Conversation
Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/moby/spdystream/releases) - [Commits](moby/spdystream@v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/moby/spdystream dependency-version: 0.5.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
Bot
added
dependencies
There was a problem hiding this comment.
Pull request overview
This Dependabot PR aims to update the repository’s Go module dependencies (per title/description, bumping github.com/moby/spdystream), but the diffs shown primarily remove moby/spdystream and several other dependencies from go.mod/go.sum/vendor/modules.txt rather than upgrading to v0.5.1.
Changes:
- Removes
github.com/moby/spdystream(and other related/unused dependencies) fromgo.mod,go.sum, andvendor/modules.txt. - Reclassifies some requirements between direct vs indirect in
go.mod. - Updates
go.sumwith additional checksum entries for transitive modules.
Reviewed changes
Copilot reviewed 1 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
go.mod |
Removes moby/spdystream and adjusts direct/indirect dependency declarations. |
go.sum |
Drops checksums for removed modules (including moby/spdystream v0.5.0) and adds new checksum entries. |
vendor/modules.txt |
Updates vendored module manifest, removing entries for modules no longer in the vendor set (including moby/spdystream). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| github.com/mailru/easyjson v0.7.7 // indirect | ||
| github.com/moby/spdystream v0.5.0 // indirect | ||
| github.com/moby/sys/mountinfo v0.7.2 // indirect | ||
| github.com/moby/term v0.5.0 // indirect | ||
| github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect | ||
| github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect | ||
| github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect | ||
| github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect | ||
| github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect | ||
| github.com/opencontainers/go-digest v1.0.0 // indirect |
There was a problem hiding this comment.
PR title/description says moby/spdystream is being bumped to v0.5.1, but this hunk removes the moby/spdystream requirement entirely (and related indirect deps) rather than updating it. Please reconcile by either updating to v0.5.1 (if still needed) or adjusting the PR title/description to reflect that the dependency is being removed/pruned.
Bumps github.com/moby/spdystream from 0.5.0 to 0.5.1.
Release notes
Sourced from github.com/moby/spdystream's releases.
Commits
c59e5d7Merge pull request #109 from thaJeztah/use_ioutil2fd0155use ioutil.Discard for go1.13 compatibilityef6121fMerge commit from fork241cec9compare with signed Int for 32-bit Arm21c3864Add options to customize limitsacf9b45spdy: update godoc for MaxDataLengtheb63605spdy: limit header-size and header-count2f21da4spdy: fix header block byte accounting5976b66spdy: enforce 24-bit frame length limitscf0ec5dGuard against oversized SPDY framesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.