Update to Cadence v1.7.0

[turbolent]

Description

Automatically update to:

• onflow/cadence v1.7.0
• onflow/flow-go-sdk v1.8.1
• onflow/flow-go 12699a150fd9

Summary by CodeRabbit

• Chores
  • Upgraded multiple dependencies to newer minor versions across blockchain (Cadence, Flow SDK, Ethereum client), telemetry (OpenTelemetry), RPC/protobuf (gRPC, genproto), Google Cloud APIs, and AWS SDK.
  • Enhances overall stability, performance, and interoperability with upstream services.
  • Includes upstream bug fixes and improvements from vendors.
  • No user-facing functionality changes or API alterations.

[coderabbitai]

Walkthrough

Updated dependency versions in go.mod across multiple ecosystems (Flow/Cadence, Ethereum, OpenTelemetry, Google Cloud/GRPC/Protobuf, AWS SDK v2, and testing). No source code changes or public API alterations are included in this diff.

Changes

Cohort / File(s)	Summary
Flow & Cadence go.mod	Bumped Cadence v1.7.0-preview.3 → v1.7.0; onflow/flow-go dev-pebble.1 → dev-pebble.1.0.20250910132853-12699a150fd9; onflow/flow-go-sdk v1.7.0 → v1.8.1.
Ethereum go.mod	Upgraded github.com/ethereum/go-ethereum v1.16.2 → v1.16.3.
OpenTelemetry & GCP Detectors go.mod	go.opentelemetry.io/otel/sdk and sdk/metric v1.36.0 → v1.37.0; GCP detectors v1.27.0 → v1.29.0.
Google APIs, gRPC, Protobuf, Genproto go.mod	google.golang.org/api v0.241.0 → v0.247.0; grpc v1.74.2 → v1.75.0; protobuf v1.36.6 → v1.36.7; genproto api/rpc snapshots updated; gax-go/v2 v2.14.2 → v2.15.0.
AWS SDK for Go v2 go.mod	Core v1.37.0 → v1.38.1; config v1.30.0 → v1.31.2; credentials v1.18.0 → v1.18.6; ec2/imds v1.17.0 → v1.18.4; internal components bumped; sso v1.26.0 → v1.28.2; ssooidc v1.31.0 → v1.33.2; sts v1.35.0 → v1.38.0.
Google Cloud auth/metadata go.mod	cloud.google.com/go/auth v0.16.2 → v0.16.4; compute/metadata v0.7.0 → v0.8.0.
Testing go.mod	github.com/stretchr/testify v1.10.0 → v1.11.1.
Misc/Indirect alignment go.mod	Consolidated indirect genproto/api/rpc references and related version harmonization.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title “Update to Cadence v1.7.0” accurately references a key change in the pull request and thus is partially related to the updates performed, but it does not mention the accompanying flow-go-sdk and flow-go dependency upgrades that are also part of this PR.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

I nudge the go.mod with a gentle tap,
Hop-hop through versions, map by map.
Cadence hums, Flow streams anew,
Clouds and chains in tidy queue.
With ears perked high, I sign and say—
Dependencies groomed. Now, code away! 🐇✨

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch auto-update-onflow-cadence-v1.7.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

go.mod (1)

3-3: Invalid go directive: use "go 1.25" (no patch) and ensure toolchain is available in CI.

"go 1.25.0" is not a valid value; the go directive only accepts major.minor.

Apply this diff:

-go 1.25.0
+go 1.25

Follow-up: after changing, run go mod tidy -compat=1.25.

🧹 Nitpick comments (2)

go.mod (2)

26-27: OTel version skew; consider aligning all otel packages to 1.37.x.*

SDK is 1.37.0 but exporters are older (e.g., otlpmetricgrpc 1.34.0, otlptrace 1.31.0). Keeping OTel packages on the same minor reduces churn and avoids subtle API drifts.

Happy to raise a follow-up PR to bump:

• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc -> v1.37.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace -> v1.37.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc -> v1.37.0

---

113-127: AWS SDK v2 family partly bumped — align services to the same minor train.

