Draft
Conversation
Upgrade github.com/RoaringBitmap/roaring to v2.15.0 (major version bump). Updated import path to use /v2 module path. No breaking API changes affect the codebase - all existing methods (New, AddInt, AndCardinality, OrCardinality) remain compatible. Changes: RoaringBitmap/roaring@v1.9.4...v2.15.0 Key improvements in v2: - Performance optimizations for bitmap operations - Reduced memory allocations - Bug fixes and stability improvements - Updated bitset dependency to v1.24.2 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Upgrade github.com/golang-jwt/jwt from v4.5.2 to v5.3.1. Updated import paths from /v4 to /v5 across 4 files. No API changes required - all used APIs (MapClaims, NewWithClaims, SigningMethodRS256, ParseWithClaims, RegisteredClaims, ParseRSAPrivateKeyFromPEM, WithoutClaimsValidation, ErrTokenMalformed) are compatible with v5. Changes: golang-jwt/jwt@v4.5.2...v5.3.1 Tested with: - go test ./central/auth/m2m -run TestIssuerFromRawIDToken - go test ./central/auth/m2m -run Test_genericTokenVerifier_VerifyIDToken Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Upgrade github.com/google/go-github from v60.0.0 to v84.0.0. Updated import paths from /v60 to /v84 across 5 files in tools. Breaking changes that DON'T affect our code: - CreateWorkflowDispatchEvent* changes (not used) - IssuesService.List split (we use Search.Issues) - PackageGetAllVersions changes (not used) - ListAutoLinks/ListReviewers changes (not used) Changes: google/go-github@v60.0.0...v84.0.0 Tested with: - go build ./tools/retest - go test ./tools/retest Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Migrate from cenkalti/backoff/v4 to v5 with breaking API changes: - v5 Retry() signature changed to take context as first param and generic Operation[T] - Removed RetryNotify, WithContext functions - MaxElapsedTime field removed from ExponentialBackOff struct - Replaced field assignment patterns with WithMaxElapsedTime() option - Updated all retry logic to use new backoff.Retry(ctx, operation, opts...) pattern - Migrated notification callbacks to WithNotify() option - Removed GetElapsedTime() usage, replaced with manual time tracking Files updated: - 12 Go source files across sensor, compliance, central notifiers, and scanner packages - All existing tests pass with new API Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Migrate from vbauerster/mpb/v4 to v8 with breaking API changes:
- BarFiller.Fill() signature changed: Fill(w, width, *Statistics) → Fill(w, Statistics) error
- Decorator.Decor() signature changed: Decor(*Statistics) string → Decor(Statistics) (string, int)
- decor.UnitKiB constant removed, replaced with decor.SizeB1024(0) function
- Updated WC embedding pattern - use WC.Format() instead of FormatMsg()/GetWidth()
- WithManualRefresh/WithShutdownNotifier now require chan interface{} instead of specific types
- Progress.Add() now returns (*Bar, error) instead of *Bar
- Added Progress.AddBar() method for default bar style
- Progress.New() for custom BarFiller implementations
Changes made:
- roxctl/central/db/restore/statusline.go: Updated Fill() method signature and error handling
- roxctl/central/db/restore/v2_restorer.go: Updated imports to v8
- roxctl/central/db/transfer/progress_bar.go: Updated Decor() and Fill() signatures, replaced UnitKiB
- roxctl/central/db/transfer/transfer.go: Updated imports to v8
All tests pass successfully.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Migrate to go-sarif v3 which has a new package structure and API.
API changes:
- Import path: v2/sarif → v3/pkg/report + v3/pkg/report/v210/sarif
- Report creation: sarif.New() → report.NewV210Report()
- Builder pattern updates: NewMultiformatMessageString(text) → .WithText(text)
- Property bag: sarif.Properties{} → NewPropertyBag().Add().WithTags()
- URI method: WithUri() → WithURI()
The v3 library generates more verbose but still SARIF 2.1.0 compliant JSON.
Signed-off-by: Tomasz Janiszewski <tomek@redhat.com>
The go-sarif v3 library generates more verbose JSON output with additional fields compared to v2. This updates the expected test data files to match the new SARIF 2.1.0 compliant output format. Related to the upgrade from go-sarif v2.3.3 to v3.3.0 started in the previous WIP commit. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Migrated from archived github.com/mitchellh/mapstructure v1.5.1 to the actively maintained github.com/go-viper/mapstructure/v2 v2.5.0. The mitchellh/mapstructure package has been archived and is no longer maintained. The go-viper fork provides a drop-in replacement with API compatibility. Affected packages: - scanner/config: config loading with custom decode hooks - pkg/scannerv4: version encoding/decoding All tests pass. The old dependency remains as an indirect dependency via hashicorp/vault/api used by the sigstore stack. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Migrated from archived github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1 to the actively maintained prometheus provider package from go-grpc-middleware (providers/prometheus v1.1.0). The old go-grpc-prometheus package has been archived and is no longer maintained. The new prometheus provider is the official replacement from the grpc-ecosystem, offering the same functionality with an improved API. Changes: - Replaced global EnableHandlingTimeHistogram() with ServerMetrics instance configured with WithServerHandlingTimeHistogram() - Updated interceptor usage from global functions to methods on ServerMetrics instance - Added explicit Prometheus registration in init() Affected: pkg/grpc/server.go (gRPC metrics collection) All tests pass. The old dependency remains as an indirect dependency via other grpc-ecosystem packages. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Applied gofmt and golangci-lint --fix to reorder imports alphabetically in files modified during dependency migrations. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
Skipping CI for Draft Pull Request. |
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
change me!
User-facing documentation
Testing and quality
Automated testing
How I validated my change
change me!