Skip to content

chore(deps): update module github.com/oklog/ulid to v2#1492

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-oklog-ulid-2.x
Open

chore(deps): update module github.com/oklog/ulid to v2#1492
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-oklog-ulid-2.x

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Mar 6, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/oklog/ulid v1.3.1v2.1.1 age confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

oklog/ulid (github.com/oklog/ulid)

v2.1.1

Compare Source

What's Changed
New Contributors

Full Changelog: oklog/ulid@v2.1.0...v2.1.1

v2.1.0

Compare Source

Full release of v2.1.0, thanks to our testers.

What's Changed
New Contributors

Full Changelog: oklog/ulid@v2.0.2...v2.1.0

v2.0.2

Compare Source

Identical to v2.0.1, except uses the proper /v2 suffix on the ulid import in ulid_test.go. Without this change, anyone who imported oklog/ulid at e.g. v2.0.1 into their project would also get oklog/ulid at v0-something due to the inadvertent transitive dependency.

v2.0.1

Compare Source

Identical to v2.0.0, but fixes a bug in the go.mod module path.

v2.0.0

Compare Source

A new major version to go with support for Go modules. Also, improved support for safe monotonic readers.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: mod upgrade --mod-name=github.com/oklog/ulid -t=2
could not load package: err: exit status 1: stderr: go: inconsistent vendoring in /tmp/renovate/repos/github/konflux-ci/integration-service:
	github.com/oklog/ulid/v2@v2.1.1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt

	To ignore the vendor directory, use -mod=readonly or -mod=mod.
	To sync the vendor directory, run:
		go mod vendor


@snyk-io

snyk-io Bot commented Mar 6, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 chore(deps): update module github.com/oklog/ulid to v2 - autoclosed Mar 7, 2026
@red-hat-konflux red-hat-konflux Bot closed this Mar 7, 2026
@red-hat-konflux red-hat-konflux Bot deleted the konflux/mintmaker/main/github.com-oklog-ulid-2.x branch March 7, 2026 02:07
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 - autoclosed chore(deps): update module github.com/oklog/ulid to v2 Mar 7, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Mar 7, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-oklog-ulid-2.x branch 2 times, most recently from 681374e to e8179a7 Compare March 7, 2026 07:16
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 chore(deps): update module github.com/oklog/ulid to v2 - autoclosed Mar 8, 2026
@red-hat-konflux red-hat-konflux Bot closed this Mar 8, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 - autoclosed chore(deps): update module github.com/oklog/ulid to v2 Mar 9, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Mar 9, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-oklog-ulid-2.x branch 2 times, most recently from e8179a7 to c754824 Compare March 9, 2026 02:43
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 chore(deps): update module github.com/oklog/ulid to v2 - autoclosed Mar 25, 2026
@red-hat-konflux red-hat-konflux Bot closed this Mar 25, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 - autoclosed chore(deps): update module github.com/oklog/ulid to v2 Mar 25, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Mar 25, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-oklog-ulid-2.x branch from efcbf85 to c754824 Compare March 25, 2026 18:25
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 chore(deps): update module github.com/oklog/ulid to v2 - autoclosed May 9, 2026
@red-hat-konflux red-hat-konflux Bot closed this May 9, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 - autoclosed chore(deps): update module github.com/oklog/ulid to v2 May 9, 2026
@red-hat-konflux red-hat-konflux Bot reopened this May 9, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-oklog-ulid-2.x branch 2 times, most recently from 90e245f to e66979a Compare May 9, 2026 07:36
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 chore(deps): update module github.com/oklog/ulid to v2 - autoclosed May 11, 2026
@red-hat-konflux red-hat-konflux Bot closed this May 11, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 - autoclosed chore(deps): update module github.com/oklog/ulid to v2 May 11, 2026
@red-hat-konflux red-hat-konflux Bot reopened this May 11, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-oklog-ulid-2.x branch 2 times, most recently from e66979a to 5853bcf Compare May 11, 2026 17:26
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 chore(deps): update module github.com/oklog/ulid to v2 - autoclosed Jun 5, 2026
@red-hat-konflux red-hat-konflux Bot closed this Jun 5, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/oklog/ulid to v2 - autoclosed chore(deps): update module github.com/oklog/ulid to v2 Jun 5, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Jun 5, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-oklog-ulid-2.x branch from a6d5f2f to 5853bcf Compare June 5, 2026 11:21
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 5, 2026

