Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump yaml versions to gopkg.in/yaml.v3 #262

Merged
merged 2 commits into from
Mar 21, 2025
Merged

Bump yaml versions to gopkg.in/yaml.v3 #262

merged 2 commits into from
Mar 21, 2025

Conversation

elezar
Copy link
Contributor

@elezar elezar commented Mar 19, 2025
edited
Loading

This change updates the sigs.k8s.io/yaml version from v1.3.0 to v1.4.0 and switches to using gopkg.in/yaml.v3 for ordered YAML output. This means that consumers no longer need to pull in two YAML dependencies (v2 and v3).

See:

@elezar elezar requested review from klihub and bart0sh March 19, 2025 10:40
@elezar elezar self-assigned this Mar 19, 2025
klihub
klihub approved these changes Mar 19, 2025
View reviewed changes
Copy link
Contributor

@klihub klihub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we then tag a v1.0.1 ?

@elezar elezar mentioned this pull request Mar 19, 2025
Draft
@elezar
Copy link
Contributor Author

elezar commented Mar 19, 2025
edited
Loading

Shall we then tag a v1.0.1 ?

Given that this is causing issues in containerd and buildkit (moby/buildkit#5856) that may be useful.

Using a replace rule pointing at these changes we see:

diff --git a/go.mod b/go.mod
index 8888eda..84df208 100644
--- a/go.mod
+++ b/go.mod
@@ -180,7 +180,6 @@ require (
 	go.opentelemetry.io/otel/metric v1.31.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	kernel.org/pub/linux/libs/security/libcap/psx v1.2.73 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
@@ -203,3 +202,5 @@ exclude (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
 )
+
+replace tags.cncf.io/container-device-interface v1.0.0 => ../container-device-interface

And updating the vendoring:

➜  buildkit git:(update-cdi) ✗ git status
On branch update-cdi
Changes not staged for commit:
  (use "git add/rm <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
        modified:   go.mod
        modified:   go.sum
        deleted:    vendor/gopkg.in/yaml.v2/.travis.yml
        deleted:    vendor/gopkg.in/yaml.v2/LICENSE
        deleted:    vendor/gopkg.in/yaml.v2/LICENSE.libyaml
        deleted:    vendor/gopkg.in/yaml.v2/NOTICE
        deleted:    vendor/gopkg.in/yaml.v2/README.md
        deleted:    vendor/gopkg.in/yaml.v2/apic.go
        deleted:    vendor/gopkg.in/yaml.v2/decode.go
        deleted:    vendor/gopkg.in/yaml.v2/emitterc.go
        deleted:    vendor/gopkg.in/yaml.v2/encode.go
        deleted:    vendor/gopkg.in/yaml.v2/parserc.go
        deleted:    vendor/gopkg.in/yaml.v2/readerc.go
        deleted:    vendor/gopkg.in/yaml.v2/resolve.go
        deleted:    vendor/gopkg.in/yaml.v2/scannerc.go
        deleted:    vendor/gopkg.in/yaml.v2/sorter.go
        deleted:    vendor/gopkg.in/yaml.v2/writerc.go
        deleted:    vendor/gopkg.in/yaml.v2/yaml.go
        deleted:    vendor/gopkg.in/yaml.v2/yamlh.go
        deleted:    vendor/gopkg.in/yaml.v2/yamlprivateh.go
        modified:   vendor/modules.txt
        modified:   vendor/tags.cncf.io/container-device-interface/pkg/cdi/spec.go

no changes added to commit (use "git add" and/or "git commit -a")
➜  buildkit git:(update-cdi) ✗ git diff | wc -l
   10216

@elezar elezar changed the title Bump yaml versions Bump yaml versions to gopkg.in/yaml.v3 Mar 19, 2025
@elezar elezar added this to the v1.0.1 milestone Mar 19, 2025
@elezar
Copy link
Contributor Author

elezar commented Mar 19, 2025

For containerd we have:

