Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade viper, argo-cd, openai, grpc, prometheus, opa, golang 1.22, linting #285

Merged
merged 13 commits into from
Sep 30, 2024
Merged

Upgrade viper, argo-cd, openai, grpc, prometheus, opa, golang 1.22, linting #285

merged 13 commits into from
Sep 30, 2024

Conversation

djeebus
Copy link
Collaborator

@djeebus djeebus commented Sep 30, 2024

No description provided.

dependabot bot and others added 10 commits July 11, 2024 13:31
@dependabot
Bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7
c13552f 
Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.5 to 0.7.7.
- [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md)
- [Commits](hashicorp/go-retryablehttp@v0.7.5...v0.7.7)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-retryablehttp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump github.com/spf13/viper from 1.18.2 to 1.19.0
e1abdad 
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.2 to 1.19.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](spf13/viper@v1.18.2...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump github.com/argoproj/argo-cd/v2 from 2.11.6 to 2.11.7
e601ea7 
Bumps [github.com/argoproj/argo-cd/v2](https://github.com/argoproj/argo-cd) from 2.11.6 to 2.11.7.
- [Release notes](https://github.com/argoproj/argo-cd/releases)
- [Changelog](https://github.com/argoproj/argo-cd/blob/master/CHANGELOG.md)
- [Commits](argoproj/argo-cd@v2.11.6...v2.11.7)

---
updated-dependencies:
- dependency-name: github.com/argoproj/argo-cd/v2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump github.com/open-policy-agent/opa from 0.61.0 to 0.68.0
2e82387 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.61.0 to 0.68.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](open-policy-agent/opa@v0.61.0...v0.68.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump github.com/sashabaranov/go-openai from 1.27.0 to 1.30.3
f0a3dac 
Bumps [github.com/sashabaranov/go-openai](https://github.com/sashabaranov/go-openai) from 1.27.0 to 1.30.3.
- [Release notes](https://github.com/sashabaranov/go-openai/releases)
- [Commits](sashabaranov/go-openai@v1.27.0...v1.30.3)

---
updated-dependencies:
- dependency-name: github.com/sashabaranov/go-openai
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump google.golang.org/grpc from 1.64.0 to 1.67.0
68c5df2 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.67.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.64.0...v1.67.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@djeebus
Merge remote-tracking branch 'origin/dependabot/go_modules/github.com…
afd79e6 
…/sashabaranov/go-openai-1.30.3' into upgrades
@djeebus
Merge remote-tracking branch 'origin/dependabot/go_modules/google.gol…
b6a29a5 
…ang.org/grpc-1.67.0' into upgrades
@djeebus
Merge remote-tracking branch 'origin/dependabot/go_modules/github.com…
47ce92e 
…/spf13/viper-1.19.0' into upgrades
@djeebus
Merge remote-tracking branch 'origin/dependabot/go_modules/github.com…
d452e8f 
…/argoproj/argo-cd/v2-2.11.7' into upgrades
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 30, 2024
edited
Loading

Temporary image deleted.

abhi-kapoor
abhi-kapoor approved these changes Sep 30, 2024
View reviewed changes
Copy link

@abhi-kapoor abhi-kapoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍🏽

@djeebus
Merge remote-tracking branch 'origin/dependabot/go_modules/github.com…
2c69cde 
…/open-policy-agent/opa-0.68.0' into upgrades

# Conflicts:
#	go.mod
#	go.sum
@djeebus
Merge remote-tracking branch 'origin/dependabot/go_modules/github.com…
7cdbe55 
…/hashicorp/go-retryablehttp-0.7.7' into upgrades
@djeebus
upgrade linting
11f333b
@djeebus djeebus changed the title Bump viper, argo-cd, openai, and grpc Bump viper, argo-cd, openai, grpc, prometheus, opa. Upgrade to golang 1.22, bump linting tools. Sep 30, 2024
@djeebus djeebus changed the title Bump viper, argo-cd, openai, grpc, prometheus, opa. Upgrade to golang 1.22, bump linting tools. Bump viper, argo-cd, openai, grpc, prometheus, opa. Upgrade to golang 1.22, linting tools Sep 30, 2024
@djeebus djeebus changed the title Bump viper, argo-cd, openai, grpc, prometheus, opa. Upgrade to golang 1.22, linting tools Upgrade viper, argo-cd, openai, grpc, prometheus, opa, golang 1.22, linting tools Sep 30, 2024
@djeebus djeebus changed the title Upgrade viper, argo-cd, openai, grpc, prometheus, opa, golang 1.22, linting tools Upgrade viper, argo-cd, openai, grpc, prometheus, opa, golang 1.22, linting Sep 30, 2024
@zapier-sre-bot
Copy link
Collaborator

Mergecat's Review

Click to read mergecats review!

