Update module github.com/cenkalti/backoff/v5 to v7#217
Update module github.com/cenkalti/backoff/v5 to v7#217red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
Conversation
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR. I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
📝 WalkthroughWalkthroughModified go.mod to change the required version of github.com/cenkalti/backoff from v5.0.3 (module path v5) to v7.0.0 (module path v7). No source code, imports, or exported entities changed. Estimated code review effort: 2 (Simple) | ~5 minutes Changes
Supply chain note: Major version bump (v5→v7) — this is not a simple patch/minor update. A go.sum diff was not provided in this summary; verify checksum entries for the new module path were regenerated and that go.sum hash pinning is intact (CWE-1104, "Use of Unmaintained Third Party Components" applies if provenance of v7.0.0 isn't verified). Confirm no import paths in consuming code still reference /v5 — a mismatched major-version import path will fail to compile, not silently succeed, but verify CI actually exercises build+test rather than skipping on cache. No CVE specifically tied to backoff v5/v7 is asserted here — confirm via vulnerability database before merge. Suggested labels: dependencies, go.mod Suggested reviewers: Not enough information to assign meaningfully — check ownership of go.mod update policy for this repo. 🚥 Pre-merge checks | ✅ 11✅ Passed checks (11 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Line 6: The module version has been bumped to github.com/cenkalti/backoff/v7,
but internal/client/client.go still references the old v5 import, so update that
import to v7 and regenerate go.sum so the build stays consistent. Make the
change in the client code that uses the backoff package, then refresh the
dependency sums to match the new go.mod requirement.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 2d04c99e-5191-46e0-88d2-6b0676611482
📒 Files selected for processing (1)
go.mod
🔗 Linked repositories identified
CodeRabbit considers these linked repositories for cross-repo context during reviews:
openshift-hyperfleet/architecture(manual)openshift-hyperfleet/hyperfleet-api(manual) → reviewed against open PR#280konflux/mintmaker/main/github.com-cenkalti-backoff-v5-7.xinstead of the default branchopenshift-hyperfleet/hyperfleet-sentinel(manual)openshift-hyperfleet/hyperfleet-adapter(manual) → reviewed against open PR#228konflux/mintmaker/main/github.com-cenkalti-backoff-v5-7.xinstead of the default branchopenshift-hyperfleet/hyperfleet-broker(manual)
|
|
||
| require ( | ||
| github.com/cenkalti/backoff/v5 v5.0.3 | ||
| github.com/cenkalti/backoff/v7 v7.0.0 |
There was a problem hiding this comment.
🩺 Stability & Availability | 🟠 Major | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
rg -n 'github.com/cenkalti/backoff/(v5|v7)' --glob '*.go' --glob 'go.mod' --glob 'go.sum' .Repository: openshift-hyperfleet/hyperfleet-sentinel
Length of output: 496
Update the backoff import to v7 and regenerate sums (CWE-829).
internal/client/client.go still imports github.com/cenkalti/backoff/v5, so this go.mod bump to github.com/cenkalti/backoff/v7 will break the build until the source import is migrated and go.sum is refreshed.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` at line 6, The module version has been bumped to
github.com/cenkalti/backoff/v7, but internal/client/client.go still references
the old v5 import, so update that import to v7 and regenerate go.sum so the
build stays consistent. Make the change in the client code that uses the backoff
package, then refresh the dependency sums to match the new go.mod requirement.
Source: Path instructions
|
Closing — waiting for Go 1.26 bump (HYPERFLEET-1311). Renovate will recreate with proper go.sum after the bump. |
|
/ok-to-test |
Risk Score: 0 —
|
| Signal | Detail | Points |
|---|---|---|
| PR size | 2 lines | +0 |
| Sensitive paths | none | +0 |
Computed by hyperfleet-risk-scorer
Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
930c25e to
12d3c88
Compare
|
@red-hat-konflux-kflux-prd-rh02[bot]: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This PR contains the following updates:
v5.0.3→v7.0.0Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
cenkalti/backoff (github.com/cenkalti/backoff/v5)
v7.0.0Compare Source
v6.0.1Compare Source
v6.0.0Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.