chore(deps): update indirect dependencies to fix dependabot alerts 50…#1425
Conversation
There was a problem hiding this comment.
Pull request overview
Updates Go module dependencies in flashcat.cloud/categraf, primarily to address Dependabot alerts, by changing the Docker dependency version and refreshing related indirect module metadata.
Changes:
- Bumped
github.com/docker/dockerversion and updated correspondinggo.sumentries. - Added new indirect dependencies (e.g.,
github.com/containerd/errdefs,github.com/moby/sys/atomicwriter) and checksums. - Modified the
replaceblock ingo.mod(added a Docker replace; removed thekardianos/servicefork replace).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| go.mod | Updates Docker requirement, adds indirect deps, and changes replace directives. |
| go.sum | Adds checksums for newly introduced indirect deps and updates Docker checksums. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ) | ||
|
|
||
| replace ( | ||
| github.com/docker/docker => github.com/docker/docker v27.1.1 |
There was a problem hiding this comment.
require was bumped to github.com/docker/docker v28.5.2, but the new replace forces the build to use github.com/docker/docker v27.1.1 instead. This effectively negates the upgrade (and may leave Dependabot-reported vulnerabilities unresolved) while making the module graph confusing. Drop the replace if the goal is to actually upgrade, or align the replace target to the intended version and re-run go mod tidy so go.sum matches the effective version.
| github.com/docker/docker => github.com/docker/docker v27.1.1 |
…, 66, 67