diff --git a/docs/cmd/pipeline-reference-gen/main.go b/docs/cmd/pipeline-reference-gen/main.go index 7533ee6d7..c32af91cf 100644 --- a/docs/cmd/pipeline-reference-gen/main.go +++ b/docs/cmd/pipeline-reference-gen/main.go @@ -10,7 +10,7 @@ import ( "strings" "text/template" - "sigs.k8s.io/yaml" + "go.yaml.in/yaml/v4" "chainguard.dev/melange/pkg/config" diff --git a/go.mod b/go.mod index d61374352..1627f5f52 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/charmbracelet/log v0.4.2 github.com/docker/cli v29.2.1+incompatible github.com/docker/docker v28.5.2+incompatible - github.com/dprotaso/go-yit v0.0.0-20250513224043-18a80f8f6df4 + github.com/dprotaso/go-yit v0.0.0-20260209000607-dfb86291624d github.com/github/go-spdx/v2 v2.4.0 github.com/go-git/go-git/v5 v5.16.5 github.com/google/go-cmp v0.7.0 @@ -37,7 +37,7 @@ require ( go.opentelemetry.io/otel v1.40.0 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.40.0 go.opentelemetry.io/otel/sdk v1.40.0 - go.yaml.in/yaml/v2 v2.4.3 + go.yaml.in/yaml/v4 v4.0.0-rc.4 golang.org/x/crypto v0.48.0 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 golang.org/x/sync v0.19.0 @@ -46,10 +46,8 @@ require ( golang.org/x/text v0.34.0 golang.org/x/time v0.14.0 gopkg.in/ini.v1 v1.67.1 - gopkg.in/yaml.v3 v3.0.1 mvdan.cc/sh/v3 v3.12.0 sigs.k8s.io/release-utils v0.12.3 - sigs.k8s.io/yaml v1.6.0 ) require ( @@ -64,8 +62,10 @@ require ( github.com/klauspost/cpuid/v2 v2.3.0 // indirect github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 // indirect go.opencensus.io v0.24.0 // indirect + go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/tools v0.42.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect ) diff --git a/go.sum b/go.sum index 51a4ca0a2..19c5ceb77 100644 --- a/go.sum +++ b/go.sum @@ -103,8 +103,8 @@ github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pM github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/dprotaso/go-yit v0.0.0-20250513224043-18a80f8f6df4 h1:JzpdVajvTuXQXL10D0vId1ZcW9alSJ3H0CnZczzz4ec= -github.com/dprotaso/go-yit v0.0.0-20250513224043-18a80f8f6df4/go.mod h1:lHwJo6jMevQL9tNpW6vLyhkK13bYHBcoh9tUakMhbnE= +github.com/dprotaso/go-yit v0.0.0-20260209000607-dfb86291624d h1:/USl0X37Afc2SyjRG4/eNrbm4CZRfZLdzwTy9YXxowA= +github.com/dprotaso/go-yit v0.0.0-20260209000607-dfb86291624d/go.mod h1:k03zg0AFMepR2TrssNeMUISoI0QcX2N58Sl0qPU6MZs= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o= @@ -269,8 +269,8 @@ github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= -github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -392,6 +392,8 @@ go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= +go.yaml.in/yaml/v4 v4.0.0-rc.4 h1:UP4+v6fFrBIb1l934bDl//mmnoIZEDK0idg1+AIvX5U= +go.yaml.in/yaml/v4 v4.0.0-rc.4/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -541,5 +543,3 @@ mvdan.cc/sh/v3 v3.12.0 h1:ejKUR7ONP5bb+UGHGEG/k9V5+pRVIyD+LsZz7o8KHrI= mvdan.cc/sh/v3 v3.12.0/go.mod h1:Se6Cj17eYSn+sNooLZiEUnNNmNxg0imoYlTu4CyaGyg= sigs.k8s.io/release-utils v0.12.3 h1:iNVJY81QfmMCmXxMg8IvvkkeQNk6ZWlLj+iPKSlKyVQ= sigs.k8s.io/release-utils v0.12.3/go.mod h1:BvbNmm1BmM3cnEpBmNHWL3wOSziOdGlsYR8vCFq/Q0o= -sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= -sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/pkg/build/compile.go b/pkg/build/compile.go index c5f814512..01e93dad1 100644 --- a/pkg/build/compile.go +++ b/pkg/build/compile.go @@ -25,7 +25,7 @@ import ( "strings" "github.com/chainguard-dev/clog" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v4" "mvdan.cc/sh/v3/syntax" "chainguard.dev/melange/pkg/cond" diff --git a/pkg/build/package.go b/pkg/build/package.go