chore: bump gomplate to v3.24.84#319
Conversation
|
Warning Review limit reached
More reviews will be available in 57 minutes and 46 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
Walkthrough
ChangesDependency and Go version updates
Possibly related PRs
Suggested labels
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Gavel crashed before producing resultsExit code: 1 Last lines of gavel.logFull |
995a639 to
8cbd173
Compare
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Line 191: In the go.mod file, locate the google.golang.org/protobuf dependency
which is currently pinned to the pseudo-version
v1.36.12-0.20260120151049-f2248ac996af. Replace this pseudo-version with the
stable release version v1.36.11, which is the latest officially released version
available. Pseudo-versions representing development snapshots should not be used
in production dependencies unless absolutely necessary for a specific unreleased
fix.
- Line 3: Update the Go directive to 1.26.0 and then verify the codebase is
compatible with that toolchain. Check build tags and any platform-specific code
paths for removed 32-bit windows/arm support, scan for dependencies on removed
tools like cmd/doc, and review any reverse proxy logic that may still rely on
ReverseProxy.Director or permissive URL parsing with colons in paths. Use the
relevant build-constraint files and any reverse proxy or URL parsing symbols in
the diff to locate and confirm the affected code, then run the test suite under
Go 1.26.0.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: a18a2620-8fb6-487a-a153-d9897589759b
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (1)
go.mod
| module github.com/flanksource/commons | ||
|
|
||
| go 1.25.1 | ||
| go 1.26.0 |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Verify Go version and check if there are any version-specific constraints in the codebase.
# Check if build/test constraints reference Go 1.25 or earlier versions
rg '//go:build.*go1\.' --type go | grep -E 'go1\.(2[0-4]|1[0-9])' || echo "No old Go version constraints found"
# Look for deprecated API usage or compat wrappers
rg 'deprecated|TODO.*Go 1\.26|FIXME.*version' --type go | head -20Repository: flanksource/commons
Length of output: 1990
🌐 Web query:
Go 1.26.0 release version compatibility
💡 Result:
Go 1.26 maintains the Go 1 compatibility promise, meaning almost all existing Go programs will continue to compile and run unchanged [1]. As with all Go releases, this commitment ensures that source-level compatibility is preserved for the lifetime of the Go 1 specification [2]. Key aspects of Go 1.26 compatibility and version management include: Module Compatibility: When you run go mod init, Go 1.26 defaults to specifying a lower Go version (go 1.25.0) in new go.mod files to encourage the creation of modules compatible with currently supported Go releases [1][3]. Toolchain Enforcement: The go version specified in a go.mod file acts as a mandatory minimum requirement for the toolchain [4][5]. A Go 1.26 toolchain will refuse to build code that requires a newer version (e.g., go 1.27) [5]. Bootstrapping Requirements: Go 1.26 requires Go 1.24.6 or later for bootstrapping [1]. OS Compatibility: Go 1.26 is the final release to support macOS 12 (Monterey); subsequent releases (starting with Go 1.27) will require macOS 13 (Ventura) or later [1][3]. GODEBUG Settings: Go 1.26 continues the practice of using GODEBUG settings to manage behavioral changes [6]. If a program's go.mod file specifies an older Go version, the toolchain will default to the behavior associated with that older version for GODEBUG-controlled features [6]. As of June 23, 2026, the latest release in the 1.26 branch is Go 1.26.4, released on June 2, 2026 [7][8][3]. Minor releases such as 1.26.x are fully compatible with each other and primarily contain security and bug fixes [7].
Citations:
- 1: https://go.dev/doc/go1.26
- 2: https://go.dev/doc/go1compat
- 3: https://versionlog.com/golang/1.26/
- 4: https://go.dev/doc/toolchain
- 5: https://go.dev/blog/toolchain
- 6: https://go.dev/blog/compat
- 7: https://go.dev/doc/devel/release
- 8: https://go.dev/dl/
🌐 Web query:
Go 1.25.1 to 1.26 breaking changes upgrade
💡 Result:
Upgrading from Go 1.25.1 to Go 1.26 (latest version as of June 23, 2026, is Go 1.26.4) is generally straightforward due to the Go 1 compatibility promise [1][2][3]. Most existing programs will continue to compile and run without modification [1][4]. Key Changes and Potential Impact Areas While the release is mostly additive, developers should be aware of the following changes: Tooling and Commands - The go doc tool (cmd/doc) has been removed [1][5]. Developers should use go doc directly, which replaces the former command with identical behavior [1][4]. - The go fix command has been completely rewritten to use the Go analysis framework [2][5]. Historical, obsolete fixers have been replaced by a suite of modernizers designed to suggest idiomatic updates to your code [2][5]. Library and Behavioral Changes - URL Parsing: The url.Parse function now rejects malformed URLs containing colons in the path subcomponent, such as http://host/path:with:colon [1]. - HTTP Proxy: The ReverseProxy.Director configuration field is now deprecated in favor of ReverseProxy.Rewrite [1]. - Go Module Init: The go mod init command now defaults to a lower Go version in new go.mod files to encourage broader compatibility [1][6]. For a toolchain version 1.N.X, it defaults to go 1.(N-1).0 [1][5]. Platform Support - Bootstrap Requirement: Go 1.26 requires Go 1.24.6 or later for bootstrapping [5][6]. - macOS Support: Go 1.26 is the final release supporting macOS 12 Monterey; Go 1.27 will require macOS 13 Ventura or later [6]. - Port Removal: The 32-bit windows/arm port (GOOS=windows, GOARCH=arm), which was previously marked as broken, has been removed [6]. For a complete list of updates, including new packages (such as crypto/hpke) and performance improvements (such as the enabled-by-default Green Tea garbage collector), refer to the official Go 1.26 Release Notes [1][2].
