carverauto/serviceradar

Fork 0

bumping nats ver #2473

Merged

mfreeman451 merged 1 commit from refs/pull/2473/head into main

2025-11-24 19:23:27 +00:00

mfreeman451 commented

2025-11-24 19:19:22 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2008
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2008
Original created: 2025-11-24T19:19:22Z
Original updated: 2025-11-24T19:23:31Z
Original head: carverauto/serviceradar:2006-chore-upgrade-nats-and-nats-cli
Original base: main
Original merged: 2025-11-24T19:23:27Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Enhancement

Description

Upgrade NATS server from v2.11.4 to v2.12.2
Upgrade NATS CLI from v0.1.3 to v0.3.0
Update related dependencies (jwt/v2, highwayhash, go-tpm, golang.org/x/time)
Pin NATS CLI version in Docker and Kubernetes configurations

Diagram Walkthrough

flowchart LR
  A["NATS Dependencies"] -->|Update versions| B["NATS Server v2.12.2"]
  A -->|Update versions| C["NATS CLI v0.3.0"]
  B -->|Update hashes| D["MODULE.bazel"]
  C -->|Pin version| E["Docker & K8s configs"]
  D -->|Update go.mod| F["Go dependencies"]

File Walkthrough

Relevant files

Dependencies

3 files

MODULE.bazel `Update NATS server and CLI binary versions`	+6/-6
go.mod `Update NATS and related Go dependencies`	+6/-5
go.sum `Update checksums for NATS dependencies`	+10/-10

Configuration changes

5 files

Dockerfile.tools `Pin NATS CLI to v0.3.0 version`	+1/-1
Dockerfile.serviceradar-tools `Pin NATS CLI to v0.3.0 version`	+1/-1
serviceradar-tools-alternative.yaml `Pin NATS CLI to v0.3.0 version`	+2/-2
nats.yaml `Update NATS container image to v2.12.2`	+1/-1
components.json `Update NATS server binary download URLs`	+2/-2

Documentation

2 files

third-party-deps.html `Update NATS server version in dependencies`	+2/-2
kv-configuration.md `Pin NATS CLI to v0.3.0 in installation docs`	+1/-1