Copy link
Copy Markdown

Review

Findings

Critical

  • [API contract violation] go.mod:138 — The PR replaces github.com/oklog/ulid v1.3.1 with github.com/oklog/ulid/v2 v2.1.1 in go.mod, but the vendored consumer go-openapi/strfmt v0.25.0 imports the v1 module path (github.com/oklog/ulid) in both vendor/github.com/go-openapi/strfmt/ulid.go (line 14) and vendor/github.com/go-openapi/strfmt/mongo.go (line 12). The vendored source tree under vendor/github.com/oklog/ulid/ contains v1 code, vendor/modules.txt references github.com/oklog/ulid v1.3.1 (line 423), and go.sum only contains v1 checksums. Changing go.mod alone without updating these files makes the module graph inconsistent and will cause a build failure.
    Remediation: Either (1) upgrade go-openapi/strfmt to a version that imports github.com/oklog/ulid/v2 before removing the v1 dependency, or (2) keep the v1 dependency since it is what the current strfmt v0.25.0 requires. After any go.mod change, run go mod tidy and go mod vendor to synchronize go.sum, vendor/modules.txt, and the vendored sources.
Previous run

Review

Findings

Critical

  • [logic-error] go.mod:134 — go.mod changes github.com/oklog/ulid v1.3.1 to github.com/oklog/ulid/v2 v2.1.1, but the only consumer of this dependency (go-openapi/strfmt v0.25.0) imports the v1 path github.com/oklog/ulid (confirmed in vendor/github.com/go-openapi/strfmt/ulid.go line 14 and vendor/github.com/go-openapi/strfmt/mongo.go line 12). In Go modules v1 and v2 are distinct module paths. The vendored source (vendor/github.com/oklog/ulid/) is v1 code, vendor/modules.txt lists github.com/oklog/ulid v1.3.1, go.sum only has v1.3.1 hashes, and no vendor/github.com/oklog/ulid/v2/ directory exists. This change will break go mod tidy, go mod verify, and vendored builds because the declared v2 requirement has no corresponding import or vendored code. Additionally, removing the v1 entry means the actual v1 dependency used by strfmt is no longer declared.
    Remediation: Revert go.mod to github.com/oklog/ulid v1.3.1. The v2 bump is only valid once go-openapi/strfmt itself is updated to a version that imports the v2 module path. Alternatively, update go-openapi/strfmt first, then run go mod tidy && go mod vendor.
Previous run (2)

Review

Findings

Critical

  • [api-contract] go.mod:134 — The PR replaces github.com/oklog/ulid v1.3.1 with github.com/oklog/ulid/v2 v2.1.1, but in Go modules these are distinct modules with distinct import paths. The actual consumer — go-openapi/strfmt v0.25.0 — imports "github.com/oklog/ulid" (v1 path) in vendor/github.com/go-openapi/strfmt/ulid.go and vendor/github.com/go-openapi/strfmt/mongo.go. Removing v1 without updating strfmt will break the module graph. Additionally, go.sum only contains v1 checksums, vendor/modules.txt references only v1, and the vendor directory contains only v1 code — none of these were updated, making the vendored state inconsistent with the proposed go.mod change.
    Remediation: Do not replace v1 with v2 unless go-openapi/strfmt is simultaneously bumped to a version that imports github.com/oklog/ulid/v2. Options: (1) close this PR since v1 is required transitively by strfmt v0.25.0; (2) bump strfmt to a version using ulid/v2, then run go mod tidy && go mod vendor and commit all resulting changes; or (3) if v2 is needed directly, add it alongside v1 rather than replacing v1.

Medium

  • [dependency-management-consistency] go.mod:134 — The dependency github.com/oklog/ulid is marked as // indirect, meaning it is a transitive dependency not directly used by this project. Renovatebot is attempting to upgrade it to an incompatible major version, but the actual direct consumer (github.com/go-openapi/strfmt v0.25.0) still requires v1. Indirect dependency versions should be determined by direct dependencies' requirements, not upgraded independently.
Previous run (3)

Review

Findings

Critical

  • [build-breakage] go.mod:134 — The PR replaces github.com/oklog/ulid v1.3.1 with github.com/oklog/ulid/v2 v2.1.1, but the vendored consumer go-openapi/strfmt (vendor/github.com/go-openapi/strfmt/ulid.go line 14 and mongo.go line 12) imports the v1 path github.com/oklog/ulid (without /v2). In Go modules, v1 and v2 are distinct module paths — they cannot be swapped in go.mod without the consuming package also updating its import statements. This PR removes the v1 module that strfmt actually depends on, which will cause build failures.
    Remediation: Do not merge as-is. Either (1) update go-openapi/strfmt to a version that imports github.com/oklog/ulid/v2, then run go mod tidy && go mod vendor, or (2) revert this change and configure Renovate to skip this upgrade until the upstream dependency migrates to ulid v2.

  • [incomplete-change] go.mod:134go.sum contains no entries for github.com/oklog/ulid/v2 and vendor/modules.txt still references github.com/oklog/ulid v1.3.1. The PR only modifies go.mod without running go mod tidy and go mod vendor, leaving go.mod, go.sum, and vendor/ mutually inconsistent. Go tooling will refuse to build with -mod=vendor.
    Remediation: Run go mod tidy && go mod vendor and include the resulting changes to go.sum, vendor/modules.txt, and vendor/ in the PR. (Note: this alone will not fix the v1→v2 incompatibility above.)

