Address recent dependency issues #43
Description
There's been several dependency-related PRs by Dependabot which are still blocked or required follow-up actions, and must be revisited:
- Bump github.com/google/go-metrics-stackdriver from 0.2.0 to 0.6.0 openbao#981
-
https://github.com/google/go-metrics-stackdriver is archived. We never made metrics pluggable and we kept it post-split even though many of these are proprietary. Upgrading this brings in a dependency on
hashicorp/go-metrics; I'm not sure if everything in our stack can be upgraded fromarmon/go-metricsyet but that would be a prereq for this.
-
- Bump github.com/hashicorp/hcl from 1.0.1-vault-5 to 1.0.1-vault-7 openbao#1105
-
This breaks tests; we'll need to revisit how we want to handle this.
-
- Bump gotest.tools/gotestsum from 1.10.0 to 1.12.1 openbao#1118
-
It might be good to split this into a separate
tools/go.modfile as part of supply chain cleanup
-
- Bump github.com/ory/dockertest/v3 from 3.10.0 to 3.12.0 openbao#1197
-
This might be a good candidate for removal; it is used in two test suites.
-
Thanks for the inputs, @cipherboy!