😼 Mergecat review of docs/contributing.md

@@ -40,7 +40,7 @@ The following checks run when a PR is opened:
 
 ### Tools / Accounts
 
-* [Go 1.21](https://go.dev/)
+* [Go 1.22](https://go.dev/)
 * [Earthly](https://earthly.dev/)
 * [Ngrok](https://ngrok.com/)
 * [Tilt](https://tilt.dev/)

Feedback & Suggestions:

  1. Version Compatibility: Ensure that the rest of the documentation and any scripts or configurations are compatible with Go 1.22. Sometimes, new versions introduce breaking changes or deprecate certain features.
  2. Update Dependencies: If there are any dependencies or libraries that are version-specific, make sure they are also updated to be compatible with Go 1.22.
  3. Testing: Run all existing tests with Go 1.22 to ensure there are no regressions or unexpected behaviors introduced by the version upgrade.

😼 Mergecat review of tools/dump_crds/go.mod

@@ -2,7 +2,7 @@ module github.com/zapier/kubechecks/tools/dump_crds
 
 go 1.22.0
 
-toolchain go1.22.2
+toolchain go1.22.7
 
 require (
 	github.com/Masterminds/semver v1.5.0

Feedback & Suggestions:

  1. Version Compatibility: Ensure that the new Go toolchain version go1.22.7 is compatible with all the dependencies listed. Sometimes, minor version updates can introduce breaking changes or deprecations.

  2. Testing: After updating the toolchain version, run all tests to ensure that the new version does not introduce any unexpected behavior or bugs.

  3. Documentation: If this change is part of a larger update or if it affects the build process, consider updating any relevant documentation to reflect the new toolchain version.

  4. Changelog: If you maintain a changelog, make sure to note this update for future reference.

😼 Mergecat review of .tool-versions

@@ -1,10 +1,10 @@
 earthly 0.8.6
-golang 1.21.6
-golangci-lint 1.56.1
+golang 1.22.7
+golangci-lint 1.61.0
 helm 3.12.2
 helm-cr 1.6.1
 helm-ct 3.8.0
 kubeconform 0.6.3
 kustomize 5.1.0
-staticcheck 2023.1.6
+staticcheck 2024.1.1
 tilt 0.33.2

Feedback & Suggestions:

  1. Compatibility Check: Ensure that the new versions of golang, golangci-lint, and staticcheck are compatible with your existing codebase and other tools. Sometimes, major version updates can introduce breaking changes.
  2. Testing: After updating the versions, run your full test suite to ensure that nothing breaks. This is especially important for golang and golangci-lint as they are critical to your development workflow.
  3. Documentation: Update any relevant documentation to reflect these version changes. This helps maintain consistency and avoids confusion for other developers.

😼 Mergecat review of go.mod

@@ -1,11 +1,11 @@
 module github.com/zapier/kubechecks
 
-go 1.21
+go 1.22
 
-toolchain go1.21.6
+toolchain go1.22.7
 
 require (
-	github.com/argoproj/argo-cd/v2 v2.11.6
+	github.com/argoproj/argo-cd/v2 v2.11.7
 	github.com/argoproj/gitops-engine v0.7.1-0.20240715141605-18ba62e1f1fb
 	github.com/aws/aws-sdk-go-v2 v1.30.1
 	github.com/aws/aws-sdk-go-v2/config v1.27.24
@@ -30,15 +30,15 @@ require (
 	github.com/open-policy-agent/conftest v0.49.1
 	github.com/pkg/errors v0.9.1
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
-	github.com/prometheus/client_golang v1.19.0
+	github.com/prometheus/client_golang v1.20.2
 	github.com/rikatz/kubepug v1.4.0
 	github.com/rs/zerolog v1.32.0
-	github.com/sashabaranov/go-openai v1.27.0
+	github.com/sashabaranov/go-openai v1.30.3
 	github.com/shurcooL/githubv4 v0.0.0-20231126234147-1cffa1f02456
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/cobra v1.8.0
+	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.18.2
+	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.9.0
 	github.com/xanzy/go-gitlab v0.105.0
 	github.com/yannh/kubeconform v0.6.4
@@ -51,9 +51,9 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.28.0
 	go.opentelemetry.io/otel/trace v1.28.0
 	golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3
-	golang.org/x/net v0.26.0
-	golang.org/x/oauth2 v0.20.0
-	google.golang.org/grpc v1.64.0
+	golang.org/x/net v0.28.0
+	golang.org/x/oauth2 v0.22.0
+	google.golang.org/grpc v1.67.0
 	gopkg.in/dealancer/validate.v2 v2.1.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.26.15
@@ -66,7 +66,7 @@ require (
 
