chore(deps): bump go mod github.com/pingcap/tiflow#5495
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Caution Review failedAn error occurred during the review process. Please try again later. 📝 WalkthroughWalkthrough
ChangesDependency Version Bumps
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 golangci-lint (2.12.2)Command failed Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request updates several Go dependencies in go.mod and go.sum, including github.com/pingcap/kvproto, github.com/pingcap/tidb, github.com/pingcap/tiflow, and other packages to their newer versions. There are no review comments, and I have no feedback to provide.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Line 58: The TiDB dependency bump is unsafe because the current
github.com/pingcap/tidb version is known to be affected by multiple advisories.
Update the go.mod dependency to a patched TiDB release that addresses
GHSA-7fxj-fr3v-r9gj, GHSA-9g6g-xqv5-8g5w, and GO-2024-3284, or otherwise add
explicit justification for why this upgrade is exempt. Locate the change at the
github.com/pingcap/tidb entry in go.mod and keep the version aligned with any
related transitive updates.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 4fbb2766-d814-443e-9fb7-f7b9e9cf2f6c
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (1)
go.mod
f1edf7c to
f42a9d0
Compare
f42a9d0 to
2abe2e1
Compare
What problem does this PR solve?
Auto generated by bot.
Issue Number: ref #1074
Release note
Summary by CodeRabbit