Upgrade go version and dependencies

[andrest50]

This pull request primarily updates dependencies and the Go version for the project, along with a minor chart version bump. The main focus is on keeping the project up-to-date with the latest compatible libraries and tooling.

Dependency and tooling updates:

• Updated the Go version in go.mod from 1.23.0 to 1.25, ensuring compatibility with the latest language features and improvements.
• Upgraded several direct and indirect dependencies in go.mod, including major updates to aws-sdk-go-v2, nats.go, testify, goa, and various golang.org/x/* libraries, which may bring bug fixes, performance improvements, and new features.

Chart version bump:

• Incremented the Helm chart version in charts/lfx-v2-project-service/Chart.yaml from 0.5.2 to 0.5.3 to reflect these updates.

[coderabbitai]

Walkthrough

Bumps Helm chart version (0.5.2 → 0.5.3). Updates go.mod with Go toolchain and many dependency version upgrades (AWS SDK v2 components, golang.org/x/*, nats, testify, goa, etc.). Advances MegaLinter Go flavor reference in CI.

Changes

Cohort / File(s)	Summary
Helm Chart charts/lfx-v2-project-service/Chart.yaml	Chart version bumped from 0.5.2 → 0.5.3; appVersion unchanged.
Go module manifest go.mod	Go toolchain version updated (to 1.24.0) and numerous direct and transitive dependencies upgraded, including AWS SDK v2 modules (config, feature/s3/manager, service/s3), nats.go, testify, goa/v3, and several golang.org/x/* packages.
CI workflow .github/workflows/mega-linter.yml	MegaLinter Go flavor reference updated to a newer commit (flavor advance to a later MegaLinter Go flavor).

Sequence Diagram(s)

Not applicable — no runtime/control-flow feature changes introduced.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Review focus:
  • go.mod dependency upgrades (AWS SDK v2, golang.org/x/*, goa/v3, etc.) — check for API changes and run full build/tests.
  • Ensure CI linter step still functions with the updated MegaLinter flavor.
  • Verify Helm chart bump aligns with release/versioning workflow.

Possibly related PRs

• [LFXV2-215] Fix JWT authentication and improve Helm deployment flexibility #10 — Another PR that increments charts/lfx-v2-project-service/Chart.yaml, likely related to chart version changes.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Upgrade go version and dependencies' clearly summarizes the main changes in the pull request, which involves updating Go from 1.23.0 to 1.25 and upgrading multiple dependencies.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, detailing Go version updates, dependency upgrades, and chart version bumps with clear explanations of the purpose and benefits.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch andrest50/upgrade-go

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f441606 and ebfe2c3.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• .github/workflows/mega-linter.yml (1 hunks)
• charts/lfx-v2-project-service/Chart.yaml (1 hunks)
• go.mod (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• charts/lfx-v2-project-service/Chart.yaml

🧰 Additional context used

📓 Path-based instructions (1)

go.mod

📄 CodeRabbit inference engine (CLAUDE.md)

Set module Go version to 1.23+ in go.mod

Files:

• go.mod

🧠 Learnings (5)

📓 Common learnings

Learnt from: CR
Repo: linuxfoundation/lfx-v2-project-service PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-29T19:12:32.725Z
Learning: Applies to go.mod : Set module Go version to 1.23+ in go.mod

📚 Learning: 2025-09-29T19:12:32.725Z

Learnt from: CR
Repo: linuxfoundation/lfx-v2-project-service PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-29T19:12:32.725Z
Learning: Applies to go.mod : Set module Go version to 1.23+ in go.mod

Applied to files:

• go.mod

📚 Learning: 2025-09-29T19:12:32.725Z

Learnt from: CR
Repo: linuxfoundation/lfx-v2-project-service PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-29T19:12:32.725Z
Learning: Applies to cmd/project-api/service*.go : Implement Goa-generated service interfaces in cmd/project-api/service*.go

Applied to files:

• go.mod

📚 Learning: 2025-09-29T19:12:32.725Z

Learnt from: CR
Repo: linuxfoundation/lfx-v2-project-service PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-29T19:12:32.725Z
Learning: Applies to api/project/v1/design/**/*.go : Define and update the REST API using Goa v3 in api/project/v1/design/ (Design First)

Applied to files:

• go.mod

📚 Learning: 2025-09-29T19:12:32.725Z

Learnt from: CR
Repo: linuxfoundation/lfx-v2-project-service PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-29T19:12:32.725Z
Learning: Applies to api/project/v1/gen/** : Do not edit generated code under api/project/v1/gen/; run make apigen to regenerate

Applied to files:

• go.mod

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: MegaLinter

🔇 Additional comments (4)

.github/workflows/mega-linter.yml (1)

36-36: LGTM — MegaLinter upgrade aligns with Go toolchain updates.

The MegaLinter Go flavor update from 8.7.0 to 9.1.0 is well-pinned by commit SHA and aligns with the Go 1.24.0 toolchain upgrade. No workflow behavior changes expected.

go.mod (3)

5-5: Clarify Go version discrepancy in PR description.

The go.mod sets Go version to 1.24.0 (satisfies coding guideline requirement of 1.23+), but the PR objectives claim the update is "from 1.23.0 to 1.25". Confirm whether 1.24.0 is intentional or if it should be 1.25. This may affect compatibility claims for goa/v3 v3.22.6, which specifically requires Go 1.24 or higher.

