Skip to content

Use Dependabot to update Go modules #4190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

cbandy
Copy link
Member

@cbandy cbandy commented Jun 3, 2025

The golang.org/x modules are a frequent source of vulnerabilities. Let's update them regularly to keep security fixes small.

Checklist:

  • Have you added an explanation of what your changes do and why you'd like them to be included?
  • Have you updated or added documentation for the change, as applicable?
  • Have you tested your changes on all related environments with successful results, as applicable?
    • Have you added automated tests?

Type of Changes:

  • Testing enhancement

What is the new behavior (if this is a feature change)?

We'll get the following pull requests immediately, and then similar ones weekly. Any that we don't merge are updated and rebased weekly.

Other Information:

Dependabot validated the config file in my fork: https://github.com/cbandy/postgres-operator/runs/43355908899

@cbandy

This comment was marked as outdated.

@cbandy cbandy marked this pull request as draft June 3, 2025 09:58
It will submit updates to Kubernetes and OpenTelemetry separately from
other modules.
@cbandy cbandy marked this pull request as ready for review June 3, 2025 11:31
@cbandy cbandy changed the title Use Dependabot to update Go and gRPC modules Use Dependabot to update Go modules Jun 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant