both its Go modules, specifically OpenTelemetry components, and the GitHub Actions workflows, without introducing any breaking changes. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
Updates project dependencies (Go modules and GitHub Actions) to newer compatible versions to keep the scheduler up-to-date and reduce exposure to dependency issues.
Changes:
- Bump OpenTelemetry Go modules (
otel,metric,trace) andotelhttp. - Update pinned GitHub Actions revisions for
step-security/harden-runnerandcodecov/codecov-action. - Document the dependency bumps in
CHANGELOG.md.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
go.mod |
Updates OpenTelemetry module versions. |
go.sum |
Refreshes module checksums after dependency bumps. |
CHANGELOG.md |
Adds entries for the dependency/action updates under Unreleased. |
.github/workflows/release-slsa.yml |
Updates harden-runner pin used in release SLSA workflow. |
.github/workflows/ci.yml |
Updates harden-runner and codecov-action pins used in CI. |
- Bump OTel exporter/proto to match core v1.42.0 (no mixed versions) - Update harden-runner in all workflows (auto-merge, pr-quality, scorecard, cleanup-containers, mutation) - Update CHANGELOG with all bumped dependencies Signed-off-by: Sebastian Mendel <[email protected]>
The OTel exporter packages report compound SPDX "Apache-2.0 AND BSD-3-Clause" which dependency-review-action can't match via allow-licenses. Add them to allow-dependencies-licenses. Signed-off-by: Sebastian Mendel <[email protected]>
|
🚀 Released in v0.22.0 Thank you for your contribution! 🙏 This is now available in the latest release. Please test and verify everything works as expected in your environment. If you encounter any issues, please open a new issue. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Upgrade all dependencies to latest compatible versions.
Go modules
go.opentelemetry.io/otelv1.40.0 → v1.42.0go.opentelemetry.io/otel/metricv1.40.0 → v1.42.0go.opentelemetry.io/otel/tracev1.40.0 → v1.42.0go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpv0.65.0 → v0.67.0GitHub Actions
step-security/harden-runnerv2.12.0 → v2.16.0codecov/codecov-actionv5.5.2 → v5.5.3Not upgraded (major version bumps, separate PRs)
actions/checkoutv4 → v6actions/upload-artifactv4 → v7golangci/golangci-lint-actionv7 → v9docker/build-push-actionv6 → v7Test plan