Skip to content

🌱 Update whatever can be updated easily #300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Aug 6, 2025
Merged

🌱 Update whatever can be updated easily #300

merged 6 commits into from
Aug 6, 2025
+742 −1,015

Conversation

@gfariasalves-ionos
Copy link
Contributor

@gfariasalves-ionos gfariasalves-ionos commented Aug 4, 2025
edited
Loading

What is the purpose of this pull request/Why do we need it?

This PR updates whatever is possible to get rid of CVEs, while still not upgrading Cluster API (that'd be another PR/issue). It also removes the tools directory in favor of using the tools directive.

Issue #, if available:

Description of changes:

Special notes for your reviewer:

Checklist:

  • Documentation updated
  • Unit Tests added
  • E2E Tests added
  • Includes emojis

Copilot AI review requested due to automatic review settings August 4, 2025 13:52

This comment was marked as outdated.

Sign in to view

This comment was marked as outdated.

Sign in to view

@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 4, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

jriedel-ionos
jriedel-ionos approved these changes Aug 6, 2025
View reviewed changes
Copy link
Contributor

@jriedel-ionos jriedel-ionos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copilot AI reviewed Aug 6, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates various dependencies and modernizes the toolchain management by removing the separate tools directory in favor of using Go's native tools directive (introduced in Go 1.24). Key changes include updating Go version to 1.24.5 and numerous dependency updates.

  • Updates Go version from 1.24.3 to 1.24.5
  • Removes the dedicated tools directory and moves to Go's native tools directive
  • Updates multiple dependencies to newer versions to address CVEs

Reviewed Changes

Copilot reviewed 13 out of 15 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tools/tools.go Removed tools package file in favor of tools directive
tools/go.mod Removed tools module file as tools are now managed natively
test/e2e/*.go Removed legacy build constraints in e2e test files
go.mod Updated Go version and dependencies, added tools directive
Makefile Updated to use go tool instead of running from tools module
.github/dependabot.yml Minor formatting improvement in comment
Comments suppressed due to low confidence (1)

go.mod:3

  • Go version 1.24.5 does not exist. The latest stable version is Go 1.23.x. Consider using a valid Go version like 1.23.5 or the latest 1.22.x series.
go 1.24.5

@gfariasalves-ionos gfariasalves-ionos merged commit 349f223 into main Aug 6, 2025
11 of 12 checks passed
@gfariasalves-ionos gfariasalves-ionos deleted the update-lots-of-dependencies branch August 6, 2025 11:46
@gfariasalves-ionos gfariasalves-ionos added this to the v0.6.2 milestone Aug 6, 2025
@gfariasalves-ionos gfariasalves-ionos added area/dependency Issues or PRs related to dependency changes area/security labels Aug 6, 2025
gfariasalves-ionos added a commit that referenced this pull request Aug 6, 2025
@gfariasalves-ionos
🌱 Update whatever can be updated easily (#300)
bfd8153 
**What is the purpose of this pull request/Why do we need it?**

This PR updates whatever is possible to get rid of CVEs, while still not
upgrading Cluster API (that'd be another PR/issue). It also removes the
tools directory in favor of using the tools directive.

**Issue #, if available:**

**Description of changes:**

**Special notes for your reviewer:**

**Checklist:**
- [ ] Documentation updated
- [ ] Unit Tests added
- [ ] E2E Tests added
- [x] Includes
[emojis](https://github.com/kubernetes-sigs/kubebuilder-release-tools?tab=readme-ov-file#kubebuilder-project-versioning)
# Conflicts:
#	go.mod
#	go.sum
#	tools/go.mod
#	tools/go.sum
jriedel-ionos pushed a commit that referenced this pull request Aug 11, 2025
@gfariasalves-ionos @jriedel-ionos
🌱 Update whatever can be updated easily (#300)
5fbb824 
emojis](https://github.com/kubernetes-sigs/kubebuilder-release-tools?tab=readme-ov-file#kubebuilder-project-versioning)
@jriedel-ionos jriedel-ionos mentioned this pull request Aug 11, 2025
Merged
jriedel-ionos added a commit that referenced this pull request Aug 11, 2025
@jriedel-ionos @gfariasalves-ionos
🌱 Update whatever can be updated easily (#307)
f0e7cfe 
Cherry-pick of #300

Co-authored-by: Gustavo Alves <112630064+gfariasalves-ionos@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jriedel-ionos jriedel-ionos jriedel-ionos approved these changes

@piepmatz piepmatz Awaiting requested review from piepmatz piepmatz is a code owner

@mcbenjemaa mcbenjemaa Awaiting requested review from mcbenjemaa mcbenjemaa is a code owner

@wikkyk wikkyk Awaiting requested review from wikkyk wikkyk is a code owner

Assignees

No one assigned

Labels

area/dependency Issues or PRs related to dependency changes area/security

Projects

None yet

Milestone

v0.6.2

Development

Successfully merging this pull request may close these issues.

3 participants

@gfariasalves-ionos @jriedel-ionos