Skip to content

chore(deps): upgrade Go and third-party dependencies#1075

Merged
aymericDD merged 4 commits into
mainfrom
aymericdd/chore/upgrade-dependencies
May 18, 2026
Merged

chore(deps): upgrade Go and third-party dependencies#1075
aymericDD merged 4 commits into
mainfrom
aymericdd/chore/upgrade-dependencies

Conversation

@aymericDD
Copy link
Copy Markdown
Contributor

@aymericDD aymericDD commented Apr 30, 2026
edited
Loading

What does this PR do?

  • Alters existing functionality

Upgrades Go version and third-party dependencies to their latest compatible versions. Also migrates the `cgroup` package off the vendored `runc/libcontainer/cgroups` onto the now-standalone `github.com/opencontainers/cgroups` module, removing the direct dependency on `opencontainers/runc` entirely.

Code Quality Checklist

  • The documentation is up to date.
  • My code is sufficiently commented and passes continuous integration checks.
  • I have signed my commit (see Contributing Docs).

Testing

  • I leveraged continuous integration testing
    • by depending on existing `unit` tests or `end-to-end` tests.
    • by adding new `unit` tests or `end-to-end` tests.
  • I manually tested the following steps:
    • `x`
    • locally.
    • as a canary deployment to a cluster.

Notable changes

Package Before After
Go version 1.25.6 1.25.9
`k8s.io/{api,apimachinery,client-go,cli-runtime}` 0.34.x / 0.33.x 0.35.1
`sigs.k8s.io/controller-runtime` 0.21.0 0.22.4
`go.opentelemetry.io/otel` + `otel/trace` 1.40.0 1.43.0
`gopkg.in/DataDog/dd-trace-go.v1` 1.74.7-rc.5 1.74.8
`google.golang.org/grpc` 1.79.3 1.80.0
`golang.org/x/sys` 0.40.0 0.42.0
`github.com/vishvananda/netlink` pseudo-version v1.3.1
`github.com/opencontainers/runc` v1.2.8 (direct) removed
`github.com/opencontainers/cgroups` v0.0.6 (new)

Collateral fixes required by the upgrades:

  • `cgroup/manager_linux.go`: migrated imports from `runc/libcontainer/cgroups` + `runc/libcontainer/configs` to the standalone `github.com/opencontainers/cgroups` module (`Cgroup`/`Resources` structs moved there too)
  • `mocks/client.go`: regenerated `K8SClientMock` to implement the new `Apply` method added to `controller-runtime`'s `client.Client` interface in v0.22
  • `LICENSE-3rdparty.csv`: regenerated to account for added/removed packages

Intentionally not upgraded:

  • `github.com/aquasecurity/libbpfgo`: kept at `v0.5.1-libbpf-1.2` — newer releases require libbpf ≥ 1.4 (`BPF_MAP_TYPE_ARENA`), which is not available in the Docker build image
  • `github.com/opencontainers/runtime-spec`: pinned to `v1.1.0` (what `containerd v1.7.30` requires) — `v1.3.0` changed `LinuxPids.Limit` to `*int64`, breaking the vendored containerd code

@aymericDD @claude
chore(deps): upgrade Go and third-party dependencies
306a45e 
Bump Go version and align third-party dependency versions
to latest compatible releases.

Notable changes:
- Go version: 1.25.6 → 1.25.9
- k8s.io/{api,apimachinery,client-go,cli-runtime}: 0.34→0.35
- sigs.k8s.io/controller-runtime: 0.21.0 → 0.22.4
- opencontainers/runc removed; replaced by standalone
  opencontainers/cgroups module (cgroup/manager_linux.go migrated)
- libbpfgo: v0.5.1-libbpf-1.2 → v0.9.2-libbpf-1.5.1
- vishvananda/netlink: pseudo-version → v1.3.1
- Regenerated K8SClientMock for new client.Client.Apply method
- Patched containerd vendor for runtime-spec v1.3.0 LinuxPids.Limit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@datadog-datadog-prod-us1
Copy link
Copy Markdown

datadog-datadog-prod-us1 Bot commented Apr 30, 2026
edited by datadog-datadog-prod-us1-2 Bot
Loading

Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
Patch Coverage: 0.00%
Overall Coverage: 39.07% (+0.00%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 8001679 | Docs | Datadog PR Page | Give us feedback!

@aymericDD @claude
fix(deps): pin libbpfgo and runtime-spec to compatible versions
6ab19a7 
- Revert libbpfgo to v0.5.1-libbpf-1.2 to match the libbpf version
  available in the Docker build image (libbpf 1.2); v0.9.x requires
  BPF_MAP_TYPE_ARENA introduced in libbpf 1.4+
- Downgrade runtime-spec to v1.1.0 (what containerd v1.7.30 requires);
  v1.3.0 changed LinuxPids.Limit to *int64, breaking the vendored
  containerd code
- Regenerate LICENSE-3rdparty.csv for new/removed packages

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@aymericDD aymericDD marked this pull request as ready for review April 30, 2026 12:02
@aymericDD aymericDD requested a review from a team as a code owner April 30, 2026 12:02
aymericDD and others added 2 commits May 12, 2026 14:30
@aymericDD @claude
ci(debug): always capture controller + chaos pod logs in e2e
a7eb68d 
Change save/upload logs steps from `if: failure()` to `if: always()`
so they run even when the e2e-test job is cancelled by the 45-minute
timeout. Add diagnostics for chaos pods, events, and pod descriptions
to debug why target injection is stuck at NotInjected on this branch.

This is a temporary debug commit to gather logs and should be reverted
once the root cause is found.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@aymericDD @claude
fix(network): handle new netlink default-route representation
8001679 
vishvananda/netlink v1.3.0 changed how default routes are decoded.
Previously, default routes had `route.Dst == nil`; now they always
carry an explicit zero-IP destination with a /0 mask. The injector's
DefaultRoutes() check `route.Dst == nil && route.Gw != nil` was
therefore matching nothing post-upgrade, causing every network
disruption injection to fail with "error getting default route: not
found" and leaving targets stuck at NotInjected in e2e tests.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@aymericDD aymericDD requested a review from diyarab May 12, 2026 14:53
clairecng
clairecng reviewed May 13, 2026
View reviewed changes
Comment thread network/netlink.go
clairecng
clairecng reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@clairecng clairecng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

has this been deployed on staging + tested?

@aymericDD aymericDD merged commit af729a4 into main May 18, 2026
13 checks passed
@aymericDD aymericDD deleted the aymericdd/chore/upgrade-dependencies branch May 18, 2026 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@clairecng clairecng clairecng approved these changes

@diyarab diyarab diyarab approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aymericDD @clairecng @diyarab