Skip to content

build(deps): Bump the all-go group across 1 directory with 2 updates#3191

Merged
julienrbrt merged 4 commits intomainfrom
dependabot/go_modules/all-go-fe143e6ba4
Mar 24, 2026
Merged

build(deps): Bump the all-go group across 1 directory with 2 updates#3191
julienrbrt merged 4 commits intomainfrom
dependabot/go_modules/all-go-fe143e6ba4

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026

Bumps the all-go group with 2 updates in the / directory: github.com/go-viper/mapstructure/v2 and github.com/libp2p/go-libp2p-kad-dht.

Updates github.com/go-viper/mapstructure/v2 from 2.4.0 to 2.5.0

Release notes

Sourced from github.com/go-viper/mapstructure/v2's releases.

v2.5.0

What's Changed

New Contributors

Full Changelog: go-viper/mapstructure@v2.4.0...v2.5.0

Commits
  • 9aa3f77 Merge pull request #166 from go-viper/unmarshal2
  • ae32a61 doc: add more documentation
  • 320c8c9 test: cover unmarshaler to map
  • 5b22829 feat: add unmarshaler interface
  • fd74c75 Merge pull request #137 from andreev-fn/opt-root-name
  • dee4661 Merge pull request #59 from DarkiT/main
  • 5605df4 chore: cover more test cases, fix edge cases, add docs
  • 6166631 fix(mapstructure): add multi-tag support and regression tests
  • 6471aa6 Merge pull request #149 from thespags/main
  • dbffaaa chore: add more tests and clarification to the documentation
  • Additional commits viewable in compare view

Updates github.com/libp2p/go-libp2p-kad-dht from 0.38.0 to 0.39.0

Release notes

Sourced from github.com/libp2p/go-libp2p-kad-dht's releases.

v0.39.0

Breaking changes

What's Changed

New Contributors

Full Changelog: libp2p/go-libp2p-kad-dht@v0.38.0...v0.39.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): Bump the all-go group across 1 directory with 2 updates
e522722 
Bumps the all-go group with 2 updates in the / directory: [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) and [github.com/libp2p/go-libp2p-kad-dht](https://github.com/libp2p/go-libp2p-kad-dht).


Updates `github.com/go-viper/mapstructure/v2` from 2.4.0 to 2.5.0
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](go-viper/mapstructure@v2.4.0...v2.5.0)

Updates `github.com/libp2p/go-libp2p-kad-dht` from 0.38.0 to 0.39.0
- [Release notes](https://github.com/libp2p/go-libp2p-kad-dht/releases)
- [Commits](libp2p/go-libp2p-kad-dht@v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-go
- dependency-name: github.com/libp2p/go-libp2p-kad-dht
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-go
...

Signed-off-by: dependabot[bot] <[email protected]>
@julienrbrt julienrbrt enabled auto-merge March 24, 2026 10:04
@claude
Copy link
Contributor

claude bot commented Mar 24, 2026
edited
Loading

Claude finished @julienrbrt's task in 1m 7s —— View job

Code Review: Dependency Bump PR

  • Gather context and understand PR
  • Review dependency changes and go.mod/go.sum files
  • Check for breaking changes in updated dependencies
  • Assess impact on the codebase
  • Post final review

This is a routine Dependabot dependency update. Here's the analysis:

github.com/go-viper/mapstructure/v2: v2.4.0 → v2.5.0

Usage in codebase: pkg/config/config.go and pkg/config/instrumentation.go

Changes: Pure additive/bug-fix release — no breaking changes:

  • Support for automatically initializing squashed pointer structs
  • Fix slice deep map (owned) bug
  • New features: multiple tag names, optional root object name, unmarshaler interface, dynamic struct map field name

No impact on existing usage patterns in this repo.

github.com/libp2p/go-libp2p-kad-dht: v0.38.0 → v0.39.0

Usage in codebase: pkg/p2p/client.go:13

Breaking change in v0.39.0: keystore.NewResettableKeystore() signature changed — it now accepts keystore.ResettableKeystoreOption instead of keystore.Option.

Impact:Not affected. The codebase only uses dht.New(), dht.Bootstrap(), dht.Close(), and dht.RefreshRoutingTable(). The keystore sub-package is not used anywhere.

Transitive Dependency Updates

The go.mod also picks up several transitive bumps via the kad-dht update:

  • pion/dtls/v2 removed, consolidated to pion/dtls/v3 v3.1.2
  • pion/stun consolidated to pion/stun/v3 v3.1.1
  • pion/transport/v2 removed, kept pion/transport/v3 v3.0.7
  • prometheus/common v0.66.1 → v0.67.5, prometheus/procfs v0.17.0 → v0.20.1
  • golang.org/x/{exp,mod,tools} updated
  • polydawn/refmt bumped to a newer pre-release

These are all indirect and look clean. The removal of deprecated pion/dtls/v2, pion/stun v0, and pion/transport/v2 is actually a positive hygiene improvement.

Verdict

✅ Safe to merge. Both direct dependency updates are backwards-compatible for this codebase, and the transitive changes are straightforward version bumps. The already-granted approval from @julienrbrt aligns with this assessment.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 24, 2026
edited
Loading

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed⏩ skipped✅ passed✅ passedMar 24, 2026, 10:53 AM

@codecov
Copy link

codecov bot commented Mar 24, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.15%. Comparing base (ad76f1c) to head (6bd2fd6).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3191      +/-   ##
==========================================
+ Coverage   61.14%   61.15%   +0.01%     
==========================================
  Files         117      117              
  Lines       12082    12082              
==========================================
+ Hits         7387     7389       +2     
+ Misses       3869     3867       -2     
  Partials      826      826
Flag Coverage Δ
combined 61.15% <ø> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@julienrbrt julienrbrt added this pull request to the merge queue Mar 24, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 24, 2026
@julienrbrt julienrbrt merged commit 459f3c9 into main Mar 24, 2026
28 of 29 checks passed
@julienrbrt julienrbrt deleted the dependabot/go_modules/all-go-fe143e6ba4 branch March 24, 2026 13:31
alpe added a commit that referenced this pull request Mar 25, 2026
@alpe
Merge branch 'main' into alex/3163_kms
88337e7 
* main:
  refactor(tools/da-debug): improve da debug (#3199)
  fix(pkg/da): fix json rpc types (#3200)
  chore: demote warn log as debug (#3198)
  build(deps): Bump the all-go group across 1 directory with 2 updates (#3191)
  refactor: display block source in sync log (#3193)
  chore: remove cache analyzer (#3192)
  feat: add TestStatePressure benchmark for state trie stress test (#3188)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julienrbrt julienrbrt julienrbrt approved these changes

Assignees

No one assigned

Labels

T:dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@julienrbrt