Update to Go 1.22+ and refresh all dependencies by renecannao · Pull Request #11 · ProxySQL/dbdeployer

renecannao · 2026-03-23T18:52:47Z

Summary

Update go.mod minimum Go version from 1.18 to 1.22
Remove obsolete //go:build go1.16 / // +build go1.16 build constraints from downloads/tarball_registry.go
Update all direct dependencies to latest Go 1.22-compatible versions
Upgrade golang.org/x/net from v0.17.0 to v0.30.0 (fixes GO-2024-3333: non-linear parsing of case-insensitive content)

Closes #1

Dependency updates

Package	Old	New
github.com/spf13/cobra	v1.4.0	v1.8.1
github.com/spf13/pflag	v1.0.5	v1.0.6
github.com/stretchr/testify	v1.8.0	v1.9.0
github.com/go-sql-driver/mysql	v1.4.1	v1.7.1
github.com/dustin/go-humanize	v1.0.0	v1.0.1
github.com/rogpeppe/go-internal	v1.9.0	v1.12.0
github.com/alexeyco/simpletable	v0.0.0	v1.0.0
github.com/nightlyone/lockfile	v0.0.0	v1.0.0
golang.org/x/exp	Jul 2022	Jun 2024
golang.org/x/term	v0.13.0	v0.25.0
golang.org/x/text	v0.13.0	v0.19.0
golang.org/x/net	v0.17.0	v0.30.0

Notes

github.com/xi2/xz left pinned (unmaintained since 2017, tech debt)
github.com/go-sql-driver/mysql latest (v1.9.x) requires Go 1.24+; pinned at v1.7.1 for Go 1.22 compatibility
github.com/pkg/errors v0.9.1 unchanged (already latest)
govulncheck reports 23 vulnerabilities, mostly in Go stdlib (fixed in Go 1.23-1.25). The fixable x/net CVE (GO-2024-3333) is addressed. Remaining stdlib vulns require Go toolchain upgrade beyond 1.22.

Test plan

go build -o dbdeployer . compiles successfully
Unit tests pass (failures in sandbox and ts packages are pre-existing environment issues, not regressions)
govulncheck ./... run and reviewed

Summary by CodeRabbit

Release Notes

Chores
- Updated Go toolchain from 1.18 to 1.22 to align with latest language standards
- Upgraded multiple direct and transitive dependencies to newer versions for enhanced stability
- Improved build compatibility by removing version-specific constraints, enabling compilation across all supported Go versions

- Update go.mod minimum Go version from 1.18 to 1.22 - Remove obsolete //go:build go1.16 and // +build go1.16 constraints from downloads/tarball_registry.go (always satisfied with Go 1.22+) - Update direct dependencies to latest Go 1.22-compatible versions: - github.com/spf13/cobra v1.4.0 -> v1.8.1 - github.com/spf13/pflag v1.0.5 -> v1.0.6 - github.com/stretchr/testify v1.8.0 -> v1.9.0 - github.com/go-sql-driver/mysql v1.4.1 -> v1.7.1 - github.com/dustin/go-humanize v1.0.0 -> v1.0.1 - github.com/rogpeppe/go-internal v1.9.0 -> v1.12.0 - github.com/alexeyco/simpletable v0.0.0 -> v1.0.0 - github.com/araddon/dateparse updated - github.com/nightlyone/lockfile v0.0.0 -> v1.0.0 - golang.org/x/exp updated to Jun 2024 - golang.org/x/term v0.13.0 -> v0.25.0 - golang.org/x/text v0.13.0 -> v0.19.0 - golang.org/x/net v0.17.0 -> v0.30.0 (fixes GO-2024-3333) - github.com/xi2/xz left pinned (unmaintained since 2017, tech debt) - github.com/pkg/errors v0.9.1 unchanged (already latest) - Note: go-sql-driver/mysql latest (v1.9.x) requires Go 1.24+; pinned at v1.7.1 for Go 1.22 compatibility

Copilot

Pull request overview

This PR updates the project’s Go toolchain baseline to Go 1.22 and refreshes module dependencies to Go 1.22-compatible versions, including a golang.org/x/net upgrade for the referenced security advisory.

Changes:

Bump go.mod minimum Go version from 1.18 to 1.22 and refresh direct/indirect dependency versions.
Update golang.org/x/net (indirect) to v0.30.0 and refresh related x/* modules.
Remove obsolete Go 1.16 build constraints from downloads/tarball_registry.go.

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File	Description
go.mod	Updates Go version and dependency versions; adjusts indirect requirements.
go.sum	Syncs checksums to match the updated dependency set.
downloads/tarball_registry.go	Removes no-longer-relevant build tags given the new Go baseline.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot · 2026-03-23T18:55:31Z

-	google.golang.org/appengine v1.6.7 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/tools v0.22.0 // indirect


golang.org/x/tools is listed as an indirect requirement, but there are no golang.org/x/tools imports in the repo (search returned no matches). Consider running go mod tidy and dropping this requirement if it’s not needed; otherwise it unnecessarily pins a module/version and can complicate future dependency updates.

