Skip to content

chore: bump duty to v1.0.1140 #1821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
flankbot merged 1 commit into from
Jan 2, 2026
Merged

chore: bump duty to v1.0.1140 #1821

flankbot merged 1 commit into from
Jan 2, 2026

Conversation

@flankbot
Copy link
Contributor

@flankbot flankbot commented Jan 2, 2026
edited by coderabbitai bot
Loading

Automated changes by create-pull-request GitHub action

Summary by CodeRabbit

  • Chores
    • Upgraded core framework dependencies, including commons and duty packages, to their latest stable versions for improved system reliability, performance, and security.
    • Enhanced JSON schema validation infrastructure by adding supporting libraries for more comprehensive data validation capabilities.

✏️ Tip: You can customize this high-level summary in your review settings.

@flankbot flankbot enabled auto-merge (squash) January 2, 2026 07:22
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 2, 2026
edited
Loading

Walkthrough

The PR updates two core dependencies: github.com/flanksource/commons (v1.43.2 to v1.43.3) and github.com/flanksource/duty (v1.0.1139 to v1.0.1140), along with adding eight new indirect JSON schema-related dependencies.

Changes

Cohort / File(s) Summary
Dependency Updates
go.mod		 Bumped github.com/flanksource/commons to v1.43.3 and github.com/flanksource/duty to v1.0.1140. Added 8 indirect dependencies: bahlo/generic-list-go, buger/jsonparser, invopop/jsonschema, mailru/easyjson, wk8/go-ordered-map/v2, xeipuuv/gojsonpointer, xeipuuv/gojsonreference, and xeipuuv/gojsonschema.

Possibly related PRs

  • config-db#1817: Updates github.com/flanksource/duty dependency and adds the same set of indirect JSON/schema-related dependencies.
  • config-db#1795: Bumps github.com/flanksource/duty and adds identical JSON/schema indirect dependencies.
  • config-db#1742: Updates github.com/flanksource/duty to a different patch version.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The pull request title accurately captures the main change: bumping the duty dependency to v1.0.1140, which aligns with the primary objective and the most significant version change in the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch bump-duty-auto-pr
📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9ec9f91 and ef903e4.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod
⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: test-prod
  • GitHub Check: test
🔇 Additional comments (2)
go.mod (2)

53-54: Patch-level dependency updates introduce no known security advisories.

The updates to commons (v1.43.3) and duty (v1.0.1140) are patch releases with no public security advisories found. The new indirect dependencies (JSON schema related: jsonparser, jsonschema, gojsonpointer, gojsonreference, gojsonschema, ordered-map, generic-list-go) are legitimate transitive dependencies from the duty update.

151-151: Eight new JSON schema dependencies from duty v1.0.1140 are legitimate and secure.

Verified that all eight indirect dependencies (generic-list-go, jsonparser, jsonschema, easyjson, go-ordered-map, gojsonpointer, gojsonreference, gojsonschema) are expected transitive dependencies introduced by the duty v1.0.1140 update—confirmed via dependency graph trace.

Regarding the xeipuuv JSON schema packages with 2018 timestamps: The repository is actively maintained (updated December 2025), has 370 forks and 140 open issues, and no known public security vulnerabilities exist. While the last code commit was in 2020, the packages are stable and widely adopted. No action required, though pinning versions in go.mod is a recommended best practice.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@flankbot flankbot changed the title chore: bump duty to v1.0.1139 chore: bump duty to v1.0.1140 Jan 2, 2026
@flankbot flankbot merged commit 06bbd1a into main Jan 2, 2026
13 of 14 checks passed
@flankbot flankbot deleted the bump-duty-auto-pr branch January 2, 2026 14:16
This was referenced Jan 5, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies ready

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@flankbot