Upgrade baton-sdk to v0.7.27.

[ggreer]

Summary by CodeRabbit

Release Notes

• Chores
  • Updated project dependencies to latest compatible versions for improved security, performance, and stability.

[coderabbitai]

Walkthrough

This pull request updates multiple Go module dependencies in go.mod, including upgrades to the Baton SDK, gRPC, AWS SDK, OpenTelemetry stack, and various golang.org/x modules. The changes maintain compatibility and address updates across logging, networking, cryptography, and cloud infrastructure libraries.

Changes

Cohort / File(s)	Summary
Dependency Updates go.mod	Bumped baton-sdk from v0.7.3 to v0.7.27; updated gRPC, protobuf, and AWS SDK versions; upgraded OpenTelemetry stack to v1.39.0; incremented golang.org/x modules (crypto, net, oauth2, sys, term, text) to latest versions; added xxhash/v2 as indirect dependency; adjusted other indirect dependencies for compatibility.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A hop, a skip, through versions we bound,
Dependencies dance without a sound,
SDK leaps and gRPC glides,
OpenTelemetry's golden tide,
Compatibility maintained, no breaking fright—
The rabbit code hops into the night! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: upgrading baton-sdk to v0.7.27, which is the primary dependency bump in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ggreer/upgrade-baton-sdk

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

go.mod (1)

6-6: Review security advisories for major dependency upgrades.

Consider checking if the updates to baton-sdk and google.golang.org/grpc address any known security vulnerabilities. This can be verified through the official release notes, CVE databases (NVD), or pkg.go.dev advisories.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 6, Verify security advisories for the upgraded modules
"github.com/conductorone/baton-sdk" and "google.golang.org/grpc": review their
release notes and CVE/NVD entries (or pkg.go.dev advisories) to confirm the
chosen versions (e.g., baton-sdk v0.7.27 and the grpc version in go.mod) fix
known vulnerabilities; if not, update go.mod to a secure patched version or add
a replace directive to pin a safe release, and add a brief comment in go.mod
noting the security review and chosen safe versions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@go.mod`:
- Line 6: Verify security advisories for the upgraded modules
"github.com/conductorone/baton-sdk" and "google.golang.org/grpc": review their
release notes and CVE/NVD entries (or pkg.go.dev advisories) to confirm the
chosen versions (e.g., baton-sdk v0.7.27 and the grpc version in go.mod) fix
known vulnerabilities; if not, update go.mod to a secure patched version or add
a replace directive to pin a safe release, and add a brief comment in go.mod
noting the security review and chosen safe versions.