Skip to content

chore(deps): bump go mod github.com/pingcap/tiflow#5495

Open
ti-chi-bot wants to merge 1 commit into
masterfrom
fix/master/update-dep-tiflow
Open

chore(deps): bump go mod github.com/pingcap/tiflow#5495
ti-chi-bot wants to merge 1 commit into
masterfrom
fix/master/update-dep-tiflow

Conversation

@ti-chi-bot

@ti-chi-bot ti-chi-bot commented Jun 24, 2026

Copy link
Copy Markdown
Member

What problem does this PR solve?

Auto generated by bot.
Issue Number: ref #1074

Release note

None

Summary by CodeRabbit

  • Chores
    • Updated several Go dependencies to newer versions for ongoing maintenance.
    • Refreshed key database-related packages and added a new core PingCAP dependency.
    • Bumped a few indirect libraries (including telemetry and cryptography components) to keep compatibility and security posture up to date.

@ti-chi-bot ti-chi-bot Bot added the release-note-none Denotes a PR that doesn't merit a release note. label Jun 24, 2026
@ti-chi-bot

ti-chi-bot Bot commented Jun 24, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign kennytm for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

An error occurred during the review process. Please try again later.

📝 Walkthrough

Walkthrough

go.mod is updated to add github.com/pingcap/kvproto as a direct dependency and advance github.com/pingcap/tidb, github.com/pingcap/tidb/pkg/parser, and github.com/pingcap/tiflow to newer commit versions. Three indirect dependencies are also bumped by one patch or minor version each.

Changes

Dependency Version Bumps

Layer / File(s) Summary
go.mod direct and indirect updates
go.mod
Adds github.com/pingcap/kvproto to direct requires; advances tidb, tidb/pkg/parser, and tiflow to newer commit pins; bumps indirect filippo.io/edwards25519 to v1.2.0, grpc-gateway/v2 to v2.27.1, and otlp to v1.7.1.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

size/XS

Suggested reviewers

  • wk989898
  • tenfyzhong

Poem

🐇 A hop through go.mod today,
New kvproto found its way.
tidb and tiflow advance,
Indirect deps join the dance.
All versioned neat and right — hooray! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is incomplete because it omits the changed/how-it-works section, test checklist, and required question responses. Add the missing template sections, including change details, at least one test choice, the compatibility/documentation answers, and keep the issue line and release note.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and matches the dependency bump reflected in the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/master/update-dep-tiflow

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

Command failed


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@ti-chi-bot ti-chi-bot Bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jun 24, 2026

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates several Go dependencies in go.mod and go.sum, including github.com/pingcap/kvproto, github.com/pingcap/tidb, github.com/pingcap/tiflow, and other packages to their newer versions. There are no review comments, and I have no feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 58: The TiDB dependency bump is unsafe because the current
github.com/pingcap/tidb version is known to be affected by multiple advisories.
Update the go.mod dependency to a patched TiDB release that addresses
GHSA-7fxj-fr3v-r9gj, GHSA-9g6g-xqv5-8g5w, and GO-2024-3284, or otherwise add
explicit justification for why this upgrade is exempt. Locate the change at the
github.com/pingcap/tidb entry in go.mod and keep the version aligned with any
related transitive updates.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4fbb2766-d814-443e-9fb7-f7b9e9cf2f6c

📥 Commits

Reviewing files that changed from the base of the PR and between 5d5121d and f1edf7c.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

Comment thread go.mod
@ti-chi-bot ti-chi-bot force-pushed the fix/master/update-dep-tiflow branch from f1edf7c to f42a9d0 Compare June 24, 2026 13:25
@ti-chi-bot ti-chi-bot force-pushed the fix/master/update-dep-tiflow branch from f42a9d0 to 2abe2e1 Compare June 29, 2026 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant