build(deps): Bump golang.org/x/net from 0.0.0-20220617184016-355a448f1bc9 to 0.53.0#889
Conversation
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220617184016-355a448f1bc9 to 0.53.0. - [Commits](https://github.com/golang/net/commits/v0.53.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.53.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 880428c. Configure here.
| module github.com/tendermint/tendermint | ||
|
|
||
| go 1.17 | ||
| go 1.25.0 |
There was a problem hiding this comment.
Go minimum version jumps from 1.17 to 1.25.0
High Severity
The go directive changed from 1.17 to 1.25.0, which is an 8-version jump in the minimum required Go toolchain. This is a side effect of golang.org/x/net v0.53.0 declaring go 1.25.0 in its own go.mod, causing MVS to propagate the requirement. While technically correct for the dependency resolution, this fundamentally changes the project's build requirements and is far beyond the intended scope of bumping a single dependency. Any developer or CI pipeline using Go < 1.25 will be unable to build the project.
Reviewed by Cursor Bugbot for commit 880428c. Configure here.
Bumps golang.org/x/net from 0.0.0-20220617184016-355a448f1bc9 to 0.53.0.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Medium Risk
Updates the module’s Go toolchain version and bumps several core
golang.org/x/*dependencies, which can affect build behavior and transitive dependency resolution. Risk is mainly around compatibility/tooling changes rather than application logic.Overview
Modernizes Go module configuration and dependencies.
Bumps the module
goversion from1.17to1.25.0and upgradesgolang.org/x/nettov0.53.0along with relatedgolang.org/x/*packages (notablycrypto,sync,mod,sys,term,text,tools) andgithub.com/google/go-cmp.Refreshes
go.sumaccordingly and adjusts theretractdirective formatting ingo.mod.Reviewed by Cursor Bugbot for commit 880428c. Bugbot is set up for automated code reviews on this repo. Configure here.