Skip to content

chore: update Go deps, GitHub Actions, and Nix vendor hash#736

Merged
cpcloud merged 1 commit intomainfrom
worktree-parsed-kindling-scone
Mar 9, 2026
Merged

chore: update Go deps, GitHub Actions, and Nix vendor hash#736
cpcloud merged 1 commit intomainfrom
worktree-parsed-kindling-scone

Conversation

@cpcloud
Copy link
Copy Markdown
Collaborator

@cpcloud cpcloud commented Mar 9, 2026

Summary

  • Bump Go deps: glamour v1.0.0, huh v1.0.0, any-llm-go v0.9.0, anthropic-sdk-go v1.26.0, ollama v0.17.7, and transitive deps
  • Bump GitHub Actions: setup-go v6.3.0, setup-node v6.3.0, install-nix-action v31.10.0, create-github-app-token v2.2.1, trufflehog v3.93.8, codeql-action v4.32.6, docker/setup-qemu-action v4.0.0, docker/setup-buildx-action v4.0.0, docker/login-action v4.0.0
  • Update Nix vendor hash for new Go dependencies
  • All tests pass, no new OSV findings, no dead code

@cpcloud @claude
chore: update Go deps, GitHub Actions, and Nix vendor hash
50431a4 
Go: bump charmbracelet/glamour v1.0.0, charmbracelet/huh v1.0.0,
mozilla-ai/any-llm-go v0.9.0, anthropic-sdk-go v1.26.0,
ollama v0.17.7, and transitive deps.

Actions: setup-go v6.3.0, setup-node v6.3.0, install-nix-action
v31.10.0, create-github-app-token v2.2.1, trufflehog v3.93.8,
codeql-action v4.32.6, docker/setup-qemu-action v4.0.0,
docker/setup-buildx-action v4.0.0, docker/login-action v4.0.0.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 9, 2026 21:56
Copilot AI reviewed Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates project dependencies and CI tooling to newer versions, keeping the Go module graph, GitHub Actions pins, and Nix build inputs in sync.

Changes:

  • Bumped Go module dependencies (including glamour, huh, any-llm-go, anthropic-sdk-go, ollama) and refreshed go.sum.
  • Updated GitHub Actions pins (setup-go, setup-node, install-nix-action, create-github-app-token, trufflehog, codeql-action, docker actions) while keeping full-SHA pinning.
  • Updated Nix vendorHash to match the new Go dependency vendoring.

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated no comments.

Show a summary per file
File Description
go.mod Updates direct + indirect Go dependency versions to the new set.
go.sum Refreshes module checksums to match the updated dependency graph.
flake.nix Updates vendorHash for buildGoModule so Nix builds remain reproducible.
.github/workflows/security.yml Updates pinned action SHAs/versions for security scanning jobs.
.github/workflows/ci.yml Updates pinned action SHAs/versions for CI jobs (Go + Node + Nix).
.github/workflows/lint.yml Updates pinned action SHAs/versions for linting workflows (notably Nix installer).
.github/workflows/pages.yml Updates pinned action SHA/version for Nix installer used in docs build.
.github/workflows/release.yml Updates pinned action SHAs/versions for Go + Docker build/release steps.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cpcloud cpcloud merged commit b8b8697 into main Mar 9, 2026
21 checks passed
@cpcloud cpcloud deleted the worktree-parsed-kindling-scone branch March 9, 2026 22:06
@codecov
Copy link
Copy Markdown

codecov Bot commented Mar 9, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.28%. Comparing base (b1d4283) to head (50431a4).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

see 3 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

cpcloud added a commit that referenced this pull request Mar 19, 2026
@cpcloud @claude
chore: update Go deps, GitHub Actions, and Nix vendor hash (#736)
e4fe5e4 
## Summary

- Bump Go deps: glamour v1.0.0, huh v1.0.0, any-llm-go v0.9.0,
anthropic-sdk-go v1.26.0, ollama v0.17.7, and transitive deps
- Bump GitHub Actions: setup-go v6.3.0, setup-node v6.3.0,
install-nix-action v31.10.0, create-github-app-token v2.2.1, trufflehog
v3.93.8, codeql-action v4.32.6, docker/setup-qemu-action v4.0.0,
docker/setup-buildx-action v4.0.0, docker/login-action v4.0.0
- Update Nix vendor hash for new Go dependencies
- All tests pass, no new OSV findings, no dead code

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cpcloud