Bump Go to 1.25.3 #11926
Bump Go to 1.25.3 #11926
Conversation
Signed-off-by: Babak K. Shandiz <babakks@github.com>
The `cutSuffix` function was added to backport the functionality of `strings.CutSuffix` from Go 1.20. Now that we're using Go 1.25, we can safely replace our backport with the standard library function. Our backport was an intact copy/paste of the stdlib implementation, so this change does not alter any behavior. Signed-off-by: Babak K. Shandiz <babakks@github.com>
Signed-off-by: Babak K. Shandiz <babakks@github.com>
| // Backport strings.CutSuffix from Go 1.20. | ||
| func cutSuffix(s, suffix string) (string, bool) { | ||
| if !strings.HasSuffix(s, suffix) { | ||
| return s, false | ||
| } | ||
| return s[:len(s)-len(suffix)], true | ||
| } |
There was a problem hiding this comment.
This was an intact copy/paste of the stdlib implementation (below), so it's safe to just use the stdlib now:
func CutSuffix(s, suffix string) (before string, found bool) {
if !HasSuffix(s, suffix) {
return s, false
}
return s[:len(s)-len(suffix)], true
}
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
There was a problem hiding this comment.
Pull Request Overview
This PR upgrades the project's Go version requirement from 1.24 to 1.25 and removes a custom cutSuffix backport function in favor of using the standard library's strings.CutSuffix.
- Upgrades Go version from 1.24 to 1.25 in go.mod
- Replaces custom
cutSuffixfunction withstrings.CutSuffixfrom the standard library - Updates documentation and development environment configurations to reflect the new Go version requirement
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| internal/ghinstance/host.go | Removes custom cutSuffix backport function and uses strings.CutSuffix |
| go.mod | Updates Go version to 1.25.0 and toolchain to go1.25.3 |
| docs/source.md | Updates documentation to require Go 1.25+ |
| docs/install_source.md | Updates installation instructions to require Go 1.25+ |
| .github/CONTRIBUTING.md | Updates contributor prerequisites to require Go 1.25+ |
| .devcontainer/devcontainer.json | Updates dev container image to use Go 1.25 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
BagToad
left a comment
There was a problem hiding this comment.
Actually, I think there are issues with this branch. Govulncheck is failing 🤔
|
Yeah, I've noticed them. Already touched on this in the body:
|
|
@BagToad, I think I reproduced this by shallow cloning the repo ( Details
|
|
@babakks oh wow good catch! I'm a bit confused because won't this happen in every PR CI run if we merge this? I suspect the answer is "no" and we're good to merge this, but do you know? My gut tells me this is going to happen on every CI run, but then again this shallow clone is there in |
|
BTW, should we bump Go in go-gh too? |
|
Update from @babakks and I discussing this more: It looks like the vcs stamp is now different in Go 1.25 when built with a shallow clone. It now drops the minor and patch versions Setting We also noticed that scanning in source code mode instead of binary mode fixes the issue, probably because the source code scan can resolve the real versions. At one point I changed the That said, a safe change is to update the Additionally, we can also leverage code scanning for the lint workflow by exporting the SARIF file, enabling rich line annotations for govulncheck findings directly in PRs down the line. |
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [cli/cli](https://github.com/cli/cli) | minor | `v2.82.1` -> `v2.83.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>cli/cli (cli/cli)</summary> ### [`v2.83.0`](https://github.com/cli/cli/releases/tag/v2.83.0): GitHub CLI 2.83.0 [Compare Source](cli/cli@v2.82.1...v2.83.0) #### What's Changed ##### ✨ Features - Add `isImmutable` to `release list` JSON output by [@​babakks](https://github.com/babakks) in [#​12064](cli/cli#12064) - `gh agent-task create`: support `--custom-agent`/`-a` flag by [@​BagToad](https://github.com/BagToad) in [#​12068](cli/cli#12068) - 💡 (gh repo delete) Add warning when `--yes` is ignored without a repository, Closes: [#​12033](cli/cli#12033) by [@​Shion1305](https://github.com/Shion1305) in [#​12039](cli/cli#12039) - feat: implement gh `pr revert` by [@​lucasmelin](https://github.com/lucasmelin) in [#​8826](cli/cli#8826) ##### 🐛 Fixes - fix(gist): add support for editing & viewing large files by [@​luxass](https://github.com/luxass) in [#​11761](cli/cli#11761) - Fix gh attestation verify to work when Public Good Instance of Sigstore is unavailable by [@​Copilot](https://github.com/Copilot) in [#​11989](cli/cli#11989) ##### 📚 Docs & Chores - chore: add basic linters by [@​babakks](https://github.com/babakks) in [#​12084](cli/cli#12084) - CI: Update lint govulncheck to use source mode by [@​BagToad](https://github.com/BagToad) in [#​12089](cli/cli#12089) - chore: add `workflow_dispatch` to govulncheck triggers by [@​babakks](https://github.com/babakks) in [#​12085](cli/cli#12085) - Exclude `third-party` from Golangci-lint formatting paths by [@​babakks](https://github.com/babakks) in [#​12058](cli/cli#12058) - Apply `go fix` to remove deprecated `// +build` tags by [@​babakks](https://github.com/babakks) in [#​12056](cli/cli#12056) - Bump Golangci-lint to `v2.6.0` by [@​babakks](https://github.com/babakks) in [#​12049](cli/cli#12049) - Mention `pr checks` in `run list` docs by [@​babakks](https://github.com/babakks) in [#​12050](cli/cli#12050) - Fix typo in comment for `gh issue develop` branch checkout command by [@​jonzfisher](https://github.com/jonzfisher) in [#​12042](cli/cli#12042) - Use "release" sentinel value for release attestation verification by [@​Copilot](https://github.com/Copilot) in [#​11991](cli/cli#11991) - Improve docstring for release-create by [@​bdehamer](https://github.com/bdehamer) in [#​11945](cli/cli#11945) - Improve `api` command docs around `--input` and `--field` by [@​babakks](https://github.com/babakks) in [#​12062](cli/cli#12062) - Fix `--interval` flags docs in `gh pr checks` by [@​2003Aditya](https://github.com/2003Aditya) in [#​12053](cli/cli#12053) #####Dependencies - Bump Go to 1.25.3 by [@​github-actions](https://github.com/github-actions)\[bot] in [#​11926](cli/cli#11926) - chore(deps): bump github.com/cli/go-gh/v2 from 2.12.2 to 2.13.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12095](cli/cli#12095) - Update Go toolchain version to 1.24.9 by [@​BagToad](https://github.com/BagToad) in [#​12054](cli/cli#12054) - chore(deps): bump golang.org/x/text from 0.29.0 to 0.30.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​11973](cli/cli#11973) - chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​11974](cli/cli#11974) - chore(deps): bump actions/upload-artifact from 4 to 5 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12031](cli/cli#12031) - chore(deps): bump actions/download-artifact from 5 to 6 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12032](cli/cli#12032) - chore(deps): bump github.com/rivo/tview from 0.0.0-20250625164341-a4a78f1e05cb to 0.42.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​12000](cli/cli#12000) - chore(deps): bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​11509](cli/cli#11509) - chore(deps): bump mislav/bump-homebrew-formula-action from 3.4 to 3.6 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​11750](cli/cli#11750) #### New Contributors - [@​lucasmelin](https://github.com/lucasmelin) made their first contribution in [#​8826](cli/cli#8826) - [@​jonzfisher](https://github.com/jonzfisher) made their first contribution in [#​12042](cli/cli#12042) - [@​2003Aditya](https://github.com/2003Aditya) made their first contribution in [#​12053](cli/cli#12053) **Full Changelog**: <cli/cli@v2.82.1...v2.83.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNjkuMyIsInVwZGF0ZWRJblZlciI6IjQxLjE2OS4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
This PR updates Go to the latest stable release.
1.25.01.25.3Other changes:
strings.CutSuffixis now dropped in favour of stdlib implementation.The reported vulnerabilities (e.g. here) are false positives. It's because
govluncheckthinks we're importing the latest untaggedcli/clias an external dependency.