Update to flow-go v0.38.0-rc.7

[turbolent]

• go get github.com/onflow/[email protected]
• Update the import statements for Cadence
• Update CI to Go v1.23

Summary by CodeRabbit

• Dependencies

  • Updated Go version from 1.22 to 1.23
  • Upgraded multiple project dependencies, including Cadence, Flow, crypto, and testing libraries
  • Updated various indirect dependencies

• Code Maintenance

  • Refactored import statements for Cadence standard library across multiple files
  • Simplified library import paths
  • Removed support for the "previewnet" network across various components, including configuration, transaction info, and network validation
  • Removed the previewnet option from the JSON configuration in the README and other related files
  • Removed the previewnet target from the integration testing process
  • Updated CI workflow to use a dynamic Go version and improved caching for Go modules

[coderabbitai]

Walkthrough

This pull request primarily focuses on updating dependencies and import statements across multiple files in the project. The changes involve upgrading the Go version from 1.22 to 1.23, modifying various dependencies in the go.mod file, and updating import paths for the Cadence library from runtime to a more direct path. Additionally, the removal of references to the "previewnet" network is reflected in multiple files, simplifying the network options available. The modifications appear to be part of a library update and standardization process, with no significant changes to the core functionality of the existing code.

Changes

File	Change Summary
access/access.go	Updated import from github.com/onflow/cadence/runtime/common to github.com/onflow/cadence/common
state/convert.go, state/process.go	Replaced import path from github.com/onflow/cadence/runtime/stdlib to github.com/onflow/cadence/stdlib
go.mod	- Go version updated to 1.23 (toolchain 1.23.4) - Multiple dependencies upgraded, including Cadence, Crypto, Flow-go, and others
Makefile	Removed target previewnet-integration-test
README.md	Updated network options by removing previewnet
cmd/corecontracts/corecontracts.go, cmd/tipheight/tipheight.go, cmd/txinfo/txinfo.go	Removed references to previewnet from network handling
config/config.go	Removed validation for previewnet in network configuration
model/model.proto	Removed PREVIEWNET enumeration value from Network enum
script/flow.json	Removed previewnet entry from networks section
.github/workflows/ci.yml	Added environment variable GO_VERSION set to '1.23' and updated Go setup action to version v5

Possibly related PRs

• Crescendo updates for Rosetta #63: The changes in the main PR are related to the modifications in the import statements for the github.com/onflow/cadence package, which are also reflected in the retrieved PR's updates to the access/access.go file.

Suggested reviewers

• franklywatson
• koko1123
• sisyphusSmiling

Poem

🐰 Hop, hop, through code's verdant grove,
Dependencies dance, versions improve!
From runtime to common, imports take flight,
Cadence library shines, ever so bright!
A rabbit's update, precise and clean! 🚀

Tip

🌐 Web search-backed reviews and chat

• We have enabled web search-based reviews and chat for all users. This feature allows CodeRabbit to access the latest documentation and information on the web.
• You can disable this feature by setting web_search: false in the knowledge_base settings.
• Please share any feedback in the Discord discussion.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 77ba663 and 7c250fe.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (4)

• access/access.go (1 hunks)
• go.mod (10 hunks)
• state/convert.go (1 hunks)
• state/process.go (1 hunks)

✅ Files skipped from review due to trivial changes (3)

• state/convert.go
• access/access.go
• state/process.go

🔇 Additional comments (4)

go.mod (4)

Line range hint 39-315: Review indirect dependency updates.

The updates to indirect dependencies look appropriate and maintain compatibility. No immediate concerns found.

---

32-32: Security: Crypto and gRPC package updates.

The updates to golang.org/x/crypto (v0.28.0) and google.golang.org/grpc (v1.64.1) include security fixes. Ensure your code adapts to any breaking changes in these security-critical packages.

Also applies to: 33-33

✅ Verification successful

The crypto package update to v0.28.0 is safe for this codebase

While there is a critical vulnerability in golang.org/x/crypto affecting versions < 0.31.0, it only impacts SSH server configurations using PublicKeyCallback, which are not present in this codebase. The update to v0.28.0 is still an improvement as it includes fixes for older security issues.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any security advisories for the updated packages
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: GO, package: "golang.org/x/crypto") {
    nodes {
      advisory {
        summary
        severity
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 1500

---

Script:

#!/bin/bash
# Check for SSH server configurations and PublicKeyCallback usage
ast-grep --pattern 'ServerConfig { $$$ }' 
rg -l "ServerConfig" 
rg "PublicKeyCallback"

Length of output: 97

---

17-17: Verify Cadence version compatibility.

The downgrade from cadence v1.0.0-preview.37 to v1.3.0 might introduce breaking changes. Ensure all Cadence-related functionality remains intact.

✅ Verification successful

The Cadence version change from v1.0.0-preview.37 to v1.3.0 is safe ✅

This is actually an upgrade from a preview version to a stable release. The codebase uses only core Cadence features (basic types, events, encoding) that are stable across versions. No preview-specific features are used.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for Cadence-specific imports and usage
rg -l "github.com/onflow/cadence"

Length of output: 169

---

Script:

#!/bin/bash
# Check specific Cadence imports and usage
echo "=== Checking Cadence imports ==="
rg "\"github.com/onflow/cadence.*\"" -A 2

echo -e "\n=== Checking Cadence type usage ==="
rg "cadence\." -A 2

echo -e "\n=== Checking specific version features ==="
# Look for potential version-specific features or APIs
ast-grep --pattern 'cadence.$_'

Length of output: 17983

---

19-19: Caution: Using pre-release version of flow-go.

The dependency on flow-go v0.38.0-rc.2 is a release candidate version. Ensure thorough testing before deploying to production.

✅ Verification successful

Caution: Using pre-release version of flow-go confirmed.

The dependency on flow-go v0.38.0-rc.2 is indeed a release candidate version released today (Jan 28, 2025). No stable v0.38.0 release is available yet. Ensure thorough testing before deploying to production.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any known issues or breaking changes in the flow-go release
gh api repos/onflow/flow-go/releases | jq -r '.[] | select(.tag_name=="v0.38.0-rc.2") | .body'

Length of output: 19000

---

Script:

#!/bin/bash
# Check if a stable version 0.38.0 exists
gh api repos/onflow/flow-go/releases | jq -r '.[] | select(.tag_name=="v0.38.0") | .tag_name'

# Check for any issues reported against this RC
gh api repos/onflow/flow-go/issues --jq '.[] | select(.body | contains("v0.38.0-rc.2")) | {title: .title, state: .state}'

Length of output: 271

---

Script:

#!/bin/bash
# List recent releases to check version progression
gh api repos/onflow/flow-go/releases --jq '.[0:5] | .[] | {tag_name: .tag_name, created_at: .created_at}'

Length of output: 411

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

go.mod (1)

Line range hint 1-314: Run go mod tidy to sync dependencies.

The CI pipeline indicates that module dependencies are out of sync. Run go mod tidy to update the go.mod file and ensure all dependencies are properly synchronized.

🧰 Tools

🪛 GitHub Actions: CI

[error] Module dependencies are out of sync. Run 'go mod tidy' to update go.mod file.

♻️ Duplicate comments (1)

go.mod (1)

226-227: ⚠️ Potential issue

Remove duplicate indirect dependency comments.

The following dependencies have conflicting version comments that need to be cleaned up:

-github.com/onflow/flow-core-contracts/lib/go/contracts v1.4.0 // indirect; v1.2.4-0.20230703193002-53362441b57d // indirect
-github.com/onflow/flow-core-contracts/lib/go/templates v1.4.0 // indirect; v1.2.3 // indirect
+github.com/onflow/flow-core-contracts/lib/go/contracts v1.4.0 // indirect
+github.com/onflow/flow-core-contracts/lib/go/templates v1.4.0 // indirect

🧰 Tools

🪛 GitHub Actions: CI

[error] Module dependencies are out of sync. Run 'go mod tidy' to update go.mod file.

🧹 Nitpick comments (1)

README.md (1)

361-361: Fix list item indentation.

The list item indentation is inconsistent with other items at the same level. Adjust the indentation to match the expected 2 spaces.

-* `network: "mainnet" | "testnet" | "localnet"`
+  * `network: "mainnet" | "testnet" | "localnet"`

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

361-361: Inconsistent indentation for list items at the same level
Expected: 2; Actual: 0

(MD005, list-indent)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7c250fe and 7299fe9.

⛔ Files ignored due to path filters (2)

• go.sum is excluded by !**/*.sum
• model/model.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (9)

• Makefile (1 hunks)
• README.md (1 hunks)
• cmd/corecontracts/corecontracts.go (0 hunks)
• cmd/tipheight/tipheight.go (0 hunks)
• cmd/txinfo/txinfo.go (2 hunks)
• config/config.go (1 hunks)
• go.mod (9 hunks)
• model/model.proto (0 hunks)
• script/flow.json (1 hunks)

💤 Files with no reviewable changes (3)

• cmd/corecontracts/corecontracts.go
• model/model.proto
• cmd/tipheight/tipheight.go

🧰 Additional context used

🪛 GitHub Actions: CI

go.mod

[error] Module dependencies are out of sync. Run 'go mod tidy' to update go.mod file.

🪛 markdownlint-cli2 (0.17.2)

README.md

361-361: Inconsistent indentation for list items at the same level
Expected: 2; Actual: 0

(MD005, list-indent)

🔇 Additional comments (7)

cmd/txinfo/txinfo.go (1)

20-22: LGTM! Network configuration updates are consistent.

The removal of previewnet from the networks map and usage message aligns with the broader changes across the codebase to remove previewnet support.

Also applies to: 74-74

config/config.go (1)

211-211: LGTM! Network validation update is consistent.

The network validation has been correctly updated to remove previewnet support, now only allowing "mainnet", "testnet", "localnet", or "emulator" as valid networks.

script/flow.json (1)

12-12: LGTM! Network configuration is consistent.

The removal of the previewnet entry from the networks configuration aligns with the broader changes to remove previewnet support.

Makefile (1)

29-29: LGTM! Integration test configuration is consistent.

The removal of the previewnet-integration-test target aligns with the broader changes to remove previewnet support.

go.mod (2)

3-5: Verify Go 1.23 compatibility across the codebase.

The upgrade from Go 1.22 to 1.23 requires validation of compatibility with your codebase and CI/CD pipeline.

✅ Verification successful

Go 1.23 upgrade appears safe to proceed

The codebase shows no usage of language features that were modified in Go 1.23, and all major dependencies are on recent versions. However, ensure your CI pipeline is updated to use Go 1.23.4 toolchain.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if any Go files use features that might be incompatible with Go 1.23
# Look for potential compatibility issues in Go files
rg -g '*.go' -l 'go:build' .

Length of output: 28

---

Script:

#!/bin/bash
# First verify if this is a Go repository and check for Go files
fd -e go
echo "---"
# Check go.mod content for dependencies
cat go.mod

Length of output: 17159

---

Script:

#!/bin/bash
# Check for potential Go 1.23 compatibility issues
# Look for type parameters, range operations, and build constraints
echo "Checking for type parameters..."
rg "type\s+\w+\[\w+\]" .
echo "---"
echo "Checking for range operations..."
rg "for\s+.*range\s+\d+" .
echo "---"
echo "Checking build constraints..."
rg "//\s*\+build" .

Length of output: 324

🧰 Tools

🪛 GitHub Actions: CI

[error] Module dependencies are out of sync. Run 'go mod tidy' to update go.mod file.

---

Line range hint 8-34: Verify compatibility with updated direct dependencies.

Several direct dependencies have been updated to newer versions. Notable updates include:

• flow-go: v0.36.0 → v0.38.0-rc.2 (pre-release version)
• cadence: v1.0.0-preview.37 → v1.3.0
• ethereum/go-ethereum: v1.13.10 → v1.14.12

Please ensure these updates don't introduce breaking changes.

✅ Verification successful

Dependencies update verified - no breaking changes detected

The codebase demonstrates careful version handling with proper isolation of version-specific code. The pre-release version of flow-go (v0.38.0-rc2) is used safely with stable APIs, the Cadence upgrade is contained within well-defined boundaries, and the Ethereum update is minor with minimal usage.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any breaking changes in import paths or API usage
# Focus on the most significant updates

# Check flow-go usage
rg -l "github.com/onflow/flow-go" .

# Check cadence usage
rg -l "github.com/onflow/cadence" .

# Check ethereum usage
rg -l "github.com/ethereum/go-ethereum" .

Length of output: 542

---

Script:

#!/bin/bash
# Extract specific imports and usage patterns

# Check flow-go imports and usage
echo "=== Flow-go imports ==="
rg "^import.*github.com/onflow/flow-go.*" -A 1

# Check cadence imports and usage
echo -e "\n=== Cadence imports ==="
rg "^import.*github.com/onflow/cadence.*" -A 1

# Check ethereum imports and usage
echo -e "\n=== Ethereum imports ==="
rg "^import.*github.com/ethereum/go-ethereum.*" -A 1

# Look for specific API usage patterns that might indicate breaking changes
echo -e "\n=== Flow-go API usage ==="
rg "flow\." --type go -A 2

# Check for any potential version constraints in go.mod
echo -e "\n=== Version constraints ==="
cat go.mod | grep -A 1 "require"

Length of output: 27402

🧰 Tools

🪛 GitHub Actions: CI

[error] Module dependencies are out of sync. Run 'go mod tidy' to update go.mod file.

README.md (1)

361-361: LGTM! Removal of "previewnet" network option.

The removal of the "previewnet" option from the network configuration aligns with the PR objectives and the broader changes across the codebase.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

361-361: Inconsistent indentation for list items at the same level
Expected: 2; Actual: 0

(MD005, list-indent)

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

go.mod (1)

245-246: 🛠️ Refactor suggestion

Resolve conflicting version comments for Flow-Core-Contracts
The onflow/flow-core-contracts dependencies still show dual annotations (e.g. “v1.4.0 // indirect; v1.2.4-0.20230703193002-53362441b57d // indirect”). This was flagged in previous reviews. It is advisable to remove the conflicting version comments so that only the intended version (v1.4.0) is visible.

Suggested diff:
  - github.com/onflow/flow-core-contracts/lib/go/contracts v1.4.0 // indirect; v1.2.4-0.20230703193002-53362441b57d // indirect
  + github.com/onflow/flow-core-contracts/lib/go/contracts v1.4.0 // indirect
  - github.com/onflow/flow-core-contracts/lib/go/templates v1.4.0 // indirect; v1.2.3 // indirect
  + github.com/onflow/flow-core-contracts/lib/go/templates v1.4.0 // indirect

🧹 Nitpick comments (1)

go.mod (1)

333-334: Custom fork replacement for github.com/ipfs/boxo
A custom replacement has been introduced for github.com/ipfs/boxo (lines 333–334) to work around an open issue (onflow/flow-go#5338). Confirm that this temporary workaround is documented and tracked so that it can be reverted once the upstream issue is resolved.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9dc2b0b and f9407fc.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod (7 hunks)

🔇 Additional comments (4)

go.mod (4)

3-5: Update Go version and toolchain
The file now specifies Go 1.23 and toolchain go1.23.4. Ensure that all build configurations (e.g. CI pipelines) have been updated accordingly to avoid mismatches with the previous Go 1.22 settings.

---

8-35: Upgrade primary dependency versions
Multiple dependencies in the primary require block have been updated – for example, the Coinbase Rosetta SDK, secp256k1, Ethereum client, Cadence (now at v1.3.1), and notably flow-go which is now set to v0.38.0-rc.7. Please verify that the change to a release candidate (v0.38.0-rc.7) is intentional given that the PR objectives mentioned v0.38.0-rc.2. Also, ensure that any breaking changes in these dependencies have been addressed downstream.

---

39-74: Update indirect dependencies (first indirect require block)
The updates between lines 39 and 74 bring in new versions for several indirect dependencies (e.g. cockroachdb/fifo, fatih/color, go-task/slim-sprig, etc.). These changes likely result from running “go mod tidy.” It is recommended to double-check that these automated updates do not introduce unexpected behavior.

