Skip to content

build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 #507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 8, 2025
Merged

build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 #507

merged 1 commit into from
Apr 8, 2025
+17 −17

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2025
edited
Loading

Bumps golang.org/x/net from 0.33.0 to 0.36.0.

Commits
  • 85d1d54 go.mod: update golang.org/x dependencies
  • cde1dda proxy, http/httpproxy: do not mismatch IPv6 zone ids against hosts
  • fe7f039 publicsuffix: spruce up code gen and speed up PublicSuffix
  • 459513d internal/http3: move more common stream processing to genericConn
  • aad0180 http2: fix flakiness from t.Log when GOOS=js
  • b73e574 http2: don't log expected errors from writing invalid trailers
  • 5f45c77 internal/http3: make read-data tests usable for server handlers
  • 43c2540 http2, internal/httpcommon: reject userinfo in :authority
  • 1d78a08 http2, internal/httpcommon: factor out server header logic for h2/h3
  • 0d7dc54 quic: add Conn.ConnectionState
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Auto-pinning label Mar 13, 2025
@dependabot dependabot bot requested review from a team as code owners March 13, 2025 01:40
@SarahFrench
Copy link
Member

The failing tests don't appear to be due to a fluke, but I don't have time to dig into the underlying cause this week

@bbasata
Copy link

bbasata commented Mar 18, 2025

Error: provider.random: Incompatible API version with plugin. Plugin version: 5, Core version: 4

This looked very familiar, so I looked into it. Something changed outside this repo and its tests.

It's related to this one-time release pipeline error: hashicorp/terraform-provider-random#663. As a result, the Registry API returns an empty list of protocol versions for terraform-provider-random v3.7.0-alpha1.

The last Protocol v4 version of the random provider is v2.3.1. I reconstructed the failing test locally and observed that Terraform 0.11.15 installs v3.7.0-alpha1.

To solve this: I'd prefer to backfill the right data in the Registry -- if possible -- rather than work around it here. My team maintains the random provider, and I will look into this.

@dbanck dbanck mentioned this pull request Mar 31, 2025
Closed
@radeksimko
Copy link
Member

While the linked issue was closed, we continue seeing the failures, such as

Error: provider.null: Incompatible API version with plugin. Plugin version: 5, Core version: 4

all linked to Terraform v0.11.15.

My theory is that this is connected to the latest version of the null provider being a pre-release, which then trips up the filename parsing logic in the old Terraform version somehow. I did not get the chance to confirm this theory though.

What is unclear to me is how exactly Terraform 0.11 so far managed to ignore all the 3.0.0 versions practically without provider constraints. I assume this is a detail hidden somewhere in the Registry API?

Some possible solutions:

  1. Remove support for 0.11 altogether in terraform-exec, i.e. remove 0.11 from the test matrix here + document 0.12 as a minimum required version in Readme.md
  2. serve different configuration to 0.11 tests with the appropriate legacy provider constraint, e.g. below
provider "null" {
  version = ">= 2"
}

@bbasata do you have any preferences? I'm inclined to (1), so I'll raise a PR that does that.

Since the tests are parametrised anyway, anyone can still run them on demand if they wish to, they just won't run on every PR anymore and so we may end up introducing changes that break terraform-exec's 0.11 compatibility. I don't think that is a problem since tfexec never explicitly stated compatibility for Terraform versions. We just assumed that people use the library in automation in contexts where older versions are far more likely to occur.

@radeksimko radeksimko mentioned this pull request Apr 7, 2025
Merged
@bbasata
Copy link

bbasata commented Apr 7, 2025

@bbasata do you have any preferences? I'm inclined to (1), so I'll raise a PR that does that.

I'm happy with this choice 😃

@radeksimko
Copy link
Member

@dependabot rebase

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 7, 2025

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@radeksimko radeksimko mentioned this pull request Apr 7, 2025
Merged
@radeksimko radeksimko force-pushed the dependabot/go_modules/golang.org/x/net-0.36.0 branch from f0a936f to 8bf7f38 Compare April 7, 2025 21:41
@radeksimko
Copy link
Member

@dependabot rebase

@dependabot
build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0
8cecd80 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.36.0.
- [Commits](golang/net@v0.33.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/golang.org/x/net-0.36.0 branch from 8bf7f38 to 8cecd80 Compare April 7, 2025 21:42
@radeksimko radeksimko merged commit f8ddc4c into main Apr 8, 2025
107 checks passed
@radeksimko radeksimko deleted the dependabot/go_modules/golang.org/x/net-0.36.0 branch April 8, 2025 09:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@radeksimko radeksimko radeksimko approved these changes

Assignees
No one assigned
Labels
dependencies Auto-pinning
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SarahFrench @bbasata @radeksimko