Core/sdk are 1.38.x but s3 (v1.15.0) and s3shared (v1.7.0) remain older; minor misalignments can break presign/signer behavior.

Propose updating:

• github.com/aws/aws-sdk-go-v2/service/s3 -> latest 1.38.x-compatible
• github.com/aws/aws-sdk-go-v2/service/internal/s3shared -> matching minor
• github.com/aws/aws-sdk-go-v2/feature/s3/manager -> matching minor

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b3ee760 and ba531a1.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod (6 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: test

🔇 Additional comments (5)

go.mod (5)

20-20: Testify bump LGTM.

v1.11.1 is a safe minor; expect no breaking assertions for typical usage.

---

38-38: Verify ADC and metadata probing paths post-auth bump
No direct references to ADC or metadata packages were found in Go code; please manually confirm that default credential resolution and metadata server probing behavior in your production environment remains correct after bumping cloud auth dependencies.

---

11-11: Unify go-ethereum module imports in go.mod
go.mod currently lists both github.com/ethereum/go-ethereum@v1.16.3 (line 11) and github.com/onflow/go-ethereum@v1.16.2 (indirect, line 271). Verify that no code is directly importing types from the onflow fork. If you intend to use only the upstream client, add a replace directive in go.mod such as:

replace github.com/onflow/go-ethereum => github.com/ethereum/go-ethereum v1.16.3

then run go mod tidy to prune the unused module.

---

99-99: Scan for removed/renamed Google APIs after wide genproto snapshot bump
The top-level google.golang.org/genproto module remains at v0.0.0-20250603155806, while nested modules advanced to v0.0.0-20250707201910 and v0.0.0-20250804133106; ensure no fields or options removed/renamed by these snapshots are referenced in your code.

---

15-17: Flow/Cadence dependencies updated — run full integration and fixture checks

• go.mod (lines 15–17): cadence v1.7.0, flow-go v0.43.0-dev-pebble.1.0.20250910132853-12699a150fd9, flow-go-sdk v1.8.1 confirmed
• No imports of cadence.runtime/ast/sema or flow-go-sdk client/crypto/sign detected
• Tests present in state/convert_test.go and script/script_test.go

Please run the full integration suite and fixture checks to validate Rosetta endpoints, script decoding, and protobuf/JSON round-trips.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

gRPC/protobuf/genproto upgraded — confirm generated stubs are up to date.

Upgrading grpc/protobuf/genproto without regenerating can cause wire/runtime mismatches.

If regeneration is needed, document protoc/protoc-gen-go/protoc-gen-go-grpc versions in CONTRIBUTING.

Also applies to: 344-345

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# Check generated files' protoc plugin headers for version drift
rg -nP -g '!**/vendor/**' -S '^//\s*Code generated by protoc-gen-go(-grpc)?' -C0
# List effective versions
go list -m -json google.golang.org/grpc google.golang.org/protobuf google.golang.org/genproto \
  | jq -r '.Path+" "+.Version'

Length of output: 148

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# Show go.mod entries for grpc/protobuf/genproto
grep -E 'google.golang.org/(grpc|protobuf|genproto)' go.mod -n || true
# Inspect generated .pb.go files for protoc-gen-go headers
rg -nP --type go '^// Code generated by protoc-gen-go(-grpc)?' -g '*.pb.go' -C0 || true
# List effective module versions
go list -m -json google.golang.org/grpc google.golang.org/protobuf google.golang.org/genproto \
  | jq -r '.Path+" "+.Version'

Length of output: 707

---

Regenerate protobuf & gRPC stubs to match updated modules

• Regenerate all .pb.go and _grpc.pb.go files using protoc with protoc-gen-go v1.36.7 and protoc-gen-go-grpc v1.2.0 to align with go.mod (grpc v1.75.0, protobuf v1.36.7, genproto updates)
• Document exact protoc, protoc-gen-go and protoc-gen-go-grpc versions in CONTRIBUTING