Skip to content

Update Go and Python dependencies to latest versions#30

Merged
milliondreams merged 2 commits into
rustic-ai:mainfrom
milliondreams:main
Jul 12, 2026
Merged

Update Go and Python dependencies to latest versions#30
milliondreams merged 2 commits into
rustic-ai:mainfrom
milliondreams:main

Conversation

@milliondreams

Copy link
Copy Markdown
Contributor

No description provided.

Resolve open Dependabot alerts and freshen the module:

- golang.org/x/crypto -> v0.54.0 (fixes GHSA-9m57-25v3-79x9 and 12 others)
- golang.org/x/net -> v0.57.0
- github.com/quic-go/quic-go -> v0.60.0
- shirou/gopsutil v3 -> v4.26.6 (major; import paths only, API compatible)
- plus all remaining direct minors: otel 1.44, go-redis 9.21,
  modernc/sqlite 1.53, memberlist, nats-server, gorm, google api, gocloud.

govulncheck confirms the x/crypto, x/net and quic-go vulnerabilities are
no longer reachable. github.com/docker/docker remains at v28.5.2: the
patched v29.3.1 is not yet published to the Go module proxy, so it cannot
be bumped today.

Verified: golangci-lint (v1.64.8), go test ./..., native + 6-target
cross-build, and govulncheck all pass.
Resolve open Dependabot alerts and freshen the lockfile:

- aiohttp -> 3.14.1, idna -> 3.18 (both flagged, now patched)
- pyzmq 26 -> 27.1.0 and ruff 0.13 -> 0.15.21 (relaxed pyproject bounds)
- plus all remaining minors via `uv lock --upgrade` (nats-py, redis,
  sqlalchemy, requests, certifi, ...).

diskcache has no fixed release upstream and is left as-is. The orphaned
forge-python/poetry.lock (project uses setuptools + uv) was removed in
the companion dependency-update commit.

Verified: uv sync --frozen, ruff check (0.15), compileall, uv build,
pytest, and contract tests all pass.
@milliondreams milliondreams merged commit abf3f0e into rustic-ai:main Jul 12, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant