chore: bump go directive and fix trivy CVEs in go.mod#31
Merged
Conversation
The go.mod change in this branch intentionally moved the module to a newer patched Go release, but the test workflow was still pinned to Go 1.19 and could not parse that directive. Reading the version directly from go.mod keeps CI aligned with future toolchain bumps instead of baking in another mismatch. The SCIP workflow was also failing by default because this repository does not have Sourcegraph upload secrets configured. Switching it to the maintained scip-go action and making the upload path conditional preserves the workflow when credentials exist while avoiding unrelated red builds when they do not. Test Plan: go test ./... Amp-Thread-ID: https://ampcode.com/threads/T-019dd884-ecb8-74eb-a61e-418eab0880cd Co-authored-by: Amp <amp@ampcode.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was generated by Sourcegraph Batch Changes.
Changes
godirective:go 1.25.9for modules currently below 1.26go 1.26.2for modules already on 1.26.xtoolchaindirective (toolchain selection is handled automatically)go mod tidyto keepgo.sumconsistent with the new directivetrivy fs go.modby upgrading specific transitivedependencies to their minimum safe versions
Why
Ensures a consistent, secure Go toolchain version across all first-party
github.com/sourcegraph/*modules that are depended on bysourcegraph/sourcegraph.Hatched by a Sourcegraph egg.