Skip to content

chore(deps): consolidate dependency updates#115

Merged
alexgarzao merged 1 commit intodevelopfrom
chore/consolidate-dependency-updates
Apr 13, 2026
Merged

chore(deps): consolidate dependency updates#115
alexgarzao merged 1 commit intodevelopfrom
chore/consolidate-dependency-updates

Conversation

@alexgarzao
Copy link
Copy Markdown
Collaborator

@alexgarzao alexgarzao commented Apr 13, 2026

Summary

Consolidates all open Dependabot dependency updates into a single PR.

Dependencies updated

Package From To
github.com/go-playground/validator/v10 v10.30.1 v10.30.2
github.com/google/cel-go v0.27.0 v0.28.0
github.com/testcontainers/testcontainers-go v0.41.0 v0.42.0
github.com/testcontainers/testcontainers-go/modules/postgres v0.41.0 v0.42.0
go.opentelemetry.io/otel v1.42.0 v1.43.0
go.opentelemetry.io/otel/sdk v1.42.0 v1.43.0
go.opentelemetry.io/otel/sdk/metric v1.42.0 v1.43.0
go.opentelemetry.io/otel/trace v1.42.0 v1.43.0
golang.org/x/text v0.35.0 v0.36.0

Supersedes

Closes #99, closes #100, closes #101, closes #102, closes #103, closes #111, closes #112, closes #113, closes #114

Notes

  • The OTel SDK bump to v1.43.0 also fixes CVE-2026-39883 (HIGH) that was flagged in security scans.
  • Build passes, all 3813 unit tests pass.

@alexgarzao
chore(deps): consolidate dependency updates
0a77ac3 
Bump the following dependencies:
- github.com/go-playground/validator/v10: v10.30.1 → v10.30.2
- github.com/google/cel-go: v0.27.0 → v0.28.0
- github.com/testcontainers/testcontainers-go: v0.41.0 → v0.42.0
- github.com/testcontainers/testcontainers-go/modules/postgres: v0.41.0 → v0.42.0
- go.opentelemetry.io/otel: v1.42.0 → v1.43.0
- go.opentelemetry.io/otel/sdk: v1.42.0 → v1.43.0
- go.opentelemetry.io/otel/sdk/metric: v1.42.0 → v1.43.0
- go.opentelemetry.io/otel/trace: v1.42.0 → v1.43.0
- golang.org/x/text: v0.35.0 → v0.36.0

Consolidates Dependabot PRs: #99, #100, #101, #102, #103, #111, #112, #113, #114
@alexgarzao alexgarzao requested a review from a team as a code owner April 13, 2026 18:57
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 13, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: dbacf06d-d4d3-4ba4-990d-d89442c53330

📥 Commits

Reviewing files that changed from the base of the PR and between cf9853c and 0a77ac3.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

Walkthrough

Updates direct and indirect Go module dependencies to newer versions, including patch and minor version bumps for packages like validator, cel-go, testcontainers, OpenTelemetry, and golang.org/x utilities. Adjusts indirect dependency graph by replacing docker with moby references.

Changes

Cohort / File(s) Summary
Dependency Updates
go.mod		 Updates direct dependencies (validator, cel-go, testcontainers, OpenTelemetry, golang.org/x/text) to newer versions; adjusts indirect dependency graph by replacing docker with moby references and bumping related packages (gopsutil, logrus, moby/patternmatcher, golang.org/x/mod, golang.org/x/tools).

Comment @coderabbitai help to get the list of available commands and usage tips.

@lerian-studio
Copy link
Copy Markdown

lerian-studio commented Apr 13, 2026

📊 Unit Test Coverage Report: tracer

Metric Value
Overall Coverage 82.7% ⚠️ BELOW THRESHOLD
Threshold 85%

Coverage by Package

Package Coverage
tracer/internal/adapters/cel 81.9%
tracer/internal/adapters/http/in/middleware 55.1%
tracer/internal/adapters/http/in 81.6%
tracer/internal/adapters/postgres/db 50.0%
tracer/internal/adapters/postgres 76.2%
tracer/internal/services/cache 95.6%
tracer/internal/services/command 78.9%
tracer/internal/services/query 79.8%
tracer/internal/services/workers 80.1%
tracer/internal/services 47.4%
tracer/internal/testhelper 0.0%
tracer/pkg/clock 50.0%
tracer/pkg/contextutil 100.0%
tracer/pkg/hash 100.0%
tracer/pkg/logging 100.0%
tracer/pkg/migration 89.0%
tracer/pkg/model 95.0%
tracer/pkg/net/http 88.3%
tracer/pkg/resilience 97.8%
tracer/pkg/sanitize 87.1%
tracer/pkg/validation 50.0%
tracer/pkg 96.6%

Generated by Go PR Analysis workflow

@lerian-studio
Copy link
Copy Markdown

lerian-studio commented Apr 13, 2026

🔒 Security Scan Results — tracer

Trivy

Filesystem Scan

✅ No vulnerabilities or secrets found.

Docker Image Scan

✅ No vulnerabilities found.

Docker Hub Health Score Compliance

✅ Policies — 4/4 met

Policy Status
Default non-root user ✅ Passed
No fixable critical/high CVEs ✅ Passed
No high-profile vulnerabilities ✅ Passed
No AGPL v3 licenses ✅ Passed

🔍 View full scan logs

@alexgarzao alexgarzao merged commit 8ca730c into develop Apr 13, 2026
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@alexgarzao alexgarzao

Labels

area: dependencies size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexgarzao @lerian-studio