Skip to content

chore(deps): patch+minor dependency updates 2026-04-20#2

Draft
jasonmassie01 wants to merge 1 commit intomasterfrom
deps/drift-20260420
Draft

chore(deps): patch+minor dependency updates 2026-04-20#2
jasonmassie01 wants to merge 1 commit intomasterfrom
deps/drift-20260420

Conversation

@jasonmassie01
Copy link
Copy Markdown
Owner

@jasonmassie01 jasonmassie01 commented Apr 20, 2026

Dependency Updates — 2026-04-20

Automated patch + minor bumps. Majors are tracked as separate issues.

All changes pass go build ./..., npm run build, and go test -count=1 -short -timeout 60s ./....

Changes

Ecosystem Package Old New Kind
Go github.com/fsnotify/fsnotify v1.7.0 v1.9.0 minor
Go github.com/jackc/pgx/v5 v5.7.2 v5.9.2 minor
Go golang.org/x/crypto v0.31.0 v0.50.0 minor
Go golang.org/x/sync v0.10.0 v0.20.0 minor
Go golang.org/x/sys v0.28.0 v0.43.0 minor
Go golang.org/x/text v0.21.0 v0.36.0 minor
Go go toolchain 1.24 1.25.0 minor (required by pgx v5.9.2)
npm eslint-plugin-react-hooks 7.0.1 7.1.1 minor
npm globals 17.4.0 17.5.0 minor
npm lucide-react 1.7.0 1.8.0 minor
npm react 19.2.4 19.2.5 patch
npm react-dom 19.2.4 19.2.5 patch
npm vite 8.0.3 8.0.9 patch

Skipped (major — see issues)

Ecosystem Package Old New
npm @eslint/js 9.39.4 10.0.1
npm @vitest/coverage-v8 3.2.4 4.1.4
npm eslint 9.39.4 10.2.1
npm jsdom 25.0.1 29.0.2
npm vitest 3.2.4 4.1.4

https://claude.ai/code/session_01Wvri4Tw3JQyYWwSmHWVGeE

@claude
chore(deps): patch+minor dependency updates 2026-04-20
dc76b3b 
Go: fsnotify 1.7.0→1.9.0, pgx/v5 5.7.2→5.9.2, crypto 0.31.0→0.50.0,
sync 0.10.0→0.20.0, sys 0.28.0→0.43.0, text 0.21.0→0.36.0 (+ go 1.24→1.25.0)

npm: eslint-plugin-react-hooks 7.0.1→7.1.1, globals 17.4.0→17.5.0,
lucide-react 1.7.0→1.8.0, react 19.2.4→19.2.5, react-dom 19.2.4→19.2.5,
vite 8.0.3→8.0.9

https://claude.ai/code/session_01Wvri4Tw3JQyYWwSmHWVGeE
@jasonmassie01 Claude
Copy link
Copy Markdown
Owner Author

jasonmassie01 commented Apr 20, 2026

pg-sage auto-review v1

Summary

Automated patch/minor dependency bump touching only sidecar/go.mod, go.sum, web/package.json, package-lock.json, and the rebuilt frontend dist bundle (old content-hashed JS deleted, new one added, index.html updated). No .go source files were changed. The notable non-trivial changes are pgx/v5 v5.7.2 → v5.9.2 and the Go toolchain raised to 1.25.0 (required by the new pgx).

Findings

Critical (0)

Warning (1)

  • sidecar/go.mod:3go 1.25.0 sets the hard minimum Go version for the module. Unlike a separate toolchain directive (advisory), the go line causes Go 1.24 to refuse to build entirely. The PR description correctly labels this "required by pgx v5.9.2," so the bump is unavoidable if upgrading pgx—but CI, README, and contributor docs should be updated to document Go ≥ 1.25 as a build requirement.

Nit (1)

  • sidecar/internal/api/dist/ — Committing built frontend assets is an established pattern in this repo. The swap is clean: index-ecBLX5R2.js deleted, index-BNRL5ZIQ.js added, index.html reference updated to match. No stale files left behind. No action needed—just confirming the swap is correct.

Generated by Claude Code

@jasonmassie01 jasonmassie01 mentioned this pull request Apr 27, 2026
Draft
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jasonmassie01 @claude