Update module github.com/cenkalti/backoff/v3 to v7#215
Update module github.com/cenkalti/backoff/v3 to v7#215red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
Conversation
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR. I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
📝 WalkthroughWalkthroughSupply chain change: go.mod swaps indirect dependency github.com/cenkalti/backoff/v3 for github.com/cenkalti/backoff/v7 (v7.0.0). This is a major version jump (v3→v7) in a transitive dependency — no CVE cited in the diff, no changelog/audit trail provided. Verify upstream release integrity (checksum in go.sum) and confirm no breaking API changes propagate through the dependency graph before merge. Module provenance for the new major version tag should be checked against known supply-chain tampering patterns (CWE-1104: Use of Unmaintained Third-Party Components; verify signed tags/module proxy checksums per GONOSUMCHECK policy). Estimated code review effort: 1 (Trivial) | ~3 minutes Related Issues: None referenced in diff. Related PRs: None referenced in diff. Suggested labels: dependencies, go.mod, needs-go-sum-verification Suggested reviewers: Assign whoever owns dependency/supply-chain review for this repo. Poem: 🚥 Pre-merge checks | ✅ 11✅ Passed checks (11 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
|
Closing — waiting for Go 1.26 bump (HYPERFLEET-1311). Renovate will recreate with proper go.sum after the bump. |
|
/ok-to-test |
Risk Score: 0 —
|
| Signal | Detail | Points |
|---|---|---|
| PR size | 2 lines | +0 |
| Sensitive paths | none | +0 |
Computed by hyperfleet-risk-scorer
Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
037df67 to
0ceefd5
Compare
|
@red-hat-konflux-kflux-prd-rh02[bot]: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Closing — indirect dependency major bump that should have been blocked by renovate config. Renovate bug. |
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
This PR contains the following updates:
v3.2.2→v7.0.0Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
cenkalti/backoff (github.com/cenkalti/backoff/v3)
v7.0.0Compare Source
v6.0.1Compare Source
v6.0.0Compare Source
v5.0.3Compare Source
v5.0.2Compare Source
v5.0.1Compare Source
v5.0.0Compare Source
v4.3.0Compare Source
v4.2.1Compare Source
v4.2.0Compare Source
v4.1.3Compare Source
v4.1.2Compare Source
v4.1.1Compare Source
v4.1.0Compare Source
v4.0.2Compare Source
v4.0.1Compare Source
v4.0.0Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.