chore(deps): update module gomodules.xyz/jsonpatch/v2 to v3#1477
chore(deps): update module gomodules.xyz/jsonpatch/v2 to v3#1477red-hat-konflux[bot] wants to merge 1 commit into
Conversation
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
3e2d6fc to
b868929
Compare
b868929 to
f1b7c39
Compare
a71fb29 to
5652a61
Compare
5652a61 to
5cc6803
Compare
703cfed to
4326eae
Compare
4326eae to
a3e0661
Compare
|
🤖 Finished Review · ✅ Success · Started 10:31 PM UTC · Completed 10:39 PM UTC |
ReviewFindingsCritical
Labels: PR is blocked by controller-runtime dependency on jsonpatch/v2 Previous runReviewFindingsCritical
Low
Labels: Bot-generated Go dependency update PR modifying go.mod. |
|
🤖 Finished Retro · ✅ Success · Started 1:34 AM UTC · Completed 1:41 AM UTC |
Retro: PR #1477 — Renovate bot Go module v2→v3 upgrade (autoclosed)Timeline
What went well
Inefficiencies identified (all already tracked)
ProposalsNo new proposals — all identified improvement areas are already covered by existing open issues in fullsend-ai/fullsend. |
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
a3e0661 to
fe7e24d
Compare
|
🤖 Finished Review · ✅ Success · Started 6:04 AM UTC · Completed 6:11 AM UTC |
| golang.org/x/time v0.14.0 // indirect | ||
| golang.org/x/tools v0.44.0 // indirect | ||
| gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect | ||
| gomodules.xyz/jsonpatch/v3 v3.0.1 // indirect |
There was a problem hiding this comment.
[critical] API contract violation
The PR replaces gomodules.xyz/jsonpatch/v2 v2.5.0 with gomodules.xyz/jsonpatch/v3 v3.0.1 in go.mod, but in Go modules v2 and v3 are distinct module paths. Vendored dependencies (sigs.k8s.io/controller-runtime and knative.dev/pkg) still import gomodules.xyz/jsonpatch/v2 (confirmed in vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/webhook.go line 27, vendor/knative.dev/pkg/apis/duck/patch.go line 23, and four other vendored files). vendor/modules.txt at line 816 also records gomodules.xyz/jsonpatch/v2 v2.5.0 as an explicit dependency. Removing v2 from go.mod while these transitive imports still reference v2 will cause a build failure because the v2 import path becomes unresolved. Furthermore, go.sum, vendor/modules.txt, and vendored source files are not updated in this PR.
Suggested fix: The v2 dependency must remain in go.mod as long as transitive dependencies import it. If the intent is to adopt v3, the upstream dependencies (controller-runtime, knative/pkg) must first be updated to versions that import v3. Alternatively, both v2 and v3 can coexist in go.mod if a direct dependency on v3 is actually needed. Run go mod tidy and go mod vendor after any changes to validate consistency.
This PR contains the following updates:
v2.5.0→v3.0.1Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
gomodules/jsonpatch (gomodules.xyz/jsonpatch/v2)
v3.0.1Compare Source
This release uses our forked gomodules/orderedmap library. Our forked version has 2 major changes:
*OrderedMapinstead ofOrderedMapinside nested orderedmaps.v3.0.0Compare Source
This release uses iancoleman/orderedmap to generate predictable patch. This is very useful if the generated patch is checked into a VCS like git.
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.