Conversation
Assisted-By: docker-agent
Assisted-By: docker-agent
…o v0.0.0-20260311135729-065cd970411c Assisted-By: docker-agent
Assisted-By: docker-agent
Assisted-By: docker-agent
Signed-off-by: David Gageot <david.gageot@docker.com>
![docker-agent[bot]](https://avatars.githubusercontent.com/in/2787757?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review Summary
Assessment: 🟢 APPROVE
This dependency bump PR updates 7 Go dependencies and adds a license constraint note to the bump-go-dependencies skill. The changes are consistent between go.mod and go.sum.
Summary
- Updated dependencies: lipgloss v2.0.1→v2.0.2, a2a-go v0.3.8→v0.3.9, dop251/goja (commit update), golang.org/x/image v0.36.0→v0.37.0, golang.org/x/term v0.40.0→v0.41.0, golang.org/x/text v0.34.0→v0.35.0
- Documentation: Added constraint to never bump kin-openapi above v0.132.0 due to license issues
- Verification: go.sum changes are consistent with go.mod updates
Findings
One informational note about an upstream dependency:
| github.com/docker/cli v29.3.0+incompatible | ||
| github.com/docker/go-units v0.5.0 | ||
| github.com/dop251/goja v0.0.0-20260305124333-6a7976c22267 | ||
| github.com/dop251/goja v0.0.0-20260311135729-065cd970411c |
There was a problem hiding this comment.
ℹ️ INFO: Future timestamp in dop251/goja pseudo-version
The dop251/goja dependency uses a pseudo-version with a future timestamp (March 11, 2026). Both the old version (March 5, 2026) and new version contain future dates, indicating this is an upstream repository issue rather than something introduced by this PR.
While Go's module system handles future timestamps without functional issues, this may indicate clock skew or commit manipulation in the upstream repository. This is informational only and doesn't block the PR.
Location: go.mod:31
1 participant
No description provided.