Skip to content

Update to Cadence v1.9.4#8318

Merged
turbolent merged 1 commit intomasterfrom
auto-update-onflow-cadence-v1.9.4
Jan 9, 2026
Merged

Update to Cadence v1.9.4#8318
turbolent merged 1 commit intomasterfrom
auto-update-onflow-cadence-v1.9.4

Conversation

@turbolent
Copy link
Member

@turbolent turbolent commented Jan 8, 2026
edited by coderabbitai bot
Loading

Description

Automatically update to:

Summary by CodeRabbit

  • Chores
    • Updated core dependencies including cryptographic libraries, cloud service integrations, and protocol buffer tools to latest stable versions for improved security and stability.

✏️ Tip: You can customize this high-level summary in your review settings.

@turbolent turbolent requested a review from a team as a code owner January 8, 2026 21:11
@github-actions
Copy link
Contributor

github-actions bot commented Jan 8, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

@turbolent turbolent requested review from a team January 8, 2026 21:12
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 8, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The PR updates Go module dependencies across three go.mod files (root, insecure, and integration modules) to newer patch and minor versions, including updates to Google Cloud libraries, AWS SDK v2, Flow network dependencies, cryptographic packages, and golang.org/x utilities.

Changes

Cohort / File(s) Summary
Dependency Version Bumps
go.mod, insecure/go.mod, integration/go.mod		 Updated multiple direct and indirect dependencies to newer patch/minor versions across all three modules. Key updates include cloud.google.com/go/storage (v1.50.0 → v1.56.0), google.golang.org/grpc (v1.77.0 → v1.78.0), google.golang.org/protobuf (v1.36.10 → v1.36.11), golang.org/x/crypto/net/oauth2/sync/sys/term/text (security and ecosystem upgrades), AWS SDK v2 config/credentials/sso components, github.com/onflow/cadence/flow-go-sdk/flow protobuf packages, googleapis/gax-go (v2.15.0 → v2.16.0), and OpenTelemetry exporter/metric and internal/resourcemapping components.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested reviewers

  • fxamacker
  • janezpodhostnik

Poem

🐰 Dependencies dance and versions do bloom,
From storage to sync, we sweep through the room,
Security patches and crypto refined,
A garden of updates, so perfectly aligned! 🌱✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the primary change: updating Cadence to v1.9.4, which is the main focus of this dependency update PR.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a828cf6 and 830c386.

⛔ Files ignored due to path filters (3)
  • go.sum is excluded by !**/*.sum
  • insecure/go.sum is excluded by !**/*.sum
  • integration/go.sum is excluded by !**/*.sum
📒 Files selected for processing (3)
  • go.mod
  • insecure/go.mod
  • integration/go.mod
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-12-23T00:28:41.005Z 
Learnt from: CR
Repo: onflow/flow-go PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T00:28:41.005Z
Learning: Applies to {crypto,fvm,ledger,access,engine}/**/*.go : Cryptographic operations require careful handling; refer to crypto library documentation for proper implementation

Applied to files:

  • integration/go.mod
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (37)
  • GitHub Check: Lint (./insecure/)
  • GitHub Check: Lint (./integration/)
  • GitHub Check: Lint (./)
  • GitHub Check: Unit Tests (engine/execution/computation)
  • GitHub Check: Unit Tests (network/test/cohort1)
  • GitHub Check: Unit Tests (network/p2p/connection)
  • GitHub Check: Unit Tests (network/p2p/node)
  • GitHub Check: Unit Tests (module/dkg)
  • GitHub Check: Unit Tests (engine/execution)
  • GitHub Check: Unit Tests (others)
  • GitHub Check: Unit Tests (consensus)
  • GitHub Check: Unit Tests (network/test/cohort2)
  • GitHub Check: Unit Tests (network/alsp)
  • GitHub Check: Unit Tests (network/p2p/scoring)
  • GitHub Check: Unit Tests (network/p2p)
  • GitHub Check: Unit Tests (network)
  • GitHub Check: Unit Tests (engine/execution/ingestion)
  • GitHub Check: Unit Tests (module)
  • GitHub Check: Unit Tests (engine)
  • GitHub Check: Unit Tests (engine/common)
  • GitHub Check: Unit Tests (engine/verification)
  • GitHub Check: Unit Tests (engine/collection)
  • GitHub Check: Unit Tests (engine/access)
  • GitHub Check: Unit Tests (storage)
  • GitHub Check: Unit Tests (admin)
  • GitHub Check: Unit Tests (state)
  • GitHub Check: Unit Tests (engine/consensus)
  • GitHub Check: Unit Tests (fvm)
  • GitHub Check: Unit Tests (cmd)
  • GitHub Check: Unit Tests (utils)
  • GitHub Check: Unit Tests (ledger)
  • GitHub Check: Integration Tests Others (integration)
  • GitHub Check: Unit Tests Insecure (insecure/integration/functional/test/gossipsub/scoring)
  • GitHub Check: Unit Tests Insecure (insecure)
  • GitHub Check: Unit Tests Insecure (insecure/integration/functional/test/gossipsub/rpc_inspector)
  • GitHub Check: Docker Build
  • GitHub Check: analyze-code (go)
🔇 Additional comments (9)
go.mod (4)

