Bump github.com/bazelbuild/rules_go from 0.57.0 to 0.58.3 #2398

Merged

dependabot[bot] merged 1 commit from refs/pull/2398/head into main

2025-11-03 04:34:06 +00:00

dependabot[bot] commented

2025-11-03 02:17:32 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #1917
Original author: @dependabot[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1917
Original created: 2025-11-03T02:17:32Z
Original updated: 2025-11-03T04:34:22Z
Original head: carverauto/serviceradar:dependabot/go_modules/github.com/bazelbuild/rules_go-0.58.3
Original base: main
Original merged: 2025-11-03T04:34:06Z by @mfreeman451

Bumps github.com/bazelbuild/rules_go from 0.57.0 to 0.58.3.

Release notes

Sourced from github.com/bazelbuild/rules_go's releases.

v0.58.3

`WORKSPACE` code

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(

name = "io_bazel_rules_go",

sha256 = "82f0af253fc61c7f06b005c67c079573776111185b7c3742563f751178aaa4c0",

urls = [

"https://mirror.bazel.build/github.com/bazel-contrib/rules_go/releases/download/v0.58.3/rules_go-v0.58.3.zip",

"https://github.com/bazel-contrib/rules_go/releases/download/v0.58.3/rules_go-v0.58.3.zip",

],

)
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
go_rules_dependencies()
go_register_toolchains(version = "1.25.3")
Create the host platform repository transitively required by rules_go.
load("@bazel_tools//tools/build_defs/repo:utils.bzl", "maybe")

load("@platforms//host:extension.bzl", "host_platform_repo")
maybe(

host_platform_repo,

name = "host_platform",

)

What's Changed

Fix _xcode_config attribute for bazel 9.x by @keith in bazel-contrib/rules_go#4491
Update Bazel to 7.7.0 by @fmeum in bazel-contrib/rules_go#4492

Full Changelog: https://github.com/bazel-contrib/rules_go/compare/v0.58.2...v0.58.3

v0.58.2

`WORKSPACE` code

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(

name = "io_bazel_rules_go",

sha256 = "54bbb67a4196170cc60ef3b52a2747ad1759cba4764b4c4752b744080ad99947",

urls = [

"https://mirror.bazel.build/github.com/bazel-contrib/rules_go/releases/download/v0.58.2/rules_go-v0.58.2.zip",

</tr></table>

... (truncated)