---

9-11: Test AWS SDK v2 functionality after broad dependency updates.

Multiple AWS SDK v2 modules have been upgraded, including core components (config, S3 manager/service, credentials, SSO/STS). These updates span numerous internal modules and smithy-go. Ensure that:

1. S3 operations (upload/download/list) work correctly with the new manager and service versions
2. Credential resolution and SSO authentication flows work as expected with updated sso/ssooidc/sts modules
3. Any presigned URL generation or checksum validation still functions correctly

Consider running integration tests against AWS environments (dev/staging) before merging.

Also applies to: 22-38

---

14-14: Verify golang.org/x/ and NATS updates for API compatibility.*

Several core libraries have been updated:

• golang.org/x/crypto v0.45.0, golang.org/x/sys v0.38.0, golang.org/x/tools v0.39.0, golang.org/x/text v0.31.0: Ensure no breaking changes in cryptographic functions, syscall compatibility, or tooling integration
• nats-io/nats.go v1.47.0: Review NATS client API for any breaking changes in publish/subscribe patterns or connection management

Run existing integration and unit tests to confirm compatibility.

Also applies to: 18-18, 52-56

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This pull request updates the Go version from 1.23.0 to 1.25 and upgrades multiple dependencies across the project, including AWS SDK v2, NATS client, testing libraries, and several golang.org packages. These updates ensure the project uses the latest compatible library versions with potential bug fixes and performance improvements.

Key changes:

• Go version bumped from 1.23.0 to 1.25
• AWS SDK v2 packages upgraded to newer minor/patch versions
• Multiple indirect dependencies updated (testify, goa, nats.go, golang.org/x/* packages)

Reviewed Changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File	Description
go.mod	Updated Go version directive and dependency versions for direct and indirect dependencies
go.sum	Updated checksums to match the new dependency versions in go.mod
charts/lfx-v2-project-service/Chart.yaml	Incremented Helm chart version from 0.5.2 to 0.5.3

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8775ad5 and 53d3e2b.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• .github/workflows/mega-linter.yml (1 hunks)
• charts/lfx-v2-project-service/Chart.yaml (1 hunks)
• go.mod (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• charts/lfx-v2-project-service/Chart.yaml

🧰 Additional context used

📓 Path-based instructions (1)

go.mod

📄 CodeRabbit inference engine (CLAUDE.md)

Set module Go version to 1.23+ in go.mod

Files:

• go.mod

🧠 Learnings (4)

📓 Common learnings

Learnt from: CR
Repo: linuxfoundation/lfx-v2-project-service PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-29T19:12:32.725Z
Learning: Applies to go.mod : Set module Go version to 1.23+ in go.mod

📚 Learning: 2025-09-29T19:12:32.725Z

Learnt from: CR
Repo: linuxfoundation/lfx-v2-project-service PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-29T19:12:32.725Z
Learning: Applies to go.mod : Set module Go version to 1.23+ in go.mod

Applied to files:

• go.mod

📚 Learning: 2025-09-29T19:12:32.725Z

Learnt from: CR
Repo: linuxfoundation/lfx-v2-project-service PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-29T19:12:32.725Z
Learning: Applies to cmd/project-api/service*.go : Implement Goa-generated service interfaces in cmd/project-api/service*.go

Applied to files:

• go.mod

📚 Learning: 2025-09-29T19:12:32.725Z

Learnt from: CR
Repo: linuxfoundation/lfx-v2-project-service PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-09-29T19:12:32.725Z
Learning: Applies to api/project/v1/design/**/*.go : Define and update the REST API using Goa v3 in api/project/v1/design/ (Design First)

Applied to files:

• go.mod

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build and Test
• GitHub Check: MegaLinter

🔇 Additional comments (4)

go.mod (3)

5-5: Go version upgrade aligns with coding guidelines.

Updating the Go version from 1.23.0 to 1.25 satisfies the project guideline of Go 1.23+. Ensure the codebase is tested and known to be compatible with Go 1.25 before merging.

---

14-18: Approve minor dependency updates across test and utility libraries.

The updates to NATS (v1.43.0 → v1.47.0), testify (v1.10.0 → v1.11.1), and golang.org/x/sync (v0.16.0 → v0.18.0) are minor/patch version bumps and are expected to be backward compatible.

---

9-11: AWS SDK v2 usage is compatible with updated versions; verify through runtime testing.

Code inspection shows the AWS SDK v2 APIs used in scripts/project-logo-file-conversion/main.go are standard and stable:

• config.LoadDefaultConfig() for config initialization
• s3.NewFromConfig() for S3 client creation
• manager.NewUploader() and uploader.Upload() for S3 operations

These are core AWS SDK v2 APIs that remain compatible across the minor/patch versions specified. Go version requirement (1.25) exceeds the 1.23+ guideline. Verify service operations function correctly by running integration tests against the updated S3 client and manager implementations.

.github/workflows/mega-linter.yml (1)

36-36: Verify workflow execution and test results for MegaLinter 9.1.0.

The .mega-linter.yml configuration appears compatible with v9.1.0 (uses pre-built Go flavor and disables known problematic linters). However, the PR should include evidence that:

• The updated workflow executed successfully
• No new linter failures were introduced by v9.1.0's bundled linter version updates
• The make lint and make check targets still pass

Please confirm the workflow has been tested against the v9.1.0 upgrade or add test validation to the PR.