Update to Cadence v1.3.1

[turbolent]

Description

Automatically update to:

• onflow/cadence v1.3.1
• onflow/flow-go-sdk v1.3.1
• onflow/flow-go c8d283b60d12
• onflow/flow-emulator v1.2.0

Summary by CodeRabbit

• Chores
  • Upgraded the platform’s underlying Go version to 1.23 with an updated toolchain for improved performance.
  • Refreshed key dependencies to enhance system reliability and ensure continued compatibility.
  • Incorporated a new supporting module to streamline dependency management.

[coderabbitai]

Walkthrough

The pull request updates two go.mod files—one in the root and one in the tests directory. Both files have an updated Go version (from 1.22 to 1.23) with the new toolchain go1.23.4. Multiple dependencies have been upgraded to newer versions, including libraries from Onflow, Google, Prometheus, and opentelemetry. The tests module additionally adds an indirect dependency, ensuring that both modules are aligned with the latest compatibility and dependency requirements.

Changes

File	Change Summary
go.mod	Updated Go version (1.22 → 1.23) with toolchain go1.23.4; upgraded dependencies such as github.com/onflow/atree, github.com/onflow/cadence, github.com/onflow/flow-go, github.com/onflow/flow-go-sdk, testify, grpc, cloud.google.com/go/compute/metadata, opentelemetry packages, Google APIs, and protobuf.
tests/go.mod	Updated Go version (1.22 → 1.23) with toolchain go1.23.4; similar dependency upgrades as in go.mod plus updates for github.com/onflow/flow-emulator, several Prometheus libraries, and addition of new indirect dependency github.com/munnerz/goautoneg.

Possibly related PRs

• Update flow-go v0.37.10 #512: Updates reflect modifications to github.com/onflow/cadence and github.com/onflow/flow-go, aligning with these code-level dependency changes.
• Add CLI commands on binary #616: Contains similar go.mod adjustments with Go version bumps and dependency updates, matching the changes in this PR.
• Update to EVM with block mapping #381: Involves updates to dependencies like github.com/onflow/flow-go-sdk, along with cadence and flow-go updates, showing a direct code-level resemblance.

Suggested labels

Improvement, EVM

Suggested reviewers

• sideninja
• peterargue
• m-Peter
• zhangchiqing

Poem

I'm a crafty rabbit with a hop in my step,
Updating my code without any misstep.
Dependencies upgraded, fresh as the spring,
In a Go-mod world, I'm ready to bring.
With joy and a nibble on every new change,
I celebrate in ASCII hops across the digital range!
🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0b5077a and fdf05fd.

⛔ Files ignored due to path filters (2)

• go.sum is excluded by !**/*.sum
• tests/go.sum is excluded by !**/*.sum

📒 Files selected for processing (2)

• go.mod (5 hunks)
• tests/go.mod (7 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Lint
• GitHub Check: Test

🔇 Additional comments (20)

go.mod (10)

3-5: Updated Go Version and Toolchain Specification.

The Go version has been updated from 1.22 to 1.23 and a specific toolchain (go1.23.4) has been added. This is in line with the dependency updates and overall platform improvements. Please verify that all parts of the codebase and CI/CD scripts support Go 1.23.

---

11-14: Upgrade of Onflow and Related Dependencies.

The versions for github.com/onflow/atree, github.com/onflow/cadence, github.com/onflow/flow-go, and github.com/onflow/flow-go-sdk are updated to the latest versions (v0.9.0, v1.3.1, and v1.3.1 respectively). This aligns with the PR objective to update to Cadence v1.3.1 and the corresponding Flow libraries. Please ensure that these new versions are compatible with the existing code and tests.

---

23-23: Testify Library Upgrade.

The dependency for github.com/stretchr/testify has been updated from v1.9.0 to v1.10.0. This should bring improvements and bug fixes from the newer release. Confirm that existing tests do not break due to any enhancements or API changes in Testify.

---

27-27: gRPC Dependency Update.

google.golang.org/grpc has been updated to v1.64.1. This update is likely to include performance enhancements and bug fixes. Ensure that any custom gRPC configurations (if any exist) are still working as intended.

---

31-31: Cloud Compute Metadata Dependency Update.

The indirect dependency cloud.google.com/go/compute/metadata is now updated to v0.5.0. This update is consistent with the goal of using the latest library versions.

---

90-90: Google GAX Library Upgrade.

The version of github.com/googleapis/gax-go/v2 has been updated to v2.12.2. Verify that this update does not introduce breaking changes for any integrated Google API calls.

---

183-183: Blake3 Library Update.

The indirect dependency github.com/zeebo/blake3 is updated to v0.2.4. This is a low-risk update; however, double-check if any parts of the code explicitly rely on previous behavior of Blake3 functions.

---

185-186: OpenTelemetry Instrumentation Dependencies.

Both go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc and go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp have been updated to v0.49.0. Ensure that any instrumentation initialization or configuration in your code is revisited for potential API changes in these libraries.

---

198-199: golang.org/x Deps for net and oauth2.

