Update to Go 1.22+ and refresh all dependencies

[renecannao]

Summary

• Update go.mod minimum Go version from 1.18 to 1.22
• Remove obsolete //go:build go1.16 / // +build go1.16 build constraints from downloads/tarball_registry.go
• Update all direct dependencies to latest Go 1.22-compatible versions
• Upgrade golang.org/x/net from v0.17.0 to v0.30.0 (fixes GO-2024-3333: non-linear parsing of case-insensitive content)

Closes #1

Dependency updates

Package	Old	New
github.com/spf13/cobra	v1.4.0	v1.8.1
github.com/spf13/pflag	v1.0.5	v1.0.6
github.com/stretchr/testify	v1.8.0	v1.9.0
github.com/go-sql-driver/mysql	v1.4.1	v1.7.1
github.com/dustin/go-humanize	v1.0.0	v1.0.1
github.com/rogpeppe/go-internal	v1.9.0	v1.12.0
github.com/alexeyco/simpletable	v0.0.0	v1.0.0
github.com/nightlyone/lockfile	v0.0.0	v1.0.0
golang.org/x/exp	Jul 2022	Jun 2024
golang.org/x/term	v0.13.0	v0.25.0
golang.org/x/text	v0.13.0	v0.19.0
golang.org/x/net	v0.17.0	v0.30.0

Notes

• github.com/xi2/xz left pinned (unmaintained since 2017, tech debt)
• github.com/go-sql-driver/mysql latest (v1.9.x) requires Go 1.24+; pinned at v1.7.1 for Go 1.22 compatibility
• github.com/pkg/errors v0.9.1 unchanged (already latest)
• govulncheck reports 23 vulnerabilities, mostly in Go stdlib (fixed in Go 1.23-1.25). The fixable x/net CVE (GO-2024-3333) is addressed. Remaining stdlib vulns require Go toolchain upgrade beyond 1.22.

Test plan

• go build -o dbdeployer . compiles successfully
• Unit tests pass (failures in sandbox and ts packages are pre-existing environment issues, not regressions)
• govulncheck ./... run and reviewed

Summary by CodeRabbit

Release Notes

• Chores
  • Updated Go toolchain from 1.18 to 1.22 to align with latest language standards
  • Upgraded multiple direct and transitive dependencies to newer versions for enhanced stability
  • Improved build compatibility by removing version-specific constraints, enabling compilation across all supported Go versions

[Copilot]

Pull request overview

This PR updates the project’s Go toolchain baseline to Go 1.22 and refreshes module dependencies to Go 1.22-compatible versions, including a golang.org/x/net upgrade for the referenced security advisory.

Changes:

• Bump go.mod minimum Go version from 1.18 to 1.22 and refresh direct/indirect dependency versions.
• Update golang.org/x/net (indirect) to v0.30.0 and refresh related x/* modules.
• Remove obsolete Go 1.16 build constraints from downloads/tarball_registry.go.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File	Description
go.mod	Updates Go version and dependency versions; adjusts indirect requirements.
go.sum	Syncs checksums to match the updated dependency set.
downloads/tarball_registry.go	Removes no-longer-relevant build tags given the new Go baseline.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

golang.org/x/tools is listed as an indirect requirement, but there are no golang.org/x/tools imports in the repo (search returned no matches). Consider running go mod tidy and dropping this requirement if it’s not needed; otherwise it unnecessarily pins a module/version and can complicate future dependency updates.

Suggested change

golang.org/x/tools v0.22.0 // indirect

[renecannao]

@gemini-code-assist review

[renecannao]

@claude review

[gemini-code-assist]

Code Review

This pull request updates the project to Go 1.22 and refreshes most dependencies to their latest versions. The changes are well-described, including the rationale for pinned dependencies and the results of a vulnerability scan. The removal of obsolete build tags is also a good cleanup. I have one suggestion regarding the version of the go-sql-driver/mysql dependency, which appears to be pinned based on a misunderstanding of its compatibility with Go 1.22.

[gemini-code-assist]

The PR description mentions pinning github.com/go-sql-driver/mysql to v1.7.1 for Go 1.22 compatibility, stating that a newer version requires Go 1.24+. This seems to be a misunderstanding. The latest version of go-sql-driver/mysql is v1.8.1, which requires Go 1.21 and is compatible with Go 1.22. It's recommended to use the latest compatible version to get the most recent bug fixes and improvements.

Suggested change

	github.com/go-sql-driver/mysql v1.7.1
	github.com/go-sql-driver/mysql v1.8.1

[renecannao]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Warning

Rate limit exceeded

@renecannao has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 15 minutes and 17 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e4fb322c-fceb-460e-ad9b-9abe980adf1c

📥 Commits

Reviewing files that changed from the base of the PR and between 0ca17ee and 42a8c2b.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

📝 Walkthrough

Walkthrough

Updated Go toolchain version from 1.18 to 1.22 in go.mod. Removed legacy Go 1.16 build constraints from downloads/tarball_registry.go. Refreshed multiple direct and indirect dependencies to newer versions, including github.com/spf13/cobra, golang.org/x modules, and others, while removing obsolete indirect requirements.

Changes

Cohort / File(s)	Summary
Go Toolchain & Dependencies go.mod	Updated Go version from 1.18 to 1.22. Upgraded 5+ direct dependencies (github.com/alexeyco/simpletable, github.com/spf13/cobra, github.com/dustin/go-humanize, github.com/go-sql-driver/mysql, github.com/nightlyone/lockfile), refreshed indirect dependencies and golang.org/x modules, removed obsolete indirect requirements (github.com/pkg/diff, google.golang.org/appengine, gopkg.in/yaml.v2).
Build Constraint Cleanup downloads/tarball_registry.go	Removed file-level Go 1.16 build constraint directives (//go:build go1.16 and // +build go1.16), allowing compilation on all Go versions in this package.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A rabbit hops through versions new,
From Go 1.18 to 1.22's true,
Dependencies dance in harmony,
Constraints removed so wild and free,
The toolchain hums, fresh and clean! 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately reflects the main changes: updating Go version to 1.22+ and refreshing all dependencies, which are the primary objectives of the changeset.
Linked Issues check	✅ Passed	All coding requirements from issue #1 are met: go.mod updated to Go 1.22, obsolete build constraints removed, direct dependencies updated, and build/tests verified.
Out of Scope Changes check	✅ Passed	All changes are within scope of issue #1: only go.mod, go.sum, and downloads/tarball_registry.go were modified as required, with no unrelated alterations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch phase1/task1-go-update

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.