diff --git a/go.mod b/go.mod
index baba349dc..253387a8e 100644
--- a/go.mod
+++ b/go.mod
@@ -144,7 +144,6 @@ require (
 	golang.org/x/time v0.7.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.32.2 // indirect
 	k8s.io/apiserver v0.32.2 // indirect
@@ -168,3 +167,5 @@ exclude (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
 )
+
+replace tags.cncf.io/container-device-interface v1.0.0 => ../container-device-interface
diff --git a/go.sum b/go.sum
index e906275c3..8171b33a2 100644
--- a/go.sum
+++ b/go.sum
@@ -545,7 +545,6 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWM
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
@@ -578,7 +577,5 @@ sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aN
 sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
-tags.cncf.io/container-device-interface v1.0.0 h1:fbwPQiWZNpXUb9Os6t6JW52rsOppTFUbeJOpNtN1TmI=
-tags.cncf.io/container-device-interface v1.0.0/go.mod h1:mmi2aRGmOjK/6NR3TXjLpEIarOJ9qwgZjQ3nTIRwAaA=
 tags.cncf.io/container-device-interface/specs-go v1.0.0 h1:8gLw29hH1ZQP9K1YtAzpvkHCjjyIxHZYzBAvlQ+0vD8=
 tags.cncf.io/container-device-interface/specs-go v1.0.0/go.mod h1:u86hoFWqnh3hWz3esofRFKbI261bUlvUfLKGrDhJkgQ=

And after vendoring:

On branch dependabot/go_modules/tags.cncf.io/container-device-interface-1.0.0
Your branch is up to date with 'upstream/dependabot/go_modules/tags.cncf.io/container-device-interface-1.0.0'.

Changes not staged for commit:
  (use "git add/rm <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
	modified:   go.mod
	modified:   go.sum
	deleted:    vendor/gopkg.in/yaml.v2/.travis.yml
	deleted:    vendor/gopkg.in/yaml.v2/LICENSE
	deleted:    vendor/gopkg.in/yaml.v2/LICENSE.libyaml
	deleted:    vendor/gopkg.in/yaml.v2/NOTICE
	deleted:    vendor/gopkg.in/yaml.v2/README.md
	deleted:    vendor/gopkg.in/yaml.v2/apic.go
	deleted:    vendor/gopkg.in/yaml.v2/decode.go
	deleted:    vendor/gopkg.in/yaml.v2/emitterc.go
	deleted:    vendor/gopkg.in/yaml.v2/encode.go
	deleted:    vendor/gopkg.in/yaml.v2/parserc.go
	deleted:    vendor/gopkg.in/yaml.v2/readerc.go
	deleted:    vendor/gopkg.in/yaml.v2/resolve.go
	deleted:    vendor/gopkg.in/yaml.v2/scannerc.go
	deleted:    vendor/gopkg.in/yaml.v2/sorter.go
	deleted:    vendor/gopkg.in/yaml.v2/writerc.go
	deleted:    vendor/gopkg.in/yaml.v2/yaml.go
	deleted:    vendor/gopkg.in/yaml.v2/yamlh.go
	deleted:    vendor/gopkg.in/yaml.v2/yamlprivateh.go
	modified:   vendor/modules.txt
	modified:   vendor/tags.cncf.io/container-device-interface/pkg/cdi/spec.go

no changes added to commit (use "git add" and/or "git commit -a")

Showing the removal of the vendor/gopkg.in/yaml.v2 dependency.

@elezar
Copy link
Contributor Author

elezar commented Mar 19, 2025

Shall we then tag a v1.0.1 ?

I have created #263 to track the release.

@klihub
Copy link
Contributor

klihub commented Mar 19, 2025

Yes, I think tagging a v1.0.1 is mostly relevant to containerd/main vendoring footprint. There we were to ones forcing in yaml.v2 and this was a bit frowned upon, although not prohibitively much.

@Luap99
Copy link

Luap99 commented Mar 20, 2025

I found this from podman where I also noticed the yaml.v2 causing new bloat. So I would very much appreciate the update to gopkg.in/yaml.v3 as well.

@Luap99 Luap99 mentioned this pull request Mar 20, 2025
Merged
@elezar elezar requested a review from kad March 21, 2025 10:41
@elezar elezar mentioned this pull request Mar 21, 2025
Merged
@klihub klihub merged commit 9d0226a into cncf-tags:main Mar 21, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klihub klihub klihub approved these changes

@bart0sh bart0sh Awaiting requested review from bart0sh

@kad kad Awaiting requested review from kad

Assignees

@elezar elezar

Labels
None yet
Projects
None yet
Milestone
v1.0.1
Development

Successfully merging this pull request may close these issues.
3 participants
@elezar @klihub @Luap99