Skip to content

chore(deps): bump Go dependencies (minor/patch)#510

Merged
ericfitz merged 2 commits into
mainfrom
chore/bump-deps-20260630-234314
Jul 1, 2026
Merged

chore(deps): bump Go dependencies (minor/patch)#510
ericfitz merged 2 commits into
mainfrom
chore/bump-deps-20260630-234314

Conversation

@ericfitz

@ericfitz ericfitz commented Jul 1, 2026

Copy link
Copy Markdown
Owner

Automated dependency bump (via /bump).

Go — minimal-version selection net of go get + go mod tidy

Direct:

  • aws-sdk-go-v2/config v1.32.25 → v1.32.26
  • aws-sdk-go-v2/service/secretsmanager v1.42.3 → v1.42.4
  • oracle/oci-go-sdk/v65 v65.118.1 → v65.119.0
  • google.golang.org/api v0.286.0 → v0.287.0

Indirect: aws credentials/signin/sso/ssooidc/sts, googleapis/enterprise-certificate-proxy, genproto/rpc, k8s.io/apiextensions-apiserver v0.36.1 → v0.36.2.

No major bumps. tmi-clients (replace-directive target) and golang/protobuf (excluded) untouched. No DB driver/ORM/GORM change.

Security

  • govulncheck: No vulnerabilities found
  • Dependabot alerts: 0 open
  • pnpm audit: clean

Node/pnpm

Nothing outdated.

Validation (local)

  • make build-server
  • make lint ✅ (0 issues)
  • make test-unit ✅ (2381 passed, 0 failed)

🤖 Generated with Claude Code


Also in this PR: fixed the Security Deps Gate workflow, which 403'd on every PR because it read the Dependabot alerts API with the default GITHUB_TOKEN (lacks that permission). It now mints the same GitHub App token deps-bump.yml uses.

ericfitz and others added 2 commits June 30, 2026 23:50
Minimal-version-selection net of `go get` on outdated direct deps + `go mod tidy`.
No major bumps; replace-directive target (tmi-clients) and golang/protobuf excluded.

Direct:
- github.com/aws/aws-sdk-go-v2/config v1.32.25 -> v1.32.26
- github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.42.3 -> v1.42.4
- github.com/oracle/oci-go-sdk/v65 v65.118.1 -> v65.119.0
- google.golang.org/api v0.286.0 -> v0.287.0

Indirect:
- github.com/aws/aws-sdk-go-v2/credentials v1.19.24 -> v1.19.25
- github.com/aws/aws-sdk-go-v2/service/signin v1.2.0 -> v1.2.1
- github.com/aws/aws-sdk-go-v2/service/sso v1.31.3 -> v1.31.4
- github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.6 -> v1.36.7
- github.com/aws/aws-sdk-go-v2/service/sts v1.43.3 -> v1.43.4
- github.com/googleapis/enterprise-certificate-proxy v0.3.16 -> v0.3.17
- google.golang.org/genproto/googleapis/rpc (pseudo-version bump)
- k8s.io/apiextensions-apiserver v0.36.1 -> v0.36.2

No security fixes required: govulncheck clean, zero open Dependabot alerts,
pnpm audit clean. Node/pnpm: nothing outdated.
No DB driver/ORM/GORM change (no oracle-db-admin review needed).

Verified: make build-server, make lint (0 issues), make test-unit (2381 passed).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Kk9GxWS9EpazjbwBKfMpUX
…ependabot alerts

The Security Deps Gate called `gh api /dependabot/alerts` with the default
GITHUB_TOKEN, which cannot read that endpoint (needs "Dependabot alerts: read";
security-events only covers code-scanning), so it 403'd and failed on every PR.
Mint the same GitHub App token deps-bump.yml uses, which has that permission.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Kk9GxWS9EpazjbwBKfMpUX
@ericfitz ericfitz merged commit ca9d2f1 into main Jul 1, 2026
9 checks passed
@ericfitz ericfitz deleted the chore/bump-deps-20260630-234314 branch July 1, 2026 04:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant