Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): Update indirect dependencies. #580

Merged
merged 5 commits into from
Jan 24, 2025
Merged

build(deps): Update indirect dependencies. #580

merged 5 commits into from
Jan 24, 2025

Conversation

SahibYar
Copy link
Contributor

@SahibYar SahibYar commented Jan 21, 2025
edited
Loading

updated dependencies but needed to make change in makefile by resetting staticcheck from @latest to v0.4.7 because @latest version requires go version 1.22 but we can't update it to 1.20 right now.

Testing

I also tried to make all whose output is following.

sahibyar@Sahibs-MacBook-Pro-M3 go-fastly % make all                                                                                              
==> Downloading Go module
==> Downloading development dependencies
==> Downloading https://formulae.brew.sh/api/formula.jws.json
==> Downloading https://formulae.brew.sh/api/cask.jws.json
Warning: semgrep 1.103.0 is already installed and up-to-date.
To reinstall 1.103.0, run:
  brew reinstall semgrep
==> Tidying module
==> Running gofmt
==> Fixing imports
==> Testing go-fastly
?       github.com/fastly/go-fastly/v9/fastly/domains   [no test files]
?       github.com/fastly/go-fastly/v9/fastly/products  [no test files]
ok      github.com/fastly/go-fastly/v9/fastly   (cached)
ok      github.com/fastly/go-fastly/v9/fastly/domains/v1        (cached)
ok      github.com/fastly/go-fastly/v9/fastly/image_optimizer_default_settings  (cached)
ok      github.com/fastly/go-fastly/v9/fastly/products/bot_management   (cached)
ok      github.com/fastly/go-fastly/v9/fastly/products/brotli_compression       (cached)
ok      github.com/fastly/go-fastly/v9/fastly/products/ddos_protection  (cached)
ok      github.com/fastly/go-fastly/v9/fastly/products/domain_inspector (cached)
ok      github.com/fastly/go-fastly/v9/fastly/products/fanout   (cached)
ok      github.com/fastly/go-fastly/v9/fastly/products/image_optimizer  (cached)
ok      github.com/fastly/go-fastly/v9/fastly/products/log_explorer_insights    (cached)
?       github.com/fastly/go-fastly/v9/internal/test_utils      [no test files]
ok      github.com/fastly/go-fastly/v9/fastly/products/ngwaf    (cached)
ok      github.com/fastly/go-fastly/v9/fastly/products/origin_inspector (cached)
ok      github.com/fastly/go-fastly/v9/fastly/products/websockets       (cached)
ok      github.com/fastly/go-fastly/v9/internal/productcore     (cached)
==> Running go vet
==> Running staticcheck
staticcheck 2023.1.7 (v0.4.7)
if command -v semgrep &> /dev/null; then semgrep ci --config auto --exclude-rule generic.secrets.security.detected-private-key.detected-private-key ; fi
                  
                  
┌────────────────┐
│ Debugging Info │
└────────────────┘
                  
  SCAN ENVIRONMENT
  versions    - semgrep 1.103.0 on python 3.13.1                       
  environment - running in environment git, triggering event is unknown
                                                                                                                        
  Scanning 1263 files (only git-tracked) with 1057 Code rules:
            
  CODE RULES
                                                                                                                        
  Language      Rules   Files          Origin      Rules                                                                
 ─────────────────────────────        ───────────────────                                                               
  <multilang>      47    1144          Community    1057                                                                
  yaml             31     980                                                                                           
  go               83     145                                                                                           
  bash              4       5                                                                                           
                                                                                                                        
                    
  SUPPLY CHAIN RULES
                  
  No rules to run.
                  
          
  PROGRESS
   
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00                                                                                                                        
                
                
┌──────────────┐
│ Scan Summary │
└──────────────┘
Some files were skipped or only partially analyzed.
  Scan was limited to files tracked by git.
  Partially scanned: 1 files only partially analyzed due to parsing or internal Semgrep errors
  Scan skipped: 1 files larger than 1.0 MB, 118 files matching .semgrepignore patterns
  For a full list of skipped files, run semgrep with the --verbose flag.

(need more rules? `semgrep login` for additional free Semgrep Registry rules)

CI scan completed successfully.
  Found 0 findings (0 blocking) from 1057 rules.
  No blocking findings so exiting with code 0

@kpfleming
Copy link
Contributor

This looks fine to me, thanks for the contribution! Would you be willing to include a .github/dependabot.yml file in this PR to enable 'version' update PRs from Dependabot? That would keep us from getting out of date again, as we will get automatic PRs for new dependency versions.

@SahibYar
Copy link
Contributor Author

The Dependabot configuration has been added, and I tested it on my forked repository. The bot successfully opened multiple PRs to update the dependencies. You can review the results here: SahibYar/go-fastly Pull Requests.

kpfleming
kpfleming requested changes Jan 24, 2025
View reviewed changes
Copy link
Contributor

@kpfleming kpfleming left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of very small changes and this is ready to go.

.github/dependabot.yml Outdated Show resolved Hide resolved
.github/dependabot.yml Show resolved Hide resolved
kpfleming
kpfleming reviewed Jan 24, 2025
View reviewed changes
.github/dependabot.yml Outdated Show resolved Hide resolved
@kpfleming kpfleming changed the title Updated dependencies build(deps): Update indirect dependencies. Jan 24, 2025
@kpfleming kpfleming merged commit 0e28ec0 into fastly:main Jan 24, 2025
3 checks passed
@philippschulte philippschulte mentioned this pull request Jan 27, 2025
Open
@SahibYar SahibYar deleted the refactor/updating-dependencies branch January 28, 2025 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kpfleming kpfleming kpfleming approved these changes

Assignees
No one assigned
Labels
include-in-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SahibYar @kpfleming @anthony-gomez-fastly