Update dependencies (and set up auto-dep bumps)

danielgtaylor / huma

Huma REST/HTTP API Framework for Golang with OpenAPI 3.1

https://huma.rocks/

MIT License

1.89k stars 138 forks source link

Update dependencies (and set up auto-dep bumps) #543

Closed leonklingele closed 3 weeks ago

leonklingele commented 1 month ago

Huma's dependencies are slightly out of date (in CI we're now getting vulnerability alerts for one of them, that's how I noticed).

Can you please bump them and maybe also set up some auto-bump job such as Renovate or Dependabot?

Thank you! 😊

danielgtaylor commented 4 weeks ago

@leonklingele thanks, yeah I have dependabot set up but right now they can't auto-merge due to Huma supporting back to Go 1.20. Now that 1.23 is released I'm thinking of updating the minimum Go version to 1.21 (supporting the last two versions like Go itself does).

slices: package slices is not in GOROOT (/home/dependabot/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.20.10.linux-amd64/src/slices)

danielgtaylor commented 3 weeks ago

FYI, I've updated to Go 1.21 since 1.23 is out now and have merged the critical dependabot for the next release.