build(deps): bump golang.org/x/net from 0.47.0 to 0.55.0#1290
build(deps): bump golang.org/x/net from 0.47.0 to 0.55.0#1290dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.47.0 to 0.55.0. - [Commits](golang/net@v0.47.0...v0.55.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.55.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: dependabot[bot] The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
WalkthroughThis PR updates Changesgo.mod dependency and toolchain update
Estimated code review effort: 1 (Trivial) | ~3 minutes Suggested labels: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Line 145: The Go toolchain is being bumped in go.mod, but the remaining build
images still pin GOLANG_VERSION to go1.24.13, so update those Dockerfile
toolchain versions first. Change the GOLANG_VERSION settings in
openshift-ci/Dockerfile.tools and build/devsandbox-dashboard/Dockerfile to match
go1.25.0 before removing the toolchain pin. Keep the go directive and all build
environments aligned so the same Go version is used everywhere.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Enterprise
Run ID: d55a40c1-a742-4c38-8e9d-8cb5117060b8
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (1)
go.mod
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
codeready-toolchain/api(manual) → reviewed against open PR#512dependabot/go_modules/golang.org/x/net-0.55.0instead of the default branchcodeready-toolchain/toolchain-common(manual) → reviewed against open PR#535dependabot/go_modules/golang.org/x/net-0.55.0instead of the default branchcodeready-toolchain/host-operator(manual)codeready-toolchain/toolchain-e2e(manual)
📜 Review details
⏰ Context from checks skipped due to timeout. (2)
- GitHub Check: Unit Tests
- GitHub Check: Build & push operator bundles & dashboard image for e2e tests
🧰 Additional context used
📓 Path-based instructions (1)
**
⚙️ CodeRabbit configuration file
-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.
Files:
go.mod
🔀 Multi-repo context
Linked repositories findings
codeready-toolchain/api (inspected on refs/pull/512/head)
go.mod:3usesgo 1.25.0go.mod:41requiresgolang.org/x/net v0.55.0 // indirect- This PR-branch state already matches the newer
x/netversion.
codeready-toolchain/toolchain-common (inspected on refs/pull/535/head)
go.mod:3usesgo 1.25.0go.mod:41requiresgolang.org/x/net v0.55.0 // indirect- This PR-branch state already matches the newer
x/netversion.
codeready-toolchain/host-operator (default checked-out ref)
go.mod:3usesgo 1.25.0go.mod:41requiresgolang.org/x/net v0.55.0 // indirectgo.mod:127still pinsgolang.org/x/net v0.48.0 // indirectgo.mod:158still hastoolchain go1.24.13- So this repo is not yet aligned with the newer
x/net/toolchain state seen in the other two repos.
🔇 Additional comments (1)
go.mod (1)
117-123: LGTM!
| go 1.24.4 | ||
|
|
||
| toolchain go1.24.13 | ||
| go 1.25.0 |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '== go.mod ==\n'
nl -ba go.mod | sed -n '135,155p'
printf '\n== toolchain / go version references ==\n'
rg -n --hidden --glob '!**/.git/**' 'go1\.24\.13|toolchain go|^go 1\.[0-9]+\.[0-9]+' .
printf '\n== openshift-ci/Dockerfile.tools if present ==\n'
if [ -f openshift-ci/Dockerfile.tools ]; then
nl -ba openshift-ci/Dockerfile.tools | sed -n '1,220p'
else
echo 'openshift-ci/Dockerfile.tools not present'
fiRepository: codeready-toolchain/toolchain-e2e
Length of output: 224
🏁 Script executed:
#!/bin/bash
set -euo pipefail
printf '== go.mod ==\n'
sed -n '135,155p' go.mod | cat -n
printf '\n== toolchain / go version references ==\n'
rg -n --hidden --glob '!**/.git/**' 'go1\.24\.13|toolchain go|^go 1\.[0-9]+\.[0-9]+' . || true
printf '\n== Dockerfile.tools / CI entrypoints ==\n'
find . -path '*/Dockerfile.tools' -o -path '*/dockerfile.tools' -o -path '*/Dockerfile*' | sortRepository: codeready-toolchain/toolchain-e2e
Length of output: 1599
Align the remaining Go 1.24.13 build images before removing the toolchain pin. openshift-ci/Dockerfile.tools and build/devsandbox-dashboard/Dockerfile still set GOLANG_VERSION=go1.24.13; with go 1.25.0 in go.mod, those environments need the upgrade first or builds can break.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` at line 145, The Go toolchain is being bumped in go.mod, but the
remaining build images still pin GOLANG_VERSION to go1.24.13, so update those
Dockerfile toolchain versions first. Change the GOLANG_VERSION settings in
openshift-ci/Dockerfile.tools and build/devsandbox-dashboard/Dockerfile to match
go1.25.0 before removing the toolchain pin. Keep the go directive and all build
environments aligned so the same Go version is used everywhere.
Source: Linked repositories
|
@dependabot[bot]: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |



Bumps golang.org/x/net from 0.47.0 to 0.55.0.
Commits
7770ec4go.mod: update golang.org/x dependencies4ece7b6html: escape greater-than symbol in doctype identifiers08be507html: improve Noah's Ark clause performancea8fb2fehtml: properly render fostered elements in foreign content0dc5b7ahtml: properly check namespace in "in body" any other end taga452f3chtml: ignore duplicate attributes during tokenizationf865199quic: fix appendMaxDataFrame erroneously accumulating sentLimit210ed3cquic: establish a "happened-before" relationship between stream write and readad8140equic: fix buffer slicing when handling overlapping stream data23ee2efhttp2: avoid API changes when built with go1.27Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Summary by CodeRabbit