Imported from GitHub pull request. Original GitHub pull request: #2008 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2008 Original created: 2025-11-24T19:19:22Z Original updated: 2025-11-24T19:23:31Z Original head: carverauto/serviceradar:2006-chore-upgrade-nats-and-nats-cli Original base: main Original merged: 2025-11-24T19:23:27Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Enhancement ___ ### **Description** - Upgrade NATS server from v2.11.4 to v2.12.2 - Upgrade NATS CLI from v0.1.3 to v0.3.0 - Update related dependencies (jwt/v2, highwayhash, go-tpm, golang.org/x/time) - Pin NATS CLI version in Docker and Kubernetes configurations ___ ### Diagram Walkthrough ```mermaid flowchart LR A["NATS Dependencies"] -->|Update versions| B["NATS Server v2.12.2"] A -->|Update versions| C["NATS CLI v0.3.0"] B -->|Update hashes| D["MODULE.bazel"] C -->|Pin version| E["Docker & K8s configs"] D -->|Update go.mod| F["Go dependencies"] ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Dependencies</strong></td><td><details><summary>3 files</summary><table> <tr> <td><strong>MODULE.bazel</strong><dd><code>Update NATS server and CLI binary versions</code>                              </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2008/files#diff-6136fc12446089c3db7360e923203dd114b6a1466252e71667c6791c20fe6bdc">+6/-6</a>      </td> </tr> <tr> <td><strong>go.mod</strong><dd><code>Update NATS and related Go dependencies</code>                                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2008/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6">+6/-5</a>      </td> </tr> <tr> <td><strong>go.sum</strong><dd><code>Update checksums for NATS dependencies</code>                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2008/files#diff-3295df7234525439d778f1b282d146a4f1ff6b415248aaac074e8042d9f42d63">+10/-10</a>  </td> </tr> </table></details></td></tr><tr><td><strong>Configuration changes</strong></td><td><details><summary>5 files</summary><table> <tr> <td><strong>Dockerfile.tools</strong><dd><code>Pin NATS CLI to v0.3.0 version</code>                                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2008/files#diff-0258db71e4070e342198965f1d046f3097640850b037df8a2287a7e239630add">+1/-1</a>      </td> </tr> <tr> <td><strong>Dockerfile.serviceradar-tools</strong><dd><code>Pin NATS CLI to v0.3.0 version</code>                                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2008/files#diff-128fc43583a5bebffb342640261b5df8795456047930dedab3ced4d0a8769b61">+1/-1</a>      </td> </tr> <tr> <td><strong>serviceradar-tools-alternative.yaml</strong><dd><code>Pin NATS CLI to v0.3.0 version</code>                                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2008/files#diff-112d941cad12dc8002bbf1d8ba191695282f73cbb9558cf1c3bf4fd826b85a5e">+2/-2</a>      </td> </tr> <tr> <td><strong>nats.yaml</strong><dd><code>Update NATS container image to v2.12.2</code>                                      </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2008/files#diff-b29ba90bc4f641bc57735fbcc192ac166cd597cff49832a1d5ad6eff1dc73081">+1/-1</a>      </td> </tr> <tr> <td><strong>components.json</strong><dd><code>Update NATS server binary download URLs</code>                                    </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2008/files#diff-3ae5949d89b0252d10fce9bf950231c8151a73b2154dccfe4e7261acc116582c">+2/-2</a>      </td> </tr> </table></details></td></tr><tr><td><strong>Documentation</strong></td><td><details><summary>2 files</summary><table> <tr> <td><strong>third-party-deps.html</strong><dd><code>Update NATS server version in dependencies</code>                              </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2008/files#diff-64d5d5fa69723d0cad8203eca9df970f041814ba30a57f49d62e7e06c5cb37c2">+2/-2</a>      </td> </tr> <tr> <td><strong>kv-configuration.md</strong><dd><code>Pin NATS CLI to v0.3.0 in installation docs</code>                            </dd></td> <td><a href="https://github.com/carverauto/serviceradar/pull/2008/files#diff-24c06e4806fa0ec5508ae5aeab9fbe82be7122af9933e6b7970032576cf5f6f8">+1/-1</a>      </td> </tr> </table></details></td></tr></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-11-24 19:19:55 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2008#issuecomment-3572349856
Original created: 2025-11-24T19:19:55Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance

⚪

Dependency pinning risk

Description: The new dependency 'github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76' is
a pseudo-version with a far-future timestamp (2025-10-30), which may not be reproducible
or intended, potentially enabling supply-chain instability; consider pinning to a proper
tagged release.
go.mod [56-57]

Referred Code

github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76 // indirect
github.com/nats-io/jwt/v2 v2.8.0 // indirect

Ticket Compliance

🟢

🎫 #2006

🟢	Upgrade NATS server to version 2.12.2.
	Upgrade NATS CLI to version 0.3.0.
	Update related dependencies as needed (e.g., jwt/v2, highwayhash, go-tpm, golang.org/x/time).
	Pin NATS CLI version in Docker and Kubernetes configurations.

Codebase Duplication Compliance

⚪

Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance

🟢

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

⚪

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
No audit impact: The PR only updates dependency versions and pins CLI versions without introducing
application logic that would affect audit trails, so there is no evidence in the diff to
verify logging of critical actions.

Referred Code

RUN go install github.com/fullstorydev/grpcurl/cmd/grpcurl@latest && \
    go install github.com/nats-io/natscli/nats@v0.3.0

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status:
No identifiers added: The changes modify dependency versions and configuration values without adding new code
identifiers, so naming conventions cannot be assessed from this diff.

Referred Code

	github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op // indirect
	github.com/clipperhouse/uax29/v2 v2.2.0 // indirect
	github.com/google/go-tpm v0.9.6 // indirect
	github.com/jackc/pgpassfile v1.0.0 // indirect
	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
	github.com/jackc/puddle/v2 v2.2.2 // indirect
	github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76 // indirect
	github.com/nats-io/jwt/v2 v2.8.0 // indirect
	golang.org/x/time v0.14.0 // indirect
)

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
No error paths: The diff updates versions and configuration references but does not introduce executable
logic where error handling could be evaluated.

