Skip to content

chore: upgrade Go to 1.25, k8s libs to v0.35.3, and x/net to v0.38.0#78

Open
amellier wants to merge 1 commit intoAzure:mainfrom
amellier:chore/dependency-upgrades
Open

chore: upgrade Go to 1.25, k8s libs to v0.35.3, and x/net to v0.38.0#78
amellier wants to merge 1 commit intoAzure:mainfrom
amellier:chore/dependency-upgrades

Conversation

@amellier
Copy link
Copy Markdown

@amellier amellier commented Apr 24, 2026

Summary

Addresses #75.

Go 1.19 is end-of-life and no longer receives security patches. golang.org/x/net v0.7.0 has known CVEs. k8s.io/* at v0.26.2 is 9 minor versions behind upstream.

Dependency Before After
Go 1.19 1.25
k8s.io/* v0.26.2 v0.35.3
golang.org/x/net v0.7.0 v0.52.0

Cascading transitive upgrades: grpc, otel, genproto, oauth2, cobra, prometheus.

Notes

  • The Go version bump is also reflected in docker/exporter/Dockerfile
  • The Go version in .github/workflows/lint.yml and create-images.yml is updated to match
  • No code changes required — the API surface of updated packages used here is stable

@amellier
chore: upgrade Go to 1.25, k8s libs to v0.35.3, and x/net to v0.52
2a6344c 
- Go 1.19 → 1.25.0 (required by x/net latest, EOL security risk)
- k8s.io/* v0.26.2 → v0.35.3 (9 minor versions behind)
- golang.org/x/net v0.7.0 → v0.52.0 (frequent security patches)
- Cascading upgrades: grpc, otel, genproto, oauth2, cobra, prometheus
@amellier amellier requested a review from Fei-Guo as a code owner April 24, 2026 10:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fei-Guo Fei-Guo Awaiting requested review from Fei-Guo Fei-Guo is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@amellier