Skip to content

build(deps): bump go-dependencies group (excluding betterleaks)#1654

Open
Soph wants to merge 1 commit into
mainfrom
soph/deps-bump-no-betterleaks
Open

build(deps): bump go-dependencies group (excluding betterleaks)#1654
Soph wants to merge 1 commit into
mainfrom
soph/deps-bump-no-betterleaks

Conversation

@Soph

@Soph Soph commented Jul 6, 2026

Copy link
Copy Markdown
Collaborator

https://entire.io/gh/entireio/cli/trails/775

Applies the same dependency bumps as Dependabot #1652, excluding github.com/betterleaks/betterleaks, which is held at v1.5.0.

The betterleaks v1.6.x release migrates its expression runtime from CEL to Expr and reworks pattern loading; it breaks our redaction path (redact/), so it is intentionally left out of this bump. Once that breakage is resolved, betterleaks can be bumped separately.

Bumped

Package From To
charm.land/bubbles/v2 2.1.0 2.1.1
charm.land/bubbletea/v2 2.0.7 2.0.8
charm.land/lipgloss/v2 2.0.4 2.0.5
github.com/posthog/posthog-go 1.16.2 1.17.5

(github.com/charmbracelet/ultraviolet moves as a transitive dep of the charm packages.)

Held back

Package Stays at Reason
github.com/betterleaks/betterleaks 1.5.0 v1.6.x CEL→Expr migration breaks redaction

Verification

  • go build ./... — clean
  • mise run fmt && mise run lint — 0 issues
  • mise run test — 7587 passed, 5 skipped (incl. redact)

Supersedes the four non-betterleaks updates in #1652.

🤖 Generated with Claude Code


Note

Low Risk
Lockfile-only dependency bumps with no application code changes; betterleaks is explicitly held back to avoid breaking secret redaction.

Overview
Bumps Charm TUI dependencies (bubbles, bubbletea, lipgloss) and posthog-go for telemetry, with matching go.sum checksum updates. github.com/charmbracelet/ultraviolet moves as a transitive dependency of the Charm stack.

github.com/betterleaks/betterleaks stays at v1.5.0 on purpose: v1.6.x’s CEL→Expr migration breaks the redact/ path, so that bump is deferred until redaction is fixed.

Reviewed by Cursor Bugbot for commit fc7ba0d. Configure here.

Bumps the go-dependencies group, matching dependabot PR #1652 but
holding github.com/betterleaks/betterleaks at v1.5.0 (its v1.6.x
CEL->Expr migration breaks redaction).

- charm.land/bubbles/v2   2.1.0 -> 2.1.1
- charm.land/bubbletea/v2  2.0.7 -> 2.0.8
- charm.land/lipgloss/v2   2.0.4 -> 2.0.5
- github.com/posthog/posthog-go 1.16.2 -> 1.17.5

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: 01KWWCSP66YYGH6CJHNBPTQWR8
@Soph Soph requested a review from a team as a code owner July 6, 2026 19:01
Copilot AI review requested due to automatic review settings July 6, 2026 19:01

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates a small set of Go module dependencies (Charm TUI stack + PostHog telemetry) while intentionally holding github.com/betterleaks/betterleaks at v1.5.0 to avoid known breakage in the redact/ path.

Changes:

  • Bump Charm dependencies: bubblesv2.1.1, bubbleteav2.0.8, lipglossv2.0.5.
  • Bump telemetry dependency: github.com/posthog/posthog-gov1.17.5.
  • Update transitive dependency pin for github.com/charmbracelet/ultraviolet and corresponding sums; confirm no inadvertent betterleaks v1.6.x entries.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
go.mod Updates required module versions for Charm packages, PostHog, and transitive ultraviolet, while keeping betterleaks pinned to v1.5.0.
go.sum Refreshes checksums to match the bumped direct and transitive module versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

3 participants