@fullsend-ai-review fullsend-ai-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the review comment for full details.

Comment thread go.mod
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/oklog/ulid/v2 v2.1.1 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[critical] build-breakage

The PR replaces github.com/oklog/ulid v1.3.1 with github.com/oklog/ulid/v2 v2.1.1, but the vendored consumer go-openapi/strfmt (vendor/github.com/go-openapi/strfmt/ulid.go line 14 and mongo.go line 12) imports the v1 path 'github.com/oklog/ulid' (without /v2). In Go modules, v1 and v2 are distinct module paths. This PR removes the v1 module that strfmt actually depends on, which will cause build failures.

Suggested fix: Either update go-openapi/strfmt to a version that imports github.com/oklog/ulid/v2, then run 'go mod tidy && go mod vendor', or revert this change and configure Renovate to skip this upgrade until the upstream dependency migrates to ulid v2.

Comment thread go.mod
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/oklog/ulid/v2 v2.1.1 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[critical] incomplete-change

go.sum contains no entries for github.com/oklog/ulid/v2 and vendor/modules.txt still references github.com/oklog/ulid v1.3.1. The PR only modifies go.mod without running 'go mod tidy' and 'go mod vendor', leaving go.mod, go.sum, and vendor/ mutually inconsistent.

Suggested fix: Run 'go mod tidy && go mod vendor' and include the resulting changes to go.sum, vendor/modules.txt, and vendor/ in the PR.

@fullsend-ai-retro

fullsend-ai-retro Bot commented Jun 21, 2026

Copy link
Copy Markdown

🤖 Finished Retro · ✅ Success · Started 2:46 PM UTC · Completed 2:53 PM UTC
Commit: 218f229 · View workflow run →

@fullsend-ai-retro

Copy link
Copy Markdown

Retro: PR #1492 (Renovate dependency bump, closed without merge)

What happened

Renovate (red-hat-konflux[bot]) opened PR #1492 on March 6 to bump github.com/oklog/ulid from v1 to v2 in go.mod. The PR was broken from creation — Renovate itself posted an "Artifact update problem" comment explaining go mod vendor failed because the v1→v2 major version change requires updating the module path, and downstream vendored consumers still import v1. The PR entered a close/reopen cycle (10+ times over 107 days) as Renovate periodically retried.

On June 5, when Renovate reopened the PR, the fullsend review agent correctly identified two critical issues: (1) the v1→v2 module path incompatibility with vendored go-openapi/strfmt, and (2) missing go.sum/vendor/modules.txt updates. The review was accurate but somewhat redundant since Renovate had already flagged the same failure.

On June 21, the PR was closed for the final time. This triggered multiple concurrent workflow runs: 2 review dispatches and 5 retro dispatches, all burning tokens on a PR that was already closed and never mergeable.

Assessment

Review quality: Good. The review agent's findings were accurate and well-reasoned. However, reviewing a PR that Renovate itself already flagged as broken adds limited value.

Token cost: Poor. The Renovate close/reopen cycle triggered review agents on each reopen (with unchanged diffs). The final close triggered 5 concurrent retro runs and 2 review runs on an already-closed PR.

Existing coverage

All improvement opportunities identified are already covered by open issues in fullsend-ai/fullsend:

  • Skip retro for autoclosed bot PRs: #2461
  • Skip review/fix dispatch on PR close: #1870
  • Deduplicate retro runs on same PR: #2401
  • Skip re-review when diff unchanged after reopen: #1356
  • Review agent should weigh bot warning comments: #1406
  • Lightweight review path for trivial bot dep bumps: #1358
  • Skip retro for bot PRs with review-only interaction: #1630

No new proposals are needed. Implementing the existing issues above (particularly #2461, #1870, #2401, and #1356) would have prevented most of the wasted compute on this PR.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 21, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 10:32 PM UTC · Completed 10:40 PM UTC
Commit: 218f229 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the review comment for full details.

Comment thread go.mod
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/oklog/ulid/v2 v2.1.1 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[critical] api-contract

The PR replaces github.com/oklog/ulid v1.3.1 with github.com/oklog/ulid/v2 v2.1.1, but in Go modules these are distinct modules with distinct import paths. The actual consumer -- go-openapi/strfmt v0.25.0 -- imports the v1 path in vendor/github.com/go-openapi/strfmt/ulid.go and mongo.go. Removing v1 without updating strfmt will break the module graph. Additionally, go.sum only contains v1 checksums, vendor/modules.txt references only v1, and the vendor directory contains only v1 code.