---

76-331: Bulk upgrade of additional indirect dependencies
The require block spanning lines 76 through 331 shows a comprehensive set of dependency version bumps—including cloud providers, AWS SDK modules, various utility libraries, OpenTelemetry packages, and many others. These adjustments appear to be automatically generated. Please review the combined updates for compatibility with your codebase. In particular, note the updates to critical packages like OpenTelemetry, Uber’s FX, and others that could have subtle breaking changes.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

go.mod (1)

227-229: ⚠️ Potential issue

Review version conflict for Flow core contracts dependencies.
The entries for “github.com/onflow/flow-core-contracts/lib/go/contracts” and “github.com/onflow/flow-core-contracts/lib/go/templates” still include conflicting version comments (e.g., “v1.4.0 // indirect; v1.2.4-0.20230703193002-53362441b57d”). This replicates issues noted in previous reviews. Please resolve these conflicts to use a single unambiguous version for each dependency.

🧹 Nitpick comments (1)

go.mod (1)

317-319: Custom fork replacement for ipfs/boxo.
The custom replacement directive for “github.com/ipfs/boxo” now points to “github.com/onflow/boxo” (v0.0.0-20240201202436-f2477b92f483). This change is noted as a temporary workaround until the upstream issue (onflow/flow-go#5338) is resolved. It is advisable to monitor the progress on that issue and revert this fork replacement once an official fix is available.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b4f9d7f and b1fe155.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod (10 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test

🔇 Additional comments (7)

go.mod (7)

3-5: Update Go version and toolchain.
The Go version is now set to 1.23 and the toolchain updated to go1.23.4. This aligns with the PR objectives for compatibility with Go 1.23. Please ensure that the CI configuration (e.g., in .github/workflows/ci.yml) is also updated accordingly.

---

17-22: Upgrade core dependencies for Cadence, Crypto, Flow-Go, and Testify.
The updates for “github.com/onflow/cadence” (v1.3.1), “github.com/onflow/crypto” (v0.25.2), “github.com/onflow/flow-go” (v0.38.0-rc.7), “github.com/onflow/flow/protobuf/go/flow” (v0.4.7), and “github.com/stretchr/testify” (v1.10.0) clearly support the PR’s objective of integrating flow-go v0.38.0-rc.7 and modernizing dependency versions.

---

32-35: Verify Go module dependency versions.
The updates for “golang.org/x/crypto” (v0.28.0) and “google.golang.org/grpc” (v1.64.1) are appropriate, and “lukechampine.com/blake3” is now at v1.3.0. However, note that “google.golang.org/protobuf” on line 34 remains at v1.34.2 even though the summary indicates it should update to v1.36.0. Please verify if this omission is intentional.

---

39-42: Bulk update for initial indirect dependencies.
Versions for dependencies such as “github.com/cockroachdb/fifo”, “github.com/crate-crypto/go-ipa”, “github.com/ethereum/go-verkle”, and “github.com/fatih/color” have been bumped. These changes seem routine for maintaining up-to-date transitive dependencies. It is recommended to run your dependency resolution and integration tests to ensure that no compatibility issues arise.

---

46-50: Review OnFlow-related indirect dependency updates.
Updates for OnFlow dependencies (e.g., “github.com/onflow/bridged-usdc/lib/go/contracts”, “github.com/onflow/flow-ft/lib/go/templates”, “github.com/onflow/flow-nft/lib/go/templates”, “github.com/onflow/nft-storefront/lib/go/contracts”) along with “github.com/sony/gobreaker” are applied. Please double-check these versions against the Flow release notes to ensure full compatibility with flow-go v0.38.0-rc.7.

---

56-61: Update for cloud and Windows-related dependencies.
The versions for “cloud.google.com/go”, “cloud.google.com/go/compute/metadata”, “cloud.google.com/go/storage”, and “github.com/Microsoft/go-winio” have been updated. These changes look consistent with the need for improved functionality and recent bug fixes.

---

55-316: Bulk update of indirect dependencies.
A significant number of indirect dependencies have been updated throughout this block. While these version bumps are generally beneficial for security and performance, please ensure that:
• All updated versions are compatible with one another.
• There are no unforeseen conflicts introduced by these transitive dependency changes.
Running a full dependency resolution and regression test suite is recommended to catch any potential issues.