[v0.21.x-branch] Backport #10838: build: bump Go toolchain to 1.26.3#10849
Merged
Conversation
|
Warning Gemini encountered an error creating the summary. You can try again by commenting |
github-actions
Bot
added
the
severity-critical
|
PR Severity: CRITICAL. Base: HIGH (cert/go.mod, sqldb/go.mod, lnrpc/ files). Bumped due to 30 non-test files exceeding the 20-file threshold. No functional code changes - pure Go toolchain bump. <!-- pr-severity-bot --> |
The tor v2 cleanup backport added a graph bootstrapper regression test from master. Master already has the newer autopilot.ChannelGraph interface, where ForEachNodesChannels passes a NodeID. The v0.21.x branch still uses the older interface, where ForEachNodesChannels passes the full autopilot.Node. Adapt only the local test stub so this backport remains scoped. This avoids pulling in the broader autopilot graph-cache refactor from PR #10796 just to satisfy the release-branch test build.
ziggie1984
force-pushed
the
backport-10838-to-v0.21.x-branch
branch
from
8a7254e to
529dced
Compare
Collaborator
Author
|
Fixed the Test problem in the first commit which we oversaw while merging the #10844 |
starius
approved these changes
May 27, 2026
Comment on lines
+18
to
+31
| push: | ||
| branches: | ||
| - "master" | ||
| paths: | ||
| - ".github/workflows/govulncheck.yml" | ||
| - ".github/actions/setup-go/action.yml" | ||
| - "Makefile" | ||
| - "make/release_flags.mk" | ||
| - "**/*.go" | ||
| - "**/go.mod" | ||
| - "**/go.sum" | ||
| merge_group: | ||
| branches: | ||
| - "master" |
Collaborator
There was a problem hiding this comment.
Should we add v0.21.x-branch to this list?
Collaborator
Author
There was a problem hiding this comment.
hmm will think about it don't want to create too much noise, master should be already giving us al the details
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #10838
This PR replaces #10566 with a narrower Go version update that separates the build toolchain from the module language/minimum Go version.
The build toolchain pins move from Go 1.25.5 to Go 1.26.3 across:
The module language/minimum Go version stays on the Go 1.25 line and is updated only to the latest patch release:
It also carries forward the compatibility fix discussed in #10566: Go 1.26 no longer supports the windows/arm port, so the release target and CI arm matrix now use windows-arm64 instead.
This PR also adds a dedicated govulncheck workflow that builds the release-style lnd binary and scans it in binary mode. The workflow runs weekly, can be started manually, and runs on PRs/pushes that touch Go dependency or Go build-version surfaces. This avoids making every ordinary PR fail because the external vulnerability database changed, while still catching newly published vulnerabilities on a schedule.
No functional lnd code changes are included.