Commits

3c293b0 Update Bazel to 7.7.0 (#4492)
f7a7c5d Fix _xcode_config attribute for bazel 9.x (#4491)
3ea65d8 .bazelci/presubmit.yml: run BCR tests with multiple Bazel versions (#4490)
c84ee39 Only build cmd/internal/cov package on go1.20 where it exists (#4489)
4ded826 Make it easier to debug integration tests (#4488)
e3ec029 tests/bcr: don't require MODULE.bazel.lock (#4485)
a06038c Add missing bazel_dep to BCR test module (#4486)
e9352e9 Fix pure mode detection (#4470)
4f25f44 Commit MODULE.bazel.lock files (#4484)
74199c9 use sh_toolchain to get a truer path to bash (#4465)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Imported from GitHub pull request. Original GitHub pull request: #1917 Original author: @dependabot[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1917 Original created: 2025-11-03T02:17:32Z Original updated: 2025-11-03T04:34:22Z Original head: carverauto/serviceradar:dependabot/go_modules/github.com/bazelbuild/rules_go-0.58.3 Original base: main Original merged: 2025-11-03T04:34:06Z by @mfreeman451 --- Bumps [github.com/bazelbuild/rules_go](https://github.com/bazelbuild/rules_go) from 0.57.0 to 0.58.3. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/bazelbuild/rules_go/releases">github.com/bazelbuild/rules_go's releases</a>. <blockquote> <h2>v0.58.3</h2> <h2><code>WORKSPACE</code> code</h2> <pre><code>load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") http_archive( name = "io_bazel_rules_go", sha256 = "82f0af253fc61c7f06b005c67c079573776111185b7c3742563f751178aaa4c0", urls = [ "https://mirror.bazel.build/github.com/bazel-contrib/rules_go/releases/download/v0.58.3/rules_go-v0.58.3.zip", "https://github.com/bazel-contrib/rules_go/releases/download/v0.58.3/rules_go-v0.58.3.zip", ], ) load("<a href="https://github.com/io"><code>@io</code></a>_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies") go_rules_dependencies() go_register_toolchains(version = "1.25.3") <h1>Create the host platform repository transitively required by rules_go.</h1> load("<a href="https://github.com/bazel"><code>@bazel</code></a>_tools//tools/build_defs/repo:utils.bzl", "maybe") load("@platforms//host:extension.bzl", "host_platform_repo") maybe( host_platform_repo, name = "host_platform", ) </code></pre> <h2>What's Changed</h2> <ul> <li>Fix _xcode_config attribute for bazel 9.x by <a href="https://github.com/keith"><code>@keith</code></a> in <a href="https://redirect.github.com/bazel-contrib/rules_go/pull/4491">bazel-contrib/rules_go#4491</a></li> <li>Update Bazel to 7.7.0 by <a href="https://github.com/fmeum"><code>@fmeum</code></a> in <a href="https://redirect.github.com/bazel-contrib/rules_go/pull/4492">bazel-contrib/rules_go#4492</a></li> </ul> Full Changelog: <a href="https://github.com/bazel-contrib/rules_go/compare/v0.58.2...v0.58.3">https://github.com/bazel-contrib/rules_go/compare/v0.58.2...v0.58.3</a> <h2>v0.58.2</h2> <h2><code>WORKSPACE</code> code</h2> <pre><code>load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") http_archive( name = "io_bazel_rules_go", sha256 = "54bbb67a4196170cc60ef3b52a2747ad1759cba4764b4c4752b744080ad99947", urls = [ "https://mirror.bazel.build/github.com/bazel-contrib/rules_go/releases/download/v0.58.2/rules_go-v0.58.2.zip", </tr></table> </code></pre> </blockquote> ... (truncated) </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bazel-contrib/rules_go/commit/3c293b09f65f8f6b60eec620f471f75d992fd9f0"><code>3c293b0</code></a> Update Bazel to 7.7.0 (<a href="https://redirect.github.com/bazelbuild/rules_go/issues/4492">#4492</a>)</li> <li><a href="https://github.com/bazel-contrib/rules_go/commit/f7a7c5d7acdf56c82afb0c9a38b019b8106da8ee"><code>f7a7c5d</code></a> Fix _xcode_config attribute for bazel 9.x (<a href="https://redirect.github.com/bazelbuild/rules_go/issues/4491">#4491</a>)</li> <li><a href="https://github.com/bazel-contrib/rules_go/commit/3ea65d884caedfae1036cdc8d0a758da900dc18b"><code>3ea65d8</code></a> .bazelci/presubmit.yml: run BCR tests with multiple Bazel versions (<a href="https://redirect.github.com/bazelbuild/rules_go/issues/4490">#4490</a>)</li> <li><a href="https://github.com/bazel-contrib/rules_go/commit/c84ee399cee70112a625dfa19cdb206a968c0194"><code>c84ee39</code></a> Only build cmd/internal/cov package on go1.20 where it exists (<a href="https://redirect.github.com/bazelbuild/rules_go/issues/4489">#4489</a>)</li> <li><a href="https://github.com/bazel-contrib/rules_go/commit/4ded8262d3aecfc286dcb4277f66b680b6fe148b"><code>4ded826</code></a> Make it easier to debug integration tests (<a href="https://redirect.github.com/bazelbuild/rules_go/issues/4488">#4488</a>)</li> <li><a href="https://github.com/bazel-contrib/rules_go/commit/e3ec0294d47f8d5d71f2e9cac57582d8be59e8dc"><code>e3ec029</code></a> tests/bcr: don't require MODULE.bazel.lock (<a href="https://redirect.github.com/bazelbuild/rules_go/issues/4485">#4485</a>)</li> <li><a href="https://github.com/bazel-contrib/rules_go/commit/a06038ce582fb409774c3a5e6b8db79324568363"><code>a06038c</code></a> Add missing <code>bazel_dep</code> to BCR test module (<a href="https://redirect.github.com/bazelbuild/rules_go/issues/4486">#4486</a>)</li> <li><a href="https://github.com/bazel-contrib/rules_go/commit/e9352e93297a3676c6a8fd6669a936c92139b26c"><code>e9352e9</code></a> Fix pure mode detection (<a href="https://redirect.github.com/bazelbuild/rules_go/issues/4470">#4470</a>)</li> <li><a href="https://github.com/bazel-contrib/rules_go/commit/4f25f4411288614b3425b98720b92fb5d2e272f4"><code>4f25f44</code></a> Commit MODULE.bazel.lock files (<a href="https://redirect.github.com/bazelbuild/rules_go/issues/4484">#4484</a>)</li> <li><a href="https://github.com/bazel-contrib/rules_go/commit/74199c92e20399b6ef46684b2c6fdd94b50a7892"><code>74199c9</code></a> use sh_toolchain to get a truer path to bash (<a href="https://redirect.github.com/bazelbuild/rules_go/issues/4465">#4465</a>)</li> <li>Additional commits viewable in <a href="https://github.com/bazelbuild/rules_go/compare/v0.57.0...v0.58.3">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/bazelbuild/rules_go&package-manager=go_modules&previous-version=0.57.0&new-version=0.58.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

