chore(main): DSPX-608 - update platform to latest commit

[alkalescent]

No description provided.

[gemini-code-assist]

Hello @alkalescent, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

Hello! Gemini here, providing a summary of this pull request.

This PR primarily focuses on updating the project's dependencies to newer versions. The main driver appears to be an update to the OpenTDF platform libraries (protocol/go and sdk), likely to align with changes related to the deprecation of public_client_id as indicated by the title. Alongside these platform updates, several other core dependencies like gRPC, grpc-gateway, and OpenTelemetry have also been bumped to their latest versions. The go.sum file has been updated accordingly to reflect the new module versions and their checksums.

Highlights

• Dependency Updates: The core change involves updating several key Go module dependencies to newer versions.
• OpenTDF Platform Libraries: Updates github.com/opentdf/platform/protocol/go and github.com/opentdf/platform/sdk to recent commits, likely incorporating changes related to public_client_id deprecation.
• Core Go Dependencies: Updates include google.golang.org/grpc, github.com/grpc-ecosystem/grpc-gateway/v2, and go.opentelemetry.io/otel and related modules.

Changelog

Click here to see the changelog

• go.mod
  • Updated github.com/opentdf/platform/protocol/go from v0.3.1 to v0.3.4-0.20250519154311-901215244153
  • Updated github.com/opentdf/platform/sdk from v0.4.4 to v0.4.5-0.20250519154311-901215244153
  • Updated google.golang.org/grpc from v1.69.4 to v1.71.0
  • Updated github.com/grpc-ecosystem/grpc-gateway/v2 from v2.22.0 to v2.26.1
  • Updated go.opentelemetry.io/otel and related modules from v1.31.0 to v1.35.0
  • Added go.opentelemetry.io/auto/sdk v1.1.0
  • Updated google.golang.org/genproto/googleapis/api and rpc to newer commits
• go.sum
  • Updated checksums to match the new dependency versions in go.mod
  • Removed checksum entries for github.com/containerd/containerd
  • Updated checksum entries for github.com/docker/docker and github.com/rogpeppe/go-internal

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

Dependencies change,
Versions shift and rearrange,
Go mod updates flow.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates several Go module dependencies, including core platform components, gRPC, grpc-gateway, and opentelemetry libraries. The changes are limited to the go.mod and go.sum files, reflecting the updated dependency tree. The PR title suggests these updates are related to testing against a platform version where public_client_id is deprecated, which provides good context for the changes.

Summary of Findings

• Use of Pseudo-Versions: The github.com/opentdf/platform/protocol/go and github.com/opentdf/platform/sdk dependencies are updated to pseudo-versions. While potentially necessary for testing against a specific platform state, this can impact build reproducibility compared to using tagged releases. (Medium severity, commented on)
• Dependency Updates: Several other dependencies, including gRPC, grpc-gateway, and opentelemetry components, have been updated to newer minor versions. This is generally good practice for keeping dependencies current. (Low severity, not commented on directly due to review settings)
• Indirect Dependency Changes: The go.sum file reflects changes in indirect dependencies, such as the removal of github.com/containerd/containerd and the addition of go.opentelemetry.io/auto/sdk. These are expected outcomes of running go mod tidy after updating direct dependencies. (Low severity, not commented on directly due to review settings)

Merge Readiness

The changes in this pull request are solely dependency updates. The primary concern is the use of pseudo-versions for the core platform dependencies, which is a medium severity issue related to maintainability and reproducibility. If the use of these specific pseudo-versions is understood and accepted (e.g., as a temporary measure for testing), the pull request could be considered ready to merge. Otherwise, it might require addressing the versioning strategy. As per instructions, I am unable to approve the pull request; please ensure other reviewers assess the changes and approve before merging.

bot