build(deps): Bump github.com/go-git/go-git/v5 from 5.5.1 to 5.17.2#875
build(deps): Bump github.com/go-git/go-git/v5 from 5.5.1 to 5.17.2#875dependabot[bot] wants to merge 1 commit intov0.34.xfrom
Conversation
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.5.1 to 5.17.2. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.5.1...v5.17.2) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.17.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit c78712b. Configure here.
| module github.com/tendermint/tendermint | ||
|
|
||
| go 1.18 | ||
| go 1.24.0 |
There was a problem hiding this comment.
Go minimum version jumped from 1.18 to 1.24.0
High Severity
The go directive changed from go 1.18 to go 1.24.0 as a side effect of bumping go-git. Starting with Go 1.21, the go directive acts as a strict minimum version requirement, meaning this project now refuses to build with any Go version below 1.24.0. This is a jump of six minor versions and will break CI pipelines, developer environments, and downstream consumers still using older Go toolchains. A dependency bump PR likely did not intend to enforce such a large minimum Go version increase.
Reviewed by Cursor Bugbot for commit c78712b. Configure here.
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/go_modules/v0.34.x/github.com/go-git/go-git/v5-5.17.2
branch
Bumps github.com/go-git/go-git/v5 from 5.5.1 to 5.17.2.
Release notes
Sourced from github.com/go-git/go-git/v5's releases.
... (truncated)
Commits
45ae193Merge pull request #1944 from go-git/fix-permsfda4f74storage: filesystem/dotgit, Skip writing pack files that already exist on disk2212dc7Merge pull request #1941 from go-git/renovate/releases/v5.x-go-github.com-go-...ebb2d7dbuild: Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY]5e23dfdMerge pull request #1937 from pjbgf/idx-v56b38a32Merge pull request #1935 from pjbgf/index-v5cd757fcplumbing: format/idxfile, Fix version and fanout checks3ec0d70plumbing: format/index, Fix tree extension invalidated entry parsingdbe10b6plumbing: format/index, Align V2/V3 long name and V4 prefix encoding with Gite9b65dfplumbing: format/index, Improve v4 entry name validationDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Note
Medium Risk
Moderate risk due to a Go toolchain version bump to
go 1.24.0and large dependency upgrades (notablygithub.com/go-git/go-git/v5), which can affect build compatibility and runtime behavior intest/e2e/generatorand transitive packages.Overview
Updates the module’s Go version to
1.24.0and bumpsgithub.com/go-git/go-git/v5fromv5.5.1tov5.17.2.Refreshes a broad set of direct and transitive dependencies (e.g.,
golang.org/x/crypto,golang.org/x/net,google.golang.org/protobuf,github.com/stretchr/testify, and go-git’s transitive deps likecirclandsha1cd), with correspondinggo.sumchanges.Reviewed by Cursor Bugbot for commit c78712b. Bugbot is set up for automated code reviews on this repo. Configure here.