diff --git a/.github/workflows/asyncapi.yml b/.github/workflows/asyncapi.yml index 1282b46ef..3e48dcd41 100644 --- a/.github/workflows/asyncapi.yml +++ b/.github/workflows/asyncapi.yml @@ -40,7 +40,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up Node.js diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 52758f763..4bd18bac4 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -27,7 +27,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2908d0893..6280bbcd2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,7 +53,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 97d5865bb..ac3411e61 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -50,8 +50,8 @@ jobs: IMPORTANT: Today's date is ${{ steps.date.outputs.current_date }}. Key project facts: - - This project uses Go 1.26.1 (latest stable release) - - Go 1.26.1 is a valid version - do not question or flag it + - This project uses Go 1.26.2 (latest stable release) + - Go 1.26.2 is a valid version - do not question or flag it - Architecture: BIAN-compliant microservices - Stack: Go, Protocol Buffers, gRPC, Kubernetes - Security: All security scans must remain BLOCKING (never suggest making them non-blocking) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dcac126f5..a5d194dea 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -68,7 +68,7 @@ jobs: if: matrix.language == 'go' uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true # Set up buf for protobuf generation (pinned version for reproducibility) diff --git a/.github/workflows/control-plane-ci.yml b/.github/workflows/control-plane-ci.yml index 633ab40d9..9bdc30b3f 100644 --- a/.github/workflows/control-plane-ci.yml +++ b/.github/workflows/control-plane-ci.yml @@ -43,7 +43,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf @@ -80,7 +80,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf @@ -117,7 +117,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf @@ -163,7 +163,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf @@ -207,7 +207,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.github/workflows/deploy-demo.yml b/.github/workflows/deploy-demo.yml index 753355ef4..b5b3d3bb2 100644 --- a/.github/workflows/deploy-demo.yml +++ b/.github/workflows/deploy-demo.yml @@ -42,7 +42,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.github/workflows/deploy-develop.yml b/.github/workflows/deploy-develop.yml index 764579813..8a35764cb 100644 --- a/.github/workflows/deploy-develop.yml +++ b/.github/workflows/deploy-develop.yml @@ -42,7 +42,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 291a26a71..fca3dd450 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -38,7 +38,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.github/workflows/migrations.yml b/.github/workflows/migrations.yml index 33e814a33..b76c1bc4f 100644 --- a/.github/workflows/migrations.yml +++ b/.github/workflows/migrations.yml @@ -36,7 +36,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Install Atlas CLI @@ -82,7 +82,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Install Atlas CLI diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 0a9cd6f41..f5cc5d05a 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -29,7 +29,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf @@ -101,7 +101,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index eb3899b5f..d9d88abf9 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -68,7 +68,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf @@ -83,7 +83,7 @@ jobs: - name: Run golangci-lint uses: golangci/golangci-lint-action@v9 with: - version: v2.9.0 + version: v2.11.4 args: --timeout=5m --config=.golangci.yml proto-freshness: @@ -98,7 +98,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.github/workflows/saga-validation.yml b/.github/workflows/saga-validation.yml index 9b6c1d353..75dcbe1d6 100644 --- a/.github/workflows/saga-validation.yml +++ b/.github/workflows/saga-validation.yml @@ -44,7 +44,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.github/workflows/schema-validation.yml b/.github/workflows/schema-validation.yml index e9cf34ac6..9a91df9cd 