Citations:
- 1: https://go.dev/doc/go1.26
- 2: https://go.dev/blog/go1.26
- 3: https://releaserun.com/go-releases/
- 4: https://go.googlesource.com/website/+/eb9efb930efa9971d3a9a76f0c06bc7b853f1c30/_content/doc/go1.26.md
- 5: https://go.googlesource.com/website/+/0e905b70ce95ad874c839ae5523b8fb8885e14ce/_content/doc/go1.26.md
- 6: https://go.googlesource.com/website/+/9e72c5721b9d1863bc1e090ef721aec44a296e85/_content/doc/go1.26.md
Update Go version to 1.26.0 and verify build constraints and platform-specific code.
Updating the Go directive from 1.25.1 to 1.26.0 is generally safe due to the Go 1 compatibility promise; however, verify that:
- The codebase does not target the removed 32-bit windows/arm platform
- Code does not rely on removed tools like
cmd/doc - Any HTTP reverse proxy code does not depend on the deprecated
ReverseProxy.Directorfield - URL parsing does not depend on accepting malformed URLs with colons in paths
Run tests with Go 1.26.0 to confirm all functionality works as expected. The coding guidelines' requirement for Go 1.23.0+ is satisfied.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` at line 3, Update the Go directive to 1.26.0 and then verify the
codebase is compatible with that toolchain. Check build tags and any
platform-specific code paths for removed 32-bit windows/arm support, scan for
dependencies on removed tools like cmd/doc, and review any reverse proxy logic
that may still rely on ReverseProxy.Director or permissive URL parsing with
colons in paths. Use the relevant build-constraint files and any reverse proxy
or URL parsing symbols in the diff to locate and confirm the affected code, then
run the test suite under Go 1.26.0.
| golang.org/x/text v0.34.0 // indirect | ||
| golang.org/x/tools v0.42.0 // indirect | ||
| google.golang.org/protobuf v1.36.11 // indirect | ||
| google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af // indirect |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟠 Major
🧩 Analysis chain
🌐 Web query:
What is the latest released version of google.golang.org/protobuf?
💡 Result:
The latest released version of the google.golang.org/protobuf module is v1.36.11 [1][2][3]. This version was published on December 12, 2025 [1][3].
Citations:
- 1: https://pkg.go.dev/google.golang.org/protobuf
- 2: https://github.com/protocolbuffers/protobuf-go/releases
- 3: https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.36.11
🌐 Web query:
google.golang.org/protobuf v1.36.12 release status 2026
💡 Result:
As of June 23, 2026, there is no official release of google.golang.org/protobuf version v1.36.12 [1]. While various pseudo-versions (e.g., v1.36.12-0.20260120151049-f2248ac996af) exist in the Go module proxy ecosystem, these are development snapshots or commit-based tags rather than an official stable release [2][3][4]. The most recent official stable release listed in the project's repository is v1.36.11, published on December 12, 2025 [4][1]. The lack of an official v1.36.12 release has been noted by the community, with inquiries regarding its status appearing in official issue trackers as recently as April 2026 [5].
Citations:
- 1: https://github.com/protocolbuffers/protobuf-go/releases
- 2: https://pkg.go.dev/google.golang.org/protobuf@v1.36.12-0.20260120151049-f2248ac996af
- 3: https://deps.dev/go/google.golang.org%2Fprotobuf/v1.36.11/versions
- 4: https://pkg.go.dev/google.golang.org/protobuf
- 5: New release for google.golang.org/protobuf - v1.36.12? 🙏🏾 golang/protobuf#1711
Use the stable release v1.36.11 instead of the pseudo-version for google.golang.org/protobuf.
Line 191 pins google.golang.org/protobuf to v1.36.12-0.20260120151049-f2248ac996af, a pseudo-version representing an unreleased development snapshot. No official v1.36.12 release exists; the latest stable version is v1.36.11 (released December 12, 2025). Pseudo-versions should be avoided in production dependencies unless there is a specific fix required from the development code that is not available in a stable release. Replace with v1.36.11 or the actual release version needed.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` at line 191, In the go.mod file, locate the
google.golang.org/protobuf dependency which is currently pinned to the
pseudo-version v1.36.12-0.20260120151049-f2248ac996af. Replace this
pseudo-version with the stable release version v1.36.11, which is the latest
officially released version available. Pseudo-versions representing development
snapshots should not be used in production dependencies unless absolutely
necessary for a specific unreleased fix.
8cbd173 to
93ec483
Compare
Automated changes by create-pull-request GitHub action