Skip to content

chore: bump go directive and fix trivy CVEs in go.mod#82

Closed
keegancsmith wants to merge 1 commit intomasterfrom
egg-change/go-version-trivy-fixes
Closed

chore: bump go directive and fix trivy CVEs in go.mod#82
keegancsmith wants to merge 1 commit intomasterfrom
egg-change/go-version-trivy-fixes

Conversation

@keegancsmith
Copy link
Copy Markdown
Member

@keegancsmith keegancsmith commented Apr 29, 2026

This PR was generated by Sourcegraph Batch Changes.

Changes

  • Bumps the go directive:
    • To go 1.25.9 for modules currently below 1.26
    • To go 1.26.2 for modules already on 1.26.x
  • Removes any toolchain directive (toolchain selection is handled automatically)
  • Runs go mod tidy to keep go.sum consistent with the new directive
  • Fixes all CVEs reported by trivy fs go.mod by upgrading specific transitive
    dependencies to their minimum safe versions

Why

Ensures a consistent, secure Go toolchain version across all first-party
github.com/sourcegraph/* modules that are depended on by sourcegraph/sourcegraph.

Hatched by a Sourcegraph egg.

@keegancsmith
Copy link
Copy Markdown
Member Author

keegancsmith commented Apr 29, 2026

No CVE and this is a widely used library. No point bumping minimum allowed go version.

@keegancsmith keegancsmith deleted the egg-change/go-version-trivy-fixes branch April 29, 2026 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@keegancsmith