chore(all): update deps (major)

[renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/checkout	action	major	v4 -> v6
actions/github-script	action	major	v7 -> v8
actions/setup-go	action	major	v5 -> v6
cloud.google.com/go/pubsub	require	major	v1.50.1 -> v2.3.0

---

Release Notes

actions/checkout (actions/checkout)

v6

Compare Source

v5

Compare Source

actions/github-script (actions/github-script)

v8: .0.0

Compare Source

What's Changed

• Update Node.js version support to 24.x by @​salmanmkc in #​637
• README for updating actions/github-script from v7 to v8 by @​sneha-krip in #​653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

• @​salmanmkc made their first contribution in #​637
• @​sneha-krip made their first contribution in #​653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

actions/setup-go (actions/setup-go)

v6

Compare Source

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[gemini-code-assist]

Summary of Changes

Hello @renovate-bot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs routine maintenance by updating several project dependencies to their latest major versions. This includes critical GitHub Actions used in CI/CD workflows and the cloud.google.com/go/pubsub library, ensuring the project leverages the most recent features, performance improvements, and security patches from these upstream components.

Highlights

• GitHub Actions Major Updates: Several GitHub Actions have been upgraded to their latest major versions, including actions/checkout to v6, actions/github-script to v8, and actions/setup-go to v6.
• Go Pub/Sub Library Major Update: The cloud.google.com/go/pubsub library has been updated to its major version v2.3.0, reflecting a significant dependency change.

Ignored Files

• Ignored by pattern: .github/workflows/** (5)
  • .github/workflows/action_syntax.yml
  • .github/workflows/apidiff.yml
  • .github/workflows/conformance.yaml
  • .github/workflows/third_party_check.yml
  • .github/workflows/vet.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request, intended to update major dependencies, introduces several dependency downgrades in the go.mod files which is concerning. Specifically, cloud.google.com/go/pubsub is downgraded in both pubsub/v2/go.mod (from v1.50.1 to v1.49.0) and pubsublite/go.mod (from v1.50.1 to v1.50.0). These downgrades are risky as they might reintroduce previously fixed bugs or vulnerabilities. I've added specific comments on the affected files highlighting these issues. It is critical to investigate the root cause of these downgrades and resolve them before merging.

[gemini-code-assist]

The cloud.google.com/go/pubsub dependency is being downgraded from v1.50.1 to v1.49.0. This is a significant regression and is highly unusual for a dependency update pull request. Downgrading can reintroduce bugs or security vulnerabilities that were fixed in later versions. Please investigate the cause of this downgrade and ensure the dependency is at v1.50.1 or a newer version.

[gemini-code-assist]

While this PR adds cloud.google.com/go/pubsub/v2, it also downgrades the existing cloud.google.com/go/pubsub (v1) dependency from v1.50.1 to v1.50.0. Dependency downgrades are risky as they can reintroduce bugs or vulnerabilities that were fixed in later patch versions. Please investigate why this downgrade is happening. The goal should be to use the latest patch versions for all dependencies.