Suggested fix: Do not replace v1 with v2 unless go-openapi/strfmt is simultaneously bumped to a version that imports github.com/oklog/ulid/v2. Options: (1) close this PR since v1 is required transitively by strfmt v0.25.0; (2) bump strfmt to a version using ulid/v2, then run go mod tidy && go mod vendor; or (3) add v2 alongside v1 rather than replacing v1.

Comment thread go.mod
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/oklog/ulid/v2 v2.1.1 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[medium] dependency-management-consistency

The dependency github.com/oklog/ulid is an indirect transitive dependency not directly used by this project. Renovatebot is attempting to upgrade it to an incompatible major version, but the actual direct consumer (github.com/go-openapi/strfmt v0.25.0) still requires v1. Indirect dependency versions should be determined by direct dependencies requirements.

Suggested fix: Wait for the upstream dependency (github.com/go-openapi/strfmt) to migrate to ulid v2 before upgrading.

@fullsend-ai-retro

fullsend-ai-retro Bot commented Jun 23, 2026

Copy link
Copy Markdown

🤖 Finished Retro · ✅ Success · Started 5:44 AM UTC · Completed 5:48 AM UTC
Commit: 0d0162a · View workflow run →

@fullsend-ai-retro

Copy link
Copy Markdown

Retro: PR #1492 — Renovate bot dependency bump (oklog/ulid v1→v2)

This was a Renovate-generated PR that was never mergeable (Go major version path incompatibility). Over 108 days, it was closed 11 times and reopened 10 times by the bot, with no human interaction. The review agent ran twice on an identical, fundamentally broken diff, and the retro agent ran at least twice (including a prior retro on June 21 that reached the same conclusions).

Key waste

  • 2 full review runs on an unchanged, unmergeable diff — findings were correct but redundant with Renovate's own day-1 failure diagnosis
  • 2+ retro runs on a bot PR with zero human interaction
  • Multiple dispatch workflow runs triggered by the close/reopen cycle

No new proposals

All improvement opportunities identified are already covered by existing open issues in fullsend-ai/fullsend:

This is the second retro run on this same PR (the first completed June 21 with identical conclusions), which itself exemplifies the deduplication gap tracked in #2401.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 23, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:29 PM UTC · Completed 1:34 PM UTC
Commit: ec21706 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the review comment for full details.

Comment thread go.mod
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/oklog/ulid/v2 v2.1.1 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[critical] logic-error

go.mod changes github.com/oklog/ulid v1.3.1 to github.com/oklog/ulid/v2 v2.1.1, but the only consumer of this dependency (go-openapi/strfmt v0.25.0) imports the v1 path github.com/oklog/ulid (confirmed in vendor/github.com/go-openapi/strfmt/ulid.go line 14 and vendor/github.com/go-openapi/strfmt/mongo.go line 12). In Go modules v1 and v2 are distinct module paths. The vendored source (vendor/github.com/oklog/ulid/) is v1 code, vendor/modules.txt lists github.com/oklog/ulid v1.3.1, go.sum only has v1.3.1 hashes, and no vendor/github.com/oklog/ulid/v2/ directory exists. This change will break go mod tidy, go mod verify, and vendored builds because the declared v2 requirement has no corresponding import or vendored code.

Suggested fix: Revert go.mod to github.com/oklog/ulid v1.3.1. The v2 bump is only valid once go-openapi/strfmt itself is updated to a version that imports the v2 module path. Alternatively, update go-openapi/strfmt first, then run go mod tidy && go mod vendor.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 25, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 10:32 PM UTC · Completed 10:40 PM UTC
Commit: ec21706 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the review comment for full details.

Comment thread go.mod
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/oklog/ulid/v2 v2.1.1 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[critical] API contract violation

The PR replaces github.com/oklog/ulid v1.3.1 with github.com/oklog/ulid/v2 v2.1.1 in go.mod, but the vendored consumer go-openapi/strfmt v0.25.0 imports the v1 module path (github.com/oklog/ulid) in both vendor/github.com/go-openapi/strfmt/ulid.go (line 14) and vendor/github.com/go-openapi/strfmt/mongo.go (line 12). The vendored source tree under vendor/github.com/oklog/ulid/ contains v1 code, vendor/modules.txt references github.com/oklog/ulid v1.3.1 (line 423), and go.sum only contains v1 checksums. Changing go.mod alone without updating these files makes the module graph inconsistent and will cause a build failure.

Suggested fix: Either (1) upgrade go-openapi/strfmt to a version that imports github.com/oklog/ulid/v2 before removing the v1 dependency, or (2) keep the v1 dependency since it is what the current strfmt v0.25.0 requires. After any go.mod change, run go mod tidy and go mod vendor to synchronize go.sum, vendor/modules.txt, and the vendored sources.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants