[dependencies] update go version to 1.22 and update vulnerable dependencies #1034
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates specific dependencies that have CVE warnings, and updates the Go version from 1.17 (which is not maintained anymore) to 1.22.
Golangci-lint also needed to be updated, and the
golint
linter removed, as it has no effect anymore.Notes
I considered only bumping the vulnerable dependencies, but
go mod tidy
was failing with go 1.17. I believe the test coverage is sufficient for us to do such an update confidently.A pass of updates on the other dependencies (if any) will happen in an upcoming PR.
This PR also adds a call to
go env
in theJob Information
CI step to help troubleshoot issues with the Go toolchain version being run.Testing
I ran this with the current
master
version of the uss_qualifier using all available configurations and did not run into particular issues.(*)(*) with the exception of a WARNING related to flight planning, which is a common occurrence for me when running all the qualifier configurations locally