repos/saml-oidc-bridge
6
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Releases 4 Activity

fix(deps): update module github.com/coreos/go-oidc/v3 to v3.16.0 #3

Merged
luke merged 1 commits from renovate/github.com-coreos-go-oidc-v3-3.x into main 2025-11-08 20:06:35 +00:00
Conversation 2 Commits 1 Files Changed 2 +12 -6
renovate-bot commented 2025-11-08 19:35:43 +00:00
Member
Copy Link

This PR contains the following updates:

Package Change Age Confidence
github.com/coreos/go-oidc/v3 v3.11.0 -> v3.16.0 age confidence

Release Notes

coreos/go-oidc (github.com/coreos/go-oidc/v3)

v3.16.0

Compare Source

What's Changed

  • refactor: Remove unused time injection from RemoteKeySet by @​ponimas in #​466
  • bump go to 1.24, remove 1.23 support, bump go-jose dependency, remove x/net dependency by @​wardviaene in #​467

New Contributors

Full Changelog: https://github.com/coreos/go-oidc/compare/v3.15.0...v3.16.0

v3.15.0

Compare Source

What's Changed

Full Changelog: https://github.com/coreos/go-oidc/compare/v3.14.1...v3.15.0

v3.14.1

Compare Source

What's Changed

Full Changelog: https://github.com/coreos/go-oidc/compare/v3.14.0...v3.14.1

v3.14.0

Compare Source

What's Changed

Full Changelog: https://github.com/coreos/go-oidc/compare/v3.13.0...v3.14.0

v3.13.0

Compare Source

What's Changed

Full Changelog: https://github.com/coreos/go-oidc/compare/v3.12.0...v3.13.0

v3.12.0

Compare Source

What's Changed

Full Changelog: https://github.com/coreos/go-oidc/compare/v3.11.0...v3.12.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `v3.11.0` -> `v3.16.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcoreos%2fgo-oidc%2fv3/v3.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcoreos%2fgo-oidc%2fv3/v3.11.0/v3.16.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>coreos/go-oidc (github.com/coreos/go-oidc/v3)</summary> ### [`v3.16.0`](https://github.com/coreos/go-oidc/releases/tag/v3.16.0) [Compare Source](https://github.com/coreos/go-oidc/compare/v3.15.0...v3.16.0) #### What's Changed - refactor: Remove unused time injection from RemoteKeySet by [@&#8203;ponimas](https://github.com/ponimas) in [#&#8203;466](https://github.com/coreos/go-oidc/pull/466) - bump go to 1.24, remove 1.23 support, bump go-jose dependency, remove x/net dependency by [@&#8203;wardviaene](https://github.com/wardviaene) in [#&#8203;467](https://github.com/coreos/go-oidc/pull/467) #### New Contributors - [@&#8203;wardviaene](https://github.com/wardviaene) made their first contribution in [#&#8203;467](https://github.com/coreos/go-oidc/pull/467) **Full Changelog**: <https://github.com/coreos/go-oidc/compare/v3.15.0...v3.16.0> ### [`v3.15.0`](https://github.com/coreos/go-oidc/releases/tag/v3.15.0) [Compare Source](https://github.com/coreos/go-oidc/compare/v3.14.1...v3.15.0) #### What's Changed - oidc: verify the ID Token's signature before processing claims by [@&#8203;ericchiang](https://github.com/ericchiang) in [#&#8203;464](https://github.com/coreos/go-oidc/pull/464) **Full Changelog**: <https://github.com/coreos/go-oidc/compare/v3.14.1...v3.15.0> ### [`v3.14.1`](https://github.com/coreos/go-oidc/releases/tag/v3.14.1) [Compare Source](https://github.com/coreos/go-oidc/compare/v3.14.0...v3.14.1) #### What's Changed - oidctest: fix import by [@&#8203;ericchiang](https://github.com/ericchiang) in [#&#8203;457](https://github.com/coreos/go-oidc/pull/457) **Full Changelog**: <https://github.com/coreos/go-oidc/compare/v3.14.0...v3.14.1> ### [`v3.14.0`](https://github.com/coreos/go-oidc/releases/tag/v3.14.0) [Compare Source](https://github.com/coreos/go-oidc/compare/v3.13.0...v3.14.0) #### What's Changed - oidc/oidctest: add new package by [@&#8203;ericchiang](https://github.com/ericchiang) in [#&#8203;400](https://github.com/coreos/go-oidc/pull/400) **Full Changelog**: <https://github.com/coreos/go-oidc/compare/v3.13.0...v3.14.0> ### [`v3.13.0`](https://github.com/coreos/go-oidc/releases/tag/v3.13.0) [Compare Source](https://github.com/coreos/go-oidc/compare/v3.12.0...v3.13.0) #### What's Changed - \*: bump dependency versions by [@&#8203;ericchiang](https://github.com/ericchiang) in [#&#8203;453](https://github.com/coreos/go-oidc/pull/453) **Full Changelog**: <https://github.com/coreos/go-oidc/compare/v3.12.0...v3.13.0> ### [`v3.12.0`](https://github.com/coreos/go-oidc/releases/tag/v3.12.0) [Compare Source](https://github.com/coreos/go-oidc/compare/v3.11.0...v3.12.0) #### What's Changed - oidc: add JSON tags to ProviderConfig by [@&#8203;ericchiang](https://github.com/ericchiang) in [#&#8203;446](https://github.com/coreos/go-oidc/pull/446) **Full Changelog**: <https://github.com/coreos/go-oidc/compare/v3.11.0...v3.12.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xLjMiLCJ1cGRhdGVkSW5WZXIiOiI0Mi4xLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInR5cGUvZGVwZW5kZW5jaWVzIl19-->
renovate-bot added 1 commit 2025-11-08 19:35:43 +00:00
fix(deps): update module github.com/coreos/go-oidc/v3 to v3.16.0
All checks were successful
Validate PR Title / validate (pull_request) Successful in 1s
Details
b9fc4e01c7
renovate-bot commented 2025-11-08 19:35:44 +00:00
Author
Member
Copy Link