qodo-code-review[bot] commented

2025-11-03 04:34:22 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1917#issuecomment-3478873972
Original created: 2025-11-03T04:34:22Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No audit impact: The PR only changes module versions and checksums without adding or modifying any application logic where audit logging would apply. Referred Code `github.com/bazelbuild/rules_go v0.58.3 github.com/cenkalti/backoff/v5 v5.0.3`
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: No code changes: Only dependency version and checksum updates are present, with no new identifiers to assess for naming quality. Referred Code `github.com/bazelbuild/rules_go v0.58.3 github.com/cenkalti/backoff/v5 v5.0.3`
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: No logic modified: The diff contains no functional code where error handling could be evaluated, only dependency bumps. Referred Code `github.com/bazelbuild/rules_go v0.58.3 github.com/cenkalti/backoff/v5 v5.0.3`
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: No user errors added: No new user-facing or internal error paths were introduced in this dependency update to evaluate for secure error handling. Referred Code `github.com/bazelbuild/rules_go v0.58.3 github.com/cenkalti/backoff/v5 v5.0.3`
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: No logging changes: The changes are limited to dependency checksums and do not add or modify any logging statements to assess. Referred Code `github.com/bazelbuild/rules_go v0.58.3 h1:2Mdry2oCIzc+h9M2qRmK7S560vh8wOHh+al2MO+kbb8= github.com/bazelbuild/rules_go v0.58.3/go.mod h1:Pn30cb4M513fe2rQ6GiJ3q8QyrRsgC7zhuDvi50Lw4Y=`
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Dependency bump only: No new input handling or data processing code was added; only a library version update was made. Referred Code `github.com/bazelbuild/rules_go v0.58.3 github.com/cenkalti/backoff/v5 v5.0.3`

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1917#issuecomment-3478873972 Original created: 2025-11-03T04:34:22Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR: <table><tbody><tr><td colspan='2'>Security Compliance</td></tr> <tr><td>🟢</td><td><details><summary>No security concerns identified</summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'>Ticket Compliance</td></tr> <tr><td>⚪</td><td><details><summary>🎫 No ticket provided </summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'>Codebase Duplication Compliance</td></tr> <tr><td>⚪</td><td><details><summary>Codebase context is not defined </summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'>Custom Compliance</td></tr> <tr><td rowspan=6>⚪</td> <td><details> <summary>Generic: Comprehensive Audit Trails</summary> **Objective:** To create a detailed and reliable record of critical system actions for security analysis and compliance. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1917/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R7-R7'>No audit impact</a>: The PR only changes module versions and checksums without adding or modifying any application logic where audit logging would apply. <details open><summary>Referred Code</summary> ```txt github.com/bazelbuild/rules_go v0.58.3 github.com/cenkalti/backoff/v5 v5.0.3 ``` </details></details></td></tr> <tr><td><details> <summary>Generic: Meaningful Naming and Self-Documenting Code</summary> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code self-documenting **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1917/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R7-R7'>No code changes</a>: Only dependency version and checksum updates are present, with no new identifiers to assess for naming quality. <details open><summary>Referred Code</summary> ```txt github.com/bazelbuild/rules_go v0.58.3 github.com/cenkalti/backoff/v5 v5.0.3 ``` </details></details></td></tr> <tr><td><details> <summary>Generic: Robust Error Handling and Edge Case Management</summary> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful degradation **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1917/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R7-R7'>No logic modified</a>: The diff contains no functional code where error handling could be evaluated, only dependency bumps. <details open><summary>Referred Code</summary> ```txt github.com/bazelbuild/rules_go v0.58.3 github.com/cenkalti/backoff/v5 v5.0.3 ``` </details></details></td></tr> <tr><td><details> <summary>Generic: Secure Error Handling</summary> **Objective:** To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1917/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R7-R7'>No user errors added</a>: No new user-facing or internal error paths were introduced in this dependency update to evaluate for secure error handling. <details open><summary>Referred Code</summary> ```txt github.com/bazelbuild/rules_go v0.58.3 github.com/cenkalti/backoff/v5 v5.0.3 ``` </details></details></td></tr> <tr><td><details> <summary>Generic: Secure Logging Practices</summary> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1917/files#diff-3295df7234525439d778f1b282d146a4f1ff6b415248aaac074e8042d9f42d63R13-R14'>No logging changes</a>: The changes are limited to dependency checksums and do not add or modify any logging statements to assess. <details open><summary>Referred Code</summary> ```txt github.com/bazelbuild/rules_go v0.58.3 h1:2Mdry2oCIzc+h9M2qRmK7S560vh8wOHh+al2MO+kbb8= github.com/bazelbuild/rules_go v0.58.3/go.mod h1:Pn30cb4M513fe2rQ6GiJ3q8QyrRsgC7zhuDvi50Lw4Y= ``` </details></details></td></tr> <tr><td><details> <summary>Generic: Security-First Input Validation and Data Handling</summary> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities **Status:** <a href='https://github.com/carverauto/serviceradar/pull/1917/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R7-R7'>Dependency bump only</a>: No new input handling or data processing code was added; only a library version update was made. <details open><summary>Referred Code</summary> ```txt github.com/bazelbuild/rules_go v0.58.3 github.com/cenkalti/backoff/v5 v5.0.3 ``` </details></details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant 🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label </details>