 require (
 	cloud.google.com/go v0.112.1 // indirect
-	cloud.google.com/go/compute/metadata v0.3.0 // indirect
+	cloud.google.com/go/compute/metadata v0.5.0 // indirect
 	cloud.google.com/go/iam v1.1.6 // indirect
 	cloud.google.com/go/storage v1.38.0 // indirect
 	cuelang.org/go v0.7.0 // indirect
@@ -80,7 +80,7 @@ require (
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
 	github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d // indirect
@@ -161,7 +161,7 @@ require (
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gosimple/slug v1.13.1 // indirect
 	github.com/gosimple/unidecode v1.0.1 // indirect
@@ -171,7 +171,7 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-getter v1.7.5 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -188,7 +188,7 @@ require (
 	github.com/jstemmer/go-junit-report v1.0.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/labstack/gommon v0.4.2 // indirect
@@ -214,16 +214,16 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/open-policy-agent/opa v0.61.0 // indirect
+	github.com/open-policy-agent/opa v0.68.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
-	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.53.0 // indirect
-	github.com/prometheus/procfs v0.13.0 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/r3labs/diff v1.1.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/redis/go-redis/v9 v9.0.5 // indirect
@@ -262,25 +262,23 @@ require (
 	github.com/zclconf/go-cty v1.13.2 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
 	go.opentelemetry.io/otel/metric v1.28.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
-	golang.org/x/mod v0.17.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
-	golang.org/x/term v0.21.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
-	google.golang.org/api v0.169.0 // indirect
+	golang.org/x/crypto v0.26.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/term v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/time v0.6.0 // indirect
+	google.golang.org/api v0.171.0 // indirect
 	google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect

Feedback & Suggestions:

  1. Go Version Update:

    • Ensure that all dependencies are compatible with Go 1.22. Some libraries might have specific requirements or deprecations that could cause issues.

  2. Dependency Updates:

    • Security: Verify that the updated dependencies do not introduce any new security vulnerabilities. Use tools like go list -m -u all to check for any known vulnerabilities.
    • Compatibility: Ensure that the updated versions of libraries (e.g., github.com/argoproj/argo-cd/v2, github.com/prometheus/client_golang, etc.) are compatible with your codebase. Run your test suite to catch any breaking changes.
    • Changelog Review: Review the changelogs of the updated dependencies to understand the changes and new features. This can help in identifying any potential issues or improvements.

  3. Indirect Dependencies:

    • Review Indirect Dependencies: Some indirect dependencies have been updated (e.g., cloud.google.com/go/compute/metadata, github.com/Microsoft/go-winio). Ensure these updates do not affect your project adversely.
    • Prune Unused Dependencies: Consider using go mod tidy to remove any unused dependencies, which can help in reducing the overall size and potential attack surface of your project.

  4. Testing:

    • Comprehensive Testing: After updating dependencies, run comprehensive tests, including unit tests, integration tests, and end-to-end tests, to ensure that everything works as expected.
    • CI/CD Pipeline: Ensure that your CI/CD pipeline is configured to catch any issues arising from dependency updates.

  5. Documentation:

    • Update Documentation: If any of the updated dependencies introduce new features or changes in behavior, update your project documentation accordingly.

By following these suggestions, you can ensure a smooth transition to the updated dependencies and maintain the stability and security of your project. 🛠️🚀

Dependency Review

Click to read mergecats review!

No suggestions found

@djeebus djeebus merged commit 1b01635 into main Sep 30, 2024
5 checks passed
@djeebus djeebus deleted the upgrades branch September 30, 2024 20:00
This was referenced Oct 1, 2024
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahinh43 ahinh43 ahinh43 approved these changes

@abhi-kapoor abhi-kapoor abhi-kapoor approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@djeebus @zapier-sre-bot @ahinh43 @abhi-kapoor