Skip to content

chore(deps): upgrade Go and third-party dependencies#1075

Open
aymericDD wants to merge 2 commits intomainfrom
aymericdd/chore/upgrade-dependencies
Open

chore(deps): upgrade Go and third-party dependencies#1075
aymericDD wants to merge 2 commits intomainfrom
aymericdd/chore/upgrade-dependencies

Conversation

@aymericDD
Copy link
Copy Markdown
Contributor

@aymericDD aymericDD commented Apr 30, 2026
edited
Loading

What does this PR do?

  • Alters existing functionality

Upgrades Go version and third-party dependencies to their latest compatible versions. Also migrates the `cgroup` package off the vendored `runc/libcontainer/cgroups` onto the now-standalone `github.com/opencontainers/cgroups` module, removing the direct dependency on `opencontainers/runc` entirely.

Code Quality Checklist

  • The documentation is up to date.
  • My code is sufficiently commented and passes continuous integration checks.
  • I have signed my commit (see Contributing Docs).

Testing

  • I leveraged continuous integration testing
    • by depending on existing `unit` tests or `end-to-end` tests.
    • by adding new `unit` tests or `end-to-end` tests.
  • I manually tested the following steps:
    • `x`
    • locally.
    • as a canary deployment to a cluster.

Notable changes

Package Before After
Go version 1.25.6 1.25.9
`k8s.io/{api,apimachinery,client-go,cli-runtime}` 0.34.x / 0.33.x 0.35.1
`sigs.k8s.io/controller-runtime` 0.21.0 0.22.4
`go.opentelemetry.io/otel` + `otel/trace` 1.40.0 1.43.0
`gopkg.in/DataDog/dd-trace-go.v1` 1.74.7-rc.5 1.74.8
`google.golang.org/grpc` 1.79.3 1.80.0
`golang.org/x/sys` 0.40.0 0.42.0
`github.com/vishvananda/netlink` pseudo-version v1.3.1
`github.com/opencontainers/runc` v1.2.8 (direct) removed
`github.com/opencontainers/cgroups` v0.0.6 (new)

Collateral fixes required by the upgrades:

  • `cgroup/manager_linux.go`: migrated imports from `runc/libcontainer/cgroups` + `runc/libcontainer/configs` to the standalone `github.com/opencontainers/cgroups` module (`Cgroup`/`Resources` structs moved there too)
  • `mocks/client.go`: regenerated `K8SClientMock` to implement the new `Apply` method added to `controller-runtime`'s `client.Client` interface in v0.22
  • `LICENSE-3rdparty.csv`: regenerated to account for added/removed packages

Intentionally not upgraded:

  • `github.com/aquasecurity/libbpfgo`: kept at `v0.5.1-libbpf-1.2` — newer releases require libbpf ≥ 1.4 (`BPF_MAP_TYPE_ARENA`), which is not available in the Docker build image
  • `github.com/opencontainers/runtime-spec`: pinned to `v1.1.0` (what `containerd v1.7.30` requires) — `v1.3.0` changed `LinuxPids.Limit` to `*int64`, breaking the vendored containerd code

@aymericDD @claude
chore(deps): upgrade Go and third-party dependencies
306a45e 
Bump Go version and align third-party dependency versions
to latest compatible releases.

Notable changes:
- Go version: 1.25.6 → 1.25.9
- k8s.io/{api,apimachinery,client-go,cli-runtime}: 0.34→0.35
- sigs.k8s.io/controller-runtime: 0.21.0 → 0.22.4
- opencontainers/runc removed; replaced by standalone
  opencontainers/cgroups module (cgroup/manager_linux.go migrated)
- libbpfgo: v0.5.1-libbpf-1.2 → v0.9.2-libbpf-1.5.1
- vishvananda/netlink: pseudo-version → v1.3.1
- Regenerated K8SClientMock for new client.Client.Apply method
- Patched containerd vendor for runtime-spec v1.3.0 LinuxPids.Limit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@datadog-datadog-prod-us1
Copy link
Copy Markdown

datadog-datadog-prod-us1 Bot commented Apr 30, 2026
edited by datadog-official Bot
Loading

Tests

Fix all issues with BitsAI or with Cursor

⚠️ Warnings

🧪 14 Tests failed

[It] Cache Handler verify events sent should not fire any warning event on disruption from Controller Suite   View in Datadog   (Fix with Cursor) 
Timed out after 334.954s.
Expected success, but got an error:
    <*errors.errorString | 0xc000499390>: 
    target injection 7ddcbd51-ca0e-4905-8819-0f48b0d14355-fc9hg is not injected, current status is NotInjected
    {
        s: "target injection 7ddcbd51-ca0e-4905-8819-0f48b0d14355-fc9hg is not injected, current status is NotInjected",
    }

[FAILED] Timed out after 334.954s.
Expected success, but got an error:
...
[It] Disruption Client Delete Method should successfully delete disruptions when deleting an existing disruption from Controller Suite   View in Datadog   (Fix with Cursor) 
A node timeout occurred

[TIMEDOUT] A node timeout occurred
In [It] at: /home/runner/work/chaos-controller/chaos-controller/controllers/clientset_test.go:221 @ 05/04/26 08:57:37.375

This is the Progress Report generated when the node timeout occurred:
  Disruption Client Delete Method should successfully delete disruptions when deleting an existing disruption (Spec Runtime: 1m36.047s)
    /home/runner/work/chaos-controller/chaos-controller/controllers/clientset_test.go:221
    In [It] (Node Runtime: 30.001s)
      /home/runner/work/chaos-controller/chaos-controller/controllers/clientset_test.go:221
...
[It] Disruption Client Watch Method should successfully capture events related to disruptions when a disruption is added from Controller Suite   View in Datadog   (Fix with Cursor) 
A node timeout occurred

[TIMEDOUT] A node timeout occurred
In [It] at: /home/runner/work/chaos-controller/chaos-controller/controllers/clientset_test.go:257 @ 04/30/26 10:40:07.176

This is the Progress Report generated when the node timeout occurred:
  Disruption Client Watch Method should successfully capture events related to disruptions when a disruption is added (Spec Runtime: 1m41.075s)
    /home/runner/work/chaos-controller/chaos-controller/controllers/clientset_test.go:257
    In [It] (Node Runtime: 30s)
      /home/runner/work/chaos-controller/chaos-controller/controllers/clientset_test.go:257
...
View all

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 39.09% (+0.02%)

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 6ab19a7 | Docs | Datadog PR Page | Give us feedback!

@aymericDD @claude
fix(deps): pin libbpfgo and runtime-spec to compatible versions
6ab19a7 
- Revert libbpfgo to v0.5.1-libbpf-1.2 to match the libbpf version
  available in the Docker build image (libbpf 1.2); v0.9.x requires
  BPF_MAP_TYPE_ARENA introduced in libbpf 1.4+
- Downgrade runtime-spec to v1.1.0 (what containerd v1.7.30 requires);
  v1.3.0 changed LinuxPids.Limit to *int64, breaking the vendored
  containerd code
- Regenerate LICENSE-3rdparty.csv for new/removed packages

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@aymericDD aymericDD marked this pull request as ready for review April 30, 2026 12:02
@aymericDD aymericDD requested a review from a team as a code owner April 30, 2026 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@diyarab diyarab diyarab approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aymericDD @diyarab