Referred Code

image: nats:2.12.2-alpine
imagePullPolicy: IfNotPresent
args:
  - "-c"
  - "/etc/nats/nats-server.conf"

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status:
No user errors: The changes adjust installation instructions and versions without adding user-facing error
handling, so secure error messaging cannot be validated.

Referred Code

go install github.com/nats-io/natscli/nats@v0.3.0

# Test the NATS connection with mTLS
nats server check --server nats://localhost:4222 \

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Config only changes: Version bumps and CLI pinning do not expose input handling; no new input surfaces are
introduced in the diff to assess validation or sanitization.

Referred Code

image: nats:2.12.2-alpine
imagePullPolicy: IfNotPresent
args:
  - "-c"
  - "/etc/nats/nats-server.conf"

Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2008#issuecomment-3572349856 Original created: 2025-11-24T19:19:55Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td rowspan=1>⚪</td> <td><details><summary><strong>Dependency pinning risk</strong></summary><br> <b>Description:</b> The new dependency 'github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76' is <br>a pseudo-version with a far-future timestamp (2025-10-30), which may not be reproducible <br>or intended, potentially enabling supply-chain instability; consider pinning to a proper <br>tagged release.<br> <strong><a href='https://github.com/carverauto/serviceradar/pull/2008/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R56-R57'>go.mod [56-57]</a></strong><br> <details open><summary>Referred Code</summary> ```txt github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76 // indirect github.com/nats-io/jwt/v2 v2.8.0 // indirect ``` </details></details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>🟢</td> <td> <details> <summary>🎫 <a href=https://github.com/carverauto/serviceradar/issues/2006>#2006</a></summary> <table width='100%'><tbody> <tr><td rowspan=4>🟢</td> <td>Upgrade NATS server to version 2.12.2.</td></tr> <tr><td>Upgrade NATS CLI to version 0.3.0.</td></tr> <tr><td>Update related dependencies as needed (e.g., jwt/v2, highwayhash, go-tpm, <br>golang.org/x/time).</td></tr> <tr><td>Pin NATS CLI version in Docker and Kubernetes configurations.</td></tr> </tbody></table> </details> </td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td rowspan=1>🟢</td><td> <details><summary><strong>Generic: Secure Logging Practices</strong></summary><br> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive <br>information like PII, PHI, or cardholder data.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=5>⚪</td> <td><details> <summary><strong>Generic: Comprehensive Audit Trails</strong></summary><br> **Objective:** To create a detailed and reliable record of critical system actions for security analysis <br>and compliance.<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2008/files#diff-0258db71e4070e342198965f1d046f3097640850b037df8a2287a7e239630addR65-R66'><strong>No audit impact</strong></a>: The PR only updates dependency versions and pins CLI versions without introducing <br>application logic that would affect audit trails, so there is no evidence in the diff to <br>verify logging of critical actions.<br> <details open><summary>Referred Code</summary> ```txt RUN go install github.com/fullstorydev/grpcurl/cmd/grpcurl@latest && \ go install github.com/nats-io/natscli/nats@v0.3.0 ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Meaningful Naming and Self-Documenting Code</strong></summary><br> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code <br>self-documenting<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2008/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R50-R59'><strong>No identifiers added</strong></a>: The changes modify dependency versions and configuration values without adding new code <br>identifiers, so naming conventions cannot be assessed from this diff.<br> <details open><summary>Referred Code</summary> ```txt github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op // indirect github.com/clipperhouse/uax29/v2 v2.2.0 // indirect github.com/google/go-tpm v0.9.6 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect github.com/jackc/puddle/v2 v2.2.2 // indirect github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76 // indirect github.com/nats-io/jwt/v2 v2.8.0 // indirect golang.org/x/time v0.14.0 // indirect ) ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2008/files#diff-b29ba90bc4f641bc57735fbcc192ac166cd597cff49832a1d5ad6eff1dc73081R19-R23'><strong>No error paths</strong></a>: The diff updates versions and configuration references but does not introduce executable <br>logic where error handling could be evaluated.<br> <details open><summary>Referred Code</summary> ```yaml image: nats:2.12.2-alpine imagePullPolicy: IfNotPresent args: - "-c" - "/etc/nats/nats-server.conf" ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Secure Error Handling</strong></summary><br> **Objective:** To prevent the leakage of sensitive system information through error messages while <br>providing sufficient detail for internal debugging.<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2008/files#diff-24c06e4806fa0ec5508ae5aeab9fbe82be7122af9933e6b7970032576cf5f6f8R365-R368'><strong>No user errors</strong></a>: The changes adjust installation instructions and versions without adding user-facing error <br>handling, so secure error messaging cannot be validated.<br> <details open><summary>Referred Code</summary> ```markdown go install github.com/nats-io/natscli/nats@v0.3.0 # Test the NATS connection with mTLS nats server check --server nats://localhost:4222 \ ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td><details> <summary><strong>Generic: Security-First Input Validation and Data Handling</strong></summary><br> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent <br>vulnerabilities<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2008/files#diff-b29ba90bc4f641bc57735fbcc192ac166cd597cff49832a1d5ad6eff1dc73081R19-R23'><strong>Config only changes</strong></a>: Version bumps and CLI pinning do not expose input handling; no new input surfaces are <br>introduced in the diff to assess validation or sanitization.<br> <details open><summary>Referred Code</summary> ```yaml image: nats:2.12.2-alpine imagePullPolicy: IfNotPresent args: - "-c" - "/etc/nats/nats-server.conf" ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2025-11-24 19:20:48 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2008#issuecomment-3572353165
Original created: 2025-11-24T19:20:48Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category Suggestion Impact