8-8: Verify cloud.google.com/go/storage update for compatibility.

The cloud.google.com/go/storage dependency jumps from v1.50.0 to v1.56.0 (a 6-patch-version jump). While patch versions should be backward-compatible, verify that this update does not introduce any unexpected behavior changes or API modifications that could affect storage operations in the codebase.

Also applies to: 8-8

50-50: Flow/Cadence updates align with PR objectives.

cadence has been updated from v1.9.3 to v1.9.4 as intended. Ensure that any Flow script or contract-related code is tested against this new Cadence version.

Also applies to: 50-50

55-55: Flow SDK and protobuf updates are in sync.

flow-go-sdk v1.9.10 and flow/protobuf v0.4.19 have been updated together, which is appropriate. Confirm that tests cover SDK/protobuf integration points to catch any compatibility issues early.

Also applies to: 56-56

77-77: Verify golang.org/x and google.golang.org package updates for correctness.

Several critical packages have been updated:

  • golang.org/x/crypto v0.45.0 → v0.46.0 (patch)
  • golang.org/x/sync v0.18.0 → v0.19.0 (minor)
  • google.golang.org/grpc v1.77.0 → v1.78.0 (patch)
  • google.golang.org/protobuf v1.36.10 → v1.36.11 (patch)

These updates are generally safe (patch/minor versions), but given the learnings around cryptographic operations, confirm that any crypto-sensitive code paths remain correct and that gRPC/protobuf serialization is unaffected by these updates.

Also applies to: 88-88

insecure/go.mod (2)

19-19: Protobuf and gRPC updates are in sync with root module.

Versions match the root go.mod (grpc v1.78.0, protobuf v1.36.11), ensuring consistency across modules. ✓

Also applies to: 20-20

25-25: Cloud and Flow dependencies are consistent with root module.

All version updates (cloud.google.com/go v0.121.6, cadence v1.9.4, flow-go-sdk v1.9.10, flow/protobuf v0.4.19) match the root module, maintaining consistency across the workspace. ✓

Also applies to: 31-31

integration/go.mod (3)

6-6: BigQuery dependency update aligns with broader Cloud library upgrades.

cloud.google.com/go/bigquery has been updated from v1.69.0 to v1.72.0 (3-patch versions), which is consistent with the broader cloud.google.com/go family updates. Verify that integration tests using BigQuery remain functional with this update.

Also applies to: 6-6

24-24: Flow and critical dependency versions are consistent across all modules.

cadence v1.9.4, flow-go-sdk v1.9.10, flow/protobuf v0.4.19, and protocol stack (grpc v1.78.0, protobuf v1.36.11) all match the root and insecure modules. Version consistency verified across the workspace. ✓

Also applies to: 32-32

43-43: golang.org/x and google.golang.org updates are in sync with root module.

All updated packages (sync v0.19.0, grpc v1.78.0, protobuf v1.36.11) match the corresponding versions in go.mod and insecure/go.mod. ✓

Also applies to: 45-45

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov-commenter
Copy link

codecov-commenter commented Jan 8, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@turbolent turbolent added this pull request to the merge queue Jan 9, 2026
Merged via the queue into master with commit 2abea7b Jan 9, 2026
61 checks passed
@turbolent turbolent deleted the auto-update-onflow-cadence-v1.9.4 branch January 9, 2026 02:00
@coderabbitai coderabbitai bot mentioned this pull request Jan 15, 2026
Merged
This was referenced Jan 27, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SupunS SupunS SupunS approved these changes

@fxamacker fxamacker fxamacker approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@turbolent @codecov-commenter @SupunS @fxamacker