Skip to content

feat: update dependencies#660

Merged
talos-bot merged 1 commit into
siderolabs:mainfrom
smira:feat/bump-deps-05-28
May 28, 2026
Merged

feat: update dependencies#660
talos-bot merged 1 commit into
siderolabs:mainfrom
smira:feat/bump-deps-05-28

Conversation

@smira

@smira smira commented May 28, 2026

Copy link
Copy Markdown
Member

Update all dependencies, specifically lock-threads update should fix the action failure due to new GH token structure.

Copilot AI review requested due to automatic review settings May 28, 2026 10:33
@talos-bot talos-bot moved this from To Do to In Review in Planning May 28, 2026
@github-project-automation github-project-automation Bot moved this to To Do in Planning May 28, 2026
@github-project-automation github-project-automation Bot moved this from In Review to Approved in Planning May 28, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Routine dependency bump PR. Updates pinned GitHub Action refs, Node base image, Syft, and Go module dependencies (go-git/v5 and go-github to v88), and regenerates the affected workflow files. The main motivator called out in the description is bumping dessant/lock-threads to fix an action failure caused by GitHub's new token structure.

Changes:

  • Bump pinned action/tool versions in internal/config/constants.go (Codecov, docker login, setup-buildx, Node, Syft, stale, lock-threads).
  • Update Go module deps (go-git/v5 v5.19.1, go-github v87 → v88) and the two import sites for go-github.
  • Regenerate ci.yaml, helm.yaml, lock.yml, and stale.yml to reflect the new refs/versions.

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
internal/config/constants.go Bumps pinned versions/refs for several GitHub Actions, Node image, and Syft.
internal/output/github/github.go Updates go-github import path from v87 to v88.
internal/project/common/repository.go Updates go-github import path from v87 to v88.
go.mod Bumps go-git/v5 and go-github module versions.
go.sum Checksums for updated modules.
.github/workflows/ci.yaml Regenerated: new setup-buildx, docker login, and codecov refs.
.github/workflows/helm.yaml Regenerated: new setup-buildx and docker login refs.
.github/workflows/lock.yml Regenerated: new dessant/lock-threads ref (v6.0.2).
.github/workflows/stale.yml Regenerated: new actions/stale ref (v10.3.0).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread internal/config/constants.go
Update all dependencies, specifically lock-threads update should fix the
action failure due to new GH token structure.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
@smira smira force-pushed the feat/bump-deps-05-28 branch from 6f705ec to e1a258d Compare May 28, 2026 10:45
@smira

smira commented May 28, 2026

Copy link
Copy Markdown
Member Author

/m

@talos-bot talos-bot merged commit e1a258d into siderolabs:main May 28, 2026
15 checks passed
@github-project-automation github-project-automation Bot moved this from Approved to Done in Planning May 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Archived in project

Development

Successfully merging this pull request may close these issues.

4 participants