-
Notifications
You must be signed in to change notification settings - Fork 61
chore(deps): update module gomodules.xyz/jsonpatch/v2 to v3 #1477
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -171,7 +171,7 @@ require ( | |
| golang.org/x/text v0.36.0 // indirect | ||
| golang.org/x/time v0.14.0 // indirect | ||
| golang.org/x/tools v0.44.0 // indirect | ||
| gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect | ||
| gomodules.xyz/jsonpatch/v3 v3.0.1 // indirect | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [low] missing-file-changes The PR only modifies go.mod but does not include corresponding updates to go.sum or the vendor directory. This is a secondary symptom of the root logic error rather than an independent finding. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [critical] API contract violation The PR replaces gomodules.xyz/jsonpatch/v2 v2.5.0 with gomodules.xyz/jsonpatch/v3 v3.0.1 in go.mod, but in Go modules v2 and v3 are distinct module paths. Vendored dependencies (sigs.k8s.io/controller-runtime and knative.dev/pkg) still import gomodules.xyz/jsonpatch/v2 (confirmed in vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/webhook.go line 27, vendor/knative.dev/pkg/apis/duck/patch.go line 23, and four other vendored files). vendor/modules.txt at line 816 also records gomodules.xyz/jsonpatch/v2 v2.5.0 as an explicit dependency. Removing v2 from go.mod while these transitive imports still reference v2 will cause a build failure because the v2 import path becomes unresolved. Furthermore, go.sum, vendor/modules.txt, and vendored source files are not updated in this PR. Suggested fix: The v2 dependency must remain in go.mod as long as transitive dependencies import it. If the intent is to adopt v3, the upstream dependencies (controller-runtime, knative/pkg) must first be updated to versions that import v3. Alternatively, both v2 and v3 can coexist in go.mod if a direct dependency on v3 is actually needed. Run go mod tidy and go mod vendor after any changes to validate consistency. |
||
| google.golang.org/api v0.264.0 // indirect | ||
| google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 // indirect | ||
| google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[critical] logic-error
This PR replaces gomodules.xyz/jsonpatch/v2 with gomodules.xyz/jsonpatch/v3 in go.mod, but in Go modules, v2 and v3 are distinct module paths. The direct dependencies that pull in this indirect dependency -- specifically sigs.k8s.io/controller-runtime v0.22.4 and knative.dev/pkg -- all import gomodules.xyz/jsonpatch/v2, not v3. Replacing v2 with v3 in go.mod removes the v2 module that these dependencies require, which will cause a build failure.
Suggested fix: Do not merge this PR. The gomodules.xyz/jsonpatch/v2 dependency cannot be replaced with v3 until the upstream consumers (controller-runtime, knative.dev/pkg) release versions that import gomodules.xyz/jsonpatch/v3. This is a Renovate/MintMaker bot error. Either close this PR, or if v3 is genuinely needed as an additional dependency, add it alongside v2 rather than replacing v2.