Skip to content

Chore: update dependencies in go.mod to latest versions #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
roguepikachu wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Chore: update dependencies in go.mod to latest versions #61

roguepikachu wants to merge 3 commits into from

Conversation

@roguepikachu
Copy link

@roguepikachu roguepikachu commented Oct 7, 2025
edited by cubic-dev-ai bot
Loading

Summary by cubic

Upgrade CUE to v0.14.1 and refresh go.mod/go.sum to current versions for security, compatibility, and tooling updates. No production code changes.

  • Dependencies
    • cuelang.org/go v0.14.1 (from v0.5.0-beta)
    • spf13/pflag v1.0.7; spf13/cobra v1.9.1 (indirect)
    • cockroachdb/apd v3.2.1 (indirect, replaces v2)
    • google/go-cmp v0.7.0
    • golang.org/x: crypto 0.40.0, net 0.42.0, mod 0.26.0, oauth2 0.30.0, sync 0.16.0, sys 0.34.0, term 0.33.0, text 0.27.0, tools 0.35.0
    • New indirects for CUE/tooling (e.g., emicklei/proto, go-toml/v2, txtpbfmt, packagestest); removed mpvl/unique

@roguepikachu roguepikachu requested a review from Somefive as a code owner October 7, 2025 09:52
@roguepikachu roguepikachu force-pushed the chore/upgrade-cue-v0.14.1 branch from dd86531 to a0c32c7 Compare October 7, 2025 09:52
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Oct 7, 2025
View reviewed changes
Copy link

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@jguionnet
Copy link

jguionnet commented Oct 7, 2025

Please provide details on the Snyk failure

@Chaitanyareddy0702 Chaitanyareddy0702 force-pushed the chore/upgrade-cue-v0.14.1 branch from a94c2fc to d33b315 Compare October 9, 2025 05:31
@Chaitanyareddy0702
chore: update go.mod and go.sum to include new yaml dependencies
fdca5bc 
Signed-off-by: Chaitanya Reddy Onteddu <[email protected]>
Signed-off-by: Chaitanyareddy0702 <[email protected]>
@Chaitanyareddy0702 Chaitanyareddy0702 force-pushed the chore/upgrade-cue-v0.14.1 branch from d33b315 to fdca5bc Compare October 9, 2025 05:44
@Chaitanyareddy0702
Chore: revert replace
82b3d31 
Signed-off-by: Chaitanyareddy0702 <[email protected]>
@Chaitanyareddy0702
Copy link

Chaitanyareddy0702 commented Oct 9, 2025
edited
Loading

Please provide details on the Snyk failure

Hi @jguionnet , The Snyk is failing due to the vulnerable module [gopkg.in/yaml.v3](http://gopkg.in/yaml.v3) which is deprecated and moved to [go.yaml.in/yaml/v3](http://go.yaml.in/yaml/v3). This module is being imported from the sigs.k8s.io/controller-tools which is still using the deprecated go module [gopkg.in/yaml.v3].

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@Somefive Somefive Awaiting requested review from Somefive Somefive is a code owner

+2 more reviewers

@briankane briankane briankane approved these changes

@FogDong FogDong FogDong approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@roguepikachu @jguionnet @Chaitanyareddy0702 @briankane @FogDong