General

Category	Suggestion	Impact
General	Avoid using a pre-release dependency The `go.mod` file includes a pre-release version for `github.com/minio/highwayhash`. Investigate why this version is used and switch to a stable release if possible to avoid potential instability. go.mod [49-59] require ( github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op // indirect github.com/clipperhouse/uax29/v2 v2.2.0 // indirect github.com/google/go-tpm v0.9.6 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect github.com/jackc/puddle/v2 v2.2.2 // indirect - github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76 // indirect + github.com/minio/highwayhash v1.0.3 // indirect github.com/nats-io/jwt/v2 v2.8.0 // indirect golang.org/x/time v0.14.0 // indirect ) Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies a pre-release dependency introduced in the PR, which poses a potential stability risk, and rightly advises investigation.	Low
More

Avoid using a pre-release dependency

The go.mod file includes a pre-release version for github.com/minio/highwayhash.
Investigate why this version is used and switch to a stable release if possible
to avoid potential instability.

go.mod [49-59]

 require (
 	github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op // indirect
 	github.com/clipperhouse/uax29/v2 v2.2.0 // indirect
 	github.com/google/go-tpm v0.9.6 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
-	github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76 // indirect
+	github.com/minio/highwayhash v1.0.3 // indirect
 	github.com/nats-io/jwt/v2 v2.8.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
 )

Apply / Chat

Suggestion importance[1-10]: 6

Why: The suggestion correctly identifies a pre-release dependency introduced in the PR, which poses a potential stability risk, and rightly advises investigation.

Low

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2008#issuecomment-3572353165 Original created: 2025-11-24T19:20:48Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=1>General</td> <td> <details><summary>Avoid using a pre-release dependency</summary> ___ **The <code>go.mod</code> file includes a pre-release version for <code>github.com/minio/highwayhash</code>. <br>Investigate why this version is used and switch to a stable release if possible <br>to avoid potential instability.** [go.mod [49-59]](https://github.com/carverauto/serviceradar/pull/2008/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R49-R59) ```diff require ( github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op // indirect github.com/clipperhouse/uax29/v2 v2.2.0 // indirect github.com/google/go-tpm v0.9.6 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect github.com/jackc/puddle/v2 v2.2.2 // indirect - github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76 // indirect + github.com/minio/highwayhash v1.0.3 // indirect github.com/nats-io/jwt/v2 v2.8.0 // indirect golang.org/x/time v0.14.0 // indirect ) ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 6</summary> __ Why: The suggestion correctly identifies a pre-release dependency introduced in the PR, which poses a potential stability risk, and rightly advises investigation. </details></details></td><td align=center>Low </td></tr> <tr><td align="center" colspan="2"> - [ ] More  </td><td></td></tr></tbody></table>