100644 --- a/.github/workflows/schema-validation.yml +++ b/.github/workflows/schema-validation.yml @@ -33,7 +33,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Install protoc diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 976845416..80b3ca8d8 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -30,7 +30,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf @@ -85,7 +85,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9faea5471..adb5bd9ed 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -51,7 +51,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf @@ -131,7 +131,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v6 with: - go-version: '1.26.1' + go-version: '1.26.2' cache: true - name: Set up buf diff --git a/.golangci.yml b/.golangci.yml index d26ba3fc8..381a21bbd 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -88,6 +88,7 @@ linters: - err113 # Tests need dynamic errors to test error pattern matching - funlen # Tests can be verbose with setup/assertions - cyclop # Tests can have complex control flow + - noctx # httptest.NewRequest creates a valid context; requiring WithContext in tests is noise # Allow context-as-argument after *testing.T in test helper functions - path: _test\.go diff --git a/Dockerfile b/Dockerfile index 06b1b42a7..ab58f0dc9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go franz-go Kafka client # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/Dockerfile.dev b/Dockerfile.dev index a67860756..4480fdcab 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -1,7 +1,7 @@ # audit-worker - Development Dockerfile for Tilt Live Update # Uses Debian bookworm for CGO support (required by confluent-kafka-go/librdkafka) -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies for CGO (librdkafka) RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/cmd/meridian/Dockerfile b/cmd/meridian/Dockerfile index cf288f068..6d08459e7 100644 --- a/cmd/meridian/Dockerfile +++ b/cmd/meridian/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by CGO_ENABLED=0 static binary # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/docs/guides/new-bian-service-checklist.md b/docs/guides/new-bian-service-checklist.md index db9af47cd..c8c736ea6 100644 --- a/docs/guides/new-bian-service-checklist.md +++ b/docs/guides/new-bian-service-checklist.md @@ -604,7 +604,7 @@ Create a multi-stage Docker build. ```dockerfile # Stage 1: Build -FROM golang:1.26.0-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder ARG VERSION=dev ARG COMMIT=unknown diff --git a/docs/skills/docker.md b/docs/skills/docker.md index 1cfd1b187..7beae34c3 100644 --- a/docs/skills/docker.md +++ b/docs/skills/docker.md @@ -21,7 +21,7 @@ This document describes the Docker setup for Meridian, optimized for production Meridian uses a multi-stage Docker build to create minimal, secure production images: -- **Build stage**: golang:1.26.0-bookworm for compiling static binaries +- **Build stage**: golang:1.26.2-bookworm for compiling static binaries - **Runtime stage**: gcr.io/distroless/static:nonroot for minimal attack surface - **Image size**: ~3-5MB (binary: 1.4MB + distroless base: ~2MB) - **Security**: Non-root user, no shell, minimal dependencies @@ -64,7 +64,7 @@ docker build \ ### Multi-Stage Build 1. **Builder Stage** - - Base: `golang:1.26.0-bookworm` + - Base: `golang:1.26.2-bookworm` - Installs: git, ca-certificates, tzdata - Compiles: Static binary with CGO disabled - Optimizations: `-ldflags="-w -s"` for stripped, reduced size diff --git a/go.mod b/go.mod index 99ac278a0..ca8a648b9 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/meridianhub/meridian -go 1.26.1 +go 1.26.2 require ( ariga.io/atlas-provider-gorm v0.6.0 diff --git a/services/api-gateway/cmd/Dockerfile b/services/api-gateway/cmd/Dockerfile index 5009f479e..7d909eb35 100644 --- a/services/api-gateway/cmd/Dockerfile +++ b/services/api-gateway/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go franz-go Kafka client # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/api-gateway/proxy.go b/services/api-gateway/proxy.go index 