chore: update mod for govulncheck

cloudwego / hertz

Go HTTP framework with high-performance and strong-extensibility for building micro-services.

https://www.cloudwego.io

Apache License 2.0

5.16k stars 498 forks source link

chore: update mod for govulncheck #1051

Closed haoxins closed 8 months ago

haoxins commented 8 months ago

What type of PR is this?

update the mod for govulncheck

Check the PR title.

[x] This PR title match the format: \<type>(optional scope): \<description>
[x] The description of this PR title is user-oriented and clear enough for others to understand.
[ ] Attach the PR updating the user documentation if the current PR requires user awareness at the usage level. User docs repo

(Optional) Translate the PR title into Chinese.

(Optional) More detailed description for this PR(en: English/zh: Chinese).

en: zh(optional):

(Optional) Which issue(s) this PR fixes:

(Optional) The PR that updates user documentation:

haoxins commented 8 months ago

BTW, can we open the dependabot for this project?

codecov[bot] commented 8 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (0d25abe) 82.49% compared to head (4066a88) 82.55%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## develop #1051 +/- ## =========================================== + Coverage 82.49% 82.55% +0.05% =========================================== Files 98 98 Lines 10025 10025 =========================================== + Hits 8270 8276 +6 + Misses 1258 1252 -6 Partials 497 497 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

li-jin-gou commented 8 months ago

BTW, can we open the dependabot for this project?

Add a PR description so we know what it does.

haoxins commented 8 months ago

BTW, can we open the dependabot for this project?

Add a PR description so we know what it does.

I mean add a file named dependabot.yml in the .github dir, this content will look like

version: 2
updates:
- package-ecosystem: gomod
  directory: ./
  schedule:
    interval: weekly
    day: friday

this is the GitHub workflow's function

see https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/

a631807682 commented 8 months ago

BTW, can we open the dependabot for this project?

refer to https://github.com/hertz-contrib/registry/pull/36

li-jin-gou commented 8 months ago

BTW, can we open the dependabot for this project?

refer to hertz-contrib/registry#36

@a631807682 @haoxins 不自动升级依赖的原因是

升级代码库可能存在 bk，为了稳定性能不动的依赖升级尽量都不动。
有的库依赖 Go 的高版本特性，用户的 Go 版本分布比较散，而且有些用户还卡了 Go 的版本。

英文可能翻译不准确所以直接用中文了。

haoxins commented 8 months ago

okk. 那我先 closed 这个~