Skip to content

deps: batch update 4 dependencies#268

Merged
wesm merged 5 commits intomainfrom
deps/batch-update
Apr 13, 2026
Merged

deps: batch update 4 dependencies#268
wesm merged 5 commits intomainfrom
deps/batch-update

Conversation

@wesm
Copy link
Copy Markdown
Owner

@wesm wesm commented Apr 13, 2026

Summary

Consolidates the following dependabot updates:

Also updates nix flake vendorHash for the Go dependency changes.

Closes #264, #265, #266, #267

dependabot bot and others added 5 commits April 13, 2026 16:50
@dependabot @wesm
Bump softprops/action-gh-release from 2.6.1 to 3.0.0
e3aa4cf 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@153bb8e...b430933)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @wesm
Bump actions/upload-artifact from 7.0.0 to 7.0.1
70d8bee 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @wesm
Bump docker/build-push-action from 7.0.0 to 7.1.0
f3e2b84 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@d08e5c3...bcafcac)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @wesm
Bump the minor-and-patch group with 10 updates
d2bd651 
Bumps the minor-and-patch group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/charmbracelet/x/ansi](https://github.com/charmbracelet/x) | `0.11.6` | `0.11.7` |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.17.0` | `3.18.0` |
| [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) | `0.47.0` | `0.47.1` |
| [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) | `0.0.20` | `0.0.21` |
| [github.com/mattn/go-runewidth](https://github.com/mattn/go-runewidth) | `0.0.22` | `0.0.23` |
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `1.14.41` | `1.14.42` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.34.0` | `0.35.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.50.0` | `0.52.0` |
| [golang.org/x/sys](https://github.com/golang/sys) | `0.42.0` | `0.43.0` |
| [golang.org/x/text](https://github.com/golang/text) | `0.35.0` | `0.36.0` |


Updates `github.com/charmbracelet/x/ansi` from 0.11.6 to 0.11.7
- [Commits](charmbracelet/x@ansi/v0.11.6...ansi/v0.11.7)

Updates `github.com/coreos/go-oidc/v3` from 3.17.0 to 3.18.0
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](coreos/go-oidc@v3.17.0...v3.18.0)

Updates `github.com/mark3labs/mcp-go` from 0.47.0 to 0.47.1
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](mark3labs/mcp-go@v0.47.0...v0.47.1)

Updates `github.com/mattn/go-isatty` from 0.0.20 to 0.0.21
- [Commits](mattn/go-isatty@v0.0.20...v0.0.21)

Updates `github.com/mattn/go-runewidth` from 0.0.22 to 0.0.23
- [Commits](mattn/go-runewidth@v0.0.22...v0.0.23)

Updates `github.com/mattn/go-sqlite3` from 1.14.41 to 1.14.42
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](mattn/go-sqlite3@v1.14.41...v1.14.42)

Updates `golang.org/x/mod` from 0.34.0 to 0.35.0
- [Commits](golang/mod@v0.34.0...v0.35.0)

Updates `golang.org/x/net` from 0.50.0 to 0.52.0
- [Commits](golang/net@v0.50.0...v0.52.0)

Updates `golang.org/x/sys` from 0.42.0 to 0.43.0
- [Commits](golang/sys@v0.42.0...v0.43.0)

Updates `golang.org/x/text` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/golang/text/releases)
- [Commits](golang/text@v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: github.com/charmbracelet/x/ansi
  dependency-version: 0.11.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-version: 3.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.47.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/mattn/go-isatty
  dependency-version: 0.0.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/mattn/go-runewidth
  dependency-version: 0.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: github.com/mattn/go-sqlite3
  dependency-version: 1.14.42
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: golang.org/x/mod
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: golang.org/x/net
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: golang.org/x/sys
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: golang.org/x/text
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@wesm
fix: update nix vendorHash for dependency changes
971a6ca
@roborev-ci
Copy link
Copy Markdown

roborev-ci bot commented Apr 13, 2026

roborev: Combined Review (971a6ca)

Verdict: High-severity issue found that likely breaks Go builds/CI.

High

  • go.mod / go.sum: Dependency versions were bumped in go.mod, but corresponding go.sum updates are missing from the diff. This is likely to cause Go builds and CI to fail due to missing module checksums.
    Fix: run go mod tidy (or the project’s equivalent module-refresh step) and include the resulting go.sum changes in the PR.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@wesm
Copy link
Copy Markdown
Owner Author

wesm commented Apr 13, 2026

not valid

@wesm wesm merged commit 98db21f into main Apr 13, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wesm