Suggested change

golang.org/x/tools v0.22.0 // indirect

renecannao · 2026-03-23T19:49:10Z

@gemini-code-assist review

renecannao · 2026-03-23T19:49:29Z

@claude review

gemini-code-assist

Code Review

This pull request updates the project to Go 1.22 and refreshes most dependencies to their latest versions. The changes are well-described, including the rationale for pinned dependencies and the results of a vulnerability scan. The removal of obsolete build tags is also a good cleanup. I have one suggestion regarding the version of the go-sql-driver/mysql dependency, which appears to be pinned based on a misunderstanding of its compatibility with Go 1.22.

gemini-code-assist · 2026-03-23T19:50:28Z

+	github.com/alexeyco/simpletable v1.0.0
+	github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de
+	github.com/dustin/go-humanize v1.0.1
+	github.com/go-sql-driver/mysql v1.7.1


The PR description mentions pinning github.com/go-sql-driver/mysql to v1.7.1 for Go 1.22 compatibility, stating that a newer version requires Go 1.24+. This seems to be a misunderstanding. The latest version of go-sql-driver/mysql is v1.8.1, which requires Go 1.21 and is compatible with Go 1.22. It's recommended to use the latest compatible version to get the most recent bug fixes and improvements.

Suggested change

github.com/go-sql-driver/mysql v1.7.1

github.com/go-sql-driver/mysql v1.8.1

renecannao · 2026-03-23T19:59:55Z

@coderabbitai review

coderabbitai · 2026-03-23T19:59:59Z

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai · 2026-03-23T20:00:07Z

Warning

Rate limit exceeded

@renecannao has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 15 minutes and 17 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e4fb322c-fceb-460e-ad9b-9abe980adf1c

📥 Commits

Reviewing files that changed from the base of the PR and between 0ca17ee and 42a8c2b.

⛔ Files ignored due to path filters (1)

go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

go.mod

📝 Walkthrough

Walkthrough

Updated Go toolchain version from 1.18 to 1.22 in go.mod. Removed legacy Go 1.16 build constraints from downloads/tarball_registry.go. Refreshed multiple direct and indirect dependencies to newer versions, including github.com/spf13/cobra, golang.org/x modules, and others, while removing obsolete indirect requirements.

Changes

Cohort / File(s)	Summary
Go Toolchain & Dependencies `go.mod`	Updated Go version from 1.18 to 1.22. Upgraded 5+ direct dependencies (`github.com/alexeyco/simpletable`, `github.com/spf13/cobra`, `github.com/dustin/go-humanize`, `github.com/go-sql-driver/mysql`, `github.com/nightlyone/lockfile`), refreshed indirect dependencies and `golang.org/x` modules, removed obsolete indirect requirements (`github.com/pkg/diff`, `google.golang.org/appengine`, `gopkg.in/yaml.v2`).
Build Constraint Cleanup `downloads/tarball_registry.go`	Removed file-level Go 1.16 build constraint directives (`//go:build go1.16` and `// +build go1.16`), allowing compilation on all Go versions in this package.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A rabbit hops through versions new,
From Go 1.18 to 1.22's true,
Dependencies dance in harmony,
Constraints removed so wild and free,
The toolchain hums, fresh and clean! 🎉

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately reflects the main changes: updating Go version to 1.22+ and refreshing all dependencies, which are the primary objectives of the changeset.
Linked Issues check	✅ Passed	All coding requirements from issue `#1` are met: go.mod updated to Go 1.22, obsolete build constraints removed, direct dependencies updated, and build/tests verified.
Out of Scope Changes check	✅ Passed	All changes are within scope of issue `#1`: only go.mod, go.sum, and downloads/tarball_registry.go were modified as required, with no unrelated alterations.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch phase1/task1-go-update

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai · 2026-03-23T20:04:36Z

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai · 2026-03-23T20:05:07Z

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Copilot AI review requested due to automatic review settings March 23, 2026 18:52

Copilot started reviewing on behalf of renecannao March 23, 2026 18:53 View session

Copilot AI reviewed Mar 23, 2026

View reviewed changes

gemini-code-assist bot reviewed Mar 23, 2026

View reviewed changes

chore: upgrade go-sql-driver/mysql to v1.8.1

42a8c2b

renecannao merged commit 60d23c5 into master Mar 23, 2026
1 of 3 checks passed

renecannao deleted the phase1/task1-go-update branch March 23, 2026 20:14

	github.com/go-sql-driver/mysql v1.7.1
	github.com/go-sql-driver/mysql v1.8.1

Conversation

renecannao commented Mar 23, 2026 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Dependency updates

Notes

Test plan

Summary by CodeRabbit

Release Notes

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

Uh oh!

renecannao commented Mar 23, 2026

Uh oh!

renecannao commented Mar 23, 2026

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

gemini-code-assist bot Mar 23, 2026

Choose a reason for hiding this comment

Uh oh!

renecannao commented Mar 23, 2026

Uh oh!

coderabbitai bot commented Mar 23, 2026

Uh oh!

coderabbitai bot commented Mar 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Rate limit exceeded

Walkthrough

Changes

Estimated code review effort

Poem

Uh oh!

coderabbitai bot commented Mar 23, 2026

Uh oh!

coderabbitai bot commented Mar 23, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

renecannao commented Mar 23, 2026 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Mar 23, 2026 •

edited

Loading