Skip to content

chore: bump dependencies#284

Merged
talos-bot merged 1 commit into
siderolabs:mainfrom
smira:chore/bump-deps-04-28
Apr 28, 2026
Merged

chore: bump dependencies#284
talos-bot merged 1 commit into
siderolabs:mainfrom
smira:chore/bump-deps-04-28

Conversation

@smira

@smira smira commented Apr 28, 2026

Copy link
Copy Markdown
Member

Rekres & bump, some minor deps to address Dependabot alerts.

Copilot AI review requested due to automatic review settings April 28, 2026 10:41
@talos-bot talos-bot moved this from To Do to In Review in Planning Apr 28, 2026
@github-project-automation github-project-automation Bot moved this to To Do in Planning Apr 28, 2026
@smira smira force-pushed the chore/bump-deps-04-28 branch from 6021718 to 1dd273e Compare April 28, 2026 10:46
Copilot AI reviewed Apr 28, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates dependency and tooling pins (primarily Go modules and CI/build tooling) to address Dependabot alerts, and re-generates the repo’s generated build/config artifacts.

Changes:

  • Bump Go module dependencies in go.mod and refresh go.sum.
  • Update build toolchain versions in the generated Makefile/Dockerfile, including switching the vuln scan stage to dis-vulncheck.
  • Bump pinned GitHub Actions revisions and refresh generated CI/config files.

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
go.mod Bumps several direct/indirect Go module versions.
go.sum Adds checksum entries corresponding to module version bumps.
Makefile Updates tool version pins; adds CI helper targets (ci-temp-release-tag, check-dirty) and a local renovate runner.
Dockerfile Updates base/tool images and installs/runs dis-vulncheck for vuln scanning.
.golangci.yml Regenerated config; adds explicit build-tags field.
.github/workflows/ci.yaml Updates action pins; adds steps to set temp release tag and enforce clean tree after generation.
.github/workflows/stale.yml Bumps actions/stale pin.
.github/workflows/slack-notify.yaml Bumps slackapi/slack-github-action pin.
.github/workflows/slack-notify-ci-failure.yaml Bumps slackapi/slack-github-action pin.
.dockerignore Adjusts generated header and whitelists .disvulncheck.yaml into Docker build context.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Makefile
Comment thread Makefile
Comment thread .dockerignore
!README.md
!.markdownlint.json
!hack/govulncheck.sh
!.disvulncheck.yaml

Copilot AI Apr 28, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.dockerignore whitelists .disvulncheck.yaml, but that file doesn’t appear to exist in the repo. If dis-vulncheck is expected to use a repo config file, it should be added to the PR (and/or referenced explicitly); otherwise this exception should be removed to avoid confusion about what’s included in the Docker build context.

Suggested change
!.disvulncheck.yaml

Copilot uses AI. Check for mistakes.
Comment thread Dockerfile
@smira
chore: bump dependencies
de4d5cb 
Rekres & bump, some minor deps to address Dependabot alerts.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
@smira smira force-pushed the chore/bump-deps-04-28 branch from 1dd273e to de4d5cb Compare April 28, 2026 11:00
@smira

smira commented Apr 28, 2026

Copy link
Copy Markdown
Member Author

/m

@talos-bot talos-bot merged commit de4d5cb into siderolabs:main Apr 28, 2026
14 checks passed
@github-project-automation github-project-automation Bot moved this from Approved to Done in Planning Apr 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@frezbo frezbo frezbo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Planning
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@smira @frezbo @talos-bot