Skip to content

Bump go dependencies#2898

Merged
dgageot merged 5 commits into
docker:mainfrom
dgageot:board/69b6df9ab7c3823e
May 26, 2026
Merged

Bump go dependencies#2898
dgageot merged 5 commits into
docker:mainfrom
dgageot:board/69b6df9ab7c3823e

Conversation

@dgageot
Copy link
Copy Markdown
Member

@dgageot dgageot commented May 26, 2026

No description provided.

dgageot added 5 commits May 26, 2026 15:34
@dgageot
bump github.com/alecthomas/chroma/v2 from v2.24.1 to v2.25.0
bac1522 
Assisted-By: docker-agent
@dgageot
bump github.com/aws/aws-sdk-go-v2/config from v1.32.17 to v1.32.18
c4ea183 
Also bumps github.com/aws/aws-sdk-go-v2/credentials from v1.19.16 to v1.19.17.

Assisted-By: docker-agent
@dgageot
bump github.com/junegunn/fzf from v0.72.0 to v0.73.1
7a2bf3b 
Assisted-By: docker-agent
@dgageot
bump github.com/docker/portcullis from v0.0.0-20260522094836-b66c4ab7…
65d8f29 
…50fd to v0.0.0-20260526131538-fc97bf12bbdb

The new version validates GitHub token CRC32 checksums, so the\nfake tokens used as redaction inputs in tests had to be regenerated\nwith correct base62 CRC32 suffixes.

Assisted-By: docker-agent
@dgageot
refactor(test): factor synthetic GitHub PAT helper into pkg/internal/…
69bed78 
…portcullistest

Both pkg/hooks/builtins/redact_secrets_test.go and pkg/sandbox/kit/
kit_test.go grew an identical CRC32-suffix computation to produce a
synthetic, portcullis-detectable GitHub PAT without hard-coding the
full 40-char ghp_ literal (which would trip GitHub secret-scanning
push protection). Move that computation to a single helper —
portcullistest.FakeGitHubPAT — parameterised by a 30-char body, and
have both tests call it.
@dgageot dgageot requested a review from a team as a code owner May 26, 2026 14:37
docker-agent
docker-agent reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown

@docker-agent docker-agent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assessment: 🟢 APPROVE

Reviewed 6 files across dependency bumps and a new portcullistest helper package. No bugs found.

Dependency bumps (go.mod / go.sum): All changes are minor/patch version increments — alecthomas/chroma v2.25.0, aws-sdk-go-v2/config v1.32.18, aws-sdk-go-v2/credentials v1.19.17, docker/portcullis (new pseudo-version), junegunn/fzf v0.73.1. The new indirect dependency dlclark/regexp2/v2 v2.1.0 is the expected transitive pull-in from chroma v2.25.0.

FakeGitHubPAT helper (pkg/internal/portcullistest/fakegithubpat.go): The CRC32 base62 encoding is correct — 62^6 ≈ 56.8B comfortably covers the full 32-bit CRC32 range, the big-endian loop is correct, and uint64 is used to prevent intermediate overflow. The 30-char body length guard is correct for ASCII inputs.

Test refactoring (redact_secrets_test.go, kit_test.go): Converting const literals to fakeGitHubPAT()/fakeGitHubToken() calls preserves all test semantics. The reuse of a single token value for both files in TestPrintSummary is intentional and correct (the test asserts 2 secrets redacted).

⚠️ Note: the automated review pipeline completed analysis but the drafter returned review_complete: false. All key areas were covered in the analysis; no findings were produced.

@dgageot dgageot merged commit 4fe2f00 into docker:main May 26, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docker-agent docker-agent docker-agent left review comments

@gtardif gtardif gtardif approved these changes

@melmennaoui melmennaoui melmennaoui approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dgageot @gtardif @melmennaoui @docker-agent