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 2 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.22 -> 1.24.0
github.com/go-jose/go-jose/v4 v4.0.2 -> v4.1.3
github.com/russellhaering/goxmldsig v1.4.0 -> v1.4.0
### ℹ Artifact update notice ##### File name: go.mod In order to perform the update(s) described in the table above, Renovate ran the `go get` command, which resulted in the following additional change(s): - 2 additional dependencies were updated - The `go` directive was updated for compatibility reasons Details: | **Package** | **Change** | | :------------------------------------ | :------------------- | | `go` | `1.22` -> `1.24.0` | | `github.com/go-jose/go-jose/v4` | `v4.0.2` -> `v4.1.3` | | `github.com/russellhaering/goxmldsig` | `v1.4.0` -> `v1.4.0` |
ai-review-bot commented 2025-11-08 19:35:49 +00:00
Member
Copy Link

Decision: Reject
Change Score: 3/10

I see you're trying to upgrade your Go dependencies, including the Go version itself. While keeping dependencies up-to-date is generally good, bumping directly to Go 1.24 is a huge leap from 1.22 without proper testing. Also, there is an unneeded change from golang.org/x/sys v0.22.0 to golang.org/x/sys v0.30.0. You must test your application thoroughly after such significant changes.

Here's what I suggest:

  1. Incrementally upgrade the Go version and dependencies. Start with Go 1.23 and test. Then, consider Go 1.24 after that.
  2. Revert the changes for golang.org/x/sys.

Here's the diff that addresses the concerns:

--- a/go.mod
+++ b/go.mod
@@ -1,7 +1,7 @@
 module shamilnunhuck/saml-oidc-bridge
 
-go 1.24.0
+go 1.23
 
 require (
 	github.com/beevik/etree v1.5.0
@@ -9,7 +9,7 @@
 	github.com/crewjam/saml v0.5.1
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/russellhaering/goxmldsig v1.4.0
-	golang.org/x/oauth2 v0.28.0
+	golang.org/x/oauth2 v0.23.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -21,7 +21,7 @@
 	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
 	github.com/russellhaering/goxmldsig v1.4.0 // indirect
 	golang.org/x/crypto v0.33.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
 )
**Decision: Reject** **Change Score: 3/10** I see you're trying to upgrade your Go dependencies, including the Go version itself. While keeping dependencies up-to-date is generally good, bumping directly to Go 1.24 is a huge leap from 1.22 without proper testing. Also, there is an unneeded change from `golang.org/x/sys v0.22.0` to `golang.org/x/sys v0.30.0`. You must test your application thoroughly after such significant changes. Here's what I suggest: 1. Incrementally upgrade the Go version and dependencies. Start with Go 1.23 and test. Then, consider Go 1.24 after that. 2. Revert the changes for `golang.org/x/sys`. Here's the diff that addresses the concerns: ```diff --- a/go.mod +++ b/go.mod @@ -1,7 +1,7 @@ module shamilnunhuck/saml-oidc-bridge -go 1.24.0 +go 1.23 require ( github.com/beevik/etree v1.5.0 @@ -9,7 +9,7 @@ github.com/crewjam/saml v0.5.1 github.com/fsnotify/fsnotify v1.7.0 github.com/russellhaering/goxmldsig v1.4.0 - golang.org/x/oauth2 v0.28.0 + golang.org/x/oauth2 v0.23.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -21,7 +21,7 @@ github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect github.com/russellhaering/goxmldsig v1.4.0 // indirect golang.org/x/crypto v0.33.0 // indirect - golang.org/x/sys v0.30.0 // indirect + golang.org/x/sys v0.22.0 // indirect ) ```
luke merged commit 88e85c84c6 into main 2025-11-08 20:06:35 +00:00
luke deleted branch renovate/github.com-coreos-go-oidc-v3-3.x 2025-11-08 20:06:35 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
The priority is critical
Priority
High
The priority is high
Priority
Low
The priority is low
Priority
Medium
The priority is medium
Reviewed
Confirmed
Issue has been confirmed
Reviewed
Duplicate
This issue or pull request already exists
Reviewed
Invalid
Invalid issue
Reviewed
Won't Fix
This issue won't be fixed
Status
Abandoned
Somebody has started to work on this but abandoned work
Status
Blocked
Something is blocking this issue or pull request
Status
Need More Info
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
Alexander.Lyall ai-review-bot gitea-actions-bot luke renovate-bot
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: repos/saml-oidc-bridge#3
Delete Branch "renovate/github.com-coreos-go-oidc-v3-3.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?