Skip to content

v1.53.1

Choose a tag to compare

View all tags
@erraggy erraggy released this 31 Mar 03:12
· 4 commits to main since this release
Immutable release. Only release title and notes can be modified.
v1.53.1
a6e2307
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🐛 Bug Fix Release: OAS 3.1 Conversion, Overlay JSONPath, and Schema Unmarshaling

This patch release corrects several correctness issues across the converter, overlay JSONPath evaluator, and schema unmarshaling — none of which were user-visible errors (no panics or returned errors), making them particularly important to fix since they produced silently wrong output.

OAS 3.1 Conversion: exclusiveMinimum / exclusiveMaximum Semantics

OAS 2.0 and 3.0 use boolean exclusiveMinimum/exclusiveMaximum paired with a sibling minimum/maximum value. OAS 3.1 changed these to standalone numeric values. When converting to OAS 3.1 targets, oastools was previously copying the boolean flag as-is — producing invalid OAS 3.1 output that validators would reject.

What was wrong: exclusiveMaximum: true with maximum: 5 was passed through unchanged rather than becoming exclusiveMaximum: 5.

What's fixed: The converter now applies correct numeric semantics for OAS 3.1 targets across all schema locations — including nested allOf/anyOf/oneOf, properties, items, $defs, and conditional schemas.

Overlay JSONPath Evaluator

Three edge cases in the JSONPath-based overlay evaluator were producing incorrect results:

  • Array element removal (Remove action): Array elements were being nil-padded rather than spliced out of the slice, leaving null entries in the document
  • Recursive descent ($..field): Remove and Modify operations on recursively-matched paths were not being applied
  • Root path $ with Modify: In-place map mutation at the root path was not supported

Schema Unmarshaling

Two schema round-trip correctness fixes in the parser:

  • Items / AdditionalProperties field promotion: When unmarshaling a schema that was previously marshaled, map[string]any typed fields were not being promoted back to *Schema, causing downstream type assertion failures
  • Empty security: [] marshaling: An operation with an explicitly empty security requirement (security: []) was being omitted during marshaling rather than preserved as an empty array — this distinction matters in OAS (empty array means "no auth required", absent means "inherit from root")

🔒 User Impact

  • No breaking changes to the public Go API or CLI behavior
  • No public API additions — all changes are internal correctness fixes
  • Upgrade recommended if you convert OAS 2.0/3.0 → 3.1 with numeric range validation, apply overlay Remove actions to arrays, or rely on schema round-trip fidelity
  • Full backward compatibility with v1.53.0

📊 Quality Metrics

  • ✅ All tests passing (8,560+ unit tests across 27 packages)
  • ✅ Zero vulnerabilities (govulncheck clean)
  • ✅ All CI benchmarks passing with no regressions
  • ✅ Documentation verified accurate

🐛 Issues Resolved

  • #349 — Empty operation security: [] not preserved in marshaled output
  • #358 — OAS 3.1 exclusiveMaximum/exclusiveMinimum should use numeric semantics

🙏 Special Thanks

Thank you to @robertgrimm for filing issue #349 and providing a clear description of the security: [] marshaling problem — that kind of precise bug report makes fixes much easier to target.

What's Changed

Other Changes

  • Fix overlay, jsonpath, schema unmarshaling, and converter bugs by @erraggy in #359
  • fix(converter): convert exclusiveMaximum/exclusiveMinimum to numeric semantics for OAS 3.1 targets by @erraggy in #360
  • chore: prepare v1.53.1 release by @erraggy in #361

Full Changelog: v1.53.0...v1.53.1

Contributors

erraggy and robertgrimm
Assets 11
Loading