The update of golang.org/x/net to v0.26.0 and golang.org/x/oauth2 to v0.18.0 might affect networking or authorization flows if your project makes direct use of these packages. Please verify the behavior after these updates.

---

205-205: Google API Dependency Update.

google.golang.org/api has been updated to v0.169.0. Ensure that any interactions with Google APIs are tested, as this update could involve new features or deprecations.

tests/go.mod (10)

3-5: Updated Go Version and Toolchain Specification in Tests Module.

The tests module now uses Go 1.23 with the go1.23.4 toolchain. This change ensures consistency with the main module and should streamline development and testing across the project.

---

9-17: Upgrade of Onflow and Test-Related Dependencies.

Dependencies for github.com/onflow/cadence, github.com/onflow/flow-emulator, github.com/onflow/flow-go, github.com/onflow/flow-go-sdk, and github.com/stretchr/testify have been updated to v1.3.1, v1.2.0, v0.38.0-util.0.20250130182921-c8d283b60d12, v1.3.1, and v1.10.0 respectively. These changes are consistent with the updates in the main module and should help maintain compatibility between production and test components.

---

21-21: Cloud Compute Metadata Dependency Update in Tests Module.

The indirect dependency cloud.google.com/go/compute/metadata is updated to v0.5.0. This provides consistency with the main module’s dependency management.

---

93-93: Google GAX Library Upgrade in Tests Module.

As in the main module, github.com/googleapis/gax-go/v2 has been updated to v2.12.2. It is important to verify that test utilities or helpers that use this package are still functioning correctly.

---

124-124: Klauspost Compress Library Version Update.

The dependency for github.com/klauspost/compress has been updated to v1.17.9. Confirm that any modules relying on compression features behave as expected after this upgrade.

---

151-154: New and Updated Onflow-Related Dependencies.

• github.com/munnerz/goautoneg (v0.0.0-20191010083416-a7dc8b61c822) has been added as an indirect dependency.
• github.com/onflow/atree is updated to v0.9.0.
• github.com/onflow/bridged-usdc/lib/go/contracts is added at v1.0.0.

These changes further align the tests module with the main module’s dependency versions and help ensure uniform behavior across integrations.

---

159-162: Prometheus Dependencies Update.

The Prometheus-related dependencies have been updated to:

• github.com/prometheus/client_golang v1.20.5
• github.com/prometheus/client_model v0.6.1
• github.com/prometheus/common v0.55.0
• github.com/prometheus/procfs v0.15.1

These updates ensure the tests module benefits from the latest monitoring and metric collection fixes or improvements.

---

225-226: Potential Inconsistency in golang.org/x/oauth2 Version.

In this tests module, golang.org/x/oauth2 is updated to v0.21.0, whereas in the main module it is updated to v0.18.0. Please verify if this discrepancy is intentional. Otherwise, consider aligning the versions across both modules to avoid unexpected behavior when test code interacts with the same libraries as production code.

---

234-240: Google API and Genproto Dependencies Update.

The updates for google.golang.org/api, the Google Genproto packages (googleapis/api and googleapis/rpc), google.golang.org/grpc, and google.golang.org/protobuf ensure that the tests module uses the same modern versions as the main module. Please test to confirm that these changes do not cause breakage in any API interactions.

---

253-254: Local Module Replacement.

The replace directive at the end, which maps github.com/onflow/flow-evm-gateway to the local directory (../), appears to be intended for local development and testing purposes. Ensure that this does not inadvertently get included in production builds.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[turbolent]

Tests are timing out after 10 minutes, PTAL

[m-Peter]

Hey @turbolent, I had already prepared #738 for updating the deps, because it requires some more fixes to the occurring breaking changes. Would that PR work for you?

[turbolent]

@m-Peter Awesome! Yeah, we can get that merged and then update or close this PR I guess 👍

[m-Peter]

@m-Peter Awesome! Yeah, we can get that merged and then update or close this PR I guess 👍

Problem is that we might want to hold off merging it to main branch. Can you maybe use the commit hash in the dependencies down the line? I guess this is needed for flow-cli, right?

[turbolent]

@m-Peter Thanks for the heads-up! What's the reason for not merging the update to the main branch? (just curious)

Yes, eventually I'd like to update the Flow CLI and this / your update PR is a requirement for it. It's not urgent, but do you have an ETA for when we could expect to have this repo updated?

[m-Peter]

@m-Peter Thanks for the heads-up! What's the reason for not merging the update to the main branch? (just curious)

Yes, eventually I'd like to update the Flow CLI and this / your update PR is a requirement for it. It's not urgent, but do you have an ETA for when we could expect to have this repo updated?

Mostly because we might need to merge something on main branch and deploy, no other reason. But I guess we could also back-port any necessary changes.
Other than that, I am still awaiting some reviews on my PR 😅

[turbolent]

If we still want to deploy changes before this update, we can always branch off before its merge commit (what we do in Cadence, flow-go, etc.), so the update shouldn't really be blocked. I pinged the team to have another look 👍