1ecac30c0..576f12117 100644 --- a/services/api-gateway/proxy.go +++ b/services/api-gateway/proxy.go @@ -60,35 +60,38 @@ func NewProxyHandler(backends []BackendRoute) *ProxyHandler { continue } - proxy := httputil.NewSingleHostReverseProxy(target) - + // Create ReverseProxy with Rewrite (not the deprecated Director API). // Consider adding configurable timeout settings for production resilience: // ResponseHeaderTimeout, IdleConnTimeout, MaxIdleConnsPerHost - - // Configure the proxy director to add X-Forwarded-Host and identity headers. + // // Connect protocol headers (Content-Type, Connect-Protocol-Version, Connect-Timeout-Ms) // are standard headers (not hop-by-hop) and are preserved by httputil.ReverseProxy. - originalDirector := proxy.Director - proxy.Director = func(req *http.Request) { - originalDirector(req) - // Set X-Forwarded-Host so backends know the original Host header - if req.Header.Get("X-Forwarded-Host") == "" { - req.Header.Set("X-Forwarded-Host", req.Host) + proxy := &httputil.ReverseProxy{Rewrite: func(r *httputil.ProxyRequest) { + // Capture any existing X-Forwarded-Host before SetXForwarded overwrites it + existingXFH := r.In.Header.Get("X-Forwarded-Host") + + r.SetURL(target) + r.Out.Host = r.In.Host // Preserve original Host (SetURL overwrites it) + r.SetXForwarded() + + // Restore pre-existing X-Forwarded-Host if the client already set one + if existingXFH != "" { + r.Out.Header.Set("X-Forwarded-Host", existingXFH) } // SECURITY: Strip any incoming identity headers to prevent spoofing. // These headers are set only by the gateway after successful authentication. - req.Header.Del(HeaderUserID) - req.Header.Del(HeaderTenantID) - req.Header.Del(HeaderAuthMethod) - req.Header.Del(HeaderAuthRoles) + r.Out.Header.Del(HeaderUserID) + r.Out.Header.Del(HeaderTenantID) + r.Out.Header.Del(HeaderAuthMethod) + r.Out.Header.Del(HeaderAuthRoles) // SECURITY: Strip X-API-Key header to prevent credential leakage to backends. - req.Header.Del(auth.APIKeyHeader) + r.Out.Header.Del(auth.APIKeyHeader) // Add identity headers if the request was authenticated - addIdentityHeaders(req) - } + addIdentityHeaders(r.Out) + }} routes = append(routes, proxyRoute{ prefix: b.Prefix, diff --git a/services/api-gateway/transcoding_bench_test.go b/services/api-gateway/transcoding_bench_test.go index 1bfdc329d..35f2c7c77 100644 --- a/services/api-gateway/transcoding_bench_test.go +++ b/services/api-gateway/transcoding_bench_test.go @@ -117,7 +117,7 @@ func startBenchEnv(b *testing.B, backends []ServiceBackend) *benchEnv { AtMost(5 * time.Second). PollInterval(20 * time.Millisecond). Until(func() bool { - resp, e := http.Get(baseURL + "/health") //nolint:noctx // Health check in benchmark setup does not need request context + resp, e := http.Get(baseURL + "/health") if e != nil { return false } diff --git a/services/control-plane/cmd/Dockerfile b/services/control-plane/cmd/Dockerfile index e14c98947..055ba3e2b 100644 --- a/services/control-plane/cmd/Dockerfile +++ b/services/control-plane/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go dependencies # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/control-plane/internal/generator/handler_reference.go b/services/control-plane/internal/generator/handler_reference.go index d82b46478..1364f6e5b 100644 --- a/services/control-plane/internal/generator/handler_reference.go +++ b/services/control-plane/internal/generator/handler_reference.go @@ -48,7 +48,7 @@ func BuildHandlerReferenceCard(registry *schema.Registry) string { return handlers[i].fullName < handlers[j].fullName }) - sb.WriteString(fmt.Sprintf("### %s\n\n", svc)) + fmt.Fprintf(&sb, "### %s\n\n", svc) for _, h := range handlers { writeHandlerEntry(&sb, h.fullName, h.def) diff --git a/services/control-plane/internal/generator/llm_client.go b/services/control-plane/internal/generator/llm_client.go index 8ebe93d07..fbfbd720b 100644 --- a/services/control-plane/internal/generator/llm_client.go +++ b/services/control-plane/internal/generator/llm_client.go @@ -212,13 +212,13 @@ func buildFixPrompt(manifest string, errors []ValidationError) string { b.WriteString("## Validation Errors\n\n") for i, e := range errors { - b.WriteString(fmt.Sprintf("%d. **[%s]** at `%s`\n", i+1, e.Code, e.Path)) - b.WriteString(fmt.Sprintf(" - Message: %s\n", e.Message)) + fmt.Fprintf(&b, "%d. **[%s]** at `%s`\n", i+1, e.Code, e.Path) + fmt.Fprintf(&b, " - Message: %s\n", e.Message) if e.Suggestion != "" { - b.WriteString(fmt.Sprintf(" - Suggestion: %s\n", e.Suggestion)) + fmt.Fprintf(&b, " - Suggestion: %s\n", e.Suggestion) } if len(e.AvailableFields) > 0 { - b.WriteString(fmt.Sprintf(" - Available values: %s\n", strings.Join(e.AvailableFields, ", "))) + fmt.Fprintf(&b, " - Available values: %s\n", strings.Join(e.AvailableFields, ", ")) } } diff --git a/services/control-plane/internal/generator/topic_list.go b/services/control-plane/internal/generator/topic_list.go index a9756bf7c..f900a4cdc 100644 --- a/services/control-plane/internal/generator/topic_list.go +++ b/services/control-plane/internal/generator/topic_list.go @@ -35,10 +35,10 @@ func BuildTopicList() string { topicList := byService[svc] sort.Strings(topicList) - sb.WriteString(fmt.Sprintf("### %s\n\n", svc)) + fmt.Fprintf(&sb, "### %s\n\n", svc) for _, topic := range topicList { desc := describeTopicName(topic) - sb.WriteString(fmt.Sprintf("- `%s` — %s\n", topic, desc)) + fmt.Fprintf(&sb, "- `%s` — %s\n", topic, desc) } sb.WriteString("\n") } diff --git a/services/current-account/cmd/Dockerfile b/services/current-account/cmd/Dockerfile index b53eec46c..6696fcc71 100644 --- a/services/current-account/cmd/Dockerfile +++ b/services/current-account/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go franz-go Kafka client # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/event-router/cmd/Dockerfile b/services/event-router/cmd/Dockerfile index 7acf145b8..9082cfe92 100644 --- a/services/event-router/cmd/Dockerfile +++ b/services/event-router/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go franz-go Kafka client # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/financial-accounting/cmd/Dockerfile b/services/financial-accounting/cmd/Dockerfile index abebf07a7..e378debe2 100644 --- a/services/financial-accounting/cmd/Dockerfile +++ b/services/financial-accounting/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go franz-go Kafka client # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/financial-gateway/cmd/Dockerfile b/services/financial-gateway/cmd/Dockerfile index 62c08a983..3cab55305 100644 --- a/services/financial-gateway/cmd/Dockerfile +++ b/services/financial-gateway/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image for minimal attack surface # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/forecasting/cmd/Dockerfile b/services/forecasting/cmd/Dockerfile index c0b6e2dfb..d0d282690 100644 --- a/services/forecasting/cmd/Dockerfile +++ b/services/forecasting/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go dependencies # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/internal-account/cmd/Dockerfile b/services/internal-account/cmd/Dockerfile index d7841a1ad..29db23461 100644 --- a/services/internal-account/cmd/Dockerfile +++ b/services/internal-account/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go franz-go Kafka client # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/market-information/cmd/Dockerfile b/services/market-information/cmd/Dockerfile index d62ad63f2..42f453d1d 100644 --- a/services/market-information/cmd/Dockerfile +++ b/services/market-information/cmd/Dockerfile @@ -4,7 +4,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go dependencies # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/mcp-server/cmd/Dockerfile b/services/mcp-server/cmd/Dockerfile index c584e8053..35c7d50e3 100644 --- a/services/mcp-server/cmd/Dockerfile +++ b/services/mcp-server/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image for minimal attack surface # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/party/cmd/Dockerfile b/services/party/cmd/Dockerfile index 2878f23b5..08a0e6c8c 100644 --- a/services/party/cmd/Dockerfile +++ b/services/party/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go franz-go Kafka client # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/payment-order/cmd/Dockerfile b/services/payment-order/cmd/Dockerfile index a504f6279..e061a70ac 100644 --- a/services/payment-order/cmd/Dockerfile +++ b/services/payment-order/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go franz-go Kafka client # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/position-keeping/cmd/Dockerfile b/services/position-keeping/cmd/Dockerfile index af3baee41..d61039bec 100644 --- a/services/position-keeping/cmd/Dockerfile +++ b/services/position-keeping/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go franz-go Kafka client # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/position-keeping/domain/transaction_lineage_test.go b/services/position-keeping/domain/transaction_lineage_test.go index 08f6c8ab0..b60e2518f 100644 --- a/services/position-keeping/domain/transaction_lineage_test.go +++ b/services/position-keeping/domain/transaction_lineage_test.go @@ -167,7 +167,7 @@ func TestTransactionLineage_DefensiveCopy_Related(t *testing.T) { func TestTransactionLineage_Constructor_DefensiveCopy(t *testing.T) { // Test that mutating input slices after construction doesn't affect lineage parentID := uuid.New() - children := []uuid.UUID{uuid.New(), uuid.New()} + children := []uuid.UUID{uuid.New(), uuid.New()} //nolint:prealloc // intentional: testing defensive copy, not building a collection related := []uuid.UUID{uuid.New()} lineage, err := NewTransactionLineage(uuid.New(), "payment", &parentID, children, related) diff --git a/services/reconciliation/cmd/Dockerfile b/services/reconciliation/cmd/Dockerfile index a1581e62b..6aa8b3fb7 100644 --- a/services/reconciliation/cmd/Dockerfile +++ b/services/reconciliation/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go dependencies # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/reference-data/cmd/Dockerfile b/services/reference-data/cmd/Dockerfile index 8eb578056..660ddfd11 100644 --- a/services/reference-data/cmd/Dockerfile +++ b/services/reference-data/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go dependencies # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/services/tenant/cmd/Dockerfile b/services/tenant/cmd/Dockerfile index 0d834d0b2..cc9b9936e 100644 --- a/services/tenant/cmd/Dockerfile +++ b/services/tenant/cmd/Dockerfile @@ -3,7 +3,7 @@ # Uses distroless base image (~2MB) enabled by pure-Go franz-go Kafka client # Build stage -FROM golang:1.26.1-bookworm AS builder +FROM golang:1.26.2-bookworm AS builder # Install build dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/shared/pkg/saga/validation/report.go b/shared/pkg/saga/validation/report.go index 2ef8201c8..c9536b9b9 100644 --- a/shared/pkg/saga/validation/report.go +++ b/shared/pkg/saga/validation/report.go @@ -36,12 +36,12 @@ func (f *HumanReadableFormatter) Format(result *ValidationResult) string { complexityScore := calculateComplexityScore(result.Metrics.HandlerCallCount) complexityLabel := getComplexityLabel(complexityScore) - output.WriteString(fmt.Sprintf(" • %d handlers called\n", result.Metrics.HandlerCallCount)) - output.WriteString(fmt.Sprintf(" • Complexity: %d/10 (%s)\n", complexityScore, complexityLabel)) + fmt.Fprintf(&output, " • %d handlers called\n", result.Metrics.HandlerCallCount) + fmt.Fprintf(&output, " • Complexity: %d/10 (%s)\n", complexityScore, complexityLabel) // Show estimated duration durationMs := result.Metrics.EstimatedDuration.Milliseconds() - output.WriteString(fmt.Sprintf(" • Estimated execution: <%dms\n", durationMs)) + fmt.Fprintf(&output, " • Estimated execution: <%dms\n", durationMs) output.WriteString("\nScript ready for deployment.\n") } else { @@ -57,7 +57,7 @@ func (f *HumanReadableFormatter) Format(result *ValidationResult) string { if errorCount == 1 { output.WriteString(" 1 error found:\n\n") } else { - output.WriteString(fmt.Sprintf(" %d errors found:\n\n", errorCount)) + fmt.Fprintf(&output, " %d errors found:\n\n", errorCount) } // Show each error