Skip to content

chore(demo): update demo module router dependencies#2364

Merged
dkorittki merged 2 commits intomainfrom
dominik/eng-8563-update-dependencies-of-demo-module
Nov 26, 2025
Merged

chore(demo): update demo module router dependencies#2364
dkorittki merged 2 commits intomainfrom
dominik/eng-8563-update-dependencies-of-demo-module

Conversation

@dkorittki
Copy link
Copy Markdown
Contributor

@dkorittki dkorittki commented Nov 26, 2025
edited by coderabbitai Bot
Loading

Checklist

The demo package wasn't able to build since the merge of #2273 because the router dependencies of the demo module are too old. This pull request updates it the latest version. Also used go mod tidy afterwards to clean up go.sum

Summary by CodeRabbit

  • Chores
    • Updated core and transitive dependencies (Go toolchain, gRPC, protobuf, OpenTelemetry and related packages) to newer compatible versions for stability and security.
    • Refreshed router and router-test references to a more recent release.
    • Upgraded cryptographic/jwk and testing libraries.
    • No breaking changes; existing functionality and public APIs unchanged.

✏️ Tip: You can customize this high-level summary in your review settings.

@dkorittki dkorittki marked this pull request as ready for review November 26, 2025 09:34
@dkorittki dkorittki requested review from a team as code owners November 26, 2025 09:34
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Nov 26, 2025
edited
Loading

Walkthrough

Updates to dependency version pins in two go.mod files: demo/go.mod and router-tests/go.mod, replacing older cosmo/router module revisions and bumping a range of direct and indirect Go dependencies (crypto, sync, jwk/keyfunc, expr, mapstructure, testify, otel, grpc, protobuf, and others).

Changes

Cohort / File(s) Summary
Demo module dependency updates
demo/go.mod		 Replaced cosmo router-related module revisions with v0.0.0-20251125205644-175f80c4e6d9; upgraded multiple direct and indirect dependencies (e.g., golang.org/x/sync v0.15.0→v0.17.0, golang.org/x/crypto v0.39.0→v0.43.0, jwkset/keyfunc bumps, expr, mapstructure/v2, testify, graphql-go-tools, OpenTelemetry components, google.golang.org/grpc v1.68.1→v1.71.0, google.golang.org/protobuf patch bumps).
Router-tests module dependency update
router-tests/go.mod		 Upgraded github.com/wundergraph/cosmo/router replace/version to v0.0.0-20251125205644-175f80c4e6d9; no other changes to replace or dependency lines.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Pay attention to integration points that import the updated router module (ensure no new import path or API assumptions).
  • Verify cryptography/jwk-related updates for any behavioral or initialization changes.
  • Sanity-check OpenTelemetry, gRPC, and protobuf minor/patch bumps for breaking changes in instrumentation or generated code.

Possibly related PRs

Pre-merge checks

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main purpose of the PR: updating router dependencies in the demo module to fix build failures.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2ea6a8c and 92058fe.

📒 Files selected for processing (1)
  • router-tests/go.mod (1 hunks)
🧰 Additional context used
🧠 Learnings (8)
📓 Common learnings 
Learnt from: StarpTech
Repo: wundergraph/cosmo PR: 2157
File: router-tests/go.mod:16-16
Timestamp: 2025-08-20T22:13:25.222Z
Learning: github.com/mark3labs/mcp-go v0.38.0 has regressions and should not be used in the wundergraph/cosmo project. v0.36.0 is the stable version that should be used across router-tests and other modules.

Learnt from: SkArchon
Repo: wundergraph/cosmo PR: 2252
File: router-tests/telemetry/telemetry_test.go:9684-9693
Timestamp: 2025-10-01T20:39:16.113Z
Learning: Repo preference: In router-tests/telemetry/telemetry_test.go, keep strict > 0 assertions for request.operation.*Time (parsingTime, normalizationTime, validationTime, planningTime) in telemetry-related tests; do not relax to >= 0 unless CI flakiness is observed.
📚 Learning: 2025-08-20T22:13:25.222Z 
Learnt from: StarpTech
Repo: wundergraph/cosmo PR: 2157
File: router-tests/go.mod:16-16
Timestamp: 2025-08-20T22:13:25.222Z
Learning: github.com/mark3labs/mcp-go v0.38.0 has regressions and should not be used in the wundergraph/cosmo project. v0.36.0 is the stable version that should be used across router-tests and other modules.

Applied to files:

  • router-tests/go.mod
📚 Learning: 2025-10-01T20:39:16.113Z 
Learnt from: SkArchon
Repo: wundergraph/cosmo PR: 2252
File: router-tests/telemetry/telemetry_test.go:9684-9693
Timestamp: 2025-10-01T20:39:16.113Z
Learning: Repo preference: In router-tests/telemetry/telemetry_test.go, keep strict > 0 assertions for request.operation.*Time (parsingTime, normalizationTime, validationTime, planningTime) in telemetry-related tests; do not relax to >= 0 unless CI flakiness is observed.

Applied to files:

  • router-tests/go.mod
📚 Learning: 2025-09-24T12:54:00.765Z 
Learnt from: endigma
Repo: wundergraph/cosmo PR: 2222
File: router-tests/websocket_test.go:2238-2302
Timestamp: 2025-09-24T12:54:00.765Z
Learning: The wundergraph/cosmo project uses Go 1.25 (Go 1.23+ minimum), so fmt.Appendf and other newer Go standard library functions are available and can be used without compatibility concerns.

Applied to files:

  • router-tests/go.mod
📚 Learning: 2025-09-24T12:54:00.765Z 
Learnt from: endigma
Repo: wundergraph/cosmo PR: 2222
File: router-tests/websocket_test.go:2238-2302
Timestamp: 2025-09-24T12:54:00.765Z
Learning: The wundergraph/cosmo project uses Go 1.25 (Go 1.25 minimum), so fmt.Appendf and other newer Go standard library functions are available and can be used without compatibility concerns.

Applied to files:

  • router-tests/go.mod
📚 Learning: 2025-11-19T15:13:57.821Z 
Learnt from: dkorittki
Repo: wundergraph/cosmo PR: 2273
File: router/core/graphql_handler.go:0-0
Timestamp: 2025-11-19T15:13:57.821Z
Learning: In the Cosmo router (wundergraph/cosmo), error handling follows a two-phase pattern: (1) Prehandler phase handles request parsing, validation, and setup errors using `httpGraphqlError` and `writeOperationError` (in files like graphql_prehandler.go, operation_processor.go, parse_multipart.go, batch.go); (2) Execution phase handles resolver execution errors using `WriteError` in GraphQLHandler.ServeHTTP. Because all `httpGraphqlError` instances are caught in the prehandler before ServeHTTP is invoked, any error type checks for `httpGraphqlError` in the execution-phase WriteError method are unreachable code.

Applied to files:

  • router-tests/go.mod
📚 Learning: 2025-08-20T10:08:17.857Z 
Learnt from: endigma
Repo: wundergraph/cosmo PR: 2155
File: router/core/router.go:1857-1866
Timestamp: 2025-08-20T10:08:17.857Z
Learning: In the Cosmo router codebase, JSON schema validation prevents null values in TrafficShapingRules subgraph configurations, making nil checks unnecessary when dereferencing subgraph rule pointers in NewSubgraphTransportOptions.

Applied to files:

  • router-tests/go.mod
📚 Learning: 2025-08-20T10:08:17.857Z 
Learnt from: endigma
Repo: wundergraph/cosmo PR: 2155
File: router/core/router.go:1857-1866
Timestamp: 2025-08-20T10:08:17.857Z
Learning: router/pkg/config/config.schema.json forbids null values for traffic_shaping.subgraphs: additionalProperties references $defs.traffic_shaping_subgraph_request_rule with type "object". Therefore, in core.NewSubgraphTransportOptions, dereferencing each subgraph rule pointer is safe under schema-validated configs, and a nil-check is unnecessary.

Applied to files:

  • router-tests/go.mod
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
  • GitHub Check: image_scan (nonroot)
  • GitHub Check: image_scan
  • GitHub Check: integration_test (./telemetry)
  • GitHub Check: build_push_image (nonroot)
  • GitHub Check: build_push_image
  • GitHub Check: integration_test (./. ./fuzzquery ./lifecycle ./modules)
  • GitHub Check: integration_test (./events)
  • GitHub Check: build_test
  • GitHub Check: build_test
  • GitHub Check: Analyze (go)
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (2)
router-tests/go.mod (2)

16-16: Correct mark3labs/mcp-go version pinned per project standards.

The dependency is pinned to v0.36.0, which is the stable version required by the project. This aligns with prior guidance that v0.38.0 has regressions and should not be used across router-tests and related modules.

28-28: I'll help you verify and rewrite this review comment. Let me start by examining the dependencies and their consistency across the codebase.
<function_calls>

#!/bin/bash

Read router-tests/go.mod to check all dependencies

cat -n router-tests/go.mod | head -40


</function_calls>

Awaiting results to proceed with verification...

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Nov 26, 2025
edited
Loading

Router-nonroot image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-dcd64dd1b882273abe711a6acdd04fb402cb2ad4-nonroot

@codecov
Copy link
Copy Markdown

codecov Bot commented Nov 26, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@175f80c). Learn more about missing BASE report.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2364   +/-   ##
=======================================
  Coverage        ?   32.62%           
=======================================
  Files           ?      209           
  Lines           ?    22589           
  Branches        ?        0           
=======================================
  Hits            ?     7369           
  Misses          ?    14309           
  Partials        ?      911

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

StarpTech
StarpTech approved these changes Nov 26, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@StarpTech StarpTech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dkorittki dkorittki merged commit ce57515 into main Nov 26, 2025
31 of 32 checks passed
@dkorittki dkorittki deleted the dominik/eng-8563-update-dependencies-of-demo-module branch November 26, 2025 11:38
@coderabbitai coderabbitai Bot mentioned this pull request Dec 2, 2025
Merged
5 tasks
This was referenced Dec 10, 2025
Closed
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Dec 19, 2025
Merged
5 tasks
@coderabbitai coderabbitai Bot mentioned this pull request Jan 19, 2026
Merged
5 tasks
This was referenced Feb 11, 2026
Merged
Merged
Merged
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Mar 5, 2026
Merged
5 tasks
This was referenced Mar 19, 2026
Merged
Merged
Closed
@coderabbitai coderabbitai Bot mentioned this pull request Mar 31, 2026
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alepane21 alepane21 alepane21 approved these changes

@StarpTech StarpTech StarpTech approved these changes

@wilsonrivera wilsonrivera Awaiting requested review from wilsonrivera wilsonrivera is a code owner automatically assigned from wundergraph/cosmo

@Aenimus Aenimus Awaiting requested review from Aenimus Aenimus is a code owner automatically assigned from wundergraph/cosmo

@ysmolski ysmolski Awaiting requested review from ysmolski ysmolski is a code owner automatically assigned from wundergraph/router

@Noroth Noroth Awaiting requested review from Noroth Noroth is a code owner

@devsergiy devsergiy Awaiting requested review from devsergiy devsergiy is a code owner

@jensneuse jensneuse Awaiting requested review from jensneuse jensneuse is a code owner

@endigma endigma Awaiting requested review from endigma endigma is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dkorittki @alepane21 @StarpTech