index f7796f89b..669372680 100644 --- a/pkg/build/package.go +++ b/pkg/build/package.go @@ -45,7 +45,7 @@ import ( "github.com/chainguard-dev/clog" "github.com/psanford/memfs" "go.opentelemetry.io/otel" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v4" ) // pgzip's default is GOMAXPROCS(0) diff --git a/pkg/build/pipeline_test.go b/pkg/build/pipeline_test.go index 9e3d20375..0c5f1e88a 100644 --- a/pkg/build/pipeline_test.go +++ b/pkg/build/pipeline_test.go @@ -19,7 +19,7 @@ import ( "path/filepath" "testing" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v4" "chainguard.dev/melange/pkg/config" "chainguard.dev/melange/pkg/util" diff --git a/pkg/cli/rebuild.go b/pkg/cli/rebuild.go index f987d6711..77b7bfdbf 100644 --- a/pkg/cli/rebuild.go +++ b/pkg/cli/rebuild.go @@ -23,8 +23,8 @@ import ( purl "github.com/package-url/packageurl-go" "github.com/spf13/cobra" "github.com/spf13/pflag" + "go.yaml.in/yaml/v4" "gopkg.in/ini.v1" - "gopkg.in/yaml.v3" "chainguard.dev/melange/pkg/build" "chainguard.dev/melange/pkg/config" diff --git a/pkg/config/config.go b/pkg/config/config.go index fd39f1339..378b42d29 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -43,7 +43,7 @@ import ( "github.com/chainguard-dev/clog" "github.com/joho/godotenv" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v4" "chainguard.dev/melange/pkg/util" ) diff --git a/pkg/linter/apk.go b/pkg/linter/apk.go index 0fcc27a83..2d5e25b63 100644 --- a/pkg/linter/apk.go +++ b/pkg/linter/apk.go @@ -29,7 +29,7 @@ import ( "chainguard.dev/apko/pkg/apk/expandapk" "github.com/chainguard-dev/clog" "github.com/dustin/go-humanize" - "go.yaml.in/yaml/v2" + "go.yaml.in/yaml/v4" "gopkg.in/ini.v1" "chainguard.dev/melange/pkg/config" diff --git a/pkg/manifest/manifest.go b/pkg/manifest/manifest.go index bc9deaa95..7d5706f5c 100644 --- a/pkg/manifest/manifest.go +++ b/pkg/manifest/manifest.go @@ -9,7 +9,7 @@ import ( apkotypes "chainguard.dev/apko/pkg/build/types" "github.com/chainguard-dev/clog" "github.com/chainguard-dev/yam/pkg/yam/formatted" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v4" "chainguard.dev/melange/pkg/config" ) diff --git a/pkg/renovate/bump/bump.go b/pkg/renovate/bump/bump.go index 3a514cd47..04473fe68 100644 --- a/pkg/renovate/bump/bump.go +++ b/pkg/renovate/bump/bump.go @@ -27,7 +27,7 @@ import ( "github.com/chainguard-dev/clog" "github.com/dprotaso/go-yit" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v4" "chainguard.dev/melange/pkg/config" "chainguard.dev/melange/pkg/renovate" diff --git a/pkg/renovate/cache/cache.go b/pkg/renovate/cache/cache.go index dc462b9e5..2c9e6369d 100644 --- a/pkg/renovate/cache/cache.go +++ b/pkg/renovate/cache/cache.go @@ -29,7 +29,7 @@ import ( "github.com/chainguard-dev/clog" "github.com/dprotaso/go-yit" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v4" "chainguard.dev/melange/pkg/renovate" "chainguard.dev/melange/pkg/util" diff --git a/pkg/renovate/copyright/copyright.go b/pkg/renovate/copyright/copyright.go index a7aed64eb..733cfae14 100644 --- a/pkg/renovate/copyright/copyright.go +++ b/pkg/renovate/copyright/copyright.go @@ -23,7 +23,7 @@ import ( "github.com/chainguard-dev/clog" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v4" "chainguard.dev/melange/pkg/license" "chainguard.dev/melange/pkg/renovate" diff --git a/pkg/renovate/yit.go b/pkg/renovate/yit.go index f0dc59ed0..eab1c8de1 100644 --- a/pkg/renovate/yit.go +++ b/pkg/renovate/yit.go @@ -18,7 +18,7 @@ import ( "fmt" "github.com/dprotaso/go-yit" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v4" ) // NodeFromMapping takes a yaml.Node (a mapping) and uses yit